- Joined
- Aug 6, 2024
- Messages
- 42
The anti-cheat writes the driver to %TEMP%, loads it, and then deletes it. The script catches it in this narrow time window, no kernel debugging or exploit needed.
they tried to hide it r make it harder with randomizing filename for whatever reason, soo we using pattern matching NEP* lolz
Sample output:
View attachment 1748934278054.png
github.com
they tried to hide it r make it harder with randomizing filename for whatever reason, soo we using pattern matching NEP* lolz
Sample output:
View attachment 1748934278054.png
GitHub - 0x90sh/netease-ac-dumper: ac driver is vmprotected downloaded into temp folder, loaded and deleted, this lil watchdog copies driver to cwd
ac driver is vmprotected downloaded into temp folder, loaded and deleted, this lil watchdog copies driver to cwd - 0x90sh/netease-ac-dumper
github.com
