Necurs botnet - Locky and Trickbot

Trickbot - group_tag - mac1
http://ambrogiauto.com/9hciunery8g
http://autoecoleathena.com/9hciunery8g
http://autoecoleboisdesroches.com/9hciunery8g
http://autoecole-jeanpierre.com/9hciunery8g
http://camerawind.com/9hciunery8g
http://conlin-boats.com/9hciunery8g
http://feng-lian.com.tw/9hciunery8g
http://flooringforyou.co.uk/9hciunery8g
http://fls-portal.co.uk/9hciunery8g
http://fmarson.com/9hciunery8g
http://freevillemusic.com/9hciunery8g
http://geeks-online.de/9hciunery8g
http://givensplace.com/9hciunery8g
http://jakuboweb.com/9hciunery8g
http://jaysonmorrison.com/9hciunery8g
http://melting-potes.com/9hciunery8g
http://patrickreeves.com/9hciunery8g
https://www.virustotal.com/#/file/01e771dc6cf9572eac3d87120d7a7d1ff95fdc1499b668c7fde2919e0f685256/detection

Locky
http://americanbulldogradio.com/LUYTbjnrf
http://anarakdesert.com/LUYTbjnrf
http://asnsport-bg.com/LUYTbjnrf
http://astilleroscotnsa.com/LUYTbjnrf
http://atlantarecyclingcenters.com/LUYTbjnrf
http://augustinechua.com/LUYTbjnrf
http://classactionlawsuitnewscenter.com/LUYTbjnrf
http://davidstephensbanjo.com/LUYTbjnrf
http://essenza.co.id/LUYTbjnrf
http://evlilikpsikolojisi.com/LUYTbjnrf
http://e-westchesterpropertytax.com/LUYTbjnrf
http://felicesfiestas.com.mx/LUYTbjnrf
http://financeforautos.com/LUYTbjnrf
http://fincasoroel.es/LUYTbjnrf
http://kailanisilks.com/LUYTbjnrf
http://mediatrendsistem.com/LUYTbjnrf
http://modaintensa.com/LUYTbjnrf
http://mtblanc-let.co.uk/LUYTbjnrf
http://plumanns.com/LUYTbjnrf
https://www.virustotal.com/#/file/4a4491a5daa0b8c0d4e694601cbb860e0e069356b83e2f6ea215be758f533f1e/detection

Locky with different hash
http://poemsan.info/p66/d8743fgh
https://www.virustotal.com/#/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/detection

Ran the script and it is installing Locky in AU because geeks-online URL is not responding. Therefore, based on script countries GB, UK, AU, BE, IE and LU are targeted with Trickbot and if that doesn't work it will infect with ransomware.