Malware Analysis Report

2024-10-16 03:28

Sample ID 211123-rmx1jsacfn
Target 27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample
SHA256 27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4
Tags
avoslocker ransomware
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4

Threat Level: Known bad

The file 27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample was found to be: Known bad.

Malicious Activity Summary

avoslocker ransomware

Avoslocker Ransomware

Modifies extensions of user files

Drops file in System32 directory

Checks processor information in registry

Enumerates system info in registry

Modifies data under HKEY_USERS

Suspicious use of SetWindowsHookEx

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2021-11-23 14:19

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2021-11-23 14:19

Reported

2021-11-23 14:21

Platform

win7-en-20211104

Max time kernel

117s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe"

Signatures

Avoslocker Ransomware

ransomware avoslocker

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\AddMount.raw => C:\Users\Admin\Pictures\AddMount.raw.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
File renamed C:\Users\Admin\Pictures\DisableClear.png => C:\Users\Admin\Pictures\DisableClear.png.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
File renamed C:\Users\Admin\Pictures\InvokeSet.png => C:\Users\Admin\Pictures\InvokeSet.png.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
File renamed C:\Users\Admin\Pictures\UnblockSelect.raw => C:\Users\Admin\Pictures\UnblockSelect.raw.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe

"C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe"

Network

N/A

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2021-11-23 14:19

Reported

2021-11-23 14:21

Platform

win10-en-20211014

Max time kernel

134s

Max time network

140s

Command Line

"C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe"

Signatures

Avoslocker Ransomware

ransomware avoslocker

Modifies extensions of user files

ransomware
Description Indicator Process Target
File renamed C:\Users\Admin\Pictures\ConnectDeny.tif => C:\Users\Admin\Pictures\ConnectDeny.tif.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
File renamed C:\Users\Admin\Pictures\RegisterUnblock.png => C:\Users\Admin\Pictures\RegisterUnblock.png.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
File renamed C:\Users\Admin\Pictures\ResolveSync.png => C:\Users\Admin\Pictures\ResolveSync.png.avos C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\counters2.dat C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-wal C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
File opened for modification C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Office\OTele\officeclicktorun.exe.db-shm C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Checks processor information in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key opened \REGISTRY\MACHINE\Hardware\Description\System\BIOS C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\Expires = "int64_t|1634514746" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\OnDemandInterfaceCache C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\ExternalFeatureOverrides\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSCategoriesSeverities = "1329 10,1329 50,941 10,1329 15,941 15,941 6,1329 100,1329 6" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935} C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceId = "001840053DBD191D" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\TrustCenter\Experimentation C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\16\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\all\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Property\001840053DBD191D = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000be5702db2abf3e40a6d5e01f6819a2f500000000020000000000106600000001000020000000d077d6a995ec2ddc328988a740d0c040635178e48de6b94fb16a81e66ca528e8000000000e80000000020000200000009e494bb06f81689f2ea67a305a8859c1c8881a6c06fa27962db5a367603d0a3d80000000a10b6a5a65b4f6be71114b8556d6f41140e83ae82a3fbf569a0be148a90995028b035a13726777e8728ec76fe41a0bf7bb8d62f2af0999c705d06c6ca54fe63f1c4d592a66e774a683611354853b937575e52549e42f631951ce6f79037a61144e7c01bfbd176fa4be0bec55622fbc3b764458b69d963ddb86b68483885c90d94000000016a60aef773e4f37755738ccd5d3d12f29592f0be28f45a16c5daf53b10ca989ba7065b392b1ba0689541c47929e42f9786cfd00d81c93a21b28a31e6a5df1cb C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesLastModified\officeclicktorun.exe_queried = "1634428408" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\officeclicktorun\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\FirstSession\officeclicktorun C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ClientTelemetry\RulesMetadata\officeclicktorun.exe\ULSMonitor\ULSTagIds0 = "5804129,7202269,17110992,41484365,39965824,7153487,17110988,17962391,17962392,3462423,3702920,3700754,3965062,4297094,7153421,18716193,7153435,7202265,20502174,6308191,18407617" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\Common\ClientTelemetry\Volatile\MsaDevice = "t=GwAWAbuEBAAUTtlZ6S5DAUSlRrmXzKeUMjH15hsOZgAAEM7/Hnh/kWM8wF2lThETH5PgAJCXg98o3e4Pfvqwnxtf14nexSom2eRktEeSIoxvYGm/EkgkOeLb3Z+JhceAC59O3TpZGxbXgZkXkZSb1OmL/rLm1NWSTm8ujUu0RIqRFQ06cjIhFEglq96hOrfkFrlEUfqbBw8XuxPWm7/ac2eL3ng6HaufNLXl0miGb94G2H6JWI8S3401Pqipne5OhlQocmCZGUwMp5QgWoXzAOGrw5NZBZHjJ8Pdr3YE02aWqbggiCjde0hqBDm8V7RogH4GX8DqZyrsLJrYKCrmKaHMQaohxBbV0CXy5qn+9jlfC0bDGwE=&p=" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (data) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\DeviceTicket = 0100000001000000d08c9ddf0115d1118c7a00c04fc297eb01000000be5702db2abf3e40a6d5e01f6819a2f500000000020000000000106600000001000020000000f7714763a52420542caacf8e0cd6be148b37fd5a131b9bf2041a085fe9b38126000000000e80000000020000200000001dedf000744f68cc7ced001b41d5f6bd8cd83dd9b59adf575db7c4b88db37828f003000013957e1710ed26a41995e10180942dd73b28458b7035355a6db5d02b5cc493adaa5d2c64bb5ef6b24bd92510d8c2d4f0347d553c2b0c71a6cb0e5eb0613209fa04dd8a469dd867298ebbcc80f832e801be0514192254b537f1ec2f032f06475f7176b4ba5c7043a5987449df5240e3a42b3fc362459d0413002e17d136ec76438e4568f5a76494ce547674df6f92b1d40fccc4a1e83ca132484c7ec0e2275c84229e6dd1282c8d2a5efd7ddcaa4502dde96d119432630b9ea8dbcd27935b77a96df80c6c9247e643536272f659f33eae057d9dd1f92820a71d001aefde59bf65bde3e985911a90e51e6d5a8ab8a68e093103501801b10040a6e203c13e844cc310af2f33379097d92728e49d89175cc823828b597500a84e44306e13c37372a7c6f50cd024caa24e1cbaba62b5c6fbc103f10dfaa3df20bc078f21f7ea9622df0371e1ab7d006b4ac3e0acf76ac43506bd3334f563e7422617dc84dcc8a487ae3733a0fb45593efe0c028ce2cde7ec67f33ed74f493846afaf44c34d35a8dd0993c0af1302becb2d200c99ed2a501e5c80cd9d6a9293aac836b3b252b21e030b2c4097019a52771f121d3339c8ba5366e8dfd4e50437b28db7b2cdfa759059afb4ff7f79dd8916fe64237c1eafb84f8325693840ca387044cf302791a64a155126619afa1c803f9d273208fe2ed2df1783e0c88e093db21285a892349edd1fef1c7e1dc804c171ec036cd1c52423c762d28b712995124e3a7611c89db52ce120df539ca2c2cc30bc447a379f29fb9cdee1862c45888f234ac114faf0aa077235783e602606663b13e296f0667bd7ae89b10fac746572cf9cf6394191e85834cf355ae7220ff24ec4bbdbd12ad912f1468b597e397a5b54c9c633fdbcf95cb08cf8716b95d48fb8846569fba69c4e9744b63aa4a5f56b7733e718097b8f9593592378edee18ae860931f178565c0464c8cbd51e14b5438899ae17fc68ad56ef59dbc6f8738a3c73518bd6c7ecf2140f89fe3032c8d3f492cb15fb0b10c8c550f3bb1dc63c0ccf3776d8693ae7bd0ead3e433767aba1db6017d257552f8eee331702a6fab99f508aeb307e31630d1fc170030f82be80e488a8600afeb7b80b77a4c264c3ab0e0becaa063903081a331740ba5e95ee17e55df399392f2495db197ddc1b2d777d9bc6ce28807015984b4810ddcb0ef0d4fa94a6ca315fe742f39585ed26e13cbb572eeebe09fa4b63d783c3db6dd550352b1ebcbf11315c17615726a7be68d2553b480bea5b6792e0c1f8d8c94fe4ca282e642f5ac455da26ba1f14021762c38705c9852f9dc3b76394332c450be4760b714b33f3ce11ce499289b82715d0b1a749eed09da20e2d4da25fa271d46ac6d03993daac707c13bdbfa1b4607e508b4f32b088ee6b833393737fa6400000002041f864f60d57fa5e497af1fe0174697f73f74c5aa1e8de16ffc2069b30a0b02ad6dc8368eecffdc82430e29ae65203104a94c431f602596f2e2fc3c030a223 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentConfigs\Ecs\officeclicktorun\ConfigContextData C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguages\en-US = "2" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\IdentityCRL\Immersive\production\Token\{2B379600-B42B-4FE9-A59C-A312FB934935}\ApplicationFlags = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Office\16.0\Common\ExperimentEcs\Overrides C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A
Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe

"C:\Users\Admin\AppData\Local\Temp\27cd3e759ec4858adaea63050ad1fc22e4850c1e157d88c0943c2589fa39b5a4.bin.sample.exe"

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe

"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

Network

Country Destination Domain Proto
IE 52.109.76.32:443 tcp
US 8.8.8.8:53 time.windows.com udp
NL 40.119.148.38:123 time.windows.com udp

Files

N/A