forked from Mr-Un1k0d3r/EDRs
-
Notifications
You must be signed in to change notification settings - Fork 1
/
crowdstrike.txt
38 lines (38 loc) · 1.15 KB
/
crowdstrike.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
NtAllocateVirtualMemory is hooked
NtAllocateVirtualMemoryEx is hooked
NtDeviceIoControlFile is hooked
NtGetContextThread is hooked
NtMapViewOfSection is hooked
NtMapViewOfSectionEx is hooked
NtProtectVirtualMemory is hooked
NtQueryInformationThread is hooked
NtQueueApcThread is hooked
NtQueueApcThreadEx is hooked
NtReadVirtualMemory is hooked
NtResumeThread is hooked
NtSetContextThread is hooked
NtSetInformationProcess is hooked
NtSetInformationThread is hooked
NtSuspendThread is hooked
NtUnmapViewOfSection is hooked
NtUnmapViewOfSectionEx is hooked
NtWriteVirtualMemory is hooked
ZwAllocateVirtualMemory is hooked
ZwAllocateVirtualMemoryEx is hooked
ZwDeviceIoControlFile is hooked
ZwGetContextThread is hooked
ZwMapViewOfSection is hooked
ZwMapViewOfSectionEx is hooked
ZwProtectVirtualMemory is hooked
ZwQueryInformationThread is hooked
ZwQueueApcThread is hooked
ZwQueueApcThreadEx is hooked
ZwReadVirtualMemory is hooked
ZwResumeThread is hooked
ZwSetContextThread is hooked
ZwSetInformationProcess is hooked
ZwSetInformationThread is hooked
ZwSuspendThread is hooked
ZwUnmapViewOfSection is hooked
ZwUnmapViewOfSectionEx is hooked
ZwWriteVirtualMemory is hooked