BeaconType - HTTPS Port - 443 SleepTime - 10000 MaxGetSize - 1398322 Jitter - 20 MaxDNS - Not Found PublicKey_MD5 - e516ca02d126b82ff30593ce45d9cba5 C2Server - 47.94.58.82,/api/v1/server/user/info UserAgent - Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.0.0 Safari/537.36 HttpPostUri - /api/v1/server/log Malleable_C2_Instructions - Remove 37 bytes from the end Remove 181 bytes from the beginning Base64 decode HttpGet_Metadata - ConstHeaders Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: same-origin Sec-Fetch-User: ?1 Referer: https://www.baidu.com/ Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9 Metadata base64 prepend "BIDUPSID=CB490622E06ED73544708FA6EC8D7149; BAIDUID=" append ":FG=1; BD_HOME=1; ZFY=mHnRy:AULlW2VAfYn8cPmgDRqCsBjVtIS4QVfeV3R1VA:C; delPer=0; BD_CK_SAM=1; PSINO=1;" header "Cookie" HttpPost_Metadata - ConstHeaders X-Client-Version: 20210803 Accept: application/json, text/plain, */* Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Referer: https://bbs.baidu.com/ Accept-Encoding: gzip, deflate SessionId mask base64url prepend "__bai_duid=FN=0:" append ":FG=1;PSSID=1_bcd567e0967f83a2f4dfeb9abbd0fd1f1667269580786" header "Cookie" Output base64 prepend "{"event_type":"load","page":01,"user_from":"web","event_name":"visited-home","log_info":"" append "","code":"116082388"}" print PipeName - Not Found DNS_Idle - Not Found DNS_Sleep - Not Found SSH_Host - Not Found SSH_Port - Not Found SSH_Username - Not Found SSH_Password_Plaintext - Not Found SSH_Password_Pubkey - Not Found SSH_Banner - HttpGet_Verb - GET HttpPost_Verb - POST HttpPostChunk - 0 Spawnto_x86 - %windir%\syswow64\dllhost.exe Spawnto_x64 - %windir%\sysnative\dllhost.exe CryptoScheme - 0 Proxy_Config - Not Found Proxy_User - Not Found Proxy_Password - Not Found Proxy_Behavior - Use IE settings Watermark_Hash - BeudtKgqnlm0Ruvf+VYxuw== Watermark - 100000 bStageCleanup - True bCFGCaution - False KillDate - 0 bProcInject_StartRWX - False bProcInject_UseRWX - False bProcInject_MinAllocSize - 17500 ProcInject_PrependAppend_x86 - b'\x90\x90' Empty ProcInject_PrependAppend_x64 - b'\x90\x90' Empty ProcInject_Execute - ntdll:RtlUserThreadStart CreateThread NtQueueApcThread-s CreateRemoteThread RtlCreateUserThread ProcInject_AllocationMethod - NtMapViewOfSection bUsesCookies - True HostHeader - headersToRemove - Not Found DNS_Beaconing - Not Found DNS_get_TypeA - Not Found DNS_get_TypeAAAA - Not Found DNS_get_TypeTXT - Not Found DNS_put_metadata - Not Found DNS_put_output - Not Found DNS_resolver - Not Found DNS_strategy - round-robin DNS_strategy_rotate_seconds - -1 DNS_strategy_fail_x - -1 DNS_strategy_fail_seconds - -1 Retry_Max_Attempts - 0 Retry_Increase_Attempts - 0 Retry_Duration - 0