nitind
commented
6 months ago We don't provide a "SpringToolSuite4.exe."
Closed dagomezitccomco closed 6 months ago
nitind
commented
6 months ago We don't provide a "SpringToolSuite4.exe."
When installing the library immediately, SOPHOS INTERCEPT X ENDPOINT detects Ransomware in the library (attached image of the alert in Sophos) below is the complete description reported by Sophos:
Ransomware: uid: {"type":3,"data":"i3R1eXe+V+G6s1bcVaD0yA=="} family_id: a916a54f-a13f-e677-77a2-ef024c482890 process_alias_path: $personal\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe process_name: SpringToolSuite4.exe thumbprint: 802581b6bd6309a27574b72a3a79661836d8be4628c313e89a5a054f7893de5b details: Mitigation CryptoGuard V5 Policy CryptoGuard Timestamp 2024-02-06T17:45:26 Platform 10.0.19045/x64 v2325 06_3d- PID 10180 Enabled 08FD2E3040000004 Silent 0080000000000000 Application C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe Created 2023-07-24T20:32:38 Modified 2023-07-24T20:32:38 Description SpringToolSuite4.exe Filename C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe Detection Generic.Ransom.N 1C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\rootfiles\notice.html Created L0, Write T9216 H9013|^91700|^b10224 #1 (closed) 2 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\rootfiles\epl-v10.html Created L0, Write T15872 H15551|^148627|^b22230 #3 (closed) 3 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\rootfiles\about.html Created L0, Write T1536 H1434|^13762|^b2018 #5 (closed) 4 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\META-INF\maven\org.eclipse.emf.cdo.features\org.eclipse.emf.cdo.ecore.dependencies\pom.properties Created L0, Write T512 H110|^1450|^b259 #6 5 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\META-INF\maven\org.eclipse.emf.cdo.features\org.eclipse.emf.cdo.ecore.dependencies\pom.xml Created L0, Write T1536 H1144|^9899|^b1464 #7 (closed) 6 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source1.0.4.v20231122-0952\META-INF\ECLIPSE.RSA Created L0, Write T9728 H9554|^9253|^b4566 #8 (closed) 7 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source1.0.4.v20231122-0952\META-INF\ECLIPSE.SF Created L0, Write T1536 H1345|^5033|^b581 #9 (closed) 8 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\META-INF\MANIFEST.MF Created L0, Write T1536 H1197|^4578|^b530 #10 (closed) 9 C:\Users\SGALINDO\AppData\Local\Temp\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-095215228176525330577839.jar Opened L33300, Read T24576|72% H24576|^366|^b6626 #11 (closed) 10 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile238208424878874101.jar Opened, Deleted L33300 #12 (closed),r14 11 C:\Users\SGALINDO\AppData\Local\Temp\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-095215228176525330577839.jar Overwritten L0, Write T33792 H32768|^4793|^b17015 #13 (closed) 12 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile238208424878874101.jar Opened L33300, Read T33792|100% H32768|^4793|^b17015 #14 (closed) 13 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile238208424878874101.jar Opened L33300, Read T32256|95% H31897|^2407|^b16802 #15 (closed) 14 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile6770714032998779662.jar Overwritten L0, Write T24576 H24576|^4177|^b12289 #16 (closed) 15 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile6770714032998779662.jar Created L0 #17 (closed) 16 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile238208424878874101.jar Overwritten L0, Write T33792 H32768|^4793|^b17015 #18 (closed) 22C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\license.html Created L0, Write T9216 H9013|^91700|^b10224 #25 (closed) 25C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\rootfiles\notice.html Created L0, Write T9216 H9013|^91700|^b10224 #30 (closed) 57C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.doc_4.3.10.v20231209-2009\license.html Created L0, Write T9216 H9013|^91700|^b10224 #63 (closed) 60C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.doc_4.3.10.v20231209-2009\rootfiles\notice.html Created L0, Write T9216 H9013|^91700|^b10224 #66 (closed) 86C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.compare.source_4.10.4.v20231122-1107\license.html Created L0, Write T9216 H9013|^91700|^b10224 #92 (closed) 89C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.compare.source_4.10.4.v20231122-1107\rootfiles\notice.html Created L0, Write T9216 H9013|^91700|^b10224 #95 (closed) 103C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.compare_4.10.4.v20231122-1107\license.html Created L0, Write T9216 H9013|^91700|^b10224 #109 (moved) Process Trace 1 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 2 C:\Windows\explorer.exe [16040] Dropped Files 1 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\about.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 2 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\rootfiles\notice.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] Read by [4] 3 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\rootfiles\epl-v10.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] Read by [4] 4 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\rootfiles\about.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 5 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\META-INF\maven\org.eclipse.emf.cdo.features\org.eclipse.emf.cdo.ecore.dependencies\pom.properties Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 6 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\META-INF\maven\org.eclipse.emf.cdo.features\org.eclipse.emf.cdo.ecore.dependencies\pom.xml Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 7 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source1.0.4.v20231122-0952\META-INF\ECLIPSE.RSA Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 8 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source1.0.4.v20231122-0952\META-INF\ECLIPSE.SF Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 9 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-0952\META-INF\MANIFEST.MF Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 10 C:\Users\SGALINDO\AppData\Local\Temp\org.eclipse.emf.cdo.ecore.dependencies.source_1.0.4.v20231122-095215228176525330577839.jar Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] Read by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 11 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile6770714032998779662.jar Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 12 C:\Users\SGALINDO\AppData\Local\Temp\signatureFile238208424878874101.jar Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 13 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\artifacts.xml Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 14 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\feature.properties Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 15 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\feature.xml Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 16 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\license.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 17 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\epl-v10.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] Read by [4] 18 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\about.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] 19 C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\features\org.eclipse.emf.cdo.ecore.dependencies_1.0.4.v20231122-0952\rootfiles\notice.html Dropped by C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe [10180] Thumbprint 802581b6bd6309a27574b72a3a79661836d8be4628c313e89a5a054f7893de5b Digital signature certificate process based thumbprint d59ec0894ce72993c3367a05b13ec90decf0afbc44ca4ce06ec7bebebe4e2182 Cryptoguard folder based thumbprint (level 1) 09d884813aef0d42ae9d9f67adef9a17cab6b21269c903669de5807bba795a39 Cryptoguard folder based thumbprint (level 2) 95bb2a5aaa64a248ca618477bd75be33ebb414b2932bef0ff808be8d66724f69 Cryptoguard algorithm based thumbprint 3812ae308b093c072b7ceb2f7a60be7425a00e0075a1cc18f47bf759bd2bf0e6 Cryptoguard attacked files thumbprint 4c7f9778e8eef724cd9d4c75547839687619db36bfc32f9f3352094a4d1cbb53 process_path: C:\Users\SGALINDO\Documents\ITC\PROGRAMS\ECLIPSE\STS\SpringToolSuite4.exe type: CryptoGuard process_pid: 10180 version: 3.9.1.2325
a