PROCESS_NAME: FortniteClient TRAP_FRAME: ffffdc896bc39800 -- (.trap 0xffffdc896bc39800) NOTE: The trap frame does not contain all registers. Some register values may be zeroed or incorrect. rax=0000000000000011 rbx=0000000000000000 rcx=0000000000000000 ...
Different export function names: in our backdoor, the exported function is namedMainThreadwhile in all versions of theMClientvariant the export function was namedGetCPUID. Same configuration fields, but the different obfuscation used. In the later version, the configuration is ...