Emotet Malware IoCs 2019/04/26-29

1. ## Emotet Malware Document links/IOCs for 04/26-29/19 as of 04/30/19 01:00 EDT ##
2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
3.  
4.  
5. #### Epoch 1 Document/Downloader links seen for 04/26-29/19 ####
6. ```
7.  
8. http://107.178.221.225/jxewyv9/sec.accounts.resourses.com/
9. http://111.231.208.47/wp-content/GkYM-cWdinQ1MXYkwfJD_TRKiKDUq-p6/
10. http://119.28.135.130/wordpress/LoNyl-01mRyzFarkUtPi_gTftlrcWW-Jqn/
11. http://192.163.204.167/modules/pruebas_Marco2/verif.myaccount.docs.com/
12. http://247mediums.nl/wp-content/verif.accs.resourses.net/
13. http://39.106.17.93/wp-includes/clHi-MIvD80aIdi4Krj_mgaKkhBg-fD/
14. http://5elements-development.com/wp-content/service/vertrauen/04-2019/
15. http://899.pl.ua/tmp/iiCPH-AujbasbElD4CEV_nXepjZLN-wVL/
16. http://acep.kz/3D/legale/sich/2019-04/
17. http://adammark2009.com/images/sec.myacc.docs.biz/
18. http://advancetentandawning.ca/wp-includes/cPWsg-TOxdYWJlR4O3XpJ_RNXAIRmab-qs/
19. http://agencjat3.pl/js/verif.myaccount.docs.net/
20. http://alasisca.id/wp-includes/secure.accs.send.biz/
21. http://animalclub.co/wp-content/secure.accounts.resourses.biz/
22. http://ansegiyim.ml/wp-admin/sec.accounts.send.net/
23. http://aqm.mx/calendar/pRArs-UxJKeFLrGD0RhY_heSKsSax-GhO/
24. http://aqm.mx/calendar/trust.myaccount.docs.biz/
25. http://auraco.ca/ted/gnUK-2pSFF9JYxuL3gP_qLuGuZXv-BM/
26. http://babaroadways.in/aUfU-hwiulNNZnQfUbNH_kENgaQvt-2T/
27. http://babaroadways.in/sec.accounts.resourses.com/
28. http://balletopia.org/scripts/trust.myacc.docs.net/
29. http://balletopia.org/scripts/ZyNW-WWWbwpUrXerigF_TNFgGFYHp-OH/
30. http://bandit.godsshopp.com/wp-admin/service/nachpr/042019/
31. http://banzaimonkey.com/images/SVfIg-3ADvvtOn0l7dEKg_PSDoHNTs-bnO/
32. http://baping.xyz/wp-includes/sec.myaccount.resourses.net/
33. http://beljan.com/upload/tohZ-kKbpUQfzDorpao_XdyhwlKnq-EDZ/
34. http://benetbj.com.cn/wp-content/drobz-xLNL40n0R9WVGb3_VduHZKPw-0E3/
35. http://benitezcatering.com/wp-includes/wTsXu-brqeKG4e1r3EV3U_XcMhEIZcE-Y99/
36. http://beysel.com/XaaK-IZWqrsbyAmxS9X_yHrjsjhEj-a3/KAfo-28qE5JBel13WDV_UxoTshGBV-jyk/
37. http://biorganic.cl/cgi-bin/verif.accs.resourses.biz/
38. http://bizindia.co/wp-admin/secure.myaccount.send.net/
39. http://busing.cl/wp-includes/secure.myacc.docs.com/
40. http://c919.ltd/wp-includes/js/tinymce/verif.accs.resourses.com/
41. http://cfarchitecture.be/cgi-bin/txKIA-F5qKQO4ldVIzp0_rWtRXMZl-Ej/
42. http://chigusa-yukiko.com/blog/nBWL-FqQn8eowPBgHpD_euQeFzLJz-YZ/
43. http://cleverdecor.com.vn/wp-includes/verif.myacc.resourses.biz/
44. http://cocobays.vn/wp-content/service/sichern/2019-04/
45. http://colormerun.vn/wp-admin/nachrichten/vertrauen/042019/
46. http://conceptcleaningroup.co.uk/wp-admin/GJuMA-W1N86rl3nAtOAX_sxRVKXXTM-Xt/
47. http://condotelphuquoc-grandworld.xyz/faqapig/glSpg-44EVhG5mAoc17DW_VSDnkDbBZ-lP/
48. http://crypto300.com/ee4uija/legale/nachpr/201904/
49. http://crystalclearimprint.com/cgi-bin/sec.accounts.send.net/
50. http://cybermedia.fi/jussi/jHwCY-TNO7BesVa7qef5X_FapdXFtt-0RB/
51. http://cybermedia.fi/jussi/verif.accs.docs.com/
52. http://cyborginformatica.com.ar/_notes/BKrm-IHvROMRjaVIDM4_qdbYdkron-8mk/
53. http://dealdriver.pro/jik81yd/legale/sich/2019-04/
54. http://decotek.org/orange/secure.accs.resourses.com/
55. http://dep4.ru/wp-admin/legale/Frage/201904/
56. http://dev.christophepit.com/hbl2mda/verif.accs.resourses.net/
57. http://dimatigutravelagency.co.za/dimatigu/AAxTR-ZKUbwhSRQWRbmv_QLLQtUGq-3u/
58. http://distorted-freak.nl/html/tCfR-gOWdwQ3QKXK2Zw_wvDfHOubq-kNG/
59. http://djxdrone.fr/wp-includes/nachrichten/vertrauen/201904/
60. http://drwilsoncaicedo.com/wp-includes/XZCf-lNKPuoLzO2URYEp_YoWkBcgXH-Gi/
61. http://duwon.net/wpp-app/cttI-9sPZc2dx9qqsNm_iSmxNfWmv-gb/
62. http://duwon.net/wpp-app/sec.accs.resourses.biz/
63. http://dynamo.dev/wp-content/nachrichten/nachpr/2019-04/
64. http://econ-week.com/img/nachrichten/nachpr/042019/
65. http://edenhillireland.com/webalizer/BwhO-IjfrPJEW7yfrpqu_AfImxxew-DC/
66. http://elenihotel.gr/wp-admin/verif.accs.resourses.com/
67. http://emgi.com.br/qcf7/support/Nachprufung/042019/
68. http://entrepinceladas.com/resources/SSvJT-02PaACi9XtAwyV_iwMdlmUk-1A/
69. http://envina.edu.vn/weh2/legale/nachpr/04-2019/
70. http://ericunger.com/pimcore/support/Frage/042019/
71. http://escoladeprosperidade.com/wp-content/pShoI-EeK18y5MRnX7tU6_DlAQDNbnK-3Kw/
72. http://espacobelmonte.com.br/wp-admin/nzyN-L0ye2rablkgfpHG_zFdGfevW-9h/
73. http://esteteam.org/wp-admin/service/sich/2019-04/
74. http://etmerc.com/12-22-2015/wPSgX-rPz9XpAOJpY2ffp_LEVjUbmc-Old/
75. http://explorersx.kz/wp-admin/verif.myaccount.resourses.net/
76. http://ezviet.com/m267lxk/legale/sichern/2019-04/
77. http://famaweb.ir/intro/nsELW-GWPKCGrumxZKJKz_oeHPZSKh-xb/
78. http://famaweb.ir/intro/trust.accounts.docs.com/
79. http://famillerama.fr/roundcube/vendor/pear-pear.php.net/ztRlN-EafTTa4T9ySdtm_IInVRzWvj-XO/
80. http://finessebs.com/cgi-bin/EiZRo-CTucwXDyTCyj61_yvvrhNGu-15t/
81. http://firenze.by/wp-includes/service/Nachprufung/2019-04/
82. http://firsthack.pw/wp-includes/legale/nachpr/2019-04/
83. http://fisiocenter.al/wp-includes/trust.myaccount.docs.biz/
84. http://flamingonightstreet.xyz/wp-admin/VJhDA-HkVTERBq10sVWw_tLoLZeHXE-5i/
85. http://fon-gsm.pl/ip5daee/gEet-4WOWlqsPw1W2UDZ_OOjAvXsrP-zW/
86. http://frizo.nl/wp-includes/support/sichern/04-2019/
87. http://gabeclogston.com/wp-includes/DgJPd-MQLhosk62uoXXzO_TVDqeNqk-CXz/
88. http://gabeclogston.com/wp-includes/verif.myaccount.resourses.biz/
89. http://galexbit.com/wp-admin/BEBPI-tFSlKU0kh2cooR_MWnessLGv-XsR/
90. http://gamemechanics.com/twitch/gfHiX-2QDA68GwbVZNGH_GzAVOEFG-Fum/
91. http://gawpro.pl/cgi-bin/nachrichten/Nachprufung/2019-04/
92. http://gccpharr.org/assets/VRcFZ-9KXuLHABFVvQI6x_tOtoBRDj-Dz/
93. http://getidea.cf/wp-admin/nachrichten/sichern/042019/
94. http://globplast.in/wp-admin/ApIU-PZ7Rtp7onGeP9wr_dmZYzgipg-xn/
95. http://gocmuahang.com/NeuGlow/fZikR-IvzxOJZhQ9FzyVO_nYOFPESP-U7/
96. http://gold21car.ma/wp-admin/support/Nachprufung/2019-04/
97. http://goldenb.kz/wp-admin/secure.accs.resourses.biz/
98. http://goldflake.co/wp-content/nachrichten/vertrauen/04-2019/
99. http://grasscutter.sakuraweb.com/wp-admin/sec.accounts.resourses.net/
100. http://green-tyre.kz/wp-admin/service/sichern/201904/
101. http://grf.fr/css/INC/6MGwY8q9/tbWss-RAiNLey5VPm3eTc_VCNMHTBC-eE/
102. http://gutterboyshermanus.co.za/cgi-bin/service/Nachprufung/042019/
103. http://haek.net/admin/secure.accounts.docs.net/
104. http://haek.net/admin/ZkHJ-szOhg2dmq0b9ox_yPPljflnw-IDF/
105. http://hcgdrops.club/hcgdrops/sec.myaccount.send.net/
106. http://heke.net/images/grbZW-zBzuxgmP6whmiz_GMJxbDwu-ay/
107. http://hermagi.ir/wp-includes/tvhIv-9wayRECj2S3bI9_paHMqLmlH-fN/
108. http://herpesvirusfacts.com/wp-admin/QGVKN-as1CoJhHpNEx9r_zeMzlspPV-v6l/
109. http://hgrp.net/contacctnet/secure.myacc.docs.net/
110. http://hoahong.info/wp-admin/nachrichten/Frage/2019-04/
111. http://hudsonguild.org/wp-content/uploads/cSOgk-8QHEzjD5ihuqmxf_rjdlpquTI-l6/
112. http://huyhoof.com/wp-admin/legale/vertrauen/2019-04/
113. http://iimmpune.in/awstatsicons/sec.myaccount.docs.net/
114. http://imboni.org/wp-includes/support/Nachprufung/2019-04/
115. http://index30.com/dxny/legale/vertrauen/042019/
116. http://inputmedia.no/wp-admin/Lckn-hc6wRcMSKfb3Yd_XNmgNnKpz-1P0/
117. http://intersped.com.pl/wp-content/sec.myacc.send.net/
118. http://ionexbd.com/wp-content/support/Frage/201904/
119. http://irbf.com/baytest2/trust.myaccount.send.biz/
120. http://it-eg.com/wp-includes/rCpul-CyhwNFviMIxlDRf_GLflYAAN-nh/
121. http://jmbtrading.com.br/secure.myaccount.resourses.net/sec.myaccount.send.com/
122. http://jsc.go.ke/wp-content/uploads/sec.accs.resourses.com/
123. http://jvalert.com/wp-content/sec.accounts.send.net/
124. http://kejpa.com/shop/CCUZ-BFGs7Hr0EX2Eja_dlifzDEe-rR/
125. http://kingsidedesign.com/blog/sec.myacc.resourses.com/
126. http://k-marek.de/assets/verif.myaccount.docs.net/
127. http://krisen.ca/cgi-bin/verif.myaccount.send.net/
128. http://kyanos.000webhostapp.com/wp-content/legale/sichern/04-2019/
129. http://lalunenoire.net/loggers/RuAe-y5quj6FFFURl9Q4_IBWTVmVv-pO/
130. http://lammaixep.com/wp-admin/vkQBJ-5VmRemIROkrkC6I_zgFGlsiM-d5T/
131. http://lejintian.cn/wp-admin/secure.accs.docs.biz/
132. http://linda-is.com/wudh/nachrichten/nachpr/042019/
133. http://linkmaxbd.com/web/secure.myaccount.send.net/
134. http://llona.net/wp-admin/XNsEO-nDODSqUMczt7YN_QwaCBVMx-PTe/
135. http://lojateste.tk/wp-admin/daTj-7egWfK3Evmh6hR_krqoktDaE-ezn/
136. http://losgusano.com/emmw/nachrichten/vertrauen/042019/
137. http://luxurychauffeurlondon.com/wp-admin/secure.myacc.docs.net/
138. http://luxurychauffeurlondon.com/wp-admin/ZBal-1LWyFpDc2R1SHxG_ExAfIPAQ-Uq/
139. http://manorviews.co.nz/cgi-bin/verif.myacc.send.biz/
140. http://manorviews.co.nz/cgi-bin/zgfrr-5tP6NNx6ppgJHv_bhlHwmeUx-AN/
141. http://mattshortland.com/OLDSITE/DoSq-7gWLH1kCyOajYaY_hvhAfrOXD-LL/
142. http://mattshortland.com/OLDSITE/trust.myaccount.resourses.biz/
143. http://mazzottadj.com/stats/oZqZ-xxsBAjsWKfLUlAd_JdQkbvPxn-7A/
144. http://mekosoft.vn/wp-content/uploads/sec.myaccount.send.biz/
145. http://merkol.com/cgi-bin/service/nachpr/2019-04/
146. http://metajive.com/work/sec.myacc.docs.com/
147. http://michaelmurphy.com/view/zYEKk-S6XRo0ZfXZorF0_hpEbEvPW-if/
148. http://mindblower.tk/kk/service/vertrauen/04-2019/
149. http://mktf.mx/ctg/verif.myacc.resourses.com/
150. http://mktf.mx/ctg/Xcwkv-vVyj73CbD1otW9_kueihaElK-YgF/
151. http://mmanmakeup.com/cgi-bin/zBGx-ykTIYUVIMXwkak_CMJGhSRai-XNr/
152. http://mobilifsaizle.xyz/wp-includes/images/smilies/juBAG-o7kFDaR4jxDxjT_IvCZqnNRZ-83t/
153. http://monducts.mn/keypem/verif.myacc.resourses.net/
154. http://museothyssenmadrid.cn/wp-admin/iZpOV-oosCTf4dHEOUEbR_ToyGxqdMz-4kb/
155. http://mymachinery.ca/DI/secure.accounts.send.biz/
156. http://mywebnerd.com/moodle/XEcYR-UXE2Bb0IBkAUuyE_jTYXuGRd-70q/
157. http://nabawisata.id/wp-content/nachrichten/nachpr/04-2019/
158. http://nationwideconsumerreviews.org/jospj/cXIze-4Ixh5d6Tgf6TC4_lspXNqvrL-i9/
159. http://nationwideconsumerreviews.org/jospj/secure.accounts.resourses.biz/
160. http://naum.cl/8mljmyk/inEan-yi7H1sXVH0uDBpR_opyCfjAW-Zjz/
161. http://nealhunterhyde.com/HappyWellBe/verif.myacc.docs.com/
162. http://nealhunterhyde.com/HappyWellBe/yZpx-SD0QB1hntvs3yah_vMticWOd-mMG/
163. http://nelyvos.nl/htmlsite/nachrichten/sichern/04-2019/
164. http://ngobito.net/samaki/sec.accounts.send.net/
165. http://nissanlaocai.com.vn/wp-content/service/Nachprufung/04-2019/
166. http://nobibiusa.com/wp-admin/yeiD-8PIZKtWotK42CeA_tpwsaWSwO-pDY/
167. http://observatorysystems.com/wp-content/cOVq-APAzkQZGmYaE2j_otZKkCmlO-o33/
168. http://observatorysystems.com/wp-content/secure.accs.send.net/
169. http://okaychill.com/wp-includes/support/sichern/201904/
170. http://omegaconsultoriacontabil.com.br/site/verif.myaccount.docs.net/
171. http://omnieventos.com.br/INC/BQNe-eZmoTD6ZJWkum1_yhdYoBAow-XD/
172. http://onlinemafia.co.za/cgi-bin/sec.myaccount.docs.com/
173. http://oshow.com.ua/wp-includes/support/nachpr/2019-04/
174. http://outros.xyz/lnpersonaltrainer.pt/legale/sich/042019/
175. http://palin.com.br/siteantigo/libY-pJ6xkXFD1nRtgEn_RChddekjg-xG/
176. http://patriclonghi.com/blog/rRPGm-0SI6Uky6t7HVUk_zRVudKPQx-Iv/
177. http://patriclonghi.com/blog/sec.accounts.send.com/
178. http://pearlivy.com/cmn/secure.accounts.docs.biz/
179. http://perfax.com.mx/cckG-iJ0tBPscI3afgSS_HRsdwWrra-aG/
180. http://peterk.ca/wp-includes/gtQme-20o7Q3ZnEVGvL8_EGHqPaLdj-Rf9/
181. http://piccologarzia.it/admin/fxkAl-eY6BzKacCi0nOib_cFjHqkic-lMH/
182. http://piccologarzia.it/admin/trust.accs.docs.biz/
183. http://pilyclix.cl/wp-includes/secure.myacc.send.biz/
184. http://pimpmywine.nl/wp-content/nachrichten/vertrauen/201904/
185. http://pmpress.es/img/secure.accounts.docs.com/
186. http://pornbeam.com/wp-content/verif.accounts.resourses.com/
187. http://psicologiagrupal.cl/wp-admin/LofEa-L2tyKDM62tILcB_xjMmiVJe-SeK/
188. http://psselection.com/YGLhPE/ufAb-gsCNryj79TlBE6C_CtqcEXmcw-mSa/
189. http://qbico.es/jAlbum/DxKBa-UKyka6X6rKRIIH_YExnVoIjU-Bq4/
190. http://qbico.es/jAlbum/verif.accounts.send.net/
191. http://rachel-may.com/Restore/lYzb-PFsQNOrLLiLE8km_GuDITmTf-3UP/
192. http://rachel-may.com/Restore/sec.myaccount.send.biz/
193. http://rahulraj.co.in/wp-content/DCKTg-Gev7gkvcKCevTW_mmKNhpDdl-Kcw/
194. http://rajans.lk/sitemaps/trust.myaccount.send.biz/
195. http://rayofhope.ga/owed/legale/Nachprufung/201904/
196. http://rcaddict.us/worbpress/pZsjp-AdfPFAF8fclV02_CoAAEtvxr-wi/
197. http://realistickeportrety.sk/wp-content/acud-Vwu2DRrUaaMnV2L_rdZyzNDWE-Ddi/
198. http://reckon.sk/e107_admin/verif.accs.send.biz/
199. http://redklee.com.ar/css/HTPUZ-7pWUSJwNJKH9JNX_rlfPOCkX-i8/
200. http://rgrservicos.com.br/import/cCwj-iGZNEmvxxB7gNZ8_HWeLLhajs-PE/
201. http://rgrservicos.com.br/import/verif.myaccount.docs.net/
202. http://robbiebyrd.com/backup/LSOs-Ogzc6kSeabSGp7J_ofmHeKoRe-ef/
203. http://robbiebyrd.com/backup/sec.accs.send.com/
204. http://rogerfleck.com/heldt.adv.br/secure.accounts.docs.com/
205. http://rsq-trade.sk/wpimages/zMtJ-OjaxJOe566DNzk_GLrsoALZ-6Px/
206. http://sampling-group.com/local-cgi/QOZl-Y0pnwG9TOWIprM_LlpBaypj-rO9/
207. http://sampling-group.com/local-cgi/sec.myacc.send.com/
208. http://sandovalgraphics.com/webalizer/secure.myaccount.resourses.com/
209. http://sansplomb.be/nbproject/UHte-nZQcAFsof9Zf4ai_IwUHxCOv-5P8/
210. http://sbmlink.com/wp-admin/secure.accounts.docs.biz/
211. http://sftereza.ro/administrator/rnYOi-agAAtJZX3pPcWkq_UxPXERiR-o6O/
212. http://shlud.com/wp-admin/service/Nachprufung/04-2019/
213. http://shopbikevault.com/wp-includes/FEyV-JzqQdY9DguOah1r_BKrRCAFnq-iy/
214. http://shopbikevault.com/wp-includes/secure.accounts.resourses.net/
215. http://sillium.de/Scan/KibzR-OQN6AVsceCzvkZ_RLsYAgpfU-eo/
216. http://simlun.com.ar/css/secure.myacc.resourses.com/
217. http://sintraba.com.br/wp-content/verif.myacc.resourses.net/
218. http://sjhoops.com/sec.accs.docs.net/
219. http://skygui.com/wp-admin/trust.accounts.send.com/
220. http://slumse.dk/webalizer/pXpTL-htWb2NP3rgktImp_OUoNWVow-dk/
221. http://sneezy.be/downloads/trust.myacc.send.biz/
222. http://songdung.vn/4d4ixle/secure.accounts.send.biz/
223. http://sonnyelectric.com/ssfm/sFsjg-25F3iHJiVu5z1N_JSQTAURk-KF/
224. http://sooq.tn/g435goi/secure.myaccount.send.net/
225. http://sorterup.dk/includes/UqdoF-5Nh3pbTIV4Ry9we_ZyqPDzaE-hW/
226. http://specialtactics.sk/encyclopedia/trust.myacc.send.com/
227. http://spitbraaihire.co.za/Scan/secure.accs.docs.net/
228. http://stellan.nl/stellan/file/
229. http://stsbiz.com/js/verif.accounts.resourses.biz/
230. http://studiospa.com.pl/images/secure.accs.resourses.biz/
231. http://svadebki.com/js/zjPpx-b6CwtsjbgKIG72c_jrnmpfKWE-Fv/
232. http://swandecorators.co.uk/journal/verif.accs.docs.com/
233. http://szaho.hu/wp-admin/secure.accs.docs.net/
234. http://t3-thanglongcapital.top/wordpress/support/sich/2019-04/
235. http://tabb.ro/APFNT-N0DOww5h8oXHj3U_ljcufTjQ-dbt/PJLV-Oy8xOyYPqKipSM_eGQzOgrqV-iU/
236. http://tapchicaythuoc.com/cgi-bin/sec.myaccount.send.biz/
237. http://tapchicaythuoc.com/cgi-bin/trust.myaccount.docs.biz/
238. http://tappapp.co.za/cgi-bin/verif.myacc.docs.net/
239. http://taskforce1.net/wp-admin/UYBz-P907hrDvIIsCXs_KwPxeEjWS-HCw/
240. http://tbwysx.cn/tools/MvdJZ-TO9tLSpcufqKLQ_wCuhYWUUJ-kqI/
241. http://tbwysx.cn/tools/trust.myacc.send.biz/
242. http://teamsofer.com/store/eONK-1upxagfdQUNF65W_LbXGrbPe-LAe/
243. http://teardrop-productions.ro/menusystemmodel003/sec.accs.docs.biz/
244. http://teiamais.pt/wp-admin/sec.myacc.docs.biz/
245. http://telerexafrica.com/cgi-bin/JOiS-SIgonRydg6b5p7j_HQtzRRwF-9s/
246. http://terebi.com/best/cRHBF-DApRbHJJTQRi6q_iRAJjVqxm-BK/
247. http://thealdertons.us/scripts/sec.myaccount.send.biz/
248. http://thebiga.dk/wp-content/xMUUU-V4GYhFZxfaS657_UpcuDScnT-LYK/
249. http://thedopplershift.co.uk/Information/secure.myaccount.docs.net/
250. http://tierramilenaria.com/wordpress/secure.accounts.resourses.com/
251. http://tipster.jp/counter/wGRz-jNL6ZBnmfSrro2L_bovXbIkEj-X3/
252. http://titancctv.com/img/vVHhh-sQNU8SJsdXLNxh2_dCtCNlkwk-CZr/
253. http://tjr.dk/amsterdam/mZWmM-1J8Qz8QBOv1LHf_CfMVOHCZ-kI/
254. http://tklglaw.com/wp-admin/secure.myacc.send.net/
255. http://tkmarketingsolutions.com/skynet/trust.myacc.docs.com/
256. http://tncnet.com/images/QdnF-ROpIu1OBUb5sKZ_eVeiygnR-qKT/
257. http://toclound.com/kdbl/trust.myaccount.send.com/
258. http://todomuta.com/tm/secure.myacc.docs.com/
259. http://t-ohishi.info/INC/oIPWr-jWcF96e0FMffzIF_csisOCQxH-OM/
260. http://tokai-el.com/download/qcfpB-dZixJNqmbvKGBq_PGxWpCkaH-ZG1/
261. http://tongdaigroup.com/bill/trust.accs.resourses.net/
262. http://toools.es/bankinter_/xDsa-C51SL8IzBTgL7i1_trBYKKVjY-V5/
263. http://toprebajas.com/wp-admin/Ieusi-tZn2hXA7IdDNGZj_NxMkcSlc-aYQ/
264. http://travelhealthconsultancy.co.uk/images/verif.accounts.resourses.com/
265. http://turkandtaylor.com/wvw/legale/vertrauen/04-2019/
266. http://turkexportline.com/e-bebe/trust.accounts.resourses.com/
267. http://tys-yokohama.co.jp/FCKeditor/service/nachpr/2019-04/
268. http://ukdn.com/TempHold/nachrichten/sich/201904/
269. http://ulisse.dk/wp-content/KmLO-sEH7nrW35PwHfnW_ieSDDSkuK-zDq/
270. http://upax.com.br/dvfwx/sec.myaccount.resourses.biz/
271. http://upax.com.br/dvfwx/VqKf-oiLsR4YEbUJo5U_iVZMvPiVm-jT/
272. http://vejlgaard.org/Daniel_2007H1/bDtC-VeGqxg0z99dgtuJ_zfbnVyXvx-e5/
273. http://vejovis.site/images/dfjA-rfJsLSBBOyVz761_uguujGMBx-EYY/
274. http://vejovis.site/images/verif.accs.send.biz/
275. http://vinik.com.br/ssl/JIkp-aT6o1hb0ANZ1wQ_idOKyQwc-sb/
276. http://vrfantasy.gallery/wp-admin/secure.myacc.docs.net/
277. http://walstan.com:80/sites/pages/css/DmVwE-E930rsBsCvfbTW_CLhOhinJ-8Ve/
278. http://webdesign2010.hu/FILE/sec.myaccount.docs.biz/
279. http://wigginit.net/wp-includes/trust.myacc.resourses.biz/
280. http://www.178zb.com/avcupkl/uaQX-bqEjZVQTNuL5JP_srOQVAYuZ-I8k/
281. http://www.aktifsporaletleri.com/assess/VpTzY-YRRIWmknTlxblt_xJqydgBH-XXZ/
282. http://www.beirut-online.net/portal/yUcIl-zQTNVf3Xwp7BI1D_dTesXbtP-eE/
283. http://www.goldsilverplatinum.net/wp-admin/ciMZY-WF6l93lKaBdSHhs_XXkmOPTw-oq/
284. http://www.hanifiarslan.com/wp-admin/dQrrE-3KMrGNn40eGwkB_tidwxpiC-53X/
285. http://www.imeruben.hu/zxkk/support/vertrauen/042019/
286. http://www.kampolis.eu/test/KvCRZ-Gk30Uz3dEcCv8E7_QNloFmwV-BA/
287. http://www.lafoulee.com/calendar/dMsmb-1rATv1kUgXS5jp_ZROmSfLEx-BM/
288. http://www.megawindbrasil.com.br/css/sec.myaccount.docs.com/
289. http://www.michelebiancucci.it/ynibgkd65jf/RUllc-84aRqpphDtWi1c_MrVTsTzmc-Yh/
290. http://xn--80akuc.xn--p1ai/wp-admin/service/nachpr/201904/
291. http://yayasanrumahkita.com/eqdx/jUuA-l7kSOIHAoSeqNCy_hJeYSbmGu-4A4/
292. http://yuyinshejiao.com/wp-admin/bkhQw-Mwh2ZbdjjWPeeMW_CSpUAebSi-D1p/
293. https://aipos.vn/wp-includes/service/Nachprufung/042019/
294. https://bebispenot.hu/wp-admin/QUfj-Qs6voCf88GkaY3G_eZVsfBXS-2B/
295. https://bebispenot.hu/wp-admin/trust.myacc.docs.biz/
296. https://breeze.cmsbased.net/ceekh/EADt-Fk3E5feZlC0BNeb_nnwbRmOMy-h6K/
297. https://chunbuzx.com/wp-includes/sdWY-jcac5JkAoCBH77_jAfrileMN-DW7/
298. https://chunbuzx.com/wp-includes/sec.myacc.send.net/
299. https://danielking.de/wp-admin/legale/nachpr/04-2019/
300. https://dodoli.ro/mrvr/Kyob-RZB4WcDibj9o8z_jDrDpzEsh-Gr/
301. https://dodoli.ro/mrvr/secure.accs.docs.biz/
302. https://dunnlawky.com/wp-content/nachrichten/vertrauen/2019-04/
303. https://dynamo.dev/wp-content/nachrichten/nachpr/2019-04/
304. https://eaziit.com/wp-admin/sec.myaccount.docs.net/
305. https://escuro.com.br/ckeditor/TAHfy-iFH49CTFbXTIwq_LPTnKIAz-OVY/
306. https://fishingbigstore.com/addons/IpclM-NJbHYw2aec2A5yG_LeJyIMypA-jE/
307. https://fishingbigstore.com/addons/verif.accs.resourses.biz/
308. https://hubrisia.com/wp-content/uploads/sec.accs.docs.net/
309. https://index30.com/dxny/legale/vertrauen/042019/
310. https://jcci-card.vn/wp-includes/secure.myaccount.docs.biz/
311. https://jillysteaparty.com/wp-includes/kndWZ-O7SFD0x9eIH1EBx_xFJBCNMiE-3Xj/
312. https://kalaneri.com/wp-admin/service/sichern/042019/
313. https://lcced.com.ve/images/ILwS-6v21sqAKZ3d41Oy_nGRtOyMc-ba/
314. https://lucky119.com/wzzeb/IYZyb-4ZqzbE4yOsL89QD_ECNcoVcdJ-q50/
315. https://mahmud.shop/wp-content/verif.accounts.resourses.net/
316. https://maxfiro.net/wp-content/JpRVE-omPY9PKnXU2nkaJ_mjAsGQIq-4U/
317. https://maxfiro.net/wp-content/verif.myacc.docs.com/
318. https://mybigoilyfamily.com/vrjq0aa/sec.myacc.docs.biz/
319. https://mybigoilyfamily.com/vrjq0aa/xQjmM-CZYEcJ0beS1t6E_fLQciiiYY-13Z/
320. https://notspam.ml/wp-admin/nachrichten/sichern/04-2019/
321. https://noyieweb.jp/images/legale/vertrauen/042019/
322. https://pimlegal.com/wp-content/bqNbd-V1WhSHXZyX1lnp_KmbocLkHV-lnz/
323. https://psicopedagogia.com/glosario/XxaML-UsEtCmRfjDC0L54_SEpmRWVf-lg/
324. https://sdasteigers.nl/cgi-bin/iYVn-NBsJJcsnbw7sF8_DDvzRwjrw-q5E/
325. https://sillium.de/Scan/KibzR-OQN6AVsceCzvkZ_RLsYAgpfU-eo/
326. https://spacedust.com/wp-content/bQKa-JKHAcjqqo54V9F_QEBwzUSJ-vjC/
327. https://stellan.nl/stellan/file/
328. https://sukhumvithomes.com/sathorncondos.com/mgVA-rKUldlS6GHWlX7_HNzurPkLI-WEO/
329. https://sukhumvithomes.com/sathorncondos.com/sec.accs.resourses.com/
330. https://sumire201.com/Intuit_Transactions/yOXH-kao6lG50a06lAb_MXCUzLKO-Oa/
331. https://sword.cf/wp-content/QAel-fOdUzeurhDi6DKU_AHbIzOHnK-DPr/
332. https://sword.cf/wp-content/trust.accounts.send.biz/
333. https://teclabel.com.br/wp-content/aSsF-29M9CqpKuaL5iZ_XQUeXpEX-VIc/
334. https://tocgiajojo.com/wp-includes/support/vertrauen/2019-04/
335. https://uctuj.cz/DOC/support/vertrauen/2019-04/
336. https://vensys.es/blogs/gfJFH-4XyXzIdCXyKLWj_ZPviDMUG-mv/
337. https://www.bitsmash.ovh/wp-includes/adPX-9e8YxQRhOooKnWx_zOksAQYLk-yd/
338. https://www.bossesgetlabeled.com/taewcau/TRds-AWY7vBKYr4RtKP_WojSlnDm-avn/
339. https://www.completedementiacare.com.au/wp-admin/lfHIN-bRZb7UTVWHnHdi_QjwbuXjK-nQp/
340. https://www.eigenheim4life.de/s/EjDtj-dgMs6oJfvaPYqpX_wiQLTnSM-ho/
341. https://www.glamoroushairextension.com/wp-content/OfZt-NvSrKqPkjGzIwky_YuHIlWBQ-Ze/
342. https://www.goldsilverplatinum.net/wp-admin/ciMZY-WF6l93lKaBdSHhs_XXkmOPTw-oq/
343. https://www.hennpress.de/wp-admin/service/nachpr/04-2019/
344. https://www.nadlanhayom.co.il/wp-content/JrPUU-qaOD1SQb9PDvvk_EGZXNAfOm-B0Z/
345. https://www.pinafore.club/wp-admin/AaWkA-yCK1asM6UO7T4un_zNkzNana-hbi/
346. https://www.pinafore.club/wp-admin/evTyX-3eoRauR6Gy7pkG_ZkbgondH-mn/
347. https://www.virtuoushairline.org/8zqijve/pZsYO-9tetO4ubUoWS8X2_eHdaABhb-Im0/
348. https://xn--80aao0acd1ak7id.xn--p1ai/wp-content/themes/creattica/sec.myacc.resourses.com/
349.  
350.  
351. ```
352. #### Epoch 2 Document/Downloader links seen for 04/26-29/19 ####
353. ```
354.  
355. http://107.178.221.225/jxewyv9/Document/oHQnjnWGl/
356. http://119.28.135.130/wordpress/LLC/f6G000ktH/
357. http://18.220.178.19/wp-content/DOC/dMSy97nt/
358. http://247mediums.nl/wp-content/Document/O5DWQZDa1KA/
359. http://5stmt.com/wp-content/dpotq-UZx8OLOSSds1siw_LbLcKCOg-Bjh/0rqhi9-nqguasg-dwaapz/
360. http://7uptheme.com/wordpress/FILE/e5OEQZYTL6K/
361. http://8bdolce.co.kr/wp-content/uploads/DOC/PRT7htcSPUXL/
362. http://a2-trading.com/wp-admin/DOC/MUBBGU4h/
363. http://abmvs.org/wp-includes/Document/MSjm0VUK/
364. http://adammark2009.com/images/INC/VTkk0GGi/
365. http://adamsm.co.za/wp-includes/vd0m-b567oz-djmahg/
366. http://agipasesores.com/Circulares_archivos/INC/Ftyw98Vrhcd0/
367. http://almourad.net/cgi-bin/1grsjlc-n75ru-citeh/
368. http://alokdastk.000webhostapp.com/wp-admin/Document/fY0zM5V9/
369. http://alpreco.ro/wp-includes/Scan/acA7yJJgsgM/
370. http://altituderh.ma/wp-admin/LLC/TZ9jOPuXQqf/
371. http://animalclub.co/wp-content/INC/ma9oNRz8wQw/
372. http://animalclub.co/wp-content/Scan/z8nYBgot7C/
373. http://ansegiyim.ml/wp-admin/FILE/mFvyd1nObs/
374. http://aqua.dewinterlaura.be/wp-snapshots/FILE/YAgKZrSXz6O3/
375. http://arteza.co.id/wp-includes/1ixhqs0-xn7qm7-uqygd/
376. http://artfuledgehosting.co.uk/wp-content/o04y8-49j3ou-iybfw/
377. http://artwithheart.com.au/wp-admin/unn5cnb-659w3-qmny/
378. http://asperm.club/wp-admin/dypkd34-vtqmx6-ueoi/
379. http://auraco.ca/ted/INC/t5GZsEJl9SW/
380. http://autmont.com/vrgyd9u/Scan/WQCsh4c5/
381. http://aviciena.id/data/h4gu-ujnmh5e-wpae/
382. http://banzaimonkey.com/images/INC/Qneq1xFY/
383. http://baping.xyz/wp-includes/sec.myaccount.resourses.net/
384. http://bayborn.com/wp-content/INC/ZRriAvfFu2/
385. http://belart.rs/images/FILE/Mig63c0nMMM/
386. http://belart.rs/sitemaps/Scan/29kTwIP7R/
387. http://benitezcatering.com/wp-includes/INC/sk5FCoEdrr/
388. http://best-baby-items.com/wp-content/LLC/Tp0cNxIsRrw5/
389. http://best-baby-items.com/wp-content/LLC/Tp0cNxIsRrw5//
390. http://best-baby-items.com/wp-content/LLC/Tp0cNxIsRrw5/\/
391. http://bestflexiblesolarpanels.com/local/Document/1PvDX24wx/
392. http://bestflexiblesolarpanels.com/local/Scan/3faIcujtVCBQ/
393. http://betmngr.com/wp-admin/DOC/YzSVPZ9hrg/
394. http://bizajans.com/engl/LLC/KRF8Oiy8pkvA/
395. http://blog.almeidaboer.adv.br/wp-admin/Document/859f48i8u/
396. http://blomstertorget.omdtest.se/wp-admin/LLC/xkyQ34QyU/
397. http://boyuji.cn/uh62ssy/DOC/7zUlkAlgqn/
398. http://boyuji.cn/uh62ssy/pe2ytf-bmmi0p-nldtrbp/
399. http://broadcastandcablesat.co.in/wp-content/uploads/ok62s8-4y5r4-rzzgy/
400. http://brunocastanheira.com/wp-includes/Scan/KgqtLjuwL/
401. http://brutalfish.sk/dropbox/nnRtP-wDUOk2fhYjJpIMC_udTPKKan-cyq/DOC/GTul5ih52ka/
402. http://caccng.org/wp-content/scxb2-vy5pk-gbdmxg/
403. http://cbctg.gov.bd/backup/LLC/eCiLfQCHV4CD/
404. http://cheapesthost.com.ng/cgi-bin/INC/S72k7Mss9z/
405. http://classicimagery.com/System/Document/Wp2teAGDd2D/
406. http://cleverdecor.com.vn/wp-includes/Scan/l8upf42AAi/
407. http://cocnguyetsanlincupsg.com/wp-admin/Document/erWcIf62cV/
408. http://codeproof.com/blog/wp-content/Scan/P6Ub1lpPgM/
409. http://coine2c.com/wp-admin/Document/N4TXNpkcnkP/
410. http://coine2c.com/wp-admin/FILE/C8xVRRVhXaqV/
411. http://conceptcleaningroup.co.uk/wp-admin/DOC/KnhtINN9j4W/
412. http://creaception.com/wp-content/Scan/XAmREFvH/
413. http://creativeplanningconnect.com/lttcjwb/DOC/UFYXNJvRDzz/
414. http://crepuscular-blot.000webhostapp.com/wp-admin/Scan/Yv65riHR/
415. http://crystalclearimprint.com/cgi-bin/LLC/Scan/evHAdDO4sEe/
416. http://crystalclearimprint.com/cgi-bin/Scan/n6VcQiw7Vljg/
417. http://csnserver.com/blog/file/bh9ssw8xhb/
418. http://cybersol.net/Talina/DOC/y3zN54ObQQ/
419. http://cyborginformatica.com.ar/_notes/Document/3M24gsUy/
420. http://cyzic.co.kr/widgets/Document/o1WyNlMZ/
421. http://danslestours.fr/calendar/FILE/krAF49NtkIfN/
422. http://datatechis.com/dis4/DOC/aZ0COB9ePkuN/
423. http://dchkoidze97.000webhostapp.com/INC/DOC/JVdpeoOj/
424. http://decotek.org/orange/INC/dZfkQlTEOaaj/
425. http://dev.colombiafacil.com/aj966rj/lpmb-xawqu-yibhjrq/
426. http://didone.nl/wp-includes/DOC/EFwl7pBfkz/
427. http://dinobacciotti.com.br/2eqt/DOC/iYuy5TSy/
428. http://disbain.es/wp-includes/INC/kxs0wmVKn/
429. http://disbain.es/wp-includes/LLC/q77VFIwpdj/
430. http://distorted-freak.nl/html/FILE/zpLf44BbJW/
431. http://dosejuice.com/wp-content/uploads/FILE/oK0Qu6V4PCaO/
432. http://dptcosmetic.com.vn/zy6xstp/Document/b3gMbHtk9Pa/
433. http://drmarins.com/wp-includes/tsvca-mb38h-yadqrkf/
434. http://drtz.ir/wp-content/pvnucs-oco1qbn-wjrahz/
435. http://dynamiko.in/wp-includes/mrptyu-tbuyns-ykqwz/
436. http://dziennikwiadomosci.pl/1wn83nx/FILE/TVnCE6dzXfad/
437. http://easymoneyfinance.co.uk/wp-admin/Document/ozik8bJEkR/
438. http://easymoneyfinance.co.uk/wp-admin/INC/CoU6QAFhXj/
439. http://ecominser.cl/k2rojqs/c4injk-93ayyhg-dmalke/
440. http://ecube.com.mx/js/Document/UqqUUPae/
441. http://ed-des.pp.ua/tmp/Document/aHwBdhVU06L/
442. http://egyamd.com/zohoverify/omey-6a4be-zckcm/
443. http://ekmathisi.gr/wp-admin/ola4tf-ilsgvi-flvj/
444. http://emst.com.ua/wp-admin/x7daa-qxpadiu-axvoa/
445. http://encorestudios.org/verif.myacc.resourses.net/INC/o7TGSPY3WJ5i/
446. http://equintl.com/wp-admin/63t1f-ttcw1m-pvsjjhg/
447. http://equipares.org/site/wp-content/uploads/2018/ktphjnz-bhtmwzc-dkcpy/
448. http://exotechfm.com.au/YDmHx-wlaRWdBx0K3g9n_PDbPkfUl-iT/Document/sZXPLYmfrn4/
449. http://exotechfm.com.au/YDmHx-wlaRWdBx0K3g9n_PDbPkfUl-iT/FILE/xIRB65q6oM7/
450. http://fastrxtransfer.com/cgi-bin/Document/BWEX8Ci6QH/
451. http://finessebs.com/cgi-bin/fw2y7-yfpvv2-bbtbvrn/
452. http://fisiocenter.al/wp-includes/FILE/xWZTabX3juy/
453. http://fizcomgiz.com/rossonini/vtst-xditp-flvfw/
454. http://fmpdaq.org/wp-includes/nv2dz0-s56k6-urfli/
455. http://fondation.itir.fr/wp-includes/Scan/Rqh6myZMyyw/
456. http://fon-gsm.pl/ip5daee/FILE/g6iz5w3reL/
457. http://frazilli.com.br/wp-admin/o5v7pq3-00yh7m-jnveoi/
458. http://ftanom.cf/calendar/INC/q4JATmHI2/
459. http://fuhafarm.com/backup/c2ri-5e49v1k-cdthera/
460. http://fullstature.com/mid/DOC/1FoKzeUWrG0/
461. http://funfactz.xyz/wp-includes/mf50-vggj2h-synvmlr/
462. http://fxbot.trade/wp-admin/LLC/gC4oh2pa/
463. http://galiarh.kz/wp-admin/DOC/XAWBqhjyl8/
464. http://gamvrellis.com/MEDIA/Document/ZyhQ1NSThTq/
465. http://gamvrellis.com/MEDIA/Scan/6gV22NlO/
466. http://gargzdai.info/INC/LLC/7Ie6eZMLiVj/
467. http://gce.com.vn/wp-admin/93mad-q2d585c-zedsl/
468. http://gce.com.vn/wp-admin/Document/EiX2b35YyXXA/
469. http://gdscpt.co.za/i2r3bzu/hf7q-r5897z-vudql/
470. http://gkpaarl.org.za/language/Document/IUTlwZtOm/
471. http://gldc.in/wp-admin/DOC/vNQxBSXmXaxc/
472. http://glmalta.co.id/wp/yjjd6st-ldo31s-lcqm/
473. http://gn52.cn/css/8kudyg-a5e5aps-yadlu/
474. http://gogo-lam.xyz/wp-admin/ut1id9w-jvk9v7-lrlnxxi/
475. http://grasscutter.sakuraweb.com/wp-admin/Document/ZsUUTzYbqan3/
476. http://grimix.co.il/wp-admin/LLC/dyFfxviI/
477. http://grupohasar.com/wp-content/plugins/bwp-minify/cache/INC/MtIqEHAxPzr/
478. http://halalonlines.000webhostapp.com/wp-admin/Scan/3jamtbrR/
479. http://haovok.com/wp-content/uploads/2019/FILE/nNcvKphY/
480. http://haovok.com/wp-content/uploads/2019/LLC/daBm7oLYz/
481. http://happytobepatient.com/o8rxofd/FILE/aIG1RMmnsmuP/
482. http://happytobepatient.com/o8rxofd/INC/xPdFKNUSp9/
483. http://hc12366.xyz/wp-content/k1tiy8g-5fqrvba-wuypl/
484. http://hcdigital.pt/inversodiverso.pt/qq379i-u8tn43-gxuph/
485. http://hermagi.ir/wp-includes/Scan/TSJGwwVWcb/
486. http://herpesvirusfacts.com/wp-admin/INC/j2Vp3YZx/
487. http://hgrp.net/contacctnet/DOC/EN3pcXpi/
488. http://hibara-ac.com/wp-content/uploads/bzgo08-gw44rpj-vuvwft/
489. http://hydtvshow.xyz/wp-content/DOC/pYNcc4SD/
490. http://ichikawa.net/wvvccw/LLC/aebK5nldD/
491. http://ictlagos.tk/cgi-bin/INC/7brhggt6c/
492. http://iddeia.org.br/wp-admin/dwsql5-rrpc9-gsaugfq/
493. http://iddeia.org.br/wp-admin/FILE/svemClVksz/
494. http://idfutura.com/Matt/Document/gbmIHmbcn8QP/
495. http://idrmaduherbal.in/wp-admin/INC/H9yrE0ki/
496. http://idrmaduherbal.in/wp-admin/Scan/Fx57YVdC/
497. http://ifdgroup.xyz/wp-admin/dx9nu-6cdwe-kzbkyu/
498. http://ikatan.org/wp-includes/uh8ygr-7p58h4t-mueraw/
499. http://ikeba-fia.unkris.ac.id/wp-content/FILE/GbhcbLhUKQH/
500. http://immigrant.ca/wp-content/FILE/hh9T4aoowVl/
501. http://impactclub.ml/wp-admin/Scan/HeoGINYg8M/
502. http://impro.in/components/Scan/RZpKnOv4/
503. http://indushandicrafts.com/wp-includes/DOC/rFKQg25DkWG/
504. http://industriy.ru/wp-admin/19nvu4p-7kpgg1y-kxfdk/
505. http://info-checkus.000webhostapp.com/wp-admin/LLC/lMDbFjgxrK/
506. http://innomade.ch/upgrade/Scan/InWpS9ZJJZCt/
507. http://inputmedia.no/wp-admin/DOC/HxVtshJi/
508. http://intersped.com.pl/X/Document/h991YH58CFHH/
509. http://inttera.pt/eletricidade/kjsrf6-evighre-ghuag/
510. http://ione.sk/isotope/FILE/8eBIbUhqgQM/
511. http://irbf.com/baytest2/DOC/HHk7HktmKOz/
512. http://isais.or.id/4wo96yq/Scan/MPFYxyNa2L/
513. http://ishita.ga/wp-admin/1wzc-3rxck-msht/
514. http://iskgelion.ru/wp-admin/00oq79-8w3fs-kntjr/
515. http://itqan.qa/wp-includes/LLC/hedH9iUzracO/
516. http://its.ecnet.jp/logs/DOC/hpE5l1Izt3e6/
517. http://its.ecnet.jp/logs/FILE/EaOeb1Yx/
518. http://its.ecnet.jp/logs/FILE/YlNddIYSp0/
519. http://jack4jobs.com/wp-includes/FILE/TVuQ0c71iY/
520. http://jamessilva.com.br/wp-includes/Scan/oqchXI2lC/
521. http://janetjuullarsen.dk/ydcb7-9ftb6-beob/LLC/WK0K8eFbt7/
522. http://jati.gov.bd/wp-admin/jksk4-dxhs7j-mkwdnb/
523. http://jbint.org/wp-content/Scan/ysI1bcJZVmD/
524. http://jillysteaparty.com/wp-includes/DOC/ADfgCIQjz/
525. http://jmbtrading.com.br/secure.myaccount.resourses.net/LLC/NELenkdNn/
526. http://jmd-be.com/wp-content/FILE/oHDIVDJOPz/
527. http://jpt.kz/wp-admin/Scan/wS7f6maMX85L/
528. http://judygs.com/there/Document/j8DTGgI3/
529. http://jurafonden.dk/wp-admin/FILE/xycmtjtrif/
530. http://jvalert.com/wp-content/DOC/8YUO4IswAah/
531. http://kalamfaadhi.com/wp-admin/FILE/pxQNgAlBF0o/
532. http://kejpa.com/shop/FILE/5s8iDk2cV/
533. http://k-marek.de/assets/Document/khth6PsCjg/
534. http://kodlacan.site/wp-includes/FILE/SAl08ftR/
535. http://kolarmillstores.com/wp-admin/Document/YUpHpZGD/
536. http://korfiatika.gr/wp-content/Document/YPJXH9YDwBB/
537. http://krisen.ca/cgi-bin/Scan/Pyz2ddyaL6/
538. http://kviv-avto.ru/wp-admin/h5umf-n4zpt-izehp/
539. http://kynguyenso.cf/wp-content/DOC/LeKrsHlDd/
540. http://lalunenoire.net/loggers/LLC/rOWVsJIY/
541. http://leesin.work/wp-admin/DOC/VokhIefIUL/
542. http://lequie.de/wp-includes/INC/pII5fmfnlXwP/
543. http://likenow.tv/wp-admin/INC/6KZHVDkshuuf/
544. http://likenow.tv/wp-admin/LLC/tfE5ZAWEfAcp/
545. http://linkmaxbd.com/web/INC/mpcBksf9hW/
546. http://lorigamble.com/wp-admin/INC/hJH0y0so/
547. http://ltvxy.in/wp-content/l4cs-gn1plb8-kqjq/
548. http://lumina.ec/5frezkr/4scb-svxw6yz-gywy/
549. http://luxycode.com/wp-content/DOC/W2Ols88xG1/
550. http://mahmud.shop/wp-content/uploads/LLC/aTv9eetUYF/
551. http://ma-masalikilhuda.sch.id/wp-content/zzjes-mf3xv-inhddd/
552. http://mance.me/eroticartsagency.com/INC/3IdNdxts/
553. http://mansanz.es/banuelos.mansanz.es/Scan/Mdc7EZVyH0/
554. http://marbellastreaming.com/2016/FILE/wrKdoFz8u/
555. http://marbellastreaming.com/2016/LLC/nuT2k7S9279r/
556. http://marcofama.it/tmp/DOC/xGHy3BXetzI/
557. http://marcofama.it/tmp/FILE/ftoB9pe3dsxR/
558. http://marcofama.it/tmp/INC/sk0Vd75U8/
559. http://masholeh.web.id/wp-admin/Document/gwdkCEdcvU/
560. http://maxfiro.net/wp-content/Document/jGqdP9IiGDL/
561. http://ma-yar.com/wp-content/g6pw-w1c09k8-kaqdsj/
562. http://mbogers.nl/wp-content/w8wv561-jenf4py-rwpq/
563. http://mcclur.es/wp-content/Document/HMZjl2uPecbY/
564. http://mc-squared.biz/note2/Document/8nO0uIP51/
565. http://mc-squared.biz/note2/Document/YjnmaiFA/
566. http://medyalogg.com/wp-content/ai1wm-backups/yw1h2c-0osgc-jzuo/
567. http://meetline.ml/wp-admin/7pl2yf-9x5lw06-dosw/
568. http://metajive.com/work/LLC/4Xz3EARuueu/
569. http://millenoil.com/modules/smarty/sysplugins/FILE/hpkQXIc7u/
570. http://millenoil.com/modules/smarty/sysplugins/INC/KglKD6uKoKj/
571. http://millenoil.com/modules/smarty/sysplugins/INC/VPh5VfKUi/
572. http://mindymusic.nl/US/Scan/COdwLdcr/
573. http://mmtsystem.net/wp-includes/Scan/yuu8uCqMT/
574. http://mnonly.com/faq/Document/DEXliynit5/
575. http://mobility-advice.org.uk/cache/FILE/JwPpi4XpGt0/
576. http://moes.cl/cgi-bin/Document/5YM4AEqn/
577. http://moes.cl/cgi-bin/Document/TkSDCahnFR4/
578. http://momtomomdonation.com/dbau/Document/nI8m9zd8zh/
579. http://moolchi.com/wp-includes/LLC/umvy1iKh/
580. http://mudra.vn/wp-includes/FILE/1LYeXAWyfwq/
581. http://musicassam.in/pj3folo/Document/fCGPP0pAe/
582. http://musicfacile.com/cgi-bin/Document/SnE00HjeSbMl/
583. http://my2b.online/wp-admin/5n5hlp-qesabtj-bkhkwc/
584. http://mybigoilyfamily.com/vrjq0aa/FILE/R9HmTHv9U/
585. http://mywebnerd.com/moodle/FILE/PPFvPjw2MMO/
586. http://mywebnerd.com/moodle/FILE/yutO8Dt7rjw/
587. http://nailideas.xyz/wp-content/29fe8-h43a5h-ntzskzu/
588. http://narayanhrservices.com/wp-admin/Document/wOjMKy5Cd/
589. http://natenstedt.nl/TWPqQ-LHGr5VrBGWRa77_hbSmEhUOT-nk7/DOC/hR50weYp/
590. http://nativis.at/wp-admin/FILE/pean3sr3R/
591. http://naum.cl/8mljmyk/Document/zCUguIDyn/
592. http://nekudots.com/wp-content/Scan/uNandEWEsw/
593. http://newgmp.000webhostapp.com/wp-admin/Scan/JG1vxgDirn/
594. http://newlaw.vn/wp-content/DOC/uTxh3tCdyyYw/
595. http://newlaw.vn/wp-content/FILE/DlCmb2L9/
596. http://nexusinfor.com/img/LLC/oK9GdioKdu/
597. http://ngobito.net/samaki/INC/Bd1m3Yyd/
598. http://nhahuyenit.me/wp-admin/DOC/PPIOhD4q/
599. http://nhahuyenit.me/wp-admin/INC/YcjkRRDg/
600. http://nissanquynhon.com.vn/kfde/DOC/Sqb3zCtof/
601. http://nissanquynhon.com.vn/kfde/FILE/IiNPlQI6e/
602. http://nutricioncorporativa.com/wp-content/FILE/sLXPRyYt/
603. http://ohmpage.ca/reviews/Scan/x1ajoUVS/
604. http://omnieventos.com.br/INC/FILE/pWCXwMB53/
605. http://onedollerstore.com/wp-content/INC/sjHO7CZnS7Is/
606. http://onesecurityinternational.com/cgi-bin/m7yi-feamqc7-xcwn/
607. http://onestin.ro/wpThumbnails/Scan/BiKidQ60Zd34/
608. http://onino.co/wp-admin/INC/oBohRr49TI/
609. http://onlinemafia.co.za/cgi-bin/Document/ri5Nt1Do6TS/
610. http://orientaltourism.com.ua/wp-includes/hxt4e-lg4re-zmery/
611. http://orthosystem.de/wp-admin/Document/4Yz4XS5tfTKN/
612. http://oushode.com/wp-includes/74v1-ppq8t81-hcfvskm/
613. http://oxenta.com/wp-admin/FILE/FfI0aODKuLP/
614. http://ozkayalar.com/admin836cnxhpb/INC/vCs4LBg91KLI/
615. http://ozkayalar.com/admin836cnxhpb/LLC/EsRh9S6OhJY/
616. http://ozkayalar.com/admin836cnxhpb/llc/rm7o1nlygbwp/
617. http://pakuvakanapedu.org/wp-includes/Document/pZT2051GQ/
618. http://passelec.fr/translations/DOC/iKrUU0k0UUf4/
619. http://passelec.fr/translations/FILE/wOepwzm6wE/
620. http://pcccthudo.vn/wp-content/uploads/2019/03/Scan/fpANDNXMxOHu/
621. http://pcsafor.com/coches/FILE/7siHs9I82Qy/
622. http://pekarkmv.ru/wp-admin/dvst3-usep55h-uvht/
623. http://pepsida.cn/wp-includes/i1nsp2-21g6qj-owaiup/
624. http://pescadores.cl/porteria/Document/liimDlIZ3UgF/
625. http://pessoasdenegocios.com.br/img/Document/iRIbbwCi520/
626. http://phanphoidongydungha.com/o4ci7l9/INC/UbxquS6Bi6z/
627. http://pilyclix.cl/wp-includes/Document/WS523Fhz/
628. http://pilyclix.cl/wp-includes/FILE/AVToMWLzdM/
629. http://planktonik.hu/menu/Document/iwyd3N7g/
630. http://plitstroy.su/wp-admin/INC/fRnLFTE34HHG/
631. http://pmpress.es/img/INC/Tmnh8vbRn8B/
632. http://porchestergs.com/AGM/INC/HetudumcZN4z/
633. http://porchestergs.com/AGM/LLC/4ywIbC2y12OQ/
634. http://potterspots.com/cgi-bin/LLC/GCsQ0w6mtON/
635. http://pr.finet.hk/wp-content/uploads/gtxipn-ej9nyad-cujygi/
636. http://prelava.pt/cgi-bin/3qeuo-cp7vnqh-whginbk/
637. http://privatekontakte.biz/wp-admin/Scan/xsa3bGMU/
638. http://proxectomascaras.com/wp-admin/FILE/MoviwLD4/
639. http://psicologiagrupal.cl/wp-admin/FILE/eSzL4nhVV/
640. http://publiplast.tn/wp-admin/DOC/5AfyWL2h/
641. http://punter.tk/wp-admin/gilpe5j-ntpx1c-lwub/
642. http://pursuittech.com/css/FILE/bOCHcsCVV/
643. http://pursuittech.com/css/INC/BD7QRlHj/
644. http://quoc.ga/duil/8kds5-zs00vgz-tgstnb/
645. http://radioshqip.org/assets/img/LLC/SAmcekcMWIrf/
646. http://raptorpcn.kz/wp-admin/Scan/mDdG9wJG872Y/
647. http://reckon.sk/e107_admin/FILE/tRM7hYrKbxi/
648. http://redcarpet.vn/wp-admin/INC/XO7NVbJo0/
649. http://redcarpet.vn/wp-admin/Scan/m86YPP9p/
650. http://removeblackmold.info/wp-admin/LLC/fmkSSQQpEg/
651. http://remyshair.com/wp-includes/Scan/abIV8YQMXw/
652. http://revolum.hu/templates/INC/jOu7xsMf/
653. http://revolum.hu/templates/Scan/GHbIy6LJ/
654. http://rinconadarolandovera.com/calendar/Document/SoACKdI7e/
655. http://robertwatton.co.uk/uo_LL/Document/kBXHhLVO6d/
656. http://robertwatton.co.uk/uo_LL/FILE/ZL6bxPKt1pi/
657. http://rusticwood.ro/ww4w/FILE/lISy1Guqwv/
658. http://sahityiki.com/wp-content/Document/5sW2c36r/
659. http://sanduskybayinspections.com/logon/INC/faPTBBehC/
660. http://sanduskybayinspections.com/logon/Scan/eQjxQEiWLDDh/
661. http://sbmlink.com/wp-admin/INC/8Cn6DjkmRS4n/
662. http://sbs-careers.viewsite.io/css/Scan/rBMy8cTw7jAs/
663. http://school118.uz/wp-admin/qfp7-4hkrzh-wsiuk/
664. http://sciww.com.pe/img/Scan/CXjxHHNSd/
665. http://sdilindia.com/wp-admin/INC/DdVCFNY59U/
666. http://sendestar.com/wp-includes/DOC/lFoREPbI/
667. http://sercommunity.com/demo1/Document/MLGBReB8Qi8/
668. http://sercommunity.com/demo1/FILE/NH7CfTdG/
669. http://servidj.com/cgi-bin/DOC/q17zxgX30/
670. http://servidj.com/cgi-bin/DOC/WDOnoYfqEy/
671. http://seymourfamily.com/analytics/tmp/INC/5RZmFsaGIK/
672. http://shakhmed.com/css/FILE/yQP5rQql9jLD/
673. http://shakhmed.com/nigok/FILE/EvYJbrOJjq/
674. http://signsdesigns.com.au/bairdbay/Document/l98L3ixH1/
675. http://signs-unique.com/tn3gallery_full/Scan/ueuak6Bxlu/
676. http://simlun.com.ar/css/INC/mOD9SC4aJ/
677. http://simonflower.co.uk/INC/ALIwZsLbPHg/
678. http://simplyresponsive.com/wp-admin/INC/TdiHM0JK/
679. http://simplyresponsive.com/wp-admin/Scan/k3nheq3BZ/
680. http://sjhoops.com/LLC/NaLjytxatR/
681. http://skygui.com/wp-admin/Document/w0nwcnsSqg/
682. http://slenz.de/cgi-bin/Scan/RuwJYSsAZ/
683. http://sliceoflimedesigns.com/journal/Scan/nyVglVNRs/
684. http://slmssdc.000webhostapp.com/wp-admin/DOC/Y9hS0j0lHw/
685. http://smarthouse.ge/journal/Document/k5HZMbZS/
686. http://smarthouse.ge/journal/LLC/TvxcO17B/
687. http://smits.by/application/DOC/COhyszYNSkoU/
688. http://sneezy.be/downloads/Document/fydquakE6lQ/
689. http://sneezy.be/downloads/Scan/bbgS1EMMmo/
690. http://social.nouass-dev.fr/wp-content/Scan/wyEE4EIpx7U/
691. http://solpro.com.co/wp-includes/DOC/gTb91Y6tAZ/
692. http://solpro.com.co/wp-includes/LLC/zEWrFzpS/
693. http://solpro.com.co/wp-includes/Scan/jQHM9PERSiA/
694. http://songdung.vn/4d4ixle/DOC/HYgBv8CFypi/
695. http://sooq.tn/g435goi/LLC/Snq8H0Rs/
696. http://sosctb.com/stats/LLC/RB0i4s7Mht/
697. http://speedgraphics.jp/_baks/DOC/6SF3DHqYhPQ/
698. http://spicegarden.co/wp-admin/Document/BEC0pgyNFJ/
699. http://spitbraaihire.co.za/scan/xcujox3n/
700. http://sputnik-sarja.de/LLC/QfvDv9ddh/
701. http://spyguys.net/cgi-bin/LLC/jZoxe8Lzq/
702. http://srconsultingsrv.com/aspnet_client/FILE/LELienyAm5N/
703. http://srle.net/sale/Document/U7yYTrYi/
704. http://stanica.ro/suspended.page/DOC/Pz4Ba9lCYB/
705. http://starkov115.cz/installation/Document/EJiGN85IB/
706. http://stay-night.org/framework/images/uploads/FILE/miOpKS6sG/
707. http://stay-night.org/framework/images/uploads/INC/Janevx4Ga/
708. http://steelimage.ca/cgi-bin/Document/sIhh72ulT/
709. http://stickzentrum.ch/informationen/Document/nmBzDOCEPz/
710. http://stillerdigitaldesign.com/wp-includes/FILE/chYJWyDM6zc8/
711. http://store503.com/vqmod/LLC/qOGGxjo82F/
712. http://strijkert.nl/download/519foq-wxu2j-kxpx/
713. http://studiopryzmat.pl/cgi-bin/INC/mNiKnd9ZRT/
714. http://studiospa.com.pl/images/Scan/mxBHO54Z/
715. http://sulovshop.com/wp-admin/INC/kVhF9AlSSx/
716. http://svadebki.com/js/Document/pZT0MRHhau/
717. http://swandecorators.co.uk/journal/LLC/rzksqYqrm/
718. http://symbiflo.com/PJ2015/INC/784W8VCmXj0/
719. http://szaho.hu/wp-admin/FILE/H3flrdrI/
720. http://tagrijn-emma.nl/wp-content/Document/y0zJnhjV/
721. http://tcmnow.com/cgi-bin/FILE/U9kPpV6xe3uX/
722. http://teardrop-productions.ro/menusystemmodel003/Document/AzPIM4Dp65h/
723. http://tedbrengel.com/enmemtech/Scan/hqQEbIHYD7/
724. http://teledis.fr/updates/INC/GwbOxvrw6I/
725. http://terminalsystems.eu/css/LLC/e0EedNmcQWx/
726. http://thatavilellaoficial.com.br/spmuuhl/LLC/6RvzAezGPE/
727. http://thealdertons.us/scripts/INC/291YydDL/
728. http://thebermanlaw.group/wp-content/FILE/9GAhnKQW/
729. http://thedopplershift.co.uk/Information/LLC/w8hVYpn53es/
730. http://thehangout.com.au/wp-content/DOC/udrUoCOke383/
731. http://theothercentury.com/FILE/8WWR9Qet/
732. http://theothercentury.com/FILE/FILE/qrdAFTyyv/
733. http://therundoctor.co.uk/dev/Scan/rjdkopyMgvkd/
734. http://thinking.co.th/publicdatabase/Scan/zITosqWl/
735. http://thitruonghaisan.com/wp-admin/qiz0-zayz84j-zzrpcdf/
736. http://thunkablemain.000webhostapp.com/wp-admin/INC/83ptVEXfxAz/
737. http://tigerlilytech.com/INC/Scan/U7uPMzOb/
738. http://tinxehoi.vn/wp-includes/DOC/TkKm6RnrTNt/
739. http://titancctv.com/img/5mmpkl-yhx9e-vkokf/
740. http://tjr.dk/amsterdam/file/ft0f6liwhei/
741. http://tjr.dk/amsterdam/Scan/5yNWtthoOH/
742. http://tklglaw.com/wp-admin/INC/527LruI5F/
743. http://tkmarketingsolutions.com/skynet/INC/kw3PQKSnbage/
744. http://tksb.net/DHL-tracking-1534878060/INC/nqKqx9gy/
745. http://tksb.net/DHL-tracking-1534878060/Scan/JQWgEI5u0Amg/
746. http://todomuta.com/tm/INC/jXQ6wZkLswqp/
747. http://tohkatsukumiai.or.jp/img/INC/XPm3QwY1C0W/
748. http://tohkatsukumiai.or.jp/img/LLC/rG19fwKp5sGt/
749. http://tokai-el.com/download/Scan/w7RYfDyXy/
750. http://tony-berthold.de/_private/FILE/ghduTTrL3/
751. http://topgas.co.th/lthJk-9l1PUQnCptcE7D_OXJdrcYg-yCU/LLC/2xctcrJ0/
752. http://toppprogramming.com/mail/Scan/hMdjMwgKXJQ3/
753. http://toshnet.com/cgi-bin/cmqnx-a90pzo4-xaklpjn/
754. http://tpc.hu/arlista/Document/HwdRdSEOit/
755. http://tpc.hu/arlista/yh7lfsy-33eyh-ykwr/
756. http://tplsite.be/sleepandparty/Document/6aaqHSrDKBVM/
757. http://tplsite.be/sleepandparty/INC/02U6Fpio4b/
758. http://tradelam.com/fonts/LLC/hwXgo085dLt/
759. http://travelhealthconsultancy.co.uk/images/Document/5ZZNWLrbwUY/
760. http://try1stgolf.com/ebay/DOC/t6w0pulbA/
761. http://turisti.al/xh25ohq/INC/0k4ZIBvU/
762. http://turkandtaylor.com/wvw/Document/vnyta9UE8IU/
763. http://turkexportline.com/e-bebe/Scan/BcH4Q02S/
764. http://tylerjamesbush.com/wp-content/plugins/gotmls/safe-load/Scan/Me4EIoJf/
765. http://ukdn.com/TempHold/Document/fZRRfC4NREy/
766. http://unioneconsultoria.com.br/a5n3run/Document/sggPdd9pbp/
767. http://unioneconsultoria.com.br/a5n3run/s7ho-8d4t4bp-ioqkcg/
768. http://urbanmad.com/wp-snapshots/Document/HkpZb4QCCg/
769. http://usgmsp.com/temp/FILE/XlSxIa6kVo8/
770. http://usmadetshirts.com/loges/DOC/hQngDZHB94/
771. http://uss.ac.th/cgi-bin/FILE/GDddX7MX/
772. http://vacaturesbreda.nl/cgi-bin/y8vodvz-9lo40h-lxba/
773. http://vayu123.000webhostapp.com/wp-admin/FILE/r4UNyFaIEmon/
774. http://vcontenidos.com/wp-admin/LLC/cvKYwKPk2J8/
775. http://vegapino.com/wp-admin/DOC/j7I7zTez/
776. http://vensys.es/blogs/Document/HH8n8fewY35E/
777. http://veryplushhair.com/wp-content/FILE/RMkSgxCpCNbn/
778. http://vicentinos.com.br/wp-content/nilvlo-mtuuhc-uycxn/
779. http://videografi.unsri.ac.id/wp-content/Scan/Bv8qn61Sue01/
780. http://vipkon.com.tr/wp-includes/Scan/zyvGWnI9/
781. http://vitalazu.com/wp-includes/Scan/SK6Bcdzd/
782. http://vitallita.com/wp-includes/Document/aJQetqNq/
783. http://viwma.org/cli/FILE/W1gS3rMeZfXT/
784. http://viwma.org/cli/INC/28SL3gaOVoW6/
785. http://voyage.co.ua/mailsend/DOC/eXyORgeGMU/
786. http://vsg.inventbird.com/wp-admin/FILE/pETYmlct1VQ/
787. http://vucic.info/FILE/TX9QbHyHs/
788. http://warah.com.ar/2PS/DOC/ysmOyvxA9e/
789. http://warah.com.ar/2PS/INC/U7NTNzbz/
790. http://watchesofswitzerland.eu/wp-content/LLC/MdIuHQ2yerR/
791. http://watelet.be/form_check/FILE/GxMXZRNYhrj/
792. http://watelet.be/form_check/FILE/u7OL08iBFE/
793. http://webbsmail.co.uk/Scan/VtoTwwH1XCST/
794. http://webdesign2010.hu/FILE/asihbMvM9/
795. http://webitnow.net/wp-content/FILE/3AYeP3B3s/
796. http://webplaner.ch/zbika/Document/jFlspG18YB/
797. http://webtask.com.br/old.old/FILE/Ztjai0dizq/
798. http://weizmann.org.au/wp-content/Document/INC/dATppDEcQP/
799. http://weizmann.org.au/wp-content/Document/tD0wPvJKpcnY/
800. http://wigginit.net/wp-includes/Document/N7NvmFTxSjm/
801. http://willemvanleeuwen.nl/autos/Scan/Ko9DaN4t/
802. http://wirelessdatanet.net/2/inc/jhm54nrmkfn/
803. http://wordcooper.com/wp-includes/Scan/p4oJcoyx/
804. http://wordpress.demo189.trust.vn/wp-content/uploads/DOC/dQegzQEK/
805. http://wordpress.demo189.trust.vn/wp-content/uploads/INC/igi5cZXN10/
806. http://worksonpaper.jp/about/Document/gyGj8cBz6VE8/
807. http://wuelser.com/dbox/FILE/zh3B7fSeB/
808. http://www.178zb.com/avcupkl/DOC/JyTuZk0xuP9n/
809. http://www.bluboxphotography.in/wp-admin/Scan/gEnZ5gqWl3/
810. http://www.gcshell.com/wp-content/0d9l-r5yrq8l-yyzt/
811. http://www.hotissue.xyz/wp-content/Scan/HCUqGGh2llo/
812. http://www.kampolis.eu/test/bm3q67b-cgfju-middpd/
813. http://www.koolak.store/wp-includes/u8811-hsme4r-gbvmhe/
814. http://www.kvsc.com.my/rtrtgtm/Scan/qr3tV6C84k/
815. http://www.lamonzz.com/qs6seo4/INC/pzS01fdzKqY/
816. http://www.lecombava.com/Surlenet/Document/VgT6dUKF84J9/
817. http://www.schoolw3c.com/wp-admin/DOC/yKvqndz5YBB/
818. http://www.schoolw3c.com/wp-admin/Document/NKIUuGXqacuy/
819. http://www.stephanscherders.nl/koken/LLC/X4Ny5hLl/
820. http://www.stephanscherders.nl/koken/Scan/VlbTUSPVg/
821. http://www.veryplushhair.com/wp-content/FILE/ScdBnW6fOr/
822. http://www.whwzyy.cn/wp-includes/DOC/FvgpZswZv/
823. http://xianbaoge.net/wp-admin/INC/vhZbyf6FWSjg/
824. http://xianbaoge.net/wp-admin/LLC/wpzSKmtkgrrX/
825. http://xn----8sbabmdgae0av6czacej5c.xn--90ais/test/LLC/LkYZ5W9P/
826. http://xn--altnoran-vkb.com.tr/cgi-bin/Scan/lfFPjmSZfc/
827. http://xn--h1adcfjmfy1g.xn--p1ai/wp-includes/Document/sn68ByVkHh/
828. http://xn--h1adcfjmfy1g.xn--p1ai/wp-includes/LLC/Ow41q51k3HAI/
829. http://xoangyduong.com.vn/wp-admin/Document/GT5kAjJ0KU/
830. http://zahidahmedtk.000webhostapp.com/wp-admin/LLC/WPsHhpN3kXm/
831. http://zfsport.demacode.com.br/wp-admin/Document/55QZCbPvo/
832. http://zfsport.demacode.com.br/wp-admin/Document/auLeu5KY1/
833. https://2drive.us/nb/LLC/TtanW1nrJUwA/
834. https://5stmt.com/wp-content/dpotq-UZx8OLOSSds1siw_LbLcKCOg-Bjh/0rqhi9-nqguasg-dwaapz/
835. https://acewatch.vn/wp-content/Scan/4rCJpYFqQfD/
836. https://addlab.it/dev/floralia/wp-content/uploads/DOC/oT1y2HEAO/
837. https://betrachtungssicht.de/tmp/7h89y-k3gylo-wlrft/
838. https://breeze.cmsbased.net/wp-admin/DOC/M3UjHf3ga/
839. https://business-insight.aptoilab.com/wp-content/Scan/gUoVbp2uXVVe/
840. https://codeproof.com/blog/wp-content/Scan/P6Ub1lpPgM/
841. https://daprepair.com/4u60bnp/INC/eTVfCVdC5/
842. https://diaocancu.vn/diaocancu.vn/FILE/2iBEESdx5Fg/
843. https://docfully.com/wp-content/Document/orXar74Z/
844. https://dosejuice.com/wp-content/uploads/FILE/oK0Qu6V4PCaO/
845. https://drews.com.co/wp-includes/DOC/a0K4kd0cNs/
846. https://dziennikwiadomosci.pl/1wn83nx/FILE/TVnCE6dzXfad/
847. https://eaziit.com/wp-admin/LLC/009nnbue/
848. https://escuro.com.br/ckeditor/FILE/vgrDBXcDeuI/
849. https://fastrxtransfer.com/cgi-bin/Document/BWEX8Ci6QH/
850. https://gargzdai.info/INC/LLC/7Ie6eZMLiVj/
851. https://grimix.co.il/wp-admin/LLC/dyFfxviI/
852. https://happyroad.vn/wp-admin/INC/79ROIie6/
853. https://hcsof.org/jfkv/o_AV/
854. https://ideaware.pl/wp-content/y2xtpg-abzk0u9-mlaqrz/
855. https://ikumoumax.com/wp-includes/DOC/AbyYf25kn/
856. https://innomade.ch/upgrade/Scan/InWpS9ZJJZCt/
857. https://kitkatmatcha.synology.me/qzp/fkr11k-6c35rg2-rwkxzu/
858. https://layanjerepisod.ml/wp-content/INC/EWBof0hFo/
859. https://lcced.com.ve/images/Document/OM7MSewAeQy/
860. https://lucky119.com/wzzeb/LLC/D8PIy3vFHYXv/
861. https://mahmud.shop/wp-content/uploads/LLC/aTv9eetUYF/
862. https://mansanz.es/banuelos.mansanz.es/FILE/ddDU5rk8vCQ/
863. https://mansanz.es/banuelos.mansanz.es/FILE/smDlJsPk/
864. https://maxfiro.net/wp-content/Document/jGqdP9IiGDL/
865. https://mns.media/wp-content/plugins/ucw89y8-ovztoxt-mliql/
866. https://mybigoilyfamily.com/vrjq0aa/FILE/R9HmTHv9U/
867. https://nangmuislinedep.com.vn/wp-content/m9o4p6-s8hzz-kwhuzi/
868. https://pasiekaczluchowska.pl/wp-includes/Document/us2vWlRSVZE/
869. https://psicopedagogia.com/glosario/INC/ggZ5AtNNX/
870. https://pureprotea.com/ynibgkd65jf/LLC/iA0JILhr/
871. https://sebvietnam.vn/gxfwcez/Scan/ssvgKHFapb/
872. https://sillium.de/Scan/INC/QOV4jV6qN/
873. https://solove.show/wp-content/Document/iXW72hjKLv/
874. https://solpro.com.co/wp-includes/LLC/zEWrFzpS/
875. https://suzukiquangbinh.com.vn/wp-admin/INC/Kt4tzCylAPvk/
876. https://synchrnzr.com/audio/LLC/fAsuQTxwI2gK/
877. https://vensys.es/blogs/Document/HH8n8fewY35E/
878. https://weizmann.org.au/wp-content/Document/INC/dATppDEcQP/
879. https://weizmann.org.au/wp-content/Document/tD0wPvJKpcnY/
880. https://wordpress.carelesscloud.com/wp-includes/DOC/t518CXVmc0/
881. https://wordpress.carelesscloud.com/wp-includes/Document/KwJi3g45/
882. https://www.bitsmash.ovh/wp-includes/FILE/N0vZEcKEyTqS/
883. https://www.eratoact.de/wp-content/imyv0-6yh4o-buizw/
884. https://www.estelite.it/wp-includes/2a1x-206i5-sfcf/
885. https://www.festapizza.it/wp-content/uploads/z6k7wg9-e0gox6-gzlv/
886. https://www.letsbooks.com/wp-admin/7gsn9-vtnhk-qssaose/
887. https://www.limodc.net/bwi-car-rental/ctoaz-10ar6-pzipp/
888. https://www.maleo.kr/wp-includes/2tkh4zd-xes23a-zsuyzl/
889. https://www.nadlanhayom.co.il/wp-content/Document/mtv05OhpxHCo/
890. https://www.orthosystem.de/wp-admin/Document/ZddYo8Wip/
891. https://www.pinafore.club/wp-admin/FILE/X9Yw9xGY/
892. https://www.thebermanlaw.group/wp-content/FILE/ULUy9Vz5NkKK/
893. https://www.upperwestsuccess.org/pressthiso/8zl5-4rht4oj-rlwr/
894. https://www.vemdemanu.com.br/mjoz/kg9o5e4-8fc6rpw-misp/
895. https://www.veryplushhair.com/wp-content/FILE/RMkSgxCpCNbn/
896. https://www.veryplushhair.com/wp-content/FILE/ScdBnW6fOr/
897. https://xetaimt.com/ooecgp9/FILE/WssFWB35L/
898. https://xn--80aao0acd1ak7id.xn--p1ai/wp-content/themes/creattica/FILE/9hS9IJF23R/
899. https://yduckshop.com/ynibgkd65jf/LLC/CRstKvNx601e/
900.  
901. ```
902. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
903. ```
904.  
905. Creation Time 2019-04-29 21:30 (From ZIP - JS Based - Fake Error)
906. SHA256:
907. 16979ae69462295bb35e922bdf7844e9b87ffb67716994b0ba95ed240d50f9b1
908.  
909. http://sahityiki.com/wp-content/JNS/
910. http://aabad21.com/wp-admin/LM/
911. http://atakorpub.com/emailing2016/NHO/
912. http://tradelam.com/fonts/Sy943/
913. http://try-kumagaya.net/4_19/KONQH/
914.  
915. Creation Time 2019-04-29 17:20 (From ZIP - JS Based - Fake Error)
916. SHA256:
917. f552fe05b94d7b6fd599332f1c7dd3cec635a2917ad624fb95c6c6f3603528d2
918.  
919. http://hostrooz.com/wp-content/xouUoc/
920. http://try1stgolf.com/ebay/eOU/
921. http://upine.com/aju-daju/x9/
922. http://twinbox.biz/HlAGS-YbC7afvsnwR4ytu_xrhstgsY-Ai/WEMPvS/
923. http://urbanmad.com/wp-snapshots/GrwnH/
924.  
925. Creation Time 2019-04-29 12:52:00 (DOC Based - ENG - 365 Blue Box)
926. SHA256:
927. 8d7e64871b1392c9f9ec1c19023b9d07878c7c08c464a5abf58dd78c670f3236
928. ac63ed0168f8641ea6f1ca3660504bd478559e56f07fda391b119e9824395e59
929. a956eb79a83e41625863bdc66f2d959c08e77cae40c10c393004534987fc184b
930. 2531265c4cd5b0af9dff9e72d1ad60394663cdfcd3c0464641965776ce258397
931. 0033a556ef567d2e401f24d19339629b716c4b75bde9defe11c3f46b4c7df22b
932. c58e917d1033f776cca2749f5b7e4c3205f60f3ba543e276d56d7384c9c1ec4a
933. 1f0b0e19ded08c0a7c09d3f29c1a2e5f1c5b6e0a35290b55827e3cb20afeac97
934. 4262758ddf20ad92b530b135b0832bb4ba85a896e6a62d6b32f33a21c3589606
935. 33d68cbcf12bbb3a191a620a973f728c7e0972d62af8bb87e55f2019c1d7aa0c
936. 11a145047c9e8ff3afe56e61e45db4b58cfe8429de8a2a386323ad11927921d3
937. 9bc87f50e56159bb005f2f77083a0c6eb99637f53dce626f9fe37e12da26576e
938. e7933c1d6f31f58050699c9c40b568128cafe1ba8fd8808da9b9a1311cfea065
939. 0d133902f8bdb6be4d272d44bb6f21997e5ea8c9060b30dce6e91dbb667dcda9
940. f4e46eadced7af3c4ef9b3a88bdca5fa879cad4660d207fe00cbd1a47c2faf02
941. e1ba4614bb59521b4a8c6f6f10e6847c577df347bc3752d90b6a00724a04f50a
942. eeb68b9e70ce19df96610f630b3fd34397946113370a38fa6904e304a05d4790
943. 2e245989ffc7519e5a120d40dab65de514f73f259dbff58e378e3c79a1c4dcf4
944. 81fe1ebf4564b644223d77d496b02d18291b74a9c2577464d3a9e3882f4abc0a
945. e7aa499a7b119744d1651bcda242b7ba0932102a75efcef939cd88f26a9ce0d3
946. 4db9fd4e6169e46bccb89ef0d1dcfd1d6f69df33545a89ba3f35799d1fc05b63
947. e5abdee8fc330c5360799e4a00ccb8fd76e379dd18a0ba74c758e69062448616
948. 15b5ee12b001052bcafd6d269c75989c90796dc9119b6259631f1a554d30dc85
949. 14246f67028f50ea0be58559e0b052435439bed51a2d621155974d7cdfc5de07
950. 37bc31a9b8f9412ea404a77df938a1f26410a3c924d59820c88114e7ce641092
951. 26ddcab4c81a60ee5ad81b6cb028c40fccf5569290c90998c32d6786f48bc78b
952. aa6e40de0f179b013aaa561114f772f4554c11acf54dc51790f26194feed222c
953. a87c92add0306b1fb39462e322a37f74d16d0383ff8f1387584358efbc0989a7
954. 77e708529c6c564c02b98f82162bec25255df7aa0f3c355bb87b447939819b37
955. c9706c55dd6a599adcd385e16ae4f463cc59bd5957be860bbdf8f334d7c25e1f
956. d41ded2a8bc759c2b491fba4fc9f4f08a64ee30a801b57feeb046cea71de9fd1
957. 99554741739eee61bdeda5558c963602d1d3ab460d19d260e2615723ae42f749
958. 837c6d55b457655e00f7018ceaef2036a780c09fd02afc262c9b497095a84f0d
959. ad96ca8881ee112686cae3a04646b3943ea06725c66a201b9e6a422c0956df22
960. 49beabe9f19176370ed148f1c499265f224daae2ed86bf7772b75975c7dadcab
961. 4db013ad3d74d56660e7f936f24ba6f3f1dcf394aa03f53a6fb1b99084bb0712
962. e2c67f4b24ab97fd3b36fa526c4346109b9fcd5e243d63a3ab6d166f6af34e2e
963. 5b75bb6b4063fddb907aab7c9890079eb14288a262d2f9851d46f55a8b302b5b
964. 922a2c3436a0599985baed5ebd963baecff8eaadcd43409b63b3b4a0de435368
965. 5c9f3470ed05b599d4d0a94f0aa2cd8402d848067016f6d3ec7a49a73a0bf1f6
966. 4f8c516e90d21bf62b7c0690531b4caa69772b240340b03b01b57eacb97f730e
967. 4fdc4fd925704c9a4f080363fe3cc55fb21f35340e0dd011b128b6ce56ffd9e4
968. 1191fec079039583684a3d194de241773836ea73222ceb66e1573f32ac4a3482
969. 49ea45d1b0c0ec6ca59b3e822d3cee3e25f832cf717e76e3c8e971927cd34e65
970. 7627570e76430fad93a3ea83a5a3555f66e29c4851263bdbe43427fd5358e786
971. 3af5d55a42781a34d9ce0abdab4ccec19cc5cd606a67c4d0139c491d9d5b1b42
972. a096b12583db0f13ed3dfc7100eae85949535e1d7fdd6121887bedd21cd48a83
973. 14f396d55a6e71455d58729ddf338f80d638167713fcaa242584cbb5e179913d
974. 97e261cde63ad9dc4d5cf58ad327848bbe0822cb1df620491a006a3356c8fe43
975. 2953cc2cb3e0edd03040bbe22d61ad1c3f12f7116651d0ff0ae68cad5c35ada3
976. d982e4f96dd03cb0cb736396c3a19e8d50ca59e9dc939010918b8eb0842e0729
977. 5c9f73dccee560b1cb131a89c070ca1b1f441e7f316eecdf9c38c8faa764c98d
978.  
979. https://adsvive.com/wp-admin/sSO2/
980. http://usgmsp.com/temp/xlbb/
981. http://wamjelly.com/css/X1GvO/
982. http://walstan.com/sites/pages/css/JOu/
983. http://welcometothefuture.com/CT/KUO9/
984.  
985. Creation Time 2019-04-29 06:43:00 (DOC Based - ENG - 365 Blue Box)
986. SHA256:
987. 48749ad63097094666cc766c1fc5e3069f9dd41803a1f333e700a8ac4e85b213
988. 985187a9d3e19e180851d8bf84c9884451c652aac30e161b733f0c2dc3b7bb56
989. 28a6f05a99957e6c0bbab329b19be549efe8f9caacf4ce44c373d662734bf9fa
990. a5384609faad19e492aea8799446d7f7390f05f9950f9a158db26f8b3c51d4fd
991. f552787fc5927ea357fd20195c1153e9ff6563c9e0bf3920f273bca2e4288400
992. a3163c446b0f30e32d16228794bb54be50fee248ba0a01fd5d2b9cb79bd030e7
993. c8481de1657cc23ba5f6caaf9e6eea6264c81d536a1d99aa6b042ee7041cd700
994. e6e0f354ba38fe9addf1033694158a2cd273d687207c7b57ddcfe999eb993603
995. 86a226848c16d64dc64050764297abb8d9461a172e9fd3d682329983c3ee0668
996. cb766c726d1fe7b131704118c16d178b6222695946d32b431bfd60b17d4d770d
997. 75ac17de1b14b81137011225f480b00463eeffeeb2d56ecdcdd7b960b0f9151b
998. af477b196fb59888169b53b505b87ddaba7faaac7f50996bbaf84297b1a8311c
999. f3363794d50c891fb78a68914194510840f87d8980589d947ed1e051dbe89f28
1000. f7dac2fb85f814123252241760f4c1f0f2fee1e38fc7a44901b10e6299f05e1d
1001. ada2a2883b3b87c839ff2a67e5ebee63f4fc9af34b40e04b76af96758cc50db7
1002. 05c24d2d324cf512a76d3879a78fd9c7cd46ee8d4f0889c8929aa752996d1d8a
1003.  
1004. http://stateunico.com/wp-content/SH/
1005. http://webaphobia.com/images/Aq9o/
1006. https://ortusbeauty.com/error/SE9W/
1007. http://brotechvn.com/wldcehb/go/
1008. http://wirelessdatanet.net/2/HInqA/
1009.  
1010. Creation Time 2019-04-26 19:55 (From ZIP - JS Based - Fake Error)
1011. SHA256:
1012. a95b13778f1d7907c0f5e836597f056babe04cf50a24143cbd0227f595c6a9be
1013.  
1014. https://cssshk.com/wp-admin/gz56/
1015. https://beutify.com/wp-content/plugins/tm-woocommerce-compare-wishlist/ze1/
1016. http://608design.com/mainto/6Cgy/
1017. http://asharqiya.com/ar/Ith/
1018. http://autmont.com/wp/rZzwq/
1019.  
1020. Creation Time 2019-04-26 15:00 (From ZIP - JS Based - Fake Error)
1021. SHA256:
1022. 212bebb2a74bb9a37384f6050703ed4130a0ec9caed4bbcf6c49d965a4e9e1ef
1023.  
1024. https://docfully.com/wp-content/2Zm/
1025. https://yduckshop.com/ynibgkd65jf/ykD/
1026. http://sarfutk.000webhostapp.com/wp-admin/e4F4Mi/
1027. http://mnonly.com/faq/pcK/
1028. http://tsfilmers.com/spacermedia.com/uNJd/
1029.  
1030. Creation Time 2019-04-26 14:50 (From ZIP - JS Based - Fake Error)
1031. SHA256:
1032. ab8e3a4a205bc2b1450ca0a70cf34e8b57038f47d2c52dceff895a0d72701a5d
1033.  
1034. https://docfully.com/wp-content/2Zm/
1035. https://yduckshop.com/ynibgkd65jf/ykD/
1036. http://sarfutk.000webhostapp.com/wp-admin/e4F4Mi/
1037. http://mnonly.com/faq/pcK/
1038. http://tsfilmers.com/spacermedia.com/uNJd/
1039.  
1040. Creation Time 2019-04-26 09:45 (From ZIP - JS Based - Fake Error)
1041. SHA256:
1042. e11971bb129e8d7af3c1fc7675d3d2eb5fb7828d431969087ee876b78b7dc889
1043.  
1044. http://vegapino.com/wp-admin/uPO/
1045. https://kauteek.com/wp-content/uploads/8xev/
1046. http://mihinsa.com/wp-includes/2PmsGz/
1047. https://drugtestingconsultant.com/wp-content/uploads/2019/04/iLj/
1048. http://dev.christophepit.com/hbl2mda/46su/
1049.  
1050. Creation Time 2019-04-26 04:00:00 (DOC Based - ENG - Off-Center - Light Blue White)
1051. SHA256:
1052. 5ae842f589b99f54406237a155d1fb9a1199624b86b6bd897a1348dc03e2c214
1053. 39d2f54ca7df100504f3aeb89380da83a842ed4e0993d754c2eb1889d6bd0aaa
1054. 2cd533a198358d00ca76b812d1b62bfee6328a011a2cc107053a328f02a12ca9
1055. c86ede36bbb336a9f1a2f02a61ba1b8adc48522ed19ee3669fcb3686b57d72ff
1056. b8fa59df6134018a426c28a8f09cebb932cdc103da9a3aa49bbdc3a1f16ee170
1057. 7285b514c6a52af35c3da26c660b5078fcfde27e6604e1fbee195317b55b9a33
1058. 9eea33000fb316fc318d5df5a5f75bee3bc146a6bdf3054bdfe65dd7008eef2f
1059. 7b034fcb08c9afb8ddac0ef0a456834217bd04e3a4c857cb551da1a074bf8f46
1060. 7714b093b6483102dc840c6cb615a1c84939866e66a0798f8f6272830104c9a7
1061. 161aa3654cab51ef527893ad5d04583e5091da2cd61688dccb05851023fed048
1062.  
1063. http://jack4jobs.com/wp-includes/Vsa/
1064. http://vsg.inventbird.com/wp-admin/vuTFO/
1065. http://szeminarium.napifix.com/calendar/aa/
1066. http://suc-khoe.net/wp-content/sm/
1067. http://zerotosix.com/xclrqe/sqyh/
1068.  
1069. Creation Time 2019-04-25 16:30 (JS Based - Fake Error)
1070. SHA256:
1071. f49b59f066266e3221f9a73108d13447ae21166858233d7c50c54ad6dd9d1fe0
1072.  
1073. http://agenlama.com/wp-admin/Sfh/
1074. http://4gstartup.com/wp-content/Hdc94/
1075. http://atakorpub.com/emailing2016/81311y/
1076. http://aioplace.com/aio-set/H2xWQE/
1077. http://5stmt.com/wp-content/Fn/
1078.  
1079. ```
1080. #### SHA256s for Epoch 1 Payload EXEs seen on 04/26-29/19 ####
1081. ```
1082.  
1083. f0207806525615d60f54fee8a12ba4b6df89eec4dfb3ed5f5aa7930e0f62f352
1084. bc2aa3a33dfb019549119b3584c622a0546ece3611f2cf56c879124d07d5ab9f
1085. 39dd934191bc9b9c2fd73e900a866a12a998c40e9e3ada4472b9969f55abf59c
1086. f0cc1fc80425b7bf2f9224315e3a103be747f8da191741b19dd2785239f86adc
1087. 0b84bec7cf6c5a3ad5d5ad780f1cb65ddd80d4f9f6818dcec7b3e4c56fa86ed7
1088. bbd874165431625e5d651eedaffbeb0a0e77f0010a78bed1138c4f0bd67a52df
1089. 6124e814e705a5c1da3241e662f0b9fc2e89e8500155d05ff058f7ea1c93ad00
1090. 6ff229001aa023d9bcd58b8fbf814b8b18881ff8a2d7d15b5947d34f2efa2567
1091. b98bcd2f9ad9e91d71bcabe46a55861dad6ff9ef95da18a7524b40fe27072fed
1092. 653d0ce32882f5c5664b9e17b4a56d72930fbca7fd3887b672eaa33bc142561c
1093. 622a19f1f84324eeffb539741275b1de7afdee2ed924a2c443d677b8226b3edb
1094. ab0af4d97ea73c86201a4d9f1485befe42600070e186815d0006c94f7d57cbe5
1095. 9633b610d67a175dc2a6d437c1b4ab4d58f35d4a0f49327bce0ab13a3c6c3b97
1096. 4e68743adb9a54af1fc56b2d8cff1c9b5ad084901d1ec2bbecd6cd0ad0afe1f5
1097. 896fd3342a5c0c23158fece90ed7fda6f6a148767ccd31ccd2ca780052587ace
1098. 41af2df926af27ce458769936f648ee917da4d633518f52c575570c2282ec46a
1099. 74838660797843abdd56e2c2cd388df83999b81a1d63a25a01b2159293df8874
1100. 07d4972164d73c39b8e2ff9729f04594f5c77817ad0e61d3a23e528f62501648
1101. 32c13d20864b917c7dcccb89a012ee2e7033a56813c13348f4ab6770bcc768a8
1102. a413549fbf7981e243fc5993cf84724b16466d5344b7fd9b99ed641297c988b6
1103. 15861761a256d1219cfa027473f1d113cd3bf3178a0201c6213d382f6f116052
1104. aecc65403d169b2f9afa1f346a8f06f18808e6c2169c51ba87efbdc896958b7a
1105. b6d790d4d16eafcc31494e9a390311aa77156f7d9e7e44db69d61abe7417ad82
1106. 21065224533dbe0b58973e9f951529595c3b79d33bcc4c659152a53e762e725f
1107. 0385ebcfdd94c742a5265f2fbb30a7af351ce33e74ffe4871e1648dbc49dbedc
1108. 1f98cf27e731514eddb8614aed6a55094869a79472a064699ef2d46a473cf4cc
1109. 5530e3d024a7155707dc2086ff41382fb1c5db8be00f3222e34a878a566621bc
1110. 54bb8332550a36faff1913cf67db101f329d9e23ec59b11c07b4e2b58977236d
1111. 73a8dabb8dddc8e0a2e4364401e362bcddc3889e402b13811e9d893bd87d2ad9
1112. a93428893845057b554619eb900678902556307a111cfa5353bc887bc2136ace
1113. f793fc7113c9ea55655b21bf96a4f35b3c7262890fde4dba6842c35187524edd
1114. 549f3e5fdab0856ea4f069fc472050b969bff425a39e86e892624872b59ec92f
1115. 2f832bc07a40773b207546782e52be95a5cbacfa184f6562d987be8a347b7089
1116. b829da3f3918bbe5ab1fa908d1e9e6ea879045ea99f0dc11aff1722fca0235a7
1117. 091057c2fa875b4579f63323b20acae086be917b5c6df5ef132980f208461b0a
1118. 7ba3f6f4896ac79e2d2d6e6655d2e82842c4c9a15bc05379a5d65e80a8d15916
1119. 9bc9fa396e9741d14cd1e2b266786c0b9715d42b1aef616f0f4a172e4565b0d4
1120. 8ff2e5dd3362db8811072dc9c7433dd2278c597908b24d6d7ff736f5b71d6f3b
1121. 1d0c9e3cd6cd9b565d7cd90c15c597a9755216d5b11b6a52bf91edead40f1697
1122. b9bbbef89234723d06180df5f07e9d6d1776a4c0156de293221ab172ad18ed3d
1123. a09af6bd61f49a99bc59af0d5c0fd843c499233f19ceaddf1143c1acac8beafe
1124. 9318bb86192d2f6f26207256e57646df07a2199f3773fc5945932f7eac790533
1125. 3ebd1c6090958f5e63ff5798deff96fbbf6c84a8a32b6a92616148e6ad689fce
1126. 8f8f897bf7af266dccc5420c57f82f37dd8f6ff04d9efc43c178b4fb87e5d250
1127. f57661e5fc1b1766feddeb4509fc8d94154d0f019634bba4446d6d2870f2593e
1128. 2c12ffafc4254bdf704aad0663debabd4d76c19fb779c07fec789be6108d2cec
1129. 371b1ad20430c5008b4eedcc373042edffc8e19b8b4949dad83fd4cc8410053b
1130. 0c0c1626cfae8da5f47fd048304721562e099c19e2ac876bf4dfabfe4af34cf5
1131. 1fe1d01dd00155fe3b5b833057559c116e29d1756dc56ba5643ebe2fdb41f4b3
1132. 28f19b917993b0545d9feec9d6fecc48a655d811cd9373fdecf5c9dedb9cc607
1133. 71311ee94f4f8590b0bea0e9612e4b48083a98c8f5b9ff6a257fda149371c9a5
1134. c94a2d58e25950ccf5263b95b263beca3197f375e019a3e5ee222b1b309911c7
1135. a082cd89bfa5b0fe364d10874531b053d127580f4266bb6af5c037eeb0f47b93
1136. 7fadeae802f9f8ae7bee4b6055c40216b609365549f6161d6c6bc142a2592b6f
1137. 8fa128634230503c77e0dc70a2794fdf5c3e8f553d2e186cf64f1bb7d621871f
1138. cf9e34afc0c5c3d70bee06ad6ae8a4e42568bf861219fb54e9123d7fe77d83df
1139. 81b6ca5b9b1a634d30a8c316d83b66aa07610d7563483fc59ce188f1fdaf394c
1140. 08c422c38a94d8ddac672994b6c9911feb32bd5adf824a4f8cd8f0cbb0954541
1141. f9f624e22d88e4e3b1d6bb1b3030968f0bd1cd78a34746951289557d6ecb5f5c
1142. 3a275ecdfe6b2d135c820c19a2ddfc839b961a34e5045b43690751fc8eb8df17
1143. e1cff9857674b52f80a6f28ec52f5d1787779985ad63b530189b6dff39ca9d5b
1144. 66ab2d2dc1a86a6f1c01d279821a99a27df1fe169cc2ef76851524c11bb98ff0
1145. 07eab50c3ad374ed28472e5d362c27415b82928d844bc8a74addfdb3c88a1543
1146. 9ae27ec5c8d28fc6985a937584eb76870c2cde0bd4913cdf7d3c30c32013ec2c
1147. 183ea1faefb4d584a81f3bee0c4d9ff2059bd9fe4cda902f1e8977752a470591
1148. 9ea0456f39197fb0cfc8388da6e6eb9cd7a8fd09e8bc28cb6faa2c261a895e99
1149. 8df54a12a68975e9dd99b7b37915f349f50e3812972f3706910fb3505b2fd08e
1150. 8e04e578cc57f0f5bc436e27fd0e6193016610b9757c97d4fdcfae419865eda9
1151. cd5fdea3615f545ea7599a96a1f5f085166f6abc493479cfe2945b90a2e62560
1152. c4b3663424e28cb571c8718ccf46a8c8ded5d2bbff24fb550eb4b2a74dedc1b4
1153. c2bf28f48412716c5a6954fcb4f041d3d054bf4abf3ba5cc70cc49e70b132f2b
1154. b8b9153962c178b474b41e45171fede9f0428ac1a91a2b1d09955abcf096adf2
1155. 31a7d681a0ca9805ce1d553d15073e871ac21be73f0f07523c51a9bdabb378ac
1156. e80125f2720fb0c1bbb1a0e8d3b81e6ec628313ce31d496991ae6b8b02dbd7af
1157. d2fd7bd4af810cd5677348cae6106fb2de706bec1b4233187b4e38d1845aa740
1158. db1ab59e554d60123f60d9c05de809afc6e7ff02ab2a7beecf55d4ef8d70330c
1159. c4dbf8800276914e0e637cecf9604e00539417e48f73bbe124f4088875c6a3f3
1160. 8ec9ce4c4dc9bf2ba0f1f7096d8f2eb451790e38362d267e27f7d5fc3e2ad466
1161. 15ad4468be317a742a8f542bd23dcb71e57b18f0b54860d11116f58001668099
1162. f559cf0640c6d968f0c8e398a9511e2942dce4b1f81569b752d03d3a386f6f16
1163. d607a98fb54bf9a3d2fb677cbd068927fadd0e22806f23f248d0f4b5a59c772f
1164. 0955a51d67df3c5c70822fc96215ac169b488b18ea4409233c3d31105301d686
1165. c7334d49bb310cd164c3491ff082976b357e6400353c2ff20b045b9284e1bb4c
1166. c974470de0638489472113151e13eef89ba8713abfce74ef02f357f6b8004cb9
1167. 8616b37fcbc5a8c830c100387a226c5e6e81316b93c43ea0f3f7cfc88711e16c
1168. 1944f3b86b5d98f26913cd50e2bab507a276e7f02048148d0dc9048f60580470
1169. 8f870ef511c4023fde77861869b44c3ae9e8f6dd5f2c9915aca65ee69802c1a8
1170. efea43959edbf1ffc9de4c6c85e9a610ff647ee97ff86fcb029168399b3c896f
1171. d4104f50d3fd6fd68f8809bf830a2107213798140533b83930fe7fc324649fab
1172. c5639d63d3e24e341083616e7c07466b65be6151b74692db5e962b53d2496b97
1173. f5b5d67eded5950959fe02bd785ed11b44644b8d6c0dabad4edac756d167876a
1174. 417840093fc57deeecdb004f523d7a0bc12b0a44f701e1eb2d3cb17e9e37df5e
1175. af99560e3b30f370c3297ec6fc14506173f6b3d1f5b8b86b8c04522b10adba32
1176. a9318932004e522ba3f24484cfded8820423f84daa4781d483b09128f83118d6
1177. 1f1ae332181bbd7b46610db915a3036ebc4ca4bf30a63ac0a2bcf2031b031765
1178. 4f49fc2cc520edc003345b66bfb232d53e76d72037d555fb10e4f98c7959aec9
1179. 092dc4a30d2dd8fb4afbf0a431bd5ccffe3ac9f02e4b44c99d659cf064db3ea4
1180. b3b84d815ef31594605e690338b3fc0a036bc9c36be6269a1b76ea8f63918716
1181. 2ef22f475b434cd065e1e1947a22e52adbbb29b5c84b0906de113ab12eec53d0
1182. 506325b98f111f19a103ad7766791921083ef35bb263c43630f30d08f04946a3
1183. d2b84a505419acfdf285a4d3149427931daaec548e07603c339961a4d360bd84
1184. 1a7b7bbc4015f588df0fcd10c6cee9602130d170d1efa1c19a86406af6f1e12d
1185. 3bbc2835bf0870d7e5e4d0c7c629a7c397f6484befb71fd06014855fd95935fe
1186. 2fa43d5a8e9bb96d69713b066bd517b25ccc515af546cdb758d89a402fc20abc
1187. 38d7cecf425f8f940aeb1f72ca3b123a0a950b399a90c8e70110af6040b838b4
1188. 40a0f8c9387550681fb3c29cd2664984852a7776ca55c3ba1be1c600fa120c7b
1189. 24c53eca7e374e2b7afc8951ce68f72026eed32a1e15377429c3e194b11b7cd7
1190. cef50215b5b1eb0f2f09c2f300b0d7039111b87c87bd67cad2b7ffd2b90fdfd1
1191. 6a9a9e8f2dfd8f519a402371e7085de335c15ae4fa563fd226ee49cdfc3f2036
1192. c9967386d7298e7a5537b5e6f5429838907ce255b98cde9006b29901b505d52f
1193. a7c91e0d4f0c5838b2b4f294204c1c1c48f672b1a869071b44b9ad4d0ae0b9bb
1194. 4427219345c404cf0e6598d8e310a30647dc8f42f12215e7e362d78b89e0c540
1195. 3a13c819b7bf25d2019582974e7800363fa79886ff273dc51df94f6d2ca29e60
1196. 1bfdf300c26e314c7aa630371b64d8a7378258d8737d08a191211afe5a7acb70
1197. c6d212ac04923e51e8178f1e913d844c5ab1a022a71b4d52901f7ad2d7b16a4b
1198. b03aa0aa448e555403719f2eaf9865f895d8cfae4cb5816b22fea89f8e779da2
1199. 1050d2edf2562a88fdebcd904d59c7c1a68aaf5e15329f40248abcbca9dc73ee
1200. 4ae22d3856b5376d34289f249994242c0b27a58a25195a1218b96b2d1aac6be9
1201. 88ea399ae7a2c1a34c3d9a1ff70c5ead56696ccfd19b117827e1afd0228031fc
1202. bcdbe7f8f3cc9d8a55366be3dc170efe4adc2efe04e1a86cf9a6c6fb9d64776c
1203. c058550714d49aeafee61db4d7930aca5848a88d9bc205e6536db620f51d4e6c
1204. 4689f5bcc8bec0fbb17dcc2c7475c1b4d3f92d49bc28b8c19edc5f82bc5eff91
1205. f2f2af0d2d88764127fd9dab341d36701e49028ea315bfb38393a578575b460a
1206. 5119b17404e697382b5af3fbafba3d66fd99fbf208e217942c2bb9e1340e1e6e
1207. c6f763cfce6b51340ad9143a9630a931247aa8874c3a927019ce38a03ec49cd8
1208. 0587b6d84cee844e428bad2c1fa1e559e82b93bd2790f2a6f13fe586f094235f
1209. 689ae7d8c1f47cf3883c16915b9ff8363d9d68d4f779d1ca4f63f81e1a23b5ae
1210. d7e05764d6b13cdbbf4eaf1aafa2b374179064d87f99cbc20818d84ad8bbebed
1211. 545b02251c2264b2027b088bc191d1834167dd1fbb4ffc37db70088be475ef97
1212. 0d21f83ed139b523d3c2b44fb56a3565f6ea1bec3e8f40ac99ab9425a11f03fe
1213. 921add9a21f8412d849d77ee1ff255d9181e837927db9e34b8a4a0db4b633855
1214. 96e7847b602097bef9f3489cdd2cdcc7ce67064548b461d19ac788d33b635d3a
1215. 67d1296415d8b1157265e684477e409335e7b5f1a776fdb510ea77123a4f93e5
1216. dbec7fea3c9d435d6d26fd937900d77b4977bbd0e21f031817752c878c8aebbb
1217. 2b423507ae1d563d5439b474d10278762ff10a119b3f98a5dc8ab22df86c1ab1
1218. d1bdfe6092806a2012f024d60ffb1d4b636adfa42e173486d4cba85f1312e3a4
1219. 3452724c51a24ed0e2c8cf877f5fe4b6f46ad863b3f06de577b017ac5eee4323
1220. f6daec8195fb5092b3d38e2123bee97f6e764a9412819d348434b59fd4cb3d0b
1221. a7bbc174178ca1812c5f01c81899a2bc00f8168cd3ef17809895f48778bce989
1222. 68b8ca8b7a6f7dcc39391eaafdefde542eaacde20075385b26494dc7d2f84dad
1223. 61ad1f5ddd9b2fc7acbc58950de357de6546d3755fcc466433a4c86a3c2c6d22
1224. 05d28441ac03f0de2edcfd19b68802027b52930601fe435de0b9994cbb65f5d7
1225. 722fad152cc7cbe988d482ed192ffa65ecc904a5f483f4aad37674336c7d67ee
1226. 59d6b65ddc34b5e55259fb538c00e3ecb171d3e13ddf758ee9c9f9a15ccdc283
1227. 374bd2ce47bdf7742af31f755fcfa7059f15c66023118ff4b519791b9458e52e
1228. f7c3cfc4dbadc33161e667571ae459d13621ec5d98b48ae4aaa7678695168165
1229. c31f443ca26bc0d7fbc3a481c17da204f9eaf04a859607a8d3f33d3e6b1386f8
1230. 8aa4c0e4ef6bb10824ae8fdaca122872bf81a7eaa6fb43a360c71e831dfd6240
1231. 2489fa1979b5b07fe428fb3c4e203dffe6a54dc7347eb2eaf7d8efa72a3f19cb
1232. 2d1c6469e5765d8415eef46b229b3efcfe6069d437a98979625724e3fcab3ee2
1233. 86223cc30bfaf7ba14b8fcd3e347f8ff21fab8f9d0cb03c178670dc92827c719
1234. fd5d54310195131955b2f80a47c98f6153cd5acb1d8fd347d26083a0e88c5a4d
1235. b8c1f432dc2fca52659b92772cb4c63300346934b0e10743576b66ae838966d3
1236. 8f8d4ddd139528a066f5cef5b9526a09d52006346fe1fee2b3a9bd0a1129a276
1237. 59aa27b3864a3a358130c6aee5c7c7c1470e80c7918f5e7106654bbcd27516d5
1238. 5bb39f1268d403925e918e12c0661dfdecb425a51c37c1f959bd26aa353c40ec
1239. a7434a3dae67cba03afc84574f8ac90248ab02823dac8b6078282feebaa8ca2d
1240. e15acb0f4a730c43fcc638e541ee3fe91c0419dc1ecac6be618ab39ae5b53df6
1241. 2a9eae95765a8e691304705b908795af450b05c1473b462df0ff81c47ce36890
1242. 5aa80c36f2948030ca5d767de6dfe497f1144481be270b7e50d33fe0b8057cbc
1243. fbc6c7611ea5cfa4caa09c1a366cca8c991afd7e3b66567382c531412e57d04e
1244. 632844bf822f80fdf546ca878214b8788a79889859345a53d685acddb8fd5ac9
1245. 1493e8df92c68c72ec78ec3917eea5514bd806de900d0d25177a121eea56c188
1246. 848b4cff91224905d46d31fef39fbcc4ee771aabee0014b1fb535f97c19bd123
1247. ebe95ca67b60c344e5b0514b09f3ac15143e448c17f527c88566184094de7991
1248. 97581595c960fffb9a56007a69166518e27efa921d372ad3f0a7340693b646d6
1249. 664243f1a207d407bd3f1530036587d1db303287e7ee08254c9a4b3f5e49e328
1250. a9f8934fea6a7907509fa6b357511210ee63e045762318b167bb09d6800e4d10
1251. 3be595f6e5378bdb1ba5dba1f12cd838c327090f084d645ccc03506bed03d5dc
1252. f9bacb69809846f554376e7bcc77b4bbe62cc08a30cd5c53bb47ed010b763799
1253. a94a4e21b1ffa3375fd20f41f835b9bd64ac1592fcfa0d3f43d8aa6c8ed5c117
1254. 951a909f00a4c8171d7d09f370d2c9a1692b45ea88746652f8e3bd906b3101e2
1255. 0dc2d7674df41a60622df91ffb8352a4a1127d5283d73466e16634e28f7c6ddd
1256. 5f572183889b6f97161fda06c20a59f6d419ae57f1aec0cdb608e5a58c383540
1257. 94dd79e2f86573c8433a2683be44794593cc7ce0d693acf7f49b56e42595a809
1258. c6805ff25863d90c3d3553bef95bd46b4690cde6177119cb5c4d85b64a92c029
1259. a5716ef1fea5a951a1b7a16d9b3808059d4c56334b859e8885b4f5a348b2470a
1260. 33b477d5427de122c94aa5d88eac5a00fce2020e3e7776502aa9e4ed55469aae
1261. f8be887fc49c2cf2a0965dfd31086a9475eda187fd0cd7e9ac529ea35229f23a
1262. 729b70a815035145f139c92115727ba76e6d4fdd67eb8236b377e2fe10215e6f
1263. f3be6171e13c349edbf721d911419af2a9233942a19b248d36d21ccc695c2f06
1264. f7e9255f32ec9974101bfb1f2f0cf351996807fff1a42f22fc01002b3e9c30a4
1265. 8be06c4f611fb016f3d05bad52a76f255a84ec6a3162be9f9b38af5d602e890d
1266. f9564ac401aca2f4904eee06c9c6dafad5a58c63cf9e578b6519445be279ff59
1267. 80ed34e09521784a11673ed58df11a663e3ffa0325ec00afa1ef4978d4c6e1f1
1268. a24d9a8314495f2727db1e107df37b87dfb48c73ca39a6c77c129a08f98cecb9
1269. 32d189b3a01f22dec724578e98522c160b5fffa69b89375cf36d69aa4cb37238
1270. b4619fe8a41f2552ad4f27eac8a5abe1224f74e6452f24edc882270dd22abd2b
1271. 6d9ab255ee65253c17eda9c2c2722027a4efc1bd7662bbfe194c56b60827f7bc
1272. 515ddc19dd78c1eec4265119115b54ab0bbf873cf1fc2592cfe01ab6eab3ce35
1273. 1434fac5253f03357da46de17d2b3d45e58f17107b9e3d6f3618104d8a45f351
1274. 3d8e9131de7a87316cb22f63b4eee8ce4d4a0c8170ab4409875bd865e94ddd92
1275. b2ce73992ea4959dec00b1715ab1eabe0b2ba465e698c84808353709513bfa59
1276. 1e734f80c2ed783898354cfab67627ea94dae25feff1a8700897980936892294
1277. 76a2cce3c5d4b68697ac489271584a3dd1b9323643fac0420a9a1aab9a7621d4
1278. b9902e7316ea6556e33a0cf31415366b9c1b246bddf2ff393b59b5b2d1db5898
1279. 3af6bef28c5e7b20897a752af27fa42713658f9d017ab612a0efe7a3271fd063
1280. 26aa391555e5ff402ace29e1f392d6f1e80696eb035efbf74a5186d6d6fdbf92
1281. decfbd53f4d893e94b3fa6e6a0107e7d4c47e93381b5c08b939cc3ee4e97281e
1282. 811887f1b4f5bac6307ad2aa9e14967df7796b87d894f17f5772a1ccbc57d76c
1283. c1793f97db22e2ab7a20f6b1390b0bbff859bfe62040faea278db5175aea2cc7
1284. c155b30081c358f60cde7622d06dd123e4497a9dea4d711309bd2af593ef7442
1285. 4d5d632b335cd31ef92e49990491551cfe2c3bf3866dc37482ad9c8fe88d71c7
1286. 8a42146b842c3c990ae97c88cd45ec9869ce5d40177997c4888f28c0a6401da3
1287. 7ac0e4b040c206938b8f0fd8f91938284905c9ef2e9ed7e2ec89af7a30e3cd62
1288. 3c360fe6115e8ec0368090c2cc16328df572cebae0df76a03552745918ff82c9
1289. 2f9debc3bb96ae6cfb1fe12d142d3aa98dc7bc7a83c9aa6ce730992edd756d3f
1290. b0027599c1b0db8e93b5402bc74a8a88030252ddf8c6812803f7a859f389276d
1291. 385a81c916b99640396c33934bfa3105b227a311caffaada087f5338a789a164
1292. c1493f5879a99e09c55d9e573a67f8bb637bfb80d33e97c7664bf5c349dcee24
1293. ac81187a76790101c15f734592372c632eaeeccf191af4f58e5e1e16813dfa28
1294. 58c5b1dcd030b637d1e219b9eb1dc0921f442c8bfdba99e8c8e991ce5d49f8bc
1295. e7927842df4a9dd7eae96bff887c8d304d65ffd50ae1bd18087313e7e164c44d
1296. 6e059acf03efdce0782894f449557ce89c9ee7dc545f2eee42e739fadd68962f
1297. ca9db09997d03e4e52d1cbf2c8d34210dcaa298bfbf549d21e48cfbc2a6a1927
1298. 50a6a4fa1e05f8cf0c115ce3139bdec854d50231bb875b9af2444d704e13619b
1299. 495214670d3b8ef56821eae3dfbc09769339fd2db7d611b094ad403874a4a442
1300. e4a887f9d46f0e7280cffb13fc6b2d91bc1fa6cba69a5ecfd218524e03f2e299
1301. 13dfc4775f6689347583e1bc42ec015911bc212457d31c78e7f2a47866166b60
1302. f7d8db366016d11caf018f4a2bc0017317cc1fe375baac0adaa485e07b775231
1303. b8d8c742cd56596cc82b519efbc41449a5c9cd50f59502cd4fd16f89553c7bbe
1304. 5465b63d57e5e8006c3c5b88c1023c25a28c32b5372512795c9f5a0ac59205a5
1305. 4fd51246658ff99a976c31dea763db6ea04f62704e1a3a02defbf577d7d89eec
1306. 5851bd3ef9dd1112a303c9dbc7084cd846f2a02de9b1dcc2bc28d1824cf9f09d
1307. e80bb5893dd99510131b337a984568e16c55b65dfb63646e86fc7d41432e7957
1308. 3da1859aef22dfe4a21214594307302f37d68a3d3faecc63fd723e3ea1b6131c
1309. a6c6d70bbb92fe87105c6427c89b7c07fa4af0753d02eb9cf5a2751d2ae4a442
1310. 272c54dd1804ac7d7d66344cc1607da434e4c654b63f0ce31ff813bf52ced31b
1311. 96a7e4d6cf0692bb82d80fe0be0942bab8fb7643fb108b5820769cddacc54920
1312. 904ef8b712fd3886ced145f539ae9faeef60c883321ba9ac8d67032d8906ab01
1313. 693839049a3bf1e24b8754b691bbb5ccaa3f1159de7cbde9a6f882fc0a0af776
1314. fa785e7d91d0576bf0ff7e8fb85389dcf9c50906b4862229a8846102fee6fc0d
1315. 399d4d9b650b1435f4f24d0ee0c07e43769251898cd4bb27e1dac3b8acd59223
1316. de37219586c69aea8dfab940a41484b2c053b5e43a62b73f2e78e0aac9906e10
1317. 4000281d8b68193cc773fa4c288af8d3fc7bba6a653565d8149a528c53314c1b
1318. 69eb273e55c422cfaa6bc788dcc59004fe5999349eefb4844d8e58b5fea28cff
1319. 917a758c3cf24024848a1d02f63aca588324b1036066104c6ebb4720d7dfa9bf
1320. 0e33d65259bd510273ed2410fc9498ff837ff17b735d68257a1196dc353c8b26
1321. ca39cba6b05ae49873b70804dfd8ab9f535dd3b0e5b3297434df1214072bdafb
1322.  
1323. ```
1324. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
1325. ```
1326.  
1327. Creation Time 2019-04-29 22:50 (From ZIP - JS Based - Fake Error)
1328. SHA256:
1329. 525dbb4610ce02b0154a5d4012a7f7b3f6e51212adfd94db6981f5d018fa6daa
1330.  
1331. http://arenaaydin.com/wp-admin/S_mE/
1332. http://912graphics.com/cgi-bin/D_L/
1333. http://mazzottadj.com/stats/C_o/
1334. http://yayasanrumahkita.com/eqdx/fg_9l/
1335. http://watelet.be/form_check/MR_rB/
1336.  
1337. Creation Time 2019-04-29 19:45 (From ZIP - JS Based - Fake Error)
1338. SHA256:
1339. fd360ce70305861087478935441b1b8bc5edfefa8e66bb28b0a2bd63a618a5bf
1340.  
1341. https://spacedust.com/wp-content/9f_GI/
1342. http://srconsultingsrv.com/aspnet_client/ba_Z/
1343. http://8bdolce.co.kr/wp-content/uploads/0E_R/
1344. http://srle.net/new/b_B/
1345. http://starkov115.cz/installation/n_z1/
1346.  
1347. Creation Time 2019-04-29 17:25 (From ZIP - JS Based - Fake Error)
1348. SHA256:
1349. 62d43d6755fbe60663f30766c5933f4e30cb993fa8c34ea6b7308b83fd49a644
1350.  
1351. http://onycom.com.vn/wp-includes/RN_9/
1352. http://1serp.ru/portfolio_/D_Q/
1353. http://ligame.site/wp-admin/D_f/
1354. http://mmj.my/wp-includes/Jb_Yw/
1355. http://jameuro.cl/wp-admin/o_h/
1356.  
1357. Creation Time 2019-04-29 08:29:00 (DOC Based - ENG - 365 Blue Box)
1358. SHA256:
1359. ae45daf9d84e77f81e69dea1ac0490377a31c4310588071f5b3d3652ffa64c3e
1360. ef1d27b122428bc4d716febc67c50be59603538239fc0854c2379696829dd0b2
1361. 9fba582e2c98099cfa64c19b89e5221e2b694f636bcda91911fb428c37692a94
1362. 26792e40807dddc1ff72580266437ab00d2ee6738087b517f4d49a8c3370d2aa
1363.  
1364. http://junaryaphoto.com/wp-includes/Ib_WN/
1365. http://hcsof.org/jfkv/o_AV/
1366. https://panelli.kz/wp-admin/w_8/
1367. http://observatoriodagastronomia.com.br/wp-admin/z8_KG/
1368. http://mycadoo.com/wp-content/J_e/
1369.  
1370. Creation Time 2019-04-26 19:55 (From ZIP - JS Based - Fake Error)
1371. SHA256:
1372. c2c75ef2cf7461733ccfcf2695ca9c2f3609ba27620ca160362ff85cd7d61559
1373.  
1374. http://pearlivy.com/cmn/kD_5Z/
1375. http://perenso.com/wp-content/plugins/gotmls/safe-load/i_m/
1376. http://asperm.club/wp-admin/r_vl/
1377. http://finewine.ga/wp-admin/Rj_Ot/
1378. https://salucci.it/wp-content/plugins/t_tM/
1379.  
1380. Creation Time 2019-04-26 10:18:00 (DOC Based - ENG - Off-Center - Light Blue White)
1381. SHA256:
1382. 1124f90ebb48bd8cfd5e9878374a6921e77d00d01ec083cc023640d5dfc5fa76
1383. fcc56f6e583e33f8314001d67db823ecb4f6f98434ed54174aa4af4c507bd4bc
1384. 6d44a186b709ef1b4e1d39fe444367b8656c6232d60e77e60e478a43f08de2b5
1385. 1e33478a72a2cb3baf570f5fac106b56241bd8c94cfd301e1d4982f378816455
1386. 2e667a7c2dffb341cb53913a2a3efdeec4da7af01d9413fcd76390f4986d226d
1387. 9e4d1bbb525d72b75d70a3043e293e7105fdce7fc1c7fdd2a0a112c5b7d40548
1388. 1b6780bdf158e5db38f844964fee58e27eb788ee24d330675660cd5cc4cab119
1389. ced50cb655eedfb161c2e83600ffec242afd9a05f0fcde562fba99e4dca725dc
1390. 01319ffcc4893e0dc7d508c977c805ac26bf18ba3751415ae55112316f7bbd18
1391. 822f645327e5b1ffd717f05c667979f452a8dd194570c02153e03774bed80666
1392. 1f36292a0e7afdabbe9490a5ce10e366a117dae1183e7ae81b87adb87634a79a
1393. 521b81e800d738f01ae6b8f20f40415a1a4c4c6d7e847990ef2c828a3dd5f2ed
1394. 43a5311887aaf26fd3e7982fa2337414b29ede78906f0115db51393944a82e22
1395. 2aa44a863a0f28ec179ead2056938ad46539bdda04c7797abb4d9a7b8b591697
1396. afc5e8c938b9bbad09ece35abc67f57d3a633544469b9a7c565d94f7fe422c60
1397. 87da291e7d68639a86c806608189d6c26b20d01808956bbb5c22b540c4ffc79b
1398. 9049cacb9b93214f569c423cf18420357bf81554083f9cbf7c6484331f7aaecb
1399. c95203675a36302152614511f229569a99a0b3e747ee0593a146b5d36eda0416
1400. 5bbf064dfa6404a2f999ec81f6dffde3b9276da7cc1cd530bfa15ae71b1efeba
1401. 38d9c3be5eb69fb82acac3e1b81a75d785d7a1c5c4e1f1634dfabafacaab8766
1402. 2f6c694749265bc44472a53cc6a2fc6c7da1dcb610e9f7d1b7b4d9c62d6678d7
1403. 28b73ffab30e520bf8cee7181ed94476c94c2648431f771aae0403242a3092b1
1404. 22192880794d45b84d08e6a613f41a2e63f42e659571ed003c9fddf1319afa68
1405. 2d8657ddef24bf6a614be6b191d81d604035ef998633bb52ca99eeb390630d81
1406. e62fee6356938b62eb551bfc7836fbdc752379f9c9d543439f471fa678edd580
1407. 2adefbde0b8606edc6782c0658e5b9b75975f1488241007d31bb3365e5b7ed3e
1408. a6afe1b349587b22463f2ce9bea4383a631d3a2aa8041b7820f927bf2f6b6237
1409. 40121175d7fe805e2ea631b67816f3654435477eded7315895dccc5643be856e
1410. 758bbb438d7c6cd21868737474f2637812147605a895f00929214dab90bff440
1411. a050166f242d26cc107033f485b1618ba61d4749a46f91458f93570dc93b45a4
1412. bcbddb19b9eedaa9fbb39c88c56342bcaba9ac9611043831cf6a246de2452cd9
1413. 5ff52caef82b15738366934e540ef557d929ca4a5cc42a733022dc1dcb5a2b04
1414. 796993d4f3251d60c9b534c46b937021e646bac58e42ce21fddb008acc3a73f0
1415.  
1416. http://vertice.info/wp-content/r_ao/
1417. http://jati.gov.bd/wp-admin/45_n/
1418. http://bizindia.co/wp-admin/H_r/
1419. http://webitnow.net/wp-content/Om_C/
1420. http://dumka.if.ua/wp-snapshots/18_7a/
1421.  
1422. Creation Time 2019-04-26 02:36:00 (DOC Based - ENG - 365 Blue Box)
1423. SHA256:
1424. 7bfa867554a7f1a6a891712cfdaaf519bd44bdf53e0047930890495c9655ab7e
1425. 9e40d6af4d13a6d65e179c109b4676c691fbf0b2de6deb0d84625e654989fa0d
1426. 35965e3b9cff6a78e1331ed07f5e327a91301b5b023b20fb0c107bc3574b3a08
1427. d4363823a7fe3ff5679734bc1684fd8578a7da10cf1cb9d6f278d78e5a5e0f85
1428. 77ccc470c377e4a22e0091d0abd3f91cec17b6e06c0e17d8f87dbbbd735bfe0b
1429. 3eb7c725b886abf672613a63d1c17c479f1144f1262a6c3cd66a44fe74581383
1430. 72966d743059492c8caf5689758cdf98275e087cf5bf9d0e7914db1e4472fc05
1431. 9fe28f27c0db9df3580f65069affb7f47171d910f69035ffdeeac5a545ab4ec9
1432. a50d314e9c13d667641b11c73695980d1fd4cc0020cd7f760bdbd88bf95b1c3c
1433. 3537f5cfc0ad20b8061b67f82dc43a7ac1856391bece8158023fcc3d6699f75a
1434. 5eefdd75abcd812db0c1fe74f071dcb2c50ac7c9b73144900b9918fe8930af2b
1435. b4151767bfd0da4800821f3b2459003d889fad6731da6da40c5478c14c3cbfe4
1436. 5a33cba1e854fb298486fe6ba6ebb071e045cb698aec109561178b2a66567662
1437. c55389fe950755876432b9ffb73aaeb902f64bedd444217137445a2e87de5f0a
1438. b1e53cd3ea33d7cb10af22a6a685282cea25096090154fafe1aa7a4e99892477
1439. ed3e03e4f0556e61ecc7a1c97aedb9ba45f25fdebb4c6cfbd982a392d0c452fb
1440. a95ddd15ef6f38762fbc16ca31539aabbf15c3c10d0c103cb4c204c88bfbbadf
1441. 3889458cad2eccfcd7f8ec5c842dd30edec24f36a37abde0e9359dd7117524e7
1442. f5bdfcce3d7b96d9ebfb828380002a8541c41c353dda36edd8c467618d471fb0
1443. 325701284bf17203d71a9c5b4d46e4f7b651164ab92c643fe64a3e3bc2844dad
1444. edab7db328964a918dc7e371efca3ed21748f82a5a9cdf691f559d175c0fe9f0
1445. 6f5795d34e8fa33548042554f0b05b6e79e9a68783f28a196476261a0de0e068
1446. 6012a514bfe3d7f535fcfc63a8810d2599bc7cf0a64a22f0f03a5f78c27ba183
1447. 8743226aa6a606127ccc5cc41d51558a6de9eda6d83ba422a247d7ef8f4cfd72
1448. 8391f3706e60079dbdbeee083f8bda85915cc763bd683bb00270f694a031c66a
1449. 407f21c8583dbf70a0069162b9f7c0ec142b63e05d4d94ec8e4c85345bf759d9
1450. b1709a55b71ba9559aa839eb5304e2fc2388ae6275771b6cbbf8f49ac3e355fa
1451. ac957b3a3b4e8d75ead5dabd4b70e28e27a697a719322071d66cfb796d3b28f6
1452. 8052cbfa6f3348c2cbdcaf35a02d470947238347278421560a93400473a5e75a
1453. 9ec754906cd974949805241075b0309f01f428c0dffc53b4aaff2e43a79265bb
1454. 904fcc5fd5f07449760e4eae50da866a3801615edc1504774b2e9461d7c74ddc
1455. 9418b9fdfda89f3d73442c6e3088b6cf317f4df6afd3e0e52e6887e2b2b57ff0
1456. b6027234bbbfca5ce87c4757557f0a4a9ed2c54960d915eb215722fa703191f7
1457. 751ccbeabee910ea022ebc97fde11d5e1c3bba9f83b6d2df09a927924eb1e60e
1458. 0516f06a8736615d1c852d9f0cd64b258fe5b3f11ac059967eb7d729b54c2c7b
1459. da3d5c2ed5f9c55827c7e1a111f858f98021cec391d5e32a72b8116179571700
1460. fe502b1f29164dce7a5be4f99871fc89f72b66e00f55b41da18d65356fa9133b
1461. fd84376ecb2845381d03f46851fb6328f5c0f26c51fb515c74f21b2326031630
1462. e162346ba37a5b4f31bbe92dfaabed40ae91bce362ea5cb57cec0bcb68b01879
1463. 65344e20c9e346e62bec15f369fcdbb619d64b362483feb36a6d60e3007c22db
1464. d673444e2d8e9d1d919b1cefdeeb0dc783106192d1fd1fecb401df43134449e9
1465. 601804d1434691765b258649f0a9c8924bb1b28b5ff0dc2bafb3039b2c78f6a3
1466. a1be08364eef857af56f506b206e780c803c212b76dbac8dc17e7983d08f65ff
1467. b8c6343d5901455734ce06746901daddc8435888146354add726950ef29944ed
1468. 51ee3cc17fa697ec7de8a60ea5ad2af4195de73c95401b1b17e7b9c346ed9c1a
1469. c22381c768d93356bda637be73a296a73f5b51756cff0c9d0eee0661e2e967a9
1470.  
1471. https://jcci-card.vn/wp-includes/O_R8/
1472. http://ingenla.com/wp-content/XA_fj/
1473. http://ises.com.pl/wp-admin/n2_df/
1474. http://hicast.tn/wp-includes/8_X/
1475. http://appcost.win/noerk24jt/m_c/
1476.  
1477. Creation Time 2019-04-25 13:36:00 (DOC Based - ENG - 365 Blue Box)
1478. SHA256:
1479. 938a132fbfc4fbff53c16e35819bc793e56618d9987c6d6c94e7986261e807a1
1480. 8065d2137332893c6e189b09a0e6b480e2f2955e827e0b67e4418e6a268da467
1481. 22e222168d5dea3d7f837da60fca78acc3257915fda97c18ed7af63dfc7542cd
1482. 41040e62590fee09c32389db40112c48a8a985b407340e12cdd19965862c2c72
1483. 7a6a2c210aefa9f680207555c2b909616b54e3999945d22a47241c2987debd7b
1484. 00a73162489f59b1cc4fc07208676176c19eadbe5c4c0f16b0bd3f7c15a9a03a
1485. e0d1b4b5d7f6b432340d9483b96e4893637d0f897b59a00967ee2a0767888fa8
1486. 78439b66ed766396e16c865a6857de42d166f42227e728f1635a552e07918506
1487. 79aa4c12cd7acda388199e7e59ac3481b7e738ae2b3a43ac06bf08dd8f6b4419
1488. 3dbb4ca641797b6f3729fbd6512e83b47426b4a20d6b490d81100dcd6786d15e
1489. 1c8ce25de7c3e61223b74c0c25c390b08157c35ee523cd3ad13d0e5f04d72301
1490. b52455d11893e16aac2aa2451a747902bfd0d41454a58f4dd11a8a15c6aabf34
1491. 7b793df9dc306e78aec1741d9ef0f38a9e7b5677bac66779c18de85334ad953d
1492. 1581b1babbda10ae6971f0e9ff822a65aa8bd4d98ea920dbeb9261e6e5f3939f
1493. 85986ff033d06fc7f8b1eaff949a4ad970240c2a64bada0f041756bcbf184bb4
1494. 7b556613e2f814670e721619781c1327dc6982655beef492a03e8b5449b7782b
1495. af22c77a25d4738ab3550a2f7e89ff2bfbb76663615bd067a6901040a33f464f
1496. 023da94a6a1283b26662c3583780102af5205108cb647b2ef546a4a8e5b9aa9f
1497. 828b7e9914f932108e52249577fa80987f20ebda94b8654fdc2964baa4d929a4
1498. 8cf9f14b8d68b1b2305b8f1519e274ec4e74aa9338d046605c0e788b5e30f8a5
1499. 26ca73ee3cbc5062f47556b88c88609a17dda511375f29fe7271300cb82da360
1500. aff24983ac7001c5451dc2846b5a32b7344d81c4cd7d2840042995b3044d98e5
1501. 4f4e11330d4a08dc6efb1ea46d5a662e9f538b86664ffe3d721e5294ceb7d430
1502. 67d05dd367015c892e3f0f50e5737a5138f00f626a134a85f1c2a6496132e691
1503. db2e803c063b6a8d618aa3aa5ad2bb2ee303b496e647a5b82a79dbbbaabff95b
1504. 3a0f72ddd376610e76f1a2fcea2a6526284a7f2272714f06056d90a3edc8f4d6
1505. 2d4c029c63ed1ca1131a3ddda7fd4e66078676407a476a00ccd09d2a85c8079b
1506. 7218111a64d849c230b9d6d315953fd4eacad8211eaaf6f03c1fc25414fdb608
1507. 2be2d55078be5d7a6982c89413fe4039cd65fd64f0e786481d785d726c24560d
1508. d5a00860e9c659e68ccc5150d9d54d702862aeab67453e12195cebb432f9e3cf
1509. b63bf916331ae1dec728a79c4f885b668b1eca1c6abdaea630a1940e44b621e8
1510. df0fb247a70c89c6562901405d16cc4d36f5052d95ecedc5b9ed5185a0125f91
1511. 52f088094f6aadfb98436b684c094e0ce059684797339ef65058cce7ef3447f1
1512. fd090323d4df1a960754906db0d1e9748537f5f25661f7a4ca2773240b58bc40
1513. bce589ff607e5a60063fea9c3b4ad8ce6a89ef833e395500363fa9ed9246cee9
1514. a11052d85933b9ebe77b92056e6efbd89393fecb51e3f0fd80a4cfa946cdb7d5
1515. 23398b697fcbad05afffa161f6335010f558d4974e81bd7d32cc4f1e07b06e59
1516. ba1753410ac11859abc6237cefbfd0fc63b872fae35967326374353049918c55
1517. 7d44f7f2b544573813e89633ebba598d028528adc829baeb4c549423b2228698
1518. 863bef93f145d590c49616b371a74a51cca7eaddb9be7b6a55d1d1ffd5f15cbd
1519. c10e6f58b4c3cef4ec5fc1bdb39d5d879c7a9c62e261bb47a74dff8c0d20118d
1520. de56ff30c012fd1c2b28d5d9c9747afe58cc414e185d59ba81f0dcaeda44dee1
1521. a0ce6a165177d79d8675d732c0f22f018dcae73487b2c9227508b0cd2c02d2f4
1522. 3a5f13bd1236171391ad45bf7369996f14b24bfcda152cada9bd04abd6351e6e
1523. 4c1f0a189477f1330c20a8a8869317569be3d5d87d018263babf560c454bc7ef
1524. 64f50f8c4e9bd7b196aa3d88694280da4762e02157d0f53ac68ca37e86d9e6f2
1525. 4fe8c71a6ac9f1846e68c90bafbdb7afd8ecc21bb59fc46dc45a053935386d31
1526. 4fe8c71a6ac9f1846e68c90bafbdb7afd8ecc21bb59fc46dc45a053935386d31
1527. d95e756519e7a387c644faeee84ab2c90ad53339bde37605dcba4c23c323be1c
1528. 3018734c8e915925793a54bfe29457bf245d9a58f3077d74ec22e2b04dcf9972
1529. 6e63ea61f944615450899ffdd9a9444c1051c7a66f3e5a089c4a6ed2da6e6ff1
1530. 372935f96d1e807f4891ffdcf2319728d0247660c0d7fe44738f3b58571751ce
1531.  
1532. http://animzzz.net/wp-content/I_0f/
1533. http://apnaoasis.com/wp-content/Y3_iT/
1534. http://acsboda.com/wp-includes/yn_gp/
1535. http://congchung.isocial.vn/img/6S_yF/
1536. http://www.axasta.com/wp-content/T8_Fp/
1537.  
1538. ```
1539. #### SHA256s for Epoch 2 Payload EXEs seen on 04/26-29/19 ####
1540. ```
1541.  
1542. 0716bb291de89ef66ca0b2992f1b5b852e2757d4ba37d2c31cd86d0804c1340f
1543. d1aa9048f02b2c880f36180ee92518cab5cc2a408781bde1676a77964d4e5a03
1544. f85fc9228cfdf73f2d84a46d93153d85d35093e5041159d71de23904f214e57b
1545. 08ec5c0c55725db409bf349ee855b2d2c981b2025fa1529cba00f3536689e3f4
1546. 163351e912ba5f7ca674f6017be509eb502be223032b93d89ae538ddc92df9fc
1547. 239e13b1ee2efd891c141d0d19d63eef47c75fc743add16fa2cb30629b59f0ec
1548. 616048852eb937dcf7adaba62d351a797e0bd2fb7100d560adcaf1a47f80c9f8
1549. 79128b28776eb3fcae5fe10aa06d7215c22df325751afebdbe0049a3010256ce
1550. 10baf3e3d973e15460d03ec0e1c874fe5603b07e4f0b5f25753658a95b55cfa8
1551. 0b3e13c12d15338c57703b15e199aaf817837eae851ff85aabb03758e4144862
1552. 89ad8630a68b508f373d798c888211d5246b1d8086b64a04cad510c2ce2e312c
1553. f7fcb9822c801db26abd77bf1f243878fdce87df2431230f329be543efe09bea
1554.  
1555.  
1556. ```
1557. #### Epoch 1 C2s ####
1558. ```
1559.  
1560. 103.201.150.209:80
1561. 103.213.212.42:443
1562. 107.159.94.183:8080
1563. 109.104.79.48:8080
1564. 109.73.52.242:8080
1565. 139.59.19.157:80
1566. 144.76.117.247:8080
1567. 165.227.213.173:8080
1568. 175.107.200.27:443
1569. 176.58.93.123:8080
1570. 177.225.175.199:80
1571. 181.142.29.90:80
1572. 181.199.151.19:80
1573. 181.29.101.13:80
1574. 181.29.186.65:80
1575. 181.30.126.66:80
1576. 181.37.126.2:80
1577. 185.86.148.222:8080
1578. 185.94.252.249:443
1579. 185.94.252.27:443
1580. 186.139.160.193:8080
1581. 187.188.166.192:80
1582. 189.205.185.71:465
1583. 190.117.206.153:443
1584. 190.147.116.32:21
1585. 190.171.230.41:80
1586. 192.155.90.90:7080
1587. 192.163.199.254:8080
1588. 196.6.112.70:443
1589. 197.248.67.226:8080
1590. 197.91.152.93:80
1591. 200.107.105.16:465
1592. 200.114.142.40:8080
1593. 200.28.131.215:443
1594. 210.2.86.72:8080
1595. 213.172.88.13:80
1596. 219.94.254.93:8080
1597. 23.254.203.51:8080
1598. 24.150.44.53:80
1599. 37.59.1.74:8080
1600. 43.229.62.186:8080
1601. 45.118.216.70:80
1602. 45.33.35.103:8080
1603. 5.9.128.163:8080
1604. 51.255.50.164:8080
1605. 62.75.143.100:7080
1606. 66.209.69.165:443
1607. 66.228.45.129:8080
1608. 69.163.33.82:8080
1609. 72.47.248.48:8080
1610. 77.82.85.35:8080
1611. 81.3.6.78:7080
1612. 82.226.163.9:80
1613. 85.132.96.242:80
1614. 88.215.2.29:80
1615. 89.135.138.149:80
1616. 91.205.215.57:7080
1617.  
1618. ```
1619. #### Epoch 1 - Spam/Stealer C2s ####
1620. ```
1621.  
1622. 31.172.86.183:8080
1623. 104.236.185.25:8080
1624. 50.116.63.9:7080
1625.  
1626. ```
1627. #### Current Epoch 1 RSA Public Key ####
1628. ```
1629.  
1630.  
1631. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1632.  
1633. ```
1634. #### Epoch 2 C2s ####
1635. ```
1636.  
1637. 103.255.150.84:80
1638. 103.53.44.20:80
1639. 109.194.50.231:80
1640. 117.196.47.110:80
1641. 119.15.153.237:80
1642. 119.155.153.14:21
1643. 119.93.243.2:50000
1644. 124.123.42.93:80
1645. 133.242.156.30:7080
1646. 136.243.117.85:8080
1647. 138.201.140.110:8080
1648. 144.202.9.18:8080
1649. 147.135.210.39:8080
1650. 149.167.86.174:990
1651. 149.255.56.242:8080
1652. 162.243.125.212:8080
1653. 167.114.210.191:8080
1654. 173.255.196.209:8080
1655. 174.93.130.148:8443
1656. 175.100.138.82:22
1657. 176.63.173.71:995
1658. 177.230.108.144:22
1659. 177.242.214.30:80
1660. 178.62.37.188:443
1661. 178.79.161.166:443
1662. 179.14.2.75:21
1663. 180.150.87.75:22
1664. 181.39.51.243:993
1665. 182.176.132.213:8090
1666. 182.188.47.206:990
1667. 183.82.110.170:53
1668. 186.4.234.27:443
1669. 186.85.38.31:443
1670. 187.189.195.208:8443
1671. 190.112.228.47:443
1672. 190.193.18.37:20
1673. 191.92.69.115:80
1674. 2.50.4.159:443
1675. 2.50.52.255:20
1676. 201.220.152.101:80
1677. 208.78.100.202:8080
1678. 211.63.71.72:8080
1679. 213.14.166.152:990
1680. 216.98.148.156:8080
1681. 217.13.106.160:7080
1682. 41.220.119.246:80
1683. 45.123.3.54:443
1684. 45.33.49.124:443
1685. 5.230.147.179:8080
1686. 50.31.0.160:8080
1687. 58.65.211.99:50000
1688. 58.9.168.7:990
1689. 62.75.187.192:8080
1690. 64.13.225.150:8080
1691. 67.205.149.117:8080
1692. 69.198.17.7:8080
1693. 69.45.19.145:8080
1694. 69.45.19.252:8080
1695. 77.56.253.112:80
1696. 78.100.187.118:80
1697. 78.186.5.109:443
1698. 78.188.7.213:8090
1699. 83.110.155.238:8090
1700. 83.110.237.44:990
1701. 84.241.10.111:53
1702. 85.104.59.244:20
1703. 86.99.35.122:20
1704. 87.106.139.101:8080
1705. 91.205.215.66:8080
1706. 92.154.101.154:50000
1707. 94.130.35.140:443
1708. 94.183.129.173:443
1709. 94.76.200.114:8080
1710. 95.128.43.213:8080
1711.  
1712.  
1713. ```
1714. #### Epoch 2 - Spam/Stealer C2s ####
1715. ```
1716.  
1717. 198.58.114.91:4143
1718. 213.136.86.219:7080
1719. 91.205.215.10:7080
1720.  
1721. ```
1722. #### Current Epoch 2 RSA Public Key ####
1723. ```
1724.  
1725. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1726.  
1727. ```
1728. #### Credits and Notes Section ####
1729. ```
1730.  
1731. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
1732. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1733. https://pastebin.com/u/jroosen
1734.  
1735. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1736. I am providing them for your benefit in case you want to parse them to be sure.
1737.  
1738. ```
1739. #### What is Epoch 1 and Epoch 2? ####
1740. ```
1741.  
1742. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
1743.  
1744. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
1745. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
1746. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
1747. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
1748. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
1749. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
1750. time period.
1751. Here are some observations I have noted since I have been watching these botnets:
1752.  
1753. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
1754. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
1755. being delivered in maldocs on Epoch 2 at any one time.
1756. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1757. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1758. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
1759. Monday morning/Sunday night.
1760. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
1761. Epoch 2 may have a document hosted on host.tld/B.
1762. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
1763. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1764. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
1765. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1766. - C2s are never shared between Epochs/Botnets.
1767. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
1768. via C2 to stay ahead of AV defs.
1769. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1770. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1771. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
1772. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
1773. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
1774. spam template, word template, document type and even payload.
1775.  
1776. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1777.  
1778. ```
1779. #### Community Lists ####
1780. ```
1781.  
1782. https://pastebin.com/igH3zV7B - @executemalware
1783. https://pastebin.com/GHz2zTiH - @ps66uk
1784. https://pastebin.com/7kCETexW - @ps66uk
1785. https://pastebin.com/1GWAG0G1 - @pollo290987
1786. https://otx.alienvault.com/pulse/5cc754214eeadbf8667f2d81/ - @SecSome
1787. https://pastebin.com/gujKSPLE - @lazyactivist192
1788. https://www.malware-traffic-analysis.net/2019/04/29/index.html - @malware_traffic
1789.  
1790. ```
1791. #### Credits ####
1792. ```
1793. (OC from @JRoosen and/or combination work of the following)
1794.  
1795. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
1796. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey,
1797. @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
1798.  
1799. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
1800. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial, @lazyactivist192
1801.  
1802. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
1803. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
1804. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman, @lazyactivist192, @TrendMicro
1805.  
1806. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1807.  
1808. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
1809. helping out with this!
1810.  
1811. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1812. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch,
1813. @urlscanio, @TrendMicro and @Virustotal for providing services/software no charge to this cause!
1814.  
1815. ```
1816. #### Daily Log 04-26to29-19 ####
1817. ```
1818.  
1819. General News:
1820.  
1821. Been busy lately. Do people read this portion of this? :) Tell me if you do so I know if it is worth spending my time on this.
1822.  
1823. I got a burst of malspam on the 26th late in the day and another
1824.  
1825. In other news:
1826.  
1827. @James_inthe_box found that E2 was dropping Dreambot/Gozi after initial Emotet infection. It also was targeting German banks:
1828. https://twitter.com/James_inthe_box/status/1122988160223305730
1829.  
1830. @VK_Intel took a look at his notes and then took apart the ISFB loader to see what was being targeted:
1831. https://twitter.com/VK_Intel/status/1123015463515115522
1832.  
1833. E1 payloads that are 197KB seem to be crashing on any system and won't run. Any nothing of value was lost.
1834. https://app.any.run/tasks/0113d55a-0cb2-43c7-9752-a07621b3ee8f
1835. https://cape.contextis.com/analysis/70419/
1836. https://cape.contextis.com/analysis/70428/
1837.  
1838. Email Template Report:
1839.  
1840. I got a burst of 22 generic malspams on Friday evening around 19:45 EDT until about 20:00 EDT. The templates were newish but not
1841. very good. Totally legit to tell me it is not spam right? wrong Ivan. Examples:
1842. _________________________
1843. Example #1
1844.  
1845. From: "Full Spoofed Name" <compromised@latam.domain>
1846. To: "Victim Full Name" <Victim@yourdomain.tld/A>
1847. Subject: Full Spoofed Name
1848.  
1849. Dear Customer,
1850.  
1851.  
1852.  
1853. No, this is not spam. We’re aware of the situation and currently working on a solution, we’ll be keeping you posted on this as we make progress.
1854.  
1855. http://patriclonghi.com/blog/rRPGm-0SI6Uky6t7HVUk_zRVudKPQx-Iv/
1856.  
1857.  
1858. Hope to hear from you soon.
1859.  
1860.  
1861.  
1862. Full Spoofed Name
1863. Phone (Cell):
1864. 693-160-8463
1865. Phone (Home):
1866. 693-160-8539
1867. e Spoofed Email
1868.  
1869. _____________________________
1870.  
1871. Example #2:
1872.  
1873. From: "Spoofed Full Name" <compromised@latam.domain>
1874. To: "Victim" <Victim@yourdomain.tld>
1875. Subject: Invoice for: Victim Full Name
1876.  
1877.  
1878. Good Afternoon,
1879.  
1880.  
1881. =0DReceived invoice ... thank you!=0DCan you please send me the correct inv=
1882. oice as well?
1883.  
1884. http://distorted-freak.nl/html/tCfR-gOWdwQ3QKXK2Zw_wvDfHOubq-kNG/
1885.  
1886.  
1887. =0DThank you,
1888.  
1889. -
1890.  
1891. Spoofed Full Name=0D728-452-0721=0DeMail:Spoofed@email.tld
1892.  
1893. _________________________
1894.  
1895. I received a good 50 malspams today on the 29th. The day started with incoming malspam in force around 09:30EDT.
1896. Almost all were link based and stupid generic templates again:
1897. ______________________
1898. EXAMPLE #1
1899.  
1900. From: "Spoofed Full Name" <compromised@latam.domain>
1901. To: "Victim" <Victim@yourdomain.tld>
1902. Subject: Please review and approve. Thank you.
1903.  
1904. Dear Valued "Spoofed Full Name" Customer:
1905.  
1906.  
1907.  
1908. Can you find out how we get paid. Is it a check or bank transfer? They just charged us $548 or close to that.
1909. No one told us anything about that I just need clarification on this process.
1910.  
1911. http://grasscutter.sakuraweb.com/wp-admin/sec.accounts.resourses.net/
1912.  
1913.  
1914.  
1915. Thank you,
1916.  
1917.  
1918.  
1919. "Spoofed Full Name"
1920. Contact Number: 606 125-5271 ext.5
1921. e:Spoofed@spoofeddomain.tld
1922.  
1923. _______________________
1924. EXAMPLE #20
1925.  
1926. From: "Spoofed Full Name" <compromised@latam.domain>
1927. To: "Victim" <Victim@yourdomain.tld>
1928. Subject: Spoofed Full Name Invoice G67462271 - unreturned equipment
1929.  
1930.  
1931. Dear Customer,
1932.  
1933.  
1934. =0DThe attached invoice is showing past due on your account. Please provide=
1935. payment status.
1936.  
1937. http://grasscutter.sakuraweb.com/wp-admin/sec.accounts.resourses.net/
1938.  
1939.  
1940. =0DThanks for working with us.
1941.  
1942.  
1943.  
1944. Spoofed Full Name=0D976-321-3229, direct (pls. try here first, during business=
1945. hours)=0D976-321-4781, office=0D976-321-9013, fax=0D976-321-0969, mobile=
1946. =0D0206/7745688, WhatsApp=0De Spoofed@email.tld
1947.  
1948.  
1949.  
1950. =0DWe are committed to protecting your personal data. For details of your r=
1951. ights and how we collect and use information about =0Dyou please see our Pr=
1952. ivacy Notice. We reserve the right to monitor all incoming and outgoing e-m=
1953. ails, where permitted by law.
1954. ________________________________
1955. All of that wrapped up before noon EDT. I then got some half dozen Spanish malspams in the evening.
1956.  
1957. _________________
1958. Example #1:
1959. From: "Spoofed Full Name" <compromised@latam.domain>
1960. To: "Victim" <Victim@yourdomain.tld>
1961. Subject: Spoofed Full Name FACTURA U434566
1962.  
1963.  
1964. Buenas tardes a todos
1965.  
1966.  
1967. =0DTe enviamos una factura de nuevo.
1968.  
1969. =0DSaludos cordiales,
1970.  
1971. --
1972.  
1973. Full Spoofed Name
1974. Spoofed@email.tld
1975. ______________________
1976. The attachment was missing on this one though.
1977.  
1978. Also one other template to round out the day:
1979.  
1980. From: "Spoofed" <compromised@latam.tld>
1981. To: "Victim" <Victim@yourdomain.tld>
1982. Subject: Bank Email Notice
1983.  
1984. <html>
1985. <body>
1986. <br><br>You scheduled a payment of $9,647.63 for your account ending in Reg=
1987. ular Business Checking-3625.
1988. <br><br><a href=3D"http://hermagi.ir/wp-includes/Scan/TSJGwwVWcb/">https://=
1989. spoofed.tld/security/ccs_epay?id=3DTbrQq-EiYvwIWYhOn3xM_gjLlDRGB-Ok&brand=
1990. =3D78333728</a>
1991. <br><br>
1992. Following is the detail: =0D<br><br>=0DBatch Name: PAYROLL<br> =0DBatch=
1993. Type: CCD<br>=0DPayment Type: Receive a Payment<br>=0DOffset Account: Busi=
1994. ness Checking-3625<br>=0DEffective Date: 04/29/2019=0D<br><br>=0DTotal Cred=
1995. its (QTY)=0D<br>=0D$9,647.63 (1)=0D<br><br>=0DTotal Debits (QTY)=0D<br>=0D$=
1996. 9,647.63 (10)=0D<br><br>=0DCredit Holds (Qty)=0D<br>=0D$0.00 (0)=0D<br><br>=
1997. =0DDebit Holds (Qty)=0D<br> =0D$0.00 (0)=0D
1998.  
1999. <br>
2000. <br>
2001. <br>
2002. Thank you in advance for your cooperation,
2003. <br>
2004. <b>Spoofed</b>
2005. </body>
2006. </html>
2007. _________________________
2008.  
2009. Did get one reply chain mail too.
2010. __________________________
2011. Reply chain example #1
2012.  
2013. <html>
2014. <body>
2015.  
2016. Please see attached.
2017. <br>A printer friendly attachment is now included with each email.<br>Click on the attachment to open or save the printer friendly version of your report.
2018. <br>
2019. <a href="http://songdung.vn/4d4ixle/secure.accounts.send.biz/">http://spoofed.tld/file/FD-926-SVS6821/spoofedname_049925964506_Apr_29_2019.doc</a>
2020. <br>
2021. <br>
2022. <br>
2023. <br>
2024. Spoofed
2025. Spoofed Email
2026. <br>
2027. <br>
2028. <br>
2029. <br>
2030. ______________________
2031.  
2032. As you can see above, the Reply Chain email was covered by my review below for injected reply wording.
2033.  
2034. Review:
2035. What we know about the threaded templates/reply chain:(changes are marked with *)
2036.  
2037. - Emails are sourced from once (or still) compromised users all over the world.
2038. - Emotet injects a reply into a real email conversation thread between the compromised party and another party that replied
2039. to the compromised party on or before Nov 2018 until at least January 2019. (may be up to present) Also have seen emails going
2040. back as far as June 2018.
2041. - Now on E1 and E2.
2042. - Now seeing German based templates that are essentially the same thing but in German.
2043. *- The injected reply is usually prefaced with the following:
2044. "Attached is your confidential docs."
2045. "Attached please find the wire transfer form."
2046. "Thank you for your help. Please see the attached."
2047. *"Load instructions attached"
2048. *"A printer friendly attachment is now included with each email."
2049. *"Click on the attachment to open or save the printer friendly version of your report."
2050. - Both attached and link based delivery of the maldocs/ZIP/JS have been observed.
2051. - Attachments seem to be in the filename format of *_April_DD_YYYY.doc/js so far.
2052. - The link is customized for the display text of the link to show the real domain of the spoofed organization.
2053. - These templates are pretty limited in run and not very numerous.
2054.  
2055. Link Regex Report:
2056.  
2057. Regex directory patterns - The following patterns were seen active today. Note the * next to the new/old E1 template coming back again.
2058.  
2059. E1
2060. \/(Frage|Nachprufung|nachpr|sich|sichern|vertrauen|([DdeEnN_]{2,5}))\/([0-49\-]){6,7}\/
2061. https?:\/\/.+?\/([A-Za-z0-9]{4,5})-([A-Za-z0-9]{14,16})_([A-Za-z0-9]{8,9})-([A-Za-z0-9]{2,3})\/
2062. *https?:\/\/.+?\/(sec|secure|trust|verif).(accs|accounts|myacc|myaccount).(docs|resourses|send).(biz|com|net)\/
2063.  
2064. E2
2065. https?:\/\/.+?\/([a-z0-9]{4,7})-([a-z0-9]{5,7})-([a-z0-9]{4,7})\/
2066. https?:\/\/.+?\/(Document|DOC|FILE|INC|LLC|Scan)\/([a-zA-Z0-9]{8,12})\/
2067.  
2068. Payloads Report:
2069.  
2070. E1 had 4/5 quintets on Friday and 4 today. E1 did one round of DOCs as attachments only on Friday morning.
2071. Once again there was no indication of this group of documents on distro links. The last 4 Friday quintets were once again ZIP/JS.
2072. For today, there were 2 quintets of DOCs and then 2 of ZIP/JS.
2073. Most were ZIP/JS via links both days.
2074.  
2075. E1 EXE loaders have been interesting lately and there is clearly active work being done. E1 was hashbusting on Friday and over the
2076. weekend on the old loaders. There were reports of crashing then with these loaders. Today we are seeing the same thing noted in the
2077. general notes. Also distro seems to be doing the old hashbusted loaders and C2 today is doing the new non hashbusted.
2078.  
2079. E2 had 3 quintets on Friday and 4 today. E2 was early on Friday DOCs at 02:36UTC and then ran another set at 10:18UTC.
2080. The last quintet was a fake error JS and in ZIP/JS. It was being pushed most of the weekend and then again today briefly in the morning.
2081. We also saw a quintet based on a DOC that was not seen on distro at all again today but this time on E2 and not E1. This started
2082. Monday as the distro links were still doing the old ZIP/JS from Friday. At 1725UTC we saw a new ZIP/JS and then 2 more before the end
2083. of the day.
2084.  
2085. E2 EXE loaders were all the new loader style today on both C2 and Distro. This means 10 hour before hash updates and easy to track and kill.
2086.  
2087. C2 Report:
2088.  
2089. C2s did NOT change for E1 and remained at 57 combos in total. - recorded above
2090. C2s DID change for E2 and increased from 67 combos to 74 combos in total. - recorded above
2091.  
2092. Closing:
2093.  
2094. Been very busy lately but trying to keep updating this since people seem to like this in addition to the bot. Hopefully this helps people
2095. as it takes up a lot of my time after my $dayjob :)
2096.  
2097. TT
2098.  
2099. ```
2100. #### Sandbox 04/26-29/19 ####
2101. (all with fakenet and MITM unless spam/secondary infection)
2102. ```
2103.  
2104. Epoch 1 C2 run on 2019-04-30 at 03:30 UTC - https://cape.contextis.com/analysis/70430/
2105.  
2106. ```
2107.  
2108. ```
2109.  
2110. Epoch 2 C2 run on 2019-04-30 at 03:30 UTC - https://cape.contextis.com/analysis/70432/
2111.  
2112. ```