Malware Analysis Report

2024-10-19 09:03

Sample ID 240316-ld69zaaa39
Target SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
SHA256 dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08
Tags
purelogstealer stealer zgrat persistence rat
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

dcb623cc7f3f21e92e4878c82ce79582fdf6ba1e5e0c76f19097d1496e6c4b08

Threat Level: Known bad

The file SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe was found to be: Known bad.

Malicious Activity Summary

purelogstealer stealer zgrat persistence rat

Detect ZGRat V1

ZGRat

PureLog Stealer payload

Purelogstealer family

PureLog Stealer

Adds Run key to start application

Suspicious use of SetThreadContext

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-03-16 09:26

Signatures

PureLog Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Purelogstealer family

purelogstealer

Analysis: behavioral1

Detonation Overview

Submitted

2024-03-16 09:26

Reported

2024-03-16 09:28

Platform

win7-20231129-en

Max time kernel

149s

Max time network

150s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe"

Signatures

PureLog Stealer

stealer purelogstealer

PureLog Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 firstbaptiststjoe.org udp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 8.8.8.8:53 firstbaptiststjoe.org udp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 44.215.252.154:443 tcp

Files

memory/2248-0-0x0000000001220000-0x000000000129C000-memory.dmp

memory/2248-1-0x0000000073FD0000-0x00000000746BE000-memory.dmp

memory/2248-2-0x00000000049C0000-0x0000000004A00000-memory.dmp

memory/2248-3-0x0000000000260000-0x000000000026A000-memory.dmp

memory/2248-4-0x0000000073FD0000-0x00000000746BE000-memory.dmp

memory/2248-5-0x00000000049C0000-0x0000000004A00000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-03-16 09:26

Reported

2024-03-16 09:28

Platform

win10v2004-20240226-en

Max time kernel

148s

Max time network

156s

Command Line

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe"

Signatures

Detect ZGRat V1

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

PureLog Stealer

stealer purelogstealer

PureLog Stealer payload

Description Indicator Process Target
N/A N/A N/A N/A

ZGRat

rat zgrat

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Ozhvdskglxw = "C:\\Users\\Admin\\AppData\\Roaming\\Ozhvdskglxw.exe" C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ckje = "C:\\Users\\Admin\\AppData\\Roaming\\deebf\\ckje.exe" C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 464 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 4804 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 224 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe
PID 464 wrote to memory of 996 N/A C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

Processes

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe"

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3768 --field-trial-handle=2284,i,15722001240173834669,15048020084704567542,262144 --variations-seed-version /prefetch:8

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Program.Unwanted.4610.15239.20339.exe

Network

Country Destination Domain Proto
US 8.8.8.8:53 183.142.211.20.in-addr.arpa udp
US 8.8.8.8:53 g.bing.com udp
US 204.79.197.200:443 g.bing.com tcp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 200.197.79.204.in-addr.arpa udp
US 8.8.8.8:53 firstbaptiststjoe.org udp
US 44.215.252.154:443 firstbaptiststjoe.org tcp
US 8.8.8.8:53 154.252.215.44.in-addr.arpa udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
US 8.8.8.8:53 chromewebstore.googleapis.com udp
GB 142.250.179.234:443 chromewebstore.googleapis.com tcp
US 8.8.8.8:53 234.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 86.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 18.31.95.13.in-addr.arpa udp
US 8.8.8.8:53 217.135.221.88.in-addr.arpa udp
US 8.8.8.8:53 48.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 26.178.89.13.in-addr.arpa udp
US 8.8.8.8:53 205.47.74.20.in-addr.arpa udp

Files

memory/464-0-0x00000000744E0000-0x0000000074C90000-memory.dmp

memory/464-1-0x0000000000C60000-0x0000000000CDC000-memory.dmp

memory/464-2-0x00000000057B0000-0x00000000057C0000-memory.dmp

memory/464-3-0x0000000003040000-0x000000000304A000-memory.dmp

memory/464-4-0x0000000006180000-0x0000000006406000-memory.dmp

memory/464-5-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-6-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-8-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-10-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-12-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-14-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-16-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-18-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-20-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-22-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-24-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-26-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-28-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-30-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-32-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-34-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-36-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-38-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-40-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-42-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-44-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-46-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-48-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-50-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-52-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-54-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-56-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-58-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-60-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-62-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-64-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-66-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-68-0x0000000006180000-0x0000000006400000-memory.dmp

memory/464-901-0x00000000744E0000-0x0000000074C90000-memory.dmp

memory/464-1070-0x00000000057B0000-0x00000000057C0000-memory.dmp

memory/464-4783-0x0000000000DC0000-0x0000000000DC1000-memory.dmp

memory/464-4784-0x00000000014E0000-0x00000000015AE000-memory.dmp

memory/464-4785-0x0000000001470000-0x00000000014BC000-memory.dmp

memory/464-4786-0x0000000006440000-0x00000000064D2000-memory.dmp

memory/464-4787-0x0000000007D90000-0x0000000008334000-memory.dmp

memory/464-4788-0x0000000002F90000-0x0000000002FF6000-memory.dmp

memory/996-4791-0x0000000000400000-0x00000000004A8000-memory.dmp

memory/996-4792-0x00000000744E0000-0x0000000074C90000-memory.dmp

memory/996-4793-0x00000000053B0000-0x00000000053C0000-memory.dmp

memory/996-4794-0x00000000051D0000-0x0000000005294000-memory.dmp

memory/464-4799-0x00000000744E0000-0x0000000074C90000-memory.dmp

memory/996-5645-0x00000000052C0000-0x00000000052C1000-memory.dmp

memory/996-5646-0x0000000005350000-0x00000000053A6000-memory.dmp

memory/996-5648-0x0000000005700000-0x000000000570A000-memory.dmp

memory/996-5649-0x00000000744E0000-0x0000000074C90000-memory.dmp