Last active
December 23, 2017 07:50
-
-
Save lolp1/e9d172b27cfeb275892d82462c0c49a8 to your computer and use it in GitHub Desktop.
debug logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
[Debug] -> STAGE ONE STARTING | |
[Debug]Loader.exe] -> AntiDebugTrap traps #1 and #2 enabled and set on a timer, first elapsed event passed. | |
[Debug]Loader.exe] -> Wow-64.exe was open. Killing the process and reloading it in its suspended state. | |
[Debug]Loader.exe] -> Preparing the download of loader.dll using a newly generated name for the file obtained using a simple AES tool. | |
[Debug]Loader.exe] -> Downloading the new loader.dll URL obtained by extracting info from a meta-data file restricted from non-local server assets. completed, meta-data stored in memory for later use. | |
[Debug]Loader.exe] -> Download of randomized named loader.dll completed, using the existing meta-data stored in memory to grab its URL it was downloaded from. Loader.dll loaded into process. | |
[Debug] -> STAGE ONE COMPLETE, STAGE TWO STARTING | |
[Debug]Loader.dll] -> AntiDebugTrap traps #1 and #2 and their timer disabled, methods #3 and #4 are set on a timer, first elapsed event passed. | |
[Debug]Loader.dll] -> WowNet.Domain.dll checking users credential's are valid before grabbing files.. passed. | |
[Debug]Loader.dll] -> WowNet.Domain.dll name randomized using meta-data stored in memory prior to stage two. | |
[Debug]Loader.dll] -> WowNet.Domain.dll downloading the encrypted WowNet.dll file ... download complete. | |
[Debug]Loader.dll] -> WowNet.Domain.dll is decrypting WowNet.dll ... decryption complete. | |
[Debug]Loader.dll] -> Decrypted DLL headers stripped,and split into sections so the entry is not so large to look suspect. | |
[Debug]Loader.dll] -> Decrypted DLL loaded complete. | |
[Debug] -> STAGE ONE COMPLETE, STAGE TWO COMPLETE, FINAL STAGE STARTED. | |
[Debug]WowNet.dll] -> AntiDebugTrap traps #3 and #4 and their timer disabled, methods #5 and #6 and at random #7 is enabled, #5 and #6 are set on a timer, first elapsed event passed. | |
[Debug]WowNet.dll] -> Users security token for SSO is cached in several locations, and a session is creeated and if one existed already if the sections tokens do not match old one is killed and data report made. | |
[Debug]WowNet.dll] -> Heart-beat started, session valid checking started, waiting for the real Wow-64.exe window to spawn. | |
[Debug]WowNet.dll] -> Basic warden report cache requested before loading core.. no new matches. | |
[Debug]WowNet.dll] -> Core loaded. | |
[Debug]WowNet.dll] -> Enabled. | |
[Debug]WowNet.dll] -> User closed WowNet.UI, max time allowed to save settings or clean up is ~2000 before the process must be killed. | |
[Debug]WowNet.dll] -> Settings-Saved=true SSO-Session-Killed=true, Disabled=true, Core-Disabled=true, Wow-64.exe terminated in 872 Milliseconds after WM_DESTROY was intercepted. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment