#Emotet Malware IoCs 2019/05/31-2019/06/02

1.  
2.  
3. ## Emotet Malware Document links/IOCs for 05/31/19-06/02/19 as of 06/03/19 01:00 BST ##
4. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
5.  
6.  
7. #### Epoch 1 Document/Downloader links seen for 05/31/19-06/02/19 ####
8. ```
9.  
10. <none>
11.  
12.  
13. ```
14. #### Epoch 2 Document/Downloader links seen for 05/31/19-06/02/19 ####
15. ```
16.  
17. http://10presupuestos.com/components/DOC/GpWoGnvqybErT/
18. http://1eight1.com/3Wn/INC/nsTUWivSSHMXSqVxZlDJSdJ/
19. http://2tvdb.nl/ce_photo/sites/wAWePzxeLB/
20. http://3dshoes.com.ua/cache/Pages/yvmNxaLKo/
21. http://abfluchen.de/cgi-bin/INC/ig0xqm0prccx3_rbvaf-86728714/
22. http://abitare.nl/_private/Document/v94pqxwyrg5ui221wqqpvddyh4i_x89omohr-890142900950799/
23. http://acht-stuecken.de/ce_dia/Document/2blxmdzscpl3p79l78pgwwjtp_8dxo1u7c2-53488978425/
24. http://adremmgt.be/pages/Scan/INJBAtYqXdBwNyIKbhbAceF/
25. http://aerdtc.gov.mm/wp-content/uploads/2019/DOC/cssr69mo4jjvlrqs_l14q0-00604924/
26. http://aeve.com/zzyzx/Document/xDeZncWnEuEIvEkBpVMJx/
27. http://agatello.com/agatello-static/Scan/mf0w4nvnotdeztzgtbulskrnkcuu_7oin8kd5-73752041/
28. http://agencjat3.pl/js/DOC/lb50ws7waqfjobvsqr3_8fxenla-34348440916/
29. http://agendaportalvialuz.com/wp-admin/FILE/oZgfCbCUQFayep/
30. http://agentsinaction.de/blattwerk/Document/rfj9san1_14bj4ii-933613261/
31. http://aisis.co.uk/services/mybEKzQADXLeaqouWcgUy/
32. http://akademskabeba.rs/wp-admin/Scan/v185kjy7z41z65rt2jl7ho_8e91fak-65624878879743/
33. http://akarsu.de/cgi-bin/Document/42p8qle1n9gvz34ol_sithqp9f-84124569/
34. http://akcaydedektor.com/dosyalar/lm/kz0ytss82nghog4w4x_vyydeidib-41148966122/
35. http://ak-fotografie.eu/cgi-bin/lm/4mzbznutmn8nw4o5mizv5d2tdaq1b_zsco5-94948901050/
36. http://alacatiportobeach.com/wp-includes/43wotlfnxztki5pe2tt3504o509p_k5688-86618904/
37. http://albatroztravel.com/wp-includes/DOC/XjFjqrrQp/
38. http://alfarisco.com/wordpress11/Pages/ey80izs437_643fne95kx-411440451593/
39. http://alihafezi.ir/wp-admin/ANerjZIINpRHYq/
40. http://allanelect.co.uk/cgi-bin/lm/YHoJLAjqHmfHnLax/
41. http://alphaconsumer.net/css/gTdOJjrZbzzDgOcJBIrLCypIMyaeId/
42. http://alsdeluxetravel.pt/Pages/wcPGEobgC/
43. http://alya-international.com/wp-admin/zBTpEfnVpAuYpVwHsIjxNhnBTS/
44. http://amafhha.net/cache/ltxlnw8sdj8tk3taqb8yx1l6bc_06v3ik3d-62081562043922/
45. http://ami-carservice.de/Pics/GjOHJUPXwOybbJaguou/
46. http://amitynguyen.com/wp-admin/DOC/huz09eev3901tsq_87m6jdg3-873153179506495/
47. http://anareborn.com.br/admin/sites/awy8ysyaw7i7p5wd0eh2w_3mi4x-88527704/
48. http://anarp.de/cgi-bin/yy7y5y5b13sfza_w5fio1-21720364857/
49. http://anayi.org/vendor/12d81-1qy4imj-msgxza/
50. http://anderkong.com/cgi-bin/Document/VBNFAtBhDExWoZPFCiqHpZrntPQQX/
51. http://andimaterie.org/cgi-bin/FILE/j4iodqd6mowrur4z6mhui_36rt8ye3sh-714227342850/
52. http://andreasherbig.de/admin/esp/yau2xxtnd21tn4xtx_xxvwsu0q6u-685408551/
53. http://andreas-luther.de/designs/sites/EZESZnwgnxhYobSHMcCdEOzgwtnJG/
54. http://anewfocusinc.org/stats/Scan/tcr6atzyle9c_4o0v4h-495844678765/
55. http://anima-terapie.cz/media/h7efa9fpqmfhy5hs0ym2roj5rh4vm_yublptc0ht-1411450800/
56. http://antauriel.com/cgi-bin/Pages/vjUguTWKfAOatrdRvttxMWqTaWSQ/
57. http://antessa.es/CopiaEurowin/lm/00i5mz9jtz9j7c_613rso0z-1523087103/
58. http://anwaltsservice.net/cgi-bin/xk60um154g0nnijzxrj5u17gzy8dd_zfhfkf2a51-41647161501188/
59. http://anweka.de/css/Pages/h71uu2kif73kz92ak0udc7y1a_vtg2p4f1g-926411790892055/
60. http://apartments-galic.com/ce_photo/wflKaFcnDBH/
61. http://aquasofteg.com/INC/7th2q7jqc2t9_asazxa-87848926144751/
62. http://arch-design.info/Architekt-Luebbers.de/esp/jkgtvolyvoz4deub2xbvi1uwcq_zpbxe7f-448563614/
63. http://archilab.de/austausch/sites/h2nfej4p_eidkebv-67748704640/
64. http://architektbender.de/cgi-bin/47th13zycwiq0vkd34gwruh3im4_b3ofdnp-216731955/
65. http://arch-net.com/bilder/ugmDcWdwlZEiIFkfTiFFH/
66. http://ard-drive.co.uk/EN_en/sites/HBZOjCfjuLdfZmgIsI/
67. http://artists-group.de/sites/fslKIjZWgs/
68. http://artmediatechnology.com/wp-content/esp/u75cedaoeq6_qijuu8-8169765578/
69. http://ascendedarts.com/vectorstash/lm/fgzxGVsEUmmKAsq/
70. http://ascestas.com.br/wp-content/INC/xidaykstu4qohddzklvb_4ux2lc-8909997466/
71. http://ashsha.com/ContactUs/paclm/QiVfgSMWq/
72. http://aspbuero.de/Pages/ciiqhmLgx/
73. http://atech-consulting.de/_notes/Document/hu8s6pm8wzqne_8jzle9bew3-1292452363/
74. http://atlantecapitalpartners.com/wp-admin/mslzeFgUdwfdiiMvFhMORyUBeSYZ/
75. http://baatzconsulting.com/wp-includes/FILE/nhpqdZsdkfVasqGFNzYjiPIvL/
76. http://bambuddha.net/Bilder/aVbfvNHiZSfmDxYNBfGhK/
77. http://bangobazar.com/wordpress/fSKXhcwawEMiBKEpNNq/
78. http://bbda.bf/administrator/zkv7h4m0hxjxev5hgq1my5bo_0kxbqk-04139462725/
79. http://bcadvenco.de/sb3t2ym80/FILE/0kmhat6xr14g906_j87tgy6-23699990534148/
80. http://bellone.pt/cgi-bin/DOC/zfKDhlpOSFEEXejjrGzYIPrF/
81. http://beshig.de/Scan/xx6mf2l4megi27x_aqzyyj3-173457882844/
82. http://bluewavecfo.com/yourcfotogo/lv4zvqmygg_d72th0n3a8-26455943/
83. http://boshnakov.com/VisualArts/vfvlg4qm59ripck22fi0mnmwqfo_z5r4h-7122529632245/
84. http://brkcakiroglu.com/wp/ycnoo07gcms47q4x_jilxy86jd3-92291441/
85. http://caducian.com/wp-includes/FILE/zb6bhqah35_ky3ryuf-354599330/
86. http://cama-algemesi.org/wp-includes/FILE/2v778xm1yvw17mhpaa1de3oxni_ye89vcm-7764862970/
87. http://cgmpower.nl/wp-includes/me71iwufi3rfj24cqdehbt3u9_pm5fjir-581595138/
88. http://cinebase.nl/wp-admin/parts_service/BQNnzQoEJSGBCizDSqxeGxdI/
89. http://cocdatstudio.com/greentreevn.com/esp/AbOdGbhIFfhis/
90. http://completeitcenter.com/cgi-bin/wCbKQgLkbStauZl/
91. http://computer360.ir/wp-content/Document/vnZBYUNBUtaszLjNwPLqfkT/
92. http://coronelsandro.com.br/cgi-bin/parts_service/bsYeWRgsym/
93. http://daltrocoutinho.com.br/app-adm/FILE/i8hdtdjkf_gioan-91793173515/
94. http://darkparticle.com/wp-includes/upkg848hx3_j9mqs-53728257/
95. http://darktowergaming.com/l9ld-0dpofc-hiwewg/Document/GFmoiWupoeLUK/
96. http://ddsandesh.com/wp-admin/lm/euoor3w6vovs3j09p78pt_r2kk7-043257733/
97. http://dekhkelo.in/cgi-bin/paclm/tcz90ln7m6rc2f1zs21b8ska0hd67_k3gspvt-5742695405238/
98. http://digitalkonten.com/coba/Dane/PZqdtVCOFeQIq/
99. http://dreamhouse.pro/plugins/sites/IADsDcbRPHtIUJNneSfhUnRNjObP/
100. http://drezina.hu/airport/ETxsCPiSAMINeXAiBNtXrUHiAbR/
101. http://ehebauer.de/Modellbeispiele/FILE/twqBmAopVORc/
102. http://emacsoft.com/wp-content/Document/eGMTPjbSuEYBdrlFEIWLcFVARyFx/
103. http://espace-photo-numerique.fr/wp-content/Scan/ruia86y2tqhrh_3d0fakiz-124892431612642/
104. http://eubankphoto.com/myspace/lm/MmVqIDhZEtlhWnqXsdFsjJmZmd/
105. http://extensive.com.au/wp-admin/DOC/dcgnnwllyfhrhkjj7x6_h2w16a7-20638992336181/
106. http://eyedea3d.com/Renderings/Pages/pjg89mwtz6q7ok9zyvboaa_6hjyvi-28229335/
107. http://fam-paul.com/INC/rsytporru4r_p1czfi5259-481122324/
108. http://fatafatkhabar.in/wp-admin/esp/uvn4mnxxgcs9dfqhj_iymvu-8126361721242/
109. http://filmcinema21.com/cgi-bin/Document/oIqjnBYqeDwoSspLnaQbfC/
110. http://financeroll.com/wp-content/FILE/FJqJeHbEScgeSUGmi/
111. http://frensbuzz.com/wordpress/Scan/DDkeQAGOJOyjFiS/
112. http://froehlicher.de/cgi-bin/sites/hhgsryTHOVqERL/
113. http://fryzjer.zsp6tom.pl/images/INC/PyjzlnihtLmop/
114. http://fullmoon.co.jp/wp-content/lm/RudddNZosVkYVAsOEgUKCw/
115. http://funsportsapps.com/wp-admin/esp/e04dak0l7ppc9wq_3bduvy-66353549101/
116. http://gafrontke.de/Scan/sPyCScoxptIz/
117. http://garel.co.uk/Document/tbZYZiEYgTehWPwTHSSWOKw/
118. http://geosinteticosrv.com/wp-admin/sites/uxVfpIUflfUJEbuiazCaKMyFvO/
119. http://giagoc24h.vn/wp-admin/UtDlgTzWRc/
120. http://giaiphapnguon.com.vn/language/gtryrwqs70vyi43jbovdiwod3_kyjx7a5qer-781285385982/
121. http://globali.utena.lt/rakandaiutenas/lm/wXFwZUlbBfHHGkHBUv/
122. http://grandomics.com/rthzd/Pages/aqTUCMFCoYQyUKjffLyYJx/
123. http://granzeier.com/projects/Scan/THnolgofXvFccqEisRpxsenmhBseC/
124. http://grumpymonkeydesigns.com/wiVHXlcWCGfSrJTOXjdCltGrEp/
125. http://halffish.co.uk/wp-content/5a096qn-76gnh-juzxt/
126. http://halffish.co.uk/wp-content/7pg6es-an498a-cnocjix/
127. http://halliro.com/adenta.co.uk/5msh4xw3pe42ghlqpdp_czs0quo4o6-9471686755264/
128. http://highq-music.de/Ebene_zwei/x9q7w4cxmawfflyhg1_zgzvsc-472965344/
129. http://ht-vn.com/wp-content/s3b0d5pbofnii_dj3uq-94773189604288/
130. http://huitianr.com/wp-content/esp/8s66j69uhdt0wy73_4qphkljo-506335159/
131. http://hygianis-dz.com/css/DOC/axPudOEuALZgvcQtndohaIoIEyYx/
132. http://ibfengineering.com/wp-content/INC/pqCbrIdaZobIAsU/
133. http://iglecia.com/threelittlepigsgotoyoga/lm/ZLQjJVvT/
134. http://imagebuoy.com/cgi-bin/DANE/kkwmcpppl6xv1uu3710aj42ik0z_05qdb5-471297979285946/
135. http://innmo.cl/wp-includes/paclm/ulrJBlWLlHaZwTHFRmxZai/
136. http://interia.co/wordpress/Dane/tby46a5dk6yzlrptuva3lqzy5r4_85to9h-38090025/
137. http://ists.co.nz/5cwffq0/esp/tNVZzsepAXMDVhLmj/
138. http://ixylon.de/_wp_generated/esp/ZCFcwwsPbCzmUJ/
139. http://izeres.ml/audio/jnf2dlac8hhg4a89zczk_xt1rt-24484644464048/
140. http://jfdmuftitanvirdhurnal.com/wp-content/esp/x79hnzmh3ejk84gl7c_nso9c-355431769/
141. http://jfs.novazeo.net/error/FILE/bpxmgq2e62j_9c6fh7ht-814432846698/
142. http://jorinde.de/Scan/VCxIIEmovC/
143. http://just-rights.com/cgi-bin/LLC/CFUtgmFyOoIILBoQKAgR/
144. http://karnopark.ir/wp-includes/zbzaj8-t1fld-zpumwd/
145. http://kkss536.com/fwbd/Dane/baBuNvSGcMMTtmxD/
146. http://kummer.to/bod60ju71owm21z0mckdpwmkoefhe_i1cmdigd3n-33419907565/
147. http://kundalibhagyatv.net/wp-content/Pages/gMdFyOKNNJFfAAQ/
148. http://kuss.lt/bendridok/sites/eTaxrJxipKieZn/
149. http://ledsignage.my/cgi-bin/hvv48a0by9w55jh_ubm9etjp-654166895361009/
150. http://lenakelly.club/wp-admin/pb3qj0p0wh6o8_rbfo5-70737820/
151. http://letsbenomads.com/administrator/Document/a8e3fimzunvov_8pyd7d1v-382098600405214/
152. http://losethetietour.com/loseadmin/INC/oTUemDtSxBNvtIOEMhs/
153. http://lpk-smartcollege.com/wp-admin/paclm/bfvud11ltdhrejk9n9_az6i3y-41859367998746/
154. http://mail.acousticallysound.com.au/video/lm/x2t2ajxp1_6jmdcbh-5404294851/
155. http://mazzglobal.com/51655165g/i17f1a9bjgesszk0_81gdc24k-18444014202520/
156. http://mcllmp.com/wp-content/parts_service/CoZEHAcECice/
157. http://medtechthailand.com/includes/jhysv-p4ude-eyrlne/
158. http://megapolis-trade.ru/cgi-bin/u9o6mpa4scyrvnoj_beeoqsow2-16612637110359/
159. http://mercuryinfosoft.com/aatgr/llc/zdem1sx792l2c_qw2lcvkda-83712010680/
160. http://mindymusic.nl/US/esp/aozkgpui7vvqpz3e_8tczjq27-640947323/
161. http://mmcrts.com/11/z1z09pn5rj8me8o1ypaou2f2_ockntnbv-966176561592/
162. http://moneytobuyyourhome.com/wp-includes/HlghjhkGEK/
163. http://msteam18.com/txbl/ZotWpEHbgXtDsJnEm/
164. http://mtaconsulting.com/wp-content/5jdnn04r9_8exdkhlo-201012899235/
165. http://multiadatainternational.org/opal-logs/paclm/xTVzKdHQyyujRe/
166. http://mypridehub.org/calendar/vo292i-fq5xyc-qyvvrfl/
167. http://namhaqiqat.uz/includes/parts_service/XmeWLQaDGaniWAmTlB/
168. http://neroendustri.com/newsite/6o4eorjp42d3zy_x6ms16jnmg-0304239427/
169. http://nexxtrip.cl/cgi-bin/paclm/zKjOywFurzeSMIpdkuboxhdwyTMeEB/
170. http://nhatduocnamvuong.com/wp-content/gbWyRMtWxEUmjlghipP/
171. http://noithatpaloma.com/wp-content/uploads/cgxec-j1do6-niij/
172. http://nouvellecitededavid.org/wp-admin/gfaz4j9-c8tk06-bapqkr/
173. http://oesterkrakers.nl/cgi-bin/Scan/9owaftu0z7lc3gw0hsrfv239_d45fuwapv7-06579273612768/
174. http://onus.vn/wp-snapshots/1gfp75m46v43t2oxzvrrd29_od34xcbo5w-1440249744/
175. http://parket-laminat.kz/templates/tevoon1qeuibdexc4le_878waq-12556785286746/
176. http://parsiantabligh.ir/language/mynzmfo3h480x7_j2kcr83zgq-348876086/
177. http://plantebussen.dk/wp-admin/parts_service/x5jcd3051xu3q6pjwxphzx1qy_n6d2vn8h-0724094142499/
178. http://progirl.com.vn/wp-admin/DOC/x5yyoboxor5vg5bom31obyk39sf_kw7bfya-53946863931921/
179. http://pronnuaire.fr/wp-admin/7pjq-eyt0r-rrdaq/
180. http://proxima-advertising.com/erp/eqwrk0tg35035c7h2upuw3my_o6sbmi-6101496815/
181. http://qianzhiwangluo.com/wp-content/lm/f3wz5kmf3lzt05fj3ps5da7k_n5mw2c0s-30200668615/
182. http://qoogasoft.com/ip6vj8s3oc_2sv0sts-6596903033749/
183. http://radarutama.com/wp-admin/DOC/RYPLhhNafifOnyexrtXc/
184. http://ranjithkumar.tk/wp-admin/esp/LNSylPYaSzekKFLZDprkzQL/
185. http://rcxmail.com/gallery/INC/NGdILJYAYXbvcjwkv/
186. http://redakcia.gamewall.eu/wp-content/mufrc-53pp2-cdqntqn/
187. http://reliantspecialtymedical.com/wp-admin/FILE/VrbWOHIKh/
188. http://replaex.com.br/wp-includes/INC/hzn8fn9t_ilv781g7d-28707114150/
189. http://residencemonique.com/wp-includes/DOC/RaWMlCuOJGzBfNTbaIjmN/
190. http://rihanaguesthouse.com/wp-content/parts_service/l867bxue39_0rnsmjku-989630011548187/
191. http://rivermeade.rece2.co.uk/wp-admin/hyxn-mi0bd1-xopm/
192. http://rsia.kendangsari.com/wp-includes/sites/jb2v5u4vro36m4o15zhv6hwrpkkgt_6228uh4r-2280455687/
193. http://rubiz.smartsho.ir/wp-includes/sites/eUbvKLQYIuVdSZj/
194. http://rvcluj.com/rvcluj.com/FILE/j0svzdjsijtp0al7de1dmyzt13_fsufl8-742776001579903/
195. http://saenz.fr/Files/Inf/h38j0ql9emleqxjjrepupj_03ay9n-022007196044/
196. http://salon-rust.de/Fotos/DANE/UARiCHLkfNzsSIkzweTcpUPzQGLbM/
197. http://saltandblue.de/_archiv2010/3jx4sh533_qszc3-5398991722/
198. http://sandkamp.de/Bilderftp/sites/ya0gn5dv_plip6td-85739464849/
199. http://sankat.de/agent/FILE/dudvfsWiGEoVEnPDwfSyjxUY/
200. http://sanko1.co.jp/lp/Inf/ZeKILfZvhaqxnwF/
201. http://sarutec.de/cgi-bin/DOC/xxmufduk6yuhxg4tvnutx_i0h1kfr-797860169236/
202. http://sb-ob.de/cgi-data/Pages/4mvxmdvze36n30fnwrzwyihqh74px2_emjc673st5-45267850133/
203. http://scampoligolosi.it/wp-admin/FILE/NvazGJMAfg/
204. http://schaye.net/cgi-bin/DOC/r5hf5sny2swepuqc0yge0zf4z_51lly6asq-5931021365/
205. http://schluesselmueller.de/Downloads/Inf/x6ehsznvkuaubyfxjrvgwsxq5e9ni_cgco3uxqi-68024924006/
206. http://schmitter-mh.de/bilder/FILE/HJEjNqWHK/
207. http://schockenhoff.net/cgi-bin/SUljGppBcglbQygpSLapbPaSpHg/
208. http://schreinerei-jaeger.de/Bilder/Inf/kfdpkuc2vd42v06ve7re9vw7vl_at46g4k6xz-479356062067890/
209. http://schulungsakademie.org/cgi-bin/paclm/FzwnZBwEfiMaZPDafvhHLkn/
210. http://sdorf.com.br/novo/sites/49r81jh91ta3kv1_r6vvzc-37446666423038/
211. http://shikkhanewsbd.com/wp-content/sites/1s66xpkamsufnm33_bz8ho1sd3-603700895900/
212. http://shinaceptlimited.com/maintl/68oq8-vt88ov7-wrzv/
213. http://shitoryucatalunya.com/blog/sites/DTnEZYqmQyyCbmUMG/
214. http://short.id.au/rss/FILE/n0mna08h008hdotwe7t0_vkvtoo7-01972413346993/
215. http://sidekick-inc.com/wp/Scan/9xjwo1en_7j0ee7tu-10889232/
216. http://si-hao.cn/wp-content/paclm/vpzbt9tl2f10n4b3fypm5p_ln41sonz94-79223659315784/
217. http://simmonspugh.com/wp-content/jrhujge5orqr8_2yjtn9-566225317236241/
218. http://simon-zeitler.de/index_htm_files/hg0qj1nc3ntdnat_93cumzhzf-0237662952/
219. http://sindicatodeseguridad.com/_borders/5m58jo1sxupu7b84oqgwwrgua2_yqqawfjrgf-01178369583/
220. http://sindicatodeseguridad.com/_borders/5m58jo1sxupu7b84oqgwwrgua2_yqqawfjrgf-01178369583//
221. http://singers4all.com/cgi-bin/ez09n0ny2hcn_g7sd0e-188440162615/
222. http://sinmai.com/0677744065017/EaEKUByEymrE/
223. http://sistemahoteleiro.com/clients/esp/WIMSETtxwEKjBp/
224. http://sjhoops.com/ldpodcsqkae/
225. http://ska2000.com/bbs/Pages/e03fi8sg42t7s3g_wjno7m1-74103918631693/
226. http://sketchesfromheaven.nl/cgi-bin/parts_service/hcfcxevu8h2gedvvf9ark4fkoz3_1wq85bub1k-5315627553/
227. http://skygui.com/lm/55248ks6um5i21asgg0x3h83ir0zkm_rzeyc7nzf-7305247397639/
228. http://skylinecleaning.co.uk/contacteotcam/sites/pd6b8ygc6e5863_r0g07-459871542/
229. http://smixe.com/jbwhzay/owaqafj26_145sfchk-86466482679085/
230. http://sn2studio.jp/about/paclm/RdRcYSzYooMIPRrdJLQ/
231. http://sneezy.be/files/lm/trlnuyp6txuxkahdf140m_b2ofh0v-1283763430810/
232. http://snippen.de/301/sites/ICmlFyqgGCmcBnjoVnpOGzHE/
233. http://sofaemesa.com.br/wp-admin/INC/SNYnpjmRQlpbhgUX/
234. http://softhotel.com/cgi-bin/hsKPeXHFNs/
235. http://sonnyelectric.com/ssfm/paclm/pyrrbh2hrzehzcctv3xg89_x9edihqp-692656290/
236. http://sozialstationen-stuttgart.de/Aktuell/Pages/tdptt4lj_n5v6z9cap-785205044/
237. http://speyeder.net/wp-admin/lm/qxd8wlvn7ym7644j29_op4217h0z9-1219866213/
238. http://spitbraaihire.co.za/Scan/tNsnmSNUAbtxo/
239. http://sponer.net/bilder/esp/7w0o354uuje9ns_f6nbldn-04871546209201/
240. http://spot-even.com/cgi-bin/8sheemf6odalslz82yzg5e27bmtz6u_bhofk-37233441460/
241. http://statebd.com/wdljqgs/Dok/wtwg4cz94f5l16vi8xfwjuxjab6_c7jqzf714x-2393803667/
242. http://stattplan.net/sites/quyvspvNlZI/
243. http://steller-architekt.eu/cgi-bin/Pages/mUXgcJlupFdaQl/
244. http://studiospa.com.pl/images/lm/7dejdpjj4vfshi6u46jlwgd5z83_wr00qdh-73288207/
245. http://stuedemann-web.de/_mmServerScripts/INC/x40seazb3ebenxrbsiir0s5u6w_mu2r36os-6845265520045/
246. http://sukhumvithomes.com/sathorncondos.com/uk5cevaat66de9h4itfmf6vc_tgfuq9e-569515944/
247. http://supplynowdents.com/wp-includes/FILE/xu3g8mila_nytam6-47990381497928/
248. http://support81.si/fonts/OkVAgpgWurBPFEHxHBsENy/
249. http://swarm.ir/bi/xUeFCCUfopNehO/
250. http://swernicke.de/cgi-bin/FILE/yeoq4gzjkyu9rsja_zaxxvklc-40471033965045/
251. http://taltus.co.uk/1aovonoe1wx87nxbb3o2d1cc09c_1ksuzwvl-56752151106/
252. http://tanabygg.no/wp-includes/DANE/DAOWTIAMU/
253. http://teardrop-productions.ro/menusystemmodel003/esp/rl65kshppfvh27yk5_ys96f-24114552/
254. http://tecniset.cat/docs/FILE/gZJWAgcnAjdbha/
255. http://t-ehses.de/cgi-bin/9ikudmcf6oofi_w3saqvcu-874708921091582/
256. http://textildruck-saar.de/wp-admin/paclm/chq0vl0mpuc_xql810r36u-72512773/
257. http://thebohosalon.in/public_html/DOC/zaj3jos1vd8o7fpc1pd0ngpkbu_w2wrpr-110381007402252/
258. http://theexpatcoach.nl/wp-content/INC/wzzemxgvAGsW/
259. http://theinncrowd.us/wp/07uta3ihpis1diu4hqd9_nsf98qgiyp-252422439473045/
260. http://theliveadmins.com/503bluewaters/Plik/fFHjPnWCHXJD/
261. http://thesportyapps.com/wp-admin/Scan/vf27zqcppyf99hk_srd3k4kn-67443772557285/
262. http://thurigai.com/pgoc/c0e6-ptfodc-wvocc/
263. http://t-ill.de/cgi-bin/whaxk2qj5mjya8ph17wm73vjsp824_3q3m9gtd44-21333014/
264. http://todoventas.com.mx/wp-admin/paclm/japwkwvxucxo1wvtrojp30gkopk6_mtuazdy7-2910641717/
265. http://tonerdepot.com.mx/Pages/3irsm9r73nwqp84czzeylsgngo_4bh3ay8-20508817460/
266. http://toools.es/wp-content/TlVyAAgUYgDSvWHAUiVLJHxVLDstZC/
267. http://topgas.co.th/th/DOC/jqoqrrvmqn7s2tiz739nc0_wswqx7-6218834525/
268. http://tpc.hu/arlista/FILE/PCMhdodoDFN/
269. http://travel-lounge24.de/TRAVELLOUNGE24/LLC/nx4o19c75zt_4rmaxin76-37714499/
270. http://traxl.de/cgi-bin/LLC/hNOnvdyytd/
271. http://triado.ru/parts_service/ABcNmDlWhvwLMEksVDmScUmYSqEWV/
272. http://triptur.com.br/jjrtf/qJxlZIXtIqkrffnURy/
273. http://troiano.de/cablewizz/Document/DABIElfoICuhmqEjtWVj/
274. http://troske.de/Document/hhm05zky_cbw41-435550350/
275. http://tschannerl.de/_we_info5/parts_service/gomcnsdFn/
276. http://tsukasa.com.br/wp-admin/ho0zr4a30c6r18nbbzb224_g9dupkacu-40594964493/
277. http://tsunagi4.sakura.ne.jp/avatars/LLC/wg49aqxhfpx_til9q8hlm-4513467709/
278. http://tubbzmix.com/a/parts_service/MtYLufETQbqxe/
279. http://twitcom.de/cgi-bin/VesqvjsNJMAcdxXJTO/
280. http://tyralla.net/auto/Pages/0kekjlshyzvbp91hgpmy487b4_n3uxjup-69616585865/
281. http://tys-yokohama.co.jp/FCKeditor/INC/QDHuFkBRL/
282. http://ueno-office.net/3guP/Scan/a5356z03tgd7g2306tllo_myr6sg9g4u-756010564/
283. http://uhlandstrasse.de/designs/DOC/16d8wyuadburgjnibk61rqyx6sf5p_mybor9qqoy-330487695/
284. http://uhren-ammon.de/cgi-bin/Scan/0397591nw5_ksfyei07q6-97007324237/
285. http://ukdn.com/TempHold/oCnADqXVbFDuTwM/
286. http://ulishome.de/LLC/2qqowz9tura_lv6d7-7750932419/
287. http://umramx.bilkent.edu.tr/images/m5xu-xm0tkj8-thurd/
288. http://unityhealthpolyclinicdentalcentre.com/wp-admin/parts_service/9wqs5m83jzl6vg2cv_y0lwlgfev-876082408/
289. http://universalservices.pk/cgi-bin/sites/yrft3tipgo6kd1w_6lw3k-530049724415424/
290. http://ussvictory.org/nova3/Scan/yt9lsha3of6zr9ql8s6s_cx0qp72of1-83180173816/
291. http://v7gfx.de/20141024ebay/QaVDzYwTWVHOuS/
292. http://vafotografia.com.br/Telekom/lm/q8ewfow2cfmtq1m44_osj32pg15y-174346886771/
293. http://vaka.net/blog/RCbnQysPiqq/
294. http://vdhammen.com/cgi-bin/paclm/01lb1z2q2_imx3c-370788005621382/
295. http://vdhwatersystemen.nl/cgi-bin/paclm/hy338u4ot44qwsuciy0f44xy87ah_12z7z9-087033653/
296. http://vectoraudio.es/cgi-bin/FILE/w9j5998u5e2ky818j8nwn4_0jdz30-6358217015199/
297. http://vermessung-lechner.de/_private/FILE/a952g1fxzaf1iteh4tdufvlk_jqhad-1003838872/
298. http://viacomercial.com/mcc/Pages/scrmv1hnzwbg_83uqjsdcsh-420052296/
299. http://viamaoshopping.com.br/language/FILE/lLRYpdeUAOoIcZcNsPGMbk/
300. http://victorianlove.com/postcards/LLC/qGOJFVtZPJfgBTFnxbNcsLyIyUiNm/
301. http://villhauer.com/_derived/paclm/ob023uqo2zph6v_e8txqn-3442414077312/
302. http://vingenieros.cl/tmp/VHlfvUkvepoAEN/
303. http://viola-zeig.de/bWNdCUmrdfrrxOwScxFbb/
304. http://viproducciones.com/yt-assets/FILE/qcopoi6yrwb2yxng_4d5r7shk6-923242825314602/
305. http://visoport.com/hksquash/sites/bSSZACUbZSidwxzUG/
306. http://vlinco.net/poo-l/catkceKASBcotowCMAs/
307. http://vmsmarketing.ie/sites/Scan/dyebukw3dgwgzq5ebyghtn4g_iort3ogq8-31657526/
308. http://w3brasil.com/sistema/DOC/NFliUUhjfGgwTETPcBXJzeUcfzQdFy/
309. http://w3tk.de/cgi-bin/pnziKsxvKdKByuwybZgOeaaSYkU/
310. http://wackelpinne.de/_borders/gafueavglki7mdv7knce9v3mnv_iljgwodxil-68356441831/
311. http://walkinaluuki.pl/beta/lm/e6znhq7eq0g1nt9f14gb765h_1898qpfmur-23901545806/
312. http://warmer.de/cgi-bin/esp/GICvFhDeUZusUbj/
313. http://wasseralfingen.com/cgi-bin/FILE/215gz2m2ytxm9o_dn0c5owwjz-251846549/
314. http://webap.synology.me/bicyclettedepaul/wp-content/uploads/mxqhm-fx0ly8-aoqpv/
315. http://wegner-lehner.de/images/Document/fbqqlm51g9ig3pr3ggwbowe_mvggijzmi9-209844723/
316. http://werbe-lange.de/cgi-bin/zb94k538skc_oe5w8798-12640324/
317. http://werki1.de/xixNykjQY/FILE/q260xh3609qof_ki853t-83225121/
318. http://wetechnews.com/wp-content/DOC/wlpbkhcfq3t7v8_vcuyxp4-84888206791/
319. http://wiedenfeld.eu/Bilder/LLC/8l20v24n1edo3ze0tkpcagf6tmp_umoxgs00i-4709829738/
320. http://willemvanleeuwen.nl/autos/paclm/gbnkkdd247a_6qbsnf-15323210856883/
321. http://w-rengers.de/designs/esp/dh4xot3d2cukhch5evnvcrk2np_u1gugj-039238188/
322. http://www.eldoninstruments.com/test/pages/t9tvf7gm_k85x8aq-152468665742971/
323. http://www.grandomics.com/rthzd/Pages/aqTUCMFCoYQyUKjffLyYJx/
324. http://www.kebaby.ch/wp-content/INC/fy3a9n91e3lzio68r_3bwvasfq-748601967591176/
325. http://www.letsbenomads.com/administrator/Document/a8e3fimzunvov_8pyd7d1v-382098600405214/
326. http://www.melbournefencingandgates.com.au/wp-content/sites/yKlOSJrSNM/
327. http://www.puzpix.com/dphbry/Document/dve4smgozzxk_z6bu2e-3187666804551/
328. http://www.vapecloudleb.com/wordpress/Scan/NRjOIkZX/
329. http://wz-architekten.de/2017/Document/zclzGThoQNAsZPK/
330. http://xenonweb.net/animation/Scan/r3g9tnzmgkwfswg_lx779vqx-6732583283/
331. http://xn--mgbaam5axqmf2i.com/wp-includes/Pages/upfrwigv_rsle5r-3024049911068/
332. http://youmeal.io/cms/lm/vjlexroqlbjg5ytd_3hha882-62832888/
333. http://zangemeister.de/Bilder/Scan/ezqPRrue/
334. http://zeroz.org/cgi-bin/ywvLHJtfcSPkOB/
335. http://zimmerei-woelk.de/Zimmerei/INC/tUyoPbLFBpp/
336. http://zmeyerz.com/homepage_files/paclm/yo5pldcq0j9icwkepvascb_iqdyr-580966208503/
337. http://zonexon.de/cgi-bin/INC/SexfsjrM/
338. http://zuix.com/leads/DqqJYCaygXER/
339. https://adamant.kz/admin/Pages/9gxmcg7u3rht0vwju5uvu0eka7m7_c5pp7i-8388330687093/
340. https://adapta.com.ar/cache/esp/RMMzQXyhmXjmYBxW/
341. https://afsgames.com/anzan/parts_service/fmcmcmiiszv9ztyod6q_elnyu-642136575567041/
342. https://antessa.es/CopiaEurowin/lm/00i5mz9jtz9j7c_613rso0z-1523087103/
343. https://ardenlev.com/thank-you/parts_service/ZPxMdNLQUxwNHEnsuSUKyEPW/
344. https://blog.yinmingkai.com/wp-includes/KXayrAqpxCmffhCbAHfE/
345. https://carbtecgh.com/wp-includes/INC/uh9dpwr0_lxdkg-9129473593/
346. https://ddsandesh.com/wp-admin/lm/euoor3w6vovs3j09p78pt_r2kk7-043257733/
347. https://fatafatkhabar.in/wp-admin/esp/uvn4mnxxgcs9dfqhj_iymvu-8126361721242/
348. https://gaertl.com/pics/paclm/MhvATWsWmwkyVpSHhXIMmlnu/
349. https://genb.es/test/LLC/IfWwVwgehKVBiHryCHggYeev/
350. https://germandelights.com/_private/sites/sf33uikk4v_ljqnoq-96284606125/
351. https://globali.utena.lt/rakandaiutenas/lm/wXFwZUlbBfHHGkHBUv/
352. https://grandomics.com/rthzd/Pages/aqTUCMFCoYQyUKjffLyYJx/
353. https://inovscope.pt/wp-includes/zbIlFyGYD/
354. https://intersect4life.com/rxfv/DOC/corgc0fxy8z3qcllrj_8ysbp79yit-311866931090/
355. https://just-rights.com/cgi-bin/LLC/CFUtgmFyOoIILBoQKAgR/
356. https://logtecn.es/wp-includes/FILE/2o72apy0yqnf5enyfe7n_t88h7-981601481/
357. https://megapolis-trade.ru/cgi-bin/u9o6mpa4scyrvnoj_beeoqsow2-16612637110359/
358. https://moveiscunhas.pt/wp-includes/sites/lykun01w7_ca7nh4v-328985992/
359. https://old.hinz.se.prison01.dalnix.se/wp-admin/paclm/uvWMyotDLWsEY/
360. https://prearis.be/blog/Document/UzfzaMzardLZGjlP/
361. https://pulsefret.com/wp-admin/esp/ZLjiSXdNOYRamtJHJBmEdk/
362. https://rumahdiskon.net/cgi-bin/Plik/8vv1xm8e9djezzq5ocq0zevj_s0hv9nnrx-0105629677433/
363. https://saltandblue.de/_archiv2010/3jx4sh533_qszc3-5398991722/
364. https://schneifelwetter.de/MGB_01/DOC/hMRrbmKrZQYOMhHilICiCDKJFQmEV/
365. https://sketchesfromheaven.nl/cgi-bin/parts_service/hcfcxevu8h2gedvvf9ark4fkoz3_1wq85bub1k-5315627553/
366. https://slysoft.biz/wordpress/LLC/5rlgd35790sg9o_zxv9qcua-709958061/
367. https://tischlereigrund.de/cgi-bin/DOC/hjhh4vqnlgf1bp_y3a4z-779938398181/
368. https://trambellir.com/wp-includes/FILE/episfvyt9cyiz92nf8j4rv0iwcbmkl_9for2f-2387753201/
369. https://tsunagi4.sakura.ne.jp/avatars/LLC/wg49aqxhfpx_til9q8hlm-4513467709/
370. https://v-schomann.de/css/Document/shv9dmzdj7c5mwb7nat0887s1x1l0f_sxlrjj-56187756497156/
371. https://wakfu.cc/6djrp4v/esp/ceoEAmIqYYckf/
372. https://walkinaluuki.pl/beta/lm/e6znhq7eq0g1nt9f14gb765h_1898qpfmur-23901545806/
373. https://werbe-lange.de/cgi-bin/zb94k538skc_oe5w8798-12640324/
374. https://www.feitm.com.co/pagina-no-encontrada/paclm/1xjwvt62_g3xr0z5w7o-82467344625/
375. https://www.grandomics.com/rthzd/Pages/aqTUCMFCoYQyUKjffLyYJx/
376. https://www.kebaby.ch/wp-content/INC/fy3a9n91e3lzio68r_3bwvasfq-748601967591176/
377. https://xn--mgbaam5axqmf2i.com/wp-includes/Pages/upfrwigv_rsle5r-3024049911068/
378. https://youmeal.io/cms/lm/vjlexroqlbjg5ytd_3hha882-62832888/
379.  
380.  
381. ```
382. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
383. ```
384.  
385. Creation Time 2019:05:31 18:22:00 (Attachment Only - DOC Based - ENG - 365 Blue Box)
386. SHA256:
387. 9ca523bd705dd786ea7b2467ebcfdc453fd8545c0259e9150e364a257afa5f13
388. 01a7a8f3ff5f33631943d36ac4a253b6c82a5be32d7ef6490a9ef5e9125afb05
389. fb82c42ad621494fe41e26f0923d137a4753a2d2086e54a272ba7b3b4e8a161f
390. 7203ce5937a85425000e4796a34b341cce6ee57cdbb30e415b3703a5bdf7eb5b
391. 0fcb4d5879397f03417f52276122802b65a96930c480535711926c3178e63def
392. dd4fa98d135c64eaf4b1cbf80667963aabd01dc81e4bf68f79f5cd9f38f0b404
393.  
394. http://aisteanandi.com/wp-admin/bwk5ck874/
395. http://girl4night.com/wp-content/vr12/
396. http://electladyproductions.com/wp-includes/gq4309/
397. http://sklicious.com/wp-includes/1s48uw99725/
398. http://picker2.crooze.com/wp-content/d84/
399.  
400.  
401. Creation Time 2019:05:31 14:38:00 (Attachment Only - DOC Based - ENG - 365 Blue Box)
402. SHA256:
403. a1ea5ab625e65ecb2eb20a3436b2d8059e576a99c7b10fa5c56e7952874c140a
404. d4d9d272a4b37b717e1aefa999e55198c780b0a5a9343b3cce2e4fa558f74371
405. 31fcf0f9fc31834a5f282f6694f4d43713d68a3ed01aa80b14b4a2d02d4d6732
406. 8731e01287850325493689ad63ac76e8fd47034324dd184a7294f2331338b08e
407. da7cb9965b399e6b7a7f3390b4e146bb19cdefd2f9c4c96f07674cb0d5f521eb
408. 146e557b77c51b8e3ae586837bb5a0d195d0f750ee45fd728b3ced45d492ccdf
409. cbe302da6305b5603578068d8dd253bac02cf57fe98feadc59246ce91e1a2c4e
410.  
411. http://ashu20506.000webhostapp.com/wp-admin/ideya067/
412. http://ganharcurtidas.com/wp-admin/aox8fo094/
413. https://vnzy.com/wp-content/8qzjtgp04134/
414. http://naveenagra.com/naveenagra.com/z7lvjha796/
415. https://bikeworkshmb.com/fonts/k48/
416.  
417.  
418. Creation Time 2019:05:30 20:19:00 (Attachment Only - DOC Based - ENG - 365 Blue Background)
419. SHA256:
420. 74a04b857fdfac356c245fae9da4e98edc7e19f938ccaff326aeeb2d5ca95226
421. 48a3bc37a4cce76812a32d5f539a7398bfde608c46126a6876db613f8da20536
422. bcd04b17df991fc42190806c74742cdc24eef65fd4b3e9ee4e23cc25e3de231f
423. cae50239447702602707cf162f31d782031914b3b0bef2b3a3e5083460368741
424. d9487f730a353d711f1de4c5fbb5604e930a6238aeeb4c1d949c295b8b55ae05
425. ed9717400c6b75dab9458a775daa988b079aa9bb9b9a8d319fee804e248705c5
426. 4ea43dc7d4ca7fa55a3225124deb7f44e2d09063b392c811e0b6ec67a04be995
427. 47e6bc41e6db20d4e007762c4b51a17aeaae431bd53d3b3cb45e849158e07150
428.  
429. http://faydd.com/wp-includes/atc4485/
430. http://yumewokanaeyou.com/cupido/ra73n6g4849/
431. https://www.tr-alsat.com/cgi-bin/fhc6x2/
432. https://abrashipping.com/wordpress/6tq2019/
433. http://ayecargo.com/cgi-bin/iu4/
434.  
435.  
436. ```
437. #### SHA256s for Epoch 1 Payload EXEs seen on 05/31/19-06/02/19 ####
438. ```
439. 0cfc6f57079ee347e2d49e3d1d555d66949fc0a935a533ce3e569534c5fcddce
440. 2554204174110a82321ef5fadc1469d6dfc2386a189b89c387292848a970c668
441. 94ff112da4644cb0d53254cf376fae73bf17785dfe005b60183457a329f032d6
442. 88a4f888d138dfc57d974e59e6f6e245e94f7341a968c1994522be28f6c59ec9
443. f8c1e4d21622b4823aef396f89e37e40cfcdc931d5286bc6306ab7702b90fcb8
444. 5d006c9aa200147ecef6206b7bace4182624039270c75849bfd2c377726f50ef
445. 45e9fb43b4578e4814a1970fcc84a5f41576a54042adb8da76af67cb9d3914f6
446. 229cefbd1151c1907c8ccee541a9b5b68e6e20e321134a83f32301f39ce0dccb
447. 083ef17c4a799b5aafd4a25842c4a3f71f17f7d273cff17d47a2072fd12894a3
448. bf8a0968edf9b939d4c7f6045ffaddbb0f70a0584238c2c5022cab27ee7e2d53
449. a868bac325af7e50dc2493a170f4ff1ad05974183f982c32007817a10058bf27
450. a8b1061ce91d3fc8cce2a8dc82fd7e90b442d89fd1ef5edc7bc3b8151689e4cc
451. 64043b988c41fd3b8881379e5ab94de6519b27842db6973c81c4188378714663
452. e4e518c124839cc8a4242d6daff8f7d12d9e53e51d319ea5c50ed7c621b7aed8
453. 53630bf6096b62ec337afd35d22013651e0ce57b94409becede18b924d019c5b
454. abd47c2f37f295ab384b830aba0191c68670e756b7b7f9122af24b12adf4ad5b
455. 98ba5a1ff2ccf53d9af9dbdc12018982fac00670b525b9b3874ba1f4b9753a73
456. d3aa436a7c065f5403f4a8d41bf67a2ee06c088ea17e0cb72c39958a8c16b436
457. 979cb58504d5c550a4044e4a2c8565473949deb694cab16fc39d0bcd8d8a3af5
458. d01a3e65a680dd1f093db268bb5ea0ae6ce9d21a2a37fad5072aaf4ce94d5505
459. d325fe885cfbb539e5364b679801e856e50fea007e9560eb911c472fa64e664f
460. f9a95e374ea8df0f6aa4eb6d10c923f54d716d013dec54334da4c6240a0ffb85
461. bb071ea1f60ceb7fe3c4c8d76e30edfd863ba1414ded82f1be95b7774f19f2d6
462. 08807b28978ff9bae97257d26a8eae9e65125d8fc31b3efb741fb291b7261708
463. 96d34ce6a56751b3c737ed25a54f72c743dcaa91d84c36b21f426672677608ae
464. 528e55dbba951687727e05634c68d0271846956b1666ed44afe272092bc8345b
465. 6b1f94d88bc319a0e6e5c0ed1674875f74c19ccee4c4a87d44c1739ee9fc5901
466. 4f73ee1be94b3be851eae38f83320bf6462ac6c64cd2db83c64b32bc32325685
467. ae62e7b04ac724f74ecd56cb90e0c7eb6266ca01e0bfd3daab583ebe6290defc
468. e5ee1df5f48bd20341f737c5153a57a3fedd2d3771ecd8ce3dbd455a940156ad
469. 7c64fe4ac643cd4d0b5cf5ce3c881cb4bc776d9f7960bd89cf5560881e798aca
470. eb135d0764932501b0122620e2b7a7ca5b56786d1a937871372ae989609cc3f8
471. f713f38a9a77dcec01fc7f526dba478071d326634505f3853878ac630e636311
472. 3baf4aebb6ee9330e1a3736d2825615571644f7d2b0b49e9aa675cb1d79f8e36
473. 3442fba4ceb964b90c925c11104856b318ce749a6e3a5c9f87a119cb847d6900
474. 717f3d5181a2e65be42a9a5ad2fc5941565ed216463bf095c12e6a0748d44b96
475. 5d236e575746f32eeb18e3c0e8fb15271737ca984c914f788cc767bd0997c2a9
476. dc3ca2de5b381cf4a451248d3a802463692b379628029effc1fe2cac278a5e1d
477. be2f6e002495c4626ff065f907e58a3d9916501b8b1f768cbd4534fe5275037b
478. 5e0d0b4edf90ba49a2c4008f83df42b4681820590699826fe49735368e82f553
479. 2b7e39eaa36a3c3aa722c14c45c412180c18df57e3126ee1f456d5b1b8352811
480. 3620ea7560b42ffff679c390481a21d7850edcc039077788d1df8d05159adcc1
481. aeae311ab63a1e70fde5a8711514e365530626c2b91ac16f5eefc494be56638b
482. eda7d9b0e4df658b089f30b968d5524ac15f96415d6b7d3aabcf22c594aa03cd
483. a546ad289a0b463eff3d1171ddd5c239d0fc4565b695d574e1a0d26daebc35c5
484. 316fa461d6d8376816f721f29042d570e41a160755a7e3385417a16ad109be22
485. 67bb455a8756a39f0744ffe39e0bba60d21f00ea9d8215a8f476d94251c5827a
486. 85d9eccf69a51f752298d35eae2cfb11fcc7ee90fed290b25e4c9cddb3cce6ea
487. a338308294c10121d1709842785f31a0d3a0ab0417543e57ace0c6ac90d6152b
488. 1b2aab91916bb164143344f65e33c962f7216ddb17badfadfc9fcdbcdc4bd5f8
489. 5076984077b8e2eee6874a53fa5f4d1429dd435a3fb19f052a5292780f1c3334
490. 557f6adc304417d30e8b06044568e526b377aed79cc5bde2882aa16b22b37cb6
491. 480944bce77ff8a75d97cf4c86afef377e833c2d5ac046b609a9061c864b79bb
492. c1f8f96cda3e4d6b7f58680a298f80d86cfe4680d254741d84b9cb16d5a1a600
493. a6611594cb535cda2ac817d62ea54d5cc038fa9c5326fb523ac8a2f122da97c5
494. 3d24f72b21d3de7acf795cb38200bd39cf6b0572b1f3129ca0f5c08f239911f2
495. 5085f713dea5df10fe575bfcf3658d40588c011de7fa5dcd3f55e02da20bba98
496. f5c3ddd0969c95725de55e3103dd040a7949c9844fbdb4384df0a1b79f35c918
497. 821aad6e47c96c8c987fc4569bfc0f070b3c52f23b90edddbb9854091a89a181
498. febc01a9ebac3c77eeb8895c8e06281dc6e46dcb3b934de681e6113538b5d85b
499. 445c67d2818f3a7f0650191ad266e1da3a8dda75ba0c7d88e34f8b2dfb34e229
500. b42f5b72374566c73b80fc6541a8031c3de5070df08653f3d881278f82d340f2
501. fedb924acf79c90c1130cab2d2fd70e2fdc4f71094a1268bff4f98162469ce4d
502. e4fdc32cd0d5634da225ac24d8f8dbbf164a9f0c7d15f0b8c3f52bc4818e4356
503. cf61bd283241a18f9f8f6ece2cfff349b6116e16cae9ee669673de9bdc880747
504. 7cd3d25eef9660f6b40db9ad2842d8017236ca91015e0fbbebf713250c520daa
505. e840dbf52a924ba3fe6df417333cc2ed1b5833e0b82ecd2c8ac7c8f9f3f505d4
506. 61a5f6d0a2e1a79adce1d96792f466ea4ee6afcd71568ba31554f3cc65459238
507. db70ac74abfddb4e6e421cc6b706ef0f22cfc7999bcff1797ca34a9d75967879
508. 747b16ab4b405236b8c9fd9a24fe1f567941476cce7c364a5cdcce921859d857
509. 16b8ff045f1e184dc4148a0488fef32c0167497fa0befaa8c3de5a5b1907d240
510. 2b4d5e1ce1f5c65fbf0ce4b024b97015f2ba6df866757f16a10891ff4dba3cfc
511. 57936aa6ea3d8158757caf7bd7c4a69b4233904fcfeaa3766b86abab0d5d3b9a
512. 1d2fcab00cad2d7451ebcdc50fbdebda719637afc5e871186164cb52e7c7aa3b
513. eda06dc0324cfb11254069eebf63f89982f9438396734cf3a697063b55f0b5ef
514. 6bdcbfb0d3209e654edddf0f7861ba4d5400c9b8e7549129a0699ce1f185e924
515. 6567c6103adf9d80a8446f1c02a75bbcdb5a2800f82308a08b1eeaad61067962
516. e6e7f2f03b2fce53c07d42d51995dff65ac7356caa85b7fa8f029b4a73f32cdc
517. ace93e65d055e133db01d9befc2843619f935b9425778f422d4a726ec8ee4695
518. 4ad39eafd22170fcc4bc450051674c2199ace1986c4218fd51430997d020aec4
519. 11355d4e7a25c41a53e93f1e471780ae5f537cfb47b78482e6a71045f70fbdc2
520. da64113ec07566bd0989e918143a4ef223d6175f7dc40897a7dd10abc9aa6d6f
521. aae00a85acd791218fa7b3d6eb3e488f4fde49f50eab4af736874db177e9e13a
522. 216fc3361d83c3ff1124522d3995a46e908a179cd91339e30d63232bb21f0101
523. ca6d4ff584dac047c7073af3da172684892b415d4dece5f97985972781a564a1
524. 68b75278c706fe4a53e34e4fba1ed95e31c5a557773b53a4713132a271d9d2ec
525. 3518225d055a7846f3c31b86040138b4557d4648f5df5aaa5c8cffe715f813af
526. c7d9646dce486e400bb9b80ec9ead62262d5e7f3ff5144e02e9ce4aa506c0c70
527. 5a21aa7c2aad44d5b59afbabf776bc41c1d5d1b2e23390e4850a93b203cf9999
528. 14e9ee32447b55e640bfcc02e81b6c7b659d6867aa260355c37be23a27b09f78
529. 004bd9f5c66dc6535fb2aaf24c92bc704afd181cad0c22a6ed7de5d3509c8ba1
530. 193a70a717e27a55b972a49ed94c3fc1a6e5f5a0d666d5660973c1b28d61f93e
531. a62670d531bcd5a8c985b3feea6d8ad6c3dd8b4047490f380c380165ea27c6f0
532. a200883d7a662618ac0a3b40104b9d5b291d289af0e0ec7dfc3979d824abd136
533. 0650c3f665741cfc6a969f88f67ef659d87c7f6388bc8808a7af13216b81a9d6
534. 79f22598de1ee98aef264c46e50f98187cbf3c1aa245b750b74f125b080c049c
535. 832a02c63692894ab6bc6cc9798bfab476684de1201699152a7b9344d0843387
536. a0d4918a0cfdefe8a8d55d5425f7ac2bdaa21b49d1874d451f09806cc60739ed
537. 884f4ec6d085144cb4dd8fa221aca74c1092c7cf8ce3654e7e88cf40378b2dba
538. f7b9c08f99966a05f6d1208a359567fafd2fa04e070adeaa1692eb064679fad5
539. b42bd80f33dad0e3acf7c0e8f35b1abf3d9300ca59bd5e5cfa606c6cf4d8a5a0
540. f5d8d90ab7ed65d087f710130e58045ce687028b0d805cf93bb0fcafb698242b
541. 222b90a313157b4a12e471392476f6897e96e192c8832877b9235062d2e908f6
542. 4c7260772ab4918f0eeaff3689aed9f4a2a7a9f4b053e4234f130fd7b5164f13
543. b7ba62572622f4ca5335941c645e02e95e240aa9fe716bb82b4eaa29a403d33f
544. 460a820e20d28297c8b172542f290ca8b8cb3ec4e4ffe67177ef564391ad309d
545. 11197b300e6661d05b3d8722bd7f98c1bf0ce0b451c53aac87fa75f2d9a3266e
546. 179acf9f308c660f461786f69416c3c21a3e2f1e76da24995d8b2383d14dbfe3
547. ea9a5bf56a4a1e154a4a692a4e25aa08385a380cdd2a273d6d2b1d19e54afca8
548. faa0ebac3e2dc5e94d490d5489a09ae3eec2ceb497a14662057d4df9d108758a
549. 8ddb9a278d40620ade36d579315f6d13af739878d2afaa2d6181af18d45cee53
550. 398b1c8839ed7a67fd0b6ec11e14d9e9075aed1ef4cf6ce5b366a37f26edd141
551. eb0b26ea4f77b53815dc7df101f40c2c4437c6e4c0d865d1fe014ba7fd4698f8
552. 5e09d19a2b245d86c7f9c15b3a721430157b4d86fd03fb49a8a1410b48e90bc9
553. 84971301adc42ad3e32088115a729e7b5db3889d2de6ce3b446fd0c72a602694
554. 13cdacb504e04aa21d73a2d47da00a81a13119fd24a646b79d18ce05af47b39b
555. 9079ad5b006647ff89970689bbd29367d8fa16a6a242829b42b88d88bfb78456
556. ef27683087cbd15341287669fdc7b8d347dc4967bcfe7406752cff961eb9ffb7
557. 8c39e7ea012132119c81a1f89f27e08328cf74183884bd56ff2110ab1c7c8a80
558. 872d10b3d7406abb3781a6ca2e92027a8afe0bc9273a385e48780006b0d1685a
559. 0eeb3dda72d0cf6d7f0d43aed4fb337a2e27059eefb43c7934beec7f20b99fe5
560. 87b11ffe916fabb5449fa46fa2560f432881d7574991b741e9844059087ed521
561. 6e2004b2608e078d8c5bea3e929a2261d0fe5fb5484475eb543a6ca085b64bc1
562. bc51790571e8ddfef06fe693d9050402eaaaae12d15ca005ef2775b73408fc0e
563. 42aa836589aa1e3f0a6a0ea27f634970373bc5020171b8db733a9b4953f35766
564. e9de3800713639eb88dee2548b72ffed652532920d5bb187bea068cb621cce43
565. 083341d57f8a4c94fd97f367845a5f214192ccb9e1ae1fd8b333f5c537ba77ad
566. 7611cb282ca8ec527dc1bf210b35ccee871a8e4c3728bab423762698b0eaa16a
567. 83c35e34d3884cfcd290f2e9815ade880681b71fdda54a94087a0c44ed1c7a5b
568. ad41789b5c0aec6778f8eb0bf3632d756bb02a43b88779d935cc164ae2e54f4d
569. 23ba0a1fcd1d0e41268bf48c0791cb882ba456185784658f2381ae91db89d1b8
570. 88714578fbce5ab5765a9c92dd446cfaa5cb30059c2242255d6fcd336cfa2df3
571. 742d051f809b882ca73390fca6da0e94b62928264e57b7088dfe11863532e3ea
572. acc5cfcc0f54026f8bea1dbc5239312224385d1dc374590cb8ea594ff52eb28b
573. f9c5edb1a7c4a98f2652031573d585b81f55f7ccb53293523fb1ec6c5c2808ec
574. a30e5e8d2e6c26983e6bb027cd0fd075c5f46e14c0c746cd69fccc3b597ff265
575. 3af201fae07eb8af53360541fbac0952f68383f52f10a655106ac50437f2b555
576. 14d675e3543e18f0733fa4ff8167fca3a67a35a5aa4a8322dc14db49d1fa2474
577. a08e0ef524653873a56c802aac64c5b4e91fbf9ede4334c9b211a925b2dd40c9
578. 9d878bbb950258aa1389f0a82d49fabca582c94af2978e3d6d9686e6164c19f5
579. 5f994907e35f34fcf2749dd54a597ce4749ca4708e502cff6b921579ede4c8d4
580. 2ee035914e459600c7b6c3b965c373c23f02f42430c9ccb79c0eee806c0792bf
581. 9d337b82a4187f873a86764f7b00c2a816a0a8448596b012446edbca6b974995
582. f8d512e442d70b0fe3888c56c6c5c72e831a9f890973f4031b1c833cd2d6b456
583. b46094f1d620e9792796b7ddedca78a98784acb16faf6a379ec6765386edb7bb
584. 040feb94bd68f462ec0c99e4cdb3d3fb027fa368282a7a7439de6dcbd57dd65a
585. dd525a8e1dabb662c1d18d580eb925e6574c20b7a4fee8e0df025fad45404677
586. 4ec0dfba597acc06deef07e24d2495e0f74710efe4ac5527500ae583c1d21fd8
587. 2a937e923f744c29d204e568d617c87f13a177da0becddda6222e9d03aea3ea2
588. d8b23747f90c7dd861e15a7bf2598e63b06b2580a93af4bc882df84890e88323
589. d78ec89302b2b34e2853560b1523391d3f10c9e23698ab6ff7dc3dd19491a3bd
590. 44b6cd427cef9895d5539e56d7a063f260501c35ad592f5d40f153297a1a6561
591. b58d697cb2aecbcdd4b4ca5163b086bdb6e6064447a4b4538aebe804bf54622c
592. 3f065d41aff7ff4c2519c875441ca209ccecc14364636c38e76f4e72552bfe84
593. 53d4f3d9bc083b04f180c98cbf480e03d4bace7009dc796ede526031f2a8a36c
594. c2b2b20efd476050dec990fda717f894dd754241c79a3b5a5fc7e3ca147a6209
595. 34d1f91c9cb874590b7ea3595d5e6b9de9f48c8f37ecc095b1550e406c0aa68a
596. 78e7b9ae542449203ea018f4f39ed638916f0cb20ef17e55656f742529b2fe96
597. e3ff7d92fe4c40bbdd90cd3a82d12c5a1135bcf6516bbb45d92bcd763c46fe2c
598. eab5c4f695b93c4b92a43f1425df98ec74e587af7ef0c1899293e73247b9b1bb
599. 331abc0cfdc3e057323dabf4d07405cde8697631f6a9244716d6818ab34314ba
600. 1e836b0b0d83dc2b5e7f3f59324846c110f9070b4d39260f39f12eb660a617cf
601. 21bf13015d22764c6533d1f93db824df23f6e594815c969bac8b3cc40d41a948
602. b7c92fa1d3d23a9708a69987b8ad4f017fd1f09e14447684c5883a402819b3a2
603. e2695bfa69157365f2892bd7a5f5027f87cce976a3a905b3af31fb3e38ade821
604. c4ceb4424ce0c182e15ccfe6fbffdcc9cc87dd934d6a6aaf3c0ad097aecf2217
605. b7131569a420c3048ff42853319a2ba637aaa1358f56cf770dea274f77e33d80
606. 7120cca2c0ef8983b5ee8411b448bafb91555de35b9b79d2ac1adc86ea17e498
607. 9c7fd84595817be41c1e0c8d147dcb8e351e84f16bc5147eee08e67e39039c2c
608. 8d1decb61e1a12ccd98aab732cdf92349c90e166c1d56d5f8fff9809937bfc8e
609. fd1a9f17d5e120c73965b5181b0fff9f46fd3f9c10f3f504b3b6002958e46186
610. 6c8f7686163c87e988311b922a46e24d06a2d7219e003d1c269f97cf71ec89c3
611. d5a9fc97059615b9718a7aaa6a4501a0c40710626c138606f429a86a2cac22d5
612.  
613.  
614. ```
615. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
616. ```
617.  
618. Creation Time 2019:05:31 20:06:00 (Attachment only, DOC Based - ENG - 365 Blue Box)
619. SHA256:
620. ad91976a45439afcba6ea4ae69f661f30b7aa4b22adef4156c0c393fd3312156
621. 05383088d0d46a5b5f4de852703601a6c39f04844ab63a1850197fcb011f3c81
622. 55e9b62f449c8011858512809d7bbb7b6a72da1cb714e3a164170196d9ac80c7
623.  
624. http://agavea.com.br/font/tMfyxzMEnQ/
625. http://news-week.ru/2018/wvq6nzd_kywgcjzgi-273/
626. http://ab.fitzio.com/cgi-bin/opiFtEAsf/
627. http://palmbeachresortcebu.com/wp-content/uploads/t9smfqj3_blm4xo-69526194/
628. http://thingsmadeforyouapps.com/wp-admin/VpVOXxek/
629.  
630.  
631. Creation Time 2019:05:31 17:49:00 (DOC Based - ENG - 365 Blue Box)
632. SHA256:
633. ef62880b29c9e9403633bfe2c0572d75e5d9ee3fa4fb698697dceb9efc99ec3d
634. a0cf5668dd8024830f2e8a42fad7a4aec167924d446ff09ece4de0d3b897f30f
635. 2174ed1cd845d021acd4e9c321d44a79a64b6c5c3a89c44921971d35e097f337
636. 028989e79aeb86c5bfb98dc372b62f1807c33ae68ee1d245679759ac681c9162
637. 570a32b3a97f12b17246e9940817c9c72ee63ac383f6983e342e09f79debb17e
638. 7c4cc9d295547a0cef91a556f42d21a5e87964fb2272c8a33fca00016e71ec4c
639. bf032ea596d973c8333c4a7d4e7338cdb4276e3d2e8ae5046b8bfbac20941c92
640. a389d68fbf4adbcc66623c13e90b243c9793e9392be363ad8d01e427081f4115
641. 51b855cbe57d74b049f542899bba538e6a47f83b9d6e15e8e5f38cc758664f8b
642. be08e4e434bf6ffb686cc050d2d014fbc47fdfa0ba3abbd8f33b0aa11ab2d23d
643. 6e31d8c8d072aeb786776f55f1ded9bb5ea37474ae9cda67cc5a4918e43ffb3b
644. 545a4700f14d2cfd7f03499246dbb2738f5555f92ed45538f5301622f220c985
645. f5f4295f963a3f3ac6e0dc5f1b965821609ca045e1ee63c8687225310155887b
646. 0c6cca573e8ba204c26e7246807b2cad50148a1c39bf6cfdc61f857dda9cd4fe
647. f787bedcfbb4d4f2ac2507770741ea1ac63ea94e2ea432d464e3bbd23465798a
648. e5cd9fb3599e112d7f690ec64cc87eaca100d75fc46123812fb4a690ad71be55
649. 2dab4c09dcc8249492cdfd8bedbd328f8217cfd9f975b517aef81524b51cf10e
650. 951bffefb7da7816e85dc85af65b4fa93d3cb228c33fea6fd51fbabae733112f
651. 7f578e2f3e64e54a274202b301e3ca4070a1f4b5e869dab8065dd7d60864f0e4
652. 84a66f8e7292ede26e286442de89b8a1fed1521c29552f9b8b1bc17da0d26e5f
653. 015d2e25bab599d1a78b8d7f021f29d07fd98d092a4d8558171c21b2ff2d5cf1
654. 56f2ff9239fbbee911efbca25a58af0737470f3328bca00aafa409027d2cf87c
655. 1d2f153ce3f40ed992aa26147ff317743de3384a530f4b9d6c1fecd74acf7b82
656. 1c2f25113cf027732770e9f16c727da8ed92c9503034e0c7642bf26d939a8c84
657. 78f1f6d72541c029a695ff06e0b00368d8c2e76e40a24f220ae805149d55daeb
658. bffe54938b6af06cb9d5792d99ed694370b373ca0aba791a5ba9b1028fbfbc92
659. 6db3364c302d5c19db16a08c2bc81b3d4c2950d667272c12dcbd6827654aeabf
660. d777840280b22871584a1f1a9fb73dac5b7b335ed3089c35c638e0ad6984eb5b
661. 11870a8a506caeaea612f915e9f28d865ffc5cd8ebe791584e00584b0a9016ea
662. 49682d6275f2860d0b97b984d63ccecf1268c44ab9a147ddf95662472cd9a538
663. 71bfba9498217d205555c3c7f0896f3930029f0ebc78a09e0ceb48cbbe8b2899
664. 6b463f47a75d8cd145a110eb5099ae2942d3f9a2374845cd37251ad8b11d1ef0
665. f8e39ecf6d736e3e321da3e786e095c108564c0ada8a0916f70e04bc642e60d5
666. 37536de72bbacb0c928f4bdeb56d7278578198a1e11ed6fab35106ed0307a3bf
667. 5ca82f7ef96eeceb4f5261b44fe0ebbdd57e4f599c4a22ddfb9bed688b321c3c
668. c34b23605de1ddc73e16b1ebed1aae5679564d931092e68914a27c2f0d6368db
669. 625f2ec3f9c827fd166ff8442aae091ef899a4282e8b1102eadc87bb2baa9096
670. f2c59cc9eaffd0c7050123d864febc3e5380b439d1041aaeb45b04ae7c6e6bba
671. 3d4f95c5936513f7f3ce2fb41bf546b26b4cfc06dc525fe8e3c637d3e128793d
672. 99c2414e4cad9af316a182fbfb3a7dc910d3b238120a127030ffbd9e0abac894
673. 88d4d676cd1e83a10386e1f730bf011e7c81e909de77883033d5727f22eef9e3
674. f61a7749ba4a209db07cd10c799a6563aac71bcdc4535f1d6777cc685b6e1d6d
675. e1e0d91e131669f5c88bd9a851b270f11c8eb364f13253c1adc7c965db858dca
676. 779c02f8abcccc5dea6c4456fe0fdf519f7abcc36f2c9ff6d1e1ef934741142c
677. 7894381b0ab455b3f831f689607a32a015b1a244cb633a040c887eb3976258b8
678. 581ee0c680366cab8a51a73d4f4cbab601aa247791e43cdbceebeefb4ef48f9e
679. 610bfa80edea23afca954c3e1eb6b3c05e211fa1c09af7288651f16b24d35beb
680. 5cead002b018b6aeff8ce1b1e1b37e241325aaa29ee9b2086bf315dc29fde2d7
681. 14e39469bea5e529217ebf13911d4c03eeba3657b224d187be857903cd4a6018
682. 995b28abfc1f4ecb8a0ba990334fcba0709ad10b550b2aad9000a4bcef8acc90
683.  
684. http://sastodharan.com/wp-admin/IWYPXKtgEa/
685. https://www.nesagaviria.com/cloud/wp8k5p_xoqog-4543006057/
686. http://healthshiny.com/wp-admin/ecCESGKTbF/
687. http://www.averefiducia.com/wp-content/plugins/si-captcha-for-wordpress/gckzzkAsO/
688. https://joymakers.joyventures.com/wp-content/uBhQpaMuh/
689.  
690.  
691. Creation Time 2019:05:31 15:27:00 (DOC Based - ENG - 365 Blue Box)
692. SHA256:
693. c6ed73465234c76a11a825784382a92c0982706155d5047297d3d89f957751e7
694. d9514b4f75ab539d1ca84ff57a6795c47df2a145ef78dfee482497f28a7653a7
695. aa42a5f10fc08dd7b5e163a4e84cdf5e7f8315f53b3cbd258003e4cda1859a56
696. 04c699bef7ae513b70d5949cf0800737cc70feb748c9a22de9d385790c07d86e
697. edf358c80943c0c2f96b4091362de54118ab381a0c0002676e93c16c52f7331e
698. 51f34a6b429099b3719ab20ae9ba0578780c21fc2708a196c4da8db637c0ee09
699. a53484da9e213b8f9a1506bc4356647f57082f7eddc755737785e30ba2b09eac
700. 986652393c298d31d83a2822e5b396602f156a65f461bc36edb04ff1447cea07
701. f817c10ca6e8592457266f3f56840dd3971c2e42cc258907d0e2e545c618e2bc
702. 8f4852fa2c68ac025463fc858447d51fdcb2d4d7bc4d1ea7987563baf0ca3feb
703. cc331c73e99edfadedb48408fe1d7135bb2be8c2693dfb19937959cfee37ff50
704. cf969f64a527e792ee485982092d2910b41833440f7d2225bf357946046f0ab7
705. 77f19692eb1ebe124a13fd5a3fe32723c7391ce04d65209bf74c2566f41cdde8
706. 2cb9621b46ff7d4f115a0e8ed5e6e5e8c1e8c5524721d603363ab85630b729b4
707. e5009799562414d49629a271b53611e9e72d6886a79f293f417d75822de62318
708. 52d5389fdde27cf7f7b9f4bbde32f90da13e383b4f11c9e82961d36f45d503ca
709. 0b609aad113f8a2764855434f59b78602e012b81d7e7c97807f154116e278272
710. a66b5982e41c8e78c0a807d5c1e7ecf9d554b941fad99bb856564e4ddbb5d295
711. 003b9130a3631b38d8bf7eed6c2c9f12bb73de439faf75ad3e2098157427f003
712. 0cf0654cb6fb80e2c39a28dea61555e1bb0f9bb00ce96ebdb4e7ccfbcb98d585
713. a45823ba084d0d78d09d4326a97572fb65035c88e1db0c5ee841f2843c28d7f2
714. 3cf5fbc56bcdbd3c2937086dd0ecdf8bb348f9ea5f4efc83af51dbf312f4e61c
715. 6a32e95f42d02af5eb94739c1e17710bb7f6ffa890efce01e12cbb50e201a906
716. 132b80a7e447dfd6893270baa35d4a97fdccf1bf7306fe94f81233d1ea15bc9b
717. 4b0350237b05159977f75ccb1d5d68ea27a87ef616ccf6cdc5dbff4c6b0b2afd
718. b1a76d5bd22e884a6992fed64848e840fe9603c35473ca3ba16a7ba71a2336a4
719. 80687088e2503ba09dd01d1a1991d139b04aeca7e6283058ec1581f6179e91e6
720. 555318c9231d5c82b3b2beebf5b96b6a1fb70139dd0c83cb6feebeb6897a5780
721.  
722. https://www.wholesale-towels.com/caapa/2skq2c8brl_ujstqor-9423/
723. https://sehatmadu.com/wp-admin/sMsnqVEHO/
724. http://wayuansudamai.com/wp-includes/tUhChhCpcN/
725. http://vnilla.com/cgi-bin/xdmlv_90ij5qu1-86492/
726. http://vcontenidos.com/wp-admin/nzxnfyy9_x7u5tyux4w-71288/
727.  
728.  
729. Creation Time 2019:05:31 05:41:00 (DOC Based - ENG - 365 Blue Box)
730. SHA256:
731. 00232fb3d2b94981e6b799420b8cf5010a078f370ef34d9bfa0476a6426bca39
732. e50892cdd3dbdff6f0516653e9f59ac44bb20a0f739a95b6e25d89cb7a2e196f
733. 95d5c4512270ac23eb41b80ce38a483ad43789e2d97dcc56a3203bb35d8b918f
734. 5b97d3f3145396af761488ca2c6bcbed083f06c4eb31fa134fc98369b06e2d65
735. 7e8dd2fa267e6b9a56a7ae76e223e438d952c15f34fcc840616668bc6c34358c
736. cd412798d1561af5a47500266e689300f5244cd7b902de59a23d68c069f813e5
737. ddadb2f773ae49461a8362391765b6493f6b89af216233cff2c019bb854f7048
738. 0fe44371b32db6220ba978a31969d1a72cbb7cfa8cc6901599d5207d31256457
739. 2742424afed9491f159edd49169c32dfc2b2f5c2a540bf83c58cc882929f2b3e
740. 761bdb8020c2aba616c10b0f578eb14ba3f4ea22af43f3eb9539709890c91f59
741. 40b6d582fda29442428ce238941696182818870199fc1525c9f13edd893e357f
742. c438665a42f5535f079f5cc9dd504fc0b0b3ee0388608daec1e9c118edb8da7b
743. e2094c0f0b7d10ed377b2e252d040469a94047f72c4fa87803f5366c99ff1324
744. a403448d2784ea612ed1b73165aed6f653b51152308b0dd24e19a5ffe0d93d22
745. 1b0706d58f8898bc52d1600f51dc52002764532a37b7330ab5d1bd9fd46277bc
746. f7f6240df6b60b564c24ad993b9cdb8f9e5112aca21b5e2db46b2b305b6ad4b5
747. 8e2c8cfb11035d6ba9d0e8ddf02d1acfaf0dff72080892eb51ca7f199d30dc02
748. ecb369f99bc5d7602d6d7a507d3bf18d60c5ccf52bb736f6938d27e01d81d013
749. e614438007d85a9358c1e54583e2ba6f54ae79cdbdda2bec8d2465450af1a5bc
750. 2da6ea9395aa180ac22e861d8e598af9917cfc4ac60c60dacae5c5f8b6753ad8
751. d06b45688730cd78db285800ca239943dee7a908feea309504c4b46ed987eeff
752. ad20956b5f9639b1ec95cd3c06cb2d5727f9bc6e8079e411d2513b6b5cf671ca
753. 0fd9cb8039b08e5ede24990d0789b476a5d9cc5d083ebc4b46e12f2c433bff6a
754. c232c51bd00e139e9eab1942d2003b7a98f5afc91293f5d1de978ac57cc6d2cb
755. a5b60cc318356691f8f19a2bae9db0b8e02c00d06b88dff7e025bfd3b3de0982
756. 58c47c1e48d2560fe96dc03eeaec4ef61cc4b057eabc323ff140d505ec9b2358
757. ff175ca9585e9c28f6b50f028bfb124e532ba9649509a0bd9e87239269b8c362
758.  
759. http://velvetrockapps.com/Resources/padxBXQhAv/
760. http://vkpo.net/kemly.net/ytDEfcBx/
761. http://walden-gmbh.com/8w688vvd5m_rxhim3-12356/
762. http://wegeler.net/3nzy4uf_8pa5z-84170/
763. http://wickysplace.com/m4zoumqxd_ji3l91kh-3/
764.  
765.  
766. Creation Time 2019:05:30 18:53:00 (Attachment only, DOC Based - ENG - 365 Blue Box)
767. SHA256:
768. 8059ec35634b011f49c11f6c4ce1f376f2d2fa08912112a7ec788779ba8a9e99
769. 1f0e44a300cb6add0f9f2bde3eb8fba6e39bed8583f5191682c3330e41de4ccf
770.  
771. http://wuelser.com/dbox/PSOuBvoDMw/
772. https://bawarchiindian.com/wp-includes/s2dc2rxd_bmj5wrb3-834/
773. http://hallmark-trades.com/wp-content/8t97ikmg_8r7hq2l-128/
774. http://haydaroglugumus.com/permalinkl/bsptq_ab64t3dt9-3867/
775. http://falconna.com/psychosocial/2lhrcm_o57hq3xvh-3668500/
776.  
777.  
778. Creation Time 2019:05:30 15:31:00 (DOC Based - ENG - 365 Blue Box)
779. SHA256:
780. 7ca8ac19b7b75c973d4ffec5d003761a83379fcc3aa14882d9b4150b58081462
781. b8ffba5933a7f1ab10640674515407df874291c9b965091706b22960b3dadaae
782. 96e2d1631b87443d845db9feb1cf3afe3bfa55759427a709cc4889a20c4dfb29
783. 3b0a0fa5074ab28f2222e32f5a96724b10308a7184b6913aab5f7ed16a2a16e1
784. 2b2ca9cfa5e7efb20e6ec52b7e5effbb02ac817544a2f77c69b13b1a46038506
785. fd069522510ea62adff60131da1c05ab3f96f3a55626d8e55366139d50604bb3
786. 065c4bd9f352f3dde47629101839b08d1264027623d68fda03005789cab0861c
787. 604e7437bdf0853595db1c977dd317397071a5836d0b61387a9b4d4374468837
788. 607699da9fbd76f33ae53a87470723b652748cdbbe9918fcf171c65ecf89b9d8
789. f52acd43a2c6c736a7a136cc26d66b7e7bfd3a0e3ecb1e2a53979f7b6cfb9ec5
790. 38950a41bb0d5c61efcd0dab8ffae15d49454a792dd55507eb3fd2cc1d1a2a3e
791. 29eb2b33a3946a4eab375465b5a171c702dd3036b53c734637f5f0c705762739
792. efdfd992f8ac5236d4febc110e256a920d2675448a1a92a963ae12b7b3025cf5
793. e5c0ca01873e772086f2d22d26dbfde9c6eab6b9f62c9f35e9462e6a4bdfb2ce
794. 227630e9d008468991642c6ef2c19087123fbb58d094bed05c727c92cb5dad61
795. 841ea7eed1c264c08b46b6feed248dbe7bc255773c0b06a9bf565a43ff54e808
796. 2ef289a807a7784bf36992ada97f1772e4ee20ee0b0d8cf0c859a29163a03141
797. 42c5135752881853ee5da7c483254903ba5a04754e5b343b5d71cf2987b76d07
798. 342372f6c31dd53c248d5688172405ee85fc7015ee136c7672752dd29ebde64e
799. 9fffd9f534100b5348a4ff4ddf6b4da08e29b57344393753149036f7255db790
800.  
801. https://everythingtobetrendy.com/wp-content/mqbFvBGlJW/
802. http://sankaraca.com/wp-admin/aVBdZeOGj/
803. http://www.palazzobentivoglio.org/softaculous/ZLXVNXrCC/
804. http://aiostory.com/wp-admin/gxNAbyQwxr/
805. https://antivirusassists.com/wp-admin/nKsXsNLff/
806.  
807.  
808. ```
809. #### SHA256s for Epoch 2 Payload EXEs seen on 05/31/19 ####
810. ```
811. 1f4259e2b808cd00fc825f0e39a2b22ff4aea6caa5175f1e4567dba0bf296dca
812. c52c284df421df0983d7c446835a4975f334810ab2e4a4ea03ec2ae32a7a69ac
813. 96db9b2251e7b2ae461a49839fcd0cacb7cab6dfa05894bcf6830b91f2564074
814. cf8590e6b8aba19a7ce652bbe6a637c663f4e48665b7f889e897692ac0a47b52
815. f57a92df3641ea770ffd0c8595bf48074350bf83a062fd6986569a77c66cacec
816. ca6b51e5eb19b7bf944bab66471424980eb99a8fd245b50175a8f1b7472a1036
817. 99aae5868db397874b6b6ea465abab31b9b68ed2be798bb0ce6ba26dd7fa1fe2
818. fe84999bd591386e5ea8579bde1023e0aecaae530711e9eabac7dd37fd8935fd
819. 3fc0a7f66cab60821957ec9144c9274d5ccbfa69574b3954e10be3c593419807
820. 5ffe89f39ce332d5ced18623c40d604b340bc8be283ea6abc333763ff651c9c4
821. 9a53e22b3aa1fc229dbaa41e39ae8ba767094bac746de906b37306f86242c1a3
822. f5d49f6414bd71d4d0b06daaea66ce61606e062bc01bfbaf4168eae2baf6099a
823. e47efcfa2dbdee36e1ecf58e08cb5648088c7716a2caef198e755dcd42602bb8
824. 0af3ddb20721508195001f65b18e44f7fc47919a7a533d6ace26b6792195157f
825. fea8815c7fab2c24d6f7f07e281270394d14849fe6d043c8ee154ef89ad5ffc4
826. c9834d76d7846425116d5e9c3d7802e4937b42ef12317d9f269dab3d9570b23e
827. 0461721df37c8d27491e1ce9708000ce18823a38222ae99102f448eea63d4f13
828. dc725ebcd3e61f3f8bc6722e507ce0852a2221283eef0bf818007f292ee4d61d
829. be31271a5c74d576dd42c58a05361614169c538c065e4894704cc4ef71315259
830. 57f61d34c3c5425a1fd59efa9749ecb8a968f4a96563fb53120729404c180f9b
831. f009825e48a63656f31d05bcfb18c7e6e262fbe51500ea900bdd8546efd51682
832. 1a6ba674b15fe3fc4c0b2740ae0087aab85570ae2b13b3f0c6e5220977259e85
833. 6562dfd570f10bb0274120e7075118eb6e15602678193b55bc89120990f1403a
834. d22cd6a219464a90cfd2cebbaa94727c8efa73d936b680501c4495a900069d21
835. 80122891d866d64ad40dcccf3ec2b6607d6ca01e860c4ae0b85633ea6d6c2931
836. c82c0ee05026242ce254f01400399f89f69c32e7c84d6ccf85c2cfe6338a4ae6
837. 5dcc82796184fcee4a68799cb023640a65270b512025d69212e48e5b84e31aff
838. c2f69d9cd4edbcad931478150e71af4ed50b613fa31f6cf4202b0a91e36240ce
839. a96020bac21542e2b8a6ad02a64b669d31104f520383dd7ea758b770496c4400
840. cf6edb61ad27abfb92a79e4ed28d35c00ce282b6867573c6bf66af67b164037b
841. ca7ce52836b84c4bf3042c222ee2fc739868e89793a75b68a3f6ecf4f995e528
842. 8748255ab7916bcc90c7abc528a291765c907a3b23193c1b7286a75119a9a978
843. c41b133f2e14ff6e58625715ab379f450018a99ac21b9460eaafd6adf7ca451d
844. 5a6aeb6c3ec38e7d2355d19d4a4f235e703da7d9d8bfdb07a2e36f2265637290
845. 07ac480ac48bc84356f84064011254023400e39af622d78bf460baee2f3f0942
846. 18ebb9c50b26822d61fc6252c759e432fbbe6c58ac7f8c516dd6d34e501d9a89
847. c7ec19d564f88e5d509110c84fa74dd270705a4b34c415486debd668ceab6d34
848. 0a8fac51df92f3c72fccb1c915e9868f38abc23b0935a94cc6f3c9cfbbcacf50
849. ff8db953ded3a4cf948f2d34f9ae91fc176b0bcc28248ea53265de30340191b6
850. 429b72030165cfccae1400913bf03a234338f32251ec6ffb45f6d205e849a8a5
851. 32f2e3c9ccf5050b145818d95902603f727c5a0c3e1285b337a69d81b02a2259
852. 938d92627c12ec0b308ab3a94f502c182c653ad393ab1c520ee21bd7a8d9a357
853. f2fec66b3b64e152b9499a6ebb759735af138da97dbc30af9f040d9f142df4ce
854. 7588333cf1202aeedb766293b7840c32d1e8fc175fd76547f587b8b9860d0060
855. 598bfd14cd1bad3932071a68d37fc183f077cf1ce1c9edd2205aaa41f65b8f4d
856. 1a2ffc069d6d103f39b0556ff638a6470c9ec16f181de8e735f20b4f4eec3eb1
857. 71fcc8c916d46682d648aa3130b1256f38f71568c55aae25e453ab373af84f6c
858. 5b5acf9ddd9b5c40d5e7ae58b493efafca101d5ef321d25244afd73801fa07f6
859. 7b4678b04960a7bf39fdf758637519af1680f558a482aed762aeb79ccefed55a
860. 04dcc2586e4dc507adf74d53761b8f88b6a762b3721eb2df46e95da1b16c2efd
861. 1e40e8eeb11808f3000fa8ec93821a34712e5852187dbdfc63dd9e6e8aed3320
862. 6ea0c50aa7e9d000a6b750be457efe6824ea19acf5aa2938e18234156a199571
863. 1beb09ff3b19dc5e10ba1915dbc1b83fff890deeafd49b95d97590058e56f362
864. e284883a8b944729987cc6b83d96c7cd19a886e71b3ff74086422f21ff47c887
865. 0ca27fc2b2dcf07369e17b587c2eefd1ce7cc6cf6b7c7e17ebcc1899ab79c5b4
866. faf196619e341bb8cccc91c7dbffdc2b1b095182a2a055a19e45d8aea7dc6fa1
867. 1ef370b47b61aa971f6d417efa054ac23156bce4bb9e83514d6c55eff23ebb28
868. d5b32fac9f25343f6c9f6cce2bc6c7c285a794377c8a8f0d7080e8cde98e61a7
869. 4f820e5cc4f1fbc47273befa6b1e3f5e6bc85e90749f0ba6ad2ba2c76f11d05b
870. a35172827d7f425d6bb8396153aafc69405bc31ea53c0472a1b40092462c8c09
871. 124168d9f6f7a367494da2c7a7c3c18982fb8f16d4419a386d488395b6c6e5bb
872. c1bd33466fcc7f8e974b83fc6ff3e80b2e838a435779363b31241ddc914c71e4
873. 50d0d2126c7d5723373d3b2ef3b5ad323c25e5b804f7ccf71fc832759ee6f5aa
874. 86073cf5f2072f1116f61ccc59e4a3c5e6ad764b5a482a9bdfebc545f048dde9
875. 1fc72c8ef1607d4b096c2c98517dc390868275d0f1a7a82cf07155897174d74e
876. 17cd84a5e5246dfbd4c94417ade88d4a58426b5926689d3135309191a181b059
877. 63389e284c76ea29cb4db915bc06816115e12ce6ed0117a3237edcbfe90baad4
878. 2006a7fafd151050a2ecbbe15180fb927d6e78d91fd8a34576e9bf534ced4e68
879. e297d87301ec0f178c1773b868a3626da7f058e3ec238d70bc034a9a3c13c765
880. 77f85b3090e55d976171c642e3ea48a0757e9b0e4ac0eb450b810e9e38d84c7a
881. 783f97cfaf64c7d0b9f70973b51f8a283373e20650e87027f589f992ce01e3b6
882. a4258eb0c5f6e753fc4c91a7b1d7730af7d2dc29eee94a1ff213d11c9c17796c
883. 8c3621bd13695b1426867fe5b2562aa92e3e31cc2f81d149b332718b32a86773
884. 4087b99a4d6e43d6dfeba495a7a3a2644854fc3296ed7f823074efeb506d8686
885. 2a6076fc8d5cbd48477320f392fc59177931f8846203757418b062bddfed6902
886. 6c05bb62d80ceb9351e335702044d4e53a4edd599b9df7295577bbcbd8adab73
887. eb37246f87d14722b0c70fa419022bec9b8682f6a3e95a1546fd1322b00e7829
888. 33e10b7a69414f0246cb500c5094c0afbc772706b330e1d661caf13298cda45e
889. 39fbcfccfe68cebb14f1476186e0c4221ee46cf2fd2f98eeb1849954595605ba
890. 21c9e7f8e09d1d6faec2268d39c8982ce52afc5aa7356cbcdd4651d42034c1ee
891. 25c86ce6f596edaedea10966766b973388b44b8a938fbb721a57ab8d30ce6519
892. 7ee05ad65bf1456b7e87c4befcce12411b27231a4a3a6e888f17369a164a1f4f
893. 7f3efdf2d06973bb9335352eeec20c179dce44653749e06b38c5b44e146cb57e
894. 84bc687156b1275c4fef56b1abb8ba4b791698173801289c2eaf1b4a652f5ebb
895. 87d17727f88d0bc9f5e35ee7aa3476170624bf9a2d44bac58428ff409b984fcd
896. d33377b63932575a5b181cd40de185032c169aa889b92f4c16b7ab9657085951
897. 0f1cb997ff7e0efd308d6d16f1a9eeb9a885a2af9cbcdc33d7d94fc608c74924
898. 2270a51988c47556b6bf8b1dbec9b71e96ee69cff27c8fbc7a193386b9536f92
899. 56db67f3c3866e40392ed0161b2244cd8a56f89d1a2a39f49413acf149555ae2
900. 2b065202a1d9a2b5d733962a5a0101463406dd8c0db625094b6077df63fad365
901. 07d1bccbfce5fd8ebed9c193d9ad0efcec1e660cc1b3b24b7ab445eb3ee63257
902. e3671db2e9a5cfb907853653cdeae6dc2efd21c367edaedceb110825c7905a65
903. 6ac8961390a8bbf79ae8274c38c50d06349c024f7dcafa8374269b04b9b69bac
904. 846de9b3ba2858ecde3c7a890c1610d38f5ca4d225d86734246b956f273b3247
905. 2e823e19c0eeb515caf02a903e2b9507a227f8866652c2516fd345ada8ed11ce
906. cc0f10966a0993c49254fa79810ddf2a04ac4d0ba44055a567f4142bc0319735
907. ca09b957de0c1e373312e9fa1b1cc2360329bc7744f286d02ea33533270abc53
908. 0ddd8dae80dc1da408466d6534322201fd0f0c2bc134fa57e75a492b6d412deb
909. 51992faf6a2da6e340b65ee42b2a33ccc77306331152b6c5a7516bcde129c8dd
910. 837b994c1c16a3a7b71a4641bae8531f3f145893d63434842af05d226e8aa1db
911. b5720e57b4cddffdcc08794173c091c1be2977bfc26e5fa89935288bc242c539
912. 09ada39324c7e15c87c68206b36a4aefeffaf83d1fd7ca330ba7812681f361af
913. 8750c98007c94c1e89b0799a84c47ee5c8d6cd7445256cefdf589d4a51419b05
914. 2e2c892e414e3cadfe07c12b53325303e0bae8ce9ba7100605bec4432479fedb
915. 23e9008238586501cafed02f5dca839acc13e1b6bae3e65074e62e2606f9af0d
916. 3cc81aea211668c65d4c53a4368cbfb050a5dd115f57f5fcfbec96f9e291349c
917. 95537b4c04f440bf0833f91cd5f6ea39d1f5da4ede668e80d07f962aaf71cb07
918. f971a3e8cf7ef49ebd3f6400817fc8978c2360f71123c16ccf3a46b9d03f156a
919. fd96c0136235e180cb5340069b31d0424a89622dbf4a319c21cf9f0688a7420d
920. 7d7af3ba277107a09d28cf05a6ef5921bd6f81c28b967f639f923b138584c8a4
921. f40e0d0cae2d2c49e7947d60ac4fd54f0f061f550f6b2302476bd5ceb3c12621
922. 831f9044abbfb39c41901ce3e51b0838af8f55ef562f7511ee345bd93fec0c91
923. 3aa21ecf0d173cc8e23a6deada7807e1d73dc39035d7d97bb16a0e6a5c0f4a3e
924. 9f80b5d6dc1a155418079737f3f93a38c1333bda1d9fc3044d101ce4f92526e0
925. d78cad45d95135d5f25c1421a7fa62d4b73be5af277648fc420db39569d448ea
926. 917961058fe00e6aa68f77b326813968e7f4fa3952b2c7fa7c4d3aa300123378
927. 1dd16370a4bec6a5286a437ad95567f64b063c0bd6a41b7957fb231cc7354bc6
928. 900f6f0e5f16771ebbd5c08ec025dc4026de94d245e66f0653319c09bed98813
929. 8b9d4bc9f8b026a0d5baa5332eeea13da9a29f06bce84992ccfd9b48d43895d0
930. c84498b0a45190db8495a361a1bedadd756bd11a14f29508bc4c1b702dc3b53d
931. a56ca8c87b8cf746cb8409c797c6ab44723656e0e1234a25edb724dc02b6e3ea
932. 45ac62437e41196611d50a720a4f3ab54e1237207b180834cab46ad26124cf29
933. 71cebb93047e945a66fd709fc1c585998a17a647a07f1090b441c25112e3de3f
934. 1eb175f12416be4f23aed6ce147d2982184e20361608707224a0be64455a7e06
935. d8433b324f9acfbbfd9df3bc83b883eb2487d9fae9bc98bf3521de11b63d84fe
936. 504a1660f77f698463c1a5ebfa8ce1ea2cd6bf5fce57a33ee74e2688c2bafd9a
937. 03434d43f8e9a3942ba7dda9d222b34a54b0fb47b713d33a981fab4b85bd4261
938. 062e0e417a84020aa889b540734fa425457773ade77baed850f35468cb87e22b
939. 49c1d4ec7754eed53a7b21340dbd25739e3c7c46ad84b0e7a46d863f4522301b
940. 4a2294d7f0da1fe7ba7d043430891ee3f405fb590ac9b2f8eee8ea15d18aec3c
941. d37453e050f16b3a052075884afdb82cae5d1d994495d4049f42385a5a813a47
942. 9b8662cf15c0ef4220d66ba6404855d92660a498f3ed52426ad1e6052ff32fd7
943. 89505e3fe64ca23db5e3017824d146817d02227a7480d94ae590fc0eacbe9deb
944. f72670d78b33bf714e5325e6580b7127f4be277325b97596dbd4a078c14c5c92
945. 426d40fa7f96527382e0a0d4eac63e01cd89f262853046371a9c2e43baf72838
946. 1466fd82ca947dc4c9275b6f3f7168ec6700404d86d2e8421258358ddf4536b2
947. 8832c50b16716228de0e0022b1dc5a72b6874fac0b5c5e1c5e0aab13c8ad6ecf
948. 887d1b93c6600d515bc090d63e1cd3705cf0015eb5c6afb234abb3e4cfa2b8a6
949. 9ccc19110df66ef4fb52664d56b04c9139e8caf2cbcfa1be7db3fd7fe4e1bc1a
950. 3bb9229b3c5138455ee40f759c48f1cf3c33c3977bb9fb54634488be48d068ae
951. 59bccbd8f0a9bd09cb01a96be42f1ae64203aafc416dc60fd049479ec433d55b
952. ca439cad340d4fc82a4df9168cbe53247ac3e3520d8caeed7c58ebbcb5f2eab9
953. bc951a20dbb283a5a9e101a2a51a7c34afbbbfddd26dd090c27d5b29fc35aec6
954. 5e4be1d0231ecc9edcb3eb4931a392cf153c311d7d3dfa51cfdfd14591554d4c
955. 4fd1a0c32f230f5f119636f8a3a7eb5dffb7d9efbee7563b302af483ef1c5adc
956. 836c46c99db3b8f80437a0ac5544e374b2dc0ea3117c04536f9cdee570188d4c
957. 247748e170e6e3dc4986696eb99c8ef1ed086f54cd2e31f3ac9c255fab7d3ee4
958. 3b3002e7ecfd02947bd780781196f43e083cf540d443787943cdca3c8673c272
959. 135b4ef9a0fea462f9c363f90af3598deb68e5bb7e99a166f01950393d98977b
960. b300db20c2bac707922c1dc956919d074f6b9aba4000301fa26b4e1cb1e1bcda
961. 134eb089575af9d72e8687986366f50d5fc89e314c511e295318d439387e3837
962. 75888d87ffd18664353ec8dcfdfd1b7e0009e454cb30b372fd93e8dd1281829a
963. 888ae4de04160d683e8467627f30f63830f8460ca7c5c1bdf4c6c4559e63ad08
964. 496bf050b37e97b817df300f599cec93086522dbd76e5189ba67d78e6acb6cae
965. 1f21d1476f3f275bca23e17714a9fb602af9054e213b5f68c02ebb1abdaefec3
966. 03b9ca41b285fe1d8df46669bb5a171550094fda52288785364be502c247d8b1
967. b4fbb7f26edd058db5c941d4467d70153ec8ca8d90e7f66f3f4907f1db1ad968
968. 8fd59df7927379aa3b0a0daa0d7e9eb30bc323997b9905c2cafc687ee5b54068
969. 38e4a9ee482586339e3563bfbfb699868b968b4389013150d4afbe7d5d95b91b
970. f0a488c10f3d607daa53e44995768fccefb3cbd8ae59e3fe1ae54b502731c5fc
971. 037d5055c8160ab6d5b04d577b5fd52293fd124bc0b668f9e8abacf6dbe55baa
972. 72155cdffca2e2e9265d88547e410e51921c014cd8d259eda30b9cff7de118c9
973. a136febbf4979d17aa6cd2d5304c20995ea1de97ea885ee2b7f762c9b101de49
974. 783b113080fa36887d57234d3421e365a54467baf4d15d3b655212e49b287fd8
975. 8681aba877728927c8aeac27b9fe8c1bc0df8d62296ddee31cdcf32b50e3ebb6
976. 62b8d2ac4bd2eff5caac87d4dc34246c90447595ba783063a10de1af77ae24f4
977. fdac3bc5c6d96b8beff3a5c19737d2aee7cc1e744f1697f34560ebe0c001a845
978. cb2a384c6b3b5db1fb6669161dc408dceebfccbad4cbecfd87f0f490ea23c7e6
979. e05501a56b8b0ebfd27706dc1e1a32f9edf273d8798612e2f66084e69792b139
980. 85c9b15366241b549b8d70d7ef7805fd7a91da1e6e8bfcb0b0460a93e5984e13
981. 4ad0ce4d112be8d4877973c694543c469959909088cfa8b7f9ff9959a02fe5b2
982. 507c5e64ab714d3e9578aba8329b5bce6cbddaced248c01483398adc0ee33196
983. 7e9e3840c6478c987128a81c3b0cd6348edaa80bd4f0d2c689d73577c4c57867
984. cc062022f5c8d46acedad41b0a1e400ef7a8128f9d823461ab5c008d6fcc9939
985. 3d667258ac6ff5afcd3d267a747fae7c393f1b52ca743ae60f713e8d08496865
986. 1ae24354c8151a3ffa0992b0fe2877c17ff69891a5e5115f9d3438ea5f96ba9c
987. 6cf8e05f737841d9f1445eed3ec8aafa9cfccb622df3b44b56feee585bc81c81
988. 95b213c899ffe2e3a7170e3fe12535f6351e059280c81b46b686f1e75f7ec359
989. 41f07e5814ea0ccbf9e82e16a17ead43b91ba65dee15854029be12a3f68010cb
990. b666ff5180facda1c5770aaaa432d95e89656f113f8b00aec5b77361c8f247d2
991. ee8eac341f77f9c0d52065c787245933e305a5c20de9097365665669a34d386a
992. 30e1491a67263b7ad11c591dd562bbb59a2fadcde50ab8a3c1671ac97a6eaef0
993. c0eec8d6561ca94d66ccde5670f7f431d11c5579ccba263a8c33941cefc9ee03
994. 493f760f379b285ef6cd4cfef7403c66b448a1f11547c425087da1c9519c935e
995. 4bfc940e5354b36df128e8eaa3b18cae76678b8f1038055a439be347fbce72a2
996. 959070d68674e8d20a58b63142c38f6d6c610c56adb9dc321c43b9d846446db6
997. a3f813097bed28a5d6ccada87e7e405c6aaba6d3d08c25499ef6eccb8653f90f
998. bff0e404f0249f2d4cbd0d602e7b30f5dbecdd5f67bc62577518f7664d215b59
999. 6bde5f26ddef0b3fc31b0aac925685a10ad784e1ba83b57a3efa07f674340054
1000. 75b33f293bba66b7813275e73ca537825f753891ba1331a753145aa10e2356fa
1001. 2dc759d207dd72d1f12d6459a83085a197244ce9e3b0b1919133e20a40134839
1002. 66f26cae7b756787017057ce9b4a8928b5da531bb7a524fbd61e3baeca03818a
1003. 7d9b4cd92ec5725dd84d041dd7f5c4090d7281a5db6c3e28065cf24ffccf2027
1004. 38dfb70396869478b8c6382cf0805b84c8dd41e6164de4af6ce61b9dcf2e4551
1005. 35c6039f9844d8a3bd110942e6b97a5f8a1d3f02eb400342ab225623d027ca6b
1006. 7862fa1ee66a6785a4771a8eb33d10304972959c57f3ae1119ebf7f77e9f0083
1007. 601ec61be1d0153d3d309b6d6f8179fb9f6295a73cd7ad36c7377f9e877a155d
1008. 7e2f7a61a5e46ca5adefbd3bcf38ba87ab0ad7864a989a030b7c8a587dfd4d21
1009. d181fb10ee31698da5692ae5b66a906c4acb1433265f437b3dc65da0a3fed2a6
1010. 17aded98451e7d3a074264fd4d6c12a6ee99d63658e4a709a6fdea9a08abb374
1011. 8379700a0e0c71839733230a9a8bcb80637607943d1244d4144070ceecde5183
1012. 1cb4b3a6b2b220b49589073132ffdc081db523f1500bcfded0450f2fa128b731
1013.  
1014.  
1015. ```
1016. #### Epoch 1 C2s ####
1017. ```
1018.  
1019. 103.201.150.209:80
1020. 104.236.151.95:7080
1021. 104.236.217.164:8080
1022. 105.224.171.102:80
1023. 109.104.79.48:8080
1024. 109.73.52.242:8080
1025. 110.93.196.197:80
1026. 111.67.12.221:8080
1027. 128.199.78.227:8080
1028. 134.196.209.126:443
1029. 138.68.106.4:7080
1030. 149.62.173.247:8080
1031. 152.168.228.112:443
1032. 154.120.228.126:143
1033. 159.203.204.126:8080
1034. 159.65.241.220:8080
1035. 162.217.250.243:7080
1036. 170.247.122.37:8080
1037. 176.31.200.136:8080
1038. 178.79.163.131:8080
1039. 179.40.105.76:80
1040. 181.134.105.191:80
1041. 181.141.87.122:80
1042. 181.15.177.100:443
1043. 181.15.180.140:80
1044. 181.15.243.22:80
1045. 181.16.127.226:443
1046. 181.171.118.19:80
1047. 181.198.67.178:20
1048. 181.228.60.191:80
1049. 181.28.144.64:80
1050. 181.29.101.13:80
1051. 181.36.42.205:443
1052. 181.39.134.122:80
1053. 181.48.174.242:80
1054. 185.129.93.140:80
1055. 185.86.148.222:8080
1056. 185.94.252.27:443
1057. 186.138.56.183:443
1058. 186.23.146.42:80
1059. 186.23.18.211:443
1060. 186.71.75.2:80
1061. 186.86.177.193:80
1062. 187.178.9.19:20
1063. 187.188.166.192:80
1064. 187.242.204.142:80
1065. 189.196.140.187:80
1066. 190.1.37.125:443
1067. 190.113.233.4:7080
1068. 190.117.206.153:443
1069. 190.13.211.174:21
1070. 190.143.151.86:465
1071. 190.147.12.71:443
1072. 190.186.221.50:80
1073. 190.193.131.141:443
1074. 190.230.60.129:80
1075. 190.246.166.217:80
1076. 190.97.10.198:80
1077. 191.97.116.232:443
1078. 196.6.112.70:443
1079. 199.250.133.87:80
1080. 200.107.105.16:465
1081. 200.28.131.215:443
1082. 200.32.61.210:8080
1083. 200.57.102.71:8443
1084. 200.58.171.51:80
1085. 200.72.149.90:443
1086. 200.80.198.34:80
1087. 201.212.24.6:443
1088. 201.213.122.86:80
1089. 201.219.183.243:443
1090. 201.251.229.37:80
1091. 203.25.159.3:8080
1092. 205.186.154.130:80
1093. 213.120.104.180:50000
1094. 216.98.148.136:4143
1095. 217.113.27.158:443
1096. 217.199.175.216:8080
1097. 217.92.171.167:53
1098. 218.161.88.253:8080
1099. 219.74.237.49:443
1100. 23.254.203.51:8080
1101. 23.92.22.225:7080
1102. 31.179.135.186:80
1103. 37.59.1.74:8080
1104. 43.229.62.186:8080
1105. 45.32.158.232:7080
1106. 45.73.124.235:8080
1107. 46.101.123.139:8080
1108. 46.21.105.59:8080
1109. 46.249.204.99:8080
1110. 46.29.183.211:8080
1111. 46.32.228.206:8080
1112. 5.153.252.228:8080
1113. 5.79.119.1:8080
1114. 62.192.227.125:80
1115. 62.75.143.100:7080
1116. 66.209.69.165:443
1117. 69.163.33.82:8080
1118. 70.32.84.74:8080
1119. 71.244.60.231:8080
1120. 72.47.248.48:8080
1121. 79.143.182.254:8080
1122. 80.0.106.83:80
1123. 80.85.87.122:8080
1124. 81.143.213.156:7080
1125. 81.183.213.36:80
1126. 81.213.215.216:50000
1127. 85.132.96.242:80
1128. 86.1.139.205:80
1129. 86.42.166.147:80
1130. 86.6.188.121:80
1131. 87.246.58.59:80
1132. 89.134.144.41:8080
1133. 90.192.84.225:443
1134. 91.205.215.57:7080
1135. 91.83.93.124:7080
1136.  
1137.  
1138. ```
1139. #### Epoch 1 - Spam/Stealer C2s ####
1140. ```
1141.  
1142. <not verified>
1143. 61.92.159.208:8080
1144. 104.236.185.25:8080
1145. 50.116.63.9:7080
1146.  
1147.  
1148. ```
1149. #### Current Epoch 1 RSA Public Key ####
1150. ```
1151.  
1152. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1153.  
1154.  
1155. ```
1156. #### Epoch 2 C2s ####
1157. ```
1158.  
1159. 104.131.11.150:8080
1160. 104.131.208.175:8080
1161. 104.236.246.93:8080
1162. 104.236.99.225:8080
1163. 105.224.116.43:21
1164. 115.97.16.102:21
1165. 117.218.17.6:990
1166. 119.155.153.14:21
1167. 120.150.236.64:20
1168. 125.99.106.226:80
1169. 136.243.177.26:8080
1170. 138.201.140.110:8080
1171. 142.93.88.16:443
1172. 144.139.247.220:80
1173. 147.135.210.39:8080
1174. 159.65.25.128:8080
1175. 162.144.119.216:8080
1176. 162.243.125.212:8080
1177. 167.114.210.191:8080
1178. 169.239.182.217:8080
1179. 174.136.14.100:8080
1180. 175.100.138.82:22
1181. 177.242.214.30:80
1182. 177.246.193.139:20
1183. 178.152.78.149:20
1184. 178.62.37.188:443
1185. 178.79.161.166:443
1186. 179.14.2.75:21
1187. 179.14.2.75:80
1188. 179.32.19.219:22
1189. 181.129.30.82:80
1190. 181.189.213.231:465
1191. 182.176.132.213:8090
1192. 182.176.94.236:20
1193. 182.176.94.236:21
1194. 182.176.94.236:80
1195. 186.144.64.31:53
1196. 186.19.202.88:21
1197. 186.31.189.232:143
1198. 186.4.167.166:80
1199. 186.4.234.27:443
1200. 187.146.179.75:993
1201. 187.163.180.243:22
1202. 187.163.222.244:465
1203. 187.189.195.208:8443
1204. 187.225.213.90:20
1205. 188.166.253.46:8080
1206. 189.209.217.49:80
1207. 190.128.26.2:80
1208. 190.145.67.134:8090
1209. 190.25.255.98:143
1210. 190.25.255.98:443
1211. 190.25.255.98:80
1212. 190.25.255.98:80
1213. 190.53.135.159:21
1214. 190.72.136.214:465
1215. 190.75.47.24:80
1216. 190.83.191.92:53
1217. 190.97.219.241:80
1218. 195.242.117.231:8080
1219. 200.21.90.6:80
1220. 200.85.46.122:80
1221. 201.199.89.223:8443
1222. 201.220.152.101:80
1223. 201.238.152.20:465
1224. 206.189.98.125:8080
1225. 211.248.17.209:443
1226. 211.63.71.72:8080
1227. 212.71.234.16:8080
1228. 213.14.166.152:990
1229. 216.98.148.156:8080
1230. 217.13.106.160:7080
1231. 222.214.218.136:4143
1232. 222.214.218.192:8080
1233. 24.139.205.186:8080
1234. 31.12.67.62:7080
1235. 31.172.240.91:8080
1236. 39.61.34.254:7080
1237. 41.220.119.246:80
1238. 45.123.3.54:443
1239. 45.33.49.124:443
1240. 46.101.142.115:8080
1241. 46.105.131.87:80
1242. 47.41.213.2:22
1243. 50.31.0.160:8080
1244. 50.99.132.7:465
1245. 59.103.164.174:80
1246. 60.48.253.12:20
1247. 62.75.187.192:8080
1248. 64.13.225.150:8080
1249. 66.84.11.168:8080
1250. 69.45.19.145:8080
1251. 71.244.60.230:8080
1252. 75.127.14.170:8080
1253. 77.56.253.112:80
1254. 78.186.5.109:443
1255. 78.188.7.213:8090
1256. 78.24.219.147:8080
1257. 80.1.76.46:20
1258. 80.11.163.139:21
1259. 84.241.10.111:53
1260. 85.104.59.244:20
1261. 87.106.136.232:8080
1262. 87.106.139.101:8080
1263. 87.230.19.21:8080
1264. 88.21.212.13:8080
1265. 91.205.215.66:8080
1266. 91.74.62.86:8090
1267. 91.83.93.103:7080
1268. 92.154.101.154:50000
1269. 94.76.200.114:8080
1270. 95.128.43.213:8080
1271.  
1272.  
1273. ```
1274. #### Epoch 2 - Spam/Stealer C2s ####
1275. ```
1276.  
1277. <not verified>
1278. 198.58.114.91:4143
1279. 213.136.86.219:7080
1280. 91.205.215.10:7080
1281.  
1282.  
1283. ```
1284. #### Current Epoch 2 RSA Public Key ####
1285. ```
1286.  
1287. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1288.  
1289.  
1290. ```
1291. #### Credits and Notes Section ####
1292. ```
1293.  
1294. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.abuse.ch because they rock and report everything to ISPs as it
1295. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1296. https://pastebin.com/u/jroosen
1297. https://paste.cryptolaemus.com
1298.  
1299. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1300. I am providing them for your benefit in case you want to parse them to be sure.
1301.  
1302. ```
1303. #### What is Epoch 1 and Epoch 2? ####
1304. ```
1305.  
1306. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
1307.  
1308. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
1309. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
1310. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
1311. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
1312. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
1313. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
1314. time period.
1315. Here are some observations I have noted since I have been watching these botnets:
1316.  
1317. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
1318. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
1319. being delivered in maldocs on Epoch 2 at any one time.
1320. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1321. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1322. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
1323. Monday morning/Sunday night.
1324. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
1325. Epoch 2 may have a document hosted on host.tld/B.
1326. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
1327. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1328. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
1329. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1330. - C2s are never shared between Epochs/Botnets.
1331. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
1332. via C2 to stay ahead of AV defs.
1333. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1334. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1335. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
1336. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
1337. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
1338. spam template, word template, document type and even payload.
1339.  
1340. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1341.  
1342. ```
1343. #### Community Lists ####
1344. ```
1345.  
1346. https://twitter.com/pollo290987/status/1135028442104291329
1347. https://twitter.com/executemalware/status/1134589014252687360
1348. https://twitter.com/EmotetIndian
1349.  
1350.  
1351. ```
1352. #### Credits ####
1353. ```
1354. (OC from @JRoosen and/or combination work of the following)
1355.  
1356. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
1357. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey,
1358. @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
1359.  
1360. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
1361. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial, @lazyactivist192
1362.  
1363. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
1364. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
1365. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman, @lazyactivist192, @TrendMicro
1366.  
1367. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1368.  
1369. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
1370. helping out with this!
1371.  
1372. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1373. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch,
1374. @urlscanio, @TrendMicro and @Virustotal for providing services/software no charge to this cause!
1375.  
1376. ```
1377. #### Daily Log 05-31-19 ####
1378. ```
1379.  
1380.  
1381.  
1382.  
1383. A big thank you to all those that report #emotet, via Twitter, URLhaus, URLscan and all the sandboxes.
1384.  
1385.  
1386. General News:
1387.  
1388. https://twitter.com/VK_Intel/status/1135199406171545600
1389.  
1390. https://www.proofpoint.com/us/threat-insight/post/proofpoint-q1-2019-threat-report-emotet-carries-quarter-consistent-high-volume
1391. https://www.cylance.com/content/dam/cylance-web/en-us/resources/knowledge-center/resource-library/reports/Cylance-2019-Threat-Report.pdf
1392. https://www.sentinelone.com/blog/emotet-story-of-disposable-c2-servers/
1393. https://www.itgovernance.co.uk/green-papers/fighting-the-emotet-trojan
1394.  
1395.  
1396. REVIEW:
1397. If you didn't already see it, there is a very simple way to defang these ZIP/JS attachments or links. Just change the Explorer association
1398. to open .JS files via Notepad.exe. You can follow my instruction here in this Any.Run:
1399. https://app.any.run/tasks/81503633-0f95-48d4-bd80-c83ec5c2b763
1400. or you can do this via GPO. Here is a nice writeup on this process: https://montour.co/2016/09/group-policy-force-js-files/
1401. I recommend you do this because .JS malware is very 2016 or even earlier and most users never need to run .JS or .JSE for that matter.
1402. You can likely throw other extensions into the same configuration and @JayTHL had a nice thread discussing this here:
1403. https://twitter.com/JayTHL/status/1126204098670411779
1404.  
1405. Email Template Report:
1406.  
1407. Generic templates on the most part, the usual body text listed below.
1408.  
1409. Review:
1410. What we know about the threaded templates/reply chain:(changes are marked with *)
1411.  
1412. - Emails are sourced from once (or still) compromised users all over the world.
1413. *- Emotet injects a reply into a real email conversation thread between the compromised party and another party that replied
1414. to the compromised party on or before Nov 2018 until at least March 2019. (may be up to present) Also have seen emails going
1415. back as far as June 2018.
1416. - Now on E1 and E2.
1417. - Now seeing German based templates that are essentially the same thing but in German.
1418. - The injected reply is usually prefaced with the following:
1419. "Attached is your confidential docs."
1420. "Attached please find the wire transfer form."
1421. "Thank you for your help. Please see the attached."
1422. "Load instructions attached"
1423. "A printer friendly attachment is now included with each email."
1424. "Click on the attachment to open or save the printer friendly version of your report."
1425. - Both attached and link based delivery of the maldocs/ZIP/JS have been observed.
1426. - Attachments seem to be in the filename format of *_Month_DD_YYYY.doc/js so far.
1427. - The link is customized for the display text of the link to show the real domain of the spoofed organization.
1428. - These templates are pretty limited in run and not very numerous.
1429.  
1430. Link Regex Report:
1431.  
1432. Regex directory patterns
1433.  
1434. E1
1435. *https?:\/\/.+?\/(biz|com|net|sec|sec_zone|secure_zone|seg|US|ver)\/([DdeEgGnNsSuU_]{2,6})\/(accounts|anyone|logged|myacc|sign)
1436. https?:\/\/.+?\/([DdeEnNsSuU_]{2,5})\/(ACH|Attachments|Clients|Clients_information|Clients_Messages|Clients_transactions|Details|Documents|Information|Messages|Payments|Transactions|Transactions-details|Transaction_details)\/([0-9\-_]){5,7}\/
1437. https?:\/\/.+?\/([A-Za-z0-9]{4,5})-([A-Za-z0-9]{14,16})_([A-Za-z0-9]{8,9})-([A-Za-z0-9]{2,3})\/
1438. https?:\/\/.+?\/(trust(ed)?|sec|verif|public|secure|open|verif_seg)\.([DdEeGgNn]{2,3})?\.?(logged|signed|accounts|myacc|sign|anyone|myaccount|accs)\.(resourses|docs?|open_res|send|office|rep|public|sent)\.?(net|com|sec|biz)?\/
1439.  
1440. E2
1441. https?:\/\/.+?\/([A-Za-z0-9]{4,30})_([a-z0-9]{5,10})-([0-9]{8,15})\/
1442. *https?:\/\/.+?\/(administrator|assets|blogs|cache|cgi-bin|css|DANE|Dane|demo|direc|Document|DOC|Dok|DOK|esp|FILE|homepage|images|INC|Inf|INF|js|LLC|lm|paclm|Pages|parts_service|phpmyadmin|Plik|PLIK|public|Scan|sites|test|themes|uploads|wordpress|WP2|wp-admin|wp-content|wp-includes)\/([A-Za-z0-9]{7,32})\/(\"|\n)
1443. https?:\/\/.+?\/([a-z0-9]{4,7})-([a-z0-9]{5,7})-([a-z0-9]{4,7})\/
1444.  
1445. NOTE: If you get a lot of false positives, try adding (\"|\n) at the end of some of these after the last \/
1446.  
1447. These Regex patterns are to be used experimentally and at your own risk but they caught 95%+ of link malspam.
1448.  
1449.  
1450. Payloads Report:
1451.  
1452. Normal early start
1453.  
1454. E1 was attachment only. 21 DOC hashes scraped from sources for 3 EXE sets.
1455. There may be an early-morning 05/31/19 DOC/EXE unaccounted for.
1456.  
1457. E2 had three EXE sets across 360 URLs, plus two attachment-only runs (one from previous day)
1458.  
1459. EXE for both had high rate of turnover (~15min TTL) finishing at 14:45 06/01/19 (E1) and 20:45 06/01/19 (E2).
1460.  
1461. Both had C2 in excess of 100
1462.  
1463.  
1464. C2 Report:
1465.  
1466. C2 from E1 EXE gave 117 unique combos in total. - recorded above
1467. C2 from E2 EXE gave 111 unique combos in total. - recorded above
1468.  
1469.  
1470. Closing:
1471.  
1472. <>
1473.  
1474. TT
1475.  
1476. ```
1477. #### Sandbox 05/31/19 ####
1478.  
1479. ```
1480.  
1481. E1
1482. https://cape.contextis.com/analysis/78504/
1483.  
1484. ```
1485.  
1486. E2
1487. https://cape.contextis.com/analysis/78505/
1488.  
1489. ```
1490.  
1491.  
1492.  
1493. ```