474155611 | 2024-10-12T01:57:50.364091
22 /
tcp
SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.11
Key type: ssh-rsa
Key: AAAAB3NzaC1yc2EAAAADAQABAAABgQCxz0grX1wpvKNj0mmcXAswGaH9hhTe8ve2j/TUZg9vM4o9
ZDkxC3KdhxjcjAreqR1SXkX4G+YociQKBRLZV9mPOeotPM5z3VU0T4ZXLEbEXGDmgvYddbnTrzCx
3fDlf8+BNARye+tXKENIZN8u/GIZI6byWqDP6BHkgNsH1Nd1ryjq9lTgnNNw9zUGw2XVgruiEAKt
3NUpipTWwqj4YVSbYdBN3lF/GeLtbSWNurRlSJPI+a0af4r6IOtsHuclrzwLfO+dFATe6HTXADKB
Mwl2vZHcwgEhVwe/IpiFagwxV7bIfLo8o2yKado+alt4SS9GX54h592+EsefaJ335jdFAVSWy3VP
ijMz+WGWv3V07XoRfqZiXQ6LZuHEtVdqu+II5oAtSWRMjuWtdEcCeybsVFX93EtNYw7J3nkkKwqQ
vhK+ixxubPz/o45+HR0VbyCseHn2D6mELFvm8cuF3koT/sFBhJkaxqRad704khzkp/qPPopeoHoA
lyzwuv7xkGU=
Fingerprint: 1b:48:66:64:1b:49:00:a6:0c:05:e5:af:24:fb:3f:85
Kex Algorithms:
curve25519-sha256
curve25519-sha256@libssh.org
ecdh-sha2-nistp256
ecdh-sha2-nistp384
ecdh-sha2-nistp521
diffie-hellman-group-exchange-sha256
diffie-hellman-group16-sha512
diffie-hellman-group18-sha512
diffie-hellman-group14-sha256
kex-strict-s-v00@openssh.com
Server Host Key Algorithms:
rsa-sha2-512
rsa-sha2-256
ssh-rsa
ecdsa-sha2-nistp256
ssh-ed25519
Encryption Algorithms:
chacha20-poly1305@openssh.com
aes128-ctr
aes192-ctr
aes256-ctr
aes128-gcm@openssh.com
aes256-gcm@openssh.com
MAC Algorithms:
umac-64-etm@openssh.com
umac-128-etm@openssh.com
hmac-sha2-256-etm@openssh.com
hmac-sha2-512-etm@openssh.com
hmac-sha1-etm@openssh.com
umac-64@openssh.com
umac-128@openssh.com
hmac-sha2-256
hmac-sha2-512
hmac-sha1
Compression Algorithms:
none
zlib@openssh.com
1131412130 | 2024-10-27T21:01:11.109765
80 /
tcp
HTTP/1.1 200 OK
Content-Md5: asUgzaeATLYqcIddMaQd
Content-Type: text/html; charset=utf-8
Ohc-Cache-Hit: mIoEf
Server: JSP3/2.0.14
Set-Cookie: session=bc5bee574c944bf584610aa5b18751bd; Expires=Mon, 28 Oct 2024 21:01:11 GMT; HttpOnly
Timing-Allow-Origin: *
Date: Sun, 27 Oct 2024 21:01:11 GMT
Transfer-Encoding: chunked
-931697787 | 2024-10-14T20:43:11.539008
2323 /
tcp
-1255326477 | 2024-10-26T20:35:34.766084
4433 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Sat, 26 Oct 2024 20:35:34 GMT
Content-Length: 18
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
de:71:01:b5:59:13:62:ad
Signature Algorithm: sha512WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd
Validity
Not Before: Sep 21 07:44:29 2022 GMT
Not After : Sep 20 07:44:29 2024 GMT
Subject: C=XX, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:df:ec:e2:78:2b:7f:7c:c6:bd:fa:b1:30:d7:d6:
34:92:a5:cf:b4:a6:54:7e:8c:90:b2:20:0d:c2:eb:
5e:80:7c:e0:5e:9c:05:f1:18:4d:ff:0e:b1:aa:1f:
b6:d1:bc:28:5a:81:b7:23:c1:90:db:80:6a:fa:67:
02:29:81:70:e7:40:e2:b5:3e:a5:e5:8c:d5:be:61:
6f:e9:3b:ab:f9:08:40:dd:c1:66:69:37:38:d4:cb:
dd:59:69:02:c2:bf:56:4f:2e:e8:97:bb:1e:c7:98:
de:98:97:c4:b9:91:2b:9b:46:4c:73:3c:7d:ab:02:
14:08:73:b4:e7:2f:4b:22:01:2f:9b:72:d4:1a:8c:
8e:de:46:e7:db:b6:26:3a:68:25:83:59:0f:e5:62:
be:74:72:da:56:2e:2e:de:af:b6:a0:5c:97:f9:c9:
2c:89:24:bb:75:b5:c7:47:87:64:ba:c6:0b:04:65:
b8:8a:20:74:33:38:9f:a7:60:d8:f2:b6:7f:58:a0:
53:56:28:f9:5f:53:8d:45:4d:2d:c0:6e:3f:69:aa:
3c:19:c5:4d:d5:e4:92:29:44:04:70:8b:04:53:1e:
12:8a:e2:63:c5:6a:4f:d6:92:f4:65:61:48:c3:4f:
eb:6c:49:9d:0c:2b:d9:d2:cf:7c:2f:ac:5b:3f:4d:
1e:7a:b6:fd:08:3a:fe:bc:16:f1:8a:33:ef:68:67:
53:6d:b7:b9:05:c0:31:23:ec:b2:ea:a6:77:52:5b:
1b:db:db:c3:fa:5a:47:81:42:1d:99:29:88:38:79:
ec:26:58:1d:29:0e:28:8b:8f:43:bd:37:b9:77:01:
4b:3c:4d:16:ee:25:ce:3f:ba:55:fd:0a:a5:19:80:
04:79:55:19:21:d2:d4:19:52:9e:80:f2:95:1e:a0:
c4:58:9f:b1:7a:79:b2:7a:00:af:f8:93:db:47:e2:
57:4c:17:15:71:34:a7:f9:73:32:3a:e0:e6:48:92:
fa:b5:fa:6a:83:80:fd:69:05:75:43:45:57:92:f6:
0e:34:d8:a8:4c:9e:9f:b2:04:23:be:ad:f2:6d:c3:
b9:1c:84:e4:ab:de:f9:aa:c7:79:bd:61:fa:43:13:
dc:17:5a:20:19:fe:71:4f:db:36:02:cc:47:71:e2:
cf:17:15:b9:c7:30:4e:f5:10:db:6f:f3:08:52:4f:
41:1a:b9:6a:bf:13:10:81:07:f9:ef:26:6a:57:02:
7d:bb:4e:86:54:fd:e3:f4:fa:3c:2e:ca:f1:4f:c9:
9f:9d:1f:0c:f4:67:46:be:ca:d4:15:71:84:d8:fb:
ab:c9:21:ef:19:3a:f9:58:40:9c:ce:ef:47:15:18:
8a:df:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:3C:DB:6B:99:C9:22:16:BF:04:D8:99:CE:A7:F9:46:F4:AE:28:1B
X509v3 Authority Key Identifier:
1E:3C:DB:6B:99:C9:22:16:BF:04:D8:99:CE:A7:F9:46:F4:AE:28:1B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
b9:af:b6:57:5e:c8:20:38:cf:c2:64:fa:bb:ba:89:f8:21:f0:
fe:5d:05:b4:fd:91:78:1d:1c:32:fb:8f:b9:b7:25:7f:2d:81:
3b:a3:d9:dc:4a:3a:c0:cb:00:82:e5:92:86:7f:64:9d:aa:96:
c7:21:cc:46:32:c8:66:06:78:e9:ce:6c:b2:34:57:4b:ae:31:
d9:3a:fb:fc:4b:57:7f:c0:46:13:67:0e:9a:72:fd:65:b4:96:
bf:0d:8c:d9:45:4e:be:b6:86:21:75:48:6e:e7:0f:97:d6:b1:
30:9a:12:b9:84:3f:ed:d6:09:db:99:a0:1a:bd:f1:84:77:c0:
39:cc:38:3e:69:b7:c6:51:ef:a0:e8:dc:e6:53:76:19:aa:e3:
e1:23:9e:d3:25:fa:e0:74:8d:80:c8:58:ad:64:8d:7e:3a:db:
08:22:b1:81:ed:c0:cd:b3:30:81:24:d7:0e:97:50:77:3b:57:
c5:7a:dc:db:28:b1:fc:56:15:5f:e2:47:ee:05:de:82:0c:ac:
ef:61:32:70:bc:20:2b:73:b1:e7:0f:fa:8f:44:e2:b7:72:ba:
b9:c9:6c:5a:4f:73:08:c8:21:ca:13:6f:6d:28:0d:16:13:5d:
7b:f7:d5:f6:56:53:2c:80:a4:25:10:8c:ef:be:60:26:cd:28:
6c:84:3d:51:8e:8f:28:69:21:ae:4b:33:63:7d:44:39:a6:9f:
0c:32:ba:d5:b6:6f:8c:03:39:96:2c:ed:6b:32:d3:05:56:0b:
9d:f3:ff:f1:c1:80:d1:bd:b9:3d:33:2d:17:52:0c:dc:58:8d:
32:13:35:a5:9b:76:34:b5:1d:13:83:07:39:f7:55:d9:6a:2a:
4c:42:88:ac:ee:89:41:75:9d:92:90:8f:f2:af:e0:f9:70:de:
c0:7a:9a:51:ea:b0:3a:7b:6d:f9:da:ff:f7:3a:e3:5a:f2:7d:
f0:69:55:fe:45:ac:4f:c4:d3:18:62:69:07:59:fd:a5:ea:87:
29:93:cc:97:70:45:bd:1d:49:de:c3:af:32:3e:6b:88:5d:2e:
95:15:99:25:4d:d1:4d:07:ec:bf:0e:2c:f3:46:13:d8:4d:b1:
55:1f:8e:d1:1f:c1:1e:03:7a:20:4c:66:a0:d5:d2:dc:29:78:
82:f8:14:ef:8a:3e:85:fb:f5:15:0f:c0:02:cc:01:06:75:28:
a9:20:28:ba:8a:a5:e7:f3:e9:00:72:fc:ed:ec:c8:03:9a:f0:
e5:bf:11:01:cf:f0:a3:32:e0:4c:1e:f9:e3:31:13:60:bd:ad:
dd:6f:9c:71:0b:52:3a:4d:67:2e:ba:be:ec:1d:e3:8d:c2:63:
11:80:6d:fc:4f:5c:8a:f1
-1255326477 | 2024-10-21T07:34:56.872321
4434 /
tcp
HTTP/1.1 404 Not Found
Content-Type: text/plain
Date: Mon, 21 Oct 2024 07:34:56 GMT
Content-Length: 18
SSL Certificate
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
de:71:01:b5:59:13:62:ad
Signature Algorithm: sha512WithRSAEncryption
Issuer: C=XX, L=Default City, O=Default Company Ltd
Validity
Not Before: Sep 21 07:44:29 2022 GMT
Not After : Sep 20 07:44:29 2024 GMT
Subject: C=XX, L=Default City, O=Default Company Ltd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (4096 bit)
Modulus:
00:df:ec:e2:78:2b:7f:7c:c6:bd:fa:b1:30:d7:d6:
34:92:a5:cf:b4:a6:54:7e:8c:90:b2:20:0d:c2:eb:
5e:80:7c:e0:5e:9c:05:f1:18:4d:ff:0e:b1:aa:1f:
b6:d1:bc:28:5a:81:b7:23:c1:90:db:80:6a:fa:67:
02:29:81:70:e7:40:e2:b5:3e:a5:e5:8c:d5:be:61:
6f:e9:3b:ab:f9:08:40:dd:c1:66:69:37:38:d4:cb:
dd:59:69:02:c2:bf:56:4f:2e:e8:97:bb:1e:c7:98:
de:98:97:c4:b9:91:2b:9b:46:4c:73:3c:7d:ab:02:
14:08:73:b4:e7:2f:4b:22:01:2f:9b:72:d4:1a:8c:
8e:de:46:e7:db:b6:26:3a:68:25:83:59:0f:e5:62:
be:74:72:da:56:2e:2e:de:af:b6:a0:5c:97:f9:c9:
2c:89:24:bb:75:b5:c7:47:87:64:ba:c6:0b:04:65:
b8:8a:20:74:33:38:9f:a7:60:d8:f2:b6:7f:58:a0:
53:56:28:f9:5f:53:8d:45:4d:2d:c0:6e:3f:69:aa:
3c:19:c5:4d:d5:e4:92:29:44:04:70:8b:04:53:1e:
12:8a:e2:63:c5:6a:4f:d6:92:f4:65:61:48:c3:4f:
eb:6c:49:9d:0c:2b:d9:d2:cf:7c:2f:ac:5b:3f:4d:
1e:7a:b6:fd:08:3a:fe:bc:16:f1:8a:33:ef:68:67:
53:6d:b7:b9:05:c0:31:23:ec:b2:ea:a6:77:52:5b:
1b:db:db:c3:fa:5a:47:81:42:1d:99:29:88:38:79:
ec:26:58:1d:29:0e:28:8b:8f:43:bd:37:b9:77:01:
4b:3c:4d:16:ee:25:ce:3f:ba:55:fd:0a:a5:19:80:
04:79:55:19:21:d2:d4:19:52:9e:80:f2:95:1e:a0:
c4:58:9f:b1:7a:79:b2:7a:00:af:f8:93:db:47:e2:
57:4c:17:15:71:34:a7:f9:73:32:3a:e0:e6:48:92:
fa:b5:fa:6a:83:80:fd:69:05:75:43:45:57:92:f6:
0e:34:d8:a8:4c:9e:9f:b2:04:23:be:ad:f2:6d:c3:
b9:1c:84:e4:ab:de:f9:aa:c7:79:bd:61:fa:43:13:
dc:17:5a:20:19:fe:71:4f:db:36:02:cc:47:71:e2:
cf:17:15:b9:c7:30:4e:f5:10:db:6f:f3:08:52:4f:
41:1a:b9:6a:bf:13:10:81:07:f9:ef:26:6a:57:02:
7d:bb:4e:86:54:fd:e3:f4:fa:3c:2e:ca:f1:4f:c9:
9f:9d:1f:0c:f4:67:46:be:ca:d4:15:71:84:d8:fb:
ab:c9:21:ef:19:3a:f9:58:40:9c:ce:ef:47:15:18:
8a:df:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:3C:DB:6B:99:C9:22:16:BF:04:D8:99:CE:A7:F9:46:F4:AE:28:1B
X509v3 Authority Key Identifier:
1E:3C:DB:6B:99:C9:22:16:BF:04:D8:99:CE:A7:F9:46:F4:AE:28:1B
X509v3 Basic Constraints:
CA:TRUE
Signature Algorithm: sha512WithRSAEncryption
Signature Value:
b9:af:b6:57:5e:c8:20:38:cf:c2:64:fa:bb:ba:89:f8:21:f0:
fe:5d:05:b4:fd:91:78:1d:1c:32:fb:8f:b9:b7:25:7f:2d:81:
3b:a3:d9:dc:4a:3a:c0:cb:00:82:e5:92:86:7f:64:9d:aa:96:
c7:21:cc:46:32:c8:66:06:78:e9:ce:6c:b2:34:57:4b:ae:31:
d9:3a:fb:fc:4b:57:7f:c0:46:13:67:0e:9a:72:fd:65:b4:96:
bf:0d:8c:d9:45:4e:be:b6:86:21:75:48:6e:e7:0f:97:d6:b1:
30:9a:12:b9:84:3f:ed:d6:09:db:99:a0:1a:bd:f1:84:77:c0:
39:cc:38:3e:69:b7:c6:51:ef:a0:e8:dc:e6:53:76:19:aa:e3:
e1:23:9e:d3:25:fa:e0:74:8d:80:c8:58:ad:64:8d:7e:3a:db:
08:22:b1:81:ed:c0:cd:b3:30:81:24:d7:0e:97:50:77:3b:57:
c5:7a:dc:db:28:b1:fc:56:15:5f:e2:47:ee:05:de:82:0c:ac:
ef:61:32:70:bc:20:2b:73:b1:e7:0f:fa:8f:44:e2:b7:72:ba:
b9:c9:6c:5a:4f:73:08:c8:21:ca:13:6f:6d:28:0d:16:13:5d:
7b:f7:d5:f6:56:53:2c:80:a4:25:10:8c:ef:be:60:26:cd:28:
6c:84:3d:51:8e:8f:28:69:21:ae:4b:33:63:7d:44:39:a6:9f:
0c:32:ba:d5:b6:6f:8c:03:39:96:2c:ed:6b:32:d3:05:56:0b:
9d:f3:ff:f1:c1:80:d1:bd:b9:3d:33:2d:17:52:0c:dc:58:8d:
32:13:35:a5:9b:76:34:b5:1d:13:83:07:39:f7:55:d9:6a:2a:
4c:42:88:ac:ee:89:41:75:9d:92:90:8f:f2:af:e0:f9:70:de:
c0:7a:9a:51:ea:b0:3a:7b:6d:f9:da:ff:f7:3a:e3:5a:f2:7d:
f0:69:55:fe:45:ac:4f:c4:d3:18:62:69:07:59:fd:a5:ea:87:
29:93:cc:97:70:45:bd:1d:49:de:c3:af:32:3e:6b:88:5d:2e:
95:15:99:25:4d:d1:4d:07:ec:bf:0e:2c:f3:46:13:d8:4d:b1:
55:1f:8e:d1:1f:c1:1e:03:7a:20:4c:66:a0:d5:d2:dc:29:78:
82:f8:14:ef:8a:3e:85:fb:f5:15:0f:c0:02:cc:01:06:75:28:
a9:20:28:ba:8a:a5:e7:f3:e9:00:72:fc:ed:ec:c8:03:9a:f0:
e5:bf:11:01:cf:f0:a3:32:e0:4c:1e:f9:e3:31:13:60:bd:ad:
dd:6f:9c:71:0b:52:3a:4d:67:2e:ba:be:ec:1d:e3:8d:c2:63:
11:80:6d:fc:4f:5c:8a:f1
292979600 | 2024-10-27T02:38:06.804742
8080 /
tcp
HTTP/1.1 200 OK
Content-Md5: nrVsYplmIrjSHSruXfMV
Content-Type: text/html; charset=utf-8
Ohc-Cache-Hit: OdGgC
Server: JSP3/2.0.14
Set-Cookie: session=c637e21feb6d484b924cc0210e7d5afe; Expires=Mon, 28 Oct 2024 02:38:06 GMT; HttpOnly
Timing-Allow-Origin: *
Date: Sun, 27 Oct 2024 02:38:06 GMT
Transfer-Encoding: chunked
1863296376 | 2024-10-27T20:27:23.223206
9000 /
tcp
HTTP/1.1 200 OK
Content-Md5: QMOmuBmhZGobOgzBuYrx
Content-Type: text/html; charset=utf-8
Ohc-Cache-Hit: ChNva
Server: JSP3/2.0.14
Set-Cookie: session=739a43fb34d6413ca6dff51b8a9cbafe; Expires=Mon, 28 Oct 2024 20:27:23 GMT; HttpOnly
Timing-Allow-Origin: *
Date: Sun, 27 Oct 2024 20:27:23 GMT
Transfer-Encoding: chunked
d93
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Coremail邮件系统</title>
<link href="../common/index_cm40/login.css" rel="stylesheet" type="text/css" charset="iso-8859-1">
<link data-class="vIwBXSqxFRIXubt" rel="icon" href="data:image/ico;base64,aWNv">
<script type="text/javascript" src="../common/assets/83306/jquery/jquery-1.8.2.min.js" charset="iso-8859-1"></script>
<script type="text/javascript" src="../common/assets/login/login.js" charset="iso-8859-1"></script>
<script type="text/javascript">
var markme_msg = "请按 Ctrl+D 收藏本页";
</script>
</head>
<body>
<div class="Head">
<div class="Links">
<span id="homepage"><a class="MTLinks">设为首页</a> |</span>
<a href="javascript:bookmarkMe()">收藏本页</a> |
<a href="javascript:setCookie('locale','en_US'); window.location = location;">English</a> |
<a target="_blank" href="../help/index_zh_CN.jsp/index.html">帮助</a>
</div>
</div>
<div class="Main">
<div class="MainL">
<div class="LContent"></div>
<div class="LB"></div>
</div>
<div class="MainR">
<h3 class="Header">电子邮箱登录</h3>
<div class="Error">
<div class="NoteError"></div>
</div>
<form id="loginForm" method="post" action="/login" onsubmit="return loginSubmit(this, event);">
<table class="loginTable">
<tfoot>
<tr>
<td></td>
<td colspan="2">
<button name="action:login" type="submit" class="Button">
登录
</button>
<a href="../forgetpwd.jsp/index.html" onclick="recoverPwd(this);">
忘记密码?
</a>
</td>
</tr>
</tfoot>
<tr>
<th>用户名</th>
<td><input type="text" id="uid" name="username" class="input" value></td>
<td>
<input type="hidden" name="nodetect" value="false">
</td>
</tr>
<tr>
<th>密 码</th>
<td><input type="password" name="password" class="input" autocomplete="off" value></td>
<td> </td>
</tr>
<input type="hidden" name="locale" value="zh_CN">
<tr>
<th></th>
<td colspan="2">
<div>
<label>
<input type="checkbox" id="saveUsername" checked>
记住用户名
</label>
</div>
</td>
</tr>
</table>
</form>
</div>
<div class="footer">
<div class="link">
<a href="http://www.coremail.cn/" target="_blank">邮件系统</a>
<a href="http://www.coremail.cn/" target="_blank">邮件服务器</a>
<a href="http://www.corpease.net/" target="_blank">企业邮箱</a>
<a href="http://www.icoremail.cn/" target="_blank">企业邮箱</a>
</div>
<div class="footerBg">
<div class="copyright">
<a href="http://www.coremail.cn" target="_blank">Coremail. © Copyright 2000 - 2016 Mailtech.</a>
</div>
</div>
</div>
</div>
<script type="text/javascript">
init("uid");
</script>
</body>
</html>
0
853372109 | 2024-10-28T10:35:40.105321
9200 /
tcp
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Set-Cookie: session=72732a54fdea4175808c5c6c3776180b; Expires=Tue, 29 Oct 2024 10:35:39 GMT; HttpOnly
Date: Mon, 28 Oct 2024 10:35:39 GMT
Content-Length: 369
721470057 | 2024-10-31T01:15:25.967749
9999 /
tcp
HTTP/1.1 404 Not Found
Date: Thu, 31 Oct 2024 01:15:25 GMT
Content-Type: text/plain
Content-Length: 0
Cobalt Strike Beacon:
x86:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 47.94.168.145,/pixel.gif
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 9999
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 46246f0a825a23440e79ada893bce42c
sleeptime: 60000
useragent_header: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; NP06)
uses_cookies: 1
watermark: 987654321
x64:
beacon_type: HTTP
dns-beacon.strategy_fail_seconds: -1
dns-beacon.strategy_fail_x: -1
dns-beacon.strategy_rotate_seconds: -1
http-get.client:
Cookie
http-get.uri: 47.94.168.145,/push
http-get.verb: GET
http-post.client:
Content-Type: application/octet-stream
id
http-post.uri: /submit.php
http-post.verb: POST
maxgetsize: 1048576
port: 9999
post-ex.spawnto_x64: %windir%\sysnative\rundll32.exe
post-ex.spawnto_x86: %windir%\syswow64\rundll32.exe
process-inject.execute:
CreateThread
SetThreadContext
CreateRemoteThread
RtlCreateUserThread
process-inject.startrwx: 64
process-inject.stub: e43a1b63f09794f74d90a9889f7acb77
process-inject.userwx: 64
proxy.behavior: 2 (Use IE settings)
server.publickey_md5: 46246f0a825a23440e79ada893bce42c
sleeptime: 60000
useragent_header: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
uses_cookies: 1
watermark: 987654321
