Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan Horse Agent3.AYIB

Trojan Horse Agent3.AYIB

By GoldSparrow in Trojans

Threat Scorecard

Popularity Rank: 3,148
Threat Level: 80 % (High)
Infected Computers: 40,167
First Seen: December 7, 2011
Last Seen: May 2, 2026
OS(es) Affected: Windows

Trojan Horse Agent3.AYIB is a dangerous Trojan enters the targeted computer system bundled with other malware threats and executes malicious activities without the user's permission and knowledge. Once installed onto a compromised PC system, Trojan Horse Agent3.AYIB will change your desktop background and display various false warning messages. Trojan Horse Agent3.AYIB is able to redirect its victims to malicious websites while they are browsing the web. Trojan Horse Agent3.AYIB spreads via malicious spam email attachments. Uninstall Trojan Horse Agent3.AYIB as soon as possible.

SpyHunter Detects & Remove Trojan Horse Agent3.AYIB

File System Details

Trojan Horse Agent3.AYIB may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. bb18d23bf4be9333adacb8661d03908c3e465c5a3b778170b18cc53077bccb95.exe 76cc8d23dc9c01388e0ae17a067ef80c 1
2. C:WindowsSystem32fake dwm.exe
3. C:Program Files[RANDOM CHARACTERS].exe
4. C:WindowsSystem32fake wuauclt.exe
5. C:Windowsfake explorer.exe
6. C:WindowsSystem32fake taskhost.exe
7. C:Documents and SettingsUser nameLocalSettingsTemporary Internet FilesContent[RANDOM CHARACTERS]

Registry Details

Trojan Horse Agent3.AYIB may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINESYSTEMControlSet001EnumRootLEGACY_MYNAME000Control
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServices[RANDOM CHARACTERS]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun[RANDOM CHARACTERS].exe

Analysis Report

General information

Family Name: Trojan.Coinminer.GCA
Signature status: No Signature

Known Samples

MD5: f029a33d2cbca29a93f17d33e16137c9
SHA1: 26dc1f7c43340b275e8660e35ba0a3a7284041bd
SHA256: 4711B6E4CA90B6DEAAE343DECA4B86C1DAEA6DB145ABCE7B9E1ADE272A2133E5
File Size: 3.21 MB, 3209448 bytes
MD5: 7414ec3c5ecc6044c23e17dd44588a94
SHA1: 09d9646c15dda9641910d790fc450499facf2dfd
SHA256: F75632F570A90D08FEB8FB53F77472E64D4F2A6B37A1AC073367A26579934A43
File Size: 9.15 MB, 9145699 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
Show More
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name Massive Computing, Inc.
File Description Massive library
File Version 0.10.2.0
Internal Name Massive.dll
Legal Copyright Copyright 2019–2021 Massive Computing, Inc.
Original Filename Massive.dll
Product Name Massive
Product Version 0.10.0

Digital Signatures

Signer Root Status
Bit Guardian GmbH Sectigo Public Code Signing Root R46 Root Not Trusted

File Traits

  • 2+ executable sections
  • dll
  • GetConsoleWindow
  • Installer Manifest
  • Installer Version
  • packed
  • x64

Block Information

Total Blocks: 867
Potentially Malicious Blocks: 3
Whitelisted Blocks: 864
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\temp\_mei100362\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\libffi-8.dll Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\_mei100362\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei100362\xmrig.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei101322\xmrig.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei85522\xmrig.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei93562\xmrig.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei94482\xmrig.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei95562\xmrig.exe Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei96162\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\_bz2.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\_ctypes.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\_decimal.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\_hashlib.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\_lzma.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\_socket.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\base_library.zip Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\config.json Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\libcrypto-3.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\libffi-8.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\python313.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\select.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\unicodedata.pyd Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\vcruntime140.dll Generic Write,Read Attributes
c:\users\user\appdata\local\temp\_mei99322\xmrig.exe Generic Write,Read Attributes

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
Show More
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • ntdll.dll!NtYieldExecution
  • UNKNOWN
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiGetDCforBitmap
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiRestoreDC
  • win32u.dll!NtGdiSaveDC
  • win32u.dll!NtGdiSelectBitmap
  • win32u.dll!NtGdiSetDIBitsToDeviceInternal
  • win32u.dll!NtUserBuildHwndList
  • win32u.dll!NtUserCallTwoParam
  • win32u.dll!NtUserCreateEmptyCursorObject
  • win32u.dll!NtUserCreateWindowEx
  • win32u.dll!NtUserDestroyWindow
  • win32u.dll!NtUserFindExistingCursorIcon
  • win32u.dll!NtUserGetAncestor
  • win32u.dll!NtUserGetClassInfoEx
  • win32u.dll!NtUserGetClassName
  • win32u.dll!NtUserGetDC
  • win32u.dll!NtUserGetGUIThreadInfo
  • win32u.dll!NtUserGetIconInfo
  • win32u.dll!NtUserGetIconSize
  • win32u.dll!NtUserGetImeInfoEx
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetObjectInformation
  • win32u.dll!NtUserGetProcessWindowStation
  • win32u.dll!NtUserGetProp
  • win32u.dll!NtUserGetThreadDesktop
  • win32u.dll!NtUserGetThreadState

14 additional items are not displayed above.

Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • CreateProcess

Shell Command Execution

c:\users\user\downloads\09d9646c15dda9641910d790fc450499facf2dfd_0009145699 "c:\users\user\downloads\09d9646c15dda9641910d790fc450499facf2dfd_0009145699"

Trending

Most Viewed

Loading...