API tools faq
paste
Advertisement
Guest User

Qakbot strings

a guest
Feb 13th, 2024
101
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.24 KB | None | 0 0
raw download clone embed print report
  1. %SystemRoot%\SysWOW64\xwizard.exe
  2. .dat
  3. kernelbase.dll
  4. WBJ_IGNORE
  5. mpr.dll
  6. %SystemRoot%\explorer.exe
  7. %SystemRoot%\System32\CertEnrollCtrl.exe
  8. https
  9. SentinelServiceHost.exe;SentinelStaticEngine.exe;SentinelAgent.exe;SentinelStaticEngineScanner.exe;SentinelUI.exe
  10. open
  11. root\SecurityCenter2
  12. %SystemRoot%\SysWOW64\SndVol.exe
  13. %u.%u.%u.%u.%u.%u.%04x
  14. 1234567890
  15. %SystemRoot%\System32\Utilman.exe
  16. snxhk_border_mywnd
  17. %SystemRoot%\SysWOW64\wextract.exe
  18. avgcsrvx.exe;avgsvcx.exe;avgcsrva.exe
  19. Win32_PhysicalMemory
  20. Caption
  21. ByteFence.exe
  22. aswhooka.dll
  23. dwengine.exe;dwarkdaemon.exe;dwwatcher.exe
  24. %SystemRoot%\SysWOW64\grpconv.exe
  25. VRTUAL;VMware;VMW;Xen
  26. SELECT * FROM AntiVirusProduct
  27. %s\%08X.dll
  28. wininet.dll
  29. avp.exe;kavtray.exe
  30. rundll32.exe
  31. Create
  32. WQL
  33. %SystemRoot%\System32\sethc.exe
  34. AvastSvc.exe;aswEngSrv.exe;aswToolsSvc.exe;afwServ.exe;aswidsagent.exe;AvastUI.exe
  35. Software\Classes
  36. vkise.exe;isesrv.exe;cmdagent.exe
  37. LastBootUpTime
  38. MS_VM_CERT;VMware;Virtual Machine
  39. Winsta0
  40. .dll
  41. Caption,Description,DeviceID,Manufacturer,Name,PNPDeviceID,Service,Status
  42. SonicWallClientProtectionService.exe;SWDash.exe
  43. t=%s time=[%02d:%02d:%02d-%02d/%02d/%d]
  44. SystemRoot
  45. CommandLine
  46. %SystemRoot%\SysWOW64\explorer.exe
  47. SOFTWARE\Wow6432Node\Microsoft AntiMalware\SpyNet
  48. %s\system32\
  49. SELECT * FROM Win32_OperatingSystem
  50. wbj.go
  51. System32
  52. CynetEPS.exe;CynetMS.exe;CynetConsole.exe
  53. C:\INTERNAL\__empty
  54. cmd.exe
  55. SOFTWARE\Microsoft\Windows\CurrentVersion\Run
  56. */*
  57. MsMpEng.exe
  58. image/pjpeg
  59. {%02X%02X%02X%02X-%02X%02X-%02X%02X-%02X%02X-%02X%02X%02X%02X%02X%02X}
  60. urlmon.dll
  61. type=0x%04X
  62. TRUE
  63. Win32_ComputerSystem
  64. %SystemRoot%\System32\backgroundTaskHost.exe
  65. ALLUSERSPROFILE
  66. .exe
  67. \\.\pipe\
  68. advapi32.dll
  69. application/x-shockwave-flash
  70. %ProgramFiles%\Windows Media Player\wmplayer.exe
  71. ntdll.dll
  72. %SystemRoot%\SysWOW64\Utilman.exe
  73. CfGetPlatformInfo
  74. userenv.dll
  75. LocalLow
  76. FALSE
  77. coreServiceShell.exe;PccNTMon.exe;NTRTScan.exe
  78. Sophos UI.exe;SophosUI.exe;SAVAdminService.exe;SavService.exe
  79. image/jpeg
  80. image/gif
  81. displayName
  82. Name
  83. Win32_PnPEntity
  84. .cfg
  85. APPDATA
  86. winsta0\default
  87. %SystemRoot%\SysWOW64\CertEnrollCtrl.exe
  88. %SystemRoot%\SysWOW64\backgroundTaskHost.exe
  89. pstorec.dll
  90. RepUx.exe
  91. aaebcdeeifghiiojklmnooupqrstuuyvwxyyaz
  92. \sf2.dll
  93. %SystemRoot%\System32\dxdiag.exe
  94. CSFalconService.exe;CSFalconContainer.exe
  95. vbs
  96. WRSA.exe
  97. crypt32.dll
  98. setupapi.dll
  99. c:\saurufdifsdudqat.sys
  100. %ProgramFiles(x86)%\Windows Media Player\wmplayer.exe
  101. netapi32.dll
  102. SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths
  103. VMware;PROD_VIRTUAL_DISK;VIRTUAL-DISK;XENSRC;20202020
  104. %SystemRoot%\System32\grpconv.exe
  105. SpyNetReporting
  106. wtsapi32.dll
  107. wpcap.dll
  108. Packages
  109. %SystemRoot%\explorer.exe
  110. regsvr32.exe
  111. aswhookx.dll
  112. Content-Type: application/x-www-form-urlencoded
  113. %SystemRoot%\SysWOW64\SearchIndexer.exe
  114. %SystemRoot%\SysWOW64\AtBroker.exe
  115. %SystemRoot%\System32\WerFault.exe
  116. SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths
  117. vmnat.exe
  118. SubmitSamplesConsent
  119. SysWOW64
  120. shell32.dll
  121. wmic process call create 'expand "%S" "%S"'
  122.  
  123. ROOT\CIMV2
  124. Win32_Product
  125. LOCALAPPDATA
  126. %SystemRoot%\SysWOW64\mobsync.exe
  127. ws2_32.dll
  128. WScript.Sleep %u
  129. Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\%coot\cimv2")
  130. Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")
  131. errReturn = objProcess.Create("%s", null, nul, nul)
  132. WSCript.Sleep 2000
  133. Set fso = CreateObject("Scripting.FileSystemObject")
  134. fso.DeleteFile("%s")
  135. bcrypt.dll
  136. SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Spynet
  137. abcdefghijklmnopqrstuvwxyz
  138. fshoster32.exe
  139. %SystemRoot%\System32\SearchIndexer.exe
  140. reg.exe ADD "HKLM\%s" /f /t %s /v "%s" /d "%s"
  141. Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\%coot\cimv2")
  142. Set objProcess = GetObject("winmgmts:root\cimv2:Win32_Process")
  143. errReturn = objProcess.Create("%s", null, nul, nul)
  144. gdi32.dll
  145. Set objWMIService = GetObject("winmgmts:" & "{impersonationLevel=impersonate}!\\.\%coot\cimv2")
  146. Set colFiles = objWMIService.ExecQuery("Select * From CIM_DataFile Where Name = '%s'")
  147. For Each objFile in colFiles
  148. objFile.Copy("%s")
  149. Next
  150. Win32_Process
  151. SELECT * FROM Win32_Processor
  152. user32.dll
  153. Win32_Bios
  154. %SystemRoot%\SysWOW64\explorer.exe
  155. MBAMService.exe;mbamgui.exe
  156. %SystemRoot%\SysWOW64\mspaint.exe
  157. frida-winjector-helper-32.exe;frida-winjector-helper-64.exe;tcpdump.exe;windump.exe;ethereal.exe;wireshark.exe;ettercap.exe;rtsniff.exe;packetcapture.exe;capturenet.exe;qak_proxy;dumpcap.exe;CFF Explorer.exe;not_rundll32.exe;ProcessHacker.exe;tcpview.exe;filemon.exe;procmon.exe;idaq64.exe;loaddll32.exe;PETools.exe;ImportREC.exe;LordPE.exe;SysInspector.exe;proc_analyzer.exe;sysAnalyzer.exe;sniff_hit.exe;joeboxcontrol.exe;joeboxserver.exe;ResourceHacker.exe;x64dbg.exe;Fiddler.exe;sniff_hit.exe;sysAnalyzer.exe;BehaviorDumper.exe;processdumperx64.exe;anti-virus.EXE;sysinfoX64.exe;sctoolswrapper.exe;sysinfoX64.exe;FakeExplorer.exe;apimonitor-x86.exe;idaq.exe;dumper64.exe;user_imitator.exe;Velociraptor.exe
  158. %SystemRoot%\System32\wextract.exe
  159. egui.exe;ekrn.exe
  160. select
  161. %SystemRoot%\System32\wermgr.exe
  162. iphlpapi.dll
  163. SOFTWARE\Microsoft\Windows Defender\SpyNet
  164. %SystemRoot%\SysWOW64\dxdiag.exe
  165. %SystemRoot%\SysWOW64\WerFault.exe
  166. %SystemRoot%\System32\AtBroker.exe
  167. %SystemRoot%\SysWOW64\sethc.exe
  168. %S.%06d
  169. c:\\
  170. S:(ML;;NW;;;LW)
  171. fmon.exe
  172. %SystemRoot%\System32\xwizard.exe
  173. cscript.exe
  174. Initializing database...
  175. xagtnotif.exe;AppUIMonitor.exe
  176. %ProgramFiles%\Internet Explorer\iexplore.exe
  177. Win32_DiskDrive
  178. aabcdeefghiijklmnoopqrstuuvwxyyz
  179. %SystemRoot%\System32\mobsync.exe
  180. %SystemRoot%\SysWOW64\wermgr.exe
  181. kernel32.dll
  182. %SystemRoot%\System32\mspaint.exe
  183. bdagent.exe;vsserv.exe;vsservppl.exe
  184. SOFTWARE\Microsoft\Microsoft AntiMalware\SpyNet
  185. Caption,Description,Vendor,Version,InstallDate,InstallSource,PackageName
  186. NTUSER.DAT
  187. ccSvcHst.exe;NortonSecurity.exe;nsWscSvc.exe
  188. from
  189. mcshield.exe
  190. %SystemRoot%\System32\SndVol.exe
  191. VMware;VMW;QEMU
  192. QEMU;VMware Pointing;VMware Accelerated;VMware SCSI;VMware SVGA;VMware Replay;VMware server memory;VirtualBox;CWSandbox;Virtual HD;QEMU;VirtIO;srootkit;vSockets;VBoxVideo;vmxnet;vmscsi;VMAUDIO;vmdebug;vm3dmp;vmrawdsk;vmx_svga;ansfltr;sbtisht;XENVIF;XENBUS;XENSRC;XENCLASS
  193. shlwapi.dll
  194. csc_ui.exe
  195. CrAmTray.exe
  196. Mozilla/5.0 (Windows NT 6.1; rv:77.0) Gecko/20100101 Firefox/77.0
  197. %ProgramFiles(x86)%\Internet Explorer\iexplore.exe
Tags: Qakbot
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!