Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Source:
- h/t @dvk01uk
- MD5: 19CD10627207BCF7F7C41EE26CBDD174
- JSON CONFIG (PRETTIFIED):
- {
- "NETWORK": [{
- "PORT": 7777,
- "DNS": "127.0.0.1"
- }, {
- "PORT": 6654,
- "DNS": "onyeka1.duckdns.org"
- }, {
- "PORT": 6654,
- "DNS": "onyeka1.duckdns.org"
- }],
- "INSTALL": true,
- "MODULE_PATH": "Wh/Dgq/BX.W",
- "PLUGIN_FOLDER": "IATxValeRFB",
- "JRE_FOLDER": "bCkJil",
- "JAR_FOLDER": "KtXRptueuIB",
- "JAR_EXTENSION": "nxPNyG",
- "ENCRYPT_KEY": "EJeExFmLFNZvwiHVZtKbquweb",
- "DELAY_INSTALL": 2,
- "NICKNAME": "User",
- "VMWARE": false,
- "PLUGIN_EXTENSION": "VNrBF",
- "WEBSITE_PROJECT": "https://jrat.io",
- "JAR_NAME": "XSZHGSWUUvB",
- "SECURITY": [{
- "REG": [{
- "VALUE": "\"DisableConfig\"=dword:00000001\r\n\"DisableSR\"=dword:00000001\r\n",
- "KEY": "[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]"
- }],
- "NAME": "Restore System"
- }, {
- "PROCESS": ["ProcessHacker.exe"],
- "NAME": "Process Hacker"
- }, {
- "PROCESS": ["MSASCui.exe", "MsMpEng.exe", "MpUXSrv.exe", "MpCmdRun.exe", "NisSrv.exe", "ConfigSecurityPolicy.exe"],
- "NAME": "Windows Defender"
- }, {
- "PROCESS": ["procexp.exe"],
- "NAME": "Process Explorer"
- }, {
- "PROCESS": ["wireshark.exe", "tshark.exe", "text2pcap.exe", "rawshark.exe", "mergecap.exe", "editcap.exe", "dumpcap.exe", "capinfos.exe"],
- "NAME": "Wireshark"
- }, {
- "PROCESS": ["mbam.exe", "mbamscheduler.exe", "mbamservice.exe"],
- "NAME": "MalwareBytes"
- }, {
- "PROCESS": ["AdAwareService.exe", "AdAwareTray.exe", "WebCompanion.exe", "AdAwareDesktop.exe"],
- "NAME": "Ad-Aware Antivirus"
- }, {
- "PROCESS": ["V3Main.exe", "V3Svc.exe", "V3Up.exe", "V3SP.exe", "V3Proxy.exe", "V3Medic.exe"],
- "NAME": "Ahnlab V3 Internet Security 8.0"
- }, {
- "PROCESS": ["BgScan.exe", "BullGuard.exe", "BullGuardBhvScanner.exe", "BullGuarScanner.exe", "LittleHook.exe", "BullGuardUpdate.exe"],
- "NAME": "Bull Guard Antivirus"
- }, {
- "PROCESS": ["clamscan.exe", "ClamTray.exe", "ClamWin.exe"],
- "NAME": "ClamWin Antivirus"
- }, {
- "PROCESS": ["cis.exe", "CisTray.exe", "cmdagent.exe", "cavwp.exe", "dragon_updater.exe"],
- "NAME": "COMODO Antivirus"
- }, {
- "PROCESS": ["MWAGENT.EXE", "MWASER.EXE", "CONSCTLX.EXE", "avpmapp.exe", "econceal.exe", "escanmon.exe", "escanpro.exe", "TRAYSSER.EXE", "TRAYICOS.EXE", "econser.exe", "VIEWTCP.EXE"],
- "NAME": "EScan Antivirus"
- }, {
- "PROCESS": ["FSHDLL64.exe", "fsgk32.exe", "fshoster32.exe", "FSMA32.EXE", "fsorsp.exe", "fssm32.exe", "FSM32.EXE", "trigger.exe"],
- "NAME": "F-Secure Antivirus"
- }, {
- "PROCESS": ["FProtTray.exe", "FPWin.exe", "FPAVServer.exe"],
- "NAME": "F-PROT Antivirus"
- }, {
- "PROCESS": ["AVK.exe", "GdBgInx64.exe", "AVKProxy.exe", "GDScan.exe", "AVKWCtlx64.exe", "AVKService.exe", "AVKTray.exe", "GDKBFltExe32.exe", "GDSC.exe"],
- "NAME": "G DATA Antivirus"
- }, {
- "PROCESS": ["virusutilities.exe", "guardxservice.exe", "guardxkickoff_x64.exe"],
- "NAME": "IKARUS Antivirus"
- }, {
- "PROCESS": ["iptray.exe", "freshclam.exe", "freshclamwrap.exe"],
- "NAME": "Immunet Antivirus"
- }, {
- "PROCESS": ["K7RTScan.exe", "K7FWSrvc.exe", "K7PSSrvc.exe", "K7EmlPxy.EXE", "K7TSecurity.exe", "K7AVScan.exe", "K7CrvSvc.exe", "K7SysMon.Exe", "K7TSMain.exe", "K7TSMngr.exe"],
- "NAME": "K7 Ultimate Antivirus"
- }, {
- "PROCESS": ["nanosvc.exe", "nanoav.exe"],
- "NAME": "NANO Antivirus"
- }, {
- "PROCESS": ["nnf.exe", "nvcsvc.exe", "nbrowser.exe", "nseupdatesvc.exe", "nfservice.exe", "nwscmon.exe", "njeeves2.exe", "nvcod.exe", "nvoy.exe", "zlhh.exe", "Zlh.exe", "nprosec.exe", "Zanda.exe"],
- "NAME": "Norman Antivirus"
- }, {
- "PROCESS": ["NS.exe"],
- "NAME": "Norton Internet Security"
- }, {
- "PROCESS": ["acs.exe", "op_mon.exe"],
- "NAME": "Outpost ASecurity Suite Pro"
- }, {
- "PROCESS": ["PSANHost.exe", "PSUAMain.exe", "PSUAService.exe", "AgentSvc.exe"],
- "NAME": "Panda Antivirus"
- }, {
- "PROCESS": ["BDSSVC.EXE", "EMLPROXY.EXE", "OPSSVC.EXE", "ONLINENT.EXE", "QUHLPSVC.EXE", "SAPISSVC.EXE", "SCANNER.EXE", "SCANWSCS.EXE", "scproxysrv.exe", "ScSecSvc.exe"],
- "NAME": "Quick Heal Antivirus"
- }, {
- "PROCESS": ["SUPERAntiSpyware.exe", "SASCore64.exe", "SSUpdate64.exe", "SUPERDelete.exe", "SASTask.exe"],
- "NAME": "SUPER Anti-Spyware"
- }, {
- "PROCESS": ["K7RTScan.exe", "K7FWSrvc.exe", "K7PSSrvc.exe", "K7EmlPxy.EXE", "K7TSecurity.exe", "K7AVScan.exe", "K7CrvSvc.exe", "K7SysMon.Exe", "K7TSMain.exe", "K7TSMngr.exe"],
- "NAME": "K7 Ultimate Antivirus"
- }, {
- "PROCESS": ["uiWinMgr.exe", "uiWatchDog.exe", "uiSeAgnt.exe", "PtWatchDog.exe", "PtSvcHost.exe", "PtSessionAgent.exe", "coreFrameworkHost.exe", "coreServiceShell.exe", "uiUpdateTray.exe"],
- "NAME": "Trend Micro Antivirus+"
- }, {
- "PROCESS": ["VIPREUI.exe", "SBAMSvc.exe", "SBAMTray.exe", "SBPIMSvc.exe"],
- "NAME": "VIPRE Security 2015"
- }, {
- "PROCESS": ["bavhm.exe", "BavSvc.exe", "BavTray.exe", "Bav.exe", "BavWebClient.exe", "BavUpdater.exe"],
- "NAME": "Baidu Antivirus 2015"
- }, {
- "PROCESS": ["MCShieldCCC.exe", "MCShieldRTM.exe", "MCShieldDS.exe", "MCS-Uninstall.exe"],
- "NAME": "MCShield Anti-Malware Tool"
- }, {
- "PROCESS": ["SDScan.exe", "SDFSSvc.exe", "SDWelcome.exe", "SDTray.exe"],
- "NAME": "SPYBOT AntiMalware"
- }, {
- "PROCESS": ["UnThreat.exe", "utsvc.exe"],
- "NAME": "UnThreat Antivirus"
- }, {
- "PROCESS": ["FortiClient.exe", "fcappdb.exe", "FCDBlog.exe", "FCHelper64.exe", "fmon.exe", "FortiESNAC.exe", "FortiProxy.exe", "FortiSSLVPNdaemon.exe", "FortiTray.exe", "FortiFW.exe", "FortiClient_Diagnostic_Tool.exe", "av_task.exe"],
- "NAME": "FortiClient"
- }, {
- "PROCESS": ["CertReg.exe", "FilMsg.exe", "FilUp.exe", "filwscc.exe", "filwscc.exe", "psview.exe", "quamgr.exe", "quamgr.exe", "schmgr.exe", "schmgr.exe", "twsscan.exe", "twssrv.exe", "UserReg.exe"],
- "NAME": "Twister Antivirus"
- }],
- "JAR_REGISTRY": "bJnYSNphoio",
- "DELAY_CONNECT": 2,
- "SECURITY_TIMES": 20,
- "VBOX": false
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement