WIN32

### Technique Name: Anti-analysis via Analysis Tool Process Enumeration **Author Information**: -Nickname: Malfav.Win32 -First Name: Diyar -Last Name: Saadi -Website: malfav.gitbook.io/home -GitHub: github.com/malfav -LinkedIn: Diyar Saadi **Technique Information**: **Technique Category**:...

Technique Name: Targeted Attack via Language Detection ## Author Information - Nickname: **Malfav.Win32** - First Name: Diyar - Last Name: Saadi - Website: malfav.gitbook.io/home - LinkedIn: Diyar Saadi ## Technique...

Technique Name: Targeted Attack via Language Detection ## Author Information - Nickname: **Malfav.Win32** - First Name: Diyar - Last Name: Saadi - Website: malfav.gitbook.io/home - LinkedIn: Diyar Saadi ## Technique...

Technique Name: Targeted Attack via Language Detection Author Information : Nickname: Malfav.win32 First Name: Diyar Last Name: Saadi Email: Optional Website: https://malfav.gitbook.io/home GitHub: Optional Twitter: Optional LinkedIn: Diyar Saadi Technique...

# Technique Name: Huan Packer ## Author Information - Nickname: **Malfav.Win32** - First Name: Diyar - Last Name: Saadi - Website: malfav.gitbook.io/home - GitHub: github.com/malfav - LinkedIn: Diyar Saadi ##...

# Technique Name: Huan Packer ## Author Information - Nickname: **Malfav.Win32** - First Name: Diyar - Last Name: Saadi - Website: malfav.gitbook.io/home - GitHub: github.com/malfav - LinkedIn: Diyar Saadi ##...

# avcheck.py – Antivirus and Endpoint Detection and Response (EDR) Artifact Scanner (Volatility 3 Plugin) `avcheck.py` is a specialized **Volatility 3 plugin** designed to detect and enumerate artifacts related to...

Sandbox Checking Volatility3 Plugin

2

# sandbox_detect.py – Virtualization and Sandbox Environment Detection (Volatility 3 Plugin) `sandbox_detect.py` is a specialized **Volatility 3 plugin** designed for **post-mortem forensic analysis** of **Windows memory dumps**. Its primary goal...

# proccon.py – Process Connectivity & Visualization (Volatility 3 Plugin) `proccon.py` is a **Volatility 3 plugin** designed to provide **process visualization and relationship mapping** from a **Windows memory dump**. While...

# ***PSDiff*** ***PSDiff*** *a Volatility 3 plugin to compare process instances and detect anomalies.* This repository contains a ***Volatility 3 plugin*** that scans processes extracted from a Windows memory image,...