Multi-License Discount Quote

Change Region

English
Threat Database Hacktool Hacktool.CsgoInjector.FB

Hacktool.CsgoInjector.FB

By CagedTech in Hacktool

Threat Scorecard

Popularity Rank: 10,813
Threat Level: 50 % (Medium)
Infected Computers: 58
First Seen: June 9, 2024
Last Seen: March 31, 2026
OS(es) Affected: Windows

Analysis Report

General information

Family Name: Hacktool.CsgoInjector.FB
Signature status: No Signature

Known Samples

MD5: 71e94e91f5bed96c1414869b77d72403
SHA1: 3c10c76715b79d2ad9318be91d9ca67168aafd63
File Size: 1.05 MB, 1049088 bytes
MD5: 30f661f28456cb3438f3ce326e65a21a
SHA1: e24ce88edb2cd40ed2535bb4995efbc8dcfdb613
SHA256: 168894C2242E22ED04421EB7471FE4F0E8A64ED903B670C23AC00142CB0A1A63
File Size: 4.01 MB, 4014080 bytes
MD5: ae2555392b8babdef121e75bf2af48ab
SHA1: 8d37f394bfeae7f8b9f305b7d39a4ae7cd3cb81d
SHA256: 6B9131421ECFAB1FFA2C3BCFD593A4C3AFC9510B80FC577A543142359CA9F99F
File Size: 4.99 MB, 4992000 bytes
MD5: 7c793ad5c78458df2a48681d290b6547
SHA1: 09567d48ea84da7cf78badd6bdbe5a6f63a5aa42
SHA256: 58DC2EDAFC712550CE0FF2BCD1FFA6079CC8E4A348A2D565C30E6182C97B977D
File Size: 2.54 MB, 2543104 bytes
MD5: c7e10c7e8010c5e20425e6241cc842c2
SHA1: 9a7a181124eff2526c19c1a556219d83ee9c985b
SHA256: 13D1FF9EC4683C5D82BEFCC823797E617A95E5E0573D34F06004936520496DD7
File Size: 2.55 MB, 2545152 bytes
Show More
MD5: 166837e4e25ef836636fc4207454750b
SHA1: 19c416ff572836c21e31c5ecac082d4b4472e4c9
SHA256: 72EB9A1681B35916C6BB5466B24C72B2662356425BA40EFC9668D91FE1075DB4
File Size: 1.67 MB, 1665608 bytes
MD5: e238fe8401dc32f1c8d4e062baa8650c
SHA1: 79b634085653591351ca59bbd7bf3a2cb7f9e16f
SHA256: FECBB0E2CC0A140E6BE003894455319A13ED138D0E80B7BF71545DB453EE6673
File Size: 8.39 MB, 8390144 bytes
MD5: cf39d361c86da2a759c06c348c7faf6a
SHA1: 2123c322f6929a2e4239276ef3cfecdf9dc1917e
SHA256: 60AA0648BB7C06EE35E3D77032FF3DE612A3422E8C7B8E032B68690601CBC901
File Size: 8.98 MB, 8975360 bytes
MD5: 73e70a8dbccccbb45356cdf01c339816
SHA1: df73408c05bdbbc9f8a110040b6c2d2c1555f43a
SHA256: D1213AC25C95CA94D517C581512BA5483A4BC491652AAD885B452289BB90358A
File Size: 2.71 MB, 2709504 bytes
MD5: 51e854e8498b914aecaae73e9dd746a2
SHA1: 06bbdaa248aa1088a3415d489dc245a3124aa027
SHA256: FD96396F2243BA0C604BB3EA9AC402CC2755625E0DCCA6630579AA0C3968315D
File Size: 9.28 MB, 9277440 bytes
MD5: 79e4edd9bf8a9140d3492ea3b3adbd20
SHA1: 518105a76c5eae7b0056158ecdddaedcd3bac717
SHA256: 6F16358E9BE614C7D478B61E5ECAD6F06F6F84CF9111BE992C9C16CC5E96221F
File Size: 1.05 MB, 1054208 bytes
MD5: 4ce5e66ac74b68951c87a195434e842c
SHA1: 31f19cd8a227fb05455ceef86a2c014959d50145
SHA256: 8EAE23709F7590232392CB298DAFAB37099D24572EDFC57931CEE6D896D22ABF
File Size: 4.01 MB, 4008960 bytes
MD5: 70128a346eed466bbffb3ba2617ec5c4
SHA1: e1702eae251f9f38398460fa44fc723a7b45d4cf
SHA256: BC95FF4275FA3C52B32E5BD8AC72E1ADC8ABEBD88E5E50593F79938F27219D6D
File Size: 1.04 MB, 1043456 bytes
MD5: 4b1bbb8272d430df2374d5e506f44d53
SHA1: 5686d8722a9d9d43382e437e19df969f06262c70
SHA256: FAF095FD688D99D3E9608F45174D6B7057EE2C6BAC2328A0555935DA71D24CD1
File Size: 4.01 MB, 4014592 bytes
MD5: 8bb23ffac0f460af48e49b0270d9fc8f
SHA1: d3094e513f4a79475a4608c4eb111db4f55049a9
SHA256: A04E4674530093399649548C356A04F807FC4FC2406B128D33AC6D6BCEBBA34F
File Size: 2.32 MB, 2316800 bytes
MD5: a49c7a0327f68a410d4fadf10945291d
SHA1: 46f5bc7589f0218da332105a118856836ebc546e
SHA256: 674BF1A6B8FC3E4EAC2CE688F51CA0AEAC3781D45F02159900AB4CD163BD1930
File Size: 5.48 MB, 5479424 bytes
MD5: e21c1fe569e61eb403c8b9b0d96c4551
SHA1: 35630c34dde52815a68855a06c4120da1e9feb18
SHA256: 3A96E4368EFC0FA89677DC76EF88D3C0634BEC4C64C8620587C0932768DF3F4E
File Size: 1.42 MB, 1421824 bytes
MD5: 672a7c9aa723c6ce332985f9130f2778
SHA1: 7aeaa67e9b3e93fd2b75bee52a02f5e825e3deb1
SHA256: C9A833C9D1E21833AD33F236605905445B7C0006B9E0657037B030E5A0D100B3
File Size: 2.75 MB, 2746368 bytes
MD5: 18b8585bda307651290b6d8575cf0aa4
SHA1: 1079db2b7f53736c2f4660bb3f8fd9cca4671f46
SHA256: 91BE15D80E78E77F1866C21DD0F0F99F99420004EFC3A3228F1FE93EA462999A
File Size: 5.36 MB, 5358592 bytes
MD5: 4a4e10a222763eb1a8b3854d0b8471dd
SHA1: 0d5662c78946e8a6427245a6f27c64922b64da50
SHA256: 024DE9F75C130567F3E5B62B494CA9A93FB152B76F10D7BD02D28ADB5E026C77
File Size: 3.61 MB, 3609088 bytes
MD5: 2653e752837d7f3d76471de07dbf7eae
SHA1: 34794913f9b28a59facd2528e082809ee2621649
SHA256: 1B58812ACC01692FEDA18858CA875C8AD2CCDF0F99FD09696158A845177DF8BA
File Size: 2.86 MB, 2862080 bytes
MD5: f780313a49ebda88d0cca2d9be0cffc4
SHA1: 0749c2e2320fa92cb83a678d4452dceafaa19d50
SHA256: 717564269DDD25C5B4E0CA200015ACDE2CBCA46BBEFA49251B8AA965D3388595
File Size: 4.93 MB, 4930560 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
Show More
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Company Name
  • Epic Games, Inc.
  • Synaptics
File Description
  • Synaptics Pointing Device Driver
  • UnrealEngineLauncherProxy
File Version 1.0.0.4
Internal Name UnrealEngine
Legal Copyright Copyright Epic Games, Inc. All Rights Reserved.
Original Filename UnrealEngineLauncherProxy-Win32-Shipping.exe
Product Name
  • Synaptics Pointing Device Driver
  • Unreal Engine
Product Version
  • 1.11.0-40242966+++Portal+Release-Live
  • 1.0.0.0

File Traits

  • 2+ executable sections
  • CryptUnprotectData
  • dll
  • GetConsoleWindow
  • HighEntropy
  • imgui
  • No Version Info
  • ntdll
  • VirtualQueryEx
  • WriteProcessMemory
Show More
  • x64
  • x86

Block Information

Total Blocks: 3,247
Potentially Malicious Blocks: 252
Whitelisted Blocks: 2,985
Unknown Blocks: 10

Visual Map

0 0 x x x x x 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.ZFBJ
  • Agent.ZFKD
  • CsgoInjector.FB
  • CsgoInjector.GH
  • Downloader.Agent.BTF
Show More
  • FakeAlert.X
  • Gamehack.GACH
  • Gamehack.GACI
  • Gamehack.GAII
  • Gamehack.GSH
  • Gamehack.GYF
  • Gamehack.PS
  • Gamehack.PSA
  • Kryptik.EFJ
  • QQPass.AK
  • TelegramHack.C
  • Trojan.Downloader.Gen.HP
  • Trojan.Downloader.Gen.MD

Files Modified

File Attributes
\device\namedpipe Generic Read,Write Attributes
\device\namedpipe Generic Write,Read Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics Synchronize,Write Attributes
c:\programdata\synaptics\rcxbf8c.tmp Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\synaptics\synaptics.exe Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\programdata\synaptics\synaptics.exe Synchronize,Write Attributes
c:\programdata\synaptics\synaptics.exe Synchronize,Write Data
c:\users\user\appdata\local\temp\ar4dgoc.ini Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\vgc_bypass.exe Generic Write,Read Attributes
Show More
c:\users\user\appdata\local\temp\vgc_bypass.exe Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl Synchronize,Write Attributes
c:\users\user\appdata\roaming\winsl\l3\31\2026 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_0749c2e2320fa92cb83a678d4452dceafaa19d50_0004930560 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\._cache_0749c2e2320fa92cb83a678d4452dceafaa19d50_0004930560 Synchronize,Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ꂆ斬異Ǜ RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ␮⛴ǜ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer::slowcontextmenuentries RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe 渵媧ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe ⲳ溭媧ǜ RegNtPreCreateKey
Show More
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe 뙭᳹碈ǜ RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows\currentversion\run::synaptics pointing device driver C:\ProgramData\Synaptics\Synaptics.exe RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAccessCheckByType
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcAcceptConnectPort
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreatePort
  • ntdll.dll!NtAlpcCreatePortSection
  • ntdll.dll!NtAlpcCreateSectionView
Show More
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcQueryInformationMessage
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtAlpcSetInformation
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelIoFileEx
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateNamedPipeFile
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateUserProcess
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFindAtom
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtImpersonateAnonymousToken
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenMutant
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtPowerInformation
  • ntdll.dll!NtPrivilegeCheck
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFile
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryEvent
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryObject
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationObject

32 additional items are not displayed above.

Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
Process Manipulation Evasion
  • NtUnmapViewOfSection
Process Shell Execute
  • ShellExecuteEx
User Data Access
  • GetUserObjectInformation
Service Control
  • OpenSCManager
Network Winsock2
  • WSAStartup
  • WSAttemptAutodialName
Network Winhttp
  • WinHttpOpen
Network Wininet
  • InternetOpen
  • InternetOpenUrl
  • InternetReadFile
Network Winsock
  • bind
  • closesocket
  • gethostbyname
  • getsockname
  • socket

Shell Command Execution

open C:\Users\Hzukjdxs\AppData\Local\Temp\vgc_bypass.exe
runas c:\users\user\downloads\._cache_0749c2e2320fa92cb83a678d4452dceafaa19d50_0004930560
runas C:\ProgramData\Synaptics\Synaptics.exe InjUpdate

Trending

Most Viewed

Loading...