- Joined
- Aug 6, 2024
- Messages
- 50
The anti-cheat writes the driver to %TEMP%, loads it, and then deletes it. The script catches it in this narrow time window, no kernel debugging or exploit needed.
they tried to hide it r make it harder with randomizing filename for whatever reason, soo we using pattern matching NEP* lolz
Sample output:
github.com
they tried to hide it r make it harder with randomizing filename for whatever reason, soo we using pattern matching NEP* lolz
Sample output:
GitHub - 0x90sh/netease-ac-dumper: ac driver is vmprotected downloaded into temp folder, loaded and deleted, this lil watchdog copies driver to cwd
ac driver is vmprotected downloaded into temp folder, loaded and deleted, this lil watchdog copies driver to cwd - 0x90sh/netease-ac-dumper
github.com
