Created
September 9, 2021 19:57
-
-
Save larsborn/ed52631817027adb70a92f8fde9fc8b7 to your computer and use it in GitHub Desktop.
Config from REvil sample with SHA256 hash ab0aa003d7238940cbdf7393677f968c4a252516de7f0699cd4654abd2e7ae83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "pk": "f+7J0epYxAarNMxVR0Rb18mIdNIr5o0/Le9oxdbAeUk=", | |
| "pid": "$2a$12$QKlALWFyUOkhUAlOVB5LeuiilRPMgdL4kq9Ex9LPdBEioQWEgg09C", | |
| "sub": "8506", | |
| "dbg": false, | |
| "et": 0, | |
| "wipe": true, | |
| "wht": { | |
| "fld": [ | |
| "msocache", | |
| "windows.old", | |
| "google", | |
| "$windows.~bt", | |
| "perflogs", | |
| "application data", | |
| "boot", | |
| "tor browser", | |
| "mozilla", | |
| "program files (x86)", | |
| "programdata", | |
| "program files", | |
| "intel", | |
| "system volume information", | |
| "appdata", | |
| "$recycle.bin", | |
| "windows", | |
| "$windows.~ws" | |
| ], | |
| "fls": [ | |
| "bootsect.bak", | |
| "ntuser.ini", | |
| "thumbs.db", | |
| "desktop.ini", | |
| "boot.ini", | |
| "ntldr", | |
| "bootfont.bin", | |
| "ntuser.dat", | |
| "ntuser.dat.log", | |
| "iconcache.db", | |
| "autorun.inf" | |
| ], | |
| "ext": [ | |
| "cab", | |
| "ico", | |
| "dll", | |
| "msp", | |
| "themepack", | |
| "deskthemepack", | |
| "cur", | |
| "hlp", | |
| "spl", | |
| "ps1", | |
| "rom", | |
| "ldf", | |
| "shs", | |
| "bat", | |
| "scr", | |
| "icns", | |
| "ocx", | |
| "hta", | |
| "key", | |
| "lock", | |
| "cpl", | |
| "idx", | |
| "386", | |
| "wpx", | |
| "nomedia", | |
| "msstyles", | |
| "mod", | |
| "diagcfg", | |
| "adv", | |
| "ani", | |
| "msi", | |
| "exe", | |
| "diagcab", | |
| "rtp", | |
| "bin", | |
| "theme", | |
| "mpa", | |
| "msu", | |
| "msc", | |
| "nls", | |
| "lnk", | |
| "ics", | |
| "icl", | |
| "diagpkg", | |
| "prf", | |
| "cmd", | |
| "com", | |
| "drv", | |
| "sys" | |
| ] | |
| }, | |
| "wfld": [ | |
| "backup" | |
| ], | |
| "prc": [ | |
| "ocssd", | |
| "mydesktopqos", | |
| "msaccess", | |
| "thunderbird", | |
| "mspub", | |
| "firefox", | |
| "sqbcoreservice", | |
| "visio", | |
| "winword", | |
| "excel", | |
| "synctime", | |
| "thebat", | |
| "onenote", | |
| "tbirdconfig", | |
| "oracle", | |
| "infopath", | |
| "powerpnt", | |
| "isqlplussvc", | |
| "dbsnmp", | |
| "ocomm", | |
| "mydesktopservice", | |
| "dbeng50", | |
| "agntsvc", | |
| "encsvc", | |
| "xfssvccon", | |
| "steam", | |
| "ocautoupds", | |
| "wordpad", | |
| "sql", | |
| "outlook" | |
| ], | |
| "net": false, | |
| "svc": [ | |
| "memtas", | |
| "sophos", | |
| "svc$", | |
| "vss", | |
| "backup", | |
| "mepocs", | |
| "veeam", | |
| "sql" | |
| ], | |
| "nbody": "LQAtAC0APQA9AD0AIABXAGUAbABjAG8AbQBlAC4AIABBAGcAYQBpAG4ALgAgAD0APQA9AC0ALQAtAA0ACgANAAoAWwAtAF0AIABXAGgAYQB0AHMAIABIAGEAcABwAGUAbgA/ACAAWwAtAF0ADQAKAA0ACgBZAG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAsACAAYQBuAGQAIABjAHUAcgByAGUAbgB0AGwAeQAgAHUAbgBhAHYAYQBpAGwAYQBiAGwAZQAuACAAWQBvAHUAIABjAGEAbgAgAGMAaABlAGMAawAgAGkAdAA6ACAAYQBsAGwAIABmAGkAbABlAHMAIABvAG4AIAB5AG8AdQByACAAcwB5AHMAdABlAG0AIABoAGEAcwAgAGUAeAB0AGUAbgBzAGkAbwBuACAAewBFAFgAVAB9AC4ADQAKAEIAeQAgAHQAaABlACAAdwBhAHkALAAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABpAHMAIABwAG8AcwBzAGkAYgBsAGUAIAB0AG8AIAByAGUAYwBvAHYAZQByACAAKAByAGUAcwB0AG8AcgBlACkALAAgAGIAdQB0ACAAeQBvAHUAIABuAGUAZQBkACAAdABvACAAZgBvAGwAbABvAHcAIABvAHUAcgAgAGkAbgBzAHQAcgB1AGMAdABpAG8AbgBzAC4AIABPAHQAaABlAHIAdwBpAHMAZQAsACAAeQBvAHUAIABjAGEAbgB0ACAAcgBlAHQAdQByAG4AIAB5AG8AdQByACAAZABhAHQAYQAgACgATgBFAFYARQBSACkALgANAAoADQAKAFsALQBdACAAVwBoAGEAdAAgAGcAdQBhAHIAYQBuAHQAZQBlAHMAPwAgAFsALQBdAA0ACgANAAoASQB0AHMAIABqAHUAcwB0ACAAYQAgAGIAdQBzAGkAbgBlAHMAcwAuACAAVwBlACAAYQBiAHMAbwBsAHUAdABlAGwAeQAgAGQAbwAgAG4AbwB0ACAAYwBhAHIAZQAgAGEAYgBvAHUAdAAgAHkAbwB1ACAAYQBuAGQAIAB5AG8AdQByACAAZABlAGEAbABzACwAIABlAHgAYwBlAHAAdAAgAGcAZQB0AHQAaQBuAGcAIABiAGUAbgBlAGYAaQB0AHMALgAgAEkAZgAgAHcAZQAgAGQAbwAgAG4AbwB0ACAAZABvACAAbwB1AHIAIAB3AG8AcgBrACAAYQBuAGQAIABsAGkAYQBiAGkAbABpAHQAaQBlAHMAIAAtACAAbgBvAGIAbwBkAHkAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIAB1AHMALgAgAEkAdABzACAAbgBvAHQAIABpAG4AIABvAHUAcgAgAGkAbgB0AGUAcgBlAHMAdABzAC4ADQAKAFQAbwAgAGMAaABlAGMAawAgAHQAaABlACAAYQBiAGkAbABpAHQAeQAgAG8AZgAgAHIAZQB0AHUAcgBuAGkAbgBnACAAZgBpAGwAZQBzACwAIABZAG8AdQAgAHMAaABvAHUAbABkACAAZwBvACAAdABvACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlAC4AIABUAGgAZQByAGUAIAB5AG8AdQAgAGMAYQBuACAAZABlAGMAcgB5AHAAdAAgAG8AbgBlACAAZgBpAGwAZQAgAGYAbwByACAAZgByAGUAZQAuACAAVABoAGEAdAAgAGkAcwAgAG8AdQByACAAZwB1AGEAcgBhAG4AdABlAGUALgANAAoASQBmACAAeQBvAHUAIAB3AGkAbABsACAAbgBvAHQAIABjAG8AbwBwAGUAcgBhAHQAZQAgAHcAaQB0AGgAIABvAHUAcgAgAHMAZQByAHYAaQBjAGUAIAAtACAAZgBvAHIAIAB1AHMALAAgAGkAdABzACAAZABvAGUAcwAgAG4AbwB0ACAAbQBhAHQAdABlAHIALgAgAEIAdQB0ACAAeQBvAHUAIAB3AGkAbABsACAAbABvAHMAZQAgAHkAbwB1AHIAIAB0AGkAbQBlACAAYQBuAGQAIABkAGEAdABhACwAIABjAGEAdQBzAGUAIABqAHUAcwB0ACAAdwBlACAAaABhAHYAZQAgAHQAaABlACAAcAByAGkAdgBhAHQAZQAgAGsAZQB5AC4AIABJAG4AIABwAHIAYQBjAHQAaQBjAGUAIAAtACAAdABpAG0AZQAgAGkAcwAgAG0AdQBjAGgAIABtAG8AcgBlACAAdgBhAGwAdQBhAGIAbABlACAAdABoAGEAbgAgAG0AbwBuAGUAeQAuAA0ACgANAAoAWwArAF0AIABIAG8AdwAgAHQAbwAgAGcAZQB0ACAAYQBjAGMAZQBzAHMAIABvAG4AIAB3AGUAYgBzAGkAdABlAD8AIABbACsAXQANAAoADQAKAFUAcwBpAG4AZwAgAGEAIABUAE8AUgAgAGIAcgBvAHcAcwBlAHIAIQANAAoAIAAgADEAKQAgAEQAbwB3AG4AbABvAGEAZAAgAGEAbgBkACAAaQBuAHMAdABhAGwAbAAgAFQATwBSACAAYgByAG8AdwBzAGUAcgAgAGYAcgBvAG0AIAB0AGgAaQBzACAAcwBpAHQAZQA6ACAAaAB0AHQAcABzADoALwAvAHQAbwByAHAAcgBvAGoAZQBjAHQALgBvAHIAZwAvAA0ACgAgACAAMgApACAATwBwAGUAbgAgAG8AdQByACAAdwBlAGIAcwBpAHQAZQA6ACAAaAB0AHQAcAA6AC8ALwBhAHAAbABlAGIAegB1ADQANwB3AGcAYQB6AGEAcABkAHEAawBzADYAdgByAGMAdgA2AHoAYwBuAGoAcABwAGsAYgB4AGIAcgA2AHcAawBlAHQAZgA1ADYAbgBmADYAYQBxADIAbgBtAHkAbwB5AGQALgBvAG4AaQBvAG4ALwB7AFUASQBEAH0ADQAKAA0ACgBXAGEAcgBuAGkAbgBnADoAIABzAGUAYwBvAG4AZABhAHIAeQAgAHcAZQBiAHMAaQB0AGUAIABjAGEAbgAgAGIAZQAgAGIAbABvAGMAawBlAGQALAAgAHQAaABhAHQAcwAgAHcAaAB5ACAAZgBpAHIAcwB0ACAAdgBhAHIAaQBhAG4AdAAgAG0AdQBjAGgAIABiAGUAdAB0AGUAcgAgAGEAbgBkACAAbQBvAHIAZQAgAGEAdgBhAGkAbABhAGIAbABlAC4ADQAKAA0ACgBXAGgAZQBuACAAeQBvAHUAIABvAHAAZQBuACAAbwB1AHIAIAB3AGUAYgBzAGkAdABlACwAIABwAHUAdAAgAHQAaABlACAAZgBvAGwAbABvAHcAaQBuAGcAIABkAGEAdABhACAAaQBuACAAdABoAGUAIABpAG4AcAB1AHQAIABmAG8AcgBtADoADQAKAEsAZQB5ADoADQAKAA0ACgANAAoAewBLAEUAWQB9AA0ACgANAAoADQAKAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQAtAC0ALQANAAoADQAKACEAIQAhACAARABBAE4ARwBFAFIAIAAhACEAIQANAAoARABPAE4AJwBUACAAdAByAHkAIAB0AG8AIABjAGgAYQBuAGcAZQAgAGYAaQBsAGUAcwAgAGIAeQAgAHkAbwB1AHIAcwBlAGwAZgAsACAARABPAE4AJwBUACAAdQBzAGUAIABhAG4AeQAgAHQAaABpAHIAZAAgAHAAYQByAHQAeQAgAHMAbwBmAHQAdwBhAHIAZQAgAGYAbwByACAAcgBlAHMAdABvAHIAaQBuAGcAIAB5AG8AdQByACAAZABhAHQAYQAgAG8AcgAgAGEAbgB0AGkAdgBpAHIAdQBzACAAcwBvAGwAdQB0AGkAbwBuAHMAIAAtACAAaQB0AHMAIABtAGEAeQAgAGUAbgB0AGEAaQBsACAAZABhAG0AYQBnAGUAIABvAGYAIAB0AGgAZQAgAHAAcgBpAHYAYQB0AGUAIABrAGUAeQAgAGEAbgBkACwAIABhAHMAIAByAGUAcwB1AGwAdAAsACAAVABoAGUAIABMAG8AcwBzACAAYQBsAGwAIABkAGEAdABhAC4ADQAKACEAIQAhACAAIQAhACEAIAAhACEAIQANAAoATwBOAEUAIABNAE8AUgBFACAAVABJAE0ARQA6ACAASQB0AHMAIABpAG4AIAB5AG8AdQByACAAaQBuAHQAZQByAGUAcwB0AHMAIAB0AG8AIABnAGUAdAAgAHkAbwB1AHIAIABmAGkAbABlAHMAIABiAGEAYwBrAC4AIABGAHIAbwBtACAAbwB1AHIAIABzAGkAZABlACwAIAB3AGUAIAAoAHQAaABlACAAYgBlAHMAdAAgAHMAcABlAGMAaQBhAGwAaQBzAHQAcwApACAAbQBhAGsAZQAgAGUAdgBlAHIAeQB0AGgAaQBuAGcAIABmAG8AcgAgAHIAZQBzAHQAbwByAGkAbgBnACwAIABiAHUAdAAgAHAAbABlAGEAcwBlACAAcwBoAG8AdQBsAGQAIABuAG8AdAAgAGkAbgB0AGUAcgBmAGUAcgBlAC4ADQAKACEAIQAhACAAIQAhACEAIAAhACEAIQAAAA==", | |
| "nname": "{EXT}-readme.txt", | |
| "exp": true, | |
| "img": "QQBsAGwAIABvAGYAIAB5AG8AdQByACAAZgBpAGwAZQBzACAAYQByAGUAIABlAG4AYwByAHkAcAB0AGUAZAAhAA0ACgANAAoARgBpAG4AZAAgAHsARQBYAFQAfQAtAHIAZQBhAGQAbQBlAC4AdAB4AHQAIABhAG4AZAAgAGYAbwBsAGwAbwB3ACAAaQBuAHMAdAB1AGMAdABpAG8AbgBzAAAA", | |
| "arn": false, | |
| "rdmcnt": 0 | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment