Setup:
It contains 2 files, the main tool and a helper executable. Since the main tools process will appear in the log, you should replace any system-file or non-suspicious program with it. Both files have to be in the same folder.
Eg.
It contains 2 files, the main tool and a helper executable. Since the main tools process will appear in the log, you should replace any system-file or non-suspicious program with it. Both files have to be in the same folder.
Eg.
Code:
C:\Users\*\AppData\Roaming\Spotify\Spotify.exe
Make sure to get a unique SHA-256 by changing "replace_me" at the very end of the file to something random (with notepad).
Usage:
Open before starting MOSS capture and hit start.
CTRL + Shift + F8 to toggle the deadlock, a small red message on top left indicates.
About:
Since hooking BitBlt can be suspicious, I suspend the associated thread instead. Beware, that pausing it for too long may be noticeable. You can hide your cheat, toggle capture and press PrtScrn (print key) every once in a while to make up for this.
Other useful information:
right before being zipped, if you wish to do any modification to the log, after it has been created, this is the right place to hook in
VirusTotal :
Credits :
-dloc.
Usage:
Open before starting MOSS capture and hit start.
CTRL + Shift + F8 to toggle the deadlock, a small red message on top left indicates.
About:
Since hooking BitBlt can be suspicious, I suspend the associated thread instead. Beware, that pausing it for too long may be noticeable. You can hide your cheat, toggle capture and press PrtScrn (print key) every once in a while to make up for this.
Other useful information:
- as you can tell by the cookies in Filestack.jpg attachment: MOSS is sending requests to cluster014.ovh.net for timestamps and pings, you may want to block this and change your system time, if you wish to fake a match
- MOSS logs the process list only once, you can do any change to your system during capture block
- If you dont want to hide the tool as a system process, i suggest you to search this forum for hiding processes
- Screencaptures are temporary stored under
Code:C:\Users\*\AppData\Local\MOS_randomnumber.tmp
- The log is temporary stored under
Code:moss.exe_path\18467.txt
right before being zipped, if you wish to do any modification to the log, after it has been created, this is the right place to hook in
VirusTotal :
Credits :
-dloc.
