← Back to malware index
enSilo Process Doppelgänging PoC
Attributions are based on open-source threat reports. A family appearing here means at least one syscall record cites it; absence does not imply non-use.
3 syscalls cited
- NtCreateTransaction
Creates a new KTM (Kernel Transaction Manager) transaction object used to wrap NTFS operations atomically.
- NtOpenTransaction
Opens an existing KTM transaction object by name or unit-of-work GUID.
- NtRollbackTransaction
Rolls back a KTM transaction, discarding every change made under it.