MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Floxif


Vendor detections: 19


Intelligence 19 IOCs YARA 19 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
SHA3-384 hash: e53c4cce314dc3c1ab0a4b1f1117598272dd1e40d4f7c957d669866bd83c5075ba90182a4fb8fc7b4f6788b90d39a90e
SHA1 hash: f4e1d1289b97ca9312b082eff9a010fbab0dd7ff
MD5 hash: 7de41ea51e2c5a4db90dd1dd5658c4bd
humanhash: johnny-blossom-crazy-salami
File name:CCSetup.exe
Download: download sample
Signature Floxif
Create hunting rule
File size:3'685'607 bytes
First seen:2025-06-19 19:16:43 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4de8ff83d82218e2af0f4f03d788686b (1 x Floxif)
ssdeep 98304:74Q9ABr1+Ox4P5kav/XU0ABkULJMFhn0CmCTM:grk5kk/X4kU6FLmiM
Threatray 20 similar samples on MalwareBazaar
TLSH T16906DF03BA82913EE1B202311C2F9D6496A67D775A355157B2A0FE1C2FF8582BC27F17
TrID 32.2% (.EXE) Win64 Executable (generic) (10522/11/4)
20.1% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2)
15.4% (.EXE) Win16 NE executable (generic) (5038/12/1)
13.7% (.EXE) Win32 Executable (generic) (4504/4/1)
6.2% (.EXE) OS/2 Executable (generic) (2029/13)
Magika pebin
dhash icon f0f8ce47c58e96f8 (1 x Floxif)
Reporter malwareanalayser
Tags:exe Floxif Virus


Avatar
t11059
Combo Cleaner that got infected by Floxif

Intelligence

File Origin
# of uploads :
1
# of downloads :
603
Origin country :
US US
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
CCSetup.exe
Verdict:
Malicious activity
Analysis date:
2025-06-19 18:17:56 UTC
Tags:
loader upx auto-reg
Link:
https://app.any.run/tasks/f9d982a3-dcc4-4a47-b4df-b02860a572a0

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
FloodFix
Create hunting rule
Link:
https://www.capesandbox.com/analysis/10237/
Detection(s):
Win.Virus.Pioneer-9111434-0
Create hunting rule

MiscreantPunch.SingleXOR.EXE.197.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Score:
99.9%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6854624ac0425dfc161b1a68
Tags:
vmdetect dropper floxif trojan
Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file
Creating a file in the %temp% subdirectories
Creating a file in the Program Files subdirectories
Creating a process from a recently created file
Replacing executable files
Creating a window
DNS request
Connection attempt
Sending a custom TCP request
Sending an HTTP GET request
Searching for synchronization primitives
Running batch commands
Creating a process with a hidden window
Launching a process
Using the Windows Management Instrumentation requests
Delayed writing of the file
Сreating synchronization primitives
Searching for the window
Creating a file in the mass storage device
Infecting executable files
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
adaptive-context anti-debug base64 fingerprint lolbin microsoft_visual_cc msiexec obfuscated overlay overlay packed packed runonce xor-pe
Link:
https://www.filescan.io/uploads/6854624bf8f8abe4f8b70949/reports/1289380d-db1b-4d58-b4fc-473f762bd044/overview
Verdict:
Malicious
Labled as:
Virus.Floxif
Link:
https://www.hybrid-analysis.com/sample/99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
Malware family:
Floxif
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/64acc048-8eb0-42ce-b96c-3f6457b7bc9f
Result
Threat name:
FloodFix
Create hunting rule
Detection:
malicious
Classification:
rans.spre.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/1718882
Signature
Antivirus / Scanner detection for submitted sample
Creates a FSFilter Anti-Virus service
Creates an autostart registry key pointing to binary in C:\Windows
Creates files in the system32 config directory
Creates multiple autostart registry keys
Infects executable files (exe, dll, sys, html)
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
PE file has a writeable .text section
Queries sensitive USB information (via WMI, WIN32_USBHUB, often done to detect sandboxes)
Sample is not signed and drops a device driver
Suricata IDS alerts for network traffic
Writes many files with high entropy
Writes or reads registry keys via WMI
Yara detected FloodFix
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1718882 Sample: CCSetup.exe Startdate: 19/06/2025 Architecture: WINDOWS Score: 100 121 www.aieov.com 2->121 123 sslupdates.combocleaner.com 2->123 125 9 other IPs or domains 2->125 137 Suricata IDS alerts for network traffic 2->137 139 Malicious sample detected (through community Yara rule) 2->139 141 Antivirus / Scanner detection for submitted sample 2->141 143 6 other signatures 2->143 10 ComboCleaner.Guard.exe 2->10         started        15 CCSetup.exe 1 113 2->15         started        17 msiexec.exe 2->17         started        19 ComboCleaner.WinService.exe 2->19         started        signatures3 process4 dnsIp5 129 in1-gw2-05-3d6c3051.eastus2.cloudapp.azure.com 4.153.25.145, 443, 49707, 49708 LEVEL3US United States 10->129 131 127.0.0.1 unknown unknown 10->131 103 C:\Program Files (x86)\...\emalware.150.gzip, gzip 10->103 dropped 115 224 other malicious files 10->115 dropped 153 Creates files in the system32 config directory 10->153 133 www.aieov.com 13.248.169.48, 49696, 49700, 49703 AMAZON-02US United States 15->133 105 C:\Users\user\AppData\Local\...\CCSetup.exe, PE32 15->105 dropped 107 C:\Program Files\Common Files\...\symsrv.dll, PE32 15->107 dropped 117 175 other files (none is malicious) 15->117 dropped 155 Infects executable files (exe, dll, sys, html) 15->155 21 CCSetup.exe 27 109 15->21         started        109 C:\Program Files (x86)\...\trufos.sys, PE32+ 17->109 dropped 111 C:\Program Files (x86)\...\gzflt.sys, PE32+ 17->111 dropped 113 C:\Program Files (x86)\...\bddci.sys, PE32+ 17->113 dropped 119 63 other files (2 malicious) 17->119 dropped 157 Sample is not signed and drops a device driver 17->157 26 msiexec.exe 17->26         started        28 msiexec.exe 17->28         started        135 elb-nvi-gcp.nimbus.bitdefender.net 34.117.254.173, 443, 49712 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG United States 19->135 30 cmd.exe 19->30         started        32 cmd.exe 19->32         started        34 cmd.exe 19->34         started        file6 signatures7 process8 dnsIp9 127 services.combocleaner.com 104.25.186.50, 443, 49692, 49693 CLOUDFLARENETUS United States 21->127 95 C:\Users\user\AppData\Local\...\setup.exe, PE32 21->95 dropped 97 C:\Users\user\AppData\...\_isuser_0x0409.dll, PE32 21->97 dropped 99 C:\Users\user\AppData\...\_isres_0x0409.dll, PE32 21->99 dropped 101 8 other files (none is malicious) 21->101 dropped 151 Creates multiple autostart registry keys 21->151 36 rundll32.exe 21->36         started        40 rundll32.exe 21->40         started        42 cmd.exe 21->42         started        52 14 other processes 21->52 44 net.exe 30->44         started        46 conhost.exe 30->46         started        48 net.exe 32->48         started        50 conhost.exe 32->50         started        54 2 other processes 34->54 file10 signatures11 process12 file13 83 C:\Windows\system32\...\gzflt.sys (copy), PE32+ 36->83 dropped 85 C:\Windows\System32\drivers\SETB8F5.tmp, PE32+ 36->85 dropped 145 Creates an autostart registry key pointing to binary in C:\Windows 36->145 147 Creates a FSFilter Anti-Virus service 36->147 56 runonce.exe 36->56         started        87 C:\Windows\system32\...\Trufos.sys (copy), PE32+ 40->87 dropped 89 C:\Windows\System32\drivers\SETCB45.tmp, PE32+ 40->89 dropped 149 Creates multiple autostart registry keys 40->149 58 runonce.exe 40->58         started        60 driverquery.exe 42->60         started        63 conhost.exe 42->63         started        65 net1.exe 44->65         started        67 net1.exe 48->67         started        91 C:\Windows\system32\...\bddci.sys (copy), PE32+ 52->91 dropped 93 C:\Windows\System32\drivers\SETC317.tmp, PE32+ 52->93 dropped 69 runonce.exe 52->69         started        73 2 other processes 52->73 71 net1.exe 54->71         started        signatures14 process15 signatures16 75 grpconv.exe 56->75         started        77 grpconv.exe 58->77         started        159 Writes or reads registry keys via WMI 60->159 79 WmiPrvSE.exe 60->79         started        81 grpconv.exe 69->81         started        process17
Score:
42%
Verdict:
Susipicious
File Type:
PE
Link:
https://malprob.io/report/99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a/
Verdict:
Malicious
Link:
https://tip.neiki.dev/file/99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
Threat name:
Win32.Virus.Floxif
Create hunting rule
Status:
Malicious
First seen:
2025-06-19 18:17:58 UTC
File Type:
PE (Exe)
Extracted files:
17
AV detection:
23 of 24 (95.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=thm3hze4t2xnayk2v5ritirv76ptts24hnzyfvxvcmckn3aelffa._file
Verdict:
malicious
Label(s):
floxif
Create hunting rule
Similar samples:
3407337dea12501ed2d524ed049d69a8e188bcd585f1a4055b60d4369cfc348b
Floxif
344b323928698d9982c7577e5405a1cb587c45f94a0f6745827648381397f255
Floxif
847a38c590090d40f07ba44dd60592cd40fe1d37e5f3b65bd6c980be752faafa
Floxif
99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
Floxif
b2404cffaa791b82c6614cf585a7391f8b2ed0c3c9e65eb703029e770c4ca6b8
Floxif
bfdb06e19260107f468834d5601f7f295ca82b31966be48f856011d9dba1f5b7
Floxif
e3623c2440b692f6b557a862719dc95f41d2e9ad7b560e837d3b59bfe4b8b774
Floxif
error
Floxif
+ 10 additional samples on MalwareBazaar
Result
Malware family:
floxif
Create hunting rule
Score:
  10/10
Tags:
family:floxif backdoor defense_evasion discovery persistence privilege_escalation trojan upx
Link:
https://tria.ge/reports/250619-xzk5eaar8z/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Drops file in Program Files directory
UPX packed file
Enumerates connected drives
Indicator Removal: File Deletion
ACProtect 1.3x - 1.4x DLL software
Executes dropped EXE
Loads dropped DLL
Event Triggered Execution: AppInit DLLs
Detects Floxif payload
Floxif family
Floxif, Floodfix
Process spawned unexpected child process
Verdict:
Malicious
Tags:
trojan floxif Win.Virus.Pioneer-9111434-0
YARA:
Windows_Virus_Floxif_493d1897
Link:
https://app.threat.zone/submission/122f910b-cc22-4387-8866-82b134cc47b7
Unpacked files
SH256 hash:
99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
MD5 hash:
7de41ea51e2c5a4db90dd1dd5658c4bd
SHA1 hash:
f4e1d1289b97ca9312b082eff9a010fbab0dd7ff
Link:
https://www.unpac.me/results/a4ef13e3-4c78-478a-8040-b086371df6e2/
SH256 hash:
671721d35656375da8254841cf25fd7e715f4dfa499e8f8e52a0a0bc8f9f9196
MD5 hash:
1414459a67a1ecea60de97921d48ed95
SHA1 hash:
79d0dedb72711852074ca3f006dba8b941c7d2b8
Link:
https://www.unpac.me/results/a4ef13e3-4c78-478a-8040-b086371df6e2/
SH256 hash:
9b430cf0279ea266bee0497fd21628c65442342d6270a8f7918522fa4fe9c387
MD5 hash:
f598b6379f84e43532b6adc2198bfd9c
SHA1 hash:
73fcd6e681a26ab2ea356a9b951a8557bbc43f4c
Detections:
win_floxif_auto
Create hunting rule
Floxif
Create hunting rule
MAL_Floxif_Generic
Create hunting rule
SUSP_Microsoft_Copyright_String_Anomaly_2
Create hunting rule
MALWARE_Win_FloodFix
Create hunting rule
Link:
https://www.unpac.me/results/a4ef13e3-4c78-478a-8040-b086371df6e2/
Parent samples :
ed61a0c490e5b16ba93721a48865fb3312c314d2b42df1c45c997e2347e0fbea
5824816c15c14812f8d8fe64a2317520ac6e1e96f59d4477aacbaff84d706718
8603a6629d84f5151f3c14463f58a86b24baff50280fa66cc26c086e3211b89f
fd05a5d4e619781f5e1affdfb88dfd117b616df12c8c42e8f05fbcc24ebcfaae
aed65c4e500b4d5da1b557da1b4c7d916868aa100f0b0eab243892036422a3db
e40e040b7604a94d6f9db5175e1a1cc4eb762c035c90ba49f952e723a9c8258a
d014b70080dc2525f222f7eb5aa8c97b35ac366f2c1ad0e0b656f7879d4cb4a1
038d79354607ff85b37621bed1e5e33c68ae21b483730b0e6067abcdd5276c9a
ea201b8fe8ee9d0514b5cc3e273e02b1a06872ebadec937a57285c049de1854d
e58eb39c66efd238b3d957301383ab74099577cf79204d0f7ead51d9cb9c4b1c
56f790633aa97cca376318d0f6f9055ac17c0f102e12f2bf6f078b361c316aa3
e0b7c369ac7cd497c804fe503a65a76606fabed39db60c117ad196607f9c8aa4
3672c48abefd98e598090174265dc3051ff712838e7214ed009c6fcfede22654
a74ee1dbb1120582708462beadf602396c36e9738b150bbf21bdfce09ecd7538
c4e805cafe001cbf1ede9535183d4101c0c2409a8c0ee7debd74ccda64d827f1
6df588b4ad822707978cdc32b85764c300895f946f6581d529b6b9fe086ae706
f7deee99b91289f666e2f0f0043b7330e2c28e88cb319b44c2d1c4499ff9f45f
ee1c03beade3bc4d590fc2a208b7b4006a8918576f992b348c5488c61e7b3dc5
09e3afe1513862f13cc241700fa5f8e4084fee568bc0b12044c94bc458b6b36c
95eb3c2415875d0898a9a206222d25138e0261b4188be73bc6edd965dbe207a5
a419c37fe7f832d9c6541d699124426071b30de1c0e0c9754d0af85cba0ed021
fe1e5468f98a5abe64a3a98a801078fb61fcf393eb8c63ca153275d4f9c61655
29cfbcef98823aabf25d4bc612e9991ce971d7546f4d4660505eb75bbdc57eb8
9cc8ee5bceb4329db551ab0f1c20ddc51feb6ad3f07f876e911e61b1c632664d
9a831200151eb0fb1191eeb1ec85a0006acaeaeb834e3150c63b2ddfc7eb9fca
1886c8a0b8111446cc2f76dd0394264c14a8ae5f53e3dcbe7399c43e71b1b1f7
791a4219e0a98665d6abe5f0267c03499bd8d842c894daaac554f5e3200bc5fb
ce40e5f365dc4a4af4688ebfc262edbdb129fdab31de51f6e67f7fa52fe9fc2a
99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a
Malware family:
Floxif
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/99d9b3e49c9e/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/99d9b3e49c9eaed0615aaf6289a235ff9f39cb5c3b7382d6f51304a6ec04594a

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:golang_bin_JCorn_CSC846
Create hunting rule
Author:Justin Cornwell
Description:CSC-846 Golang detection ruleset
Rule name:MALWARE_Win_FloodFix
Create hunting rule
Author:ditekSHen
Description:Detects FloodFix
Rule name:MAL_Floxif_Generic
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:MAL_Floxif_Generic_RID2DCE
Create hunting rule
Author:Florian Roth
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:MD5_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for MD5 constants
Rule name:meth_stackstrings
Create hunting rule
Author:Willi Ballenthin
Rule name:NET
Create hunting rule
Author:malware-lu
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits
Rule name:SUSP_Microsoft_Copyright_String_Anomaly_2
Create hunting rule
Author:Florian Roth (Nextron Systems)
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:SUSP_Microsoft_Copyright_String_Anomaly_2_RID3720
Create hunting rule
Author:Florian Roth
Description:Detects Floxif Malware
Reference:Internal Research
Rule name:SUSP_XORed_MSDOS_Stub_Message
Create hunting rule
Author:Florian Roth
Description:Detects suspicious XORed MSDOS stub message
Reference:https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings
Rule name:Sus_Obf_Enc_Spoof_Hide_PE
Create hunting rule
Author:XiAnzheng
Description:Check for Overlay, Obfuscating, Encrypting, Spoofing, Hiding, or Entropy Technique(can create FP)
Rule name:UPXV200V290MarkusOberhumerLaszloMolnarJohnReiser
Create hunting rule
Author:malware-lu
Rule name:Windows_Virus_Floxif_493d1897
Create hunting rule
Author:Elastic Security
Rule name:win_floxif_auto
Create hunting rule
Author:Felix Bilstein - yara-signator at cocacoding dot com
Description:Detects win.floxif.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/10237/

BLint

The following table provides more information about this file using BLint. BLint is a Binary Linter to check the security properties, and capabilities in executables.

Findings
IDTitleSeverity
CHECK_AUTHENTICODEMissing Authenticodehigh
CHECK_DLL_CHARACTERISTICSMissing dll Security Characteristics (HIGH_ENTROPY_VA)high
CHECK_TRUST_INFORequires Elevated Execution (level:requireAdministrator)high
Reviews
IDCapabilitiesEvidence
AUTH_APIManipulates User AuthorizationADVAPI32.dll::AllocateAndInitializeSid
ADVAPI32.dll::CreateWellKnownSid
ADVAPI32.dll::EqualSid
ADVAPI32.dll::FreeSid
ADVAPI32.dll::SetEntriesInAclW
ADVAPI32.dll::InitializeSecurityDescriptor
COM_BASE_APICan Download & Execute componentsole32.dll::CLSIDFromProgID
ole32.dll::CoCreateInstance
ole32.dll::CoInitializeSecurity
ole32.dll::CreateStreamOnHGlobal
GDI_PLUS_APIInterfaces with Graphicsgdiplus.dll::GdiplusStartup
gdiplus.dll::GdipDeleteGraphics
gdiplus.dll::GdipAlloc
gdiplus.dll::GdipCreateFromHDC
RPC_APICan Execute Remote ProceduresRPCRT4.dll::RpcStringFreeW
SECURITY_BASE_APIUses Security Base APIADVAPI32.dll::AdjustTokenPrivileges
ADVAPI32.dll::GetTokenInformation
ADVAPI32.dll::SetSecurityDescriptorDacl
ADVAPI32.dll::SetSecurityDescriptorGroup
ADVAPI32.dll::SetSecurityDescriptorOwner
SHELL_APIManipulates System ShellSHELL32.dll::ShellExecuteExW
SHELL32.dll::ShellExecuteW
WIN32_PROCESS_APICan Create Process and ThreadsKERNEL32.dll::CreateProcessW
KERNEL32.dll::OpenProcess
ADVAPI32.dll::OpenProcessToken
ADVAPI32.dll::OpenThreadToken
KERNEL32.dll::CloseHandle
KERNEL32.dll::CreateThread
WIN_BASE_APIUses Win Base APIKERNEL32.dll::TerminateProcess
KERNEL32.dll::LoadLibraryExW
KERNEL32.dll::LoadLibraryExA
KERNEL32.dll::LoadLibraryA
KERNEL32.dll::LoadLibraryW
KERNEL32.dll::GetDriveTypeW
WIN_BASE_EXEC_APICan Execute other programsKERNEL32.dll::WriteConsoleW
KERNEL32.dll::ReadConsoleW
KERNEL32.dll::SetStdHandle
KERNEL32.dll::GetConsoleMode
KERNEL32.dll::GetConsoleCP
WIN_BASE_IO_APICan Create FilesKERNEL32.dll::CopyFileW
KERNEL32.dll::CreateDirectoryW
KERNEL32.dll::CreateFileW
KERNEL32.dll::CreateFileMappingW
KERNEL32.dll::DeleteFileW
KERNEL32.dll::MoveFileW
WIN_BASE_USER_APIRetrieves Account InformationADVAPI32.dll::LookupPrivilegeValueW
WIN_NETWORK_APISupports Windows NetworkingMPR.dll::WNetGetUniversalNameW
WIN_REG_APICan Manipulate Windows RegistryADVAPI32.dll::RegCreateKeyExW
ADVAPI32.dll::RegDeleteKeyW
ADVAPI32.dll::RegOpenKeyExW
ADVAPI32.dll::RegOpenKeyW
ADVAPI32.dll::RegQueryInfoKeyW
ADVAPI32.dll::RegQueryValueExW
WIN_USER_APIPerforms GUI ActionsUSER32.dll::FindWindowW
USER32.dll::FindWindowExW
USER32.dll::PeekMessageW
USER32.dll::CreateWindowExW

Comments