-
-
Save morimolymoly/881fe29f65c71a39b86e983e2b91fb13 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
beacon-dump 9d2507cf867f22e1d967fcbc0f429a3dd5334ecb8561febff6813c4476c59534 | |
SETTING_PROTOCOL = 8 | |
SETTING_PORT = 443 | |
SETTING_SLEEPTIME = 730 | |
SETTING_MAXGET = 1048620 | |
SETTING_JITTER = 0 | |
SETTING_PUBKEY = 'd2c4ba9c2c526d3ec6772cb3d4edae802433c144128cef33109edcc1d234943c' | |
SETTING_DOMAINS = 'dqfkmwvib0lbb.cloudfront.net,/access/' | |
SETTING_DOMAIN_STRATEGY = 0 | |
SETTING_DOMAIN_STRATEGY_SECONDS = 4294967295 | |
SETTING_DOMAIN_STRATEGY_FAIL_X = 4294967295 | |
SETTING_DOMAIN_STRATEGY_FAIL_SECONDS = 4294967295 | |
SETTING_SPAWNTO = '69278f559aeaf2fe2141f82acfa710c6' | |
SETTING_SPAWNTO_X86 = '%windir%\\syswow64\\mstsc.exe' | |
SETTING_SPAWNTO_X64 = '%windir%\\sysnative\\mstsc.exe' | |
SETTING_CRYPTO_SCHEME = 0 | |
SETTING_C2_VERB_GET = 'GET' | |
SETTING_C2_VERB_POST = 'POST' | |
SETTING_C2_CHUNK_POST = 0 | |
SETTING_WATERMARK = 546921291 | |
SETTING_WATERMARKHASH = b'6/DUHV0yCRrJbiVTrYyJKw==' | |
SETTING_CLEANUP = 0 | |
SETTING_CFG_CAUTION = 0 | |
SETTING_MAX_RETRY_STRATEGY_ATTEMPTS = 0 | |
SETTING_MAX_RETRY_STRATEGY_INCREASE = 0 | |
SETTING_MAX_RETRY_STRATEGY_DURATION = 0 | |
SETTING_USERAGENT = 'Mozilla/5.0 (compatible, MSIE 11, Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko' | |
SETTING_SUBMITURI = '/radio/xmlrpc/v35' | |
SETTING_C2_RECOVER = [('print', True), ('prepend', 16), ('prepend', 16), ('prepend', 12)] | |
SETTING_C2_REQUEST = [('_HEADER', b'Accept: */*'), ('_HEADER', b'GetContentFeatures.DLNA.ORG: 1'), ('_HOSTHEADER', b'Host: dqfkmwvib0lbb.cloudfront.net'), ('_HEADER', b'Cookie: __utma=103813185.5771781954.4194342480.4565361437.4426752015.6;'), ('_PARAMETER', b'version=4'), ('_PARAMETER', b'lid=1835188750'), ('BUILD', 'metadata'), ('NETBIOS', True), ('PARAMETER', b'token')] | |
SETTING_C2_POSTREQ = [('_HEADER', b'Accept: */*'), ('_HEADER', b'Content-Type: text/xml'), ('_HEADER', b'X-Requested-With: XMLHttpRequest'), ('_HOSTHEADER', b'Host: dqfkmwvib0lbb.cloudfront.net'), ('BUILD', 'id'), ('PARAMETER', b'rid'), ('_PARAMETER', b'lid=2624593113'), ('_PARAMETER', b'method=getSearchRecommendations'), ('BUILD', 'output'), ('BASE64', True), ('PRINT', True)] | |
SETTING_HOST_HEADER = '' | |
SETTING_HTTP_NO_COOKIES = 1 | |
SETTING_PROXY_BEHAVIOR = 2 | |
SETTING_TCP_FRAME_HEADER = b'' | |
SETTING_SMB_FRAME_HEADER = b'' | |
SETTING_EXIT_FUNK = 0 | |
SETTING_KILLDATE = 0 | |
SETTING_GARGLE_NOOK = 0 | |
SETTING_PROCINJ_PERMS_I = 64 | |
SETTING_PROCINJ_PERMS = 64 | |
SETTING_PROCINJ_MINALLOC = 0 | |
SETTING_PROCINJ_TRANSFORM_X86 = [('append', b''), ('prepend', b'')] | |
SETTING_PROCINJ_TRANSFORM_X64 = [('append', b''), ('prepend', b'')] | |
SETTING_PROCINJ_STUB = '41e6db3cfcfa84be7cac6e42f21a22a8' | |
SETTING_PROCINJ_EXECUTE = ['CreateThread', 'SetThreadContext', 'CreateRemoteThread', 'RtlCreateUserThread'] | |
SETTING_PROCINJ_ALLOCATOR = 0 | |
SETTING_PROCINJ_ALLOWED = 1 | |
SETTING_KILLDATE_YEAR = 0 | |
SETTING_MASKED_WATERMARK = '225fc035fcfa84a62f993b30aa7c61df73be934ac9acc18b3fd53b37877d1f95' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment