Multi-License Discount Quote

Change Region

English
Threat Database Potentially Unwanted Programs PUP.DisableDefender

PUP.DisableDefender

By CagedTech in Potentially Unwanted Programs

Analysis Report

General information

Family Name: PUP.DisableDefender
Signature status: No Signature

Known Samples

MD5: 71b5f8bab80742650151ff4fc2eafa84
SHA1: 90c5aba6eeb3acbdc63b0c57c2c893889877f280
SHA256: CA403188D0AE885EE657F97E896E5A0F99C971E41AECDF9C38BF56E0417FD377
File Size: 888.43 KB, 888435 bytes
MD5: 6bf0418ae10835d5dad3f505dd227f2c
SHA1: f26216112ed1752311c21152923083abd8e53bc4
SHA256: 38F0EA1245567942D30647FF93EAD34F81F75655045DEACD72D8B740F2F8176D
File Size: 7.17 KB, 7168 bytes
MD5: c16d92879668c2f25e70e6aa4d775125
SHA1: 2e1c26d7c4d2d477b80e39483788159020e3d73f
SHA256: E732D9A120E729E5E7D2119E839D1A2C38891E5617319237B27B540B6A095A42
File Size: 13.31 KB, 13312 bytes
MD5: d0cd10409fdfaa1b05e356664919a027
SHA1: 8b77b8679b4c775e48f8818b6a7fae74bc7b3837
SHA256: 5A420A3BACD988F78A8DD6ED901447B5C2F3F26631FCB1C73B4BB9B98D899B0C
File Size: 1.62 MB, 1617408 bytes
MD5: 613043f124cb3aa441cd995a3c639548
SHA1: f0efc4fe8a597775117888f1f0233442de4af266
SHA256: AAC52AD0CA579CD03A462A6B5A225DD08B7DFE727159D0FA7D09E907BA6AECD4
File Size: 1.00 MB, 1002111 bytes
Show More
MD5: 78f3cec69fb0a56558d31096c2ed575b
SHA1: f9ab673ba7d7c0cbb9d72c3944584e6b1b203493
SHA256: 5B2EF5EEE4E58598DF3741382E8B845949118925DFEE673A292C58ECC20A6246
File Size: 60.93 KB, 60928 bytes
MD5: 2ba30791e1058c062ee6987751ffee64
SHA1: 372bde4e34790ae56e009454a7e430e412adb535
SHA256: 42FB473C553A222A2AD2C79B398F388A1AC745ABE48CB29669534EF288D4D4CF
File Size: 3.79 MB, 3791085 bytes
MD5: 407d560f5dcafdd707d9c4475939fc07
SHA1: ca0006b80f5b654f168cc21f258295162f135451
SHA256: 9B846657DC15BC1DFB1DBD410B8274F5692D51FF4B4D2208065F2177A8267DE8
File Size: 927.93 KB, 927928 bytes
MD5: 04fb24273b3b32341d195a464aaf634f
SHA1: c6bbb4061cc914f30d10fb13bdc2a67011e1fab6
SHA256: 23322754A573A0298CB6B6F9734DD512F9433405FDB115E7897FD767CCFA8DDA
File Size: 3.73 MB, 3727872 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File has exports table
  • File has TLS information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
Show More
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 1.0.0.0
  • 0.0.0.0
Coder By BlueLife
Comments
  • Make Windows faster and more secure
  • This installation was built with Inno Setup.
  • Windows Defender Control v1.6
Company Name
  • dControl
  • deadmoon © 2021
  • TeamLimiter, lnc
  • www.sordum.org
File Description
  • DisableWD
  • HB_Security
  • LimiterUtility
  • Optimizer
  • Setup/Uninstall
  • Windows Defender Control
File Version
  • 51.1053.0.0
  • 1.6.0.0
  • 1.00
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • DisableWD.dll
  • HB_Security.exe
  • LimiterUtility.dll
  • Optimizer.exe
  • TJprojMain
Legal Copyright
  • Copyright @ 2025 TeamLimiter, lnc
  • Copyright © 2015-2019 www.sordum.org All Rights Reserved.
  • Copyright © 2020
  • Copyright © 2021
  • deadmoon © 2021
Original Filename
  • DisableWD.dll
  • HB_Security.exe
  • LimiterUtility.dll
  • Optimizer.exe
  • TJprojMain.exe
Product Name
  • dControl
  • DisableWD
  • HB_Security
  • LimiterOptimizer
  • Optimizer
  • Project1
Product Version
  • 1.00
  • 1.0.0.0
  • 1.0.0
  • 1.0.0
  • 0.0.0.0

File Traits

  • .NET
  • 2+ executable sections
  • big overlay
  • dll
  • HighEntropy
  • Inno
  • InnoSetup Installer
  • Installer Manifest
  • Installer Version
  • ntdll
Show More
  • Run
  • SusSec
  • VirtualQueryEx
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 519
Potentially Malicious Blocks: 22
Whitelisted Blocks: 178
Unknown Blocks: 319

Visual Map

0 ? ? ? 0 ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? x x 0 0 ? 0 0 0 0 x 0 0 0 0 x x 0 x 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x ? ? 0 x 0 x x ? 0 ? ? 0 ? ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? 0 0 ? ? ? 0 ? ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? 0 x 0 0 ? ? ? ? x 0 ? ? ? ? 0 ? 0 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? x 0 0 0 ? 0 ? 0 ? 0 ? ? 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? 0 0 0 0 ? 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? ? ? ? 0 ? ? ? ? ? 0 0 0 ? ? 0 ? ? ? ? ? ? ? x 0 0 0 ? ? ? ? ? x 0 0 ? ? ? ? ? 0 ? 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 ? 0 ? ? ? ? ? ? x 0 0 ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? 0 ? ? ? 0 0 ? ? 0 x ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x ? 0 ? 0 ? 0 ? 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Autoit
  • BestaFera.G
  • Bitcoinminer.BDA
  • Bitcoinminer.BDB
  • Bitcoinminer.DJE
Show More
  • Delf.DA
  • Injector.XD
  • MSIL.BypassUAC.K
  • MSIL.Downloader.CAYD
  • MSIL.Rozena.GG
  • Ousaban.V
  • Rugmi.T

Files Modified

File Attributes
\device\namedpipe\srvsvc Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\optimizer\optimizer.json Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\programdata\optimizer\readymademenus\desktopshortcuts.reg Generic Write,Read Attributes
c:\programdata\optimizer\readymademenus\installtakeownership.reg Generic Write,Read Attributes
c:\programdata\optimizer\readymademenus\powermenu.reg Generic Write,Read Attributes
c:\programdata\optimizer\readymademenus\removetakeownership.reg Generic Write,Read Attributes
c:\programdata\optimizer\readymademenus\systemshortcuts.reg Generic Write,Read Attributes
c:\programdata\optimizer\readymademenus\systemtools.reg Generic Write,Read Attributes
c:\programdata\optimizer\readymademenus\windowsapps.reg Generic Write,Read Attributes
c:\programdata\optimizer\required\disableofficetelemetrytasks.bat Generic Write,Read Attributes
Show More
c:\programdata\optimizer\required\disableofficetelemetrytasks.reg Generic Write,Read Attributes
c:\programdata\optimizer\required\disabletelemetrytasks.bat Generic Write,Read Attributes
c:\programdata\optimizer\required\disablexboxtasks.bat Generic Write,Read Attributes
c:\programdata\optimizer\required\enableofficetelemetrytasks.bat Generic Write,Read Attributes
c:\programdata\optimizer\required\enableofficetelemetrytasks.reg Generic Write,Read Attributes
c:\programdata\optimizer\required\enabletelemetrytasks.bat Generic Write,Read Attributes
c:\programdata\optimizer\required\enablexboxtasks.bat Generic Write,Read Attributes
c:\programdata\optimizer\required\onedrive_uninstaller.cmd Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.1.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\usrclass.dat{dba6b5ef-640a-11ed-9bcb-f677369d361c}.txr.2.regtrans-ms Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca36d_rar\ca0006b80f5b654f168cc21f258295162f135451_0000927928 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca36d_rar\ca0006b80f5b654f168cc21f258295162f135451_0000927928 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\002ca3fa_rar\ca0006b80f5b654f168cc21f258295162f135451_0000927928 Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\002ca3fa_rar\ca0006b80f5b654f168cc21f258295162f135451_0000927928 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\windows\system.ini Generic Read,Write Data,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\software\policies\microsoft\windows defender::disableantispyware  RegNtPreCreateKey
HKLM\software\policies\microsoft\windows defender\real-time protection::disablebehaviormonitoring  RegNtPreCreateKey
HKLM\software\policies\microsoft\windows defender\real-time protection::disableonaccessprotection  RegNtPreCreateKey
HKLM\software\policies\microsoft\windows defender\real-time protection::disablescanonrealtimeenable  RegNtPreCreateKey
HKLM\system\controlset001\services\securityhealthservice::start  RegNtPreCreateKey
HKLM\system\controlset001\services\mpssvc::start  RegNtPreCreateKey
HKLM\software\policies\microsoft\windowsfirewall\standardprofile::enablefirewall  RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 沉䠱O噀ñ᝹ʁ傄ë駃óߙĤÉ RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\explorer\advanced::hidden  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::antivirusoverride  RegNtPreCreateKey
Show More
HKLM\software\wow6432node\microsoft\security center::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center::uacdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusoverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::antivirusdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalldisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::firewalloverride  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::updatesdisablenotify  RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\security center\svc::uacdisablenotify  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings::globaluseroffline RegNtPreCreateKey
HKLM\software\microsoft\windows\currentversion\policies\system::enablelua RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::enablefirewall RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::donotallowexceptions RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\standardprofile::disablenotifications  RegNtPreCreateKey
HKCU\software\apcr\1214104697::1919251317 ª RegNtPreCreateKey
HKCU\software\apcr\1214104697::-456464662 RegNtPreCreateKey
HKCU\software\apcr\1214104697::1462786655 RegNtPreCreateKey
HKCU\software\apcr\1214104697::-912929324 # RegNtPreCreateKey
HKCU\software\apcr\1214104697::1006321993 ĉ RegNtPreCreateKey
HKCU\software\apcr\1214104697::-1369393986 http://intercomplustula.ru/logo.gifhttp://gocekmanti.com/imag RegNtPreCreateKey
HKCU\software\apcr\1214104697::549857331 RegNtPreCreateKey
HKCU\software\apcr::u1_0 㑞㗊 RegNtPreCreateKey
HKCU\software\apcr::u2_0 RegNtPreCreateKey
HKCU\software\apcr::u3_0 権ă RegNtPreCreateKey
HKCU\software\apcr::u4_0 RegNtPreCreateKey
HKCU\software\apcr::u1_1 RegNtPreCreateKey
HKCU\software\apcr::u2_1 泺牥 RegNtPreCreateKey
HKCU\software\apcr::u3_1 ᥜ獦 RegNtPreCreateKey
HKCU\software\apcr::u4_1 獵牥 RegNtPreCreateKey
HKCU\software\apcr::u1_2 ༾脦 RegNtPreCreateKey
HKCU\software\apcr::u2_2 앟 RegNtPreCreateKey
HKCU\software\apcr::u3_2 賃 RegNtPreCreateKey
HKCU\software\apcr::u4_2  RegNtPreCreateKey
HKCU\software\apcr::u1_3 ㌣儵 RegNtPreCreateKey
HKCU\software\apcr::u2_3 䌆地 RegNtPreCreateKey
HKCU\software\apcr::u3_3 ぶ嘳 RegNtPreCreateKey
HKCU\software\apcr::u4_3 婟地 RegNtPreCreateKey
HKCU\software\apcr::u1_4 ᝦ쩾 RegNtPreCreateKey
HKCU\software\apcr::u2_4 헋즕 RegNtPreCreateKey
HKCU\software\apcr::u3_4 ꟽ좖 RegNtPreCreateKey
HKCU\software\apcr::u4_4 췔즕 RegNtPreCreateKey
HKCU\software\apcr::u1_5 ഄ汎 RegNtPreCreateKey
HKCU\software\apcr::u2_5 慄㯻 RegNtPreCreateKey
HKCU\software\apcr::u3_5 ⭠㫸 RegNtPreCreateKey
HKCU\software\apcr::u4_5 䅉㯻 RegNtPreCreateKey
HKCU\software\apcr::u1_6 ꐆ RegNtPreCreateKey
HKCU\software\apcr::u2_6 钴깠 RegNtPreCreateKey
HKCU\software\apcr::u3_6 RegNtPreCreateKey
HKCU\software\apcr::u4_6 뒾깠 RegNtPreCreateKey
HKCU\software\apcr::u1_7 뷻 RegNtPreCreateKey
HKCU\software\apcr::u2_7 ヾ⃆ RegNtPreCreateKey
HKCU\software\apcr::u3_7 䈚⇅ RegNtPreCreateKey
HKCU\software\apcr::u4_7 ⠳⃆ RegNtPreCreateKey
HKCU\software\apcr::u1_8 룾긲 RegNtPreCreateKey
HKCU\software\apcr::u2_8 軡錫 RegNtPreCreateKey
HKCU\software\apcr::u3_8 鈨 RegNtPreCreateKey
HKCU\software\apcr::u4_8 鮨錫 RegNtPreCreateKey
HKCU\software\apcr::u1_9 꽧ﲳ RegNtPreCreateKey
HKCU\software\apcr::u2_9 ᖃ֑ RegNtPreCreateKey
HKCU\software\apcr::u3_9 攴Ғ RegNtPreCreateKey
HKCU\software\apcr::u4_9 ༝֑ RegNtPreCreateKey
HKCU\software\apcr::u1_10 귋삚 RegNtPreCreateKey
HKCU\software\apcr::u2_10 齥矶 RegNtPreCreateKey
HKCU\software\apcr::u3_10 盵 RegNtPreCreateKey
HKCU\software\apcr::u4_10 芒矶 RegNtPreCreateKey
HKCU\software\apcr::u1_11 았瑫 RegNtPreCreateKey
HKCU\software\apcr::u2_11 폍 RegNtPreCreateKey
HKCU\software\apcr::u3_11 鰮 RegNtPreCreateKey
HKCU\software\apcr::u4_11  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet  RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
Show More
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtUnsubscribeWnfStateChange
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • UNKNOWN
Anti Debug
  • IsDebuggerPresent
Encryption Used
  • BCryptOpenAlgorithmProvider

Trending

Most Viewed

Loading...