Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
31-07-2022 14:37
Static task
static1
Behavioral task
behavioral1
Sample
GUM.exe
Resource
win7-20220718-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
GUM.exe
Resource
win10v2004-20220721-en
windows10-2004-x64
14 signatures
150 seconds
General
-
Target
GUM.exe
-
Size
172KB
-
MD5
81912e3dd162ce7c96114a84d0d58b29
-
SHA1
2def8b1c48c9e550f57c9dab915c5232a7113d57
-
SHA256
f91cf396d6cc0e3803aa25fd0770e9a252196ae616e032e4880668c8ded74dc0
-
SHA512
893b3c4483d0a307cad24c73fce27bc4e02438439fc5b07d596146bdb92767e53e60642ff6264ce80891b10c0a7f2a3f5b397560a47ee6e1244d6e5e9a80f341
Score
10/10
Malware Config
Signatures
-
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" GUM.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify = "0" GUM.exe -
Adds policy Run key to start application 2 TTPs 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run iexplore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\run\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4 = "C:\\Users\\Admin\\AppData\\Roaming\\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4\\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4.exe" iexplore.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Security Center\UACDisableNotify = "0" GUM.exe -
Adds Run key to start application 2 TTPs 4 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\Software\Microsoft\Windows\CurrentVersion\Run\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4 = "C:\\Users\\Admin\\AppData\\Roaming\\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4\\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4.exe" iexplore.exe Key created \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run iexplore.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4 = "C:\\Users\\Admin\\AppData\\Roaming\\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4\\Y1F5W2I0-W6V4-G5S1-T8J1-U5Y8L0K337W4.exe" iexplore.exe Key created \REGISTRY\USER\S-1-5-21-3762437355-3468409815-1164039494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run iexplore.exe -
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" GUM.exe -
Suspicious use of SetThreadContext 50 IoCs
description pid Process procid_target PID 1728 set thread context of 600 1728 GUM.exe 28 PID 1728 set thread context of 1652 1728 GUM.exe 29 PID 1728 set thread context of 240 1728 GUM.exe 30 PID 1728 set thread context of 2020 1728 GUM.exe 31 PID 1728 set thread context of 2016 1728 GUM.exe 32 PID 1728 set thread context of 1720 1728 GUM.exe 33 PID 1728 set thread context of 1988 1728 GUM.exe 34 PID 1728 set thread context of 2004 1728 GUM.exe 35 PID 1728 set thread context of 1780 1728 GUM.exe 36 PID 1728 set thread context of 1952 1728 GUM.exe 37 PID 1728 set thread context of 900 1728 GUM.exe 38 PID 1728 set thread context of 1212 1728 GUM.exe 39 PID 1728 set thread context of 1028 1728 GUM.exe 40 PID 1728 set thread context of 688 1728 GUM.exe 41 PID 1728 set thread context of 628 1728 GUM.exe 42 PID 1728 set thread context of 1824 1728 GUM.exe 43 PID 1728 set thread context of 868 1728 GUM.exe 44 PID 1728 set thread context of 1172 1728 GUM.exe 45 PID 1728 set thread context of 696 1728 GUM.exe 46 PID 1728 set thread context of 852 1728 GUM.exe 47 PID 1728 set thread context of 1000 1728 GUM.exe 48 PID 1728 set thread context of 1604 1728 GUM.exe 49 PID 1728 set thread context of 972 1728 GUM.exe 50 PID 1728 set thread context of 1940 1728 GUM.exe 51 PID 1728 set thread context of 580 1728 GUM.exe 52 PID 1728 set thread context of 1704 1728 GUM.exe 53 PID 1728 set thread context of 820 1728 GUM.exe 54 PID 1728 set thread context of 396 1728 GUM.exe 55 PID 1728 set thread context of 1348 1728 GUM.exe 56 PID 1728 set thread context of 1576 1728 GUM.exe 57 PID 1728 set thread context of 1924 1728 GUM.exe 58 PID 1728 set thread context of 1904 1728 GUM.exe 59 PID 1728 set thread context of 1628 1728 GUM.exe 60 PID 1728 set thread context of 928 1728 GUM.exe 61 PID 1728 set thread context of 1724 1728 GUM.exe 62 PID 1728 set thread context of 1696 1728 GUM.exe 63 PID 1728 set thread context of 1352 1728 GUM.exe 64 PID 1728 set thread context of 1756 1728 GUM.exe 65 PID 1728 set thread context of 1684 1728 GUM.exe 66 PID 1728 set thread context of 1472 1728 GUM.exe 67 PID 1728 set thread context of 296 1728 GUM.exe 68 PID 1728 set thread context of 952 1728 GUM.exe 69 PID 1728 set thread context of 1736 1728 GUM.exe 70 PID 1728 set thread context of 1616 1728 GUM.exe 71 PID 1728 set thread context of 1112 1728 GUM.exe 72 PID 1728 set thread context of 1280 1728 GUM.exe 73 PID 1728 set thread context of 556 1728 GUM.exe 74 PID 1728 set thread context of 2000 1728 GUM.exe 75 PID 1728 set thread context of 1968 1728 GUM.exe 76 PID 1728 set thread context of 1876 1728 GUM.exe 77 -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe 1728 GUM.exe -
Suspicious use of AdjustPrivilegeToken 39 IoCs
description pid Process Token: SeDebugPrivilege 1652 iexplore.exe Token: SeDebugPrivilege 240 iexplore.exe Token: SeDebugPrivilege 1720 iexplore.exe Token: SeDebugPrivilege 1988 iexplore.exe Token: SeDebugPrivilege 2004 iexplore.exe Token: SeDebugPrivilege 1780 iexplore.exe Token: SeDebugPrivilege 1952 iexplore.exe Token: SeDebugPrivilege 900 iexplore.exe Token: SeDebugPrivilege 1212 iexplore.exe Token: SeDebugPrivilege 1028 iexplore.exe Token: SeDebugPrivilege 688 iexplore.exe Token: SeDebugPrivilege 628 iexplore.exe Token: SeDebugPrivilege 868 iexplore.exe Token: SeDebugPrivilege 1172 iexplore.exe Token: SeDebugPrivilege 696 iexplore.exe Token: SeDebugPrivilege 852 iexplore.exe Token: SeDebugPrivilege 1000 iexplore.exe Token: SeDebugPrivilege 972 iexplore.exe Token: SeDebugPrivilege 580 iexplore.exe Token: SeDebugPrivilege 820 iexplore.exe Token: SeDebugPrivilege 396 iexplore.exe Token: SeDebugPrivilege 1348 iexplore.exe Token: SeDebugPrivilege 1576 iexplore.exe Token: SeDebugPrivilege 1924 iexplore.exe Token: SeDebugPrivilege 1904 iexplore.exe Token: SeDebugPrivilege 1628 iexplore.exe Token: SeDebugPrivilege 928 iexplore.exe Token: SeDebugPrivilege 1724 iexplore.exe Token: SeDebugPrivilege 1696 iexplore.exe Token: SeDebugPrivilege 1352 iexplore.exe Token: SeDebugPrivilege 1756 iexplore.exe Token: SeDebugPrivilege 1684 iexplore.exe Token: SeDebugPrivilege 1472 iexplore.exe Token: SeDebugPrivilege 952 iexplore.exe Token: SeDebugPrivilege 1736 iexplore.exe Token: SeDebugPrivilege 1616 iexplore.exe Token: SeDebugPrivilege 1280 iexplore.exe Token: SeDebugPrivilege 1968 iexplore.exe Token: SeDebugPrivilege 1876 iexplore.exe -
Suspicious use of SetWindowsHookEx 40 IoCs
pid Process 1728 GUM.exe 240 iexplore.exe 1652 iexplore.exe 1720 iexplore.exe 1988 iexplore.exe 2004 iexplore.exe 1780 iexplore.exe 1952 iexplore.exe 900 iexplore.exe 1212 iexplore.exe 1028 iexplore.exe 688 iexplore.exe 628 iexplore.exe 868 iexplore.exe 1172 iexplore.exe 696 iexplore.exe 852 iexplore.exe 1000 iexplore.exe 972 iexplore.exe 580 iexplore.exe 820 iexplore.exe 396 iexplore.exe 1348 iexplore.exe 1576 iexplore.exe 1924 iexplore.exe 1904 iexplore.exe 1628 iexplore.exe 928 iexplore.exe 1724 iexplore.exe 1696 iexplore.exe 1352 iexplore.exe 1756 iexplore.exe 1684 iexplore.exe 1472 iexplore.exe 952 iexplore.exe 1736 iexplore.exe 1616 iexplore.exe 1280 iexplore.exe 1968 iexplore.exe 1876 iexplore.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 600 1728 GUM.exe 28 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 1652 1728 GUM.exe 29 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 240 1728 GUM.exe 30 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2020 1728 GUM.exe 31 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 2016 1728 GUM.exe 32 PID 1728 wrote to memory of 1720 1728 GUM.exe 33 PID 1728 wrote to memory of 1720 1728 GUM.exe 33 PID 1728 wrote to memory of 1720 1728 GUM.exe 33 PID 1728 wrote to memory of 1720 1728 GUM.exe 33 -
System policy modification 1 TTPs 1 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" GUM.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\GUM.exe"C:\Users\Admin\AppData\Local\Temp\GUM.exe"1⤵
- UAC bypass
- Windows security bypass
- Windows security modification
- Checks whether UAC is enabled
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
- System policy modification
PID:1728 -
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:600
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1652
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Adds policy Run key to start application
- Adds Run key to start application
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:240
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:2020
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:2016
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1720
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1988
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2004
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1780
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1952
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:900
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1212
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1028
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:688
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:628
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:1824
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:868
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1172
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:696
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:852
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1000
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:1604
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:972
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:1940
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:580
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:1704
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:820
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:396
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1348
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1576
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1924
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1904
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1628
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:928
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1724
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1696
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1352
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1756
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1684
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1472
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:296
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:952
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1736
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1616
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:1112
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1280
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:556
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵PID:2000
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1968
-
-
C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Admin\AppData\Local\Temp\GUM.exe2⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1876
-