{"Anti-Debugging":{"CheckRemoteDebuggerPresent":{"description":"CheckRemoteDebuggerPresent is used to check if a debugger is being used. This function is commonly used by malware for anti-debugging techniques.","dll":"Kernel32.dll"},"CountClipboardFormats":{"description":"CountClipboardFormats is used to determine whether victim's clipboard was empty. A kind of Anti-debugging technique to determine if the system could be a sandbox.","dll":"User32.dll"},"CreateToolhelp32Snapshot":{"description":"CreateToolhelp32Snapshot is used to enumerate processes, threads, and modules. This function is commonly used by malware to enumerate processes before process injection.","dll":"Kernel32.dll"},"ExitWindowsEx":{"description":"ExitWindowsEx is used to log off an interactive user, shuts down the system, or shuts down and restarts the system. This function is commonly used by malware as an anti-debugging technique.","dll":"User32.dll"},"FindWindowA":{"description":"FindWindowA is used to get a handle to the top-level window whose class name and window name match the specified strings. This function is commonly used by malware as an anti-debugging technique.","dll":"User32.dll"},"FindWindowExA":{"description":"FindWindowExA is used to get a handle to the top-level window whose class name and window name match the specified strings. This function is commonly used by malware as an anti-debugging technique.","dll":"User32.dll"},"GetComputerNameA":{"description":"GetComputerNameA is used to retrieve the computer name. This is commonly used by malware for anti-debugging purposes.","dll":"Kernel32.dll"},"GetForegroundWindow":{"description":"GetForegroundWindow is used to get a handle to the foreground window (the window with which the user is currently working). This function is commonly used by keyloggers and spyware to determine which window is being utilized at the moment by the user.","dll":"User32.dll"},"GetLogicalProcessorInformation":{"description":"GetLogicalProcessorInformation is used to retrieve information about logical processors and related hardware. The function is used by malware for anti-debugging purposes.","dll":"Kernel32.dll"},"GetLogicalProcessorInformationEx":{"description":"GetLogicalProcessorInformationEx is used to retrieve information about logical processors and related hardware. The function is used by malware for anti-debugging purposes.","dll":"Kernel32.dll"},"GetNativeSystemInfo":{"description":"GetNativeSystemInfo is used to retrieve information about the current system to an application running under WOW64. If the function is called from a 64-bit application, or on a 64-bit system that does not have an Intel64 or x64 processor (such as ARM64), it is equivalent to the GetSystemInfo function.","dll":"Kernel32.dll"},"GetSystemTime":{"description":"GetSystemTime is used to retrieve the current system date and time in Coordinated Universal Time (UTC) format. This function is commonly used by malware for anti-debugging.","dll":"Kernel32.dll"},"GetSystemTimeAsFileTime":{"description":"Retrieves the current system date and time. The information is in Coordinated Universal Time (UTC) format. This function is commonly used by malware for anti-debugging.","dll":"Kernel32.dll"},"GetTickCount":{"description":"GetTickCount is used to retrieve the number of milliseconds since bootup. This function is used by malware for anti-debugging purposes.","dll":"Kernel32.dll"},"GetTickCount64":{"description":"GetTickCount64 is used to retrieve the number of milliseconds that have elapsed since the system was started. This function is used by malware for anti-debugging purposes by checking how long the system uptime is.","dll":"Kernel32.dll"},"GetUserNameA":{"description":"GetUserNameA is used to retrieve the username associated with the current thread. This function is used by malware for anti-debugging purposes.","dll":"Advapi32.dll"},"IsDebuggerPresent":{"description":"IsDebuggerPresent is used to determine whether the calling process is being debugged by a user-mode debugger.","dll":"Kernel32.dll"},"NtQueryInformationProcess":{"d
