forked from Mr-Un1k0d3r/EDRs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcarbonblack.txt
33 lines (33 loc) · 948 Bytes
/
carbonblack.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
NtAllocateVirtualMemory is hooked
NtClose is hooked
NtCreateFile is hooked
NtCreateThread is hooked
NtCreateThreadEx is hooked
NtMapViewOfSection is hooked
NtOpenProcess is hooked
NtProtectVirtualMemory is hooked
NtQueryInformationProcess is hooked
NtQuerySystemInformation is hooked
NtQueueApcThread is hooked
NtQueueApcThreadEx is hooked
NtReadVirtualMemory is hooked
NtUnmapViewOfSection is hooked
NtWriteFile is hooked
NtWriteVirtualMemory is hooked
RtlGetNativeSystemInformation is hooked
ZwAllocateVirtualMemory is hooked
ZwClose is hooked
ZwCreateFile is hooked
ZwCreateThread is hooked
ZwCreateThreadEx is hooked
ZwMapViewOfSection is hooked
ZwOpenProcess is hooked
ZwProtectVirtualMemory is hooked
ZwQueryInformationProcess is hooked
ZwQuerySystemInformation is hooked
ZwQueueApcThread is hooked
ZwQueueApcThreadEx is hooked
ZwReadVirtualMemory is hooked
ZwUnmapViewOfSection is hooked
ZwWriteFile is hooked
ZwWriteVirtualMemory is hooked