{"protocol":"https","settings":{"SETTING_BOF_ALLOCATOR":"VirtualAlloc","SETTING_C2_CHUNK_POST":0,"SETTING_C2_POSTREQ":[["_HEADER","Accept: text/html,application/xhtml+xml,application/xml;"],["_HOSTHEADER","Host: getbootstrap.com"],["_HEADER","Accept-Encoding: gzip, deflate"],["_HEADER","Accept-Language: zh-CN,zh;q=0.9"],["BUILD","id"],["BASE64URL",true],["PARAMETER","serve"],["BUILD","output"],["BASE64",true],["PRINT",true]],"SETTING_C2_RECOVER":[["print",true],["append",45],["append",1731],["prepend",20],["prepend",53],["prepend",44],["prepend",36],["prepend",75],["prepend",2978],["base64",true]],"SETTING_C2_REQUEST":[["_HEADER","Accept: text/html,application/xhtml+xml,application/xml;"],["_HOSTHEADER","Host: getbootstrap.com"],["_HEADER","Accept-Encoding: gzip, deflate"],["_HEADER","Accept-Language: zh-CN,zh;q=0.9"],["BUILD","metadata"],["BASE64URL",true],["PREPEND","__cfduid="],["HEADER","Cookie"]],"SETTING_C2_VERB_GET":"POST","SETTING_C2_VERB_POST":"POST","SETTING_CFG_CAUTION":1,"SETTING_CLEANUP":1,"SETTING_CRYPTO_SCHEME":0,"SETTING_DOMAINS":"audioweb.cnr.cn,/dist/css/bootstrap.min.css","SETTING_DOMAIN_STRATEGY":0,"SETTING_DOMAIN_STRATEGY_FAIL_SECONDS":4294967295,"SETTING_DOMAIN_STRATEGY_FAIL_X":4294967295,"SETTING_DOMAIN_STRATEGY_SECONDS":4294967295,"SETTING_EXIT_FUNK":0,"SETTING_GARGLE_NOOK":1,"SETTING_GARGLE_SECTIONS":["0x28000-0x31c51","0x32000-0x3e740","0x3f000-0x40f02"],"SETTING_HOST_HEADER":"Host: avsdfe.win.com.cn\r\n","SETTING_HTTP_NO_COOKIES":1,"SETTING_JITTER":37,"SETTING_KILLDATE":0,"SETTING_MASKED_WATERMARK":"272668befcfa84a60f99572ec7735399248c810fb3abe0910fcb180c937d1f95","SETTING_MAXGET":1403086,"SETTING_MAX_RETRY_STRATEGY_ATTEMPTS":0,"SETTING_MAX_RETRY_STRATEGY_DURATION":0,"SETTING_MAX_RETRY_STRATEGY_INCREASE":0,"SETTING_PORT":443,"SETTING_PROCINJ_ALLOCATOR":1,"SETTING_PROCINJ_BOF_REUSE_MEM":1,"SETTING_PROCINJ_EXECUTE":["CreateThread \"ntdll!RtlUserThreadStart\"","CreateThread","NtQueueApcThread","CreateRemoteThread","RtlCreateUserThread"],"SETTING_PROCINJ_MINALLOC":16700,"SETTING_PROCINJ_PERMS":32,"SETTING_PROCINJ_PERMS_I":64,"SETTING_PROCINJ_STUB":"41e6db3cfcfa84be7cac6e42f21a22a8","SETTING_PROCINJ_TRANSFORM_X64":[["append",""],["prepend",""]],"SETTING_PROCINJ_TRANSFORM_X86":[["append",""],["prepend",""]],"SETTING_PROTOCOL":8,"SETTING_PROXY_BEHAVIOR":2,"SETTING_PUBKEY":"dcc3fb6cf3235f2cc7fd33479538bae62876dd6b59be9d141bbabebce0464caf","SETTING_SLEEPTIME":10000,"SETTING_SMB_FRAME_HEADER":"","SETTING_SPAWNTO":"00000000000000000000000000000000","SETTING_SPAWNTO_X64":"%windir%\\sysnative\\svchost.exe -k netsvcs","SETTING_SPAWNTO_X86":"%windir%\\syswow64\\svchost.exe -k netsvcs","SETTING_SUBMITURI":"/dist/js/bootstrap.bundle.min.js","SETTING_TCP_FRAME_HEADER":"","SETTING_USERAGENT":"Mozilla/5.0 (X11; U; Linux x86_64; en-us) AppleWebKit/531.2+ (KHTML, like Gecko) Version/5.0 Safari/531.2+","SETTING_WATERMARK":391144938,"SETTING_WATERMARKHASH":"idvyUaMDKubWW4TL3iPjBw=="},"trial":false,"version":"Cobalt Strike 4.7.1 (Sep 16, 2022)","watermark":391144938}