{"protocol":"https","settings":{"SETTING_BOF_ALLOCATOR":"VirtualAlloc","SETTING_C2_CHUNK_POST":0,"SETTING_C2_POSTREQ":[["_HEADER","Content-Type: application/x-www-form-urlencoded; charset=UTF-8"],["_HEADER","X-Requested-With: XMLHttpRequest"],["_HEADER","Referer: https://shop.10086.cn/mall_100_100.html"],["BUILD","id"],["BASE64URL",true],["PARAMETER","__formid"],["_PARAMETER","srchfrom=nRKjxzZRRxx"],["_PARAMETER","fieldname=CzLuExKl"],["_PARAMETER","searchsortid=MbzSEnB"],["BUILD","output"],["BASE64URL",true],["PREPEND","aid_=522005705&accver=1&showtype=embed&ua="],["PRINT",true]],"SETTING_C2_RECOVER":[["print",true],["append",2085],["prepend",2085],["prepend",712],["netbios",true]],"SETTING_C2_REQUEST":[["_HEADER","Accept-Encoding: gzip, deflate"],["_HEADER","Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"],["_HEADER","Upgrade-Insecure-Requests: 1"],["_HEADER","Referer: https://10086.cn/"],["BUILD","metadata"],["BASE64URL",true],["PREPEND","ANID="],["PREPEND","__Secure-3PAPISID=noskin;"],["APPEND",";CONSENT=YES+CN.zh-CN+20210917-09-0"],["HEADER","Cookie"]],"SETTING_C2_VERB_GET":"GET","SETTING_C2_VERB_POST":"POST","SETTING_CFG_CAUTION":1,"SETTING_CLEANUP":1,"SETTING_CRYPTO_SCHEME":0,"SETTING_DATA_STORE_SIZE":16,"SETTING_DOMAINS":"47.92.71.218,/mall_100_100.html","SETTING_DOMAIN_STRATEGY":0,"SETTING_DOMAIN_STRATEGY_FAIL_SECONDS":4294967295,"SETTING_DOMAIN_STRATEGY_FAIL_X":4294967295,"SETTING_DOMAIN_STRATEGY_SECONDS":4294967295,"SETTING_EXIT_FUNK":0,"SETTING_GARGLE_NOOK":1,"SETTING_GARGLE_SECTIONS":["0x32000-0x41c02","0x42000-0x53848","0x54000-0x56454","0x57000-0x57fd0"],"SETTING_HOST_HEADER":"","SETTING_HTTP_NO_COOKIES":1,"SETTING_JITTER":37,"SETTING_KILLDATE":0,"SETTING_MASKED_WATERMARK":"63f3495a38df0b2679c382569328aa3510bd5ed7599e5a524dc69e74b81fc727","SETTING_MAXGET":6148882,"SETTING_MAX_RETRY_STRATEGY_ATTEMPTS":0,"SETTING_MAX_RETRY_STRATEGY_DURATION":0,"SETTING_MAX_RETRY_STRATEGY_INCREASE":0,"SETTING_PORT":443,"SETTING_PROCINJ_ALLOCATOR":0,"SETTING_PROCINJ_BOF_REUSE_MEM":1,"SETTING_PROCINJ_EXECUTE":["CreateThread","SetThreadContext","NtQueueApcThread_s","RtlCreateUserThread","CreateRemoteThread \"kernel32.dll!LoadLibraryA+0x1000\""],"SETTING_PROCINJ_MINALLOC":18700,"SETTING_PROCINJ_PERMS":32,"SETTING_PROCINJ_PERMS_I":4,"SETTING_PROCINJ_STUB":"40ed048138df0b3e23a0ef24dc5efa1a","SETTING_PROCINJ_TRANSFORM_X64":[["append",""],["prepend",""]],"SETTING_PROCINJ_TRANSFORM_X86":[["append",""],["prepend",""]],"SETTING_PROTOCOL":8,"SETTING_PROXY_BEHAVIOR":2,"SETTING_PUBKEY":"64aacadc6832ee3b9bb3a3a567fb71382df688f6b6127843a2871b991ba7154a","SETTING_SLEEPTIME":10000,"SETTING_SMB_FRAME_HEADER":"","SETTING_SPAWNTO":"00000000000000000000000000000000","SETTING_SPAWNTO_X64":"%windir%\\sysnative\\runonce.exe","SETTING_SPAWNTO_X86":"%windir%\\syswow64\\runonce.exe","SETTING_SUBMITURI":"/ajax/recharge/recharge.json","SETTING_SYSCALL_METHOD":0,"SETTING_TCP_FRAME_HEADER":"","SETTING_USERAGENT":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4044.62 Safari/537.36","SETTING_WATERMARK":666666666,"SETTING_WATERMARKHASH":"Vbi/d5GsmtZldELooLqdHw=="},"trial":false,"version":"Cobalt Strike 4.9 (Sep 19, 2023)","watermark":666666666}