{"protocol":"https","settings":{"SETTING_BOF_ALLOCATOR":"HeapAlloc","SETTING_C2_CHUNK_POST":0,"SETTING_C2_POSTREQ":[["_HEADER","Content-Type: text/plain"],["_HEADER","Accept: */*"],["_HEADER","Accept-Language: zh-CN,zh;q=0.9,en;q=0.8"],["_HEADER","Accept-Encoding: gzip, deflate"],["_HEADER","Priority: u=1, i"],["BUILD","id"],["BASE64",true],["PREPEND","_ZF="],["HEADER","Cookie"],["BUILD","output"],["BASE64",true],["PRINT",true]],"SETTING_C2_RECOVER":[["print",true],["base64",true]],"SETTING_C2_REQUEST":[["_HEADER","Content-Type: text/plain"],["_HEADER","Accept: */*"],["_HEADER","Accept-Language: zh-CN,zh;q=0.9,en;q=0.8"],["_HEADER","Accept-Encoding: gzip, deflate"],["_HEADER","Priority: u=1, i"],["BUILD","metadata"],["BASE64",true],["PREPEND","_UK="],["HEADER","Cookie"]],"SETTING_C2_VERB_GET":"GET","SETTING_C2_VERB_POST":"POST","SETTING_CFG_CAUTION":0,"SETTING_CLEANUP":1,"SETTING_CRYPTO_SCHEME":0,"SETTING_DATA_STORE_SIZE":16,"SETTING_DOMAINS":"49.7.54.204,/api/v1/get","SETTING_DOMAIN_STRATEGY":0,"SETTING_DOMAIN_STRATEGY_FAIL_SECONDS":4294967295,"SETTING_DOMAIN_STRATEGY_FAIL_X":4294967295,"SETTING_DOMAIN_STRATEGY_SECONDS":4294967295,"SETTING_EXIT_FUNK":0,"SETTING_GARGLE_NOOK":1,"SETTING_GARGLE_SECTIONS":["0x2b000-0x34c21","0x35000-0x44240","0x45000-0x470fa"],"SETTING_HOST_HEADER":"","SETTING_HTTP_NO_COOKIES":1,"SETTING_JITTER":45,"SETTING_KILLDATE":0,"SETTING_MASKED_WATERMARK":"c49fe99c9f7c5a1be8bf93399b406640b7d1fe11fe3d0b6fdcba8f1bb0770b52","SETTING_MAXGET":3341464,"SETTING_MAX_RETRY_STRATEGY_ATTEMPTS":0,"SETTING_MAX_RETRY_STRATEGY_DURATION":0,"SETTING_MAX_RETRY_STRATEGY_INCREASE":0,"SETTING_PORT":8901,"SETTING_PROCINJ_ALLOCATOR":0,"SETTING_PROCINJ_BOF_REUSE_MEM":1,"SETTING_PROCINJ_EXECUTE":["CreateThread \"ntdll!RtlUserThreadStart+0x948\"","CreateThread","NtQueueApcThread_s","CreateRemoteThread","RtlCreateUserThread"],"SETTING_PROCINJ_MINALLOC":10192,"SETTING_PROCINJ_PERMS":32,"SETTING_PROCINJ_PERMS_I":4,"SETTING_PROCINJ_STUB":"e781a4479f7c5a03b2dcfe4bd436366f","SETTING_PROCINJ_TRANSFORM_X64":[["append","\u000f\u001f@"],["prepend","\u000f\u001f"]],"SETTING_PROCINJ_TRANSFORM_X86":[["append","\u000f\u001f"],["prepend","\u000f\u001fD"]],"SETTING_PROTOCOL":8,"SETTING_PROXY_BEHAVIOR":2,"SETTING_PUBKEY":"a82bca868d0b07c3ef995edbb205791dc0e6b4075bde52168a3c99b07da5a94d","SETTING_SLEEPTIME":15024,"SETTING_SMB_FRAME_HEADER":"elda","SETTING_SPAWNTO":"00000000000000000000000000000000","SETTING_SPAWNTO_X64":"%windir%\\sysnative\\rundll32.exe","SETTING_SPAWNTO_X86":"%windir%\\syswow64\\rundll32.exe","SETTING_SUBMITURI":"/api/v1/post","SETTING_SYSCALL_METHOD":0,"SETTING_TCP_FRAME_HEADER":"_rpp_QUtQs\u009fps\u0165d","SETTING_USERAGENT":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36","SETTING_WATERMARK":666666666,"SETTING_WATERMARKHASH":"Vbi/d5GsmtZldELooLqdHw=="},"trial":false,"version":"Cobalt Strike 4.9 (Sep 19, 2023)","watermark":666666666}