Threat Database Trojans Trojan.MSIL.Agent.IAC

Trojan.MSIL.Agent.IAC

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.MSIL.Agent.IAC
Signature status: No Signature

Known Samples

MD5: dba1166d103f2908ee03bed6e245a5b4
SHA1: 8501a9368041c09401e66a21a495b7f5ce9215f7
SHA256: 5183DC1BA9F210B7E8991C234F008D676DB457B2D273480A7771DA114AF569B5
File Size: 2.93 MB, 2926881 bytes
MD5: 0a6699331bcdeda5483ca13bc102a3af
SHA1: 7932266007680352bd569b147ef9f4d7fb27e399
SHA256: 04DB041A08841FEB7C42B5B7C62CF33793F992A27F5465B9BC98E8A4AAEAD09F
File Size: 196.13 KB, 196128 bytes
MD5: 444c21729858b4d37aac36eb9598de7f
SHA1: 390ac83a495800c5d0ff6af610c9bb9bb27bb8a2
SHA256: 7819CEFA8D1E056AAB001703BBE11A6106A34FD75BBE1FB507EC6E7D43C85B78
File Size: 2.93 MB, 2926840 bytes
MD5: a262c5499f299152ab5b09274a932d8b
SHA1: 3815bcdcfb5ff56768c1e7f328f3743cbaca3632
SHA256: B98D2DA5292AA463CD530478909C7F1D1963AC2E6524A0DE097B56D535DCE963
File Size: 1.58 MB, 1581600 bytes
MD5: 4c32a7fa7be3f451c91268cfc3b0b3c2
SHA1: cb3b1cbc0bc21b0f1195efbe46d7c1d2c9b87b52
SHA256: A14313337370B4B6E789CB23C5C767D04ADCE5973B0D9C3BF13210E75BAF1AD4
File Size: 536.58 KB, 536576 bytes
Show More
MD5: b55ff58e34d3be2d0249abeb713c2916
SHA1: 405fe2a6b499b9219be9124674709b0e631b0a39
SHA256: F3C89F5D6415A89CF4C90C1EFA006BAA265F6DFD5250EB02028CF08579E11EBB
File Size: 52.22 KB, 52224 bytes
MD5: 9354249fa99c85c1bd91be6068d29c2b
SHA1: b23ef628f62896f613acc48e8ac85562b6b39f8d
SHA256: C3123260EA70F560F9662B7B39444ACD7AA6BE4650464111814FC1D05CE23DB6
File Size: 5.67 MB, 5671127 bytes
MD5: 927148507cde6b2634f9fe4221248002
SHA1: b2bca28d1941a39b3ab452d6fff236ee65209c67
SHA256: A22A9B1C922A1ABDAD659540A559EB28DECE249A03A21C00D54D9EB52AFB60D6
File Size: 2.93 MB, 2926895 bytes
MD5: 2642a92b74e71fe979d1459a711de71a
SHA1: a8029384283e869a62295452801cdc8ff8e0fa7d
SHA256: 1A5EDB34F750B8877E74B4DED0AD5D826ACEC1A8B1D0903237062015E4E8D8A1
File Size: 857.12 KB, 857120 bytes
MD5: 67b6107e965a64a1102125d55d970826
SHA1: 78bd3f2998c4a475d4c6518c89fe068e1a7c3874
SHA256: 1EA4D941F3BB699AC4B7DFCED27E31DDCD68C907AC1EA2C26AE2F0BE13777038
File Size: 5.02 MB, 5022208 bytes
MD5: 56750fffd6bd41f6810fb97dff58fa53
SHA1: 3aaf811ee55cd2e4a8b74aa9dae42f3f87bb3f11
SHA256: 4382E427DAC78948FA973035320DDE5BFCB58CB835DDA3932E5F41C593BFF9FD
File Size: 1.58 MB, 1575456 bytes
MD5: 7e6ba3a03c32b66dae8194c79ef41dd8
SHA1: b3f17499097ee8dbf1cf74b55996a69fc15b22d1
SHA256: FFA6A3F4BF9A26BB056D964174A1ED58D9DD608108169F8B2BF9F97E1162572A
File Size: 3.23 MB, 3229696 bytes
MD5: 8c73cad2180515eec02223ac4fecfb58
SHA1: 193b0e5f03225f00b2fdf776a89dedf454aa4fa9
SHA256: 8468ED427E45CD4AD870292670C07700F9746DF86BC8D15A79ADDE2BD13DE1E5
File Size: 3.13 MB, 3131392 bytes
MD5: e8ebcba25093e478c032a7f90e52e244
SHA1: f2a313ff8836f5a0faaedfbc226a4fe4020a05e2
SHA256: 9B1A5FF9EC94F8540ECC5C7D31E2EC8E536E209D00BEBCCE3732414168E9D7A0
File Size: 2.93 MB, 2926896 bytes
MD5: 5f55703b5c4c5189db549dafccf948be
SHA1: faecffd2c7c82916bef6b8c033c1b13e888aa997
SHA256: A4C5B7E2193458EBE9B1781D612D385D571A4D4A9D5039BF40B8D926E82B04FD
File Size: 2.93 MB, 2926693 bytes
MD5: 242808b2aec42418ead324e123ea4b2d
SHA1: 002d3cbab6538af620874c3ec160a9649c275762
SHA256: DCF1474E97360EAC3A7E37FFB6FB56856C2F870CA6E9CAFFFAD7B0D48400327D
File Size: 2.93 MB, 2926745 bytes
MD5: 0e2614b752a06f0e58cdd7246ae07ca6
SHA1: ad9607b95d8ab3e0afbf157d98c9963fe7001d68
SHA256: BF98543473C76AF5BA232597034E4D897B9BE0BF4811F4AA98AB529F388575B4
File Size: 3.69 MB, 3687456 bytes
MD5: 55f4d7aa801aa0303ee3d2f6d0e65832
SHA1: 63ac890e69cd9d507e29c54a17426a33bea9ea0f
SHA256: 824CCD87570F348A425A4950A526DD8E8A7769AA8618EF68B0F2B94A5C39FCA4
File Size: 530.43 KB, 530432 bytes
MD5: 6bb5c6e65666c31e83167f4439d215a1
SHA1: 0554ccdd2b8ddcee6374c52b335af111f44c875f
SHA256: 7255498750055667CD9C32222E0D626953E2CDCCAF22DC9C0047E8A8E3327B08
File Size: 2.93 MB, 2926806 bytes
MD5: 1ed783669fb1623ce8256e1c46f702d5
SHA1: 8e349da08fb6b95fd609a2497970532ca08d6b21
SHA256: 9EDEA229D7FE59B31978785BEFE3726AAB6FE9923C82C7326F4AA78DE68AF86F
File Size: 2.93 MB, 2926660 bytes
MD5: f9db5389c6acdb3ae9d6b214744cd48d
SHA1: 5d439843d280f7c65967d748025df8e549e9eed3
SHA256: 4F961F4BB326334E71EB550B3BD427CD5D2A36B7CBCBE6C2E80AB7D39B3F4361
File Size: 1.55 MB, 1550880 bytes
MD5: 134ac3ea7027186a9df4f4793b17d1e2
SHA1: 14e4ce380580d6f688b1337779cd6e65ad4f6c64
SHA256: 7251C926F493E8613FC7CB8B4F027F82A3D1E8E5ED6BDC2BC39A612264B98FC3
File Size: 1.56 MB, 1563136 bytes
MD5: 7fa2a561a220af46a3a21ba0e3153a3f
SHA1: 6d8e62cbfb97e11dfafb4cdbacf200bfa03962f3
SHA256: FB5830D7683CD175E169A17A509E73F76F4EEE4AB026D6C052E94DF4050869B8
File Size: 2.93 MB, 2926846 bytes
MD5: 9ea2604a4e4c73656abdfafda530545f
SHA1: 73b89f1f67d92251981ac832885c0ef316f6cc18
SHA256: 1A55CD4C0FE1650ADA6C044801E7D710296308C7CBEBF6ED5F68695DA37AA0C2
File Size: 2.07 MB, 2065920 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have relocations information
  • File doesn't have security information
  • File is .NET application
  • File is 32-bit executable
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
Show More
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Assembly Version
  • 4.220.0.4001
  • 1.8.7.0
  • 1.0.0.0
  • 0.0.0.0
Comments
  • By BejoIjo
  • By Udayanga
Company Name
  • Atlas Remade
  • BejoIjo Corporation
  • BlueStack Systems, Inc.
  • Moler
  • UpdaterVB6
File Description
  • Atlas Remade
  • BlueStacks Android Host
  • Bypass
  • Client Server Runtime Process.exe
  • Hotlify
  • Moler
  • UltimateBackup
  • Unlock-it
  • UpdaterVB6
  • VG 5.1 Keygen
File Version
  • 4.220.0.4001
  • 1.8.7.0
  • 1.00
  • 1.0.0.0
  • 0.0.0.0
Internal Name
  • Atlas Remade.dll
  • Bypass.exe
  • Client Server Runtime Process.exe
  • Commandos.exe
  • HD-Player.exe
  • Hotlify.exe
  • Moler.dll
  • S.K unlocker.exe
  • TJprojMain
  • UltimateBackup.dll
Show More
  • UpdaterVB6.dll
  • VG 5.1 Keygen.exe
Legal Copyright
  • Copyright © 2021
  • Copyright © 2024
  • Copyright © 2025
  • Copyright © Bluestack Systems, Inc., 2011 through 2020, All Rights Reserved.
  • Moler
Legal Trademarks BejoIjo Corporation
Original Filename
  • Atlas Remade.dll
  • Bypass.exe
  • Client Server Runtime Process.exe
  • Commandos.exe
  • HD-Player.exe
  • Hotlify.exe
  • Moler.dll
  • S.K unlocker.exe
  • TJprojMain.exe
  • UltimateBackup.dll
Show More
  • UpdaterVB6.dll
  • VG 5.1 Keygen.exe
Product Name
  • Atlas Remade
  • BlueStacks
  • Bypass
  • Client Server Runtime Process.exe
  • Hotlify
  • Moler
  • Project1
  • UltimateBackup
  • Unlock-it
  • UpdaterVB6
Show More
  • VG 5.1 Keygen
Product Version
  • 4.220.0.4001
  • 1.8.7.0
  • 1.00
  • 1.0.0.0
  • 1.0.0
  • 0.0.0.0

File Traits

  • .NET
  • 00 section
  • 2+ executable sections
  • Agile.net
  • dll
  • Fody
  • Goliath
  • HighEntropy
  • NewLateBinding
  • ntdll
Show More
  • WriteProcessMemory
  • x64
  • x86

Block Information

Total Blocks: 2,296
Potentially Malicious Blocks: 1,388
Whitelisted Blocks: 161
Unknown Blocks: 747

Visual Map

x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? ? ? ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x 0 ? ? ? ? 0 0 0 ? ? ? ? 0 ? x x x 0 0 x x ? ? ? ? ? ? ? ? ? x x x x x x x x x x x x x ? ? 0 0 0 ? 0 ? ? ? 0 0 ? ? ? ? ? x x x x x x x x x x x x x x x ? x x x x x x x x x 0 ? ? ? ? ? ? ? ? ? 0 ? x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x x ? x x x x x x x x ? x x x x x x x x x ? ? 0 ? x x x 0 ? 0 ? x x x x x x ? ? x x x x ? x x 0 0 ? x ? 0 ? ? 0 ? ? ? 0 ? 0 ? ? ? x ? ? ? ? ? 0 ? ? ? ? ? ? ? x ? ? x ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 ? ? 0 ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? 0 x ? ? ? ? x 0 ? 0 ? ? ? ? 0 ? ? ? 0 x ? ? ? ? ? ? ? ? 0 ? 0 ? 0 ? ? ? ? ? x ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? x ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? x ? ? ? ? ? ? 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? 0 ? ? ? ? 0 0 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? 0 0 0 0 0 ? 0 ? ? ? ? ? ? ? ? ? ? ? ? ? 0 x ? 0 x ? ? x ? ? ? ? ? ? ? ? ? ? ? ? ? 0 ? ? ? ? ? ? ? ? ? ? ?
... Data truncated
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • MSIL.Agent.IAC

Files Modified

File Attributes
\device\namedpipe\gmdasllogger Generic Write,Read Attributes
c:\users\user\downloads\commando.exe Generic Write,Read Attributes
c:\users\user\downloads\commando.exe Synchronize,Write Attributes
c:\windows\appcompat\programs\amcache.hve Read Data,Read Control,Write Data
c:\windows\appcompat\programs\amcache.hve Write Attributes

Registry Modifications

Key::Value Data API Name
HKLM\system\software\microsoft\tip\aggregateresults::data 隞̃錁耀꧌g RegNtPreCreateKey

Windows API Usage

Category API
Other Suspicious
  • SetWindowsHookEx
User Data Access
  • GetComputerNameEx
  • GetUserDefaultLocaleName
  • GetUserObjectInformation
Anti Debug
  • CheckRemoteDebuggerPresent
  • IsDebuggerPresent
  • NtQuerySystemInformation
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAdjustPrivilegesToken
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPortEx
  • ntdll.dll!NtAlpcCreateSecurityContext
  • ntdll.dll!NtAlpcDeleteSecurityContext
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtAssociateWaitCompletionPacket
Show More
  • ntdll.dll!NtCancelTimer2
  • ntdll.dll!NtCancelWaitCompletionPacket
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtCompareSigningLevels
  • ntdll.dll!NtConnectPort
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateIoCompletion
  • ntdll.dll!NtCreateKey
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreatePrivateNamespace
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtCreateThreadEx
  • ntdll.dll!NtCreateTimer2
  • ntdll.dll!NtCreateWaitCompletionPacket
  • ntdll.dll!NtCreateWorkerFactory
  • ntdll.dll!NtDelayExecution
  • ntdll.dll!NtDeleteValueKey
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtFsControlFile
  • ntdll.dll!NtGetCachedSigningLevel
  • ntdll.dll!NtLoadKeyEx
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtNotifyChangeKey
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcess
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenSymbolicLinkObject
  • ntdll.dll!NtOpenThread
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryDebugFilterState
  • ntdll.dll!NtQueryDefaultLocale
  • ntdll.dll!NtQueryDirectoryFileEx
  • ntdll.dll!NtQueryFullAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationJobObject
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySymbolicLinkObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQuerySystemInformationEx
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReadRequestData
  • ntdll.dll!NtReadVirtualMemory
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtResumeThread
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationFile
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationThread
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtTraceEvent
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx

8 additional items are not displayed above.

Process Manipulation Evasion
  • ReadProcessMemory
Process Shell Execute
  • CreateProcess

Shell Command Execution

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\\dw20.exe dw20.exe -x -s 752

Trending

Most Viewed

Loading...