Emotet Malware IoCs 2019/04/16

## Emotet Malware Document links/IOCs for 04/16/19 as of 04/16/19 23:45 EDT ##
*Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.


#### Epoch 1 Document/Downloader links seen for 04/16/19 ####
```

http://111.231.208.47/wp-content/legale/sich/042019/
http://114.115.215.99/wp-includes/tHdBe-n24INYYDYum1o5_UsEjMHqQ-oPZ/
http://118.24.109.236/wp-includes/service/Frage/2019-04/
http://118.89.215.166/wp-includes/FWXPX-Wbs0n4vg7BSVRIl_fIGpiUUE-E9X/
http://12pm.strannayaskazka.ru/wp-content/support/nachpr/04-2019/
http://2000miles.com.ph/wp-admin/fsRga-ubglWNKaMxgorZ_VokosKuH-F3/
http://203.114.116.37/@Recycle/aPbom-eRHTcCOEDyldhTr_KZGLMbbgF-ZW4/
http://211.159.168.108/wp-content/RNrmi-yNHYU7yc5Jx3QW_sQMFhzJVm-aV/
http://2190123.com/wp-admin/OizK-3Cvi4TuLwTgsym_NBQNZmZZN-V3W/
http://3gksa.com/temp/QETSl-DwPf9vIpCD4Zt9_YabEBkAw-9p/
http://47.104.205.183/wp-content/support/Frage/2019-04/
http://4stroy.by/wp-content/legale/sichern/04-2019/
http://59.162.181.92/dtswork/SywX-mfyQrz76739bY7_nBkULVxfv-AZ/
http://94.191.48.164/hf9tasw/legale/Frage/04-2019/
http://acosalpha.com.br/wp-content/CrAZk-0p2sw5v0xGiSL6y_BRmGfpDv-1tp/
http://acosalpha.com.br/wp-content/HVlrK-YjMMwFdMjflj551_sGpgChvNO-T0/
http://acteon.com.ar/awstatsicons/support/vertrauen/04-2019/
http://aeg-engineering.co.th/wp-admin/CiGcE-QF7DO5on3hENzJ_JnlVuITp-F4/
http://aegweb.nd.co.th/wp-content/YmbpR-rvBN97MHQzkSto9_WHwlPvhIS-7n/
http://agencjat3.pl/js/support/Frage/04-2019/
http://airmaxx.rs/nulvt-xbrcbp-yfcpetgo/JpJnr-uhtpNfSm7FIC4fv_KwsKWkdt-LV/
http://aktifsporaletleri.com/assess/IJmNz-bCTFQLVf0QNNitK_TErwruBb-ew/
http://algocalls.com/wp/fncQE-2VTOn9K51QtK1pJ_CMDgzsIuh-AJ/
http://alkautharpulaupinang.com/wp-admin/QTap-Beba9ItNYGFEKX_mmEcVlBvo-MME/
http://alpinaemlak.com/wp-contents/legale/Frage/2019-04/
http://anja.nu/1_oq/kxIz-Ib4sIxgeM2KkNc_tTkmJZkNL-aNR/
http://antislash.fr/includes/facelift/cache/WfYH-5W1SG5HNE1a7l8_BDimffNXO-8W/
http://apptecsa.com/img/RLkh-HHrK07SEhl5Lwvb_dTeyiEOa-io/
http://aptechaviation.co.in/wp-content/rFam-5o1sutP38qh2lmS_gvwlDVRkv-MN2/
http://arhipropub.ro/lib/Ctgh-b0HU1EXfMt4qpeV_UIziVOjTd-vUv/
http://arpa.gr/wp-admin/cKVy-gJgyHHKL47fcBLq_AsJCAObOb-si1/
http://arr.sbs-app.com/wp-content/plugins/AufrZ-3d2MPzZNeF1lta_mvdvQLBCq-zUW/
http://artificialfish.com.ar/lXpeo-EPNWYjrxjNfOmEU_XwBuyNFy-nCG/LQevn-OfI8vDFJamANj0_ndzoObJuI-LYX/
http://audihd.be/amerika/nfOA-U6WbFE4ZHTtCVl_EWMJUEvib-UC/
http://aupa.xyz/hJPug-2q3uyQ3NsqIgkO_tdeRPHsz-fF/LFMHn-ahjFYJyAachPMB_HbiKNnMM-kv/
http://avartan.com.np/wp-content/nSiP-lPz4Ba9lCYBtoP_RIrEEfodO-rGr/
http://azedizayn.com/26192RX/UNCjL-F30XVLAMNm7WKxF_vnlAfNlaP-Zs/
http://bangtan.az/yarishma/MQeMi-xsoaiPqjhJ6gnT_PdtoEwiX-izr/
http://bayboratek.com/28032019yedek/support/Frage/04-2019/
http://bccsolution.co.id/hxzXK/xXxXP-rgosU2FgVhJBhAR_BXOCYgiW-DAs/
http://beirut-online.net/portal/WVuC-sX7MKdsMmR1UEi_RqkBCjlS-jO/
http://beljan.com/images/taIpd-M9m1LXlGugMTw4_gZPmwCSNl-mzK/
http://beysel.com/XaaK-IZWqrsbyAmxS9X_yHrjsjhEj-a3/jnZaB-n17TwfUqcQSGhx_BRQbaPEY-gP4/
http://biederman.net/clients/nachrichten/Frage/04-2019/
http://biomedis.lt/yowwk4j/ofrb-hs39vEQdT6C7xw_UjLdOVrz-H2X/
http://biztechmgt.com/mailer/ZsEt-fQHCJjvLrqZfcBA_rurTbFYHh-jq/
http://bk18.vn/homemap/hzhGc-gM7b4WeYZKv8Vm_cFNddfSSN-kA/
http://blacklotus.mx/wp-content/EghvY-V4XYlmfS5OvBsS_OvjvHKrfk-oh/
http://blogbuild.online/wp-includes/JhgN-hevULL6R9QfXzkx_CLyyVvVq-cI/
http://bluesw2014.synology.me/@eaDir/Februar2019/privacypolicy/service/sich/042019/
http://boccia.hu/wp-admin/tBMJ-zdLwvmdytswYu9C_CxjakNYCQ-tx/
http://booyamedia.com/img/ANvce-Qi9gMrACuJlZC5_ZTKCfQbyw-Wso/
http://borggini.com/pages/PBGLd-VVp0GlXyo7c7WJL_NrqrqrPz-9bM/
http://borsodbos.hu/kavicsospart/service/Frage/042019/
http://bosungtw.co.kr/wp-includes/XfaL-lipBTOv5T5Egiv8_jEpYXwXx-KH/
http://broderiehelene.com/19528537155ae9aab2b8507/Uwis-5UM0vvk9dtdFWV_sxnUYhFgp-Ka6/
http://brutalfish.sk/dropbox/nnRtP-wDUOk2fhYjJpIMC_udTPKKan-cyq/
http://bryanlowe.co.nz/blog/service/Frage/201904/
http://buybywe.com/awstats-icon/PnRzj-C6c74P5o6PdyEhh_ZfjhvhJqM-8K/
http://byworks.com/wp-includes/support/Frage/042019/
http://c1k-fin.world/wp-content/HUCE-JvaxRONYUxURe1c_NIrsdami-UVy/
http://camilanjadoel.com/wp/nachrichten/Nachprufung/201904/
http://careplusone.co.kr/contents/JGZqg-A1lcIYzsYQQUVXh_StnfTQpt-7g/
http://careplusone.co.kr/contents/RtvK-RRQ2qhP8cDh5UH_XtwELxoU-mfV/
http://cargacontrol.com.co/doc/gKQX-j2EYBnMl0G0iTn_yTbjQzoU-Hcc/
http://cars24.org.in/wordpress/ipJZh-EmPVrbuoG9VBQ5_hAkvKxDK-Lw/
http://casasdepasyterrenos.mx/wp-admin/ugqkf-Wt2Aqi7PnqmpRn_XjZMWVRZ-JQ5/
http://cases.digitalgroup.com.br/buildcaixaseguradora/nachrichten/nachpr/2019-04/
http://cdn.zecast.com/multichannel/upload/record/triW-bRAawCS1CjLbTXk_sgIcnjme-t4/
http://celumania.cl/wp-content/legale/Frage/2019-04/
http://central-cars.net/8tseuc5/ehXe-y0mD0cICKp2H0Y_NzwGBSIou-jX/
http://cfarchitecture.be/cgi-bin/VBeow-kiyYIYdXbEuJyW_EuqcpqKw-ZoE/
http://charleswitt.com/tmp/nachrichten/Nachprufung/201904/
http://chedea.eu/IQwK-H3ozxvddE7COI2_JSFxHwyu-e6/service/nachpr/042019/
http://chemditi.com/cgi-bin/cvyWT-cQzoGEFS1i5SAEk_pNRGthOb-HHe/
http://cheocchiali.com/wp-includes/RcGrn-1Dltdq0NXm0P8CW_tdIIyHnUO-hP/
http://chigusa-yukiko.com/blog/nachrichten/nachpr/201904/
http://chunbuzx.com/wp-includes/legale/Frage/DE/04-2019/
http://ckingdom.church/wp/support/nachpr/042019/
http://classify.club/wp-content/CHnK-1RYdumWLD6mIRDY_iyGfrhOUU-pZ/
http://cleverdecor.com.vn/wp-includes/nachrichten/Frage/04-2019/
http://clickdeal.us/globalink.cl/mRybF-KrrwlJSlSLtngv_DEAKNpcjm-IR6/
http://closhlab.com/FTP/TYTN-RFCbRIhH7IDRpX_OmElHcJyj-CCO/
http://cnews.me/wp-content/QSpdL-kfn5WhaQW8VI3e_PqkiitPN-nCx/
http://coccorese.com/ole/eflT-wtuBPxUAhx5PBj_DJSYqFVLd-xt/
http://colemagee.com/movie/lbLgh-OIS0L9NI5EBSDab_VxErEZHJ-msX/
http://constancia.mx/xptbaqu/lmQWl-ssYv7qw3U4fzyX4_mgbVbRGN-YTD/
http://construccionesrm.com.ar/EN_en/flOJH-grM4JEWx83XHdZ9_blpjrzYlv-Ju/
http://crowdgusher.com/wp-includes/iLPUc-nYBNh7pREXSETH_YgDRDBRnM-FDE/
http://csnserver.com/blog/support/sich/04-2019/
http://ctm-catalogo.it/cgi-bin/KdvcV-64SQxY1rnOCtK7_unkRZWqe-vDc/
http://cupartner.pl/izabela.gil/JrhYj-q2M6V3veMKHibY_MdQlmmzJ-eL/
http://cuviko.com/wp-content/uploads/ZaFfw-nEKu76phjoySkI2_OboYPciD-iH/
http://cybermedia.fi/jussi/iRLp-aNDYjcgtFExS7Po_IcnYcprC-izn/
http://cyzic.co.kr/widgets/nachrichten/nachpr/2019-04/
http://dafnefahur.com/wp-includes/mnbo-se9tOQpopFeqyRx_vWVJdPOGa-fnP/
http://daidangauto.vn/html/NnXAV-OCXnHvDg6KcPQ1_WcfNRLwy-JMt/
http://daidangauto.vn/html/OIjK-Iz20zAqMfn9yGNO_lkJfgKNo-Z1p/
http://danel-sioud.co.il/wp-content/gfDq-d06qowC5tFRx12p_ypIkRGOaE-ZJ/
http://datatechis.com/dis4/legale/sich/2019-04/
http://datos.com.tw/logssite/twdUw-ZEng7DCSH0SncbD_NnjrrigSY-Fs/
http://denmaytre.vn/wp-content/support/sichern/201904/
http://depot7.com/aflinks/dMGj-tfqqkWYADzka8Py_ATzCwymsj-jzS/
http://diskominfo.sibolgakota.go.id/wp-content/pPXB-GqEMJIBuTTKdaY2_dIxoBAoN-D6/
http://dominodm.com/zugx/PwkOQ-3mimKvjn6OESNk_FDKBWYtX-fL/
http://downinthecountry.com/logsite/nachrichten/sichern/04-2019/
http://dptcosmetic.com.vn/zy6xstp/THfhE-ZmsHGRMIHx9NOR_iksdlGai-xSW/
http://dracos.fr/Scripts/support/sichern/042019/
http://duwon.net/wpp-app/wZLWp-0GUXrHyAhiqGhzp_rEvLWKXCb-zhR/
http://ecomerchandise.se/wp-content/NvgD-PIIFrB0fp4hKNYb_NCjgXNoJP-CAk/
http://ecube.com.mx/js/support/sichern/042019/
http://edandtrish.com/blue/NNCLM-tI2BcEf08eqb67A_xpTqnxRE-gq/
http://edb.tk.krakow.pl/cgi-bin/GTrK-hooezAkh89QbSA_xfIflPds-4R5/
http://ejder.com.tr/iuLYqpe6E/vqFwP-wYXkiPqk3fM7xd0_WixxuPxUN-L8k/
http://elizabethkarr.com/Directing_files/DLzWx-BJMxMjpEJ4bKKb_QqEtPiyrE-vu/
http://enkoproducts.com/wp-includes/VzZg-uIdWop1jP9RgxdJ_SUuyFHBY-enX/
http://erica.id.au/scripts_index/nachrichten/vertrauen/04-2019/
http://escaliersgebeniste.ca/files/NzZlf-ujolILlFwLOZYR_WoLzjloLA-VOO/
http://espacerezo.fr/wp-content/languages/UhzK-a6FaGmyXgdadOYO_vUDQlwNyX-YHH/
http://estasporviajar.com/afiliados/zevQ-C2yBs0knTcOLH87_fTcmkRKB-UUs/
http://eugroup.dk/bal-billeder/Hewl-9WlFocQKEHqnSq_VpsojWtEt-bd2/
http://famillerama.fr/roundcube/vendor/pear-pear.php.net/zPTm-kDKcdGXQwK5PpG_vyBRoHxgs-0W/
http://feryalalbastaki.com/kukuvno/QUJpJ-g5m9DSLem4Ytf7a_xlMBVzCCH-lvf/
http://firatlarmobilya.com/bootstrap-3.3.7/tKTfH-Ue81XneTaV2MhY_VzShPryoj-Ov/
http://fishingbigstore.com/addons/YFIS-Sxlnf7bcFMUJ83w_chuuqPaZg-LF6/
http://fisiocenter.al/wp-includes/LoZFk-9OeJHiR3y5mzo9_dVAOQrKN-lL/
http://fitnesstrener-jozef.eu/0vta8ll/nachrichten/Frage/2019-04/
http://fondtomafound.org/wvvw/yDoT-UAN4bOGsmYfz0p_ciEkcoOv-qI/
http://further.tv/trust.myaccount.docs.biz/eXhB-60ZbPQ9R1wEFZJ_qSemhqdFO-coA/
http://gamemechanics.com/dbtest/nachrichten/sichern/201904/
http://gameslotmesin.com/wp-content/RsrI-KEuG75gLzIEOXO9_ZbHpIJKB-YYl/
http://gammadesign.vn/wp-admin/IXXx-Kg4aaaHE5JpvjF_ELUKsLLxg-5Ax/
http://gardellimotors.ca/agora/KqPLy-qaKQMP7h1vLeA97_PNiVYUkL-OGO/
http://gayquytuthien.club/wp-admin/woMqG-IuzjCSYAPw5eq0_dntGysnY-kh/
http://gazeta-sarysu.kz/wp-includes/aQbK-isyTp0cNxIsRrw_GHibCaCT-QH/
http://giaydepthanhdat.com/wp-admin/tuTI-VElHz7B59xwB8Ms_mJzfSIyac-4o/
http://gilsanbus.com/wp-includes/service/Nachprufung/2019-04/
http://givehopeahand.org/cgi-bin/SuYEp-z6eEl7VtnnrP9o_yzweYZTLX-AZ7/
http://gloveresources.com/wp-admin/MEJb-u0yqzrVkr4GmHas_vyoZDRZaL-At/
http://gmtheme.com/srp/EDtnt-34NtZclo6WvfMv_jtIuSmUiL-9zY/
http://gohair.xyz/wordpress/LtJue-VOMPhrEmttZaTqR_qRRlqGsHS-QY7/
http://gohair.xyz/wordpress/nbFw-Lk37bUDHTeGoCT_KGRPzJYG-FbK/
http://goudappel.org/errors/wJZQ-UnClr5s8krOmBI_GcZNoZqdt-nwA/
http://haek.net/admin/UQsY-OBk4e8Mv7ZK1Xv_MfmKYLTD-gMv/
http://hagebakken.no/loggers/gRJJ-xg1iWjHRI8N2XBC_zXLCbfDL-zC/
http://hakimov.uz/wp-admin/ynwfK-L3xJhotHzPUVwXb_qWUGckfV-PQ/
http://halaamer.com/sfiq/QmwA-c9iqwiZk5nnGD9O_OJTCwKmIj-1u/
http://hanbags.co.id/layouts/support/sichern/201904/
http://hangqiang.net/wp-content/dvCB-Ajfc5unbva2sYC_NcgaEzif-p8p/
http://healthwiseonline.com.au/wp-admin/legale/Nachprufung/04-2019/
http://himatika.mipa.uns.ac.id/wp-content/legale/nachpr/042019/
http://hookahcateringboston.com/nkbedcy/NerSa-DHQaeMn8t2RO6Z_QbJPJzJhx-sl/
http://hostcenter.ir/wp-content/tvONy-6vQA4F3INu7hoZR_neRosPTke-kqP/
http://huhaitao.top/wp-admin/dkVm-ip7TVDtWvCKYWrJ_KqzsdIaEw-TSd/
http://hurdlerstudios.com/wp-admin/pcyM-5IDShWiC1ooeHz_GLXFFZHr-8ja/
http://husainrahim.com/v1/support/sichern/04-2019/
http://hybridseed.co.nz/error_documents/legale/sich/04-2019/
http://hyundailongbien.hanoi.vn/wp-includes/nachrichten/vertrauen/042019/
http://ianalbinson.com/wp/xlCc-Yp6dCc6JiBuKcGm_oJZbRMMH-qT/
http://ichikawa.net/wvvccw/service/Nachprufung/04-2019/
http://i-genre.com/wp-admin/bWJif-EA8MQXAUQdVlq0R_qxYoHfpe-i0X/
http://iluzhions.com/wvvw/KhRh-FDNc5vdb4SRmFlT_hxXWSEqO-7A6/
http://imaginativelearning.co.uk/files/themes/css/legale/sichern/04-2019/
http://inbeon.com/sites/rIfro-Rdth5BVNLFD4zg0_THVaarAce-Ck/
http://infoteccomputadores.com/bin/support/nachpr/201904/
http://ione.sk/isotope/legale/Frage/04-2019/
http://irbf.com/baytest2/BkrIC-YuoUdZKuK9KgbZZ_AZfqPinE-5vV/
http://irismal.com/ecsmFileTransfer/WDHsx-gOd3VMzQxFAGxM_bPxcLneZ-brf/
http://janetjuullarsen.dk/ydcb7-9ftb6-beob/service/Nachprufung/042019/
http://javiersandin.com/wp-admin/wGPZB-jCMcpU94JcsKFmY_EHqydiRU-gK/
http://javis.mauwebsitedep.com/wp-admin/WgXZ-QkiuFxvdK4Lugk_KfNeAlAN-LHz/
http://jbmshows.com/wp-includes/hKCw-jcL7m3lamEozRp_jeGJEDNTh-stk/
http://jenthornton.co.uk/wp-includes/support/vertrauen/04-2019/
http://jetride.org/wp-content/zLykJ-ETE7liAemnpIGW_qgDQuEJLY-Ye8/
http://jmseguros.com/loggers/DtUR-fXqncQtdNTxNxo_DZrDiJMh-AL3/
http://johansensolutions.com/travel/RZZBC-Tzl82yfhREm5kdU_BoydTsBq-uDj/
http://johnstranovsky.com/96t8b-z2ns7-galcijo/support/vertrauen/04-2019/
http://jorgeolivares.cl/correo/service/vertrauen/2019-04/
http://jpmtech.com/css/Quyp-BkOnm98g2JtMzgI_JdazxKbI-QF/
http://justbathrooms.net/cgi-bin/UObEl-WROmPmdBNlEKepm_AKvvGAmvG-3Jq/
http://jvalert.com/wp-content/LjEp-LcQ2QssLQtDjBBo_QPDbmccSQ-8x/
http://jycingenieria.cl/images/LQCOi-yRwKgcB2cnlGlow_BKGOUNJD-5kz/
http://karakhan.eu/wordpress/legale/Frage/2019-04/
http://kensou110.jp/wp/wp-content/uploads/dYjfa-ZlXoaL6dU8PifLk_TXnDYHXI-gj/
http://ketanggungan.desabrebes.id/hhpdoejk5/YgyL-qE8cLQ3jbDAfxNt_HcCMVjAs-Q6/
http://kingsidedesign.com/blog/nachrichten/sichern/04-2019/
http://kivikoski.dk/IRS/XEeEY-HwrpTRnQ5M5AQL0_BKuzQnxN-Ek/
http://klonsms.com/wp-admin/IaNzl-48QInWkULuXENK9_zhUILMMZv-62P/
http://kokintravel.com.vn/wp-content/uploads/iCZj-soRWBMcBlXlQSUJ_VHTAPNhTb-R03/
http://ksafety.it/awstats-icon/nTggn-V6UkwPFNife541Q_VzRUNhOF-Ee/
http://kuhncoppersolutions.com/cgi-bin/tkeln-1T4cGcDfdgxtYB_HYtNvNIrP-E1/
http://lacave.com.mx/wp-admin/YJSO-tIxK8smf2bwizze_DqsNPUaC-Mr/
http://lalunenoire.net/loggers/NWPPQ-ckAhy6bFB5DjIsB_prGFIyXH-jj1/
http://lammaixep.com/wp-admin/gVnL-EnJ7SsedwF2MZf_oIHMqpyS-Fl3/
http://lemynbeauty.com/cuzm/BLjp-DQxBRBQE9kSQlR_KGGHaVUAh-kh/
http://leodruker.com/wp-admin/xKfP-5eMKI4xoz2U3MkK_yUBiNodJ-Av/
http://lexusinternational.com/wp-admin/kUDf-piJ44G8hVpa1Ck_QUbGGVyAs-rK/
http://liaocaoyang.cn/wp-includes/IDFn-90CQpSIS2vsS7gn_XetbGCazi-CT/
http://luacoffee.com/wp-content/uploads/service/sich/042019/
http://mail.mtbkhnna.com/oqfi4kksd/CUWLd-WrQPH9uQyZ2mK9_vsMNUtGi-JFR/
http://maritimecurling.info/Nova_Scotia/GIEz-vVAwct9uuSZreZ_ZKmvidHZD-3w/
http://marketsbarcelona.com/twomarket/tkECx-xaWBP2C5kMiLije_poIKZIlm-NUh/
http://maxindo.com/verif.myaccount.send.net/nachrichten/Nachprufung/201904/
http://mcclur.es/mccluresfuneralservices.co.uk/HFBxt-qYwkqr6zT3mR0PM_csxCtIsmS-fDM/
http://mercan.pk/wp-content/MJex-zE41blxVhdYs1k_jLHLgzMt-w5e/
http://mersia.com/wwvvv/service/sich/042019/
http://metal-girls.com/jks00jx/vqIEd-Kolu9HkXplYNV7_DmLboEbf-4T/
http://miguelangelmarin.net/wp-content/cEuv-PcAsCWzVlSjz04_gMOPtlOo-qF/
http://mktfan.com/admin/awNg-9VJicNy5sajL23_kcmFYwcs-FC/
http://mobilitypartners.ca/PhotoAlbums/tMJF-MTo8uJ2RLolMnK_BsZyNKUa-wV7/
http://moiselektronik.com/css/xeYE-kAvOG9ra0nEKwko_OlhUsWSJI-I1/
http://moneytobuyyourhome.com/wp-includes/GUNB-VS8qGlJTOcpRhNH_jlaqYxrE-Wt/
http://mouthshut.app/calendar/cGDMX-aJW0ycFukt499J_mELDddZo-F33/
http://msecurity.ro/sites/qylQ-I6xsccK9GYn0fr_OJNmAoDi-yKL/
http://msnews.ge/wp-admin/nmmxN-Q2PD7ABQjXey5I_CBIweKdn-nWa/
http://mundotorrent.org/wp-includes/jdftS-NxtwENaNA8iITIx_KvnzTrkBn-dm/
http://mustafaokan.com/wp-content/uploads/zGPSK-KcCxRT8WaM4NB4_SkKTRwbY-eSr/
http://mysprint.shop/wp-content/UlHe-u1pg5sm6SHSkR2D_MTkgiiwK-uzP/
http://mytime.com.hk/wp-content/yBXCC-lylwKadqApmQ2d_mHPlVsBDD-kT/
http://namellus.com/wp-admin/legale/nachpr/201904/
http://netweeb.com/wp-admin/OQCae-AMYmXpNxAvwYTRN_GPtZLGotu-iu/
http://newbizop.net/assets/legale/Frage/04-2019/
http://nexusinfor.com/img/nachrichten/Nachprufung/04-2019/
http://nhatkylamme.net/wp-admin/kUmg-HZfpII12GR9G4O_pxzWFwvOq-2ZI/
http://nhatkylamme.net/wp-admin/qsdM-r9edxDIPfLC8xdh_XAcBOJFRN-pvb/
http://nissanquynhon.com.vn/wp-content/uploads/yFOz-fhjiOquHUrcOTP_JezzMZoyI-F2/
http://nitincarcare.com/wp-content/xFrEM-HPVJnH4rZFExBM8_DYvOebfFk-7qE/
http://nmbadvertising.com/wp-snapshots/PRfA-MxZUWn9Vov2pX8Q_pcFEtCkg-zkZ/
http://noithattunglam.com/wp-admin/nachrichten/Frage/04-2019/
http://norperuinge.com.pe/norperuana_archivos/quyTr-VF0Rpa5EHapEsZ_xWKYdPkvT-K7Q/
http://nosentreiguais.org/rsjnvui/aHLg-N4BicY2CdSlIm2h_TsZctWqVf-Hj/
http://ocean-web.biz/pana/service/vertrauen/042019/
http://ondaalmanzor.educarex.es/temp/EOvbu-4RtDUXJI9SiCDo9_FbpJmiIco-WS/
http://operatoridiluce.it/wp-includes/nSbhK-CPCT1oMYTzgPjdm_bziUuPhI-zY/
http://osiyo555.com/wp-content/aQYF-qm9c3ScXxdbwK5_UeVzhzfS-lRE/
http://ournestcreations.com/wp-includes/trnD-RJtpR41Z5c7OHv_sXVThpff-Blx/
http://paides.com/error-docs/bQzwz-nDFFlQTKJ5nTsm_iMLAfstmA-Xp/
http://partyvip.in/nlapwof34k/IKVca-Pr1vTsQghAqAH5P_RhajAveFb-xi/
http://patsysimpson.com/wp-includes/iUtmC-Wxr6PotjC56PqRo_zwzOWgSP-oF/
http://pornbeam.com/wp-content/jUqro-AzSNHssbEHZEl2_HbABRJIfe-3x/
http://positiv-rh.com/wp-content/legale/Nachprufung/042019/
http://privcams.com/screen/SgHut-Dy1YvRg5vtNlAC_ZSLfNvvwk-2GG/
http://pro-arti.com/wp-includes/pdPGL-pee0mFNVohQ8gS_VjYiYfylp-xZv/
http://profes2015.inf.unibz.it/wp-includes/waFR-i5ipLwvrYmbe4k_LWPKzIwC-7ME/
http://przychodniaatut.pl/wp-content/AgQu-Y6ylZkZAAZuk2x_axiJDVbr-kKA/
http://psai.ir/cgi-bin/Lvwj-jBXQ27s0juCMYj5_VKSSOfSD-Nub/
http://pufferfiz.net/spikyfishgames/qxLJ-fEoe1nkws0HzdK1_TOsADqqZI-UA8/
http://qatarvolunteers.org/rlzqg/ObvrU-Ex9zIEJcaUB9XDf_XPIyJyiCX-7u/
http://qservix.com/wp-admin/support/sichern/04-2019/
http://quest-tech.net/fxwtw/YNlO-5Jbzw4KCjf5DqVb_RVmyACYH-ki5/
http://quickwork.club/wp-admin/xhLkU-hXXbhqPD45Gc4lZ_hYkwJWcD-3Wz/
http://rcti.web.id/hrpel37lgd/Dewm-UzfKpS3DBah8SZ4_mWbERDGZ-DPb/
http://recepsahin.net/assets/legale/vertrauen/201904/
http://redebioclinica.med.br/comunicacao.redebioclinica.med.br/jtIuI-ti3wXbzTdHlRNm_HHIGpacz-IX/
http://reliablerebar.ca/wp-admin/HQNd-hnRUgOkY59X9f9_oqmuoTwsE-Mh/
http://rezontrend.hu/mail/UpWAx-SMV5WjmmvU7M26v_jFsZJfIc-1X/
http://rgclimatizacion.com/wp-includes/yphp-HHfl6PecgWgrwbV_bbCOoHnYW-vY/
http://richardcorneliusonline.com/1/sCjK-YPgiZaVIC0iJIS_vpOiVAtgv-ZEe/
http://riddlerwebdesign.com/zc4xjc0/QbPki-O8LXAIOKdOTmVgX_EYpMVpZRO-yx/
http://sandovalgraphics.com/webalizer/support/sichern/04-2019/
http://saobacviet.net/administrator/vloL-P7DPkcyIAiWWW6w_AzquYBYU-z5k/
http://schaferandschaferlaw.com/bin/PKujT-0Sh8GXlZFziKyxN_pWtgvaoZG-Z6/
http://senojodvarosodyba.lt/wp-content/MrKPf-SPlW6FY19PGrHF1_mfoYMriH-Xr/
http://shahedrahman.com/Backup/legale/nachpr/2019-04/
http://shapeshifters.net.nz/files/BKtQC-VjVvB3xWZ4rZla_ikAcrSztA-UpF/
http://shariahcompliant.net/meoeaj/sKNcy-PBBcSZ8bLgYi1vw_LNozPfXP-I0L/
http://short.id.au/phpsysinfo/legale/sich/042019/
http://showdacasapropria.com/dxdrbsp/service/sich/04-2019/
http://signup-naa.giftwhippet.com/wp-content/uploads/UDpS-hZVbEy71oDtwLx_uGKIpjHZ-fXF/
http://sigurdsonperformanceauto.com/lpwcvxu/CUsL-AjAGA8OBnMSYOC_BfrNtZLma-y2/
http://skpindia.net/wp-content/gOnoX-DkEpxrQYPgwlY8_zoAAMvJrX-89E/
http://slim-body.ro/cgi-bin/rZSiJ-xyjUbEKgV4sYi10_JzCHTgvM-Bg/
http://slimebash.com/wp-includes/UmHL-sNEFgoE9nfGNlLR_OTnaaxVBp-1W/
http://smc.ps/ar/sxaM-3DUoNy8xVX0lBFh_ZddSrnQZf-em/
http://sonthuyit.com/assets/legale/nachpr/042019/
http://sparkyconcepts.com/cgi-bin/VcCD-AyPTEOUJZF5VpQL_mBNTYYgV-6Z/
http://stafflogin.gcmethiopia.org/y3upokv/dAbNG-FV6LnbOXmZvqH8H_yfvQbjcC-JnY/
http://stegwee.eu/aanbieding/TUYzK-eoQCdN0Kgd7JsdN_ZOFMUUaTn-1JW/
http://stsbiz.com/js/support/sich/201904/
http://studio176.se/wp-admin/GDju-pOPk3FPNGGPWSM_THeyOBzGT-UU/
http://syhszh.com/wp-admin/udnt-Ygq36iZLN4N329h_eYdMkqLx-Z85/
http://tbwysx.cn/tools/ddorD-02BTB3pVnSV5g0m_DxritPypS-zzv/
http://tecnauto.com/css/VREe-oqPiNjp6HeRCuUZ_zRbLbusW-tV/
http://tecniset.cat/logsite/support/sich/04-2019/
http://theelegantteacup.com/wp-admin/vRNC-Cew8KsbIfpcTyN_IeMreSuEQ-sxk/
http://thuyluckhinen.com.vn/wp-content/wUqT-ZKiGCoZfVnFJ1R_DrROWEdF-o1Z/
http://tiyasharkhoj.com/cgi-bin/OqHF-MrWlOZQEylNP9WV_dYJzJSsay-y2E/
http://tomsnyder.net/Factures/support/vertrauen/04-2019/
http://traindevie.it/wp-includes/UWjv-OSBjNnDydmTKJWA_YilQFyBNn-lBs/
http://travelha.ir/wp-content/NEPYS-Z2SLOMmPmZZvPtP_fbxvUpEKv-RU/
http://trident-design.net/wp-content/XONi-5A2LM6pCWRWtkkT_CiTkIQYP-80/
http://triton.fi/trust.myaccount.resourses.net/eimuk-BFZ76TkssqlWZT_bozwNOllb-J5M/
http://turkexportline.com/e-bebe/legale/sichern/2019-04/
http://urbaniak.waw.pl/wp-includes/support/sich/201904/
http://videomarketingtip.com/emdr8rc/nachrichten/sich/201904/
http://vnhd.vn/wp-includes/ASNf-b99rz8t88cOzcN_DkApdKov-9m/
http://waverlyshopsite.com/wp-admin/JyZMy-7o79qKYCxocRAE_WFYYHfsfq-OO/
http://websteroids.ro/wp-includes/yMQqa-EcMM1Wta9fQ6vQI_sfUxMrXWE-Qul/
http://whatsupcafe.co.id/wp-content/Bmai-C5CoGJCFQkKJ2N_ObmXsuDcu-DV/
http://wordpress.demo189.trust.vn/wp-content/uploads/cvll-cWeb5fPJJM0pjD_WOUWZEIJZ-Ny/
http://worldofdentalcare.com/_vti_bin/QMSh-PiFpfwKVHe99f6_WnRgNjBnj-enn/
http://wtswloclawek.pl/wp-includes/YBSQ-vxU2qjwrh2IeWCa_DJsbxJEAN-j3J/
http://www.2190123.com/wp-admin/OizK-3Cvi4TuLwTgsym_NBQNZmZZN-V3W/
http://www.aktifsporaletleri.com/assess/IJmNz-bCTFQLVf0QNNitK_TErwruBb-ew/
http://www.bccsolution.co.id/hxzXK/xXxXP-rgosU2FgVhJBhAR_BXOCYgiW-DAs/
http://www.beirut-online.net/portal/WVuC-sX7MKdsMmR1UEi_RqkBCjlS-jO/
http://www.biomedis.lt/yowwk4j/ofrb-hs39vEQdT6C7xw_UjLdOVrz-H2X/
http://www.casasdepasyterrenos.mx/wp-admin/ugqkf-Wt2Aqi7PnqmpRn_XjZMWVRZ-JQ5/
http://www.cmg.asia/wp-content/uploads/asIFB-0wxsmXdAVKvdu2_okCqpxAWS-NK/
http://www.courchevel-chalet.ovh/fbmyql7/XZOi-Nw0Qk10ftNhruD_qTOceftI-boM/
http://www.cqnln.com/wp-admin/ezNv-DyqF3GppgcjqFX7_MiTdifZO-BB5/
http://www.cqwta.com/wp-admin/qYLE-XpdGqchM648D0S_gfJTUeeLY-GHM/
http://www.espacerezo.fr/wp-content/languages/UhzK-a6FaGmyXgdadOYO_vUDQlwNyX-YHH/
http://www.gifftekstil.com/C4mAvqn/service/vertrauen/042019/
http://www.gqjdyp.com/wp-admin/jYdQ-nPfvJGs3FHeI12_glahSiWYj-Ucz/
http://www.hotissue.xyz/wp-content/legale/sich/04-2019/
http://www.jc365.net/wp-admin/yJdZ-eKass8YaFUM0ENf_BCzxEInV-DtN/
http://www.lecombava.com/wp-content/support/sichern/04-2019/
http://www.marketsbarcelona.com/twomarket/tkECx-xaWBP2C5kMiLije_poIKZIlm-NUh/
http://www.promo-snap.com/p/jxewu-jbRn0GpLy6ubpjY_njZkkitM-04T/
http://www.sdkdfj.com/wp-admin/uNTl-p2eP1mWibwj0Wr_SfAVAojpL-Wi/
http://www.smc.ps/ar/sxaM-3DUoNy8xVX0lBFh_ZddSrnQZf-em/
http://www.tv2112.com/wp-admin/SUzI-J2D8VtwFCHAj6P_EHxgnRflt-jM/
http://www.tvperfeita.com.br/wp-content/WvDe-DU3Jfhq7hTXnuP_lEAPKCon-qp/
http://www.wanrr.cn/wp-admin/ANmJ-sMIs6rhhVXtBghU_umryXfGU-UFY/
http://www.web-feel.fr/wp-admin/OCmcx-xMzisZkV8dAyE55_zyzwmQuC-XB1/
http://www.zhnwj.com/engl/QpyUw-RLCl0sKa5xHBCZs_KgvsAUiPH-ZA/
http://xmprod.com/greatdealofnoise.ca/OxlnS-KhzTZMnXnbH3Fy_xsXzoysaU-o4v/
http://xnxxchannel.com/wp-admin/cMMw-jjInfhAV8g9KmG6_mfgiHOmiT-MJn/
http://yucatan.ws/cgi-bin/YHlJz-caQyNDeDfGQ2nVs_zfnoJjQW-mw/
http://zentelligent.com/wp-admin/legale/nachpr/2019-04/
https://4stroy.by/wp-content/legale/sichern/04-2019/
https://asiatamir.ir/calendar/Veslc-dPWxeXYiSDOMYko_PTVLCXQZn-P7v/
https://business-insight.aptoilab.com/wp-content/service/Nachprufung/042019/
https://c1k-fin.world/wp-content/HUCE-JvaxRONYUxURe1c_NIrsdami-UVy/
https://cars24.org.in/wordpress/ipJZh-EmPVrbuoG9VBQ5_hAkvKxDK-Lw/
https://celumania.cl/wp-content/legale/Frage/2019-04/
https://cheocchiali.com/wp-includes/RcGrn-1Dltdq0NXm0P8CW_tdIIyHnUO-hP/
https://classify.club/wp-content/CHnK-1RYdumWLD6mIRDY_iyGfrhOUU-pZ/
https://danel-sioud.co.il/wp-content/gfDq-d06qowC5tFRx12p_ypIkRGOaE-ZJ/
https://dierquan.com/wp-content/Uwqg-DT5VgmSH8fPhPcO_hwLlUalc-R8/
https://diskominfo.sibolgakota.go.id/wp-content/pPXB-GqEMJIBuTTKdaY2_dIxoBAoN-D6/
https://enkoproducts.com/wp-includes/VzZg-uIdWop1jP9RgxdJ_SUuyFHBY-enX/
https://etprimewomenawards.com/wp-admin/OyLgu-SiZgs4Qhlm1zs0q_FlKCKAKRs-kXI/
https://fishingbigstore.com/addons/YFIS-Sxlnf7bcFMUJ83w_chuuqPaZg-LF6/
https://gayquytuthien.club/wp-admin/woMqG-IuzjCSYAPw5eq0_dntGysnY-kh/
https://halaamer.com/sfiq/QmwA-c9iqwiZk5nnGD9O_OJTCwKmIj-1u/
https://hwx-group.com/wjwrtce/alAX-Du51VpmBQQD243_oqdoZyQvU-WJ/
https://imminence.net/wp-content/JwgY-Bmdk6e1muwj8s2_BiVmJVmpg-nB/
https://inovatips.com/9yorcan/legale/Nachprufung/2019-04/
https://keanojewelry.com/wp-includes/OxMd-fs8ygGLhruRkmTe_plwGAdjtv-U86/
https://klonsms.com/wp-admin/IaNzl-48QInWkULuXENK9_zhUILMMZv-62P/
https://learnwordpress.co.il/wp-content/sRmRL-H3OgpI340P7PWv_yhMnyhRbK-ig/
https://netweeb.com/wp-admin/OQCae-AMYmXpNxAvwYTRN_GPtZLGotu-iu/
https://nhuakythuatvaphugia.com/wp-includes/sendincsec/support/Nachprufung/De/201903/
https://ondaalmanzor.educarex.es/temp/EOvbu-4RtDUXJI9SiCDo9_FbpJmiIco-WS/
https://roygroup.vn/wp-admin/ixIod-a7XWYVLCw6rtAq_eeuZqSGxa-DKF/
https://sebvietnam.vn/wp-includes/ruPF-1qnTSu7qqpGArM8_mRpQXrnkL-8gx/
https://slim-body.ro/cgi-bin/rZSiJ-xyjUbEKgV4sYi10_JzCHTgvM-Bg/
https://slimebash.com/wp-includes/UmHL-sNEFgoE9nfGNlLR_OTnaaxVBp-1W/
https://soulad.cz/wp-includes/QFzfk-TwjaxXaci2WiSPP_zJzWbPUw-m7h/
https://storiesdetails.ro/wp-content/uploads/sQag-8sFVZX0cEugeo3V_mPCSscilQ-J4/
https://taxismart.ro/_notes/ycuGp-suv53QaVt6ucd5_MMogYqGFA-I4/
https://twentysevenlooks.com/wp-admin/VYAY-icm8pQ2yp3Piq6_BNTuMzPz-PM/
https://waverlyshopsite.com/wp-admin/JyZMy-7o79qKYCxocRAE_WFYYHfsfq-OO/
https://wordpress.carelesscloud.com/wp-includes/nachrichten/Frage/04-2019/
https://www.dierquan.com/wp-content/Uwqg-DT5VgmSH8fPhPcO_hwLlUalc-R8/
https://www.goldsilverplatinum.net/wp-admin/legale/vertrauen/2019-04/
https://www.learnwordpress.co.il/wp-content/sRmRL-H3OgpI340P7PWv_yhMnyhRbK-ig/
https://www.ninepoweraudio.com/wordpress/QTDl-sgB1j7RIobS7BB_LVTbQpaE-MJ/
https://www.promo-snap.com/p/jxewu-jbRn0GpLy6ubpjY_njZkkitM-04T/

```
#### Epoch 2 Document/Downloader links seen for 04/16/19 ####
```

http://1102sgp.top/wp-admin/ShGPe-yjQTQlmpphKo8SD_jZuyCBln-Tk/
http://122.180.29.167/map/mdou3-ino8a-ocqefnx/
http://140.143.20.115/hgnxlto/1b37qmu-yg14nx-korcpa/
http://140.143.240.91/yfwta7q/ek7q-broz7r9-intft/
http://203.157.182.14/apifile/mat_doc/4g6pln-ukune-oycvqhq/
http://211.238.147.196/@eaDir/rv8pf-laqz3ee-mfhbel/
http://35.185.96.190/wordpress/xljeu-mdutbl-eqjq/
http://3546.com.tw/images/YwnA-27ulz3AUMQmOHY_biSATVxtO-j8U/
http://47.91.44.77:8889/wp-includes/n64lg9-m81mzx-hljvsv/
http://5stmt.com/wp-content/dpotq-UZx8OLOSSds1siw_LbLcKCOg-Bjh/
http://7uptheme.com/wordpress/8n24o3-wzc2g-uvciuy/
http://81.56.198.200/sendinc/tg218-5x172ay-foyc/
http://8501sanl.com/wp-content/Wmkw-M82RuuP49zpThR_MOPmYegR-DrI/
http://99sg.com/zen/zc_admin/h1cig2-c8wxrth-wxuiokm/
http://aabbcc.gq/wp-content/bJGi-1xHK9uw2a2zld7_lsSesHip-ttS/
http://abuhammarhair.com/wp-content/1letc-4xbna-lfnlud/
http://acebbogota.org/wp-content/njwoh-8ah5y4w-chjga/
http://acewatch.vn/wp-content/nLhu-6POAWZrzGnIIZU_QWIuEteMB-bh1/
http://adammark2009.com/images/Wyedy-9fPxTPccsjME06g_XFURXnCvm-RPu/
http://adremmgt.be/pages/1xbpz-ui081-fygss/
http://aestheticbros7.com/wp-content/diTK-2RqD1ElI2I2new_HoYnscepI-GL/
http://agipasesores.com/Circulares_archivos/q4j3o-t24g7sh-ecowl/
http://ahavietnam.com.vn/fgocric/ft1n5g-letu86v-wqnitde/
http://ajosdiegopozo.com/css/ChPE-k5LZFJoPVgBS78_GLdfnzQX-N7G/
http://akashicinsights.com/aspnet_client/9dshsk6-dvxznik-tcqym/
http://aktifsporaletleri.com/assess/IJmNz-bCTFQLVf0QNNitK_TErwruBb-ew/
http://alaattinakyuz.com/wp-includes/781753b-bpg3x4n-rccux/
http://alaattinakyuz.com/wp-includes/csedz-qn4tfg6-omky/
http://alessence.com/alessence/Paamj-3uljzKD3XYddgq_WqeoXVtP-FH1/
http://alexwacker.com/nginx-custom/iwtr-y5hdy52-pvfzz/
http://allrich-sa.co.za/previous-website-backup/lqm9son-zlqh8-xgun/
http://altaredlife.com/images/y1kh-dhicxt-wxjfxn/
http://am3web.com.br/e5p574-5nusy-saqv/
http://analiskimia.undiksha.ac.id/wp-content/uploads/w0xx4qo-b50vx-fedlf/
http://angiaphu.net/wp-content/7fzdhpe-bdk7kv-dikt/
http://apbni.com/wp-includes/GabD-7mk0D6ABlwfeCa_bGjVVRUo-Hn5/
http://applianceworld.co.ug/cgi-bin/ckDJ-Un71XUFXneNyFb_RzHbSwwLm-zv/
http://astrolabioeditorial.com/wp-snapshots/wofIP-NRfE63ikFokSkLP_QSPeJtdfb-AVO/
http://atelierap.cz/administrace/FlVfw-62WkJwlCMukWdkw_TpPmUhKtr-z7/
http://auraco.ca/ted/TZYVh-nEvvZWxRfIhDRDj_iljtdgvYW-4KR/
http://avittam.com/wp-includes/RYgu-AyjMNGtcfNJo4b_KWSEVDJdW-xl/
http://babaroadways.in/jrh074-q7lvuy6-ylwn/
http://banzaimonkey.com/images/YfvV-qgoKKgQVSmCrhz_nLZHkqvQ-kn/
http://bayanejazzab.com/wp-includes/bec9r-fd4lv4-fvfrd/
http://bccsolution.co.id/hxzXK/xXxXP-rgosU2FgVhJBhAR_BXOCYgiW-DAs/
http://bcdc.com.ph/image/XeaNs-JYNdYdrZLaN3kk_hKNCtoPGh-Df9/
http://beeonline.cz/chameleondesign/s3z1x1-slfes-zztdydi/
http://benetbj.com.cn/wp-content/XHOV-mitbJYiqgd51xva_UpXUiDWc-ZIQ/
http://berith.nl/wp-content/nroq4u-odan7-lylk/
http://bestonlinepharm.com/wp-includes/apUa-uRtetrQ4AI4AgF_vjKaSnnsP-Jij/
http://biomedmat.org/nKtd-08tW7GH4dnNfRf_MzFePcfQD-oww/vqswD-TgTllStZVcfFB7k_idKQuFSZ-dC/
http://bitsmash.ovh/wp-includes/WiWy-F6sgHCcsgNsSsf8_dRYkgRPw-MT/
http://bitvalleyonline.com/wp/nqg09rr-uyvu8-xwmblw/
http://blog.almeidaboer.adv.br/wp-admin/436h7-lzxk6o-biiguj/
http://blog.bestot.cn/wp-includes/TSwL-bOWQDfP4ywMDeRG_QwQSPYhlL-Ny/
http://bloodybits.com/edwinjefferson.com/kesxw6-wspfzw-toouyyl/
http://blsa.org.za/wp-admin_affected/hrjlb-hb9fv-lnurq/
http://bobvr.com/HXJC-vH5nNU0WAvQKZm_oOCSgAYZ-2R/eaQLE-45TvhSHdq8VE36_DylOJBvyM-RFM/
http://brunocastanheira.com/wp-includes/t8zbkg-373y7-firtbx/
http://btdc.org.ua/wp-includes/dmjq9-y7nkc-gouxv/
http://btechtimes.com/calendar/wo7met-6owtt-allg/
http://buitre.tv/adqss/RVRH-EBEQMgsHI0m1nAV_fAYgfQQCK-QTd/
http://bussonnais.com/images/qgsy-YvvruL5ujPYZjr_ceoNkchQ-Gv/
http://busvrents.nl/wp-includes/Lntk-z6mL62I5zq3dkp_EomYjfuy-2a/
http://buycel.com/wp-content/cache/6lly3d-2ettfna-nixk/
http://caferestaurantnador.com/wp-includes/63z5-yx56rxw-ihvwq/
http://canhometropole.net/wp-admin/LZWfO-obYyYFFEfkyXSK_RCvnoSQDE-uT/
http://capetowntandemparagliding.co.za/wp-includes/PaOx-AIqQROdR8DALSK_eMkzOnYy-1hT/
http://capetowntandemparagliding.co.za/wp-includes/Text/dbNkL-RpxORW9jctygx5K_GPwzhYqG-zz/
http://capquangfpt247.net/kdvu/JLmA-v14gKKce9ojmwK_gHmyNJxQ-H7/
http://carcounsel.com/hid/dBVId-Y303XPMUO4Dx8V_jKjkVLTU-X8X/
http://carrozzeria.artigianauto.com/wp-includes/sow1blc-ntsvrc0-easvj/
http://catamountcenter.org/cgi-bin/Bbygz-WOVE0VmFcWQ41W_FevtvJIto-ov/
http://chanoki.co.jp/Library/6vf6ux-ak8i53-btmtof/
http://cheocchiali.com/wp-includes/RcGrn-1Dltdq0NXm0P8CW_tdIIyHnUO-hP/
http://cibindia.net/blogs/4wuben-zjbgn-zwahbmh/
http://cipherme.pl/reception/j0ve36-i3ptt-lqcc/
http://cipherme.pl/shell/qepa-bgoas2-yfdprkc/
http://cipherme.pl/shell/wzXB-NJjaRBl9TKeb2FO_tKbPrJqx-iV/uu159ad-4jkh5m-xmio/
http://classicimagery.com/System/24r4a2-jx3dhzx-clovrpd/
http://click4ship.com/Phreedom/ntfB-k36s3ZlMfbmZsSC_PGKIydqJ-2hH/
http://commercial.uniden.com/wp-admin/c5x6lu5-001av-paisuus/
http://congtycophantuan123.net/wp-admin/icDaW-UsOcDdBsgmgkYJ7_NvrPhiNFg-R9/
http://conormcbride.com/wp-content/mAAc-8zsIGJ3HRBnguJx_LhrUESLdl-wGg/
http://corpmkg.com.au/cgi-bin/XrFc-89bsPXUzauyzyl_GnQoxTwKC-Fjj/
http://cotacaobr.com.br/application/eazp1i6-apg0s-qfpx/
http://craftsvina.com/testgmail/77svm9-0ftx2lp-iydour/
http://creaception.com/wp-content/c8ur-fbca8zk-xobui/
http://criteriaofnaples.com/criteriabackup/LQfr-3gYlVZmFlfbY85T_kGnvssIYh-CrQ/
http://ctohelpsu.com/wp-config/cyDw-pP0YLjdxIiG8Qe_GaERIzhUJ-h5/
http://dailynuochoacharme.com/wp-admin/60f1-5124d-pghsosw/
http://daoyee.com/daoyee.nt/g4s9v-p21d16-umjx/
http://deepindex.com/wp-admin/sTwj-WBDpgJ9iU3T2ygU_GLHSWrem-RsH/
http://dentmobile29.testact.a2hosted.com/h7he2gr/0ia76w-w8idh-wtvyi/
http://dev.livana-spikoe.com/wv4gres/wapa-nv36JfmXSEeTHvu_AIfipRMqz-As/
http://developersperhour.com/wp-admin/jCCs-q0EZnUvY4SHD6ZW_CLkSFvrSv-i9/
http://dev-en.rewallonia.be/wp-content/LTGL-mEVdqBhlJA9adV_atKLDPCm-rmg/
http://dibaholding.com/wp-includes/9rz01-urb82-pqgasi/
http://dinobacciotti.com.br/2eqt/fxr8-3wg6j4n-hjwylaj/
http://distorted-freak.nl/html/pq86s9s-jxp5m-bieqtxt/
http://distributornasasidoarjo.top/wp-admin/pNYk-7ssVefmDDMhLVAZ_XkhnWMIPC-gWC/
http://dkw-engineering.net/menu_2018/c7pu81u-c4x4eqr-pmsb/
http://doctorvet.co.il/wp-content/themes/bridge-child/fonts/opensanscondensed/PJhm-TD9rP5IjwixXqGQ_NmHnLGIML-oG/
http://dragonsknot.com/cgi-bin/sfb8-w52710-nlmruq/
http://dramitinos.gr/images/gdfi8c-j1jlj-zwjit/
http://dramulo.net/wordpress/xxown-e8yl7f-bfdfom/
http://drezina.hu/airport/YEzOa-Bl1XWquNFxWYYKY_BXEitCvn-O30/
http://dubairpsmobipay.rps-dev.com/cgi-bin/d0zqhn-uaihv-cnnf/
http://easport.info/wp-admin/LLQud-C2htix3Tt7caMq_rGMjedCo-z9r/
http://eastbriscoe.co.uk/sysimgs/q4zfh3-x4mhl-offbyw/
http://edenhillireland.com/webalizer/hqv01-l05pqo5-cwzej/
http://efh.com.mx/css/KUvvT-iieMX91ZnK0xxh_xHdZPvrnC-qd0/
http://eigenheim4life.de/s/cc74px-9k4lml-xyblrng/
http://e-learning.cicde.md/wp-admin/vIiw-v4Z8TD2HcOWgHS_RhHHqquqY-hiC/
http://elgrande.com.hk/wp-admin/TXtPm-lyoE8xfAVMOkXSz_UrBCFlin-2MZ/
http://elitecarpetcleaningbusselton.com.au/wp-admin/367s-a1pf9zj-sgvdx/
http://energyclub.com.tr/wp-admin/2gqgcjs-vnt9nf-qsqcbph/
http://engadgetlt.com/4zlr3t2/vaTT-aOvd4pMikvkMcl6_UMICmxCVh-7vi/
http://entrepinceladas.com/resources/mnt3-8k14v18-msfnthq/
http://erlcomm.com/BNzC-VgDgOLD9aPylaRI_sdwzsBjeN-XK/cRkk-jMsGNSrse2U5qFF_kbHMehMTz-KK/
http://essyroz.com/wp-content/rTwHS-cvRifeyCPgElqTB_suOOhJnXU-a6/
http://etherbound.org/test-images/3nze-hqas82-nczmb/
http://evangelicabailen.net/bmda/ZOoHd-PeEBaGeAedeeo90_SpQfOzlF-YaS/
http://everandoak.com/css/usXV-40KSidUvMDgTzDX_WHaezeFP-bdr/
http://exclutic.com/s/8v7yij-nyhh2xz-wxvksmo/
http://expressdailynews.com/bziknoe/idpm-mj2rzt-wvkcpxw/
http://famaweb.ir/intro/WUBh-zmbFDS6FkyUTyV_vkWLQRsl-D33/
http://familycake.club/js/yXRL-wx0kIItaWqQOJ0_hvkuZWtmV-eoW/
http://fivestarestatekarachi.com/wp-admin/WtYz-79GNZ6IfIVI3068_DoSCsBKz-pD/
http://foodphotography.in/v1/LnJF-dBCZyb9rSFBLGDA_izijXJmT-4eu/
http://franosbarbershop.com/bdsxlks/bSsW-NxrUQ6TVjIcVMF_JCGrTfuM-BQ/
http://fullstature.com/mid/0qc7tuy-or7vofb-jsfxnq/
http://fumicolcali.com/wblev-6pox5-vpckk/loxhg-4hvo2c-vccxo/
http://gabeclogston.com/wp-includes/6al7cji-f55bwg-kupstff/
http://gccpharr.org/assets/txORC-BzAQC2UPmfKjAX_ahxElHQd-Ro/
http://getitanything.in/cgi-bin/hszpK-A9zwkk7abUcMEV_HvNEoYnt-Xlw/
http://gifftekstil.com/C4mAvqn/QBcM-12vE1JqwNNGXOHd_rsuhGjLVR-L34/
http://gkpaarl.org.za/language/plk8-dr1hsnx-yfqln/
http://gmvmexico.com/images/ITyz-RghrcmayW8e2V62_DwIngyCjI-IS3/
http://gnimelf.net/CMS/jz6tlbb-7c71v-dajqgz/
http://goleta105.com/404_page_images/fyyl6b-prnt6-rfee/
http://gunpoint.com.au/jqQB6bFC/mFyb-Jy11eMDnXDGDKaL_CHIImiZws-D6/
http://hamedsoft.ir/PWHT_Hamedsoft/8vvue4-x8p76-npalenj/
http://happytobepatient.com/o8rxofd/2fwmn-7dcwvq-qecdt/
http://harberthills.org/wp-admin/cuXiO-ZN9AZA2MIfEYgS_vAzfQuBW-BLc/
http://hasukovillage.com/wp-admin/oxVZ-L1uqeJccp2pjFJ_JOLmqbnE-O00/
http://hathanh.tk/calendar/eRDLX-gxi3lwcBCCIJWGe_QZWAsbumH-uBi/
http://hcg.com.qa/wp-admin/bzhp6n-fa8lvyn-jwst/
http://hcmvienthong.com/wp-content/HacxD-XntuGFqLE31oHs_MuwPoEKBN-ev/
http://healthyadvice.ml/neio2mv/f1jmlqi-grigq-wweo/
http://healthytick.com/wp-content/uploads/d20rbw-yxgsw-jopzfr/
http://hmeyerortm.user.jacobs-university.de/wp-content/ln45-6qe98c-tgkav/
http://hmjanealamhs.edu.bd/cgi-bin/kVGI-qiMcwWOKga02Zka_zLyfMqdlr-L3w/
http://hoiquandisan.com/wp-includes/y6sw-2llvgt-xdhswx/
http://hudsonguild.org/wp-content/uploads/wwk73w0-vz8lem-bcopskj/
http://hyboriansolutions.net/wp-includes/orrlj-5oqcmw-cymqrd/
http://icasludhiana.com/wp-admin/ax9zo0i-saolhy-mlfgqmc/
http://idfutura.com/Matt/9fdly69-mv0ap-tiwr/
http://imagyz.com/cgi-bin/28ugly-dhs0b-bjewh/
http://immobilien-bewerten.immo/wp-admin/7cnq-6hlpu-cgwstmq/
http://imnet.ro/wp-includes/mtWGd-WdhAbdKBgboyZA_OsOYSTzE-vVU/
http://imobiliariamadrededeus.com.br/wp-content/mzaip-9kJ9f91t5U3eHH_Pshidqso-0DJ/
http://impro.in/components/pwo76w-8o8kkvh-rftcy/
http://industriasrofo.com/Connections/TfHBe-A4dQyqwZhKpkvF_WLTjnUJuZ-hKn/
http://inotech.com.br/cnpj/BnpC-o07Y54sAd9xrRW_bYIstnMr-C9E/
http://instinct.store/wp-admin/jfqk-pz9b3ru-pypxtn/
http://investnova.info/omif2019/ulPl-5BWdTOj4ofdITJU_ksmexilb-LUo/
http://iran-gold.com/BzCYu-9u_ldXkubCA-K4/o8wk3-gddgx-lrla/
http://isn.hk/cgi-bin/ubk5sq-2iv99k-uslogm/
http://isolationclermont.ca/files/u6gn8f-8hg1s5v-bssli/
http://it-eg.com/wp-includes/1z82y8m-wozpjt-dvfui/
http://it-einfach.de/xAmqC-k8wpX9L4tz1mnXT_RUkeMfAUj-ap/Ewrqs-ewKKBcacu4mapmg_YwulFnkmf-il/
http://iyle.co.uk/img/tyjz-4mnmlh5-wppv/
http://jasclean.sk/wp-content/desKg-0BO3ExMQBW2MG4_smqOOTSV-Nu/
http://jaspinformatica.com/boxcloud/zbdi9qx-oclcmz-jsdx/
http://jester.com.au/Pictures_files/Media/4hr0w-tu3je6-ocfgos/
http://jmbtrading.com.br/secure.myaccount.resourses.net/NdTG-yCWlkBBebdROPvN_GAwNOaHxR-MZC/
http://joepackard.com/_vti_cnf/dgx42-aqo6wth-hpfynun/
http://johnnycrap.com/verif.myaccount.send.biz/ngwqH-C7rfzPwOrsOyer_tWnehiWF-wCr/
http://johnsonlam.com/Dec2018/4g8tsv6-9oxymyg-zvwcsc/
http://jscorporation.co.in/jscorporation/UmzQ-4VJrPAWzWII3Zh_RzgKvjGkm-TM8/
http://jsya.co.kr/@eaDir/bJKo-zIDYXFHVK2Ws88A_UsHxlzFa-gFM/
http://judygs.com/there/8i5jb-etui7cb-zjvytm/
http://juldizdar.net/enhn/dh6k2yj-jr5fy-mwuv/
http://kamel.com.pl/wp-content/h1qke-ie0ps-krfyo/
http://kamir.es/controllers/aePy-PpQE83jRrCBqPId_SBtJcpnm-9ur/
http://karalamadefteri.org/secret/jmilt-jn58422-gkqq/
http://kean.pro/wp-admin/ig9bkv-8bs05y4-uhjriw/
http://kejpa.com/shop/8hjht8-54bh7-pbwkiyt/
http://kellydarke.com/wp-content/hZoOk-F7oa8HfcPBMCnsa_roSnIqYN-WC/
http://keymailuk.com/cgi-bin/lm5u1-xlv8ct0-xkbyjhb/
http://keymailuk.com/cgi-bin/u9qgh-jmppd-wwfye/
http://kievarttime.com.ua/wp-includes/ahova-iihg0-leciq/
http://king-lam.com/assets/05apf-04csapm-athnroz/
http://klex.com.my/landing/gCPCj-NaSu2VxAtUk9HVL_TzkVcUqcL-oM/
http://k-marek.de/assets/u6uldu-6tn04yp-lanl/
http://kmgusa.net/a2test.com/9rux68-0c6lxc0-qusbamk/
http://knappe.pl/wordpress/onEoc-5mo0KLQHPDgaKCo_lodWkbXC-wK/
http://knappe.pl/wordpress/OtPsK-zp4lEh0JB4M2i7_cyGBXZZML-g3A/
http://krisen.ca/US_us/images/fe9m3g2-c5qj9la-arfra/
http://ktudu.com/wp-content/uploads/6i1sdkp-1bsieyd-mayhjcg/
http://kursy-bhp-sieradz.pl/pub/PZIw-eKXZlMGsknPq2hE_vqBIuAkc-Vc/
http://kuwana-vn.com/wp-admin/8wocw-ka2z2r-vwlfb/
http://lacvietgroup.vn/css/RUFm-o5RzYSVoNRNVcwv_pSdQBVVZ-mg/
http://lafoulee.com/ulqijft/ThfJp-RocfIcUTyP9pr5_oqaJkYjkt-61/
http://laneware.net/ufcbz-i4taosjlbrkikch_sbqawbge-fes/gjyal-ckg6gas45tex5v_wlirvimvt-vur/
http://lathifafoundation.com/images/y05i-022f68j-fgxvss/
http://lauradmonteiro.com.br/old/7vy2t-ikpkh7-dcyp/
http://lavinnet.ir/wp-admin/dCeE-fhZL70apjJTTlAA_KgCHHpqhf-JPM/
http://lexlux.net/wp-content/ibuMN-SZc7KIg4mJRHnCD_DjBxvHple-TO/
http://linkmaxbd.com/web/9msjw-hekol-apawr/
http://lixinyi.vip/wp-content/KEmot-aX1vTbfSdTJ9Lj_yGuGfXkKW-QlK/
http://llona.net/wp-admin/5hw9iz-s52nt-yemndl/
http://makepubli.es/tshirtecommerce/EjPGt-hhb2XD2T2jy08MP_WgVAbEod-7F/
http://mamatransport.com/000/z98k4-1l9pyq-gfnnga/
http://mangaml.com/jdownloader/scripts/pyload_stop/v1p6e4j-h25d5i-flac/
http://manioca.es/wp-content/a3bhnh-q3zke-kzoxvrk/
http://marbellastreaming.com/2016/azw6x7w-brboen-xezidsn/
http://mariachiguadalajara.cl/wp-content/uploads/GEsn-jdWv2k6ybo30Kj_cVaPZTGT-VEe/
http://masana.cat/pix/gyblq-ziaun32-tdwmdx/
http://matrixinternational.com/Media/img/css/80ieid6-h2ftt7-glhetol/
http://mattshortland.com/OLDSITE/ol1xe-xuy4wm-osqouvo/
http://mcp-indonesia.com/wp-content/k1pwu43-kw81x-zbge/
http://mc-squared.biz/note2/fnrm-5rp5fd4-rrgob/
http://media-crew.net/bao/pm8wzq-eh8jzle-nkmdq/
http://meiks.dk/VDbT-nY_iZxqN-fAx/ulex-2k399c-oxknr/
http://michaelterry.net/pambula/j173kjr-r2kitej-uwojxyz/
http://minhdamhotel.com/wp-admin/SvHr-qXSAcwszReOt4E1_shkCYQIhp-LB9/
http://mis387.org/cgi-bin/xu5o0co-oq2yrc-yiyw/
http://moes.cl/cgi-bin/jr0e-25ok8-efcjf/
http://momento.xxltlac.sk/wp-admin/58ke-ee5g2-wbejim/
http://monset.it/journal/hw1xs8-ddjyu-sgoosg/
http://motivation.org.in/vu7sglk/hSGpk-Z0bdYPIpUxu5wq_kBMESDwng-gUZ/
http://movewithketty.com/awstats/hPylH-DWgfhS1mEc2Ouq_kadfaLrjM-az/
http://mrwu.at/wp-content/NkeSD-D95uVnWcaqb1XOZ_QQWixLxNB-cHy/
http://mundosteel.com.br/wp-content/RSrc-FFUWgx5qf1cKNZQ_zfZlLfzt-qT2/
http://mustafaokan.com/wp-content/uploads/CTFlb-LOH2q5QQ92EI0NZ_MUbgoCiT-MzZ/
http://mutua.cloutions.com/wp-content/xwb7fz-76yswlz-qecwg/
http://mybaboo.co.uk/wp-includes/KDTj-kK4sC4cwXEKpSSw_EOCVABbJP-IQ9/
http://myhiaa.com/wp-content/jy2wlg-j16o7og-ycfja/
http://mymachinery.ca/DI/qbNdk-EY4eDufS8rvZUi_RNpFZXqk-7y/
http://nasirmanzoortechnologies.com/cgi-bin/YoLMs-uXgunvdXwevvWW_ctFtniTV-X5/
http://nealhunterhyde.com/HappyWellBe/qfdsg-hrr1t0-wzvm/
http://newsmafia.in/d/jbw7e-jqo52-ayatad/
http://nhasachthanhduy.com/master.class/LYIe-2FjyhhnxvTfhzz_LwxxEjcyA-9Z/
http://nickawilliams.com/ownthisaudi/1zy9bw1-zn6vf-fknkh/
http://niftybooks.com.au/cgi-bin/WPHTb-EaXJ8cEHuvGPIl_qLdomBBop-Eb/
http://nissancantho3s.com/bewcxc/jLrIj-3i3ekXJSjuGSibF_dqxqyrmYf-B9/
http://nlppower.com.vn/wp-includes/heGtW-I2rrxYJbduFaMGJ_sdgNoEhv-RMm/
http://nolimits.com.mx/wp-content/jb2elki-5sc4lhn-jrgmu/
http://noticiariobrasil.info/66hccy0/JOzJ-OeB94AxLgZSkuq3_itVPWJfQV-h0/
http://oceacondotel.com/wp-admin/oGNm-AEZfXQFboIVevwH_eOyUslsv-OO/
http://odiseaintima.com/wp-content/g9pz-6jx6p8-wtdkic/
http://offersgod.com/parseopmll/0yda6ek-48qspzy-yuke/
http://omegaconsultoriacontabil.com.br/site/93kd-seiivgs-ujxvdf/
http://onlinelab.dk/7mobw-hnwi83-heuixzh.malware/iTfG-2tiNKgi2Pgv0Tn4_wsFXHLYES-kmQ/
http://ozenpirlanta.com/blogs/bwwab-nkgnrhnjw617evz_fbbiimmga-gx/
http://passelec.fr/translations/m0pxg-3v1hm8-ljwe/
http://pemasac.com/css/yulu1l-1iw2hch-lhwmpdz/
http://phanamukhathudevitemple.org/wp-content/HNoIc-XTLMc66B1SdfFqu_otDWAWEho-Ltp/
http://pibplanalto.com.br/gestao/plugins/thread.init/FXdL-BoeAM0Qd7ntZBKk_aPQChCfRf-ldz/
http://piccologarzia.it/admin/gw9lq0g-15te6m-erjgn/
http://plomberiejfcloutier.com/files/0v7qhw-jdwwxr-yyhzhe/
http://plomberietremblayetfils.com/files/uBUW-mCqFMZ8NSETyrQ_AUDlPyQO-raW/
http://potterspots.com/cgi-bin/jj6t6-bjohru0-fbuvjr/
http://praytech.ma/wp-admin/MwVIq-cEmjCSar3geRgfH_lCQWRzKA-LA/
http://privatekontakte.biz/wp-admin/WFXNd-jYWYxFSZN9w23t_adTAlaPNR-4Nv/
http://projekthd.com/galeriagniewkowo/4m85ez0-htpf35z-tocc/
http://provio.nl/collector/wkudc-1FueRiGM2dHVNFP_IzRmtWcvB-nFb/
http://psicologiagrupal.cl/wp-admin/hrfu-wxus1-sptkdt/
http://ptgut.co.id/downloads/m9ucj4-x50app3-wmcuc/
http://qualitec.pl/images/g6x8oo-id68z-dqsno/
http://queekebook.com/css/r206i-c2hqjx8-qkws/
http://rebarcanada.com/wp-admin/zREra-66NpEOt8sBWKHde_WUFzPRQM-x9/
http://reborn.arteviral.com/wp-includes/x1cv-xtqcmj-jgxttu/
http://recep.me/welovemilk/3o71ai7-y9o91ye-lkrqct/
http://receptoresdetv.com/wp-admin/onAQ-5llRNNarxsVXWdM_TYLrnaBC-pt2/
http://reckon.sk/e107_admin/3guc-rpaur-pawhxiy/
http://redklee.com.ar/css/b73o-mrzvu-umllzl/
http://redtv.top/calendar/yymnB-vhskOYVM0Fb2mEh_UzCKKyUjj-YkD/
http://regipostaoptika.hu/images/SNaR-RkO5HSLffIrjHJ_zukimcsZc-qLJ/
http://remhoanglinh.com/wp-content/8zlu-uewwj3e-jseigpy/
http://remider.pl/bwp3ibr/GdCa-eNWiQvxLAQTwzg_cnqPyxur-9F/
http://reviewhangnhat.info/wp-content/nm5h-vhkxr2-dqkd/
http://ritikavasudev.com/wp-content/sroz-26cF1rOHkOLQsH7_eKIBXrol-PJL/
http://riverrosephoto.com/5ie7uqe/CqkPJ-d0EHx591cJcU8l_jSuRppbQY-8Z/
http://robertwarner.co.uk/wp-docs/FQOC-RaASfNMniFkcsiY_DFDuLEku-A7/
http://robertwarner.co.uk/wp-docs/jFiZ-OnMQs3rCkJqDEAd_vXQsCJeJ-szi/
http://roxhospedagem.com.br/chatonline2/xe14l-nv9nr-aprej/
http://rsq-trade.sk/wpimages/tegzi01-2yeni-evlsojh/
http://sangpipe.com/inquiry/cv7n-jlesb-jpttdw/
http://sannicoloimmobiliare.com/s5v4bzr/aaoafg-wbze3x1-panstys/
http://securitytag.in/vendor/OMrCg-nWuVDBGifQFY08_uKcdwvTqk-R1/
http://sertecii.com/nekt0uw/pv5bnm-uxq0bpe-vxipyv/
http://seyrbook.com/assets/zzyl-qbi2k0-ypjm/
http://shahrenarmafzar.com/wp-includes/rrYt-113IQHqvVcrW1FB_rExNgdCE-oB/
http://shopbikevault.com/wp-includes/hymu3o-9fy8o-dbmzu/
http://shweyoteshin.com/wp-admin/VHnBu-ZLqJvAO4QWwbF5V_guuWRUUc-M0/
http://siamnatural.com/anchan/BLPqM-h8doK77HJViZvP1_YHVRnVHy-cbT/
http://siddha.pl/wp-content/7tf4w-e3l1xz8-kfvw/
http://sigaoferta.com.br/wp-includes/mJdIP-brH8cEVRzPtXQB_bGHVBZrqZ-ksr/
http://simantechsolutions.com/wp-content/squqc4r-0ff10-qvind/
http://simhafusion.com/wp-admin/jLHFV-5iJC07zOApyRh0Z_abocxQXNF-Z5/
http://simplyresponsive.com/wp-admin/s4mx-cke31yz-wasr/
http://sistemahoteleiro.com/clients/bpql-jgc5j-xhpuirs/
http://sixthrealm.com/dee/ayx74-k1s0r-uznflux/
http://skygui.com/wp-admin/o8hhizb-f2k84g-ujbh/
http://smartwebdns.net/_vti_bin/CbHqD-uSqdE2FwzZyWUD_txfHBHned-Fq/
http://snprecords.com/wp-includes/xlsg7ms-upjd3-ngvzd/
http://sonare.jp/LivliSonare/lsywj-k29ext-smxal/
http://sonargaonhs.edu.bd/cgi-bin/MOdDw-WvU2hOAR5P4PM4_kNcBKRfa-zTZ/
http://sosctb.com/wp-admin/4sfk4-t1qaw-bclufa/
http://sparkcreativeworks.com/cgi-bin/IYIg-RPPl9bU2WsRa2I_MkQUgqlb-sj5/
http://spatify.com/wp-content/VoGK-Ao4TfE3tAHRoMH_mXdTDLwhP-DH/
http://spcp.in/lmbm7ww/UTOzi-J9ZeKrjiVmsNwc_YNQbgZYm-AzL/
http://stay-night.org/framework/images/uploads/qoq7l-c095i9-vcbfxps/
http://stephanscherders.nl/koken/bee6-umcivs-ypgnp/
http://stepinstones.co.uk/wp-admin/ldhQ-cAY3DLrkoroXdYe_KZoyDthJ-RO/
http://stiha.nl/grid/am98i-lq0qhu-snxrms/
http://studiopryzmat.pl/cgi-bin/pijgfxb-48tc4z-tcwa/
http://studiospa.com.pl/images/25fpetk-upowb-uwmrhv/
http://sunplasticsindia.com/asdv0rk/WiUN-GvU8IbVHf7PiCOI_uWfgCduQ-Nh/
http://svazkickboxu.cz/wp-admin/rl6p-wrf3h5-podtoq/
http://swgtalents.com/wp-admin/uhgk2-yvsu2xu-rges/
http://swiat-ksiegowosci.pl/attachments/u80natm-ekya9-awqdxsz/
http://sydneykoreangarden.com/cgi-bin/fZSU-wMjm4lYnNwQQUi_ifsmDcuc-oj/
http://symbiflo.com/PJ2015/jrltu1-6thps9n-onhgbn/
http://taskforce1.net/wp-admin/t79s6u2-fwj140e-osph/
http://teamsofer.com/store/9nli6-6frgky-gphjn/
http://tem2.belocal.today/optometrist/vf6lvu-x9gzg-kegzga/
http://temp3.inet-nk.ru/be5hd1b/CIgb-AtBbjL3HTexMKc_zHIJSVOM-CnD/
http://thecityvisit.com/wp-includes/LBOgS-mgL8SkA55NCTQls_RtWqoSKh-l15/
http://thetechbycaseyard.com/wp-content/wgkf6-uyz9o-xqlb/
http://thietkexaydungnhamoi.com/beta/h43uw-xrer2-flitx/
http://thinking.co.th/styles/gzvf-0r2on-vpqkaap/
http://thoroughbredcalendar.com/thoroughbred/hkUMv-9rozrZYrM3lzn4_eAUANTYjK-E1S/
http://thuysankv1.com/wp-content/xKqvy-mM6Rha1JAnsbvHh_yUwRcPwR-xz/
http://tienganhvoihothu.com/js/y8pf-3uru8-zbtval/
http://tiyasarkhoj.com/beta/pbug-rnmI6fbqTU3TFC_tbyJwCinT-Mm/
http://tongdaigroup.com/bill/o4l2wla-exah0q-nblhy/
http://top-realestategy.com/wp-admin/AlVwF-WYUVCnESzTHPpJr_hKgtZrIsa-cy/
http://topshare.live/wp-admin/fsfiwt-6swd6s-dhxubtn/
http://trangsucnhatlong.com/cgi-bin/uKYVf-V3tavjdsfiyLZn_WfuysksL-nY/
http://tristanrineer.com/sec.accs.docs.biz/ebup-jsnzq-dhhuy/
http://tubbzmix.com/07u6/q84bb4a-rsib0gf-zojtg/
http://twindstorm.com/wp-admin/aewz95-vpzbly-hqlbutk/
http://uncoolagency.com/wuscmgy/XhcEj-UW7RQl3oasApO6_vsCkvgjG-XoY/
http://union3d.com.br/themeforest-6695692-patti-parallax-one-page-html-template/x0u6-657zv9-fqxiazh/
http://unixboxes.com/mixes/6woew5a-voh6um-iroxwo/
http://urogyn-workshops.com/wp-admin/npzc6v-7mi32ye-sbfzbs/
http://uztea.uz/wp-admin/pSeo-GYgiga2t66Tkwk_XXGIZGiT-E4f/
http://valerioolivaforestal.com.ar/js/1n376iy-98x8o-ilxszx/
http://vallabh.zecast.com/wp-content/uploads/tseC-KIqR69ojbkMpf3Y_doBMiBSG-vm/
http://vanspronsen.com/test/aw1pfo1-4zk1ri-dzdic/
http://victimsawareness.net/img/gxZNC-LdscqEIn7wXlm6_AnvowRlTR-JU6/
http://videcosv.com/backup/tcbb-jkkgump-iamua/
http://villaconstitucion.gob.ar/wp-includes/ZqILa-UHQsNqxv9rQsIso_HzpxkKnO-bKj/
http://vinhcba.com/wp-admin/jmvu8-aozbmmi-xrne/
http://vinhcba.com/wp-admin/rumtea6-2a602c-luuptpw/
http://viwma.org/cli/bikck8-zbjt57-ashpbfy/
http://vk5rr.com/cgi-bin/mmjoj-1pvaj-edwthjy/
http://volgger.net/nfbJ-Khwr0fhWv3gKER_GrfeBFUQ-VBa/y9fbh0-nxj44-oykipeu/
http://vote4congress.com/wqpuf4a/GgWe-jAgtO1PuVVhrG88_JUSwQSNI-vIU/
http://whately.com/google_cache/inyhdcs-qkntw8-kkgq/
http://winast.com/drupal/PNVH-LMgM6fV7IOYAScG_brtsmhUm-jK/
http://wladdes.com/wp-includes/szc5-r8gbl-otjxki/
http://www.58zwp.com/wp-admin/Qulok-aEafTTa4T9ySdt_qDTHfiwGM-lW/
http://www.9796360.com/wp-admin/Qetr-pkIWErFvheGcYXf_syUicrvn-BB7/
http://www.abuhammarhair.com/wp-content/1letc-4xbna-lfnlud/
http://www.aipatoilandgas.com/cellnote5/uqyN-mnnXLTpPOkpH5Q_qCnlDOTA-dpV/
http://www.bestonlinepharm.com/wp-includes/apUa-uRtetrQ4AI4AgF_vjKaSnnsP-Jij/
http://www.bitsmash.ovh/wp-includes/WiWy-F6sgHCcsgNsSsf8_dRYkgRPw-MT/
http://www.ccgog.com/qjk4jul/urd502-nspc8jg-touvek/
http://www.ccn08.com/wp-admin/DsiwJ-L8zQhA1gL2yPU2h_IkSuIkcNe-Cqx/
http://www.chanoki.co.jp/Library/6vf6ux-ak8i53-btmtof/
http://www.cheocchiali.com/wp-includes/RcGrn-1Dltdq0NXm0P8CW_tdIIyHnUO-hP/
http://www.cofqz.com/wp-admin/yCEIr-W15cnSoq0gt5YB_wswIVkbYP-3G/
http://www.coletivoconversa.com.br/cache/OLON-E486dqZyAcHOIq_FLGMJhrNX-tcF/
http://www.dev.livana-spikoe.com/wv4gres/wapa-nv36JfmXSEeTHvu_AIfipRMqz-As/
http://www.eigenheim4life.de/s/cc74px-9k4lml-xyblrng/
http://www.getitanything.in/cgi-bin/hszpK-A9zwkk7abUcMEV_HvNEoYnt-Xlw/
http://www.gzftae.com/wp-admin/us40x2-y3jwzh4-lmjbnuz/
http://www.hanifiarslan.com/wp-admin/KgPn-lpoT0voQTiPL8x_LyMvUhFE-YcH/
http://www.hardsoftpc.es/cgi-bin/wvzUi-pAfxV9vCIaQ31D_fZSFJGDrL-0c/
http://www.hg77709.com/wp-admin/4gqbed-bf6p5y-pekp/
http://www.icefh.com/wp-admin/qpjcj7-xarmo-yzcwked/
http://www.imomc.com/wp-admin/OTnh-ZmDDdAT3MKN6f4d_sZPBPUAZM-Z3/
http://www.ipfct.com/wp-admin/images/usOBB-2ceIZXaarVAp7MP_FnDbvhzSG-KS/
http://www.ipfct.com/wp-admin/YVjtV-NiTSDnFlEAGDeg_sBlyffcqn-v0w/
http://www.jlhchg.com/wp-admin/qZyA-fgIRcqXXpJsMP5s_IbKPJBsrn-tZ7/
http://www.karalamadefteri.org/secret/jmilt-jn58422-gkqq/
http://www.kizlardunyasi.com/wp-content/plugins/--gotmls/images/roxb3rk-qdhwh2-qgymt/
http://www.kty58.com/wp-admin/tKnK-SrtBsoiXbF14LVZ_AMlQEqjq-js/
http://www.ljyxx.com/wp-admin/iUTIf-spUnJH2KFtR55zN_smTOlkuOo-kDp/
http://www.megawindbrasil.com.br/css/bknfx8r-q4h4u-eeqkw/
http://www.mustafaokan.com/wp-content/uploads/CTFlb-LOH2q5QQ92EI0NZ_MUbgoCiT-MzZ/
http://www.mybaboo.co.uk/wp-includes/KDTj-kK4sC4cwXEKpSSw_EOCVABbJP-IQ9/
http://www.pdedas.com/wp-admin/meb5-jmyuc0-nvmgzl/
http://www.promo-snap.com/p/oqOg-o1lcCHpxL84HvMZ_mwZOPhra-mzc/qrcqb5-sudtd-ooas/
http://www.slrent.com/wp-admin/dbLS-3skkRnqmeugoMrS_ysaYnmSo-LJ/
http://www.smartwebdns.net/_vti_bin/CbHqD-uSqdE2FwzZyWUD_txfHBHned-Fq/
http://www.szmren.com/wp-admin/iy5xdn-ijzf2m-agluca/
http://www.wanrr.cn/wp-admin/JcjO-iJmykasLBHL1kDr_JfNZCtDiY-sBB/
http://www.webyzl.com/wp-admin/ihKJW-15Ns4bDpjaemGt_KdJEKDLzV-V4/
http://www.whomebuilders.com/wp-content/DFCXS-xwOcIAu0VQFmWti_PfZRYNKt-AS/
http://www.xhvoc.com/wp-admin/JudSD-3bqp6ots4VMSfSM_FOiLJWFRC-qY/
http://www.xtime.hk/wp-admin/rvy48t5-wmes4y-jlqyubz/
http://www.zhsml.com/wp-admin/aYIeh-JxXFtEsjSaQy4l_gNgejlWp-jU/
http://xn--12cc9cucyay1cc.com/backup/WKCR-z5pwPRk73WHVeSe_aBOnCcVW-vm/
http://xn--nhcng-ssa3d9m.vn/wp-includes/ejUke-ZswiUttaQTzJ8V8_UvvkVwrB-pnl/
http://yellow-fellow.pl/wp-admin/9y3z5lg-61wprq5-ogpfwe/
http://yjsys.co.kr/wp-includes/1ju5-o1rqwjj-zkwa/
http://yuyinshejiao.com/wp-admin/UtFO-FTM6nkiAP4JrQaV_YIBiwoFzq-xx9/
http://zefat.nl/stamboom/k6is5tq-hh1gkpj-lqknndi/
http://zinganet.com/images/766vuo-30qqmm4-syqijw/
http://zulimovil.com/p/xz0cy-acrx7-hqib/
https://%D0%BC%D1%8F%D1%81%D0%BD%D0%B0%D1%8F%D1%82%D0%B5%D0%BC%D0%B0.%D1%80%D1%84/wp-content/themes/creattica/tpJm-zUagAwPCQ0oAdwB_qykfJmPb-sL/
https://5stmt.com/wp-content/dpotq-UZx8OLOSSds1siw_LbLcKCOg-Bjh/
https://aabbcc.gq/wp-content/bJGi-1xHK9uw2a2zld7_lsSesHip-ttS/
https://abuhammarhair.com/wp-content/1letc-4xbna-lfnlud/
https://acewatch.vn/wp-content/nLhu-6POAWZrzGnIIZU_QWIuEteMB-bh1/
https://aidos.tw/wp-includes/aDMv-jlUOXKFLgSOaql_yLJfkvhvV-Bm/
https://bitsmash.ovh/wp-includes/WiWy-F6sgHCcsgNsSsf8_dRYkgRPw-MT/
https://buycel.com/wp-content/cache/6lly3d-2ettfna-nixk/
https://buygreen.vn/wp-content/ixldfx-okssnf-vaztm/
https://calvarypresbyterian.org/blogs/6h8t-6jes9-rdckb/
https://cibindia.net/blogs/4wuben-zjbgn-zwahbmh/
https://coolwinks.app/calendar/pmMmx-qKJ6QdPHqTrWZ65_MvRQWVRXl-sC5/
https://datagambar.club/xerox/19idl-1fwsk-kmrycch/
https://dayakpoker.club/wp-admin/4owd99-ihnoirh-ljil/
https://de.cobiax.com/de/9a6k3z-ogm4k-hvor/
https://delzepich.de/wp-admin/vq78vt-vr942-suae/
https://dev-en.rewallonia.be/wp-content/LTGL-mEVdqBhlJA9adV_atKLDPCm-rmg/
https://disnak.sukabumikab.go.id/wp-includes/MwjE-GtMWcHnPF3XND8_FjJSnWCQA-IR2/
https://distributornasasidoarjo.top/wp-admin/pNYk-7ssVefmDDMhLVAZ_XkhnWMIPC-gWC/
https://doctorvet.co.il/wp-content/themes/bridge-child/fonts/opensanscondensed/PJhm-TD9rP5IjwixXqGQ_NmHnLGIML-oG/
https://duckpvp.xyz/wp-admin/uj40nc7-0qadj-wbml/
https://ecigcanadazone.com/pages/IEOtC-uzadUDynILMLNVm_dOxLcdvM-3Go/
https://eigenheim4life.de/s/cc74px-9k4lml-xyblrng/
https://escuro.com.br/ckeditor/aEpH-o1aNwYKz1t0Gn4h_bhQGOoXTi-w74/
https://essyroz.com/wp-content/rTwHS-cvRifeyCPgElqTB_suOOhJnXU-a6/
https://flcpremierpark.vn/wp-admin/FhIqI-Grawlhy0Er6ui8_tvFPbVYe-SFF/
https://franosbarbershop.com/bdsxlks/bSsW-NxrUQ6TVjIcVMF_JCGrTfuM-BQ/
https://giangocngan.com/css/xCFB-wOPg1i3RkJXYBe_SNeXJSyt-Ha/
https://hasukovillage.com/wp-admin/oxVZ-L1uqeJccp2pjFJ_JOLmqbnE-O00/
https://iqbaldbn.me/wp/eyQeX-Q7MWsMz2rKvLCt_WRJOiPszR-7s/
https://jlseditions.fr/wp-content/dy4jb-0uk1o-biph/
https://kanttum.com.br/blog/wp-content/uploads/lcdn10k-80rii-yxle/
https://laarberg.com/test/JFyC-ptdz9Y1tZxh7t5_fdtDwMer-m1/
https://laoye.vc/errpage/kacao-dvrw2b2-rtdk/
https://marioriwawo.soppengkab.go.id/wp-admin/31uhy-1c67xvz-szfvsht/
https://msb-blog.firstcom.vn/wp-admin/lhk0pbl-4zfiz-vmtvnk/
https://mundosteel.com.br/wp-content/RSrc-FFUWgx5qf1cKNZQ_zfZlLfzt-qT2/
https://mybaboo.co.uk/wp-includes/KDTj-kK4sC4cwXEKpSSw_EOCVABbJP-IQ9/
https://news.dichvugiarenhatban.com/wp-content/kx6le-g5xx8b-azxqxta/
https://nonprofit.goknows.com/wp-content/upgrade/vamz5-y2oljvu-lktd/
https://noticiariobrasil.info/66hccy0/JOzJ-OeB94AxLgZSkuq3_itVPWJfQV-h0/
https://ongbobimsua.com/wp-content/plugins/77583j0-0xnkhdx-aesox/
https://poseidonbd.com/xyj1fie/xGWq-EwpmLCP4JgtWMHw_EfiDgxmK-1R/
https://robustclarity.com/wp-content/YqrX-Bf91fbQu72cgGj_NuCafQjrQ-KJM/
https://smartwebdns.net/_vti_bin/CbHqD-uSqdE2FwzZyWUD_txfHBHned-Fq/
https://stelliers.cn/demo/glOl-mUAD3m7XLUSWsIj_flbDPTJar-Mv/
https://sundarbonit.com/xd/6dteb-vxpyxix-yjzsws/
https://telomedic.com/wp-includes/pquhht-54ih9cz-aujarys/
https://tempatkebaikan.org/wp-content/bf1kf-6ss0xm-eotedba/
https://thecityvisit.com/wp-includes/LBOgS-mgL8SkA55NCTQls_RtWqoSKh-l15/
https://top-realestategy.com/wp-admin/AlVwF-WYUVCnESzTHPpJr_hKgtZrIsa-cy/
https://topshare.live/wp-admin/fsfiwt-6swd6s-dhxubtn/
https://visualhosting.net/css/uVnZ-sKThzzzlm09srys_HTXZSiGVm-Pm/
https://whostolemycharger.com/lyzc38x/retr5-ev5so1-wmrnfna/
https://www.abuhammarhair.com/wp-content/1letc-4xbna-lfnlud/
https://www.aeronautec.de/wp-includes/ctzyzde-oxm1psn-ssnriq/
https://www.akotherm.de/hkxk/gNgQg-qYiDmfcklH66QL_ezLIHNLSr-W4/
https://www.bitsmash.ovh/wp-includes/WiWy-F6sgHCcsgNsSsf8_dRYkgRPw-MT/
https://www.coletivoconversa.com.br/cache/OLON-E486dqZyAcHOIq_FLGMJhrNX-tcF/
https://www.distributornasasidoarjo.top/wp-admin/pNYk-7ssVefmDDMhLVAZ_XkhnWMIPC-gWC/
https://www.doctorvet.co.il/wp-content/themes/bridge-child/fonts/opensanscondensed/PJhm-TD9rP5IjwixXqGQ_NmHnLGIML-oG/
https://www.eigenheim4life.de/s/cc74px-9k4lml-xyblrng/
https://www.essyroz.com/wp-content/rTwHS-cvRifeyCPgElqTB_suOOhJnXU-a6/
https://www.hardsoftpc.es/cgi-bin/wvzUi-pAfxV9vCIaQ31D_fZSFJGDrL-0c/
https://www.kliq.app/wp-admin/tfo5q-5tu6ep-rowxz/
https://www.linliqun.tk/wp-content/dxjQ-yqS63rDzz1r9jUB_AIyYTNLw-cww/
https://www.mybaboo.co.uk/wp-includes/KDTj-kK4sC4cwXEKpSSw_EOCVABbJP-IQ9/
https://www.poseidonbd.com/xyj1fie/xGWq-EwpmLCP4JgtWMHw_EfiDgxmK-1R/
https://www.promo-snap.com/p/oqOg-o1lcCHpxL84HvMZ_mwZOPhra-mzc/qrcqb5-sudtd-ooas/
https://www.smartwebdns.net/_vti_bin/CbHqD-uSqdE2FwzZyWUD_txfHBHned-Fq/
https://www.zutom.sk/css/StXB-vUvWce03E8geigm_fGTOUXyyx-7OU/
https://xn--80aao0acd1ak7id.xn--p1ai/wp-content/themes/creattica/tpJm-zUagAwPCQ0oAdwB_qykfJmPb-sL/

```
#### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
```

Creation Time	2019-04-16 21:35:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
bfb750355455d137129deb8624aaf22659550caaa836eb63d9ca824f6e2e1e39
f630bfbe4b3c8275ad01aa4c5b0cb0997e7af5947b64dad6351672a6aa578c39
ee888a9886b820609006301402c052364caca93f3c5f747a8be18ac0857e253c
e5b32cd1c7065b68c005a7f0632ad2be3937d2e730dbca41f26b4e3bfd7f2594
d5a3d05e5677569b340a0a27f8989683b1b2a91da2554d133927a4e432cef2fe
78c7f1c6bd57c9b5fd9deccd6c8eee1d22dbcab88b6093c634c49f50d92d8fe9
e1d3bedac0445e8a53e7285332c9aebe9f2ea85b85bfd50b2b2cd2bcc4e405e0
a145da157680d560fee76c85a1a04c2ec90f8f45e8e48a5afb2ce39e2d4dd525
73fedf608029213d614cda06a51ac59cb368ae1ecf06cbea2a0ffc3ab8c5d73b
1953426345e5bcfa0d943dcbb5483e5c6349da465a63b4186ced605368c897df
277f3c8d2bebb7ba81bc20c3f884f7ba97fa475595a794b701718526c739aa05
7ace53a785f7d367d4f7b8b7f49cd1ab3bdd46d2a6b639cffecf3d5b48a6e483
9568547fa985ab769f63919c53e4e6269432a203b3837f5d5ddd2033b5921dbb
ad3dbbea8587bcd655c42c13f1c039c9fa1a8edadcb8ae168da8232beeb60908
672214a0abbd2153bde3cddb09d46ad3cf5a6a473fa339648ed22fbc4c7ba717
36a99335c6d27af2f6e4b23062c90335dae2d995592cc45eb67dc1a3e47b39d6
93520f82998d89d3a44b9b5cc74e395b5b2395c346ca90b29bb3be442a19a6b6
bef2154c94af4d7dd8f8b049b5a81bd98e7a5895420a8db0317198fbc67bd55f
20ab135780b824cd165397c8c655b57c32e7d12d3fa4f7debda890d0e65dae8d
fd6b351aa651a795ccc36478ab92b5fb40497dc6e48bc99f46dcc8ff9ef8fc49
d1b972de0c6396577e4f1476536050811b818381dcc440116c5f4bf2e6713beb
c830d2e3775004d48c5f6ec14afabe996913adce27df67b3733dafd08ba24473
6f3c86249b5b6c10692d78d2af33ed16799df38cf12c52c96bdf1a6ed4c3fec3
575dde62d6879599051db95345289d694bf6500cf6e0200fdbd87665498ab758
1d79638d3349c4f8e34170de8f0b116d7654dc4395bf1738df22ff2be544f9f2
33311222c58923282e846af143c675d62d2e5ffdf9d560ed995c2434176784a4
dd0d8f7bbe0b5599db1f61934e275eab95be44020c04b66e57bd40dd28713cbc
a96996cf8b9f60a7cf268b030e84e316e1d3e25c4f3d290c918c059a541368a1
230bacc1603f28b1d4d085ad5429d0e07d2df7a155eb1d25e42a87e82dfa8268
7fd0dc2149ecef91f8978c85ea5a050ec5a7ef155dd59dad5b645af30d7eed1f
4c6e32f15e3e4c6e3995fbaa852e28193a2dee4b6ccd33a25fc9c6681873f114
938b12f5460469f75a747202beb87f30466c63b9c7ec13a8dce23ab4e38963a4
3df4fa5753f11923542f444cc8f1944b2a3a1e091e558a6a2a1c5a24e3492785
875b939656d3af5682f6e8d8b7fb53dda43369bb7a7353274907162c5699993e
e779fe9a8d830df1f5bfacdb244e642cd2e0a7df9e90098f251416c08dc0e6b8

https://www.blogbuild.online/wp-includes/jEnnO/
https://xetaimt.com/ooecgp9/rlb4/
http://dqbdesign.com/wp-admin/5IsP8/
http://yesimsuit.com/ajax.googleapis.com/zYs/
http://jeffwormser.com/v1site_images/5aga/

Creation Time	2019-04-16 12:52:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
f32cbe4ff74b1e382bea6fa729854bef952194a257b1a6a04f3606e2f7baf419
9119d6dbcd2a5ef9456bf97f936f6b285990d39b76ad936f1210b08dced607ce
2e8d8850ce6eef2b5c581585b71f4dc1aa794b0ff01abd369386b4cdfe8996fd
069c96335cd2e28a1a7bb25f4a3435be8a006971550e5f96945fca1b32488d46
de36dc4b54247a8172cda67b22d570a1b6c67b709c2d0ef6ebd9d3878d87dde2
5565306dc3c1e42f4e044329e83a0caaf3433727a91425c5fcfa96d5946edfa9
6f7bb3bfa3f712c294dae5017981b1b8a10a0db3f7ec651c269d901be5db12d9
329efd946e91917be7ccb4f33ce4904871d05ac7ba348cd7dc65932af475425e
d248f2846356902c426216bf0746a0ff149172789ec9407054428968f3133329
c5fd770032c9c4c15559f6fe81f54b73588ad35bb8907d68a0585ec4f004fb68
91156e1e313a29ebfe17c4194c4105cf66d71b93c3e079f40782dda5e7dcfd8d
2a0161fd90196a57f094e414cf0d70492e3668f356cb4b927bccc36ca0f39228
3e5a613d76696cb50ffba9d7e6c0fd8fff94b51c9702fdc00548ca08ad03f6e2
a06cd9a2d0ab03dfb8075a730c198655bcd5759395a33843831339c71d8e133b
1ebe2a16e54ad8e384a11101a10f296cfad58f5d8d832fe2d6f4cc0653b15bc6
6cc2c95cd1419ff8937bab7e2c08b5e3a50dfc8d2e2626841100f9dd28e64918
2ef5e9bfe0916ac9c9e30785434c1bd81b4cee13b734cdfcd3d1e25e113322be
383131cd7ec43b1ba1ba745bf9e0f69899c596b03f9a69e10bab326679aed1c6
a505fc37d8eb990b3d8567df5fa28f8c217fcbf0ad2b69fbad4d3090b1c3927f
f86aab4608e99544ab0be1b74cc25db563ed1415e9aa52adb110ac5afb2ef5da
13a3fe544041e29e4c2a91b6dc1c29bc6e04dc47c83cfda4af3cbdb48b4c1530
56840f8f60c1b026586319ffb8f99b0babc42fc704f4a1c7fee6159ffee0461c
7f255318ee20b0755f8ea4a881e7633a613ff123e77d17be347f50c73ca60626
56459d52dd7a5f3045b96edabc33e19ce54b76ecb8c499d406acc77a1823cd91
362667f98d8010c7e4d3fd6b093da15e86fc826d9039878c94f2359f94b7167b
0cf5f81e042800612a70637342b353ca6657de0af7bdba114a4f2a82ebdef2f9
fd95e30d6bc2fb33c4c55f430b9373d292119e2fc77f2b9c936ebe16a516d48f
fbcb11367f29fa70204ed6d65ae8eb29199e404da328732025ae3de4408a22dc
2d4c184275e72715123f48151daaf96797095b62be433ff2b2942136b8cd0d6c
f62a94bbca3780e43f0840ddfffbb00fe6c25c5d6b72a81b423270427917c4db
3eae35085124e8a362049e793d5dbc048c04d346b2112a4e54b8fa71d0096d6b
886d8c042acdb73b4140e008a1128d2f050ff0ca0e7272c24f6d8b1220e17c4c
6b71be316e91d4679de2085f3e1652bdacded4f30630f2351124d1e1387463c9
680ee4977dcd11eb2e044535549cb20410efed7ec1992723d965553dd7170006
8765cb50e4d34b23e192b24e25fb5305bcd8a6d7b33f8615bf44ed6a5ec491f4
ee35dcce424eac80d775ef58046ae6dc21fc97ce89dbdd22f0a1b28f6f3d54e7
e1b6a1f0ec7bbb25df0af7523500ed76849c77b52766336de44266d36f821a76
6e4b9df22ca8ffd8ff3c913be8bdb59050c810acd69f3b49fe22b96504f16ff9
d24f2abf8fc3e5081beaf921d7bd914a657fb78e541b337255ea536546c9fb9a
bb3b70bba3d4db2abd81642bb0b5d251e497cd72d7a0ac6a21b6ab2a86411f9c
e2d7147a4b15606e8aa0127a70d59fc106cb6b284072f9cf633929ccc64016d3
8a703f09affec429c37d4b1a33713cc14783deb3a11fdc3a9eac96abbe474a7b
80dd6a8162efcdfb5ab2838482b86d67cc6684f58450a52e02fe449647199711
60a25fd4c6c1fb3918882668527bc36a4cb4e31e351849fa3d42b62101b3cb7d
f76f2b70fac80970e95574ffabf7846cb66ee11d6db5564c2d99a94a3969ef61
93e3eefa3b8a2f13770e7ed9469079af83cb67383c49ba7adb68e5576bc10432
7e454054cb8d9473aaeedac212d32a4a380d5e8028d3808dde568f26cf805388
40e8d9a5bc52a0834b5106a013a16bdcd1b198b3d902a9203d3d9dd851a267a7
fbc4187204f85334916fec668076d8872fe4c2b637474c1a2f80e0d925d82351
40f7c562ff31df5261bedf7fa61b88e172076727367cfaec53493459be662381
b8efc105d6b08df52d45930e68362fcaf5ec4e6fd7f2b432fef43e101ce7d7fb

https://www.chunbuzx.com/wp-includes/I2/
https://profithack.com/wp-content/themes/sketch/SkhHEA/
http://www.lattsat.com/wp-content/2tS8A/
http://diegogrimblat.com/flv/Ojn4/
http://dragonfang.com/nav/dwfeO/


Creation Time	2019-04-16 07:25:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
f98a254a12b51c32432a693bb39df392f6dd4429041c0913bfeabb8ba6eaafee
db01e47be13769e1ad8779a7a4b4e18c6cd13a418a92c82bf44030c4e1ea5d55
9d9aaa50a40637604a1240aa8364f96c9a0d42c80cac98eb49ff3e26b3d3f86d
c36a84ac4248717b11593ae5d171b18d356f9320df67bdf7bab7a99b2ecf028a
564d5d0948e2b6138a22cf698f03bbca8e0459c0608c98e8a7c64d538f245567
4f0ca38cea6e42933f5e206b385db594603da3008d1143bd502b314ec85f0c64
e00805df54f4f51b169f272498d70faa22d3522c81d7a6dbd3b3ee21670f3be5
d00d3fc56c4d887eea35bd31cb7faadb791b7c25e3b291740f3eae05c273c5e3
af06427e75ba3f81013ca4d2303e110dd6780e8f7f9bfac3336a02d39b79c8cb
35cae3aa7645242c6ffa6b170d383bfcd21578d3bdcfbda0c4a1398e71e15a9d
eccff22e3acccf381d541fd2ed585e77556c5e873a655be4a4959b2a92ccef25
ac4ce9bbe063e4a6a02517bb89cfbb7d9ed0161162d35242f7337909e2a377c5
b07c39968042aa9ec4f9fdd70013aa1d92eab2c7784f53459776cd18f9bcf25b
308bd54cefe6f40524367fbc19eeeac7e9d4373487913e1db70fbdf36779d2ae
643ca11680533a6c79bc3ca656b94d624db71e4e7f31b9ceeaff8cc5579a36b9
1cb40c0d41a17288cf5645720efe0dcba20ee2dfa9497ff5a076e2f625c06c93
1f66953ca31f2890d7990a93f9039d5bdc326e8e4d58f7a0263d01ad55702c55
1bac2a43c145c7d969b100b57814ecf00a536354fab940ddf03fcf1bc0ef08be
930075eed943e0734fb332d29c0c8ef19197161c7544416d5b7f281b77c2165a
324de20c8123962995e7a1cc10f992c1c7528a224ecb57f6ab3f680fb5b3ad49
8fb07955bf3952e367d891e6063a87913decd243cc5b0781b8889c5c6164402c
32ea2b004238eaf60e8d2f429909a2a74c6b6973fe6d600e17327f1cce20366a
3f04ef1dd9df1059e69a4884fc4d4298a7371c229b8fd96f2584b12d3763e17a
3e225ac24c4ce565e073e5d8862810e5a32c418726666c67c9c23766052617a1
ca3f9e79f1bdf23326d0b5db35d104b0cd86882dc448e6d35688920f8ae641b2
a6f9991f6bdc8b7298400a10436178400e83ebfce512b5029af3a90f1ee3b763
9ef4ecc0391bd3459d75e213df36c52756f430d458958bacb2bbdfed177adab3
3dbf1970151fc3e15063c75535d037c3dc3d8fbf404eb88780af8ae2bec4a346
10103295f238be0472b32937b389e4bfdfb8e4b86359d1723672d58b8248de12
57e601ceb23ca1be8b2a1dd44fb719c6a43885e3035c14265b8770dc009820db
61c966fe80e7c16131ffb8c9fc58abad0e89705d575ec1016c4db578c3434a05
94c595759b6415cf2b425f32194236b8d02e5d1f4a2399870b63f016480df6e7

http://dingesgang.com/wp-admin/rdZ/
http://easyneti.com/wp-content/4zI/
http://www.oscarolivas.com/wp-includes/w47/
http://www.myhair4her.com/g9twdbi/AxU/
http://benitezcatering.com/wp-includes/oOOiL5/

Creation Time	2019-04-15 21:30 (JS Based - Fake Error)
SHA256:
7ea187cf42e39c534ce6babd79e121c1a6d78d6277c8894d3952e8e3a7beb6a5

https://pureprotea.com/wp-admin/WNwq/
https://roadlesstraveledproductions.19ideas.com/zbfd8jn/xiKX/
http://wptest.kingparrots.com/wp-includes/cx3r/
http://www.mortalityreview.net/wp-includes/GX/
http://www.pureplatinumlabeled.com/wp-content/upgrade/LEJ/

```
#### SHA256s for Epoch 1 Payload EXEs seen on 04/16/19 ####
```

3c9f4f4b21fd19dfa5b49c25c82ee86d4c4511b5f5289d08c1bac5e0cb66c8d7
42d5b442bcba882b9b67d483d983812918c8f16bf244617e5125e54ed39c45b4
64ecf92cfa2abbebe8c2843477c6fd479b9ae17dfc7ea22f1ad9ee9a1c2f39c3
9829a70c57021cc46ad6a754b3a35c45acf6419efc3ae38d1c924db1e9460ac3
04c2bba4e7b9c62d86d2b1cedf5b51020b3b3d110b0a5817347cbd5ff6c99d6e
4015b2182a198d775500fdb03aa57a82906d72c72c4066af16764478721c889d
81833eb3222f53159d3e9fdf41a3e7807eb3dcfa26bbb20c6d3fb3a46c4757b3
09b86d08cb054ac5ff3094d64b54104d0f1b90166e08a7e81f14d461745f85cf
e58a929e2c4cfcc8ce5881db683a60ec22d4a29418594045778b388596c708f1
13c7db2948bd11df140470f720545255aa959c85b004eaa97edbcfa3398d108f
dc72a3d498c892c7047dc573a46931e812cfe7b94ba33b6b05bcb9b652c90bf1
3d5d6478be30722d9bd8db096e17faa2d028a430bd584ac5204041d69106d33e
152e556e2278eaee55be9349acce867563cb11d48b67789d49acaf26c417cfa7
db70e564ea79a94f5fa4be36192be286a096f31c45b21c0d9b04cbb41d42e117
06722a60e26e543776ac757149b3c653f20ba823f6d12be91625c37014c6a219
99cffd83ca3f090a718cb2eaacb6f89d02f18c6bafe419681284c1900c4b8274
d0ff1f3a443a6eac63248f15a37710428502f64e8847fe2bc6171df16a6b16a5
4560e947ae656cb4265a83cecfde6b696b31a09fa31ecf250cfa6149287ba553
ba4923a2d5c690839cffc9455d029e1899a54fd63657c84de75b4209146192ec
c3da3d50a58b61da152ef9324924304bba6ab3b0485140120dd2ae9f6e9a11c1
864c7bc2e7bff252f24c16c5c9477462073dab8325baad6c953ad5cc530348c5
dbe44fdad4babd7375e4ce80b5fd53110fced67d138f94d9423ce6ba8e97a7e6
3ce6cc7da986a366645b460e8a0c6e9ef0f182c1dc96a39d2b0f209013ee8b47
198f7c57c7857a912633b439a1c675c5f5170bc354fe6251698052ab74d7535c
16b44db6cb0df8bb4dfcbcca0b9be06e3322da3796809eb1f1a66f74f5cfec58
bda6816587e81833d001e856dec7e8eb528eda404244810c35ac14dda30bf2e8
a4df61083dd7b36ba7beaef43e3136350a0e2676f8566070062af9d5f9c7c3ec
23c408caab400b3423ae73d2380b5e1b63f9381a361d261a830de82b2f5e06ed
776ca282dc8a13de655f9409fe4f8bea41d89c775cffa3705e21e10ee80d174d
df2a065c7c7afe4254f275aa8017fdabbd9ff88aa39db3fb8e29618e3f354923
5d687114fae7bdf7272d2228db408a5383c0493fe27f5782a061c9a5463c1f47
c481b71e426986b974b3b8a3438ed20e02acceb15e3cef087df32ee7663f34f5
3cc6567dac689b169d5e856c668a29c758a4d384cf3392cbc36ccfae375de9c8
0d8071ef5fff29517d4d6155967adcf1f5022e5501920a1631799cac9b9158db
4bba21068231dfd43232ff7dc61e0a7fb17195c86b4acebcf0bc395e24fe9a94
8a9cbd9aaddd22da4ac1b72d897dbc5b660a2bf5c2728294ef8f269d2b5fd19a
d989e212284c5a4e73756775e6f2a43d0fba0901096d7eb27c14bf8075f6098b
dd6934f1bdac0c37e493a2eebdbbb15f00f08c28b8e705e3e716bf2af665bc68
2cf89ef417f6b0f8317516b8bb197365cc7af0efa1944b368cffde3af97cee13
8e544a75d8025440fa0f20c7a1381e74755fa8fb35500d136e78405b7f5ef3d8
96c315edbd52971be2065a350cebc27a5fba4dec40b706cebb18351e9a2d35d1
d3eea6a013a5f2c76b48c9ae7f0036b143f7acf4d74b6606509ab3fb0bff910c
2b5324106d63eddc889846829e075ead27171741145657510fbc82c36c13f729
506d0e224b4ee201f06b90a465aa5dee50bed2db3d6f6724e7d9515abeda4fae
35de170dc5075d725b520960dbdb4b67f06f50406d85e1177c161368af907124
37dff4353c9205df31ba3472462fda50880d779b7a24215f9f4aac0dbd90e327
427442d8dca196ce6737bd9d05fc1cc09d28e2f38d39351ff6c040fe41b9400b
34d13b7f13ad60b11aca410a331eec9f91d11828de9eaa59d3c3f0a4a93ebe7b
ca2ae1ea8fc4ee883a245c8c862d5bc80803f6e11bf0b178dee6b794f63b9db6
c523e2457ffa7b818950f123c1a8b54f0e4c9da3bd84449dd2056c649c2b84c1
bb3696a54e3f97f54baed3690c4418b211052e1a9294952ed9e90bfcb5967c7c
8a21dae80653f778a753defd518717e121c3c9e19277b01477fc348c71c3c69c
4ef40c6efbbef7b8bf448aa59f65377506a27c87562da8d6ec0e2ec2b654a0f2
743a3a0a9e9892c51408f7f83f7ae4e5035d38ec0dd7268010a821325a5ab68a
07fec6caa3db87c57a5a41b5bd424a820a824dd427e799a1cda2523fb56046a0
42a9f4399c862a9ad31399e7160c90b91d4507cc38da90a80b68f2ff0482e562
a996d1eb558e9a487d2a60d76cafd00ae6a9dcbd94df716ace02b4893fdecca3
6d9d47e4fc09dd5d10386269ba64f08cca99914ee1ea8ec4953ba906e4e6ece1
ea23b5ed0da6ebb6dc90eb1fa2e5951edbf48555b5a7622ded42c5ee630c56a3
1f3b5be93c06d5a8e5d94116294a1bd711d8688126765dfb7ee080c41f92fbb5
298c820113797a60bd19ce6e4cbab5141ebc88cd5e5ec08dbe47d521cc7f5d9d
1c59c8daf373c112a55c90b9ab35176de660f9ebb39e5167d7387b7a6bd18a1b
831a1dd0bf069776987db729243fc29f5b45698542195b5d08c084a259f7f206
186e797ad72453e4490a63e38022d48ce30b4516db2ed12727dfee0425684ea1
ddc1b2c1d484e30556ca560114a123d1e550f7a6e035cbcec5c8a06fcae65935
78f0c413b223100dd826bc79f8ec414df59a58cfd45b9ece44cba6e5496a3332
4bf8c2454c79b50819d733908fb5e4a03cc910be1a82cf4535083a02ce228e4f
03f858d4cd9e50564db2b0441084f54514a7606e4ab57a34b2b6ab1edddafb2c
77156a5b6fab0eb0862139b52718f6d483f3d67479989b3d7de4e209773c2a73
2dcb9c233dbe71e7bafec3c2121096fa55de500d424b47b85c1260cde951a2a4
069c0f4b6de025a1c48e1a8334fafb084befa0bcb95ad4408732b4655ec03990
2cc743ad5c9173c6a9ccf325e5503740cf52cf525217f9d1f1ca4a88d2b7b5df
3dec7a7bc891b39848b726b51d2404455b481eb409f4642b4097495a1bd9e5f6
62ef5df3ac49ababb317641ece3c8a4bb22a68ccae1238531471d923fd3e97c2
df290e5ec15555dec7457032a400fabaabe9a73f79c7ad96e0c7fe4e55db85db
c314782026b00ad239ed6027aeb3c286965f100eb3fbccd9afb0632c69ec6ba6
cd108f8d669271133dd98d1e8fa56a8657a73fe60ec8f5209b31d5f979d9c9c1
709b787c36e539bb2c5b84b9c40ce3ca79c981135033510b89c228ed52fc31d9
369e208f508e764bed8e07dd0f63c61fb0621619698f228b864d398271fc8ead
2c0d14f419accaea9034d59e71af41871431d2667ab0bf311cb4f17788d052f5
9b2be89818fb615cd08437812265ad19d145b7b5c14634b43d0f8dba293607a6
c6d46bbbfedb93dc6bf1d982a71ddd250f9a7e985d52191fead6e4a81807b9ed
60ce50af5d0f7a8d2ef3446cc2a9c83bf65dbb69dc2d769a376758b564eecf95
082fb1083fea0f91d77574addaeaa8e7ab287f3f4c54e35919b066b9222f314f
20e205d459703f2334df94234d9c442003c0e740a764706b32a374ac5af0a268
ca0a49679cf581e21ccc0f14dfab7617856523f3b49ded876750a2a34da88c88
15b329eff8afa2ddf6252b222ab5d60c01e3273d0dae660bf2f199179b84fdfe
8811a56af2c26f013d6da5424934ab1ed001302d10f8fb65ea0861858d352727
8e4dcbe36631ab0136ce708f08fd2a2555f5196a901cf57d90ff5ba0afb4d9f5
2a7d1c1bbe4c8f667fdfe9ac0d6013047457641e8137f3126191a0ca9eb08b65
77298e4d275c3b9e29f4ee83643d13498e166757c138a8208115a9a4fd4b4a96
365e5b6d846ae1e038ecf6f914d628bc5908c9a34146351649cb5888af25e951
50b2659bf1bdff98e446da38a985abd0f2a5616aaae68a1f5542e7ad1c9bc307
57f27d9daac27996fa303bb09f1bb7a09f8bef412beade187bc50b6db6369efe
a634cacf380774e21444ae2036b1ec4b93d1387771cb34af559c66b99a535281
af6b26ee1752a966c0c078aae617619d03102ce6709613d1de41beb31f433e9a
73e50b086081be79c2da708e551a0b41721a86f9d333e1de24807c67a743db06
843b1a978e5b10635bbd1807cad4484edd5390e98d51cce14a6db915fcfa6d0b
0202908893afe0fdd8ac407ba82994eea5517ec331c34c0c42b6b4fba869a9f9
9f56b09779a5ce40d66b773a51ccfd4954d0fa9e7d18406b9d0e5f85c8bb3b50
835964c86f7f43aabf541f5555fdc65c90f0bcc713feb56e1ef45ae89f599e27
f71d2c5bd2c9166612860c521259aa2cd1dbf64ebf8e001e3310dc0631790e84
9ccf3d7d1dcb6801e5a538b7819d4a32ed28511dc8a3bf3f132148b5e7287186
5863f4c9d9da2f8c0eec2776f87b9617592b041cca794f1e9b363dee6265270b
b6ffdecaf111e48ba3e27add94d81517936e5485afcf09fdc2c7f7678b63cbcf
9a3ed17a2ae6e086d0787395a7b21e4be371f17c6cd53fb8620608d1b4fda989
da9609a10c0a5e700cbac0ffc0435c47cc6ad46d412e2d7a0e64630ced7bc483
faa53709ba8e9df68df3f7505bf3f45039197da5f4d86e819daa669132825a6b
3d59c73698970f9aca903f87113fc545c36e5c375a8d0b0f87ed989106c208b3
82a12f950b5be434e7653dd0ca424aab00edcfe7f8804e5ec23593c0d984dee0
0a444e9c358bff0dff6f5ab4b6c2a5f0b2a0e01363e04ed870ff3b0def9e46a9
ebe0f57ed883e2872d1de34a7814c36ef7abc07af270d3c8e6b03fd0354f245e
40e0ed409266e7580c9c3253d63add9ef2325fd9c1324a4a8ab81b3a9cf4e619
4a8662acef57ecb85c37cee03885fcc8ce5f936863eac76ae3d5c972f21470b3
f9a6d5f6d9524b63c2aef29ed62db8d73b3c8285466ab9cee3202de2573f29d4
c51949014396c2429e50f22c306004521de1b8759d68596aa5760ec9a1b076c9
5637c99ad07dd9e21c4a3f81fbb7da1b0f08eff7e9bca04324fbaa63d1d1d032
036e4b8f5e13574ce795db24c3e103e1a99b831fbd9d18c23e1af5e7c505ec6a
952bc31f40195cda6575094a1a2b1406f0a3261e8a128a333ab17081a5506696
218a90d5dcaec5b2040e47384c50fbb9014626ba1eb887b71dad6254201b4716

```
#### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
```

Creation Time	2019-04-16 23:25 (From ZIP - JS Based - Fake Error)
SHA256:
ea9f982908e76e5e109bd3409df961b02df62e6803f8cdf100fba769bae644ec

http://glampig.com/wp-includes/P_kD/
https://tripaxi.com/All/9f_0/
http://www.grondverzetjousma.nl/cgi-bin/Er_w/
http://csd-tat.org.ua/wp-includes/jm_F/
http://www.bunkyo-shiino.jp/i-bmail/J_J/

Creation Time	2019-04-16 20:47:00	(From ZIP - DOC Based - ENG - 365 Blue Box)
SHA256:
fe4a8684e394d3a64b1a0afca2c3ac729219daf27a3beea702fd4a602bc2d3bd

http://profhamidronagh.site/wp-admin/Z_Sb/
http://propulzija.hr/wp-includes/7_8/
http://puertasyaccesorios.com/vpdyo/ug_ce/
http://68.183.44.49/wp-includes/x2_D1/
http://kunnskapsfilm.no/wp-content/Ef_qx/

Creation Time	2019-04-16 20:47:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
4cd9345dd1254249a110a52a9e0ff426f116ff5a9f6f704e35624f539c1d6682
3828b5d43c9a954b999a9aec7777e8a36b97d8a00de5ac023fbcd09b210cb543
d335a1d0c38e751f9376bbe88c7b18ab19c9459773a6951740a6782676e3834c
7aa7308999172e41b2f9109451aeafc56d81448bc18db5d51db81010229d8a34
a93bcfdce2057b0ebe9083448fef9e688bd83acc47637a321cd0c979602ea46b
318647298c1370e2a454acf4afaed6bf692d1bd51759b4a7e0e78e925148f1a9
f4057cf66759a43716d9fa6733db73448df6fc66303df5616dcce6496b83b167
c13a1a14d4d6242dc109cb12a22fbe8c7ae413124a4565680914442991654418
dcdcd437e1bdaa7c72a0d4f407531a2ee9bb7e293597a31bf81723af3d88744a
4b1ccb75644b61d0f3c1df18a238066171bf3f3b8ffbdce21a963a032676bb61
da113158c502b1128ea80c1a110708a22c510dc5dcc88939b20d87c2994f5c5d
c15f1fb982d3fc148e978271a320738c0c2229cc602413725f9911e882320d68
4b3367b72bd0b923b3bc057fa85074689668c64e5fe13a92c0f79c0dd4fe5f4c
a39e96bb339abf98493d3ba90dcfa68795b464fa75de8ac6122d35c28da6a582

http://profhamidronagh.site/wp-admin/Z_Sb/
http://propulzija.hr/wp-includes/7_8/
http://puertasyaccesorios.com/vpdyo/ug_ce/
http://68.183.44.49/wp-includes/x2_D1/
http://kunnskapsfilm.no/wp-content/Ef_qx/


Creation Time	2019-04-16 14:01:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
3824b2db3b14d88a11d155d0894a6af22bedb3bc12a029f9563344208354aff6
4ced4812b1f40486c72355b6a48ae537e3c84e2d6f5554650b37a868f0de3dca
decaa7195ad06e14f1a4da94f13412a29fcdf27e81dba15a5c09a93b97774fed
592f18a5618411345b9289d49901ca51be043b37c0db9f44ec6cf7a0878c854f
8eba23049d725aabd84b63f8cd4b079c78f26cde6f7bb8be1d2477df0c0d5127
4f9800723d9da1abd4a9270d2ca1608a8540cbc15ddaa67f2b8a18aa2d75620a
2cc40e5dc84b380886936a767f4b3d85b106d07d5b8ded5c801b3f89cf744458
da4a32286266dd17ea5d32ffc84a609dc0dca94a3f8b94e5d58a52839ed6888f
ba6a531758251249e65857408bb45dc5b83ed784836f8e61a6071e8c07f43203
141e277b2165595334f404edd83397057b2a4ef8a52eb8edba79203f0aba44d9
e8a46a8b0686f80f2a59786232894b4a1b299ec8a0a1326a107deb5ee4e7cade
74e5b358656bfb8d6f7ffda1f3198fbb4d5eb75672a9cd5d3a9fabb85579d281
d23c284c7a89e62e538a87ffab54e740c2965bf50c6b064d8e222523b00a5df8
33eb8eed7c8660a54e9b99e8b8719fa1a83484d5ba41805f1767cd8605d28fa4
fa660e7b9ff937c7e5c479dc9cde90110956fb283453d09e1dfde4853b96296b
73f1bbe7eaf691c265f12e61318ace3927cdbb2df993cf3c41dabe5e2af63c46
e589de6290266dd08ba1b3db5a7013ab8a516a4883e698626e649500d96017db
ddeb8319f0d893eacae1f2b8c9c8682fa61e8e5c797fe6892a3d1bae415e482c
033fa72fe48a853b99e41ed7467c1ccc488d5abe69dff887b8a6b7b2c5a5452f
0402f6cb8f1dff310984f68f6762034210613fe9398808576e864edd3c8d2ed4
3a4b689a95d70548cd86ea5280a5ca10220d49290818cf48f5130858ff399b85
43b9f3e97a74d50fb3bebcffa45d31b8e11be138a835b17b39f75b8d0f47ca6e
84358589c5c4da1d6de5bfeffc000c5c296978651b29266fe2e9e01d724da80d
2424f686781cc0fb887ff5606a77f090dfe38b9539e94e0d5d55b20dcb212041
7fae139edf9512b5788f271e05878e6d556721b4eddd8f556096824c3b9bec69
86b8c8e286abf67f9d24c299751c3030fe5c9b78decf4e45b7bfa3e33bd47530
2ed21b6f970e524a249b93d09b67334949ca324aee4876ac7ee85cc49fb2605f
43db4a756fec642b0bea7df11b1a6140eadefd4e1dae5c46856a7a7290136e9f
0d6e79a1ce172fd964c9c98a3bc5a94cb5f901e7253f1c2ce14bf30c34747b2a
7147bcbc0854554068d051c589da76772d019dd8f1d56ee17b6ef90ba54c2706
56707b53b0da357109a664cae746c6e327aa2206e1b96fb6f8b72d63ead03a84
421d65c4273e99201dbeb562a20040c0ba642d08bfcf436d7404a3cdc6159b97
f9bb8d6760e5b9e15af4b87800fe6ad34fc9e22160b4110fb383021494316bff
020ed32f0c3de6a24817e3326fe676c4e07896c71f9474db5b9948847d8e2873
304a8542a85af048259d4d87cf12c686d4af0c4ecdbd85b2ec7ccd6ba4284db4
268a18a347b9cee9e084733341be033b6b6d185455f6f0c562b48ee0a073f341
a48ffa9e363406ee83047b77777a9b6dccdd9125be9c2ee1bbb47c3c91d84d54
ebbd8471022a4d525eb5bd3537e6a1688980bcd861300807f5c4a14ec7ea777f
7a8ac4c603faaee3e2d94f3faed810be8000ac4d4abee4475766ab9111fe67e0
afe69ae8dd0042e7879ea43357db5a68ba4000b25c87c0fc8c07e59af76d5556
3ccb6678664686700c24b1ce784154ef0c1aea9cd3ed71e2c33334da34c4699e

https://ortusbeauty.com/error/tQ_p/
http://mstreet.com.au/wp-includes/S_bZ/
http://www.2996316.com/wp-admin/Mh_Q8/
http://brianmonroney.com/wp-includes/Nb_eL/
http://dermosaglik.com.tr/store/B_B/

Creation Time	2019-04-16 07:52:00 (DOC Based - ENG - 365 Blue Box)
SHA256:
b19b42a507bba2d61499409842c38779e55d236333819ea7b1d37715197ddefd
cd9387ca69fa3aa30380f5e513313980b26805181f235dea5596a7d9b6c21c41
aea48fc08e1c0ee59879373c140af99229887fd6cc38f32308b4ffa4fe8bb8a8
9207ccab7195e7fcdf2f8f2359d1e7f70cd3e390d1936d5c1e9fb8eb7706b4fa
50c3e055e1b4d6030661152172eaa343d011851f2063710c553d6e0cf0c3961a
6280cad89edea53c8bd3f428396c3a736f6d67e6f8279026effbbc8f27c35035
f77752556433adc821036db89f24c19cc0178c68fbce62b8840b415f3916c4bd
6b97c15fe03cc783c2024efb1af99f4efd0285dd6db1a039146ac70e5546d8dd
fa400b786e207ecbbafdbeaf3a1f29474349ae07f9f48d7cfddd82ab6cbe1c2a
05e9d6de0d75faf602a7666ff6287e1e9ee367d57d2abaeac780e14325833dca
48c513176b0c56e199f567a5fc4309950fc2a2c9f09365dfa7d879c94d57be8b
1cd4838d70243d77d4f63659bc4c33b9aa6800452cef0e667332a38864ba5903
ffe5d7b793cf24273b121e66b4330220dfecf69161f27f76b2963224e0f81b95
714cb052a43db82cd36d3b516b30ce2ed91bb5a3041c2721a8cc04d4060429bf
eaebef573b834cac77673e625c36f4e363a94a294e37a18e68547a3b19308fdb
97527232dd3b2eb16f5e3a733698d5553e27350e942cc1204d01d092593d0442
4b0b5308fb38ecdeabe8a66f90d7aff89421a50542242631785e34c790b7ecd3
90c260b2469174d1c60fca12bc1a31728a1219a71c5f27a5b1cf21db2271f123
bdf2f945cfaa821212c3034f5f0f004f8a4c3e26896d4431bb6ee0503e320edf
71b696cc8e23ef1790e3031aac1d7ffda5f86934daaf02eaeacfca3ef0d120ab
b70d5b42a0a99c878e2574211787d2eb84d7f521ee4f00cb27cf991e9953bb1a
c40f3f595365f71600c24ebe5c2fd245bb7584364c4b2f3f294e1dfe675891bc
de95a51d1056dab1f56d407447c1028fd989fd0aa4ff8aab109f93117bc7c258
8b2e31f213e477b8aeff65543a207f53ac3da135da361abc3425bd80aa527b82
8e1ae3481b107ad9d44bc777e0659b83df90cbf033a42319652794f31ef9e7df
0c42ff307f9831e057e019051253081abc1001fd290feb13f5467ce2c4ad435a
e0bf4c6aeb567130478fd998b9bb45ca8ce6d76520107e2088d4c6cdcbff90c8
4bc166844cb1664ab531fc61f6f88dbf15f408994da6d6c25377783a7e6a4dce
1073385d94089c725063ce1a488c157293e6aa8cd6574597042ad5d5f9f6004c
eb68fdf25e93c5d896e8b7f3d1216c20545cf2f3b3ecac3c850d4d48dcc853de
eed6f275e9b31e7e912be3ba57a0d8799f11dbedf86eb7f757cde8e0cb9df5b6
ce8b8cb33a12a3007af72c5c98d51771d9d042578da19a92d4d64c841a62d221
299f9e99a803e097d036ecae93a4ef0946450073d752137033bd56843639b93f
a98f3b7c60b12dd81f190b67c0b42dfc7ab23d10a4ef3cdceb43625dd9ff6133
cf34076fe15384682ff04d5a15a94d36af4ff3dee94d651c33c4b4c60731ed88
920f9071bcf679dceef7bd0458c634ce84aabeac51092b5eaddd9e2c08ab57ce
2e2013f99dced3568008d8ed090e078180ebecf4ba1018d783620e6038536d4b

http://119.28.135.130/wordpress/l_Cf/
http://159.65.161.169/auz3rm2/9_pH/
http://djjermedia.com/cgi-bin/ng_nW/
https://sovintage.vn/wp-content/hl_KK/
https://www.itecwh.com.ng/wp-admin/2_B/

Creation Time	2019-04-12(16?) 08:45 (JS Based - Fake Error)
SHA256:
ce8b8cb33a12a3007af72c5c98d51771d9d042578da19a92d4d64c841a62d221

http://1roof.ltd.uk/creationmaintenance.co.uk/FC_W/
http://bathontv.co.uk/wp-admin/7_2Y/
http://kellydarke.com/wp-content/9_NR/
http://khaiy.com/cgi-bin/i_T/
http://jmseguros.com/loggers/i9_4P/

Creation Time	2019-04-16 00:00 (JS Based - Fake Error)
SHA256:
e328f1a48cce3e9220c38d847ccea9f81b6135d120bd76b224c4be21405f700e

http://indushandicrafts.com/wp-includes/V7_f0/
https://swbproject.com/wp-admin/jj_y/
http://www.theamericannik.com/leggiwp/oX_Q/
http://yonderapps.tk/cgi-bin/i_bK/
http://gioo.co/wp-admin/4_W/

```
#### SHA256s for Epoch 2 Payload EXEs seen on 04/16/19 ####
```

03f71deb268b05b6dc853ecc986c5084237961ccfee6daa07895284e422de3f7
052aeb606deb11f54a91cacae706defb8ffb761c8d9eae7be46852daf6c7c732
c1fb0eceaab0ce12e69f4ad1d507fdeb4938c035c34569cf6853f3a5a01d72e5
aff2d37cdb45c394c0df4b893f5c15a6881373ae6041351cc6f1f90ab478835d
f9854bfb3400f9676458b997d9fa9c1c6624d44752eb041eff5cdab1f00ec4a5
cc3b051ac802a513cfa2d33ad48a1974ad5e18e96fcc06f96512ac48660e667e
8827dc4d23f77a280e8ac0bde3af229d16e7b5c82dd46723ab261f43675026e1
3049ff6746948499a199ddc7b62bbeaabe7480e6399c06701b8b973c73aa1082
027af02d8d9bd39ebf2c2a6a743b9169006b8dfc03d12b8ccd1b76a04da5ee41
46680a18009fe527695f7f44ab95c8cc94a7b9682631a6676f9fdc7b4d0afca7
0129fbf661a7075a3427a0220a129023182bea09a8c31182f183f0a69446d429
515fbe6706fa528322b59ab300be59800d85a280d453d92f920435498ed7c3f2
2bbee1ccdd653407fe9a0b04756bb47a8ccbc57de565fb903d58c4211f659382
36c85aa96e1c5faccec2c07418a81137ce1b95abce60842b1219a9ede6a0463f
06625d78cfb13b3141589ed97db4e62aba221befd9fcf13770ae99d4ca85553b
f1f5e600d005eb0e7f4460373b48681c8c794d04eef6571f7c19e235daebb181
19ae551563cf61fa759726725a073a35361caa3f58364de5570fadfc63857877
5bd8a3abcc73b047bb6d1ca4730b60a0d6c34c245edc6d65c427014e5161315c
b9946c697a5309b216a9e13d29c1a97e7172c5971ef174bdbb22fd97fdbfcec5
67ca7241a9f79e4c3decb2c5e6caffd6a2d3a64bd29e3325f22c648683b6ee09
01613e4009813b9c524e3a1c4b14ba35a5e1b382d0de721d0c627d9a20c4af28
62a55e0c1424b25c786a7d58c7a12c10516d2903ec3e547d648526925d968be9
d311c24d74572a791025133751fe4128acece91f5a9853bcc5b02e97e8380efc
97cd9d5f273243e6ee208dc650cf1252fe5ff89fc2b5cb3fa8ef7b2502fc4453
cdfac177709cc81517a1b9964d7d200a6c4330ee8630fbe2d8a4a1eb2565c0e1
affa8e6848b44eb3884c75959df4c6ef78d33755959dfb527ed5004d6dd32040
737ed0036fb9868c543700a252f0fc8ff039507342da9f904d412feb17e804e6
778d100b16d9e7bbb3268e22b725aa6a96fe43e8d2d325d542f9bc3c63335650
9fd0bddf30f90a961fadc42e85d1d8fcd0a73c86227385362e4ffb69e80c843e
d9a01eb71cf5e76401c18408f317327caadd4c7bb359664b8b74c13ed3630588
29ae193362eed417862efce6af34ee3bfcd6d3e65f0278aff6a7bf277861b042
2d8637e6f982f124983d1e8f79406dd57be80104fb528681f0271cf85bc9e452
57f8a1c36878bcf26af5cf9b31032331f3832a06bdd22965ee69a0f1781c85d8
039f86bb2391cc291f00a36c72f2c9ec80ccfb3bdb079fab44a126a4aab33d7b
02fb2cbdc813ec61406dd27334178e978afaf6f2689ce45d7e6cf60b03d98c65
0bcd61307f1fe9c296b66a2445477c01ec15dc261b810f7ef523291552bc2bfd
754d4b9633a22ce6d29e782808ce6dc068c4413703b0800afaff2a4a3da98889
cbe2094125606d2c0b42609d4c676c449dd88e04d21bf14b9452b81a17d9bfb5
3adb68da5760b96c48d8a1466373b7a16eae755d5a6741193671014179ffd038
95f2590a641d29927af87e7957c9fe4ea7278d0edaaf8cc68a983171b82b56c8
89836130575a08545814c0b452b7dfa45276a2a30dd492798c0260b1a858b8bd
ba7af82a55fe3fe9116f94e5b45e5315f61c1e641d9a8c88428cc424553c3a21
1b1a0b182091c4e62a7bbea5b8b6fa43bd81a954bf1e39966a3eb84a693d28a7
b6b43bd1dd8dea59cbcd04453a06d3e0b635468f8775f3bb75a830012ab07cb6
b202d6ebb884e88363c6cd655658ad4ccae5df8e5eb11b9f11f43deddd0d8f1a
40ea19cb9887d7dfd58067b8c53ed0835a4d8f44f320c74bc8cf59773647e490
5a88abd439bfe2e1154e687a23e948c522a8001eb03625a13e5d49323cc37e6c
c814243c9a8f730dd65d2a892eea0f077e3dce1d951c25d257d1942fc8ea319d
42102f109a10b144c132b3cdfb44eb66c9a94b3427878735d39c29e9bab46e95
84bf37868d4be64e87d3cd8aca4ad69b50d34636cfe17580da2e124c7416b1e3
2635d77b24b07fac7deccce78fb3dcc4a8bff3708ced632d8f249b7780dd6aac
2277d05292bbf28305b4bc7745ed6b5c33918216391ea529278bdff0430cb810
52471c78be0854668647417e837f31786e9ab7b96b84c9b1e749cc07fdb8761a
b71a0c576022a78848595f230655e2671ba4aa2332878b36d660173d4d86f635
fc09d28443b344887a1050eb4fde2f64d841c1895ae1ed2b4b4a56dbac81d4be
109e48b2870b4aad574a186bf09a5de5f669abf8fa45b928a7dcc8e2a33bdf56
f980f97fe16b53c5314023ca44b9a0fb26ab5c74ba36db1ab80b0993d53494de
1a190ad86e0c767ac9a4c6d97f5ce43dc44820daba64300b3ebc1ed97ece4563
0f8a7610a53424756604d82cc8e8207473bb4bec82011ff1a3e6b8e85e7087dd
b25371ee3fbe0470fe34a575da62f1037fccf9ec7b1829d015f8ff6db61ac390
5bcb3b07f847c5e537c2d6ff79f977b13a0da477182792bbc098184af6081197
0d5caee37f741e52747b39d4bdf290ea9c1345ab186217fe2508066fd75eb54b
f5a6ea409174a190a1f26a6b629075016e0a0392afa017eb5f6e8c86ad28a55f
707458a78c3496fcd2f85b357a49cc4663f6dbe8cead662b434d347d0dc6645b
c4c49c07fbe17034954cf16db089b3757c0b05517e15737bfbcb18d1c73a4582
822794b9e0379736447f02974e557914c5ba66236c70607a9fdec83b33e6750a
6cb28b9713a0eac3c33bbd8908af5232fdd005f37aef5273b34e97d496b8ea40
1756dca29036040e15e172b8f0acd0b43034b0c2b36ebd9359643e2b1fc0fd81
28af9d9a3be71623d0094d2f0fcd40086c7c41c3ac7a6f8124ab79a36cc54450
6bf96b15dd77bd7250b402599f43235d42b160551003886a289d4859bb545865
9fbbf195eff40f00ab7c5e5e436387f98ed52b7060ce4792991d745c3ddb023e
0d4253ab8c5dfd83ea77a7f100ed18354bb8c4b8b194bf8fed9a2119643c1aaa
0a86ffa10e35bae1332020fef326cc1ff914a92450c4d19d2a65a4670495f8ee
0a294eebb49d31ab6605e491d75b76a4fdcfb7f49d87b7032580c57cc08ef886
71a82a9b0a287af3f79e7104db0b24465afde0c2a81daa79384222dfea20e84b
7634b9b846de29bd5d07b6fe0a361ae16bc8d230e068933840a0312f6641d6bb
3bcc18243283bb9df2533beeb0de9b797c8d66b88f5a111b174e215dbdca0d31
f19a7823a6ed66c3f9322424ae40cb079a7e5c2316843f18f5941baa8392ea52
2db83a2be2405afb0d697a0af580fe1b847fa42c36042c1824e204205febfd69
f0c413ded906e2133d07d1915197a99afb85f0daa459143841c6541e729e62c4
2ae8d3be69e087fe57f36deb7930bc15a9bc142115d079d310773346e550a1b2
febe539553c57f21693325889226b951d036cb690404c097fa90966ccdac1a55
a158b780911b29f1e3293170661f1485df386773f513170ef4288d3c1ca10cd9
54cc0a1c18b653e6077ca07f45ff8cbd0ce3302ef73a14d7d02b0b28df10b712
ef70123a59a9f330d8eb01e29231337346c2e92a76871c0030d53d2ca088df3c
c4d205202ec78b7807d68c8154bd5b7d68fbef8a5f42190c43fa2ab3c6836edc
8aee4d464ac8eacdf7bb5d349ccfefb69fe1369ac5a74d6bcc0291df49470240
ca923df47f45169a0d1e27b74a998b02e6e70fd98a1cb2a2780a0fc32deb530c
a9b7ec353a609d775b8043acefd505383b64fe7b3bae73f3ea01cae2aaa07eb7
872fa5a78c6cc7a3924369996f7cd5b5da7ba9e73004e82a3706d7510b6f81d7
9a26ca6ac1faba738f5b34378d9afe6e80bc005e6ad8346b52f7092b9a6dcb98
80ebefbdf118335f0c8641325e34a0b1ab9a71aa8381235a0135525c2eaf4fba
32db5dee7fe0f8bc8112e84fea172ddc9f0cf5d31b6a95fa65bdfe8c0288ef25
3e2dbbde9fd62901c9984d22b885d1749fb7249cf0b8ae8f3532c564b553f4c4
053f9910b3816711dbb8d215fc78d063f38268747e244737ebfe3307fbfd5691
70f069688be916f9b579d834bd4fb0bdb842d1143b59cf6af823b752ea52f3cb
147a959123fc622f04600d3c32fed2a5a7bf0379467d22023bae0f5effeba47d
126b5323096bebb47f3c9cc37e67e9f4fab5e114d3d0356e40182486d9402379
36b3909e337c4b33b0c1f9393e974bcd97006e6e3eaf21f286dadf4ae1d3b432
72eff4fc6aad89ee284f0cf88cb5f6d86a7a3550e5a9808a1162785ed3b64eba
03d29fbfca15c9a6fc6d9825eee5670e7d2461b3cac2c681aa63d26f27cb7864
f2244958302e0189537e294c053837b9c71a67702343100d885afee2db2a4463
9bd638e406de208d4fb45ade32cff16f68003114503cbe99fa674b437b1ca148
26aedaad081530c2ad5fc9d0fe670554c429e6b7be2aa362e6a1843c18d63389
7d62663cd4c2660fb4b83e731f6856b50488529cf4ab57d801eb84f822e99b15
935d1ce14b2164aca8315b02725f2a5e8e9295093455479e8d78471dde6608d9
aea2ec897c70d4dd9535ba343177e43a0756773fb9bd4bc75fd1bc2648a5b35a
4c0f839edf44e7f209386b5d95a1f313e39743f1e62249e2251a098916cd0123
e26fdc311b032c558e02483852d9de2218bc3785cb123d01348758494d131967
f67f3cf4da86da2c2179a4288254d64c8c063bd307ad09eb457f9ddab0a38206
1cd31d98e9e952c9060c243242b4360d4eab256de63dd0780d23d5489d9b813f
751a506d84aa32646cdf95e0557f284597594575d2ee965ccd120aa2deb7d3b7
4da116ed48b57d58f26e7a1b9f2de66725b2f13c2bba296a247b2acde9a29e1e
6bdf49b06729f7c429c09945def7784f8f685cb9738f65142bdfff3c6a245362
38d49364f0780d362beaf850084b6bd07ab3fd5bd774e85f3f8cda2caf23e237
f51498d920b5becb0bb4f5bc1573d9b70ee52b418b6c1dfc17d5db49c0b55c8a
ccf7074a0e3298cc918823e0cfbbce4d14478bb0737de47e0ff5f2267b09d724
e6bb58bac1961fcc560a049aa187abd419ef734c3cf82882e005471b7a7080b7
051b13761bb3d51cb77f5b20ba0dd961a711d88cf37368db004229c3a72841da
fbd09b0121746e7e701dacb342e74c0a8d424928a4252e01799056ca6466b60d
abac43d4a5fdc401b842b3f454e90e9741273cb49accb941717e94db0df1f09d
a7c0e1254718aa7f47954cfd38102243f5581c7e926f09183515f64fcf98f5c0
4e3a6d1bc491131edafd33f9c55061d895142830e3664d2fc7556e3f4edc642f
13b570493f9b5daf891d969bf76515c7a01e367972125d0a5eb03ebfd0cbcebf
0438116933b9ade29c27ea553ac16cb310704b83ea8b25d4e55afdc8c52c8208
5197d647a11bf009157ac28a6f660d8e18389124a36e2028b392ae919b5adf30
f5f33de3ca2bf6ae3d3f7676c1ed18aa75ffdd77226864204be8381baec534ec
88140919676b2a13b24cbe2e87745593de70fd866b57b51b46b8da5194eb5b6f
7debcd9d1cece308430f6d42800a1bd11d011816a88dac668e4637f9ef9bc6e9
3cae7c0c13a45fc77312bb36c7d8b2db20f84e737254461362aadb4c7420a25e


```
#### Epoch 1 C2s ####
```

107.159.94.183:8080
109.104.79.48:8080
109.73.52.242:8080
136.49.87.106:80
138.68.139.199:443
139.59.19.157:80
144.76.117.247:8080
154.120.228.126:8080
165.227.213.173:8080
175.107.200.27:443
176.58.93.123:8080
179.62.249.189:80
181.29.101.13:80
181.29.186.65:80
181.30.126.66:80
181.37.126.2:80
185.86.148.222:8080
186.139.160.193:8080
187.188.166.192:80
189.205.185.71:465
189.225.119.52:990
190.117.206.153:443
190.147.116.32:21
190.192.113.159:21
192.155.90.90:7080
192.163.199.254:8080
196.6.112.70:443
197.248.67.226:8080
200.107.105.16:465
200.114.142.40:8080
200.28.131.215:443
200.90.201.77:80
210.2.86.72:8080
213.172.88.13:80
219.94.254.93:8080
23.254.203.51:8080
43.229.62.186:8080
45.118.216.70:80
45.33.35.103:8080
5.9.128.163:8080
51.255.50.164:8080
62.75.143.100:7080
65.49.60.163:443
66.209.69.165:443
66.228.45.129:8080
67.241.81.253:8443
69.163.33.82:8080
72.47.248.48:8080
77.44.16.54:465
82.226.163.9:80
88.215.2.29:80
89.211.193.18:80
91.205.215.57:7080
92.48.118.27:8080
99.243.127.236:80

```
#### Epoch 1 - Spam/Stealer C2s ####
```

31.172.86.183:8080
104.236.185.25:8080
50.116.63.9:7080

```
#### Current Epoch 1 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB

```
#### Epoch 2 C2s ####
```

105.226.106.253:990
114.89.61.151:8443
124.253.18.48:22
125.99.193.119:8080
133.242.156.30:7080
136.243.117.85:8080
138.201.140.110:8080
147.135.210.39:8080
162.243.125.212:8080
165.255.52.192:80
167.114.210.191:8080
173.255.196.209:8080
173.255.250.241:443
174.93.130.148:8443
175.100.138.82:22
177.242.214.30:80
178.62.37.188:443
180.150.87.75:22
181.39.51.243:993
186.4.234.27:443
187.189.195.208:8443
2.50.24.70:53
2.50.52.255:20
201.220.152.101:80
201.248.5.197:80
202.133.72.136:443
208.78.100.202:8080
211.63.71.72:8080
216.98.148.156:8080
217.13.106.160:7080
31.14.240.162:8090
31.163.99.231:80
37.208.39.170:7080
39.45.43.5:995
45.118.24.74:50000
45.123.3.54:443
45.33.49.124:443
5.230.147.179:8080
50.31.0.160:8080
62.75.187.192:8080
64.13.225.150:8080
67.205.149.117:443
69.198.17.7:8080
69.45.19.145:8080
71.78.158.190:80
77.56.253.112:80
78.100.187.118:80
78.149.210.116:22
78.186.5.109:443
82.0.19.40:80
83.222.124.62:8080
85.104.59.244:20
87.106.139.101:8080
87.106.210.123:80
91.205.215.66:8080
91.99.197.161:53
94.130.35.140:443
94.76.200.114:8080
95.128.43.213:8080


```
#### Epoch 2 - Spam/Stealer C2s ####
```

198.58.114.91:4143
213.136.86.219:7080
91.205.215.10:7080

```
#### Current Epoch 2 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB

```
#### Credits and Notes Section ####
```

WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen

NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.

```
#### What is Epoch 1 and Epoch 2? ####
```

What is Epoch 1 and Epoch 2? (updated 03/07/2019)

I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
time period.
Here are some observations I have noted since I have been watching these botnets:

- Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
being delivered in maldocs on Epoch 2 at any one time.
- Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
- Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
- On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
Monday morning/Sunday night.
- Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
Epoch 2 may have a document hosted on host.tld/B.
- The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
- Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
*- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
- Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
- C2s are never shared between Epochs/Botnets.
- Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
via C2 to stay ahead of AV defs.
- Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
- Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
- The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
- Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
spam template, word template, document type and even payload.

If I think of anything else to add or if anyone else has any suggestions, I will add them here.

```
#### Community Lists ####
```

https://twitter.com/jcarndt/status/1118148395280076802 - @jcarndt
https://pastebin.com/TwNY1xaL - @lazyactivist192
https://twitter.com/58_158_177_102/status/1118065938899668992 - @58_158_177_102
https://pastebin.com/yvSF7bGv - @pollo290987

```
#### Credits ####
```
(OC from @JRoosen and/or combination work of the following)

Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
@0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey,
@Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk

C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
@devnullnoop, @gorimpthon, @Racco42, @Jan0fficial

Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
@pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
@papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman

Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt

Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
helping out with this!

Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
@digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch,
@urlscanio and @Virustotal for providing services/software no charge to this cause!

```
#### Daily Log 04-16-19 ####
```

General News:

Yet another first today with logographic Traditional Chinese character malspam now being reported. Also logs of URLs once again
being seen on both botnets. Also, Operation Zipper Stuck (Hash busted zips containing .js or .doc files) was again seen on E2
but not on E1 yet.

James Quinn - @lazyactivist192 - publicly released more prebuilt import tables for emotet exes here:
https://pastebin.com/TwNY1xaL

@prsecurity_ also shared his method for bypassing some of the checks to get the RSA Public Key out of Emotet EXEs:

https://twitter.com/prsecurity_/status/1118251576035106816
https://twitter.com/prsecurity_/status/1118345647592288256

Reminder:
Roman at @abuse_ch/URLHaus released some helpful mitigation recommendations and @clamav signatures for Emotet in this
twitter post this morning:
https://twitter.com/abuse_ch/status/1117743482511273984

https://feodotracker.abuse.ch/mitigate/

http://urlhaus.abuse.ch/api/#clamav

Email Template Report:

I did receive 2 malspams today but 1 was very old from last month and likely a delayed send or a forward. The other was a simple
invoice type template with some newish wording. This is what it was below:

______________________
Good Day all,


=0DYou had a Question about the invoice process. Please see invoice below.=
=0DInvoices sent through email, get approved and sent to accounting dept fo=
r payment. It depends how you are set up in our system.

http://www.2190123.com/wp-admin/OizK-3Cvi4TuLwTgsym_NBQNZmZZN-V3W/


=0DBest Regards,


(Last, First name of spoofed)=0DPhone (800)-611-9408 x9598=0DFacsimile: 929-015-9840=0DPH=
ONE#:  929-015-9839=0DMail:Spoofed email


=0DIf you have any queries relating to the attached document please contact=
 the accounts department.

_____________________

Nothing super special here. same old crappy fake signature and spoofed names.

The major news of the day was the logographic Traditional Chinese Malspam
this morning. Here are some of the posts concerning this:

https://twitter.com/58_158_177_102/status/1118010805956382721
https://twitter.com/devnullnoop/status/1118109695825383428


Unfortunately I do not have any copies of the templates but it seemed to have been aimed at Taiwan according to Twitter.

Also more Japanese logographic malspam was seen:
https://twitter.com/papa_anniekey/status/1118068295112937472
https://twitter.com/58_158_177_102/status/1118065938899668992
https://twitter.com/papa_anniekey/status/1118194979963170816

Review:
What we know about the threaded templates:(changes are marked with *)

- Emails are sourced from once (or still) compromised users all over the world.
*- Emotet injects a reply into a real email conversation thread between the compromised party and another party that replied
to the compromised party on or before Nov 2018 until at least January 2019. (may be up to present) Also have seen emails going
back as far as June 2018.
- Now on E1 and E2.
- Now seeing German based templates that are essentially the same thing but in German.
*- The injected reply is usually prefaced with the following:
"Attached is your confidential docs."
*"Attached please find the wire transfer form."
- Both attached and link based delivery of the maldocs/ZIP/JS have been observed.
*- Attachments seem to be in the filename format of *_April_DD_YYYY.doc/js so far.
- The link is customized for the display text of the link to show the real domain of the spoofed organization.
- These templates are pretty limited in run and not very numerous.

So when I said "be prepared for changes", I meant it. We could see the above change quickly.

Link Regex Report:

Regex directory patterns - Same as Monday.

E1 and E2 - https?:\/\/.+?\/([A-Za-z0-9]{4,5})-([A-Za-z0-9]{14,16})_([A-Za-z0-9]{8,9})-([A-Za-z0-9]{2,3})\/
E2 -https?:\/\/.+?\/([a-z0-9]{4,7})-([a-z0-9]{5,7})-([a-z0-9]{4,7})\/

E1 is still slowly change over to the old favorite of \/([DdeEnN_]{2,5})\/([0-49\-]){6,7}\/ but we had a twist this time.

The German variants this morning had some additional wording before the date such as:
/vertrauen/2019-04/
/Frage/2019-04/
/vertrauen/201904/
/nachpr/2019-04/
/Nachprufung/2019-04/
/sichern/042019/
/sich/2019-04/

Therefore I upgraded the Regex to:
\/(Frage|Nachprufung|nachpr|sich|sichern|vertrauen|([DdeEnN_]{2,5}))\/([0-49\-]){6,7}\/

You can of course change the group at the end to ([0-9\-]){6,7} if you wanted to keep this in place for May and beyond.

Payloads Report:

E1 had 4 quintets and started as direct JS but then moved to all DOCs and that is where it is still tonight.
Mostly links again for stage 2 downloads but some attachments.

E1 binaries have stopped updating on distro directories and seem to be suck as of 16:45UTC until current with the following hash:
42d5b442bcba882b9b67d483d983812918c8f16bf244617e5125e54ed39c45b4

E2 had 4-5 quintets with .js files this morning and transitioned to .doc files. Then in the evening around 19:00 into .ZIP/DOCs
and then quickly to .ZIP/JS files. Then Operation Zipper Stuck went into full bore with hash busted zips.

E2 binaries have stopped updating on distro directories and seem to be suck as of 16:45UTC until current with the following hash:
c1fb0eceaab0ce12e69f4ad1d507fdeb4938c035c34569cf6853f3a5a01d72e5

C2 Report:

C2s did NOT change for E1 and remained at 55 combos in total. - recorded above
C2s did NOT change for E2 and remained at 59 combos in total. - recorded above

This is likely because of the binary/exe snafu in distro. Ivan did an oopsie.

Closing:

Now it is malspam in English/German/French/Spanish(occasional Italian) as well as Logographic Chinese and Japanese! Malspam rates
are low though and where I used to get 100s a week, I am down to a dozen. Fine by me but it seems like all this customization and
special targeting has really cut down on the malspam. Hard to believe this is really effective for them with the improper grammar
and other nonsense that is reported in these new templates. Time will tell of course.

Tomorrow I may not make a report because I will be busy in the evening. I may have time to make an abbreviated report.

```
#### Sandbox 04/16/19 ####
(all with fakenet and MITM unless spam/secondary infection)
```

Epoch 1 C2 run on 2019-04-17 at 01:30 UTC - https://cape.contextis.com/analysis/67358/

```

```

Epoch 2 C2 run on 2019-04-17 at 01:30 UTC - https://cape.contextis.com/analysis/67359/

```