Classic RunPE (CreateProcess, NtGetContextThread, NtUnmapViewOfSection, NtWriteVirtualMemory, NtSetContextThread, NtResumeThread) using the Hell's Gate technique to evade usermode API monitoring by dynamically executing syscalls.
Classic RunPE (CreateProcess, NtGetContextThread, NtUnmapViewOfSection, NtWriteVirtualMemory, NtSetContextThread, NtResumeThread) using the Hell's Gate technique to evade usermode API monitoring by dynamically executing syscalls.