Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
ReversingLabs: Detection: 44% |
Source: Submited Sample |
Integrated Neural Analysis Model: Matched 95.0% probability |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Joe Sandbox ML: detected |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: |
Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb33 source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: |
Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAE268 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,CloseHandle,CloseHandle,terminate, |
0_2_00007FF712FAE268 |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0 |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
String found in binary or memory: http://ocsp.thawte.com0 |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0 |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0( |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
String found in binary or memory: http://ts-ocsp.ws.symantec.com07 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA2AE0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF712FA2AE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAD960 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,VirtualFree,_stricmp,VirtualFree,VirtualFree,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF712FAD960 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA2AE0: NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF712FA2AE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA9330 |
0_2_00007FF712FA9330 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAE268 |
0_2_00007FF712FAE268 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA2AE0 |
0_2_00007FF712FA2AE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA3CF0 |
0_2_00007FF712FA3CF0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAD960 |
0_2_00007FF712FAD960 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA27A0 |
0_2_00007FF712FA27A0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAC3C0 |
0_2_00007FF712FAC3C0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA1800 |
0_2_00007FF712FA1800 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FACA10 |
0_2_00007FF712FACA10 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: String function: 00007FF712FA5910 appears 83 times |
|
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe, 00000000.00000000.1657624031.00007FF712FB1000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe, 00000000.00000002.1659699986.00007FF712FB1000.00000002.00000001.01000000.00000003.sdmp |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Binary or memory string: OriginalFilenameiQVW64.SYSH vs SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Binary string: Unknown exceptionbad array new lengthstring too longbad cast\\\.\Nal[-] \Device\Nal is already in use.[<] Loading vulnerable driver, Name: [-] Can't find TEMP folder[-] Failed to create vulnerable driver file[-] Failed to register and start service for the vulnerable driver[-] Failed to load driver iqvw64e.sysntoskrnl.exe[-] Failed to get ntoskrnl.exe[-] Failed to ClearPiDDBCacheTable[-] Failed to ClearKernelHashBucketList[!] Failed to ClearMmUnloadedDrivers[<] Unloading vulnerable driver[!] Error dumping shit inside the disk[+] Vul driver data destroyed before unlink[-] Failed to translate virtual address 0x[-] Failed to map IO space of 0x[!] Failed to unmap IO space of physical address 0xMmAllocatePagesForMdl[!] Failed to find MmAlocatePagesForMdlMmMapLockedPagesSpecifyCache[!] Failed to find MmMapLockedPagesSpecifyCacheMmProtectMdlSystemAddress[!] Failed to find MmProtectMdlSystemAddressMmUnmapLockedPages[!] Failed to find MmUnmapLockedPagesMmFreePagesFromMdl[!] Failed to find MmFreePagesFromMdlExAllocatePoolWithTag[!] Failed to find ExAllocatePoolExFreePool[!] Failed to find device_object[!] Failed to find driver_object[!] Failed to find driver_section[!] Failed to find driver name[!] Failed to read driver name[!] Failed to write driver name length[+] MmUnloadedDrivers Cleaned: ExAcquireResourceExclusiveLite[!] Failed to find ExAcquireResourceExclusiveLiteExReleaseResourceLite[!] Failed to find ExReleaseResourceLiteRtlDeleteElementGenericTableAvl[!] Failed to find RtlDeleteElementGenericTableAvlRtlLookupElementGenericTableAvl[!] Failed to find RtlLookupElementGenericTableAvlxxxxxx????xxxxx????xxx????xxxxx????x????xx?x |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Binary string: \Device\Nal |
Source: classification engine |
Classification label: mal56.winEXE@2/1@0/0 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6868:120:WilError_03 |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers |
Jump to behavior |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
ReversingLabs: Detection: 44% |
Source: unknown |
Process created: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe "C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe" |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: apphelp.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: msvcp140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: vcruntime140_1.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: vcruntime140.dll |
Jump to behavior |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Section loaded: kernel.appcore.dll |
Jump to behavior |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Image base 0x140000000 > 0x60000000 |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG |
Source: |
Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb33 source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: |
Binary string: C:\Users\dynam\Downloads\kdmapper-master\kdmapper-master\x64\Release\kdmapper.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: |
Binary string: c:\users\cloudbuild\337244\sdk\nal\src\winnt_wdm\driver\objfre_wnet_AMD64\amd64\iqvw64e.pdb source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata |
Source: SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA2AE0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF712FA2AE0 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
API coverage: 2.4 % |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAE268 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,GetFileInformationByHandleEx,GetLastError,CloseHandle,terminate,CloseHandle,CloseHandle,terminate, |
0_2_00007FF712FAE268 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAE6B8 GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF712FAE6B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAE6B8 GetLastError,IsDebuggerPresent,OutputDebugStringW, |
0_2_00007FF712FAE6B8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA2AE0 NtQuerySystemInformation,VirtualFree,VirtualAlloc,NtQuerySystemInformation,GetCurrentProcessId,VirtualFree,memset,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,DeviceIoControl,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,VirtualFree, |
0_2_00007FF712FA2AE0 |
Source: all processes |
Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FA9330 SetUnhandledExceptionFilter,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,_wcsicmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,__std_fs_code_page,memcmp,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A,??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn, |
0_2_00007FF712FA9330 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAF4FC SetUnhandledExceptionFilter, |
0_2_00007FF712FAF4FC |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAF350 IsProcessorFeaturePresent,memset,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter, |
0_2_00007FF712FAF350 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAEBB8 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess, |
0_2_00007FF712FAEBB8 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: GetLocaleInfoEx,FormatMessageA, |
0_2_00007FF712FADFB4 |
Source: C:\Users\user\Desktop\SecuriteInfo.com.W64.Gamehack.DF.gen.Eldorado.1858.10572.exe |
Code function: 0_2_00007FF712FAF568 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, |
0_2_00007FF712FAF568 |