PLUGIN_EXTENSION: DhjWUNETWORK: [{u'PORT': 7777, u'DNS': u'127.0.0.1'}]ENCRY

1. PLUGIN_EXTENSION: DhjWU
2. NETWORK: [{u'PORT': 7777, u'DNS': u'127.0.0.1'}]
3. ENCRYPT_KEY: cPFjgddXIBcXBCIseEuXTZjwi
4. DELAY_INSTALL: 2
5. JAR_NAME: uiylKSALYJr
6. JAR_FOLDER: fUTkALeaTxM
7. VBOX: False
8. PLUGIN_FOLDER: DdWDtpinxpf
9. INSTALL: False
10. JAR_EXTENSION: Vybgol
11. MODULE_PATH: zS/lq/BTk.GI
12. WEBSITE_PROJECT: https://jrat.io
13. JAR_REGISTRY: WLyQyhWoosi
14. NICKNAME: User
15. JRE_FOLDER: HSIROD
16. VMWARE: False
17. DELAY_CONNECT: 2
18. PLUGIN_FOLDER: mrFrxXBkebN
19. PLUGIN_EXTENSION: rWoVJ
20. NETWORK: [{u'PORT': 3018, u'DNS': u'ooffice365.duckdns.org'}]
21. ENCRYPT_KEY: MdoVOtJjTcWvplHjQkepJQufd
22. DELAY_INSTALL: 2
23. SECURITY_TIMES: 20
24. JAR_FOLDER: WCWmTyJPHIu
25. VBOX: False
26. JAR_REGISTRY: bDDwFcYvjBy
27. DELAY_CONNECT: 2
28. INSTALL: True
29. JAR_EXTENSION: yJgyqO
30. MODULE_PATH: kIm/xR/AXT.O
31. WEBSITE_PROJECT: https://jrat.io
32. JAR_NAME: VwUhdMtyiwV
33. NICKNAME: Gado
34. SECURITY: [{u'REG': [{u'VALUE': u'"SaveZoneInformation"=dword:00000001\r\n', u'KEY': u'[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments]'}, {u'VALUE': u'"LowRiskFileTypes"=".avi;.bat;.com;.cmd;.exe;.htm;.html;.lnk;.mpg;.mpeg;.mov;.mp3;.msi;.m3u;.rar;.reg;.txt;.vbs;.wav;.zip;.jar;"\r\n', u'KEY': u'[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations]'}, {u'VALUE': u'"SaveZoneInformation"=-\r\n', u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Attachments]'}, {u'VALUE': u'"LowRiskFileTypes"=-\r\n', u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\Associations]'}], u'NAME': u'Open-File Security Warning'}, {u'REG': [{u'VALUE': u'"SEE_MASK_NOZONECHECKS"="1"\r\n', u'KEY': u'[HKEY_CURRENT_USER\\Environment]'}, {u'VALUE': u'"SEE_MASK_NOZONECHECKS"="1"\r\n', u'KEY': u'[HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\Session Manager\\Environment]'}], u'NAME': u'Disable Zone Checking'}, {u'PROCESS': [u'UserAccountControlSettings.exe'], u'REG': [{u'VALUE': u'"ConsentPromptBehaviorAdmin"=dword:00000000\r\n"ConsentPromptBehaviorUser"=dword:00000000\r\n"EnableLUA"=dword:00000000\r\n"PromptOnSecureDesktop"=dword:00000000\r\n', u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]'}], u'NAME': u'User Account Control'}, {u'PROCESS': [u'Taskmgr.exe'], u'REG': [{u'VALUE': u'"DisableTaskMgr"=dword:00000002\r\n', u'KEY': u'[HKEY_CURRENT_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System]'}], u'NAME': u'Task Manager'}, {u'REG': [{u'VALUE': u'"DisableConfig"=dword:00000001\r\n"DisableSR"=dword:00000001\r\n', u'KEY': u'[HKEY_LOCAL_MACHINE\\SOFTWARE\\Policies\\Microsoft\\Windows NT\\SystemRestore]'}], u'NAME': u'Restore System'}, {u'PROCESS': [u'ProcessHacker.exe'], u'NAME': u'Process Hacker'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'MsConfig'}, {u'PROCESS': [u'MSASCui.exe', u'MsMpEng.exe', u'MpUXSrv.exe', u'MpCmdRun.exe', u'NisSrv.exe', u'ConfigSecurityPolicy.exe'], u'NAME': u'Windows Defender'}, {u'PROCESS': [u'procexp.exe'], u'NAME': u'Process Explorer'}, {u'PROCESS': [u'wireshark.exe', u'tshark.exe', u'text2pcap.exe', u'rawshark.exe', u'mergecap.exe', u'editcap.exe', u'dumpcap.exe', u'capinfos.exe'], u'NAME': u'Wireshark'}, {u'PROCESS': [u'mbam.exe', u'mbamscheduler.exe', u'mbamservice.exe'], u'NAME': u'MalwareBytes'}, {u'PROCESS': [u'AdAwareService.exe', u'AdAwareTray.exe', u'WebCompanion.exe', u'AdAwareDesktop.exe'], u'NAME': u'Ad-Aware Antivirus'}, {u'PROCESS': [u'V3Main.exe', u'V3Svc.exe', u'V3Up.exe', u'V3SP.exe', u'V3Proxy.exe', u'V3Medic.exe'], u'NAME': u'Ahnlab V3 Internet Security 8.0'}, {u'PROCESS': [u'BgScan.exe', u'BullGuard.exe', u'BullGuardBhvScanner.exe', u'BullGuarScanner.exe', u'LittleHook.exe', u'BullGuardUpdate.exe'], u'NAME': u'Bull Guard Antivirus'}, {u'PROCESS': [u'clamscan.exe', u'ClamTray.exe', u'ClamWin.exe'], u'NAME': u'ClamWin Antivirus'}, {u'PROCESS': [u'cis.exe', u'CisTray.exe', u'cmdagent.exe', u'cavwp.exe', u'dragon_updater.exe'], u'NAME': u'COMODO Antivirus'}, {u'PROCESS': [u'MWAGENT.EXE', u'MWASER.EXE', u'CONSCTLX.EXE', u'avpmapp.exe', u'econceal.exe', u'escanmon.exe', u'escanpro.exe', u'TRAYSSER.EXE', u'TRAYICOS.EXE', u'econser.exe', u'VIEWTCP.EXE'], u'NAME': u'EScan Antivirus'}, {u'PROCESS': [u'FSHDLL64.exe', u'fsgk32.exe', u'fshoster32.exe', u'FSMA32.EXE', u'fsorsp.exe', u'fssm32.exe', u'FSM32.EXE', u'trigger.exe'], u'NAME': u'F-Secure Antivirus'}, {u'PROCESS': [u'FProtTray.exe', u'FPWin.exe', u'FPAVServer.exe'], u'NAME': u'F-PROT Antivirus'}, {u'PROCESS': [u'AVK.exe', u'GdBgInx64.exe', u'AVKProxy.exe', u'GDScan.exe', u'AVKWCtlx64.exe', u'AVKService.exe', u'AVKTray.exe', u'GDKBFltExe32.exe', u'GDSC.exe'], u'NAME': u'G DATA Antivirus'}, {u'PROCESS': [u'virusutilities.exe', u'guardxservice.exe', u'guardxkickoff_x64.exe'], u'NAME': u'IKARUS Antivirus'}, {u'PROCESS': [u'iptray.exe', u'freshclam.exe', u'freshclamwrap.exe'], u'NAME': u'Immunet Antivirus'}, {u'PROCESS': [u'K7RTScan.exe', u'K7FWSrvc.exe', u'K7PSSrvc.exe', u'K7EmlPxy.EXE', u'K7TSecurity.exe', u'K7AVScan.exe', u'K7CrvSvc.exe', u'K7SysMon.Exe', u'K7TSMain.exe', u'K7TSMngr.exe'], u'NAME': u'K7 Ultimate Antivirus'}, {u'PROCESS': [u'nanosvc.exe', u'nanoav.exe'], u'NAME': u'NANO Antivirus'}, {u'PROCESS': [u'nnf.exe', u'nvcsvc.exe', u'nbrowser.exe', u'nseupdatesvc.exe', u'nfservice.exe', u'nwscmon.exe', u'njeeves2.exe', u'nvcod.exe', u'nvoy.exe', u'zlhh.exe', u'Zlh.exe', u'nprosec.exe', u'Zanda.exe'], u'NAME': u'Norman Antivirus'}, {u'PROCESS': [u'NS.exe'], u'NAME': u'Norton Internet Security'}, {u'PROCESS': [u'acs.exe', u'op_mon.exe'], u'NAME': u'Outpost ASecurity Suite Pro'}, {u'PROCESS': [u'PSANHost.exe', u'PSUAMain.exe', u'PSUAService.exe', u'AgentSvc.exe'], u'NAME': u'Panda Antivirus'}, {u'PROCESS': [u'BDSSVC.EXE', u'EMLPROXY.EXE', u'OPSSVC.EXE', u'ONLINENT.EXE', u'QUHLPSVC.EXE', u'SAPISSVC.EXE', u'SCANNER.EXE', u'SCANWSCS.EXE', u'scproxysrv.exe', u'ScSecSvc.exe'], u'NAME': u'Quick Heal Antivirus'}, {u'PROCESS': [u'SUPERAntiSpyware.exe', u'SASCore64.exe', u'SSUpdate64.exe', u'SUPERDelete.exe', u'SASTask.exe'], u'NAME': u'SUPER Anti-Spyware'}, {u'PROCESS': [u'K7RTScan.exe', u'K7FWSrvc.exe', u'K7PSSrvc.exe', u'K7EmlPxy.EXE', u'K7TSecurity.exe', u'K7AVScan.exe', u'K7CrvSvc.exe', u'K7SysMon.Exe', u'K7TSMain.exe', u'K7TSMngr.exe'], u'NAME': u'K7 Ultimate Antivirus'}, {u'PROCESS': [u'uiWinMgr.exe', u'uiWatchDog.exe', u'uiSeAgnt.exe', u'PtWatchDog.exe', u'PtSvcHost.exe', u'PtSessionAgent.exe', u'coreFrameworkHost.exe', u'coreServiceShell.exe', u'uiUpdateTray.exe'], u'NAME': u'Trend Micro Antivirus+'}, {u'PROCESS': [u'VIPREUI.exe', u'SBAMSvc.exe', u'SBAMTray.exe', u'SBPIMSvc.exe'], u'NAME': u'VIPRE Security 2015'}, {u'PROCESS': [u'bavhm.exe', u'BavSvc.exe', u'BavTray.exe', u'Bav.exe', u'BavWebClient.exe', u'BavUpdater.exe'], u'NAME': u'Baidu Antivirus 2015'}, {u'PROCESS': [u'MCShieldCCC.exe', u'MCShieldRTM.exe', u'MCShieldDS.exe', u'MCS-Uninstall.exe'], u'NAME': u'MCShield Anti-Malware Tool'}, {u'PROCESS': [u'SDScan.exe', u'SDFSSvc.exe', u'SDWelcome.exe', u'SDTray.exe'], u'NAME': u'SPYBOT AntiMalware'}, {u'PROCESS': [u'UnThreat.exe', u'utsvc.exe'], u'NAME': u'UnThreat Antivirus'}, {u'PROCESS': [u'FortiClient.exe', u'fcappdb.exe', u'FCDBlog.exe', u'FCHelper64.exe', u'fmon.exe', u'FortiESNAC.exe', u'FortiProxy.exe', u'FortiSSLVPNdaemon.exe', u'FortiTray.exe', u'FortiFW.exe', u'FortiClient_Diagnostic_Tool.exe', u'av_task.exe'], u'NAME': u'FortiClient'}, {u'PROCESS': [u'CertReg.exe', u'FilMsg.exe', u'FilUp.exe', u'filwscc.exe', u'filwscc.exe', u'psview.exe', u'quamgr.exe', u'quamgr.exe', u'schmgr.exe', u'schmgr.exe', u'twsscan.exe', u'twssrv.exe', u'UserReg.exe'], u'NAME': u'Twister Antivirus'}]
35. VMWARE: False
36. JRE_FOLDER: rOiblg