Emotet Malware IoCs 2019/04/02

1. ## Emotet Malware Document links/IOCs for 04/02/19 as of 04/03/19 01:45 EDT ##
2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
3.  
4.  
5. #### Epoch 1 Document/Downloader links seen for 04/02/19 ####
6. ```
7.  
8. http://165.227.140.241/wp-snapshots/secure.myaccount.send.net/
9. http://3546.com.tw/images/trust.myaccount.resourses.net/
10. http://a2aluminio.com.br/benchmark-master/verif.myacc.docs.com/
11. http://aapdasia.com/wp-content/verif.myacc.send.biz/
12. http://acosalpha.com.br/wp-content/sec.myaccount.docs.biz/
13. http://adilabtech.com/newweb/verif.myaccount.resourses.net/
14. http://akppservis30.ru/l3stwbb/secure.myaccount.docs.com/
15. http://alexanderdeiser.com/artshop/secure.myacc.docs.com/
16. http://altaredspaces.org/szo1ygc/sec.accs.docs.biz/
17. http://altop10.com/wp-includes/trust.accs.docs.biz/
18. http://antara.jp/sp/sec.myacc.send.com/
19. http://aptstudio.com/map/trust.myaccount.resourses.biz/
20. http://arezzonair.it/modules/sec.myaccount.resourses.com/
21. http://artera.lt/uploads/secure.accounts.docs.com/
22. http://aspbuero.de/aspnet_client/trust.accounts.resourses.net/
23. http://attitudemakers.com/wp-includes/trust.accounts.resourses.com/
24. http://autoparteslasheras.com.ar/css/verif.myacc.docs.biz/
25. http://axesrus.com/css/secure.accounts.docs.com/
26. http://bbmaa.com/_vti_pvt/verif.myacc.docs.biz/
27. http://bcp-industry.be/vcnju/verif.accs.send.net/
28. http://bee-z-art.ch/tlbx/trust.myaccount.resourses.com/
29. http://bjjlodz.pl/meta/verif.myaccount.resourses.biz/
30. http://blackpearl61.com/wp-content/sec.myaccount.resourses.biz/
31. http://blog.almeidaboer.adv.br/wp-admin/trust.myaccount.send.com/
32. http://blog.lunchonksa.com/wp-includes/secure.myaccount.send.net/
33. http://brannudd.com/cgi-bin/secure.myacc.resourses.com/
34. http://brodiebutler.com/cydabarevents/verif.accounts.resourses.biz/
35. http://broscheid.de/verif.myaccount.resourses.net/
36. http://byworks.com/wp-includes/secure.myacc.send.net/
37. http://calidadiberica.es/postnewo/verif.myaccount.resourses.com/
38. http://cargacontrol.com.co/doc/secure.myacc.docs.net/
39. http://catherinechidgey.com/secure.accounts.send.com/
40. http://cddvd.kz/cgi-bin/sec.myaccount.resourses.net/
41. http://chanoki.co.jp/Library/sec.accs.send.com/
42. http://chemicalvalues.com/styleso/verif.accounts.send.net/
43. http://cholesterol-ache.xyz/cgi-bin/trust.myaccount.docs.net/
44. http://classicimagery.com/System/verif.accounts.resourses.com/
45. http://co-legacy.com/wp-includes/sec.accounts.resourses.net/
46. http://comunikapublicidade.com.br/sitemaps/trust.myacc.resourses.biz/
47. http://content24.pl/wp-snapshots/secure.accounts.docs.com/
48. http://conwinonline.com/thelatest/verif.myacc.send.net/
49. http://creativaperu.com/phpqrcode/cache/secure.accs.resourses.biz/
50. http://cruelacid.com/stats/secure.accs.send.biz/
51. http://cupartner.pl/izabela.gil/secure.accs.send.net/
52. http://cyborginformatica.com.ar/_notes/secure.accounts.docs.net/
53. http://dalgerenterprises.co.ke/wp-admin/trust.accounts.resourses.biz/
54. http://datatechis.com/dis4/sec.accounts.docs.net/
55. http://debuitenkeukentimmerman.nl/wp-content/secure.myaccount.docs.com/
56. http://designkoktail.com/wp-includes/trust.myaccount.docs.com/
57. http://dev.zcrate.com/twocmail/trust.myacc.docs.net/
58. http://devpro.ro/misc/trust.accs.resourses.biz/
59. http://diegosanli.com.br/Scripts/verif.myaccount.resourses.com/
60. http://distorted-freak.nl/html/trust.myaccount.send.biz/
61. http://dracos.fr/Scripts/secure.myaccount.send.com/
62. http://egobe.com/ahmad/secure.myacc.docs.com/
63. http://eiamheng.com/aspnet_client/verif.accounts.docs.net/
64. http://esgos.com/UTILES/sec.myacc.send.net/
65. http://evosel.com.br/fichaseguranca/trust.accounts.docs.com/
66. http://fafu-kenya.org/wp-admin/verif.myacc.docs.com/
67. http://femu.hu/js/sec.accs.send.net/
68. http://fmlnz.com/wp-includes/verif.accs.docs.com/
69. http://fueledutv.com/wp-content/secure.accs.send.net/
70. http://futuregraphics.com.ar/trust.myacc.docs.net/
71. http://galdonia.com/js/sec.accounts.send.com/
72. http://g-and-f.co.jp/photobox15/sec.accs.resourses.biz/
73. http://ghostdesigners.com.br/bin/verif.myaccount.resourses.net/
74. http://ginafrancescaonline.com/peanutsmagazine.com/secure.accounts.resourses.biz/
75. http://glampig.com/wp-includes/secure.myaccount.resourses.com/
76. http://gocreatestudio.com/ntc/trust.myaccount.docs.com/
77. http://golfer.de/advertpro/secure.myaccount.send.com/
78. http://gphq.net/alicia/sec.myaccount.docs.net/
79. http://gpsbr.net/img/sec.accounts.send.com/
80. http://greenlifeclinics.com/wp-admin/verif.accounts.resourses.net/
81. http://gstr.hu/wp-content/uploads/secure.myaccount.send.com/
82. http://hirosys.biz/wp-content/secure.accounts.send.com/
83. http://hoalanthuyanh.com/wp-admin/secure.myaccount.send.com/
84. http://icodriver.com/wp-includes/sec.myaccount.docs.biz/
85. http://jotaefe.cl/js/trust.myacc.resourses.com/
86. http://ka-dental.cba.pl/wp-includes/secure.accs.send.com/
87. http://lpppl.umpalangkaraya.ac.id/wp-content/trust.accs.send.com/
88. http://luacoffee.com/wp-content/uploads/secure.accs.docs.biz/
89. http://metaops.com/wp-includes/verif.accs.docs.biz/
90. http://mitopty.com/qpw/verif.accs.send.com/
91. http://mmtt.co.nz/wp-includes/sec.accounts.docs.net/
92. http://molie.chat/ylsurmu/secure.accounts.send.com/
93. http://new.hostdone.com/wp-includes/sec.myacc.docs.net/
94. http://newsmafia.in/fj2xlpr/sec.myaccount.send.com/
95. http://spiritwarriormama.com/mwx/secure.myacc.send.com/
96. http://streamsfilms.com/wp-content/secure.accounts.send.biz/
97. http://tengu.cf/wp-includes/secure.accs.docs.biz/
98. http://tomiauto.com/sec.myaccount.resourses.com/trust.accounts.send.biz/
99. http://webarte.com.br/css/secure.myaccount.send.biz/
100. http://whatmatters.co.uk/wp-admin/sec.accounts.resourses.biz/
101. http://www.advokatcw.no/js/sec.accounts.docs.com/
102. http://www.antoninferla.com/OLD_SITE_BACKUP/progress/verif.accounts.docs.com/
103. http://www.chanoki.co.jp/Library/sec.accs.send.com/
104. http://www.especializacaosexologia.com.br/3hzmuew/sec.myaccount.docs.com/
105. http://www.fueledutv.com/wp-content/secure.accs.send.net/
106. http://www.gifftekstil.com/wp-admin/verif.myaccount.docs.biz/
107. http://www.icodriver.com/wp-includes/sec.myaccount.docs.biz/
108. http://www.sriretail.com/api.Asia/verif.accs.send.biz/
109. http://www.urcmyk.com/eeg/trust.accs.resourses.biz/
110. https://abi.com.vn/BaoMat/verif.accs.resourses.net/
111. https://altop10.com/wp-includes/trust.accs.docs.biz/
112. https://amidyava.xyz/wp-content/trust.myaccount.docs.com/
113. https://bitmyjob.gr/dev/sec.accs.docs.net/
114. https://celumania.cl/gigf64c/sec.accs.resourses.biz/
115. https://debuitenkeukentimmerman.nl/wp-content/secure.myaccount.docs.com/
116. https://divyapatnaik.xyz/wp-admin/trust.accounts.send.com/
117. https://flagpoles.viacreative.co/wp-includes/verif.myaccount.docs.biz/
118. https://italia-ricci.com/gallery/sec.myaccount.resourses.biz/
119. https://kodeflow.net/cgi-bin/sec.accs.send.biz/
120. https://landscapingstoneandmulchwi.com/wp-admin/verif.accounts.docs.com/
121. https://legalservicesplc.org/qinvf6a/secure.myaccount.send.com/
122. https://mmtt.co.nz/wp-includes/sec.accounts.docs.net/
123. https://multilingualconnections.com/wp-includes/secure.accounts.send.com/
124. https://phelieuhoanghung.com/wp-admin/sec.accs.docs.biz/
125. https://pickupav.site/wp-admin/secure.accounts.resourses.biz/
126. https://raisedrightman.com/wp-includes/secure.accs.docs.biz/
127. https://servinfo.com.uy/cgi-bin/sec.accs.docs.com/
128. https://streamsfilms.com/wp-content/secure.accounts.send.biz/
129. https://tempatkebaikan.org/wp-content/verif.myaccount.docs.biz/
130. https://tripaxi.com/All/secure.myacc.send.biz/
131. https://www.fueledutv.com/wp-content/secure.accs.send.net/
132. https://www.lamusealoreille.com/bbpsccu/verif.myaccount.resourses.net/
133.  
134. ```
135. #### Epoch 2 Document/Downloader links seen for 04/02/19 ####
136. ```
137.  
138. http://107.23.121.174/wp-content/verif.accounts.resourses.net/
139. http://142.93.73.189/ufy1dmh/verif.accounts.send.com/
140. http://18.234.27.10/wp-content/trust.myacc.resourses.com/
141. http://1lorawicz.pl/language/trust.accs.send.com/
142. http://1sana1bana.estepeta.com.tr/wp-admin/secure.accs.docs.biz/
143. http://1sbs.unb.br/phpmyadmin/sec.myaccount.docs.biz/
144. http://203.157.182.14/apifile/mat_doc/trust.accounts.resourses.com/
145. http://242annonces.com/apps/verif.accounts.resourses.com/
146. http://2dive.nl/wvvw/sec.myaccount.docs.com/
147. http://35.200.202.215/wp-content/uploads/trust.accs.resourses.com/
148. http://3gcargo.com/wp-includes/verif.accounts.resourses.com/
149. http://54.153.155.14/wp-content/plugins/wp-migrate-db/verif.accs.docs.biz/
150. http://602881963.cz/docs/secure.accounts.docs.biz/
151. http://99sg.com/zen/zc_admin/sec.accs.resourses.net/
152. http://acebbogota.org/wp-content/secure.accs.resourses.com/
153. http://acessocriativo.com.br/wp-admin/verif.myacc.send.net/
154. http://acteon.com.ar/awstatsicons/trust.myaccount.docs.net/
155. http://adultsikishikayeleri.com/wp-admin/verif.myacc.resourses.net/
156. http://africanmango.info/wp-includes/secure.myaccount.resourses.biz/
157. http://agipasesores.com/Circulares_archivos/secure.accs.send.biz/
158. http://aglassofwhisky.com.cp-in-15.bigrockservers.com/wp-content/trust.accounts.docs.com/
159. http://aglassofwhisky.com/wp-content/trust.myacc.send.net/
160. http://aikido-aikikai.ck.ua/wp-content/sec.accounts.docs.biz/
161. http://alburjpp.com/wp-content/secure.accs.resourses.com/
162. http://alcantaraabogados.es/languages/sec.myaccount.send.biz/
163. http://alfapop.id/wp-content/sec.accounts.docs.com/
164. http://alfapop.id/wp-content/trust.accs.resourses.biz/
165. http://amokphoto.ca/mailbox/verif.myaccount.send.biz/
166. http://andrewtlee.net/api/secure.myaccount.docs.net/
167. http://andvila.com/secure.accs.docs.biz/
168. http://apmc.application.pk/wp-content/trust.accs.resourses.com/
169. http://archipelago.sk/LOGS/sec.myaccount.resourses.com/
170. http://armourplumbing.com/wp-snapshots/sec.accs.docs.com/
171. http://aro.media/wp-content/secure.myaccount.resourses.com/
172. http://artvest.org/roseled/secure.accounts.send.biz/
173. http://asepspa.cl/sec.accounts.docs.biz/
174. http://ashokshahdeo.com/wp-content/secure.myaccount.send.com/
175. http://austin-smith.co.uk/verif.accounts.send.biz/
176. http://avenue5.co.in.cp-in-10.webhostbox.net/wp-includes/verif.myaccount.send.net/
177. http://beflaire.eazy.sk/wp-includes/sec.myacc.docs.net/
178. http://belamater.com.br/wp-includes/verif.accounts.send.biz/
179. http://belamater.com.br/wp-includes/verif.myaccount.resourses.com/
180. http://belanja-berkah.xyz/xwc1zez/sec.myaccount.docs.net/
181. http://bellemaisonvintage.com/js/trust.accounts.send.biz/
182. http://beta.oneclick-beauty.com/wp-admin/trust.myaccount.resourses.com/
183. http://bf2.kreatywnet.pl/owa/trust.accounts.send.com/
184. http://biederman.net/christywalkercreations/verif.accounts.send.net/
185. http://bienbaogiaothong.top/wp-admin/sec.accs.resourses.com/
186. http://bikesandbeyond.nl/wp-includes/trust.accs.send.net/
187. http://binayikimisi.com/wp-includes/sec.myaccount.send.com/
188. http://bitefood.in/wp-content/trust.myacc.send.biz/
189. http://bkpp.bogorkab.go.id/wp-content/uploads/trust.accounts.resourses.net/
190. http://blckfrdcreative.com/wp-includes/sec.accs.send.biz/
191. http://bloombrainz.com/thridhani.com/trust.accs.docs.com/
192. http://bluewavecfo.com/yourcfotogo/trust.accounts.docs.biz/
193. http://bonobo.org/slider/secure.accounts.send.com/
194. http://brutalfish.sk/BrutalHome/sec.accs.docs.biz/
195. http://buitre.tv/adqss/trust.accounts.docs.biz/
196. http://burgertable.com.br/zfqvut2/secure.accs.docs.biz/
197. http://buybywe.com/awstats-icon/trust.myaccount.resourses.com/
198. http://cambalkontamiri.net/cgi-bin/verif.accounts.docs.net/
199. http://campustunisie.info/96132500/secure.myaccount.send.net/
200. http://captivetouch.com/online/sec.myacc.send.biz/
201. http://catamountcenter.org/cgi-bin/verif.accs.send.net/
202. http://cayxanhnhadep.com/wp-includes/sec.myaccount.docs.com/
203. http://cdlingju.com/calendar/trust.accounts.send.com/
204. http://ceffyl.co.uk/css/secure.accounts.resourses.biz/
205. http://chedea.eu/IQwK-H3ozxvddE7COI2_JSFxHwyu-e6/sec.accounts.docs.com/
206. http://chigusa-yukiko.com/blog/sec.myaccount.send.com/
207. http://chi-research.com.au/Templates/sec.accs.resourses.com/
208. http://cleverboy.com/apn/verif.myacc.send.net/
209. http://cleverdecor.com.vn/wp-includes/verif.accounts.docs.com/
210. http://creaception.com/insta/sec.myaccount.docs.biz/
211. http://credigas.com.br/conf/secure.myacc.send.net/
212. http://cumproszowice.pl/wp-admin/secure.myaccount.resourses.com/
213. http://cynicide.com/Nano/secure.myaccount.resourses.biz/
214. http://czabk.com/wp-includes/sec.accounts.resourses.net/
215. http://daithinhvuongresidence.com/wp-admin/sec.accounts.send.net/
216. http://dakterrastechniek.nl/wp-admin/verif.myaccount.resourses.biz/
217. http://demo.bwdhpl.com/gngz/sec.myaccount.docs.biz/
218. http://design.kinraidee.xyz/wp-admin/secure.myaccount.resourses.net/
219. http://desing.co/wordpress/secure.accs.resourses.net/
220. http://dev.smartshopmanager.com/wp-content/verif.accounts.resourses.biz/
221. http://devicesherpa.com/myideaspace/secure.myaccount.send.com/
222. http://dickleigh.co.uk/jquery/trust.myaccount.resourses.biz/
223. http://dirtyrascalstheatre.com/cgi-bin/verif.myacc.docs.biz/
224. http://disbain.es/wp-includes/verif.accounts.docs.net/
225. http://djjermedia.com/cgi-bin/secure.accounts.send.net/
226. http://dmdloopers.com/backup-1486784774-wp-admin/sec.myacc.send.com/
227. http://docesnico.com.br/Scripts/secure.myaccount.docs.biz/
228. http://dorsetsubmariners.org.uk/admin/gallery/gall_images/sec.accs.send.net/
229. http://doshirisington.com/newsletter/trust.accs.send.biz/
230. http://dropshots.starfish-software.com/api/sec.myacc.resourses.net/
231. http://drszamitogep.hu/_BACKUP-20190208-HACKED/secure.accs.docs.biz/
232. http://drzewadobrejwidawy.pl/wp-admin/verif.myaccount.docs.net/
233. http://ecube.com.mx/css/verif.accs.resourses.net/
234. http://elgrande.com.hk/zip/trust.myaccount.resourses.net/
235. http://emirates-tradingcc.com/wp-content/secure.myaccount.send.net/
236. http://emobilenumbertracker.com/cgi-bin/secure.myacc.docs.com/
237. http://encorestudios.org/verif.myacc.resourses.net/
238. http://esmorga.com/pelis/verif.myacc.docs.biz/
239. http://esopropertyservices.com/wp-includes/secure.accounts.send.com/
240. http://eurocasinolive.com/test/secure.myaccount.send.biz/
241. http://everandoak.com/css/trust.accs.send.biz/
242. http://expedienteemcasa.com/wp-includes/sec.myacc.resourses.com/
243. http://eylemansch.nl/cgi-bin/trust.accs.docs.com/
244. http://eysh.mx/wp-content/verif.myaccount.docs.net/
245. http://favoritbt.t-online.hu/logon/verif.myaccount.resourses.com/
246. http://fcbarcelonasocks.com/maps/secure.accounts.docs.com/
247. http://feryalalbastaki.com/kukuvno/trust.myacc.docs.biz/
248. http://flightbridgeed.com/libraries/trust.accounts.send.biz/
249. http://floriasseminaires.net/wp-content/verif.myaccount.docs.com/
250. http://flysrilanka.de/wp-content/sec.myacc.send.biz/
251. http://fp.unived.ac.id/wp-content/uploads/trust.accs.docs.net/
252. http://frontier-studios.net/unity/trust.accounts.docs.com/
253. http://frtirerecycle.com/images/trust.accs.send.com/
254. http://fruitstip.com/wp-admin/secure.myacc.docs.biz/
255. http://ftt.iainbengkulu.ac.id/wp-content/uploads/secure.accs.resourses.com/
256. http://gabeclogston.com/wp-includes/verif.myaccount.resourses.net/
257. http://gamemechanics.com/dbtest/verif.myaccount.docs.com/
258. http://gdlin.com.ar/cgi-bin/sec.accounts.docs.biz/
259. http://gift7.ir/wp-content/verif.accounts.docs.biz/
260. http://gilgaluganda.org/5yryfww/trust.myacc.send.net/
261. http://guiadecardapios.com/pointdoacai/verif.accounts.send.com/
262. http://gunnarasgeir.com/joomla/sec.myacc.docs.net/
263. http://gzk.by/wp-content/verif.myacc.send.com/
264. http://hahawaii.org/wp-admin/verif.myacc.resourses.biz/
265. http://hakimmedicalcenter.com/wp-includes/verif.accounts.docs.com/
266. http://hangharmas.hu/js/sec.myaccount.send.net/
267. http://hanict.org.vn/nbproject/sec.myaccount.docs.com/
268. http://highvoltageextracts.ca/wp-includes/trust.accs.resourses.biz/
269. http://hoief.iq/wp-content/trust.accs.resourses.com/
270. http://holyplumbers.com/wp-admin/trust.accounts.docs.net/
271. http://htcpi.org/cgi-bin/verif.myaccount.resourses.com/
272. http://hwturk.com/wp-content/trust.accounts.send.net/
273. http://imiselectro.ru/wp-admin/secure.accounts.resourses.com/
274. http://inoxducnha.com/wp-content/plugins/trust.myacc.send.biz/
275. http://interfaith.lk/bzmgdt/verif.accs.docs.biz/
276. http://jkncrew.com/trust.myaccount.docs.biz/
277. http://jonahsrecovery.org/wp-admin/sec.accs.resourses.biz/
278. http://jonahsrecovery.org/wp-admin/trust.myaccount.docs.biz/
279. http://joyfulparenting.co.in/wp-content/sec.myaccount.docs.com/
280. http://kakoon.co.il/wp-includes/secure.accounts.resourses.biz/
281. http://kiziltepemarangozmobeso.org/wp-admin/sec.accounts.resourses.biz/
282. http://korpushn.com/wp-content/sec.accounts.docs.com/
283. http://lartetlamatiere.be/wp-content/secure.myaccount.send.com/
284. http://library.iainbengkulu.ac.id/wp-content/uploads/verif.myacc.docs.com/
285. http://livingwealthpro.com/wp-admin/verif.myaccount.resourses.com/
286. http://macademel.com.br/wp-admin/secure.myacc.docs.biz/
287. http://mail.spinnakersolutions.com/wp-admin/verif.myacc.send.com/
288. http://manxen.com/wp-includes/secure.myaccount.send.biz/
289. http://marbella-wedding.com/cgi-bin/verif.accs.resourses.biz/
290. http://mcknightnamibia.com/wp-admin/trust.accounts.resourses.com/
291. http://medicalatlantic.com/dexter/trust.accs.send.com/
292. http://medicinaesteticaorlandini.it/wp-content/sec.myacc.docs.biz/
293. http://megahurda.tk/to7yqqg/sec.accs.resourses.biz/
294. http://metodosilverfoxx.it/test/trust.accounts.send.com/
295. http://mvmskpd.com/wp-includes/verif.myacc.send.com/
296. http://myriadclassified.com/cgi-bin/sec.accounts.docs.biz/
297. http://nanyangbaobao.com/wp-content/secure.myaccount.send.net/
298. http://newsspe.com/fvefbd/trust.accounts.send.com/
299. http://nurafuturetechnologies.com/wp-includes/sec.myacc.send.com/
300. http://onemarket.in/wp-admin/verif.accounts.resourses.biz/
301. http://otakit.my/wp-content/secure.accounts.docs.net/
302. http://pilota14.com/cgi-bin/secure.accounts.docs.net/
303. http://psdtraining.club/wp-admin/verif.myacc.resourses.net/
304. http://puntoprecisoapp.com/ypb/secure.myacc.docs.com/
305. http://qatarexpats.online/wp-admin/sec.myaccount.docs.biz/
306. http://quazar.sk/wp-includes/secure.accs.docs.net/
307. http://rcadiabd.com/wp-includes/trust.accs.send.net/
308. http://redtv.top/wp-content/trust.myaccount.docs.net/
309. http://renataaraujocerimonial.com.br/renataaraujocerimonial.com.br/verif.myaccount.docs.net/
310. http://ritikastonegallery.net/new/verif.myacc.send.net/
311. http://savvylookscreation.com/0ynu8xp/sec.accs.send.com/
312. http://soctactical.com/js/trust.myaccount.resourses.biz/
313. http://tccsemdrama-inscricao.ml/wp-includes/verif.myacc.send.com/
314. http://teyouhao.com/wp-admin/secure.myacc.docs.com/
315. http://tgbot.cf/dweb4op/verif.myacc.send.net/
316. http://thaarcoffee.com/wp-admin/verif.myacc.send.biz/
317. http://thelivefreeproject.org/wp-includes/verif.myaccount.docs.biz/
318. http://thinking.co.th/styles/sec.accounts.send.com/
319. http://tooraktrans.hu/wp-includes/trust.accs.send.com/
320. http://totaltravel.com.pe/cgi-bin/secure.myacc.resourses.com/
321. http://totaltravel.com.pe/cgi-bin/verif.myacc.docs.com/
322. http://vcube-vvp.com/cgi-bin/sec.myacc.resourses.net/
323. http://vipersgarden.at/PDF_files/sec.myaccount.docs.net/
324. http://wadiftek.com/css/verif.myacc.resourses.net/
325. http://worldclasstrans.com/doc/sec.myaccount.send.com/
326. http://www.accountantswoottonbassett.co.uk/wp-content/secure.accs.send.net/
327. http://www.aipatoilandgas.com/cellnote5/secure.accs.resourses.biz/
328. http://www.ambleaction.my/wp-admin/css/colors/blue/secure.myaccount.docs.biz/
329. http://www.amyu.org/cgi-bin/sec.myaccount.resourses.net/
330. http://www.antonskitchen.dk/wp-admin/verif.myaccount.resourses.net/
331. http://www.arse.co.uk/yeti12/secure.accounts.send.biz/
332. http://www.avfphoto.com/MROSTOCK1/verif.myaccount.docs.net/
333. http://www.cbmagency.com/wp-content/sec.myacc.docs.biz/
334. http://www.deccanwheels.com/wp-content/trust.myaccount.docs.biz/
335. http://www.elevatedigitalma.com/wp-includes/verif.accs.resourses.biz/
336. http://www.factory.gifts/wp-includes/verif.myacc.docs.com/
337. http://www.harrisnewtech.ir/wp-content/trust.myaccount.resourses.biz/
338. http://www.hunterconsult.com.br/en/secure.myacc.send.net/
339. http://www.innercitysolutions.net/wp-content/secure.accs.resourses.net/
340. http://www.likeahair.com/wp-admin/trust.myaccount.docs.net/
341. http://www.loserssuck.com/cgi-bin/trust.accs.resourses.net/
342. http://www.monfoodland.mn/wp-admin/trust.myacc.send.net/
343. http://www.partonobrasil.com.br/wp-admin/verif.accounts.docs.biz/
344. http://www.phenoir.org/wp-content/secure.accs.resourses.net/
345. http://www.queenfashionnew.vn/en/secure.myaccount.resourses.com/
346. http://www.reyesrealestategroup.com/abd2ypi/trust.myacc.resourses.net/
347. http://www.rychaushair.com/wp-content/secure.accounts.docs.net/
348. http://www.sonmoicaocap.vn/tdq5mpz/sec.myacc.resourses.biz/
349. http://www.sz-lansing.com/wp-includes/trust.myacc.send.com/
350. http://www.theadszone.com/wp-includes/sec.accounts.send.net/
351. http://www.tokyoroll.com.ar/verif.myacc.resourses.com/
352. http://www.tomfantl.com/wp-includes/secure.myacc.resourses.biz/
353. http://wycieczkaonline.pl/gph2lop/verif.accounts.docs.com/
354. http://xn--12cg2c0cab8bb6azevgg3a9k.com/cgi-bin/sec.myaccount.send.biz/
355. http://yatcheong.com/ww4w/trust.accounts.send.biz/
356. http://zvarga.com/wp-admin/verif.myaccount.docs.biz/
357. https://agrodeli.cl/cgi-bin/sec.accs.resourses.net/
358. https://artaghril.com/wp-content/secure.accs.send.com/
359. https://asia-taxsolutions.com/stage/sec.myacc.docs.net/
360. https://blog.tuziip.com/wp-includes/sec.accs.send.com/
361. https://danel-sioud.co.il/wp-content/verif.myaccount.send.com/
362. https://dovermahealth.org/test-wp/verif.accounts.resourses.biz/
363. https://escapadesgroup.com.au/cgi-bin/secure.accs.resourses.net/
364. https://globalpassionentertainment.com/wp-content/trust.myacc.send.net/
365. https://heavenbd.xyz/wp-admin/trust.accs.docs.com/
366. https://informapp.in/xvyf69e/trust.accs.docs.net/
367. https://jfastore.com/3hzerb0/verif.accounts.docs.net/
368. https://kintore-daietto.com/wp-admin/sec.myaccount.docs.biz/
369. https://kovar.sbdev.io/xhol/verif.myacc.resourses.net/
370. https://lawsoncreatives.com/fckeditor/sec.accs.docs.biz/
371. https://magizweb.com/wp-content/secure.myacc.docs.biz/
372. https://miknatis-online.com/wp-admin/secure.accs.resourses.biz/
373. https://olietherapie.nl/cgi-bin/secure.accs.resourses.net/
374. https://showmecatering.com/wp-admin/secure.myacc.send.net/
375. https://stelliers.cn/demo/sec.accs.docs.biz/
376. https://suckhoexanhdep.com/sam-yen.com/trust.myaccount.docs.net/
377. https://vietelite.edu.vn/wp-admin/sec.accounts.send.net/
378. https://vpacheco.eu/xzds8sq/verif.accs.resourses.biz/
379. https://vrfantasy.csps.tyc.edu.tw/wp-includes/verif.myaccount.docs.net/
380. https://www.eforperde.com/ekatalog/sec.myaccount.docs.biz/
381. https://www.goldsilverplatinum.net/wp-admin/secure.myaccount.resourses.com/
382. https://www.herflyingpassport.com/wp-admin/trust.myaccount.docs.net/
383. https://www.hive.world/wp-admin/secure.accs.send.biz/
384. https://www.jasabacklinkseo.com/wp-admin/sec.accs.send.com/
385. https://www.kingstown.vn/wp-admin/secure.myaccount.resourses.biz/
386. https://www.preownedteslamodely.com/wp-admin/trust.myacc.send.biz/
387. https://www.rychaushair.com/wp-content/secure.accounts.docs.net/
388. https://www.sonmoicaocap.vn/tdq5mpz/sec.myacc.resourses.biz/
389. https://www.xn--12cg2c0cab8bb6azevgg3a9k.com/cgi-bin/sec.myaccount.send.biz/
390. https://xn--12cg2c0cab8bb6azevgg3a9k.com/cgi-bin/sec.myaccount.send.biz/
391. https://y5mart.com/kuwait/trust.accs.resourses.net/
392. https://zooril.com/wp-includes/verif.accs.send.biz/
393.  
394. ```
395. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
396. ```
397.  
398. Creation Time 2019-04-02 20:54:00 (DOC Based - ENG - Upgrade Blue Box)
399. SHA256:
400. 9911388a489874cdb1847af9734243bcbd0ccf0d1a0e2f390679ecaae6ab6039
401. be79c4427d6b7c050ec4a350dfab38238379706dceeb7efdc2dd7c246aa6661d
402. 56d6ca3e8a6d8076e108ffc90c437bdd37ca7d5004f950a18cad4eb5a0a744dd
403. 416e4acce2b50545f884fb326c1fc0e37842a7052f0a5f26ee4c3aca4170eedb
404. 02d820ebbe08fa00979e71fa126fe98ce2227e1155352d02e8e5dcac72d26926
405. da045e2ac1403f0ee35b92de92d936eab1054754892a51d78c5970edbb206412
406. 9f1d9a160c52ae086aa022d81a79efbc507d2b3eacbe6b7d8266b28d5c9afb18
407. 514048623894671bf9954a3b5c56f5fc9c1f20f3a7cc515b5145e62b916c2313
408. 5151fb7aec67ade6838e6bcdf2b90d8ff349e225c4202534b81129e2d43b9500
409. 6976ad542d5495c4add7acb55a44cf5226f6c4e3336260db188060134ad77a88
410. 982ceb7f898200836f847b10d81ee7faff43d103248981b66effc3e2ddc44d54
411. aeabcd1504dc47b7801a7cf3e9614423588bbdff581bec8eadba5e3d3dc306ab
412. da723897bf490193511b89fabd65f2c80a746afd15a92b0a0ce5500d174198c5
413. fea79dddbbb958f8a6ab5f425fcf90b8391ea2582be757f6f85db049c8833818
414. d38a5dcf8157badd948c4b633cc3c96be182b1e3966e22768b1c50d9313307f4
415. 8e99ad401099d70ff532f41b98bfd114d7d9fa9b3972402b12fb572e619d9c38
416. 6969d147438848f98bf4d55ede9a9e822055edcf9e3366c3420b83d365f0dc74
417. 9ab00da32f0d6c67849a91f88d3287d4d25012d502e0c5c356276af231b9afe1
418. 9911388a489874cdb1847af9734243bcbd0ccf0d1a0e2f390679ecaae6ab6039
419. 8a91912e2cf6bde4a46ee9f7f66dcd1e025480dc6e474d8040b6f1fcc6fb8272
420. 982ceb7f898200836f847b10d81ee7faff43d103248981b66effc3e2ddc44d54
421. 56d6ca3e8a6d8076e108ffc90c437bdd37ca7d5004f950a18cad4eb5a0a744dd
422. da723897bf490193511b89fabd65f2c80a746afd15a92b0a0ce5500d174198c5
423. 21cdaab8dd50a13fcc92475cb4950bdc8e41974638d1b664fc927db9152d56ee
424. 134f5027b747b4620b5ff089f50772b7a040e3bfdf2a7a3c1311f1e0d3548916
425. b04d811c669288b47d71ed7140fa92ec6fedfd828dabeda508e30e6b02373d2c
426. 514048623894671bf9954a3b5c56f5fc9c1f20f3a7cc515b5145e62b916c2313
427. de161123edb795124fb3c79c800286106da29bbc03fbc8caf21f6a0c411bbeba
428. 1bbee951c39bd4fe6c34dda1d615b86564b100c105d334ad7bef9b48c6b3575a
429. 9f1d9a160c52ae086aa022d81a79efbc507d2b3eacbe6b7d8266b28d5c9afb18
430. 66bd9e4e0fe63329de8bb3fd2eea2695d2639c7f2f8b374092d5d6d60c55e850
431. be79c4427d6b7c050ec4a350dfab38238379706dceeb7efdc2dd7c246aa6661d
432. da045e2ac1403f0ee35b92de92d936eab1054754892a51d78c5970edbb206412
433. 71da989508ec611531680c84d36ce583dc8bed2800938af7bd45fb6937982da5
434. 1e360c20dc040640807c1c84c439030d4a27c3e434bbfdf6f5ab5bacfbb6c353
435. ef9f3787a87bcf2dd72770ab3e397680d41a04398b29b6f505db824d452fb075
436. 2a80e79117ec8b828d768ebccafbf64d4ec2c876d8cfe1bb7a8c07006764e9b8
437. 81a374b16c07ef7a78b1d1b9bbb00548ef1f51ddcbc819f9a5a627f6443a6560
438. b617f7b321c180d7ebf7dae416c8c95d44c315f2d42665572f538c183ed3af1e
439. 1e1dad9aa4809fa42137bb56cbcd4bd1b290bba4be09d4888b6415cc2cb2ec3a
440. 416e4acce2b50545f884fb326c1fc0e37842a7052f0a5f26ee4c3aca4170eedb
441. 06db63774447c6e612358d5ac55d6528288c6d84f9b840a9d512b7e5f5d19a04
442. a7c6d747cba49ff0581bd295df4be6ac4f5a2f137e1b9506e16f55ca67b902f8
443. 7a0f9f8f54bfe6335b0dc00a047620829cd328e526686bc0e7d064cfc05312cf
444. 794c7c25c8801298d45c2e08d711dfae269f9906c2f4dc52d6808eb3a13b9e6f
445. df244f0fe36c8a746c98dd2f565c4eac24a9ddbb0a76a7f4b31f96d844095cdf
446. afa7a1626e4b444e1f9614544924914f07581e56bb2def0653a3e69895e7d985
447.  
448. https://www.nasabonebolango.com/wp-admin/wRn/
449. http://ankhop.xyz/wp-includes/IM2e6/
450. http://woocommerce-19591-66491-179337.cloudwaysapps.com/khabwwo/uWFCi/
451. http://weightlosspalace.com/hlwk49gos/Oi/
452. http://reviewtral.com/csgldw6/BbE8V/
453.  
454.  
455. Creation Time 2019-04-02 15:24:00 (DOC Based - ENG - Upgrade Blue Box)
456. SHA256:
457. d12bee589a960c8bf9dea32c0755083433ae82239715f75a1246f69b5a13a55a
458. edd57253340662642c7ee0fc7987d6a0ac913ece433a3208716eccc8420494ee
459. fd693227d417692041fb873c8b012452066c7fa1fc74c3150fc9be78d686a2a4
460. 5a44737ce4388ae58ef959a8aa55c51e15765b7e848942541376da9e6dd73345
461. dced0dc59825f717d24a4aa74d728907525a5cc391c1415d3b3f840814ae5345
462. 10700c7d10cafd6fd6f1b51d11767061e0f1f2d8c8cbda8f373737822819266c
463. 9e47428d488ae1e2119019285a2c5bdc6047e826d6fdffa27c987c278f144ed4
464. 1defd7fdc2eb6211e164f3512e4d1ca0c095251354af3ceac63b99239de711ce
465. 2a114120c0f66e513197ae81ff3167cb7cd7e3b14b70791e0a6740eb132e1831
466. 66c3548348fff55b0fa9636b767e0ffdf01890a54bbffffaebd731064a4e8378
467. 670ffa34cf36325653d7129da9424bfb4a7270a8a73f9a593c87745151b801ff
468. ba5422389d7f8dbacfae2e8317ac892519a0df233a87ece23b7050c561ec3672
469. 080d9962c714350a85fccb3886cb293a1a87b2dcc013222a93f653fa462d28bf
470. 7cfec0721de4522f0a3145435012b6dfc4143d46b5022ec20deaa3e11996343c
471. 0317563fd1c7ce48aebea75b1bbac6e69c3320e6c10debfbdf402bc3aa2d8d1e
472. 749dea407910c04c9a4f8259b00937984e5885c5293a645a24e3fdeb10df949d
473. 20fb659983053024ce1a08ea31a177d5f9a67b49b6155773cd9af150088ac1cf
474. 8b9afe9b9e4a2d769086e730502a498b49c2782ef2833010d2442d356dc44fc3
475. 9d051b4c3a99d6e8f0ff174f2719f4a4b4ed508fc021076554b184a1a2aada30
476. 1601d0eff64c125577065591d84645a08510019d395e0cb19bc065cd8380886d
477. 240b33f3d8f8f20fee5239520a27ba2b7a0e2f1479466e097e543cb7f36bae15
478. 39cf3bba5c843f72ef334aeb0a6b635ef6e31958d96a07e7d78e7f818acb2a02
479. 6037c07f34ea753ad6709c83b97a8489fe5443401767a1a579c8333ec3d2cd07
480. cb92303fe52eca18d053c8b3a5d98b4939a0283b529317f3165bd30ee6bd6ec3
481. d005f5a634f8939bba1121bb5366acdbda2a2a74b4a3094979f0539be6488355
482. 4cf511f606c2c2030663eb9015bc5ea9c792863a8006f9eb17755717699792c7
483. 45212e49f9609f593388cdbd64a651c09e9b3813fb7f7236b9705881618d023d
484. d4c7d27e051b8d5a5b012db73d7392ff5605cdb65a7a05b1bd4513896750fffe
485. fec0121799ceccc38819fe794970070e2fa8d6191322c616de110aa191736fe5
486. b28c9a7ca9dd3a2c053b45b4c3b404771cf6dc3daefd93527f63855f83c47fd9
487.  
488. http://www.thyroidnutritioneducators.com/wp-content/oK4z/
489. https://www.dierquan.com/wp-content/KUUu/
490. https://www.24linux.com/wp-content/vnaW/
491. http://eurofutura.com/Ratchet-master/wZBv/
492. http://worldofdentalcare.com/_vti_bin/Nz/
493.  
494. Creation Time 2019-04-02 07:47:00 (DOC Based - ENG - Upgrade Blue Box)
495. SHA256:
496. eda66ecdf4b4a588bf076fa2decb200cbde8b526aa1945fe91b502e4a1f363b3
497. 8e29c14ad4d72243f2fd74fbd8a88b716dc140ab29ff029532d52e0836cf69b0
498. 974fdf012df647e6b3c6d8df4ba21dc34dbbcdbcb7e1064ff6f2087e517ededb
499. b12b340978c4ac8ee05e2e7025a59900a17462b45a4c11705fa2014c13c7344a
500. 02d820ebbe08fa00979e71fa126fe98ce2227e1155352d02e8e5dcac72d26926
501. 8c520081d7a47ee4781c838b7ad077828f2b877952d37e3f63a6c09fc5c6a4f1
502. a2194b73bdb720ec39fdc6ca17f1a85ed09e19738e5102e68a1399817df2fcac
503. 1804892bf8bba902a181b98789d47ec0939d8afc973fdf74dce2bfdde770ad76
504. 96e9b42fdc695a1401191c3508411c24556c55e8d338ab876b017fd3f26f9181
505. 93690374c0a76b5d5e8978c5603c911aa29d2621af80437e75c10dafb1d34f9b
506. c51563b070372098348716b45e4b7ecc3a0e2a386cf047e405dc3562b8c53e32
507. 27023f36185fe35373ad250a9ff044a5a0a64e070a5b268efddbf99060abf6b8
508. 8cac09a96c694ca69a02493001217c7ab32334ffacc203f729bcbe73383c6507
509. 32129c3111b1a40a44a68decca8215e7ecfb74c28622c706602d160cb62eb74e
510. 6fed57bfee115fd9599cd31925cac47e4005855c32bd6046abdc86fb9195d47d
511. 70df87baed4a31fec2811c0feaf092f10f33cc4384c1c88a01efc30981a111dc
512. c2bdc1bfab0e9219b7c6d8a5993dcbb45bf941478fefabee41eef3a7df01b759
513. 889e2682dbf19ebaf43e2e5e9c2958d06f83339aeababa9f6144a8d804682ac1
514. 3b14c79245a63ab6e6fd36d351584621c097805506f2c52e7f9ae0951a0de176
515. cf37825c9a4553394dc0e495ee7b15fae16f47d85b6b874be2e921ac41be2082
516. 8ffe8e56a97bd40ea9f0fd0b35e7c4a096ddabdc138c5e103f857e454e693d9d
517. b67f5c978dde661585b2937861b5bd7a76247a425db83135139a54ba2ade215e
518. 03ed0cdb5e4270c399f2934b6f694a78eb9c0aff8c0f851d91c3ccd2aa0ade23
519. 054233f439b3424274240219ff9f02c89c7556f86a40e9b1e03351e7494688fe
520. 2d404d36e474bc600846b9e69fda902c2c08db23085ce03910e2624344c017af
521. cf09d600fabc94a432286db6aeaabf8aa95c606e71f25542f54696b00ff96721
522. c23bcd6bae1092cdf6d137a1408494d6a8a5e42c2ae5c2ce071e9a93c419c376
523. 674db80f00446a64325326006d0f2e5902504091918363262a5042002599a99c
524. 39027a3b685c5a17c5dc68029971fc47fe0161ab5adca2dd66d3e2557c8d0b4b
525. c4116622bb5e71fd3506c85abec7709f6116feaf784399e7f6ec8653e93184de
526. 04f0b5ac7c2f7b7167806972ffeafce4658032f539e51dbcbea63a73fc724a36
527. f0c3dfa5f68acc3ff309bad858c1e94a734e890dc784241fa2d8da9de9ca6f29
528. bd2badb2bf38310d21fe93a724e0a894fba53f5b41c6a59ace33b6abe7e0d47a
529. 7ed448a3ac0585143a2f0b4a41c56ea591431a50baeb31c8a93f826ded104956
530. 3e905210d91b17b488c3e8e01f4b7194c3142e9e7be976b091a4007322e3828f
531. 13f75a65c9ee34d3ffcaa916fc3afc0684cb97467269a949313a58bcf3a0d3c6
532.  
533. http://avaplant.com/wp-content/EchEc/
534. http://cpi.thinking-base.com/wp-admin/L7P/
535. http://grafoaksara.com/wp-content/TGloq/
536. http://hanginthere.life/wp-admin/we8TB/
537. http://comodo.casa/wp-admin/cB/
538.  
539. Creation Time 2019-04-01 21:36:00 (DOC Based - ENG - Upgrade Blue Box)
540. SHA256:
541. 474c3b2c50e0fc6e3661187642c0ca20e8ff4b86af2d54812f988e5037c1d4bc
542. 6fde8fce0f23d0f2e40227200ef1aa18f625d93e76ae6340866ddd0b7c0bd5b5
543. 6fde8fce0f23d0f2e40227200ef1aa18f625d93e76ae6340866ddd0b7c0bd5b5
544. 91db55b51b026a1e78c7dfa831e04a5d5a2e553c1b5284caf1256db75478d639
545. d8845a88fe2e10568fcfa1531f5d7fcde3789ff438f6674e96b3ae894800543b
546. d67da614a9be22e22bb1301e7aff4db63e282336306c2c5ef65e720bd25d71c3
547. 74e28180300817f88672db64b9a92b4da799cb654f1d695babfd7e687922c736
548. 74e28180300817f88672db64b9a92b4da799cb654f1d695babfd7e687922c736
549. 679717edd35d914a9ed70e303ed8f4780b1f3c338e312dc9dbcbac91b96606fe
550. b81753e8ecfc0d4c39b2437ca9b376efe6fa39c3699ef2d4dfa0760d020faab8
551. 5d0df4144ba0bca226b8e0df4f93f48f85b46f1c62462d203114efb9525ba653
552. cb3c705b0e960696cec3f8f9b42f4e07a55ab194c42f7fa312dbbbdde909bc75
553. 91f9c8f62535ba2b9ede55f86a33967abeb07b70f547ec73467e6035779494e7
554. 25d4fb7272676cd94bfad33ea86382d76b65da105022d324519faa7cf7dbd4bb
555. 61f7c711769179777e9920e5fe6d9c3fa5d88aeb1375e94cdca2fc390a68ca3d
556. a9b03fe9d8d0651b131d0852285b1cfb948b2fd48d579957f7a3133ba360e363
557. b6c61a5e00719e4aefe0786236898a2c7acfd152c7c393a93c8322e8421e61ee
558. 361454de4f270c50210bedd8a3e1ed8e2ccd1e39ef92b76e1ab3bbd561b18e46
559. 65c4bbe782cf0200bb642fe64783d6064f6a5ff38dffefabaa5e22a3f9014e7b
560. fcd0bf3fb9246422841929cfdbb38ab3afef47e46ca9623aa186a38ddd28ab92
561. 54e68e5ee348e7bc7b78bada7cfdbd29282bb2ed9aed20e5ad907e1c394f1cd4
562. 5fa78da23a8e6295dde375c04b387d3013f840ec1bf02c507843fc28e8c3195a
563. 2cea5a5983f18cbb457cade99d38f735fc9ef0aeab6b7b6a3b33a031cde2bc93
564. 9df603d8ef2184e98391007987d87787f1d0a385a42d6dc32b4ca08d3f9cde0b
565. 787bf83389affc931752a1cb3686ce6aeb487e2cd32e06fa70b7c7c705e31451
566. 454162d001c26a37601cb082dc3d5452010c103d5b69f24a23b468c221d996ce
567. c653544df43b1bd3e7e0a9789fbbb1f86553954df14e9478e73f5f509c79498d
568. af994fb8c890ae1a9fb714ca0d3ad09316a83f3a08631571f966eae70576fb39
569. df71c85744b43d6da290f8b7bd28aed855cd31505a3b07df41ec58bc3a209f00
570. e2571ae759e2f01f73324af0c4fb41a3707176791c9a3c8835468b46129402c4
571. c68c7cf2c5b176af4bd27679b4526da1a89c4a65e436f3ce1ee41156cdf7e26c
572. 8c51449760f329e638238d652539d53b08c1635cb372fe9c48a8fdcd6ec06305
573. d6553c9f42b20b801a2e272ad4486278207ea176164a323c3b5e47aeb935c9ac
574. 93a7a25c9e1a17a88b2bd6e7e695b389dcc8b7e317856c4640179163696dc2d1
575. fef4975f82d0001d50ef193c318b0971af7d89e4feae3b9f970b2af590934eef
576. 806e979745b7c1ba89de060b6fe0b2b07b9841ffdc4944f389cb484309061098
577. 5cd2137bde05f2d256dc5fd2af754651a048a56b95bf54f2c1c07ea1aaffa0e2
578. 74c0f86ac4b0bec02518a4727d2d45286e5660a0df01c9395eabc30b89019968
579. c1778f49059e02fcb5f9de81e0d2e16105ae1608a939c973f8d4a3048ecadf17
580.  
581. https://thetrendgift.com/dubf/5UteK/
582. http://elderlycareblog.info/wp-content/Tj3Og/
583. https://www.udhaiyamdhall.com/images/5d/
584. https://inovatips.com/9yorcan/jVcv/
585. http://property-in-vietnam.com/cgi-bin/A1/
586.  
587. ```
588. #### SHA256s for Epoch 1 Payload EXEs seen on 04/02/19 ####
589. ```
590.  
591. 98e4d6d8d0e68a5ea2b546c96feac3f2927fdbb689f0e0e9b99e39dee4fa22ce
592. 23d6a449cc71017cc828df441000a9728aa4695325c0357e2dae5cdb0d445ebc
593. 33b74e7e20b472930194a9b95490b29e1ee267854a04024c46ee7a804b67d6b8
594. 91087f01937d00b9db0050d5e8cee4360ae40c9ce95df875f831f5de8ee246c1
595. 6f4167c9ba8ea2f8df402742a870f8570a251c21ae2c1efae5ac381993178419
596. a7393e9046283a5154ccbdf41099424e216a40ee976c9eca352ccbc526559f75
597. 8f35ff17ee28e118bf8d8b93b0629e0397fc8e45078d6d76b800dcdd5f75bc9e
598. 750100ba5ecab3349122de747c7b6801c959bc79a85c261a7ad6d6b5622e6b8b
599. 2bc738ad20f25d1901815de9dd949a59044f2bd07e1ce5c3828ece4c79fa6894
600. fdb66b542b8a6de0d5fb7ecadc2c7d2997908c1a306d2952b0c76eac78aa1ffd
601. 42ed4439a91544222c7dfdedd7c7a14b1cb21ff54af0a975f6aca2c1c3206402
602. 16692f0739ba5202e8f461d42e48e16d93b3b0bbc37447948dbe7fc5ff912446
603. 147b71fa5e7bb1099864d8f0f8e227317ad5bd67e5cf520667d9f788837ad1d8
604. 497b5cff8e700281051964039762b6afb534596fd47524bcc1f21cd3bb1fda11
605. 31b1ae72572f9a97fe15459f2e51e3b27f18d0aa53f86eb2c5cc36e596d64a69
606. 3b2c82f944bfcf709416f3accdd01f11727ea0c58899949aefb19d329b4d3652
607. a574b5a9b2f7461291b29c30e218d42c0c26e615a49b9f7560911ec85da91dbd
608. 40c41c3dd7211a1cab6ec40a1bda349cd9f04edf4c038de170428aff71503e71
609. 40c4126c1eefcd8476863c609b694bb52cce4c2d24a87039d5735a420580dd7c
610. d4971ecf0d40a32ceea2ec45de8e2fd92e142eb6debee19b0743be606c80afaf
611. b786138226ffcbdb17c4817a3f745f20ca46ec03e6b4ebdda13b041c7052ffb1
612. 47a13f017e7953d3437d5ae57a5af2fd95c3762f7d8a3c6a7aaa850c359b7146
613. bdbfa047266f9e404902b4b48275b488604ac4ce9be5542e9f8b428ce58eb1da
614. 48848ee2cf69721528115922a5b40aa6bc3e6b6399d1df7edf1944b338221ffb
615. a99128e79e8730c739ef6059c5be1012dc0690595ac62ba8758fd40864046c7d
616. dfcf2cb4dc78facabc6be46a47bf46985b8c2b7ffbea8bce1aa5d2d26c39c5e2
617. cf5e8bc697776c1f49e2ae1f853fc60fa3f8cdd1d2d3f5a3b2e01a334b92daec
618. cf70acf77a1f0b0913ca053f0c3c618d127c26ab31b442235a87bf6644ace071
619. 1f2103b53855c3a88296309b5eeb0bfa1c5707299fb236e3f1d6221599b48c8e
620. 5a5258e0c8ea9a36dc59716fb475c8bb09126ce656eccf97386b4e071b47ae44
621. 42c11b953158ff2350e78b4fb5315cb3b3aaac6022ca4e6244e2273c23fef531
622. b9c1307dcbb406bc3a100cc662c2339ae011f98a990ffd11e0028953669328f7
623. 7457a4b4ac787fc1a9c58b9f4a54871abe2893615d837f05652aeafbf0672429
624. 46380cf5a803a34bcb9ae8136d9660fcb6abc813fdbbd68cde0e6a6a6899dd49
625. 6567d37124c6f47b7965e13bf251eea48126078ff2339866511f7bb287d57ec2
626. 25f37bd93798778f613c0f0c6a77df717cdc7c22060068bb77e5930f12e71586
627. da27458bbb0d604e95d24e54cc081082609d89ea71f51133b98e99765bab9a37
628. 42ccf65fde35b082199e81e1218677f530e543f30827656d61b97dd2630ff77a
629. 204f2225749855afd9c1702c8909a172bfb7b090c20954e13dc24534104ce687
630. 601354ae10cfc3fdb2fddf34b0da7a8ecaaa0964074ca938e3a178057bb530ed
631. 49e227f2a2fa1b99eb0a21d44975fb762b712426255a8e336b7cf01dd0a7733e
632. 26ca09b416b6c5005e717d031fc6880a5b79f31002ee9572d27e7254f850c91f
633. 8afc493f6ef33916984eb178d2ab6b67738c57b159c201ef1fb8ef0820e2e257
634. ed1f0d06000ea3961b30f060efcaee5b7d847e9baa916314fbbded10360af555
635. d3d53f90ff86bf448dfbec1972d99ccf589afd63e9478b9f84fa7c2b1bc7cb80
636. f0aaef61a8d084e99fae0b26418ec2c43ee5c1140fc95444d23f138d03d4df3c
637. 14906d1d338665ab18ee1122fb96b93756f490398c16791d9bd0a3ffb604d138
638. 7f223f34e8d64cac2f289aa4a00d875f5230f0e4f36e4fc383d5cd22c9bdfa9b
639. 82b611e9cc1ac7c67971a5a9ab1cc1d4d12b9200c916749c8d4831b4ee166997
640. a4536d60868cb3ab2ae0a76cab07ae4cbe2a3c702ad107b05af305cfae2d76bb
641. 5d0dea307a8daa6cdee68c30939a33deba03b8943fc95490f98b3a590d8355d1
642. 2942a17efa67b9d6fb4da981364aa877c8099cf71db2ade9c0a4f81f1d711826
643. b568ba2982b9b4f569d273df468b1dc8c5d7d114fa20afb3eaaa5def8f4ac165
644. 82199ed19d5def1db6def2eef643779a38ecba9648dadcc7fbba1a16ac2d0392
645. f49b7dfa6914ec020b1687fa20535c72da53f98ea334b57b78c773bbec4c01bb
646. ab8377fc367ddc19913ee1b3ee834c7227263b6db25f2dd782e0ecf10782cec0
647. 9887819133fd4c86f3d066e75d70d3dd102c90944aa2e64413698d35abe96f32
648. 59d2b10661d45768a2754a51e24b6375f981b0d7a94c7afb39c4c50fd9d570ea
649. b10d42eb9da417c4ba539dc273a7e7f58f7ff079f5a1020093b6cd09b68ab0f4
650. af6b5dbf22161937a1a087a141ef2c21f942cb1e3f0193acea38b13853a5d1b7
651. 345baf896627a88d18a8aaab4af119438d0a15fea576faefe1c1a50f2d30b081
652. 985c1efd744fe60667edb4e5f43d69682d7b4c2e1d6457e47ebc3d93656109fa
653. 605eb9422bdc14c0cec9788f96830de3f96801523fcf0520b7f014536058e10f
654. c4fb5046d65b8b38e5d2ba52df48a9fbe4d7e809922d760df0a89bf933034cdd
655. bdaca0054d60419e3f428fd45f3bf7496f1b5d5167e4c382a6676e7964d6aea9
656. 73e9f9f31260ec5a15f783b85d8e164abb00877b2f2c14a13a9bec68a380a855
657. 1627a0fc15bd168811b2472a53565a954d68978e0607f88855c93ae7a03d37ef
658. d3c659c6ee989e33de9b80c15175b8667cdeba8b41b3742847674b1d8ecfaf33
659. 81c76fa1f62fef50be3ed60b33468ba432be099ab977dc0deec80c2868813453
660. bd09f3d60b611edeb3950c5fa0c5afa7351b824391ac56a0be17ff3f1ad6ca59
661. b68d3ff328b4b545e617b07aebd6eb8a70e0614c7ff86d9803b1cb0bcaceb2ba
662. 696268af4e9c3f46416c4da6a841f87d8b7ef01833a05d631ff15f49293b342f
663. 633fea503e0a46b42e458151dbebd29a8b4c659c675dfc4db8f2a7ff3a47cb20
664. 6da7eacca666e3e3c47805d65ffaf8a44820f63c9025f8035383d8695fc21b0b
665. 91748a337e435578ec34474e02cda6beb5b9cc4ed54a7430c4fb56f281473577
666. f1173f627e57da5f0d112dd4e32ff14fc9ab622b4b42fec108d27531ac596295
667. 9d809ecdf17be99aea5f35cfe2449d76ab952624ea76584208a10d5bec342d41
668. c70127dcd142b12e16e24eb34c8e5225e9f817092ce626998d0fbf26cf40e2fd
669. 65bdd900fec89a4c1b07d3759faee25e1d62e3703bc7c48d11a843c6522c13e0
670. 48780a44908035ac45e8f1c4ecfdfc14a1d787be4573557259b9f208ea0e9822
671. d9cd9b1a8d91cd65a407d1dbcb4e5874ffc05312d553813fdd7f916a0cbd2712
672. d4746a397548f94da352f1031f675325faa2133b5cded9ff880fc491a6906d3d
673. c3341ba45f5981393afbaf5463b0f1e9a675d430df96438c37d75f4c23e688ee
674. 5920424dab5805a7a6ac911a0c2cb90b49e1d625adbd79e735f3080554dcbe8d
675. c127cab8de4c8a2fc0098b6137627dda7658cd64a7269ff6eb24b52d998ac754
676. fc0012a91111358a3e5fcbad83f4a090660f3f986fbda5aba7d593ee9dc538b4
677. 163d711d862634137583f0b05581dcb92ec74758592d5acdde52029a408f9aa2
678. 08101f2e40e7799ff0539322997f7a5dfe1eebbb208d5d1d8ee08079139744fe
679. f2555522d372ff56a493b6ca8820a7a68ab926c8db43e98a05437103cb03c0cd
680. 0560629c0754164251cfd6695159fae1c6fe78241c8092188fb86aa221e9780b
681. 0a7242dceb58145cacafa3c7b6ef19f807fd019c037b28891607318bb75aa7ea
682. a25f041bb4523b19d79353b36a21c335f2c74ffc4340adabc8c67cd3bf9b53ce
683. 4bd77e21f96ea4b309f8854bc074af71c499c349f2dcab47ca708a029fd4aad7
684. 9a5d1baa8acebb252900c95a77b5297759111cae1892dc539829187d8f1c5719
685. 0c4aa73c4d7c153bad87b1333ab7801e0d57d0140b439e1a17cd17cf3fad57eb
686. 7f5dd90d040c18eb60e4b7ee3de6182666387ca2f98999dd8ad7e38185aa4743
687. 9dc85dcfc496f9babadf5fa5864922541d6f63d4463801d1fc5ce28b623f8fdb
688. 3ed2b94fe76ec4806dfa043e5e0dac40cb8165f7e9eae2d95f7f19315e001262
689. a74df23998b5b56cc6e591fab8a70b48fb454959e94c72bfe069f94ee8458a54
690. e4c9f65cb0b46304ad526e6058db39c71f5a025bdf3ada457100c4432dae8b87
691. 6c3a588e42223dd9bfbd6d997fb90b07998c4da661bbeea801d14d42c1362f74
692. 2a3c64b76e6d4c44079afc620aeb779c4ae73b6ecae7a5af0011fbdcf999df3d
693. bba767d87d2f3222d56067b05d7e308b1bf28e5e17e758bab3c75c3afad17a09
694. e3e6662df89d29f91f26cd92ade7a84b3e65b4e521a8ec8d82e5774040d75757
695. 64b01ca7e690f6a2d407e296dab54b9d3c9f43186e2fd9a141084f2212bcde35
696. 9106de95cbbee1173c209b23c427fb8c5ebea12518a6aee5f86b424011c7c6be
697. 0311e556f5c8c77b6b9c60e6d22e28f244750c1b8f10154acbe100adaa04a685
698. 336edb9378cbe62c516a52b588d48602e49b92dca7beeecd3e1b757aa6c8da26
699. b805947f808705d884971bb8b7aadf54d1b2ad93deddc172aa93100f34b25d50
700. 2de5b93dde201d8f1e493ee5e18662e4d646367ed346d018f43fd25ad52d16ae
701. 962d0d623da3f01785318b2246a5ff88c38b5dad7a5832bb8b032583feccb490
702. c0d8d118960973b25da9e2a486e9009b5a56f32e865e4edff7f8d2876a89d612
703. 5b4b45cbd6e4fe7b2f220ad5ef53166570247513d4ba621eb55e7186c7748da0
704. 4717544e3aa595c64c1d0505d1bb9fedebbca6af56ab9c71fedf1c5a5d643664
705. 4f2dac74951988bbde52f2460cd108b87f1f7e4571d94d9287e282adec54cd67
706. 1ea3e32ab289538ff200c3463dcbd520ebf89047e8fb061762924c1e3c181c6a
707. 015fca9b8e2e0d5a74d9a48722f8e683d087601e82230bae8bd592e7fbb7b3f2
708. 852ae066e2310962166516abb7bd452eb166618a95ecec8fb160f089de0f7a9c
709. f6739a4da17989a1f9c7fd9f134a7c9b86cc83adaeb2ff608457122b02eb3f99
710. ed12da230c2dfb13c9b02dcd3acfff962e0c04e03e10b06074d738a9a6b491fa
711. 093e4850cc4b89c208afc5d2c38ac0e4957d05e470af8b05b56021d60129da2d
712. 623d4d1b1a00e58c0fc5ee5006598b831ce624a1f42bd7a31d4e20f9ef5ff3b8
713. 8fd0a5a4e0a7a63e7750e10e08dce30a8914a798660a7780bcbbd6990a66ee71
714. 31a9686caa9fb6fcbbcab7fa5d88632f288b2ef0760e91655498e0122fef903a
715. 95cc6987f781aa4b740f86f7561b67da52d3fc4ee7afb78c7384e064973e998c
716. f55b8e0a8cfeff56c469a1a3e4b6c173332112a8e2f79cd64dedfb1017b5f396
717. 43f56c67d2fcd1355162f7e373b40712613e8f61b14006aaf3426588a05957ed
718. 96a33b560125413f70eaeeb06758018e16dbd729c483fabc02b3c14195ffae07
719. 029528a4a53fc7fc35ea96e69f8290a40303bc0e3a2b2bb309c55c6ab66975f4
720. 51e09e115083f75eb95feeac758a50523380bed5dd1aa581b265668672967085
721. 3b0c123636d94c4541a93d65b55588dc6c07958f15e59049f8e80d0b53164b4b
722. de2f3d7ec5d142ab6c75b911c8449a99573f06f418179aa1727409ecc83bd2ca
723. 51cb4d95e64faf71ccea1742e6b507643685e6bff9bfa939e4926afef0dbc8a1
724. 8a602d3b6c8f54492d51d1af56e12f6ce462c3f3e0a6de89731d50785bbe0e48
725. 9fbc63b6e25b79a98a4d1f4de168da8f61dc810cb4860da300fceeac7b7a8c4f
726. b9adc51d63e0734d9faa6d6078697e4c82a1810fc7d2486837dbf08b551f199e
727. c9b9afba5ab37597569fb64fbb148c6095c6870be2173a446c46e0784c142a6b
728. 887457460a4ad8b98c573cc419d67366b27f700e360aacf81ef8fa6f3e36378d
729. ea50b456fc0a3fea980c6d2401267efdf9226fdb804f010dc2b12448eea0b4d1
730. ea50b456fc0a3fea980c6d2401267efdf9226fdb804f010dc2b12448eea0b4d1
731. f5bc3f8aa227a2d8609c01625c70773ba167c55079cbda539d9eecdc6d7de31f
732. 2b4322171ac38fda3dc4b228a2a1995b11cf32934f1d12940c46be5f75d74885
733. 445ea05ef6f1daefa57c1d9e2008d63b596deab2f5a118db7bac04b5e6c1e6df
734. f4c90a852722b599e85b9f259c612aa7d765614e721e54233514b0e9c88344ca
735. d9a3825c13d05a03d98ca9c3d3f43b3bc295eb1f5ce53b844984b1968dfe6a44
736. 92d5ab4518bdc30206aa92641869de0a18b7828913b582e6f78d7fc0d3cbff88
737. e62b2f04f38f27039318048a07719cb60cd6574645dfb01acf7b656bce162e40
738. be5bc842a1c7c951bd906d2167cc47788588d42985d939ca4c9ef39d02f32acd
739. fcd62b19f1b87a3188df82679f8a1a4cf14a67c386ccfa49a604b196b05e4401
740. 75955ec6553eedc3e038c52f78114e86c2a0e7bfd497c430eaa795d04aab4ccb
741. 79d09280382735c46f8fd48d32e423d0d3be5b679921b063e24cb65086c156a5
742. 98c65ac095f84bea43dfd2568beea2b94103944e45dc11ccf3bd19a9043271ee
743. df8e77adbcd30b31bd80e97475e8eb3e275c91208cbf0293d9993a16691d9441
744. 8765762ee398cadd920d086ac3c2a60e9a3eba6b93aa478b78619d6d56997a93
745. 52846c6ba192a0bb54cfec5c567d41fcadde980b45a3adac55ad87a5c40d4771
746. a9bb3e0e4cdea1392f713269841a6d50fb13d0d9a285592a8ffd97f0874a9bae
747. e6d31e6928db45211b779dc8d7e40b264d10f487c62e10de877762f4cebadce4
748. c597e529315be53171a3b5de5f085e249176780dce6e9859a3c54fa6e13ceaa5
749. 394ce042328e7f17e390c17b9e282cf894e4e5a7016ff969cfb2c26b96f5f8fa
750. 2e6a6c15ed24d777e82224a0e989fc9a4beece503ccf1683a6920d75c3a58374
751. 8f4b389cbc24ec672a3cb9c57a50ec1cde72a04afe891525274fd0a8fec5a519
752. 06091601a5cb3a68469c04647207eaf5395d7d520a887d18ccab92479485cbd0
753. 695c6c8e6972c582cb940cbd70e3911ebd78c097effb2e110a2c4d0ac6750e5f
754. 7a818a3b20db32ab3a88f796c3710c2726938ac32609e8b08e3281d5277973f5
755. f58e8896315634f87186e8a7746ba21af4f1dedaa02225d229d08289cc6ed340
756. f52d451d20ad32fc52b430452a48857125782f51081e3460c64821facf942d63
757. f52d451d20ad32fc52b430452a48857125782f51081e3460c64821facf942d63
758. 2674ef98579778b8918a9ec4326115be725811e589a4967ad6c70bfe2ada5b48
759. f25ae48055276ef424eec48df1dc9947ec11e403ec7d9cf476b5166a0dd731dd
760. f69f07d55640419cd26a7bcd4548d4c3452794118f803351b3e7c06c5895f430
761. 9f3c149401deca4385200624bd960bc56f65589169f617dc962dc695e5264698
762. 0df8e0c1636604584331dbbb5a57df3c5c811c21db39eb47bda540fc55760265
763. ef16aee953606693cfcf892ba823ccfc062f7962355173ff992c79cf79bfa84a
764. f8aec14ca5a0fd617825ea2d6355819b0362c971285c3f9b98a797320ef436bd
765. 5da488771253d92cef780635917ccaad602bf0ae9c61ca9ea4b5a4b01189700d
766. 81a7265b577a39e30891e4cec1d7d0900263d76191288ebbfac1fd004c738689
767. 90a71a054b125516424bfdff97e1997473e6e4e90fd9cbefea48d286c4cd99c1
768. 86c83a1a88bdaee89d637f8f5481b32b5845ad38cd30092a22fe5a34124ab658
769. 02c724616924c1eecbbc0118f69df8ae4592d90d3376934c764774006c16b09a
770. 98939a9121656d4672521ea5138ad135fd431f60f473e63ed6135e1f72d6f8fe
771. 36ea37fd2043b392b73573c36f0f7e84c6623bbef8ccecf9f398069eedfd0e8d
772. 8422477324944957139ddfe6ac1d806fa0a7a117238582f799532c1b2d59c168
773. 8ebdfb5d08741cbc6cc619f25ccdd2e7b338cd0ea9d5f73b975b36ea7ccea617
774. 562ae5376aa26146f4896c5a7d83fadaf7000b460428afa88ab3c3099da7f2a8
775. 4c53dae6f90bc98e6ebbe6f120ebb28f3889457eca1edaea25f5b2f4acdddd86
776. 701b28fac167192907fc5bc87e631c2e963e0537d6c185f51fd373d208717565
777. 37ce448092aadd20db96638502eda7c52a3fd2aa529969509039af9238052878
778. 5aa28f2552971e8a4d7a20d57045ac580b81aed548b80f61d773c26493388c79
779. 7eea364d438128c47df4f37d1ebdb4c9a3879308412479ca71c31f0fbf829feb
780. a982b2740d896e90cd2e606ff267bb72ff0c2a3375cb22ac42cf433097c72eca
781. 89d174124f6b95d235510102f72c5b0522e55ddd2a88ae238d5d5223cac7c7c4
782. 53c1c4c440580970181300ac4f25a17e89b8b5c9ba788c709bd2f51982d0f14b
783. 03d0eb869bc847ae90401cbda66f8d8199fab3449efb8a01f7849ee1d7407fcb
784. c87cfe998d3b512e752dd400795705bb281e7404c292b3b5285d59a035590700
785. 7c6a90def5c5d6684aa579a2c8dbdd03f6f31e5f087ac273f1722fbe2d7314e1
786. dbd902abe1bcbd55419c65c6b20b4404ae5c9058d5b4d4e4a9440aefb42338a0
787. a97bf0320f65d812aa2ec498962ab1b34ae62a0148e5074aa24774bf6ec72298
788. adb54e87a56fd8d8621b0716ca3b122517261c694603fa31c17b9e8208593cb0
789. 8109844cb71bb330eb7327facfdb61c9e3f79c5f8394b9017c61f017815baba8
790. be20dd63213fbe0faee465be74c01e01cfdb86eff81e32c8437027ed13667e15
791. 65a3070d09bf57eda37c409685815afa95349893cd9330ec0575b060aa11f383
792. 0b024d6fb03727a9b11a59f8ca626599bc2c18b75ce54dce3ba974faaa4370cc
793. 8384474e97bd7c81f6b9f2a8931ac5a629a233663bbca21f529a92b1879223e8
794. c78d38a7ec3460f9ae7c184b6de531847586c4ba083adccfa56ef8462b1fd47f
795. 7f872f41ab0e7ec9119a209462bc8d404e7547ed6cf010591791bc00467d65f7
796. 43e1701e374a30d6dafb60d77980ba33e4f281f72eab4c80716bdbd3844d6ac3
797. 7605b4a32026f497c4e7f995f83fa1780a7f7715b80e9e2cc39fa6a2586e7c5f
798. 8d8deb32eacad37f9769a549f4d1f8af28c96c33b84a2374fec84c0df03db974
799. 43bc0cce3f6a24b77aecce90b4a2c9580d75714ebd4153876a7bedbd96fee6c2
800. b79ec8af8ac18ac2021b72491d1f115b037fba796b7810ae0e725599388803a6
801. be65f1fd1bc1dc364662ea198a8892fc96d6cb17a70646f44d0b558dfa1ba8ce
802. 77fe5fb0ff6927c02f22a74b8880eec756f65caf291d53f0cb329e1817e1ed7b
803. 69d45b5428ba613fa67854b4fcadb6ad6c6e01f0a38ea4fe6af11c1c4f60d6ba
804. 42456fd883b42762f028206df88b0656bb2256639f33fa3807de789478035b3a
805. 7296be9f325b0c512c457112f1e376be90158a35f2da39dfb4a617b43b5329d4
806.  
807. ```
808. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
809. ```
810.  
811. Creation Time 2019-04-02 23:00:00 (From ZIP - JS Based - Fake Error)
812. SHA256:
813. f29677dc2aeb9324b6a953176bb0a64a40b9662ef26fd81760c0ce36dfead16c
814.  
815. http://commonsensecarbuying.com/awstats/b_ru/
816. http://nomadmimarlik.com/tangerinebanking/8_v0/
817. http://www.secomunicandobem.com/wp-includes/YL_Xk/
818. http://grafikonet.com/wp/6e_yq/
819. http://mermaidwave.com/wp-includes/r_U1/
820.  
821. Creation Time 2019-04-02 20:13:00 (DOC Based - ENG - 365 Blue Box)
822. SHA256:
823. 5ffde363314ccfea009b707fabb25ed01e1bcb6661172213f18c8abd39272636
824. d0442ddc6b95e178d3427a55c37ad5a78eb4bd61988a66c7e6a12de0279e1fb9
825. 59bff889266fe96ffeaf9d453118f5197ceb675477ef3abbeb15751fb93b01a1
826. e6b37bd1ae0f596e27009d75c1911f1601d2bcd1369b0c5fdfeaf9b90dd17431
827. 330ac5989479e19256c3ef7616081e51be0baeaa6d8ccae7630de7e27f189b4e
828. 3907a7c31a9608e4e2cef08d6d2c50c9d6f0bcb99e1ecf2ce89678f52ab60bb6
829. b656ece0ac32b84f9f60c002776bc41b6f4405a41d405b692800ae80022492f6
830. 05da7d14296a52e96b68f8d72908320cac098cdc3ee9ed91901131de7b962b94
831. 2b03a85ee886f666ee8563d2428c51e06bcee74b8c7ec844488b94098d880b79
832. 4cb9a461380191292804b8d0531290e094831e5b46c7d66e1a9d3144be025a2c
833. 8914f9ddfa036cee2af300d03c8e2a1317cd3dc3e1b78773559a58a7f8b20140
834. 599f040cb8cfc92eca900081f1425baec21c4ec5513e0e98a44cfcd5a006ffc4
835. 48d9dc0e71c860f8221db3840fe583a6186da087d7c9061d48df333c0c30b5b4
836. bdd207421a3db80ff0023ea6514d22bc6daad504362f16f2b240bdd413076859
837.  
838. https://derisyainterior.com/advknd3/0s_r/
839. https://tasawwufinstitute.com/pxtguwk/RM_MM/
840. http://dlawgist.com/wp-includes/8W_M/
841. http://www.ewadeliciousrecipes.xyz/wp-includes/i_Mk/
842. http://cliqueservico.com.br/wp-includes/UB_cl/
843.  
844. Creation Time 2019-04-02 15:02:00 (DOC Based - ENG - Upgrade Blue Box)
845. SHA256:
846. 9e8b30720f8b86674b6fffa8acceb9c10daf4369342003f9cc2be7ce629b2405
847. b9746e7ce5d806d7f4ff42f8e03c88cde94b4f258bead511fca7473c81b9daed
848. c0d363eefb375683fc736119f5d73865e2d96258556becd12b72242cb880356f
849. 26aeaed48648f6a52596e7114b02a939a2cbbc80febb8e03f258d1f37e5f88d1
850. 4b71de470deed5b8ad50d437049c34bf98bbf7a4c6f433456e5c48c735db5492
851. 9b0a480886a2daab45cce7d8ff0d15313dbdbde30f915ec449c23f6fa485b2b0
852. 729a4c448b9a23adf09b81b228b6b9106d18c2eb930f152bbef1a88623388290
853. 7727b36ff251fddb1742ad5566f272f4b821d0bcc9af26103b2ffdbca3f1de05
854. 2fdfb2a4d3c190ebd0aecf4d5f7ec41bd6db3504e3c65a1052979993b20bfd8d
855. 23d6088cf5047039e99b72edee1eacc4f80b0c70184944bc3f0761b9c6ce28a8
856. 42f8c87a70b8a89f06ff1863240ac8730320fbd9eeda779795b0b94feba20c5d
857. 26102e0c000bc217f7c9c375cce00384e3e4eec62dd77796cb89784e5356e4a5
858. a0eedd5eed760c5d9efae761f97850096959aa003e38593cf49531e69f5502f6
859. 36d0d07deccfa91620eb476e3d17eca3aa075eaa3cdf453a05d44e6004151369
860. 78e0300f26a9d375eb1f893ffa9a6e0dca899ce7fa957452919c881728e0e0eb
861. 9ce4a3c1714123a321ad9752f9f47260288330c0f820973f5ecdc4479fa085ec
862. 8400a9b9158f3da10f7445de937082ae42779861fddcf4902d0720c0aead5604
863. 0f2f71c68c53dbb375da3fd1b3565f538e0352a373c2f2831c85b4841359991d
864. c967150efeb943f6f6167be48f6e3a1b0b40ef00807daaa7f6c92b384c457af3
865. 69dd236183d68f23d721cef9d2fe54d6f008ac65b839ea5e8347a32c176f38ed
866. 62338c8fa3a628c5875f1272b7b6578096dc4e03c5b402c3c9bd1b4fb191f66c
867. a48536ee838226f3a5d6094b9fc82ea75085846aa402ff2029b6085c47839181
868. c6c16be70bf6800e05f8f6154df42dff06b6eb60796705a28010280f0d773b23
869. 7788bf3f8c9e09658a9c7c5428d0ca70ef637b332208beb403a8ebacb3b17866
870. 25afb63edbcdedbe1c730f7c968d951b3c6a1687769ed646bdc4910aad2ec486
871. 3789fce0ab0aafa72d4266b30598ba9f67e36aa18098ec596330817e05b3169b
872. e7450143dfcfa4cc5a526b28124c917a1989ec699ecd1dd0a7ead3e6aabb89ca
873. 297daa63a5afa0ffb90c0928b6d0e09a5cdfa51ae161579b570ef8953be95695
874. 1b516b2e4baddc60096f61d6da4bc6168346c7a0b351a1195ac3bf15773813ba
875.  
876. http://vidaepicaoficial.com/igs9zfr/B_vI/
877. http://fastlabqs.com/wordpress/Ck_8L/
878. http://property-rescue-associate-consultant.co.uk/4lvggse/nE_w/
879. http://dentalories.com/wp-includes/3A_F/
880. http://localsparkycan.co.uk/wp-includes/V_pS/
881.  
882. Creation Time 2019-04-02 13:31:00 (DOC Based - ENG - Upgrade Blue Box)
883. SHA256:
884. 7cb1a68a9132eff83ff444ac137b090d3db4749b143f712db9d4f31c58d83623
885. 0a31017562a6617fd3f85d55fc5e7c50d1de476d90780544b90bcfb666a9c338
886. aa0bad5b4aa9655481dbeb40db227d3132e0d5bcac851d7102d9657082254efa
887. b5d1607e85a6d29c7b9724693ca53b031d5d14457eb5b3ac76c7a2fbceebb64b
888. a71a9980a2858b1b5b605dae9cc674776410fb1e9d83bcad3222ce170cede724
889. 436f356b4c57f7b3a9b5b518c343b8beb73ea5d8867d3d4c5a070e1695e190df
890. 849a6f9f522dfa5dc0a871daf12342e59a939bd7b7f758cdf29d5080901b3fb6
891. 366e026751c45985488dff5ed067a15d34745f27223a38fdc8bca427ffea2dcd
892. c4641467435aad055ce58109e415547c2079d8ae013c762f8a2f228b86090971
893.  
894. http://vidaepicaoficial.com/igs9zfr/B_vI/
895. http://fastlabqs.com/wordpress/Ck_8L/
896. http://property-rescue-associate-consultant.co.uk/4lvggse/nE_w/
897. http://dentalories.com/wp-includes/3A_F/
898. http://localsparkycan.co.uk/wp-includes/V_pS/
899.  
900. Creation Time 2019-04-02 08:47:00 (DOC Based - ENG - Upgrade Blue Box)
901. SHA256:
902. a15e9e7a06c1923cde4c6e3ef501aac19a146b5c98cbc645745d45fd6730da66
903. 98e3705b4247344385e07c4b7bc50c505e2fbef79fe3177cdf6b83176f4e4272
904. 2c4cdf42f536d858d7f978e459c7a75333cf07f05296efe4a554fea4d426946e
905. 9897a556b3d1de1178deb9f7a583e5e8af6ac1e10776238ab325e5183efaa406
906. d034fb677e953189343e9302daac7dcdadbdd7f5fbede3515ad24969963390ca
907. 1efa1d2e7fa4c450b284c15fd8f1eb5747262413e9c600c1d311f956f5597ee6
908. 1af732a1b95c975205229ad4b301a17ee206de6b2f2da5017b65abb2eb4f8e8d
909. 1566482d7da8651cabd10ae925de83cd5d084e22e9fe1590c31eb8e44f8f7a72
910. 5dabad4916c92748ae0c69bc10d186467a4b4971cc8607881e9961f91ee77a55
911. ce8693c0c45a8e5b434db54d1a80daa239d883717b4e305c7a7c6b4844e2b72c
912. f771371c77e4ffdba8d569e4e3add9909e09466e372c23c91361267a33b59688
913. e29e78923e7f46281b6507dd1b10103dec5f7ca876a55cb51bf971c60c75d0bf
914. 4dd7f4e459c5ca132990bfcff6aa58b066c5468efe5a036b0377eec428c53270
915. ac80ce87c423e14066360e7edc0d3ef2fd3286450f4ea990d67daf274ff47dd2
916. 7e93a81843bfe8c999c330e2fbb833995bfcbc2fb77525749f555163dde742f9
917. 4f26c5a52cdafc9c7fa2d4cb63ef3e32ea4d63f54e5e192eedc90c3d57d763de
918. 1f13c6a96d9557ff3f3bc90798697345bd02e5765e6912d6494fd377eecefe2b
919. c9463c9f694e78e144bba886597e088b71126a385f038b3d01a0726a5a2c4435
920. c2747bffc2121d30bf4de6d615ca38cd45abf7ae7ff91b9e11d0cdc1d150fba8
921. e051128526746f53a88dd5f5ace45a91d5c49afb4635ec0be6a4428b9ad2a471
922. 17fa36c589e64859b088852040692ace2b388705a611a981e5fd68ef6c6c45bf
923. 041b6fff7d3e26194f4dc8b36681fc0958e863b3c6ceae3d8ac2fb549f8655de
924. 8f55a0fe372f475033bb95db248e1126b0f6012dacc7b75faba46416c214f40b
925.  
926. http://bext.com/kimberlykarlson/n_N/
927. http://groundwater.co.ke/wp-admin/s_S/
928. http://denmaytre.vn/wp-content/4_J/
929. http://imhanadolu.org/wp-includes/8I_k/
930. http://acachopa.com.br/wp-admin/F_J/
931.  
932. Creation Time 2019-04-01 19:02:00 (DOC Based - ENG - Upgrade Blue Box)
933. SHA256:
934. 8a35c1865bac08d865b42f376b27091b3abce6a9c261daacce084dcf6f7b73e3
935. 8a35c1865bac08d865b42f376b27091b3abce6a9c261daacce084dcf6f7b73e3
936. 95e23ee6831f0add96fdce39a003392c3eaf7caffec7bd31a8f1278e24c740f1
937. f4be92f5fd531238aa5267e25804ba29b55a17262f9eeffe210c1b953861eb1a
938. 73a7868a4e79898e50f4176cd5a235fb5fa7a90dd6cdf54dcf9413c3d00b964e
939. cbd1da5b09ec4e06a58c770609179fa59633bbdccc93d4b98d037299e3fc0125
940. 8d5cfc8165170ec4e302cc7d63e5954163cf5fca1474895d9adb76456675e997
941. 679316bca31bf37ef5bb11014809588f655d8a0a2c7145d895f1340ed7889184
942. a34956ab5c25d807323ce9afae3524f043f5dc024379d8dacce0a4f0dfac5a43
943. 4f1fc0879eed3b4c18d7b4dc1649c73b705e416138d533efcf368d1eda84bb62
944. 89f88a6abc4ce17a27804192f6a0db40af91f4531b29b381134c70f69101d5b2
945. ae849e7309328e74a53b55116f87ba7fc004c7fae5b0bdb400fa909355de6272
946. ae849e7309328e74a53b55116f87ba7fc004c7fae5b0bdb400fa909355de6272
947. 8b2a6b33f19d4e8b028b7b2a999affa79bb3b33325a0b1f29961bfc8b62fa302
948. f08202ef625256eff141f9d1e458f059e3f5220bcafa6b71ddd0f14229b0f1f4
949. 34c9911b59b5b831d2067318cac6922c607963a5e5f81bb182c321ed1498aabc
950. 34c9911b59b5b831d2067318cac6922c607963a5e5f81bb182c321ed1498aabc
951. 770d07ad2c9a92bac676e55f7776e5542f69b31d2335535ebfd9dfe7b32c58f1
952. 5907a741f12ecf7df9fbe9076a56520c4d4134a3b59d2801e5ec5ca6dd3010fa
953. d564c45b3bab4adc9f5cbb89a5343c9f437a6130ea2d02818031c49c009c79f7
954. 19e0b58eefc53e8a84cec3c30410887a3436b913a73c99f310d39aa36f939622
955. 165d4aa8fdc026df7b3824494f237201c24d86b86e79622d9d52a7e0c4303d84
956. d9288a4aca5f9d02f43e345a282f9489c1f2e2efbff29631330fcca550b427c2
957. 7ba53c8b849fe05ab5f8291d7d6f671afaf42e66e754ff7efaec337fb0d71ad2
958. 205db6ffe057d2fda0d095a11bc2e854e4c4e2bdd570e34dddec7311f3df0525
959. abc43dccb9fea38cdef1250dc47531f6fb43675ecac4a1c4cd0dd8a403879d94
960. 820418ce02a84426b15871b23da39ba47692320db4a423adf28ec279a3677e2e
961. 033a9ddc186d4dc211f8ddf203ab15efeecb8c86f534e2d3c57430834f140699
962. 4d8972a8e9daf54dfb3fdb47c1d40594b085c83cb77a593d56fb90bdbfc9e933
963. 6d38e01eeb359aeac9e96fe8c380728602288f9db548f2d6e16754fb53c42d92
964. bb4a9614c41860786b93b17beb35718c751fc645166df38e66e67dd5a118cc5f
965. 3bd408e01a4d0c3fbec407d64cd8077fb56a98a584f73ef15356bfbbe5182151
966. 5b7dbf17bd4fd14865bee9e7175931ae7363161f2fdceacca0ae5f587a5e41a1
967. 5e33b03c540eeafc80493ee77d49c62f6ebb6976f0a9588f40556344fd4369c0
968. 5a492ba7dc3632add890cfeedb1c6feec57c8bd853662d6dd21be77a7d8b4704
969. 519e42f855be287c5e3a84e07db8a58d86398462abe07817337204cddbabd8b4
970. ddc3edf2160ffe638af5016d0312b215f324c951a0376048843a63582097a0ba
971. 350d0135b263830d9c2c6c4eed195c014c4e4693194d647881c5ccf6e1c183bf
972. 8cf33605a0e7696bb3b248aab286c0a56cfc3cd4bcaa8e0690f97ec9edb865b4
973. 7dc647ef258aea0ed09bbce598696329dba4a6f4dbdc70b4b037f4e8c668af50
974. 2ad42b1ed8879fdefab43e32fe200eab856c612964a711e9c51b791bb59470af
975.  
976. http://bayboratek.com/28032019yedek/fd_2/
977. http://client.ideatech.pk/wp-content/3_d/
978. http://fabric-ville.net/2017/y_J/
979. http://hadiyaacoub.com/wp-content/uploads/2019/Mj_W/
980. http://himatika.mipa.uns.ac.id/wp-content/By_2/
981.  
982. ```
983. #### SHA256s for Epoch 2 Payload EXEs seen on 04/02/19 ####
984. ```
985.  
986. 9d8c19d4e9665e8445f7ededc120dfa06d77ba7c668cbc5d7ec1d33ec7366826
987. ecf30f033e7d79fc56f5a5b2494b9f60f5abd6275c854750cd545bd7da8bb237
988. da0043159bb06d95fede764a8a63547a18fc283ef7ee0bb2435db4d956bd691e
989. a7d3c2a88d4036e24329359d1081d6824982a287c38ec2a5113cb3b18b79c162
990. c1cec5477bbfc2fd0620e8f2d3952903f8dabfcced2a4d102ae68b82545dc5a6
991. 423fdb0b0ff58f90d07c41206848a455ec89bc5af900c779b0bffca1d7a4740c
992. 2cc674b275367dc0f65d4cb1bd640bef32dd23c6633d30e8a226475f723bffd1
993. 25f5d1734bfc0d99fe0e795a4bd1a42d8752ae745964da53ffc95570443191c3
994. 9a986226b268096c51a6ecd113ffa8e69aaba66e3a6e3035aed1198a9ee49f69
995. aa476c6b1ed253fd09529c016f38b977735126dc72b03625f46d1c3b94aed909
996. 3b309fe822bbd21a7f54981e3402fd4f4c0dae390fd2475e3d5a277ed11e86c0
997. f9f26f32ea3bff6016ff5be797f6cffc6730137752c9cf8bb302629bb39dd8e9
998. a161a7f4533141f564fc03165b70f43aaec393b2a233727ac4344723bf9a3677
999. a522e723b63e1ab00714480e7736e9ed4f2c3d15e24ee9c6b0b7e7588c75d8b0
1000. ced747e8a435383c7ebdde8731bcf5d8ab813e0d312495f4d27e3112a9eee27d
1001. 820b816d6a7263154395b69184a067dfac70c47942d5e5d67e1873be592a3cd5
1002. 46bff5245751457ed1a76443a37e55bc261d6700736c5507c39ba3b728af0ac5
1003. 92e048f19ea530c6bfb969bade966289aa5b571f6e723b1334156ef52ebcefa9
1004. 92e048f19ea530c6bfb969bade966289aa5b571f6e723b1334156ef52ebcefa9
1005. ac27f539344478f66ee846e0677f5bf2343e3f2c1e14f9e7a4a63b62645ce714
1006. b409f2b8829ad998d908936365f3f26d8b5fb8b92dd71f23d2535f09b0df8401
1007. ab15d1dc75145c381e9aa3931d96e4efcf888b68c1c313fafa09f7cd91169236
1008. 8ef7894b244dd27d9154cbb07056ea0c71b982a9d7b84174713705293d51934a
1009. 482fab907bea5292901e0c368509b1d6e3a033235347f8f24e10e70bd4d526fe
1010. 6e25e97fcd7eb44b1f2faf3b3d6d9d3b0d0c1b597175b0af1bc82324914a6604
1011. d614ce558dbf31a542d388e28c5890da7ea5228f165f302b2c7386e588ea5c4c
1012. 31262cdde64882eb013f77a27de7e295e8e4c85f7f4f18f5206d0aa819bae4e8
1013. b27ac96e3ff1e6b07de21e22ed4f7fd42fd5c222136534479b7ab67938b1efbe
1014. 62cc42a7db94703cbbcb2887acb31910f939c97d5327e727d6cb58788352d429
1015. 73c0728ef093ddbc859fd54724aa77b6d493a9a345d4b846075c9b551d5db579
1016. 7b000cd9d4568a4bb1c9264c48285c1f6a22f27fe177cd90a54567c1a0c5c598
1017. db68c9fa2f0f4c022dccc6b21ab6d7300d5143d9095f0678dcde563c4e20fd45
1018. ad79d15e1edf1801cfe5d3700a7115d4956c9831613bcbb46d2b131b9c904ba4
1019. e8d73d98782c49dffe8df731a7f0eb60fd3a8b1fd95635a44e64d7af00f53c73
1020. e647a8cc6228350863bf14e034d1a94269e14a340fc18228e253ca0d0256f729
1021. a0d633954b4fa3e9459ea59b1ee255568247cd1a6cf5fc4bdc999e5283665306
1022. 77125cc22d06a5392a0c1ec7e7a593eb8906193375c6ceac40d11ea4213273ee
1023. 0a990a8f36eb57a809b7f9ef757e8b5430631e44a5549beba783771a578c3e76
1024. 7e69d2a26a51d02bfbd8a4843b1db32e8de254c027b995e9cd96565d7d8ef7a3
1025. 80bb06eab9a9c1a2ef87f865eae7e62e2c5cbb8603b80ac5a3e4f8c78b05964f
1026. ab9a0399e911ab1649f1b4278c42d6f3b3acf0ba8555d92616bfbb54ee209712
1027. 697d49dbd8583e3fbdaa63e6bd44d3792c93b3ebb721435d20d22903094d3a43
1028. 0a3dc38732c4b505c9ac665c96d2ebb997b1206486595865090a4b332768e4f3
1029. 5d9e3eacfece1f3e9a03d4f31e7840d81735ae05abdd0c2ea00d6d547763ed65
1030. 117203f7d1ee778232002552d3d8d4804349cef065952228b59ac77f5bcf9417
1031. f9b2dca1951da6b0b336257edcf73edb5f8e55e4d7a62f65d09ce0df2365e842
1032. 78c9b72e5cc9ee2bfdb1bcf2f584216de90ba68804ee56164cbe0d7ec759c802
1033. 3beab47b114eee39e92b65d9976095f7fe3285677648528ebcd856159c95ad50
1034. 39870b34e07846ba3b4e9ed1c01552728599e35aeb063c312759c4eb8878a3e1
1035. 8d9be23bee5480ebfcc6d08bca6a1677b232b8c2509e1c09f9edce71cbd6555a
1036. 2d7ca819ec6f390dbb728996e23b6d14eb241de2bef5220062eccbdefa0496da
1037. 12f3b7a6ecd6c69417baa26e8ac6cdd58ec36a6ae9e31989c7ca8e437643636a
1038. 690c70a33061afa43f50f2fda8ab5f92ec3d055c7381049f3a9cc16edacd7760
1039. 71dfc0d6e41d6f13a905120f6e45df6553dbe858ec8c2d023ea628ad93d59858
1040. 6de2c44b0cf5cadfdf989bfc99b69f7e283330cdc86bf7e1908b11d161cfaad0
1041. 1dfb6c7bb6c2c52e467470d53ba3e32881a432650b8b3c4c0a05200dc4dba23e
1042. cc1cf3b72eb372979cf81e2d6df7627bd9d10cd8908d86a9da1bf5ae5cf95497
1043. e339e30878672d8d2a7328b045ed828d1629c51c8b78e18de0e30834034c8cd4
1044. 160e87589015a0d6ac4c1e3ee2ffaa63d498bd3c41b1d678a6acd484f4e1ae9f
1045. 13c7a5f38a33f710f11ac0977daa87b60ba34f3a67d3e3a3982a6ffe24162c85
1046. 6e19980ebae7d6d040135a6feb751eb91b382508c3636cc05454b5512af0cae7
1047. e27912d65e958083c402793de9b3f7f21d6ddcce71660be87ae1f5460057e61b
1048. edf7d0b7ee061db6cef58787d3972442ec4d3633b7ff86da631df11b94b2b7af
1049. b4075b7e79ff8c2c24ca32112180fbe47585efa7e450d4921a60ee7ff128d3df
1050. 669f27873d7d894d23aee0452d15fd12c07335faf3c12c1c885ae49f0509edb6
1051. 08a87dc6b99954c8f598aacf10374c6c70dd70bd03ae0846670d40e68d9e376e
1052. 2a7b806887276c0ef2831cf000b7aa244bdc91d6d6893a56dcce6d8f131eef0b
1053. 0174d726cd09861843946ce9a564f68eae5f02c6aa09fb2d7844da5d71d0173c
1054. 6407b8a7cb20e122fd4c5e03b64d8f95883027fdb5da7dde75ff7cd98b84a565
1055. 41ae229e9cedc84362b81c903daa644f571ca8c41f3c0f45b633ea83ddd143bc
1056. d3fd9d10ba799b7c4c8b30aa1cb6057b3dd1871d5b7f14e66d1dcd24b64bda49
1057. 1d4bc0b135a3976d0a695599aab3d64acc48cfce6cfd0a6f32d7e2b8784a0313
1058. 5aed9612501b8ee03bea9ff64f44a645d2022f770552c40bcaa98bff118abe69
1059. f12d447cbb6affcaf04e956dc0f6846fb58f6f68df41d5e9ebd7292659ed81b0
1060. 0434cb6d024da5f0b4b8255e7fba91cb5941635cf312c0eef16a9617698a4655
1061. 8b03625cd1029c11b43d739ac98a4be919821e9dd60fc5febd7dede32ca7112b
1062. e3c337f985337a02f6f4a7b45db700b7d0bc72c9f9ca63716afaa4e76f0364e7
1063. df68f51e0b12c0c6991e6c2a02f8c5173849ac02e3ec92f77f2bbba0f021d168
1064. 8f466a477fc9bde4987c636d066650a0f4c2d2cbb3259ade7e83c79963467d8b
1065. 126e8eeac0653d4dea92f70e435fff9188c266b2c901ae1d29518a70f5f9f11b
1066. 5c5383624b9f6377d559f13b6ef8293ddf10df2c360c6a09c3f2da4f1fce794d
1067. 76da0829c5f7661fcc3f48d3cfcb65624b3b1de64ecc66e0229730b1849a7957
1068. 41f3f7cbbcd17c4eee28616e14e8b906d0f737a1a915b0deca18742cc03f2ea3
1069. 199a1c111abaa06ab294eb33bf160f5d82e40e85b2f9b317b0e6eb719fbf7606
1070. f455d4cd7e255b88a4ddfc5df0aa9dd8570797f190791771165529a96e29ef0c
1071. 8e4b20dbd8147758d1f49805df58a2fb59b816c2f50f21785ba4812ea52fba3a
1072. 30c7ac244502a9c9433716c37c302c17707e866f6116c41e7a90571aab60f604
1073. 3290936acecad92b1b8c42a0078a2f4958c96817a77ff7cc497674ab47c04589
1074. 19c8a74192c130e8b99b70ce73fdbe1030fe6b121c6f83d779df598aac760de9
1075. e0c74985c399aad9a1b3a7d003cf8d662aed81a65456498136064e78857cd0ef
1076. fa1ca3a557ccab164bddf55ffbdb0f2f808d54deee78fe9994bf7c040868a010
1077. a8aa68d37e9a0ffcca5db7c4147b094c12d01670be3d97346dca18a64b86cbc7
1078. 5c63b3a8f507c9a28f618623d1ee81e8c82ab9c403c00869341dca84d694be1b
1079. 230601b20834aef0f763b2ef224f111511e50ca1ca71ce9dd7cdbbce7265ae95
1080. 9af362768f9590811e859f451774812a8393bf18555cbe5d5b54d696d26c9465
1081. 03d370633210c25867584d4e604ca40c58296b619d7a84eef56d166b57e416ba
1082. 770fc189db7dbbc4a0670dd8ac4ba3872f646f20bf57004281d67623cd675681
1083. f3b9b6b4a367c1b729b474300d50d5de379bbf1bbcb09c3b27a255e3c34166b8
1084. 41643d399ac0b1f6fdf4fb0649195bdafc991fdb60bdd6bfeed744cc20065a2a
1085. 6afb7032850d1237fb65816e3477ba2779fff10c53cff58d5c72b00f0ba411aa
1086. 65db750b23df58e53bb4b2b276dcdef6e71601ed8a2ecec60be0f8953d2f1ed4
1087. 511a2e5c7d6a69378048150058658576849f2f56736838e2737b92da68065a6f
1088. d1ca2d28e59787f2fe89c374977cc0bd01e0f131422814211e45bec3f467ceab
1089. 8251e8b5aa4c7b607fdc4888bfd0667f73c6b42420967a700177e9803cae61ee
1090. b2b72579d7b2184d863242a577928dffc109a2fd59b04b52362ea76307ea59a0
1091. 658f03c59d3ac734ecfc2c3595fc9fbd841b304e59a0ef893b3c8b29066d2c87
1092. 06dbcd89ee8fd15cbf05c9f38a8b451a0ec621ae1f0677ed150f2354ae03ca74
1093. 8da2c4881d4de1969e680f255fc12096253a19215933632e3c7f3a0e98df80b8
1094. 356788ef65c1a14d1a571290aa4280e6dcdd792b4515a262831ed552db2e0660
1095. ab0933f63bc7f4e2c732e11a0726c53e6ae74297e1d14f1d771cccfe565c6cd5
1096. 75fe3a11a74f6a15deb44353229d837feb29618595a0b294af62a26ea82499ae
1097. 8ce564ba3eb68a2efe2705172b5e1797a6e92251cf8f3f07d73c6e022b557323
1098. 9d15587e8a3ab1c7a020cd6d92369b707bf42788ef87c3fcf37ec6c3db6d0994
1099. f3ba54d0940e735c8046ba2b3cb20e4c0b952c0ceecdba9113c375f5e914f921
1100. dcfa7008ce1e68b0b8f9801f59717664b54c151b9c32b319f3c91f2bc2e0c65d
1101. 7ec857fec5a0152489cfb77288d1a310f40ce5cd765c47b071cfac1a517789e5
1102. 8e5632e9cfdb29bd36466984f07f9592828639ba08fc5fedb12f412849b96553
1103. d7bafa23094a78f80289e227c49a9fb8fafd2c0d517baf5f33ea65e90f195b16
1104. d3d55891cc95a22bf6319f44c1ffea4073f2e5a94ca3f71786482a3b87e48136
1105. 3cfe8c192df26902448a62c5cabef2476e70afd2b45dcfb19d904559c87c037c
1106. afaebb5e335da0a166f53df00f1628c5a02e0989adedf9375bf776111e568beb
1107. 5e3e7f5f422ba16c2ceabd1758bad136b9ff32a39bf235fe412ed1bf7d92a56a
1108. 0b29f2050e40cfaa3e2a62804c1ce8b360d385aa603feb1328685c879ff7ae5e
1109. ec7ba64cfe53a2e656fa0dc0921927b868fdfc61df6c8cd211377bba3c1d1bff
1110. b75c6c1030acc1facd052049a0d2a46f6c27608cf530e852923cdca31d4a49fc
1111. 92a23c33e0bc3568e7febcd97806992d65377df7c8e1432b743de3dd3e22a1cc
1112. d71f191a28c2fee43590f019907764884447c6c7f1bbca2ecece3ba981b61bbd
1113. 6480c16200ae67de73c1459e06c755959a503cf9e3249b9745886ff251ea4471
1114. 388b42ffda83b5d2913759f261b01ff06aa0b9b1033f4ea067a2e6ba6fd21bfb
1115. 776cdf31e139a1f3a84729274a716ddc1cae20e431adf6a574de9309a2c0bbe5
1116. cd482777ed67bcb237206a5c62a91b2e0f0794a92dc81850b26798e5ade789ea
1117. 3339864b388ddf70f5f1502ca25d72618f1d59a8ec395c406ccaec4b9170065e
1118. 8ab748f35ba99520113abae2f493def8375f3770a6c5f680af96b644ea19c236
1119. bcbbcddf4fd59960ea3aadf714774dd7873b56fb9f8b08eed98295992679689f
1120. b8404c17d5c8025369ffd45c801f3fbc82118f9dd9eec8f65c093926bade4626
1121. ca772e971c481b712b9541789068068d02b4f2f8c836151dd39336e80e7830dc
1122. f6bdd5e4b46e645f779f7448938641a2fa2eec4cdaa502abcca941d77c53a8db
1123. 8368e40493b9e2d2fd80421550f967d050d6d8a75ead7a0d54676fb0e1d14756
1124. 3cf6fcf86e58f19c0cb068ae4235bae12183cc5a92ab2a0ec71ee3e323495d4d
1125. 540f512d043cba035ea65bb3f46628378b4e357fcca9e5f44c5b65bf3dbe3416
1126. 587b6c9375e5a273683b7a37fa918e725c1e1131171cf892655d1b91aa2f03b9
1127. 410e7966c9c2ffc20341491cb90289c13a9ab5573f92759b86914bc76dcf9738
1128. 74cfab63a01346d840d83cb0f766695fc6f23dec565cd7aec09316afbce1d71e
1129. c3ef1af8aaac718aead7387edb7ae0ac3c27f2756e3ca42dfaaf3472920655ca
1130. a3e398b43840382435f9c3088954ad4dd4f41419e3abd20b87bffa98cc798c33
1131. 747d4c3f74e4fad1d9721cd49d46a7bd510364c1ac76873def1dcd1a90140406
1132. 7597754fc25d3910c740c7c3dbc95884cadaeeaf0978b7ae29ff29ee1e6c4c04
1133. 3a087c744c6c0f35946b07c7692a80086f7d27b4794728ce4fbbc37a99cb15cb
1134. 1f3401364a3273a64662666d0d381e8d82592c6bde297d0ff5039036cb98b987
1135. 26bde7ddb23880b4d452c8755d98fcc7beb058d8caa899fef0583431580e1397
1136. 345b0127ea13892be6f90f3c2cc7c9837f16600465621d6564c8146c78d12bb3
1137. c91c33a8ad2fa576816fa2c08e95d95e8b6c4f8c9b0831363d3e0aca1ee2529d
1138. afd27f4688f1b34c3fd3a6ece6a95d7b29c7f3702a8a4964d6e25b41667201dc
1139. 5dd917acb1680267bbc50f2997213bd94eb2c1fd28410adfd5f520271cccb0f5
1140. 3235f0965322893f274654c9e751f89d9f6cb7e45faa7348ba59191464a37b96
1141. 21d7d48ab49aac660588e9bed16e6af06d148cac68ca3a7b7b0a9db6f75f2c66
1142. ac098096c38c2d0d9ed7aea8e4eca9edcba64ca7a6c3649355d5379091b12ae8
1143. f161d2a9268ef658d4b9d7f7b18ef260b237577860f6914678454837645923ac
1144. ccfadc6ef286c51837c7c1f3e1d210d5ec8e0ed9584e3f072dccb049cd8c3467
1145. 71f95c0d4ca117a08e19562c898333ffa36f65b303744ad36fd30fdebe3106eb
1146. e503c8eb7ab6d2e763044b59f124d8e4ffd0182f16d9706cd5b55a85b90839ea
1147. 4ebef6bcde41aea2fcfd4b94e02997c77b7fa49c0d0d71fa2091492738b370e3
1148. 4b89ddd814d9b19b27589ca26af723b8a845b849eca6118f55fdee4d69bac00f
1149. 188302dd1eaedaa338c7f6abea557262a11f8e9a0b6eec5b4e3c96f7d6908459
1150. 1b8f12906f49778c73b7b7ad30806e3996b5d47644e0cd4f6e3a270a85e2fc27
1151. 996c8002be6d53488f135d0af82363503cb775a62b141a90c014c69b7e8f9225
1152. b58c1ef35c624cbf2273b418c154891767ee6830328961f704969d9b9cf37cca
1153. b588216d26cc535c3dd0ae21c38fe7c729ec8ac57349a8dadcb91cee74507c63
1154. d5510887c053c90a41d9d8202c0aadd375413810367e40a4d641f6559d0ccff9
1155. a59afb7a988fced562f200e4aba7926382e3b9ae9438293cc125c0812c2708f5
1156. dc3efd197e662ede2d45dbaf1f1acb7a15c9a2958078e31bf9575c2a410629bc
1157. 7fa95dd5024cb4cd62c849febb816a9049b012bfde0bd42e13fb5cfcbb62c5a1
1158. 2a2ffb04ce3c10c489a94aded0802498fda648a96354b2af8a4c73b7a5347df0
1159. 25ea548ed38fc460dd856ac8269d53b3125bd7e3442b1ce32b0a8dc2fb5042c9
1160. 58ab00f8fefa37b6ce70eca7414ba4f5c079fcc822ba7754e20e6de25a6c9f23
1161. ee219e40f0dfbc9053b0a6259711bbd307a1169eba452b4630d37dda89bb40bf
1162. 8d4929daf2d33b8575b2ed744ff7494866406924657b51bc840e3ef04cafd706
1163. ed16597d188cc9a401a7e0695437b409e0efa8a7d455efa8d98830df61d7c5a3
1164. 5e5c464d20b3a7bf6717d0e77024b321f9270d23b696d8c053e9ff4783854822
1165. ffb71b96ec9a83d10c3e2f4db9ec3d9bd7961dd8602b30ef01f2c4973b81c572
1166.  
1167. ```
1168. #### Epoch 1 C2s ####
1169. ```
1170.  
1171. 109.104.79.48:8080
1172. 109.73.52.242:8080
1173. 110.169.107.239:443
1174. 115.74.214.134:443
1175. 136.49.87.106:80
1176. 138.68.139.199:443
1177. 139.59.19.157:80
1178. 144.76.117.247:8080
1179. 154.120.228.126:8080
1180. 165.227.213.173:8080
1181. 176.58.93.123:8080
1182. 181.118.101.22:8080
1183. 181.15.177.100:443
1184. 181.16.4.180:80
1185. 181.170.93.38:8080
1186. 181.44.231.127:443
1187. 181.56.165.97:53
1188. 184.160.113.4:993
1189. 185.86.148.222:8080
1190. 186.139.160.193:8080
1191. 187.153.103.175:443
1192. 190.104.229.114:8090
1193. 190.117.206.153:443
1194. 190.15.198.47:80
1195. 190.185.241.151:443
1196. 190.96.118.53:443
1197. 192.155.90.90:7080
1198. 192.163.199.254:8080
1199. 197.248.67.226:8080
1200. 200.114.142.40:8080
1201. 200.125.190.126:8080
1202. 208.180.246.147:80
1203. 209.159.244.240:443
1204. 210.2.86.72:8080
1205. 211.105.238.226:80
1206. 219.94.254.93:8080
1207. 23.254.203.51:8080
1208. 43.229.62.186:8080
1209. 5.9.128.163:8080
1210. 51.255.50.164:8080
1211. 62.75.143.100:7080
1212. 66.209.69.165:443
1213. 67.206.210.18:80
1214. 67.241.81.253:8443
1215. 68.191.37.107:80
1216. 69.163.33.82:8080
1217. 71.11.157.249:80
1218. 72.47.248.48:8080
1219. 74.36.4.206:80
1220. 82.226.163.9:80
1221. 82.73.220.225:80
1222. 89.211.193.18:80
1223. 91.205.215.57:7080
1224. 92.48.118.27:8080
1225. 99.243.127.236:80
1226.  
1227. ```
1228. #### Spam/Stealer C2s ####
1229. ```
1230.  
1231. 31.172.86.183:8080
1232. 104.236.185.25:8080
1233. 50.116.63.9:7080
1234.  
1235. ```
1236. #### Current Epoch 1 RSA Public Key ####
1237. ```
1238.  
1239. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1240.  
1241. ```
1242. #### Epoch 2 C2s ####
1243. ```
1244.  
1245. 103.12.133.7:8080
1246. 104.236.135.119:8080
1247. 125.99.106.225:80
1248. 133.242.156.30:7080
1249. 138.201.140.110:8080
1250. 147.135.210.39:8080
1251. 162.243.125.212:8080
1252. 167.114.210.191:8080
1253. 173.255.196.209:8080
1254. 173.255.250.241:443
1255. 174.106.108.31:80
1256. 174.93.130.148:8443
1257. 175.100.138.82:22
1258. 178.62.37.188:443
1259. 181.39.51.243:993
1260. 186.4.234.27:443
1261. 187.189.195.208:8443
1262. 189.148.145.183:50000
1263. 190.161.186.116:80
1264. 190.186.70.146:21
1265. 192.228.158.238:443
1266. 201.146.85.239:22
1267. 201.220.152.101:80
1268. 201.97.91.217:443
1269. 203.210.237.200:993
1270. 204.184.25.150:143
1271. 208.78.100.202:8080
1272. 211.63.71.72:8080
1273. 212.122.71.196:995
1274. 217.13.106.160:7080
1275. 24.63.218.229:80
1276. 41.71.19.150:80
1277. 45.123.3.54:443
1278. 45.33.49.124:443
1279. 5.230.147.179:8080
1280. 50.31.0.160:8080
1281. 59.91.30.53:443
1282. 62.75.187.192:8080
1283. 63.77.201.245:443
1284. 64.13.225.150:8080
1285. 67.205.149.117:443
1286. 69.198.17.7:8080
1287. 70.184.8.94:80
1288. 70.57.82.196:80
1289. 73.217.113.111:80
1290. 78.186.5.109:443
1291. 80.82.62.9:443
1292. 83.222.124.62:8080
1293. 85.104.59.244:20
1294. 87.106.139.101:8080
1295. 87.106.210.123:80
1296. 91.92.191.134:8080
1297. 94.76.200.114:8080
1298. 95.128.43.213:8080
1299. 95.42.189.34:443
1300.  
1301.  
1302. ```
1303. #### Epoch 2 - Spam/Stealer C2s ####
1304. ```
1305.  
1306. 198.58.114.91:4143
1307. 213.136.86.219:7080
1308. 91.205.215.10:7080
1309.  
1310. ```
1311. #### Current Epoch 2 RSA Public Key ####
1312. ```
1313.  
1314. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1315.  
1316. ```
1317. #### Credits and Notes Section ####
1318. ```
1319. Updated 7/13/18
1320. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
1321. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1322. https://pastebin.com/u/jroosen
1323.  
1324. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1325. I am providing them for your benefit in case you want to parse them to be sure.
1326.  
1327. ```
1328. #### What is Epoch 1 and Epoch 2? ####
1329. ```
1330.  
1331. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
1332.  
1333. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
1334. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
1335. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
1336. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
1337. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
1338. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
1339. time period.
1340. Here are some observations I have noted since I have been watching these botnets:
1341.  
1342. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
1343. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
1344. being delivered in maldocs on Epoch 2 at any one time.
1345. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1346. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1347. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
1348. Monday morning/Sunday night.
1349. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
1350. Epoch 2 may have a document hosted on host.tld/B.
1351. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
1352. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1353. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
1354. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1355. - C2s are never shared between Epochs/Botnets.
1356. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
1357. via C2 to stay ahead of AV defs.
1358. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1359. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1360. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
1361. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
1362. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
1363. spam template, word template, document type and even payload.
1364.  
1365. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1366.  
1367. ```
1368. #### Community Lists ####
1369. ```
1370. https://pastebin.com/zb1P0Aki - @pollo290987
1371.  
1372.  
1373. ```
1374. #### Credits ####
1375. ```
1376. (OC from @JRoosen and/or combination work of the following)
1377.  
1378. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
1379. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42,
1380. @papa_anniekey, @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
1381.  
1382. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
1383. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial
1384.  
1385. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
1386. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
1387. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman
1388.  
1389. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1390.  
1391. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
1392. helping out with this!
1393.  
1394. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1395. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch,
1396. @urlscanio and @Virustotal for providing services/software no charge to this cause!
1397.  
1398. ```
1399. #### Daily Log ####
1400. ```
1401.  
1402. Short on time today but some things to note.
1403.  
1404. Operation Zipper Stuck is back on E2 as of the final payload set today around 23:00. There was yet another payload set with
1405. a Zipped up JS file inside. They also beefed up the obfuscation a bit on this .JS.
1406.  
1407. Still seeing the new Upgrade Blue Box template on E1 and E2 earlier today. There was a mix of the 365 Blue Box on E2 for a
1408. bit though.
1409.  
1410. It seemed like CA and UK bots were spamming this morning on E1 which is interesting.
1411.  
1412. Still seeing a lot of link based malspam and nothing too special on the templates yet.
1413. I did see some body text referencing a password being on the invoice but these are random
1414. fake garbage and the same docs as normal are in play.
1415.  
1416.  
1417. E1 and E2 still using this directory structure:
1418. \/(sec|secure|trust|verif).(accs|accounts|myacc|myaccount).(docs|resourses|send).(biz|com|net)\/
1419.  
1420. C2s DID change for E1 and increased to 55 from 54 combos in total. - recorded above
1421. C2s DID change for E2 and increased to 55 from 51 combos in total. - recorded above
1422.  
1423. Interesting observation on the botnet(s) total size here from @MalwareTechBlog on the low end being 70K.
1424. https://twitter.com/MalwareTechBlog/status/1113232399343579137
1425.  
1426. That is it for today. TT
1427.  
1428. ```
1429. #### Sandbox 04/02/19 ####
1430. (all with fakenet and MITM unless spam/secondary infection)
1431. ```
1432.  
1433. Epoch 1 C2 run on 2019-04-03 at 04:30 UTC - https://cape.contextis.com/analysis/60395/
1434.  
1435. ```
1436.  
1437. ```
1438.  
1439. Epoch 2 C2 run on 2019-04-02 at 22:00 UTC - https://cape.contextis.com/analysis/60196/
1440.  
1441. ```