Config: 1
PROTOCOL: HTTPS
PORT: 443
SLEEPTIME: 10000
MAXGET: 2801745
JITTER: 7
PUBKEY: 30819f300d06092a864886f70d010101050003818d0030818902818100950c021fafebf901d2df7cfe339c15ff8cff0cbfdcc69972be4021b37c5e2d9a491a9bde5d3f8d4e16ea41db4b2a5545e3c0e3d7e84c7d4337a676a2db7c18fd6bb6d95253e3947ef018fdfb72148c1efea94f010aa6aafd5a958794e5c118cc239f4e2653d59c8167437b3ac700398009faeca989770a56f4aea8d917e348730203010001
DOMAINS: ['d1dh1ip0i1pv81.cloudfront.net']
URIS: ['/jquery-3.3.1.min.js']
DNS_STRATEGY_ROTATE_SECONDS: 4294967295
DNS_STRATEGY_FAIL_X: 4294967295
DNS_STRATEGY_FAIL_SECONDS: 4294967295
SPAWNTO: \x80Q7z\x0c\x84\x9a\x01\x08\xbc\x0eve\xbb"Y
SPAWNTO_X86: %windir%\syswow64\svchost.exe -k netsvcs
SPAWNTO_X64: %windir%\sysnative\svchost.exe -k netsvcs
C2_VERB_GET: GET
C2_VERB_POST: POST
WATERMARK: 774235373
INJECT_OPTIONS: HziIvyzfJw7TEhPNnkp01w==
CLEANUP: 1
CFG_CAUTION: 1
USERAGENT: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0;) like Gectko
SUBMITURI: /jquery-3.3.2.min.js
C2_RECOVER: \x04\x00\x00\x00\x01\x00\x00\x05\xf2\x00\x00\x00\x02\x00\x00\x00T\x00\x00\x00\x02\x00\x00\x0f[\x00\x00\x00 \x00\x00\x00\x0f
C2_REQUEST: {'ConstHeaders': ['Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Host: d1dh1ip0i1pv81.cloudfront.net', 'Referer: http://code.jquery.com/', 'Accept-Encoding: gzip, deflate'], 'Metadata': ['base64url', 'prepend "__cfduid="', 'header "Cookie"']}
C2_POSTREQ: {'Output': ['mask', 'base64url', 'print'], 'SessionId': ['mask', 'base64url', 'parameter "__cfduid"'], 'ConstHeaders': ['Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8', 'Host: d1dh1ip0i1pv81.cloudfront.net', 'Referer: http://code.jquery.com/', 'Accept-Encoding: gzip, deflate']}
HTTP_NO_COOKIES: 1
PROXY_BEHAVIOR: IE settings
TCPFRAMEHEADER: \x05\x80
SMBFRAMEHEADER: \x05\x80
PROCINJ_PERMS_I: 4
PROCINJ_PERMS: 32
PROCINJ_MINALLOC: 17500
PROCINJ_TRANSFORM_X86: \x02\x90\x90
PROCINJ_TRANSFORM_X64: \x02\x90\x90
PROCINJ_STUB: n\xeb\xe6\xe4s\xd3P23\xaaV\xf2\xceQ\xf5\xb1
PROCINJ_EXECUTE: \x06\x00B\x00\x00\x00\x06ntdll\x00\x00\x00\x00\x13RtlUserThreadStart\x00\x01\x08\x03\x04
PROCINJ_ALLOCATOR: 1
PROCINJ_ALLOWED: 1
UNKNOWN_74: S\xfe\x88Es\xd3P*t\xe3a\xb3\xa08\xda\x894\x86\xcd\x8b\x18\x9f>Z\x18\xf04\xa2\x9c6\xc8\x8c