Daily Emotet IoCs and Notes for 08/31/20

1. ## Emotet Malware Document links/IOCs for 08/31/20 as of 09/01/20 01:00 EDT ##
2. *Notes and Credits at the bottom.* Follow us on Twitter @cryptolaemus1 for more updates.
3.  
4. ### Document Downloader Links ###
5.  
6. #### Epoch 1 Document/Downloader links ####
7. ```
8. not seen
9. ```
10. #### Epoch 2 Document/Downloader links ####
11. ```
12. not seen
13. ```
14. #### Epoch 3 Document/Downloader links ####
15. ```
16. not seen
17. ```
18. ### Payloads per Epoch by Document ###
19.  
20. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
21. ```
22. Creation Time 2020:08:31 21:46:00 (Attachment Only - Doc based - Red Dawn)
23. SHA256:
24. 004644191f22b782fa43d1aa4dea7c68bf251f2f2e5a4ea59610fb778a84327c
25. 01a5cbb8775bb17099c9218604906308bd430f120c2140ce8d2bc3453f8562ac
26. 098643ae34eb86e3b8d05c91365d2ba0d0fea9eeaebedff0cebbd7f4e29ded40
27. 0aaf9693d226823ed61f08b36fecd97bc69748d951156acb484db74991f45e7a
28. 0f69f711b16fa1e7f36d0376678ff94ab2ac39da1463473edd6fb26640e86bb4
29. 119fdf1a7f971a457110860316621d71dcc956eb160b6f0b64f1e10689312a4a
30. 17a29cd685aa0ad139d03c90b894776cf89d69a2b534a82aecb93562612027f3
31. 1924419cdeaab1cb2ac9856903e648a2a5ad3e9102015c765b9f23b692196bc7
32. 1e5470e0992abb4a56a2045ad8e0310aa2cc496b26c98504e990d74c261d2bbe
33. 211f19d5fad05624ec9faaaaf9beb11458619aced299602e1a7a931427d8c6f9
34. 2290e73e2541495d19266ba677e1f2096366e16f33f1a6c06c60716c975aa74f
35. 262c4b848f7cb3a0af6c9b13a02e67948b0a483dc9859144fc76fd185389dfec
36. 300fe7cec32d07fddfbcc1c1c9cd73b5a74bf35f21c5913795635fcd48102231
37. 3101b107e972e3c13049d5fca9ced684bfe74e67d40755af83ef76e481483ae0
38. 4098e490d41e59b970a14db7bcc8804e2fe15f78ed5ee55b361abfadd42406ed
39. 45c4caac0845e7c668cc5d3445bc74ca7d6c6e95011d98fad563ada78dfac63a
40. 460a45f51e456015cc79018ec2004c4908be0a5d1a6fa13bc57cff7ea4706873
41. 5565564fbc5bd14d863794532e4398ed93bd63deb8afe6dbcf2a6d24428be891
42. 57b52dd1880390eae4d45f75424c737f371e6281c7f2758be3282c403d91c63a
43. 5f22721bd083b11f2f05679be8f7ccf14e7352270d9b9b155dcf2ae6aa70fe54
44. 6133775f11742381ccf31af4aa38acd188cb1569bb86f12a40cc34d98c67ef40
45. 6d2d63ebe35153689c33b516a6cd54ae4a053a8c4aec5cee3ca187234dc488be
46. 747244bdc9a94553a6754dcde7ce7aa5b66ce38662c208f732dca56c69670407
47. 752ee9e0850bcc5e441cccac783345e745ae0c090e0e9ffc71d0e3abb461d3a8
48. 78b9b7ed3b503c57a474734a454492875da4ce0a5c3dfa694797b526c9a6755c
49. 7aa2aedd24c2cd96262379c230741fae882ae3ee4b4ab3ccea5a4792495f1427
50. 7d6590f39b503e590081be741f9e9ac0e3f139ea7e34e10ff7aaa88f0f1f8f05
51. 810b8adbff38a8df4ddb00a94fabcadda61361fa03acf8f35c2df2f084e41d08
52. 82bf70ed09855166aa411801fd8a529ca272d16be62f8868353309fe1604f650
53. 832054968672b85545f10778c10a4c1f87101fa7ffc30288a24e90a1aa79be2b
54. 8365c4cd7a545499ac56120ee003bf496ba1063e0ac6ee5c697d83ad8cc9e51f
55. 84800276d7f188b8789625ef87a83d96be0c84fb381bf77499605353c973b39c
56. 85122b1d0ff3ffe880eb8e5fd18e4a47fad7f7f805a433cb775c13c6d9c9e91d
57. 885e2b716a4f9c4d3439161cc44fa841f16c26bd98241961f38731299b569ec6
58. 8ef433995209690658dd60b8c5ffca6fce9799093f4451e1fc56dafe000ce70c
59. 8efe59787021c1348ad26bbce2c8c50692c7d8165b3bdb1f0f7f8a4ecb4d8e45
60. 95717d06191880dffd2e8d731e0664080f5a56a4990d1145be9079467fc0cc84
61. 9b48f6fdd6cc7ddb3966a557d7203157d3ebbab6ab3c68b2b4a17bb3c7b02c1e
62. a3a27f05a8a0a15111fcef187412cf57b0d082f3f7de396ca2eb797137c86585
63. a3b9ea73d5be19dd71f9ec1a9dfdde82bc1a008bbe14f0a996d83da88ef30b31
64. afcca38881a2e58c15bd0b8521c786cbe6833ff057313cb57f02b2b5c27132c1
65. b43f990771a23f6b9ee1a6ab694928ccb4b54e526886149a62ec214004cae246
66. b45603cd0edeac9a7e42fc044556a8a4cfef0c8ff8046e1b0a59984b7e60374b
67. bbcce342218df870b6259a53d54124390a83f4fe398784e31d0ceae9e5be9796
68. c107377b9243a4af0cbd194f74b204b0328e6ae5ef8e875aa5e021c54a982ab4
69. c2e2402a86a34f4f5dc5fef702a7d2eab1aed554bb76886fe5085d419021c62e
70. ce4fd400d3b5dd1415ac1a1983b6046c31cbb727e9e4d0d2528bc9ea055c3025
71. d4a2045f90fe4dff3b4860f6ed0392131d58f22d323e7d9a449ca7739aa80f77
72. d8c2168abeab82fa898cd7fa25b2c587dc71671e66874a5cbb3ac19fb162353f
73. dd3d761ce1d617e82b3709ae678f5ace3c9f6549cc299acf40d998af88f45cad
74. de55825721b37e7126edc5bfa3768444e96bba375bea9dded527f8abe840e59b
75. e0d12b3ba723038f8e095a83a74bb8769ff65401d0ef6a6af1b2ed9bd7831775
76. e38c337dc9337a7f290342c9b605cce551f089b07a14a82e5322ad986330f455
77. e3939ac53aed2324a1ece27b41dd49218c8f2726a5afa639656c87ce87a36e01
78. e45b75283716b84d0da38260c1bdf4f26b865cf3f6bde0ac7c376c2c57696a61
79. ec042f1ecbba86794fdfe0dc261b4d070eeb0463814b00878df87d768eedf02a
80. ed5001d8ed3a3411468de52f41d9b5ca4e0cd6e28f3e349013be9654e5b1bd30
81. efdf8c09f50928894023af48faf47bd5b3d96c50ef8ee4723bdd79bff9dc7b88
82. f838217b129bc785df68faa0127fdfb6ae5c2c79055e35985519b23e925e1a0c
83. f890eb96df2efb688f03b18d9844d7823db131acd01f813ff736a61134c7cd07
84.  
85. http://itac2.com/wp-admin/S/
86. http://ie-innovations.com/insetPages/E/
87. http://handlestone.com/shadowbox/R/
88. http://impuls-tech.com/security/Ep/
89. http://intemar2020.com/sites/all/modules/contrib/prod_check/G/
90. http://inessilvanutrition.com/islow.co/J/
91. http://hochzoll.net/bilder/N/
92.  
93. Creation Time 2020:08:31 20:00:00 (Attachment Only - Doc based - Win10 Mobile)
94. SHA256:
95. 115a4c3ff8aacf9eb20960e8276ab5d3a94e2104bd79d7cdfdec02a5fee66aff
96. 13c335389a4591c7ab6f66f0d1859d500d71d86060ae2c5ba62e33ccca0fed79
97. 181f6652cb329d41c0c055dd2e3af900059bc62f886b0d6833fa1fe10b298903
98. 23bea4973d7c0ce9106c9e44abe796af2a85781e0cb703ba44c7d5a1e84a58e2
99. 27ea9948475b74f60673466cc38831e8c052333e31d8a9a735e902bf1dd5697d
100. 2bee034bb02e5954626996435608a5100b23eae85cea73777ee706804405a288
101. 2fab91cf77f36fed76f22a249fa6afe08e6153633263e6292157aca59f0a990e
102. 30557f06da5eb76c7ace9481b4139d60b993a63b1d2b0bccb982ab087e25dfac
103. 33c96690739fd93386e792be421ac96a044abdbdf91fcca219d6218ab6d1cacc
104. 3623c05ee844eb00feb642571c285727bf5f38201305fed87e8f8034203ed312
105. 37281c8c2169f2973e13f677b3d7928c444b8af25bea03e71bddf887b7663ba3
106. 39cbafb0b26b057f416d99d0736f90e508594c2ab73c67366f6862ea77dea225
107. 467fde871523f0ea04644b9edf6dbf649cd34a3243316c431d9a6f1da3d96add
108. 47ac39664445559c98f91a14e7acdf7958dbeff0f3d922a52681a53a877a5d02
109. 4c2c0b055fb2087cf9b00f0b4eeff0afaf605b9d57a9f23f07782b55b935ed96
110. 65fcf7dd917d2d0a983c4715ea8529dc2a8875bfbc75cd4b2e2670cb140c16f5
111. 6d6fe745f733467854b490b339b88a03f041f023cfdcee7b7ab4e4378bb447df
112. 7e223dac9adf83978ff86bb122c94f65b78f9b212fbdf8e69a5407a636f3c7fc
113. 7f84b4bf409952889c3718a8a1476fc98128843c1b3745eec37d27aed6a61fb4
114. 8406ee70a709ab27bae027a278b3e1034c56236cdb39cb24bdcd3b1ab68a7f70
115. 85c0ba7aed099b47f2d0802b9aa65960ba7b4bfc310fd633b0d46361234aeb64
116. 99350adda07b465c91d408c220b2755669a098ed05b15ffe2cfab6c20457ee37
117. a16eb5aead35604e02d658e00194c2fd1ae1de5e3226bcba1ba192b12e7501cb
118. a8140d0f9e2139dc1b5cad46601db4cd09ad19708113464213a289bd8f5599c5
119. ae2912a769ebe9c424b0979750ca96a68572a233879a45b9d699bc201bfeeec5
120. b0a55bef0b45b140d45cb44eb15eb526fe0616d191024b755484f1d0bef9ec8f
121. c38be08c32e933b303addb3556ca48802b774bab3469e8f8615afce4a8dee88f
122. c835d654f47a2cb4d453f17c4b6fe37e78a6c3d2492b4dff7601611b1c647763
123. d2580c6f8dbba84c82657114f072cd5b55abf474cbc71d047fe60b838fe6d0a9
124. e2bb6f8ce020fc59a0bc74b768b59b0c0ee90146377462e7fec7c7ae395a90d1
125. f0c91e1c074d558bcde7f16613d321b5a9a5b06c07e99580d1532f55eb26023f
126.  
127. http://jmnwebmaker.com/images/vU/
128. http://jrmachines.com/phpbb/F/
129. http://jobcapper.com/8.7.19/ii/
130. http://jung-family.net/cgi-bin/ryb/
131. http://intrasistemas.com/cgi-bin/4/
132. http://jesusteam12.org/jt12/OV/
133. https://jemully.com/wp-admin/uxc/
134.  
135.  
136. Creation Time 2020:08:31 17:43:00 (Attachment Only - Doc based - Red Dawn)
137. SHA256:
138. 012bd7add6531f3ac4fbd1bc6ba9445cfdf9db987a73aae9da77abe115461a92
139. 07551fdfe8c59e8a9c332061d992f76d8ed87de5febfaaf4f2e28403b8340704
140. 0d116e88c4abd8ba1ac135f7cc74df81a9b3675f339eec055c9952c48db86a09
141. 16c825990c3f6a06649b57446324f42307499ead0784e937ccd2e0c6754d665c
142. 19b29db86350d1cddaea92e895a54fe7e574945ad2a183712b62f53cdf49ed89
143. 20a77227bc7c2c43e8ff30ec5568125124c8b18449ed714cb34c324f0edff704
144. 282773867fb3e15a9cc23955e9dbd8db1ceff527f6fe1aeefe182f30d6ec1288
145. 2eec44a085b28aff2b04bdd538e5311423aa38cb8a9c4567964d883d8d4263bf
146. 337d4b34ad14b7d2a1999c6140b37961fc0cbfdb98f6a246e0b5e660949e2b51
147. 385c3b4430e42a739092d29a3cc6c3e2d08f11bfce959e8c79aea4bd4761558d
148. 434eac6ff24361bee5dc9770f09bd39457e5314caae1ad91e05e0cdf3746a3cc
149. 4951fc5132f60798d8cb400325d917c3a6c7fb60dd5b9f668194fccffc194f5d
150. 4d47de8b3d3f67fda99e11ede3e0c35c2d7bcd89594cac8568b1fc7520352f0b
151. 56342f195c55374bebd340927d9f9e9361367f847586c7f223c1086929803cb9
152. 5cd79ecddf6f640c8142ee6da13001d56c8b62d10f7e8379160b4827d1e6f0ad
153. 5f8fcee07c681467abf34f2cd9b79c384eb29ee31f75b669a18fa2a0886fafb7
154. 6040408f78459059460f6d0d7a42fe2a1f217e2e912853ed9adee76ac5e9df59
155. 68f5d35c402a6f70608a4098f8f9d13951d2d6d7b5fd05fa713b9d057f96ca89
156. 69ebae909206a449e9d4ed8126340526ab531fedddd94531301c387d9efe4645
157. 8181d620ed5f2ed44e932d355e246ab6ab0db98c2e78e8d81351eb5bb17d8cbc
158. 8606ebcc5b3a9d391d24a20d1107b4b2a45169bf5fac753506cd4ca1ca4d080c
159. 88c903ed775fb363d621fc85592b22a97ba38a194a3760a099f03d4ea07a4115
160. 89b3000e6e1900600dc6b3d8c77341f2005dd4d37cac87244557f4dad3415619
161. 8b1a23af7a1b3b008887ff96d0d206e72343e4bd9b2e49454b0a8b190b91ba7e
162. 8c2f4454dc5b31b561a22cbeece4348226883c19cd69efa7097df57b6eb286ea
163. 93c32df1b146118c0fc34a11acae17bcfde34ef49e2b5bf647bb50c22f08b719
164. 97332bb4b060e7eaf360967c9f9bd587b66dc8e8f492046e3a46899506f662be
165. 9e5b24af9bbcea20fb724ec08a64b0df9c34ef399cc118d6d4dd25d8e34c6259
166. a6b93f3009f9ea4fd69490654935fb96f5f35707ac915a3b646fd923620aa40b
167. a94d61369235a7104a012d9382d7a8ebc97d94337f8da14755d72c56384f0c55
168. aa5e2ff6fe1995e1425dd46617bccc6b619344127fddd11739d32f7a9b151b6f
169. aee2c89d099707cc8f22ed14a631475e7b0708f1967633f6615c298a3b959fa1
170. b5881e6ea6c23b36e1651db9dbeb8067199d2cdaa4053be24a4e5507bed1b5dc
171. b956b520ccc6fdbd3761e8fead01d3bcf2778f57c572424a32bfa1000bb5baf4
172. c0bcc450b008321465721b391731799e3169e2a90c7166dceb489d729b2e7306
173. cc9f84a87f25cf939241e30ede40606aa7fce5f44fc7b70e224e31fd657adc49
174. d7c746a6dc953142572a13cdfc8ed5d0150883528f298527eecc009255d6136d
175. e0829d496c38d7ad5000e7be11162140c3ed11d1bf4e5bb6dd7e3efc2ed26eb6
176. f06108f3ee17f2e2bf9bd471c615ea8e400424e7e33e640f80fde84a48488aff
177. f886d8173db65a1d765f3af3bf328b6d37a94f5e97fa27e347a1c9f6806feb19
178. fdeb7b8aa7a25f398cb909f6e123c73b0aff2c038d0b9c93a27c2344397a0886
179.  
180. http://kanzlei-hermes.com/cgi-bin/8/
181. http://kraus-world.com/cgi-bin/v/
182. http://krishall.com/assets/qCu/
183. https://kostjamusic.com/cgi-bin/amA/
184. http://lars-lohmann.com/cgi-bin/9/
185. https://www.laportadelcel.com/_notes/HN/
186. https://innovationsstarter.com/cgi-bin/iq/
187.  
188. Creation Time 2020:08:31 14:43:00 (Attachment Only - Doc based - Win10 Mobile)
189. SHA256:
190. 1461d2ae1af3199ddf3392372a0a8c3ccec9eb7dc19365915e46a6f60ad8cb39
191. 18a54bc36b885ee6bf67a784b4934ade02a01648cca5cd5c98f5e0e49bf6c28c
192. 1bed7c25fe4cbf72e5ac0bf9a26b1df76c719e98b32c49844db69c018d876b44
193. 1eeca531c05051e61f95acf58917d8781f8f6472474a36823be211ef0a16ecfc
194. 23db00188d3cb36b8eb5002e5305423c0acc0a311367682dd1e48d78a68b5d05
195. 32bb864f328cc624dfd7362f9ab3a989fa485f01578d1383743f7b4e22fe2d49
196. 3769178d44723f573af26ac67072892ece6bae9c720a0531b3eed6be0097a2ff
197. 39caa6da322ba46e23d5fbd3b3414968ac8f822258a37ff3509c6326a55e45a0
198. 4153f588edcd2eac8f10455a6d742803e5d8d89d65d54d6db5f8846c70ac0edd
199. 4e6599279c168583a4c3092bf254a0b960aca85395495611ecfc43dbff0102b9
200. 50438f82b1f9628b3b1648e8234637a9a1207ab79e300812afd250fd4de49292
201. 57a7334a494bf1b1a9d172804295611cb7658794a964c562ba616b99aa5beba3
202. 607a09de4190ad3aa3cce1ec6f157e2de6417b602ed2d2e63d4d8b6fb5bb19a7
203. 6cf874952a5bd444312b8015319df4bffb5441e07aa920f75082fd2f0039f54d
204. 6fb1eb5b77f4b6638dce2d938261eb903bbe025aff10e7b0c243dba6189df889
205. 74759b6046f0131a9155977f914df741192811529f74771e357480c600df37cd
206. 7b11833003f285685cfcaff5eb493e104aa9b30bcf44f97a8685ba362cb0aa9b
207. 802460eaaab9456bca854a9bcf224031ac5b619c3a8ce0e9d5a5999a91feb044
208. 897739ec9bf290763f342cde5f1ec60043c05f2005087515b9954537ca73f692
209. 9304b6a15a6446c6872ec49f12f36f551b7898e83eea2b8c834393a416112407
210. 990f4941690f651e1e640d5e7313a1ba729bcedbaca0b71bbdcb3bc4a6f1505f
211. 9986da03dd5eb77ab24ad38512778cfc8fcedc2f1df6463e1721205152a57ecc
212. a377538c7406cac1741486724c103bdd4e05ba71a7c9a7591088f4c8258d7993
213. ab21c3f6b004dca8f664e3e9d871dafe3948379b46b14caafce09b6179857e32
214. b2d5b9ee70f9be77fea0cafeec1c7ca90ff74aee24fac80252e6e2f137a3a120
215. bf0f69b7ebeb559606f14a2f1dc7c6f1e4bd7b1dcffa98b66b4eed1a5b5ec56f
216. bffc0ecb5f98cd73bb00d7e07c736a84874bb8eb46f2a7c9eed2f87a1d65e482
217. c45c6c8773ca7b9870c02efb63d869336d25ffc5f547a868cb940a2232557fbc
218. c55978093b7caaaa78b70e599fd73d829d329ca1568a0e84d84c3ad330e3e493
219. c77e436bb7826b4afe5722cc91576c09be917fef96e9e786d30d47279b390854
220. c8c775a41cde0c9fa5589d65d6f018cf59bc88d88e513a8a26e226487a1ed378
221. c9033bdd482f9a291c397ddb89305a1e150e9d7ee3ae11036ca56c355da7d465
222. c929339ce5f4c57c8caa5cf8c4dfa977569196dee7c07e68110891ad3dcaedcf
223. ce1ca6c339603b9f7c7261b87bceed9604282c0b720ab6331b6f1f785b73126f
224. d4547b9e7d2bf099a361bcd0c18836c0db4cea5ac3205b20617edb3d55153b45
225. d7f74bba0e4729d5a827159517e4a2ff62e133fcdc348f011a636337977db19a
226. dfe1ab537a207fdd2a911dc3152a195c8ab3b9a6ee55787b1bf6c7715b1c7165
227. e02a838e27b0c51d4c029df55dc554a2daa92610632c61e86f09ff2fe15ccde9
228. e2ed1248e0152a282f0940eb84698c117036b81a6a812083d402afae27b4ec7e
229. e5b90e2cb8de942580f5bc1357359d702b0b51f75c123e4ed8dd987c1c79cc28
230. ead58a63392a421b4f9dd0bc9ba28accf6b546d61666c7775d9e4170dac693f5
231. fe96c2af42d171454f6b998282be3d9efdd7e78d79343678f4fef297ea662d5f
232.  
233. http://learn2wow.com/wp-content/OC/
234. http://lennarz.org/cgi-bin/XRW/
235. https://likeradiouk.com/cgi-bin/t/
236. http://liebchen-fashion.com/cgi-bin/L3q/
237. http://lindseyinteractive.com/tmp_update/ub/
238. http://m3interiors.com/img/wE/
239. http://madurai-bengals.com/Applications/4y/
240.  
241. Creation Time 2020:08:31 11:23:00 (Attachment Only - Doc based - Red Dawn)
242. SHA256:
243. 0007a1c878f843c9729b597a7b86b543c1a338395c9e07722e03473907da76a8
244. 09cd26e8e039273fcb895944e8baec7710cbbc397c307329e1439af74f374a69
245. 0c171721fec6bc100f603f005888d33e85bdab540209edde5e1eca7daaf39bfb
246. 0f2f02a0a79ae980653c6d16702fa925166e58820400b50ed16835e994a04736
247. 10b098b5694caf4e6c4f3de493d68b9f48af71cb9d2d82e22deedf43936ab64f
248. 136e9048c3266eb7676be1d12260bef54bed31dc19137bc731976d12d43303a7
249. 13dbda189f61593243450e4121af3a06c18c617837d4f9112b02353983aae31a
250. 27044b38c39e939550ac24f5a97f5fbddbd38f87afe1ce4152784f8a33c6e258
251. 30b4e2ec645496057d7505183362aa87a356b3f8508190eb7374b44e285032e7
252. 4051ed1a1123ce8f0cbe3194b37f38e0aafca2557f501eb100db9a47d073a5b5
253. 464f0f75160438a0c87b31f45f70330cae23042865046a2fdab183db6aedaeba
254. 4a20db155265797592f9a859d372a8cda3eded264f51c503fbd96529bf56a43a
255. 4b13061b201edcc80eb7c2e558678d5f4c042879516c7b74b72bcd7d85f6c27e
256. 4e83d692d1d8b7c0cb77e1c17dee36c28059a7a4868a32cc2473b4a4b77d46df
257. 5778fdbca49ba1ce8f51d2b43ad5ddc25267816be532f98f22a9dea1831d80e9
258. 610ee3bb2f2b188966e65d55813a57295467a7912116a98f839dda026925efba
259. 61cc99145d97ffd368463b3cc466016b849f908380cd1614a637f1d48577bb38
260. 645e35ff2fad6726dc3ab1a34f18018bd11e1079ae469bc026abd4a054944e56
261. 6619d7694aa89fa2791400ce83940b7537c1cb56dd4ad38970726a64095815b6
262. 66f54c751d3b9f0ac87f893199fc66fd196a7531b3b4497a8d2bf3607030a7e6
263. 67383f36122e0c2fab6c26a70d459abf812e8cd7400d3160e7e4426603f5c997
264. 67b52eef6d0d61991df6cac41a41c5eadf6dc1a331801debcda328c8bd057d35
265. 6b39ff097ddf72c0cc6201105d2c234a93c68d832eda272b6e75e925e4dcffef
266. 6e2c8c7c7d6c75094d9f745af6707f4937657f1a6c91506d0b6f46ac651e582a
267. 729417ad2fcc25b02d2f0d99a9b70f13343cefde65c1fa5a3237de22a102ce8e
268. 78a5cce2813a8bb62cc7429d8045ed89b7153c2b7edf85cb15cff47d497a6978
269. 796d24192a8088fefbccce82c265b2afd3331fc2062be89622797518d91ccd79
270. 7b4da95796cc16c6d0e38958fbfb577ffb5dd1e9da88ae296e3c119bae59d530
271. 83da597d20dfb6d72e285efe532ddd7887946b0505134828e9aa694982df52fb
272. 83e74c7e3be6dc7d29b7befd9ad84e553bb93401462c144a8f09ea5a295f72f6
273. 86489cb99ba2d9d3bb8dc16c1410a34fbb1dcd66c8388b8a7c37408e5aeaaefc
274. 926cf9dc61df7777a6a198578f45f3933f5f460de52a4b699e133a3795374f6c
275. 95ebf8e390edc53b7e1bcdc3c625237394f6cead10644b1fe79adcb253a0965a
276. 9ae7ab6bed9bc76ac871a60a18bf531f39c6634ca71aa04aa8d8d131139e2a62
277. 9f3b800a2949b1db78608098a149dfb6e9e84ff0669150889d00d28d7c3d9768
278. a4b64d8902133a250a7183eeb08cd65e63e04dcddfbacdcb507300fcd82f0076
279. a7ee5a49364c762c4d69991ce8a056d5467ed05ce606528a1ad4add987121b51
280. a85a86f9274c13437980e58d36814bfd81388f41a3c6247cfcce7e130fb98d64
281. aae6895df88b595a49c25023da375166a57a7722053f54ad6fe21e5df2983f21
282. ac40c74720327cd08c7356e805bc2cd220635a1363536d9e564a21cebac4b396
283. b9a1188a4c47d17863a524b8eeb10a84ac2f95671ac4f907d08b7afed0bb86db
284. c20be293a6627f1803b64de0524c7fa713eef77d7b561777eb02934f81092300
285. c50cc8066f837c5ea5337a78b64044b8a39464fc6972bdea7047bf54a6a74c8c
286. c74bd0fef70c8cd8328bbe6e37fcc76591b9e53f989e587b7702519d9a26377e
287. c99cb2995a9ff3d59652cc20fad4949b692cd920acfa75389fc24c4c03b1372e
288. cdebbd21a9b266950d525abd9d42991d3769a07060da0f97a970cef2b87970ac
289. d79005482276e2fabe9a4d8a643af8f364721ddbf2a5d55ae8e05769d6984266
290. df3e33183e0e4c42e56cdb1c869b3b1834879be49ff78a68acaae213da823116
291. e0c7f78e467071f2bb934b131d83233d7670e9c1459a2c8c51f7bcd4facf761e
292. ea2bb76caf7c5fa1e6e67b14d1dff06b2bf33205cb53e6fa87ed920696458042
293. ea494e534a38c609ff93dafe5f54905225af5f7cb3ce57fd185da1218247d555
294. ec4cbb0e09d6351b4839c48a255cfb3befae0b16e65b811ffc08068f9cbefffb
295. fc2c6cb3dc87ea43f891caca4af3ad1938add8fff48cf0d39a244cd3a02af4e2
296. fd7b2603859c7f917aa1c5ebacc6b5c2f442b6d42787be6b2ef9b573b42400f8
297.  
298. https://marianbernabe.com/wp-content/j/
299. https://matsumototravel.com/bild/IH/
300. http://metapo.com/rma_faq/oc/
301. http://meconsultores.net/imag/t/
302. http://massdepiedra.com/images/Ymm/
303. http://brettfence.com/cgi-bin/Fg/
304. http://callrealtyaz.com/wp-content/P0Q/
305.  
306. Creation Time 2020:08:31 06:52:00 (Attachment Only - Doc based - Red Dawn)
307. SHA256:
308. 004f016b551c7f7430b66b006cfee13c683b2300c7e2ce4cfee899baa8c06df9
309. 075418f2f2f570beb7981052ea3a61a2d116bc3f317a31e356eb8c62beb9fabd
310. 090fdbddf32bb86d2e6984a0005c935a5c0856034662ce382c491c4bb95b0053
311. 129ef3cbf1c301cf39ae07bd3a74a2ccc1d92c9fce65c57fae1475e039ec200c
312. 16e29774fcf44402e7cd3d1232d1c5091c9b3bdde28485e36b1f7bd7de83197e
313. 19ac1db69624fed5e2be1ba2c4d3149824ce879bd187488672c9a4b53102ff3d
314. 1a06af9e5787c79ab7a026823fad812a4e1a087bfee1030ac789c1d686a637c2
315. 2566e68bd640b7c24f0ba2b6e7323178e91977fcd3d8817028ade0187d17611e
316. 267028618d293976d6eb59d5eb791828587d784a195dbc3aaa743bcea85fb72d
317. 26af506f785607c2bf03e22f3b26c9c44bd3fd5b26e5d3c0b548bcdc3028f8eb
318. 2b35337b01a5448b4282cb09fa3e1268e5bb5e0d8ce9d5d28128ada6b9c9fbca
319. 2d05130b6872188aad262ef88e57da9811b4c7c7006c4c551321fcc9a36ab262
320. 3350aca51e7f8bf9d9b416df4ff18dd9b9ae49ad15764ea11ae60fca365ab0a4
321. 34dee5ecc9fd0c680c20d4b40cb9d1dabe45b7b0590a495b90806cebea2adf0b
322. 3ea86811c5e17cf5b6e451ac9eb2f054b976425ea5cbae31f4b06573f2735311
323. 434595776b4fddc9d9fe32ccb5282d147213a936e78ebd2c34fcc4474eee7386
324. 43d0102eb6cb6727e56c36d0e576762e4341aff62abdef2b8989ca2450bb1203
325. 4448ee64e753abb05dedd34b28d3641fecc24be71bb436ad3ff0c187d839b24f
326. 4d852965b8d70962f1bb3b0fcdc161d1e314f804e94ba358cb9b126f2f1c18fe
327. 583eb336f683ea61a22dd856952a40fe8e615cbe0ae50abb24e1f7848a50b374
328. 5e623bd7bc00b3aa0a6e27a5f9e7a9ea148024e344d50e54d65ee0a711e92ebf
329. 60a6dc0195b93330afb0423789dc7c4df5e8b2576a7660dcc39adff0524d2525
330. 649c68d41e53a9af213f283ac7b3fed58439cf5b9906e90b1a84c3d4b241fa5e
331. 6505d8301dff5b1cea9400db51a462ddfc9d86ac8f3c44e4458f4f30e29b9d21
332. 697803aa053ce7f3b4f85c0e6c8dc4b0676939a328864e2c2fb11c8b1b4354e0
333. 6c92445000217c65f867fcd94a440a42cd56803b3988b9b55837657d2d3fa7df
334. 6c9a48c059bc7c017dfe97d4bc0a963f2ad19652d6a3a1b087071d26bb56b925
335. 6ddfd61f309ee4d643de2efe9ef56da070e95c6e444ceb01943eb9f82b33c8fa
336. 74c4afeddbdbc5460afcf6282df36defaa5a067a7593411d508ef322e706906e
337. 75204ae5fb2fe39c17093e9d2c982280b640f49cbe699645a3f60a2fe88862fe
338. 75fa5453bc8c4525faa9595d636b70a04eb2ce434ca5f64430ef5ae2857c9cdd
339. 7b7ee49a8a32c214330195a8cfe682f5bd7a1e6781adbf8998e876221df6a2ab
340. 7c16e24f20ed7795d073366b5c770a381042a793eefe36fa9f31c22f54659760
341. 82fa46d76dbfdf14027de5a6ad6830acb90651a9291789231db1be0547972547
342. 88375eced96f85d1611613afe77f0d5af3efb631f5bd2b111711c3ea25397e36
343. 8a383358831c002ba8ff016c10ed5660d96456ff5770b3f25d7275babf3e8d1f
344. 8b74c97b76fb37d5a5977b5d3e60c1106a22220e57a682f1a2738e7f0c81e141
345. 8f8bed58963db1f84700a713707d9cc7f8a7b4adf9968ba143b9c32086870bd4
346. 9b75ed40964c397e4b52eee9e68d1e73d05d0e45002e20dba5ef7d5e7ed592ae
347. 9d3905aff01734e36030475628b30ec17ff0c85af64dd19ae5014bf48340ef70
348. a2ba96ef7945af60eebbf3b5f4e3037af68b228fec647cf546eef41e76928788
349. a57e5fcafaf2ad62694c8c6ec9d84bd52a392e504f17f724ebddff853ebfaa3d
350. aa3ff22421020fb44a4823eb5b9db0cede0fd35702960a4233a091523e626633
351. ad78bff8dfed18346260d7563050c640b14b73de5e5109cf1eb4c9a411d2eba5
352. af4d2ad511065aafd115204d5396955fdda7793264fdf13791e26b9999a707b9
353. b20175497c5f00c4b44bbde4d96d30b82d7d1ac345a2c5c620d8f4aa0a472ebc
354. bcb736288d2aa1f9600f0cf4686716638c76cb0a55423c1207770910ebcb7d28
355. bd82705d43d1dafa37b9a1d415bb938d54f83876f44e4aa2d1be33016a892ff8
356. becf0c423d994fbd46559100491cbcc8c2685a025df9ed2edf91a40a1e202431
357. cbb7e5d1682f970ba57121a637407d2fad8c698fb64776349e0e989c41eb92b9
358. ced3632158fc18d3cfe780529809948ce5ba905e4e194c32e5faf992a9f51d47
359. d4815714acfb46bf6fd094ae04c14f81a62e836738603bf72336d9a71e7f281d
360. d56313b38d47e15af26f7ac22b70064f7c6d5f1f24c25d9caa0cc747bd73e752
361. d65318fa3a876a2de131bac8542361175fefe0574883b2395977e98e21e8748c
362. d8e295752b9e36bef8fc775e1cfbaf31fa25fe110e6caabbb53b51aec8a2789f
363. dfdade71940a6ce3caf15ed580d8caa9cbd9319dd473b4ec573515328848a9d0
364. e2d7cfe5eee480536c05caa4f434217aed38ccc8354d9ef59488eb8850d6a095
365. e3653282dbfe786e21daf4c8021f3f6339db50b0ad842e5719624af2c976170c
366. e460a48992b90741b4b675c7120e3854d668a85c9edc35ee9d46666f45b5082e
367. e612909b10431a8cc21c997d58072b68cddd7565f4a8efffd7d0d0667506d153
368. e67ebb77e3bef686c0241ce1a2f6aeea2b91c328420dca4628c0fe346c5b2c57
369. e6d6d9359999d17619fc6ae9d10578af19c21e518b71c298226f93639caec616
370. e788a77344d6f4356bc7bea3cbd51e545729b793bc0905edb46206569173ce63
371. ec709fc70bf8ee8f889c7dcf5230d9981471624b11b9aba4220f885cdb79c5b2
372. ee4c151c355df4949ab37a7a551b8adba8b2cdbc73c4008013d281905554138b
373. ef3eb01b03f932e4330cc544ee2a1ce12ef339fddec57a7fc7e6d6b3c8d32e83
374. f1f8e00e461f36ded76edf3c4693e6c552f0ea4f057411463e8166b274e7fa03
375. f685f183d36d8d5ff3e2254532159b21f3cb383e5a9d066ea32a0de3168698f3
376. f73edcb71c87b6f376efb397a639cf06d975a40f22de1dca4021676686536e90
377. f9fd0b573f134e2c7214396cdccbe73da3e681a8b27905f6f30790da954ff2b2
378. fd258c5b6780444220cf45c6caeca2d721bd626b2ecc79cd376af342417a1379
379.  
380. http://bullardstowing.com/wp-content/Gr/
381. http://loungegangnam.com/4W/
382. http://personalizzabili.com/images/Rqj/
383. http://cairnsspeedway.net/wp-snapshots/x/
384. http://lavienouvelle.org/wp-content/h8D/
385. https://www.lunalysis.com/wordpress/zK/
386. http://naturalalopeciawellness.com/wp-snapshots/M/
387. ```
388. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
389. ```
390.  
391. <none_seen>
392.  
393. ```
394. #### Epoch 3 Payloads by Document SHA256 - All Times UTC ####
395. ```
396. Creation Time 2020:08:31 23:27:00 (Attachment Only - Doc based - Red Dawn)
397. SHA256:
398. 128bb6d3ed13ad6b8431cae7a0017af5205790edf9cb74f5185f1c9201656c66
399. 147b2878a44d73d59824c41d3772fffe8ce3e08ee36cd697a57b9da52b2bf539
400. 14d7a5585ccc2e1f8f9cde1db38f3165e059530c7124fd8ba1f234babae15ede
401. 178319890e8cf10be10896328aeefb641c0aa775116db9347fecc106e1834fd2
402. 1e2ed9b9b0a102da4704159ab1667beeeeb5bec0cf1023820bca5bcba1c46cb9
403. 294362ddbbc6d64a94931fe8fd5b024ed5c3baa7a0f471ba47cf036ee6775551
404. 34534fbd2831c46322f753ea5ac1240466143cca698412b1969a94c5693d860b
405. 366444fad4f8ebbb65012f3d00113723af92952465cedc8d6806b812388eed27
406. 388f57ffe4f273fa52d1dd4b2fd4a8eefd2b17b221b319f0d94f45e1be7bb1e6
407. 46abcffa76b1ca6572da59cb3424338d1c7b9579d7936fb03a9865bd17742751
408. 479162d8cdaf2db9ac4f2ac7176a11e56b4528581656c15ef047fc956e05d621
409. 47b0ef3f222bfc6bbd174fe78791516ff564de1a9bac96694f85f988bc67923b
410. 543d6535cb5eb53a18b5fe9f23ed7f1f8f00d4cea7e841343a1eaf93ab40e5d2
411. 5fc372f990d1c9843ed3f34244eb577d61db12c08bf2fd242e3e1ed8181175d6
412. 60efeaf8d18351dbc76a6436c1129a30276d853b1193c64fa038834f7ed808a3
413. 6204df434673e2758e76d94a8cf4c2dcabb0399995aff774bff20b2d53ddb946
414. 645c40217a85e5556a240012eecd5aefda15f0047a69065ee105bd41fb511f96
415. 67f7c8073b67fb20201e453036ecf27d79debd012dd915597bffba56fc62d35e
416. 6b098a1d6d14d54856244e7616bdbf835ee58ea6fdfccbbca51fb18f8098d054
417. 7a9d1ab6d214791c1b7d48b57e1f07069dca930d54c59d3e5edf7335ae36311e
418. 7b38e8d14e92be1be8d9961882588c52033d0d72ba5e678510c8cfcf9467bc3c
419. 816b5294f446800d50cd761f4c3c85a2cfeec91e9c296c330dfa10cc861b4375
420. 8342df7154d9a50559f920d67bbd9b1a5e3a2604b14d3882d5977e4cf546b02a
421. 99d38c553bef699e6014482c863072bd48b0d1876771e68dc9b96987d6bbeeb5
422. 9de071e8dfaed14a5e23fcee998a6953c84531ec0a594726ddb96293fea31ac8
423. a7597179bc03e9196c49eb8898729f0c70db7c5c05664c338a91d6415bef74de
424. b017dc0c0213895c1f0e5024b7d39754873b5571a9a0844bfe032375f7b05124
425. b647460956d747501542f7d6e4d1f487b352854af199f5e28860af92c702cac6
426. b680d2edb3da85a35eeed73552433dce51a3ff8a7a410ff4fe13981433ec06ef
427. bdffb62534e67de5bc9969670a5007c1e6f2a63a05f4f8e8f4e376892e103d51
428. c21a5e95783ac2f8ead826e3f11cf2b41d34f52ed007436c0f48b40fdf5f9ca6
429. c21f53aa7dfda2480f22a3012f15f1f122d6c0be01e01585e1339eb36d60938e
430. c9d8fc897ff3b6f05271801033ec34c045bad574f6e8a32d890c2cb7c05095a2
431. ccddf4df1ea68a570e0e807b19110efcd750f35eb2faf7bdbacfa284f0cb47ba
432. d6638b058985ba450ff3a7801c6e6ec40b8e71b3ce3caed8d91a35945d6971b9
433. d7374bfc03de1ba6deae0c14ecfd0ad62a31aa037508c806524a71387c57b12b
434. d73bef235be142e7a674f17d43d7d6322f2f369170318a9d5565e15af9b9db4c
435. db764f0e6799c33c631386d7583bfdaa6004c2b32c7901b9d2c4f9d89b2e473e
436. de6c7f20ab5c074d6a99e2d3121fffea6b8f15396022443e51b3d747ea54128a
437. e1851a8a43444fdf9911390920e5b1dcd69463a6ef44cfb571e5666d30069487
438. e5248c20cc3af53a6304874d3ddb3b4f6f6159f68aa872b13606812eca460173
439. e57e5bea42ee1e8f959916d76b41fa9fd52ab31e829fe65224443a47e4b25111
440. e8113cff4a3da746195e6473aa17f5f0a6c8d75b3f8ba8070437b54cee4565b3
441. efd015c6e50440991417a12410685b81f2a738acdbcb44f62dd55744fd1692b4
442. f9fa027f6814cd06082c0b3da699c8e0f4f3622237a94a53f8bc37adb47e5057
443. fd40fe6e8d2580270ae9abca91ccd8033f736f6ad999f9532043d28230aed53d
444.  
445. https://www.kunstefan.de/cgi-bin/ZwGV/
446. http://loschelder.eu/bilder/t3vb78/
447. http://lblcomputacion.com/img/file/TzRHO/
448. http://m-neumeier.de/cgi-bin/attach/TvaCePYsJNfk/
449. http://linstitut.cat/wp-includes/attach/rtvRd/
450. http://lueckebergfeld.de/cgi-bin/attach/vTDnvuQXDD/
451. http://lichenheim.de/1984/mi55m4797242/
452.  
453. Creation Time 2020:08:31 18:23:00 (Attachment Only - Doc based - Red Dawn)
454. SHA256:
455. 0237924c474f218fddf8d68bcb578c5726b56341c9c2af89324471fe3a70e251
456. 03836547cb9e10b919ea9dc27d6ad61bd98ac1f34519a5c19ab037ba78d59d8c
457. 08cf3928ab06b426bbbbf86d8a81369c70db45b1deacc5b6eae99bad79580309
458. 0a75f8132ca32697b4f7239997d8775bfdc54974ddbe0b263ead3c38d1b09df7
459. 0e25225255a57d05fde895c73ca68f94d0d4e866cb2c6befa9fa5789f5eac52f
460. 0e8f3a40d64508ec6adb8041970033f2a3c91313f69762ef6b037e2c4fb4782b
461. 12d74ba493d2efd7541da450cfa79e86ba017a0013427c38ab1a5e0502b49bf2
462. 13127e5e23ead3a71ccbd5b809ea6a04d54dd84bf5165faf75222ea4a3902a14
463. 138a61427a8e9fe9326de9c2407a2b13d6a3d9028f28fab9d6897d48a5d276f0
464. 15dd212d6bd5414739350132e0284c843796370e97a20276edc58e0d0f712f1c
465. 166030d79147e589971c636f44156cccd68ff186fccf32b6a4ce10eedb5a6142
466. 17be408a215840a006097e13efc026519d9faeadbd761f8e0a7113e7eca31db0
467. 1997f1c188038785795159e1c1546f7d799a212b7d59daa31d20e48b775ebd4e
468. 19b577a4e38af63ee9ba0748bbeaea5532bf994da37c7dbd59df21d2453114ed
469. 1f01b679f5398314dd4fe27a57792811926161bfc75415439968c1a5c96085f6
470. 1f5b0bce54b658885c00b63611363db66f70706014880e8f67338825332f4230
471. 25de42cb8b81c450864d821aa4eff0a4b941600124fb6f2f215401817a6e463f
472. 2b4261ae2e3ceffbcb58d81754f39be3a507cccaf1863212127105c74c070dcd
473. 2da87e84fd9ac3bfdf402c5da21073ec62326c9fa525b183be7ddd9147717069
474. 3223fd0becb05b5d06a9f6ad22d7a3d1fca1aac2f17443beccc0cefd15d75196
475. 32b1d404a32e92f092abdeb5612735ba7f69ae9540f8be832adc85a405a14e0b
476. 3553b9015e1a1fe75a82d5d3d20108226b5b721c667826cc8179ed9db16e18c0
477. 3973883d29862361e4b3b6415bbdd95647902a698e6e1580ecf08a958c51446e
478. 3a67bfcfd84ad0c3e85892780db3570167b759a9297b025407dc74637ed99a09
479. 41c3f31587cbb492b47aed1933cf655f123805ddd0e0a4438f7fe389bcb8de8f
480. 42d28e62b193a122c54c3fc9be355daceeb33c4c9e8a1d572240894c5e557ce5
481. 474d268fa4e629da6f6f8f0e5b4a5674c1c20c4bca45fe39c55ad8c2ca12b8f9
482. 53e79f3a8863fdffb90787c6984b8143160d057721df503ffcdc91558484334c
483. 549286cce4de0ec269f976aa4abfc677bde22d2971550d7369fa66ba5e1b0660
484. 589f57d4a8851a356afa072fdd5ba8626e182dd230c66a9d38dfc57ef4406149
485. 62248ad7658d6e70b39fbd4ce2602e624b7cc7064992b5e81d534403c4350645
486. 662d342c3f762da80af28c7ad3dce6741368b3a28dea0c581c73779d604a15c0
487. 676f9dfa61364871371e981d17a5ce8e2da3f81ab0dd0641a5eabb615419c4f3
488. 6a6d106417ace0f531b64b473894ee722c3dd6bf767e1a3a006b0cebbb201575
489. 6d90077d65c50897859b1c860fc5313618e664fdbe225bb23d3e4e3ff92a3915
490. 708f3684382f01813f8ce73b55a320203d3b3e3e125ee21d3d8dc6fa1c17f319
491. 71dff5915fae3b44e23644552d736225f546d18883023cdf9b0848636e13420f
492. 7a97518e96bc29991c1fd7edd102b5d5d08a9741df53a80b39f375e96581bb37
493. 7ca339765bc9f71e578c98ddd1111fc1a6b23e5ee5fb4c73df997cc29131a864
494. 893bc80d9c2db0505ee96d65192a9b7d522344b33096bf9a2cfc6f86824a0913
495. 8ad9f5565e11f39b768c25929bf2afefee9e948ceaecbfe0d25f036d2c8b9780
496. 8b9d33bce05751a08bbc6f91510e772a0fed2bdb872d23439e07ec82a352960a
497. 8bc51b428aee20c8923d5ec1e1f7e0d3006d0c0e1973dc765a7e7e2885d8a1db
498. 8fb221915f49edaa1a4d11d3f2e93d25e478e19fda35bdb18a71c49d020f346f
499. 91813846642d614d8b94d8fa0fa420b1a2946d52607aa18230f746c88a54b514
500. 91ba982d0d925dda88a7cb7743b91baa4c6c37a60d5916c88cfebf027e1b7102
501. 932270abd76f0ba9c3fa75bcc9f1b128f42b2fa18715e8cbd9066ea6398e9186
502. 93ddecf44a398a220f71c4ca99b8cdbb854dde508b2c7834a93f99db5c1310af
503. 941770ec54f11870215b98433a4b73b886b53ddde4e286b1b2fa106ebbfbecd5
504. 980076ea695b09ed97623898227fca7011a062db1f0c27b47bd6af43c3bc55f6
505. 985a6d52752f1897a5b2273bb4396d8617f9fb442bab06e435f6c7ab8b8d908b
506. 985bc1173f0f262b5485dc331ef99aebb92f40236f6bc68ec1061496b5fc12ea
507. 9a240c7b5b95cc8d9328bb6caedc24408dfdccf6a06ffbd6eb426ff6661004b8
508. 9ab87470d4b897e1673857eaffec2734e30ff1f408ff66c0b46db2d01604c509
509. 9bd31801685c98ad411e7cce9dae72a907a053005f33437f4297f19954e7a4d1
510. a7119a927b4e783d29727a205ac66ccdd333ec81db2527be4884976c73a8c6da
511. acb44abae9e0d234e5b0bde56c51e9d1b029dab25cde9c205c4700f4890f1367
512. b0d6cce80ce209d56186de7d700d77e5f2fe9f6e364442176cc2de087445e731
513. b29ba229523a4b55568d2c23d5b21e615ba772abe7c1e7d0c09f350980eb2c2a
514. b3b73a28321d312161cdf56bed0e82eaa7f57f87b4efcd2f2dfed02159309ece
515. b58c503105078bc6754bd1107f4070699e98f3c186b204d5aa9e07f4563d10f6
516. b66fe2ba061ae07e67dd0274f42ee5aa70d22adeb096955226a0206afe3d963d
517. bb1521bb366e6c2d0f8221a03f10972a69dd44ebf198e3c4e4bda5d130944605
518. bbd26195d01da91e6bb4a19bf71dd1cd137b1fad9f056a194bfd86841564d8d5
519. bf72abfc3fc1160b5a003c775cc30d6113c980ffdf77b299efdf6ad605af1ce6
520. c007bb18cbb8ba7fb9c71021183aa64589d30633af914697d94f1e8679af8b98
521. c21c94af99c6f9ab602abf3c0c6fcefa6ec4bc1599721f6db4dfd220983b8418
522. c824e1b026a0895beb9dd3b7d7d3d786369cb9fbd94fd760f888c0e9dd0be61b
523. cecf70ed40a72fea077e9fcb3726b46ab7382250622de5b6c8fff439118216c3
524. cf1ece29b7f8224cd20d9cfef8dbb20e9948f411dcdb9914a6e729561513086b
525. d075a63f41ca211ab9bae8eb35dcae601dd9d3b0b951cc2d0023f656a5734254
526. d096882f9029289700df6208145ee99061f631c59454f28cee9aaae6d63cb0dc
527. d3621f1e0561d4c08388d03f547d41ea9abcc51ed7a411bfbaecb2199367edc7
528. d50d575b33a1078c28c78166a7118ee501f06da620263b8dc470321bae1384a1
529. d7dd042e986b1b41a533d5522195545485b4c1d46eabf2f9c591a7fe3f2490ba
530. dbed477a96830874e8dceb1cb2a95b3825d37a487f7900acf11972e628670f29
531. dc8ed2855037b17ba0f39f85aa09358688ffd7a9abfe3362e11dc35027d9be6c
532. dea61074c852e1de5274e7281950c9276f9c6591916da8f7058ee49af647c5c5
533. e07803cc52916632eb21a2167a629d2ecfe11dddd7f8113c9ec63ccce1696d30
534. e3d3cf95c72f3286a6c0c3462789150902a04f3c87996da5b4260d9b9e9daa1d
535. e401d04bd07d0eedb05c31a6b67e4b4510413ccfe4ed30b0c35c71491e7bd217
536. e4cc9218d53e7f8dd588df6405a5f223f22c253955df7ad752c105bb1a3e5536
537. e73957c01b445929782ccd0a3674d1d3a8fa180804141305d05d6ea559b330f6
538. eb1f7279f41ab731b139125828cd2cc1c58aa38c325ff04045b1815389c85815
539. ed3d9ecd2e4012e11facea9f2435197f613a011a70c7703d9733dc6c89cc04c4
540. ee94030e44ed96036535ed4f7a0ba5475570ada219b5327c30584101cada033f
541. f165fd0cf4c5b055f343056c32f6aa95c348c29e7e895e3210b507228d01d81b
542. f38bf8039136ccb2b499fc54847cf70f2016cbc5c43f98e7366c7d2f8dfbeaa1
543. f5733984f2a6f135848cd478d8470380ea5247e107ece657b07c700e03d75403
544. f833804f550acf4fea00807fe963cf76d306a59c5fbd7f70a4fd546eeaebc9f1
545. fe8452c30198d19eaa3c1ed851b2ff7779d1849fa5a469f13960ff260b0a899a
546.  
547. http://lepik.pri.ee/melius/tv471975685/
548. http://metanopoly.com/cgi-bin/Krt1152299/
549. http://michaeljunk.de/assets/file/HcQLJ/
550. http://minerva-bg.net/tutorials/attach/ntHZgJIgtRB/
551. http://michna.de/cgi-bin/attach/LUHJFwPAGqOw/
552. http://mietelski.de/AdvancedGuestbook_01/uy0gyfv41428711/
553. http://miragestudio.ro/journal/attach/gCmLwZCcGjpMe/
554.  
555. Creation Time 2020:08:31 11:40:00 (Attachment Only - Doc based - Red Dawn)
556. SHA256:
557. 03802a7965c650d9c86824321718812f7d101cc44f59c9f659d86feea1735907
558. 044fdbc51c100ef572e4cf34e0ec51221d70d5bfff7b8d3f2bbaa666cb3df22d
559. 10c4a2d0ca3dd6f11bd257c38b81ff736f30fe80ad8c6ddb589b11f480fc4569
560. 12c81b98ad2e2e5d47acbea81ca802b2c617affd2d7775db5f2bdc59c764aae0
561. 148e91350346f3a2a13907ac86a58ab193dbe04f2bea449516fa419441514049
562. 16170e26dc61a86bb35e41adac8fc6f15fce5646f1fc6ffa61e1a55b06631f2e
563. 168c90f4f9bcd13f81f1d76ac1f017df9248c9e21216053be4ae34b3194ab604
564. 1cbfab1768cbb0e70a7835d4fd857df40226b7e2d5618fd286e1e3e06337bf87
565. 1df6cd418d3fc7b143da17129069ba83483eaba555ed73b4c270ec89db85b428
566. 2244c7eb643ae36fbc2b3a52d9278f0b9d64e0c00f349b574e05c06bad0f0ca6
567. 2423255ad0d7131e541becc3dc58416b51ffe9ed6a049fdd4e90085a9bc89eea
568. 24b8b1c4b9cda4eee0509644826be529ac67e1fa12b095d1a640d98c4b678f14
569. 254ec11f49ce6199873bb5468a38842e3ffc7b567abbb7b4ec681333a37cb9db
570. 2789fea20efac0dc1c91cbbbb78f611000878e7a677c703c0b97413f86843d51
571. 27b5c93d1837ab197ff0cb0825509693857e1829e1693bb3aab7caa2e193505c
572. 2aabc772bc8f7b47f3c7409e3ba7a68a2c2e1e4fe8df24958ca2f5b16198ea85
573. 2b8cd281015d967a8188363ecdadf17c4b41cc51fdfc70bb9201104b3f17942d
574. 2bf9269abad08ac7fa07a746c7d1242068c53f873e245c7753ef17fca4cab58f
575. 2f9be50929b12cf8eacacd8937d09b4700433e8c1916b36778b806295601cec1
576. 33268353c9e702b4a43f8fba331e6d1ffbd6ec6fd41b8f3c05768f88242d696c
577. 33fa55f83095f0633ea603b6ca4eb1b5f1e2b5d3d44c12842e78cb077c434724
578. 39898bce945d07827fe5cfcfefa8183b5ea6ec2929885ebd040bf29b5699749a
579. 3eacc05c21b3bebb602d5d6fd06f0262f1e50b61bceaca89f874f3d9cf94fabd
580. 43224f824f88b2dd522a36304be723baf228e4ce280a16f810a32f02e16d154d
581. 4420c008f5a0603d66c1f4ac728006eb0b2f9420a911f9fc596cbe585ab5d07d
582. 47fe16359a0fa1711dd0811b0bf49b36e2b53205ea0eca97c69a4f1daaba3af1
583. 486131e7eabae56d05a6c6938bd2ca3ed56f86f262a7cf956374435ea5334eea
584. 4b408c21241d850542a7d90659d3652776d8129b360095ec5e365412ff4911d2
585. 4da4a6dd79de80332523b4665e9387b9aed6ec63ad256df1d7b44a5027414401
586. 4fb6a29822954553488b637ff8cbe00f095a1be70efed5225232ea9aa31312b9
587. 50e14b5b1a08ad246f08683448eb71566304d1f1e3f91375a2e0006619e37b2f
588. 58b121e00764db2ece170f767840f68b0a6acc604148ffddfdf2016726d21846
589. 5a2ef1ccc048774eda9a276fde8747cb1cd84e7144fe81328272fc7ad82c3931
590. 5a3dd2c9109448f080e6454d9c622b7a5eb55c9be04319e6f6e2485bf624e54d
591. 5c988b54e483991f4df376fcd1c4b40df9d51882cac63666d7ac4e6009a2ad64
592. 5e921f17deb8d172b574085e44e063cd63cfcae73335c6d6a3464480a84bc497
593. 678427820c3c52e26a09ad1bfd28f149decd2c4b0174bd7c0e53b510cf221fad
594. 680f836c5a201e6101cdff26ee5879a6ae90490d1ffa83161144fbd7c6a9deec
595. 7e70980619675f67c0ff6f35380fa5ad4c111a1cbaa1fc5179281c175ff0c233
596. 7e9798b0d610bc7503d5c34885095fa355622f5f3a1fc58c2c28cfe5441804fd
597. 7fb03ee6931d014d92e4d1c3d8c19a06666ccb43e85f8255318380ecbf80e4d4
598. 81de7a3bddf49ffedd3de645bbd57d51b71547c867a57ca522f9ed5417e363fd
599. 86b7567dfe314da998fc09539948201ca528431354ff247dfd17c814c9f91e46
600. 86bc47986591458f3934c3ba1afb39795e66c4eb3aa0959f75b968284269ab9a
601. 8fe81bb85d5eb163bc3d59bd3b5dd56cde3832a6cded7e21c1c140690513e424
602. 9000bbe3f641f428f0492bfdd4c93e445ef245b6dc7d45077ea33d46e16284bb
603. 900182755baa887ccbbe49ed6e0d7d6616280473ce670d778683123739242625
604. 90cafb8a2d2bcae30673a2b873898ba57448276f3e87b2dfe723df804da4deab
605. 92ab7ba62bdb8f6b474b2d6b0c929538a29aced0dcc7cdf70c4f6ad613e187ff
606. 92de21ca1abf9940d9a8636f9d3295c99916295a06b6469d52878b08ae91d76e
607. 935d16f2147a2bd3cb3c4530034f8d1a2a7f553d3d2729cf5f87ab84a7340540
608. 94acff41c19735a6b7538831c235c7be4f8effe67d5cfc12f0cb83d2971a168a
609. 94b2b63418ec3d2f9d1dcf03c2a70d6ce6d07a8decda17ad7691d48f6fe7524e
610. 94cab551759cfd2d947d63421c178bea40b9321a05f1ae98981f88068df0216e
611. 95ce6e9d45f9d31ed5efe6bcea801bf8e83793e1f3cd93b8806b99991c3469b3
612. 9ff826bddb174af51fd8cc9d753cf4f473381597d923a31c175b4e09b2d78a0f
613. a1cee4ac95ba3f905f6473c47cf15978f372569e11be570bc458dba5f3a9c1c5
614. a24950e3d254769aca717734347dd36f52ba7e9fc33f2821edaa5c0e6642ee52
615. a666d6c44b6bf3f6893114529f89e10af09c8f57ba7a90fc942429facdf201c6
616. aa7ad1c65dec364f38ed8da24e1858ebc9814f228236bd4bb0c8361f0a0368f1
617. aeef77c827a2495810e27c3a5ce0e9f3d20bfbeed5d09da0c16585123c865461
618. b0ddb0b8dd8a912ecffa2df232d0a7fbb8ef129d751c032a1906160bc91d1b8e
619. b6bc0dc5f1d0c5624835e86e8108dcad72991d215f9e84ead8a792cc01f4f778
620. b947ad138fdad09257a1ea974bf84733005a66e52557a34fbec4c78456ad94ed
621. bb831bd9b7d8114d376c0468033b1d2607c3c879ef7e9c4619b9307c415ee509
622. bed303c200833b10fe84b60be016a9468e629e23dae4e4e64cb0c93a55230ee2
623. c0b4d9c1acad54fe725336df56f9826d7aa221834341704f52ef91e3b1acef54
624. c2bb21a17a30b5fc0bae903f82f7af5213e2858cc24dc14c2deaad326a579a37
625. c485b748f4cb8ff395eeaaed0f1705e5ecfa9c7c298524dd69e15cf22aee251e
626. c49b9e4eb3f4acf56c0e4a86072b05c5e1172e216088c099ec317b2a4a869e12
627. c7f81c163921e20848234372261d896749cc4147670f14cd178ba87342074bb8
628. ca11cc39a15bc995654ff7ad48f45105fdfda56775980fd8bdba701b3f4e7439
629. cf48bcc02d090b7bbd70d27a38ad275082de595b7bfda58e054a86bcaca6ae64
630. cfd181cf1dc66d647cd0763203b10fdc0e27969b29f4fbeb375c07e06eee36b1
631. d3b5aadde64a418f141ee5acaccaf3f8cf4ab0816bfa9a5a70b813e18786e443
632. d46672f493f70d90e0fe91eda5015200329f75d40d4bdf6a8973eb6a8182ff09
633. d652a02c2b967aadeac32482fe9b456ab219185e4cb3284e18123d5d17b18a04
634. da8527f2887d54e89c812e7378a69de47f09a642c0048787c9a655dcf2c66e98
635. dcc0b981fb45704968b7fa3d44e91f74109d923859bcb6b096175a3a28cb5cbf
636. dda2c30e53a2914ac03f106b1b81cefce8fc795969a9453fe9cb5590eb7ac0e9
637. df21cf6b7007ec29db8b3d0dd301e482533e245eabfd9509ab5fd030831e0e77
638. df47036f954505fb857317f9037d9e8ce14285f1dbef2cc2fbec11573dc7da4e
639. e23cfb13d381d64362d7033f866d44678001a5c7e927cf5ae93de289b51be6c4
640. e2a37e23ac12a37f5ad97f9a13f5bdb2ca743caaf2735d4bff888f63ac1861c2
641. e300da8886e2d53f60ccf1f41b7cb462f5f9f220c6ec538f2c295589369c602a
642. e64d51cebc53248d6e18c55d4eb251dfa6989c59cdc316442e404ab035da1270
643. e6598fa8e94bd0fe0079eb04a852929dd6d3ef39da847a82c31e8b027d7e7846
644. e6c1f8587d9b3cbf1ae24393378e17418e84880f649d03000757babc1193511f
645. eb6ba7b2403b1eb32ada09547f5a6cc993760aa8ea1bd1fda8710b740dfb4886
646. edd27cb5e37ded52f1e329239f639da06911e463b580135146752871e30c8010
647. ee994e9e140d12503801dfb5be50d53cccce5d2823e31ff6b83f3c3e3964743c
648. f409f5f0913c6d616af57307e5147513d8b7302fb775e3830fc9de94c8e6933c
649. f5e2a41146ff0f77044c1c905e145e8f95348d152473b742db96f45e45f78e5a
650. f813e24d94ef9f634b02df58f74ab898b56a23a8cff5862488b69065dcc76d92
651. f98bfbb853da4e8af4073d9bc98f0e9c5452c7c3d8d140e0b430df57aec315cd
652. fa794407f6f1d61f0c252108dce87de04bd5c6380f053d9b0b93f9925a8af6d2
653. fadded23503074fd38ecc29a47fd14ce4e9fc13fba341a2e3afc43769ddecf89
654. fb94b574c03127c6fc8829a89d9b374a4cc8a668303a2a436d5f2da23179eb98
655. fceec52a717c3791b1aac33c8d283f16ac2a8405cf45dc4b47c2e21df833b3f7
656.  
657. http://metalscape.com/cgi-bin/file/gpcO/
658. http://ipjornal.com/wp-includes/rest-api/attach/PEvGOxIIjl/
659. http://megastararena.com/aspnet_client/file/ZVsjSRDKYhS/
660. http://md-trucks.nl/wp-content/attach/fnwCNN/
661. http://modernmanna.org/isc/file/ehUxY/
662. http://farli.com/cgi-bin/file/GwrvQA/
663. http://goldcoastoffice365.com/temp/JVjhjq/
664.  
665. Creation Time 2020:08:31 06:23:00 (Attachment Only - Doc based - Red Dawn)
666. SHA256:
667. 04ba81f9a0097fb63ff9164904ffdb1de3fc1fefc0aa6a902554df3e46db8e73
668. 055cf988ac487466223471f7c372faf71d37751f8ff13637aea07b4b9d27bd7a
669. 065d097c043c88c5ff9ab603a2e84dde0dd5171d0cbd81ecbe770ff45bb20b7f
670. 07dca636c8548d668f3c81e10f0fdf333da7578087c77c6e2a711485b19f3f31
671. 0c2c11af81726a68adbd88e683799a82f3a4c40cffc9752a3f70f37c1ba7a8ee
672. 10253e651139568714f628824f1744a236b2b3124a062a7c6847b05b00c38f67
673. 11527c23519cac6281ef4c1780d56c97e15c3aa9ba4799dd923afb91b28b8d17
674. 13e63b4a863d868412f60ae642a960bc58eb313228b0a95c880fd99276fbfb51
675. 14d6d118b23552eaf88381f84706e1512b094074fc53a3db77ebbc6f53d6ff51
676. 153f2bf072cc329309a0ec75f5bd7589c1b216973d3f2e94da71a0e8c0a3dff5
677. 169b9dfa583e425e5fdd20c68f95c2b61e3c6e50451eda7457fa2b22810f2642
678. 17461c85b2410cdada7f8ce24d34e87d06d6787166ba1958bd0aa0dec5fbcf0c
679. 189b174f7dfb6924c074c4f9543cd93634691c7cf60874d2dcd5c7af6ecfa858
680. 1dc459763b9a6247bd9afeb0f20edb41189d3c42a791a24bc39e1fa451e21092
681. 1f1cb3015c77662ce350174acdfdb2dee2b76b978a12a68b169a620ebb5a0da9
682. 1f44f01155632cfbff8297f400cc5a8d292b8cfaf06615ce3245c182eda878b9
683. 2008559026e78789d9a9c9ff32d3a3781cf77bb0b197a56e8a28811a43dae630
684. 24835c9abf72ae71f54ca046e506c9c74da69009c7c23eedfd39cf6e406a52b0
685. 24cdfe27817435d988b843c6a164f61a13efb46c68b7458fffb7458bfc11f278
686. 2a447849f65cf55b3b637b743116dfe5314032f17dec6aedac75fd5651969562
687. 2c8a2db80260d38048db5f3f84d04c0320b9b07912d1af808ff189ddb02c6636
688. 2c924ecb6b15c0f6a2df95cd6128120cfa02c8745a956438d2508dad0155e57f
689. 2d9fc81bcd788443652e23c67a6b6889a673fd9f893f6e856ea3219be3250a19
690. 2eb73a76161df654034f33635ad5b5d8819346d29c9f562710ed7719b56b4437
691. 314f36a2af1a10c72d988dd4d1d2d46b1e144d0071edee22520a34c05ae4ea78
692. 3b36a72f76f07877a8de0800e58f839dee4244cc9df61adcd1dd3ffd60bbe9fa
693. 3b77815a0827b300c4af387508362cf7a207cf1a761a7cce34d9d3b4962e1bbb
694. 43ecc17de27424b4a957452ffc44ca14b7cfa6e8fe41551a5e007e2762b558c4
695. 4b6461f0229a8f9f012010aae19e8d4c25d8b73ec82bdcc7bdec31c2ca26ff62
696. 4d7c150cca29e535c18677e3ad379d7c067351f7bc0db3599242f14a03827895
697. 53a4db2eedcdde6c29856891ce674e7b0c2d03c8efee0161d1148f3db76b3b45
698. 57e3bded5117ecd7d4486db1479c86984c3f39383f60622c3b77a56cc47c39ac
699. 644a1cffed0ddec09ae6725d9f657d09dec1bc7bab4253aa1d68c9cfdf7663b2
700. 67bd420bb65a37b7af8a333979bf1fc8445c4e53dc79f47c13334e84f0741a62
701. 683d4c3f243dbcb19336f53f5b05ac76df07fda1f752dddc4c95af1432e511e7
702. 687d0751db61209ad6b84de4436504c84917e0277ab1bd8a27e48d67733268a1
703. 68b55de1bc0660fbb9ec1030c2dff84e08b98d208a0fb2829583424c4d19beec
704. 6c570708d885568984ae8cc66f447f496d57992d6f44606697cabd31b2384de8
705. 6da77ef3bc3ceb6ba2a9df46a8ff362416ab0c5567dac867427ae291bee54af5
706. 6f09003954ac4b44117dead5af7362d68c63c5e1a7f134a673e7d43417e72dfe
707. 6fac04d931d3ae0d28355d4c0f75493cd4816a7a89a51b2666224a870214820b
708. 71f9aeccd32c53902faa39372afed53dcfbe5b7b9fac488a0e406b70c3e7827e
709. 77ab1113396dacf4ebb8c4a5feda4346097223c275226f6744a1c91487bf6e09
710. 796e8b14dcea3eb437eba9acd2ec211a65447885de7f8422bb9ac8d7af05a9ba
711. 7ac9735d8b7df84c35e6ec003fe3aee2aabe6fd60da5d120a86a122697e12d74
712. 7efc1ad32d28124229244d0bd73114463a2da2779efe30e3e059977b037ffdf9
713. 8375de9b238317a662121fa14cbb303ee77ccc72edc917a60573849e816b1671
714. 83f694f781c656656a378d4779281b43817dbd2f40c174cd15379cfc91a94f97
715. 85afe8ba94eab50e54a99ae56f95a59b6fba87df59c9da7bb98b8da236d781f5
716. 85bf84f69942bfa8f43e62214e358e47c6e87d5be44ca530c47163674e629cfb
717. 8693324dc27d9d31c809ea7550b7c02d585d78b99130247286f685a394bdb3ff
718. 89a7868e275f728f28f6134cbd762fcbad32892002866f47d2b2d76a8c2b8519
719. 8a11390dd11a8c4917fb327a06ff04eecec96547069164803da089950faa194f
720. 8ce779a1ef6bd85bfd460f6cfa483f6fcf52efa2f4dee173e8546d7ceda4162d
721. 8e22cc43153405ed278075e442714d045b2bab368f812f9a6ed86fb85b61cae7
722. 93dee963b5d48ee0443d6708d31fb0ae2a20a15ed92331d681445860c87315e2
723. 994fc3e217d7883e4f48b585439f9673fb04b998c3496de75e6d18399767591b
724. 9b5d620ea9823822674f9fafb9775e3b9d2db74eca8b94b6ad371fb4dcf93340
725. 9fb0ac9b81225448ffd959d10a69e453c4698173c74fe8330018bebfaa091f19
726. a2311e7d5bad5076197267b0336fa9c68e31062fcaa39b053748791581262ce8
727. a410e6befb43eab305eb062a4abb5e4e52068b8f0b0a57d96efc1c7443760eb6
728. a6b3a825f40284d03efb30358fcdd545d5f28570a6ded2d7d44c8e45fdc8a0a1
729. a74d193b79ee0014f7ea6eb3c5d10b20b5eba09c026a748158fc08120d25e73d
730. a98e94c9d814b7edcbeb1347bca4d8f61163cf3fa518fbc006fd2db569004b30
731. aaf8a6e1f6dcde1cb78c9bfbeb54a0d1ecddf349bd28c9403e284edbd5b9b20c
732. b5f83656544a5436a18cf8a556642c0a0ce76fe3439fede2aaa378bfcec9faaa
733. ba784780717c5e44c006620f744cd984d9a6a5c5cc3ff3e55e3b7b1594bb748c
734. babdda591943b900890489d5060c430c537f9049b08ff0f5af3ee69b889ab82f
735. bd39426e04bc0ac2829ab8c09b1e0214347e613ffb07a7c243f7ed91395339a9
736. bd459b5bed1b52206dab8b79964a13ae211290bdd38f95639509b59f2fcc895e
737. be8fb2e5576f2a6b47d3a16c7c41f9a29f807331a8fae9bf7e35e13ac1f96aaa
738. c19f2519164d13bef922745b278caad9979831f54d1815670db08fb96c8effd2
739. c1fe259b68ba191a7c5f3a2030d7da2d29cce12b1ec0147c482ed71f84869586
740. c4f89ed961d30e1dfc71d2522221268a2e862fc28aac447109c919776012fa27
741. c842e9fa54bdec7fd78df0f7e156ec7e3009cc78bea6e3e5ad14ad87d8ec8fa1
742. cccbd28d0d357e079e45a373464d75b7f34232267bac1c187ff9cff35dd34a68
743. ccf04565bc8783fa37b94911f40d994b44980d3c047face8f2bbb561df12822b
744. cf044a50f50912676646ac70f8abb80f1d1d198e8c060f8418a0a5085f29f800
745. cf3048836a4600773c60eec336509ad94561deec004046b88100b836d3f0ff73
746. d657150e18f950e18bffe381176091752a6020807438f3c3ac286b58d182511f
747. d6bdddec2f50252f29dc7954493b4770eddf4b310943404414339c2be8284644
748. d8d8ff8c6a3286d1f8e1902dbcd296479ce2ee073f74e48d8722fa8ade317bbe
749. dbf961639006bd811cc32a0395be8754ea085a7159f7286f1738c6c13c77a949
750. dd6cf51bcbb8dd7c002d127b37d4598cad34d2442eae8dc52e2d9aa32c047f34
751. e14a47a3d5571421f79b10a87b3502ed8d49c6aa07044e7a6418a0ac7ef9782a
752. e27bfe4e19c00e2c8a236fe94d3ef32962ad2cd1f012b7948edf37acb0fe8a37
753. e2b05efc6dd935c9df7b9895937e8dfa066ed18b2705061a9fa95ef789083323
754. e5e05508993a74454fe49bf6d59af23b100c9aa987b58e90f8aed31324e48c67
755. e6f95d5580dd7b89529a61ca8b7ec24e1a78c17e9346af9738bf20f85a5ff6d7
756. f0299e00446b158363102e3301c6968e3066339c9933d0567fdbc04802d31687
757. f337c1762243d13b5ae3e9455513cc260b30b3b37577b2d0f13723714d6e2f74
758. f995756a90a4e4c97103c82db8508d060acc0db9e922f4bec5ac613c5d908a0d
759. fa98a40eed21a81e36b75b16d9d3cf1c6bd5f57b496bcd0d2a5973bfda3cbc4b
760. fb730758e7f3f054accb47fb435a2c62304edc34b7e65dab83a94eab31182b40
761. fefec6cd3f51a9a4d1bb5e73d5ba15f31f71526f9dca16bb37cf1054e4a184bb
762.  
763. http://gallerygreenscreen.co.uk/wp-content/attach/NHIazkHqI/
764. http://facee.fr/wp-admin/file/FAbuFjTiekl/
765. http://kr888.top/kwwm7kcne18599609/
766. http://cypressbrook.com/wp-content/VeoMiVnkau/
767. http://proteusleadership.com/think/37sb365521630/
768. https://mitech2u.com/wp-admin/k5myjn14031141/
769. http://radyantisitma.com/wp-includes/attach/tYnW/
770. ```
771. ### C2's Per Epoch ###
772.  
773. #### Epoch 1 C2s ####
774. ```
775. 216.10.40.16:80
776. 91.121.54.71:8080
777. 209.236.123.42:8080
778. 77.55.211.77:8080
779. 85.105.140.135:443
780. 138.97.60.141:7080
781. 217.13.106.14:8080
782. 190.2.31.172:80
783. 94.176.234.118:443
784. 191.182.6.118:80
785. 111.67.12.221:8080
786. 91.219.169.180:80
787. 70.32.115.157:8080
788. 45.33.77.42:8080
789. 177.73.0.98:443
790. 219.92.8.17:8080
791. 212.174.55.22:443
792. 189.2.177.210:443
793. 46.28.111.142:7080
794. 37.52.87.0:80
795. 45.173.88.33:80
796. 103.106.236.83:8080
797. 87.106.46.107:8080
798. 104.131.103.37:8080
799. 190.6.193.152:8080
800. 65.36.62.20:80
801. 152.169.22.67:80
802. 83.169.21.32:7080
803. 98.13.75.196:80
804. 51.159.23.217:443
805. 71.197.211.156:80
806. 170.81.48.2:80
807. 190.24.243.186:80
808. 178.250.54.208:8080
809. 104.131.41.185:8080
810. 181.129.96.162:8080
811. 213.60.96.117:80
812. 95.9.180.128:80
813. 64.201.88.132:80
814. 174.100.27.229:80
815. 82.196.15.205:8080
816. 191.99.160.58:80
817. 114.109.179.60:80
818. 72.135.200.124:80
819. 45.16.226.117:443
820. 61.92.159.208:8080
821. 2.47.112.152:80
822. 186.103.141.250:443
823. 190.147.137.153:443
824. 178.79.163.131:8080
825. 70.32.84.74:8080
826. 67.247.242.247:80
827. 190.128.173.10:80
828. 186.70.127.199:8090
829. 190.163.31.26:80
830. 192.241.143.52:8080
831. 190.115.18.139:8080
832. 178.148.55.236:8080
833. 185.94.252.27:443
834. 77.90.136.129:8080
835. 188.135.15.49:80
836. 189.131.57.131:80
837. 68.183.170.114:8080
838. 184.66.18.83:80
839. 50.28.51.143:8080
840. 51.255.165.160:8080
841. 85.109.159.61:443
842. 190.190.148.27:8080
843. 172.104.169.32:8080
844. 213.197.182.158:8080
845. 187.162.248.237:80
846. 72.167.223.217:8080
847. 217.199.160.224:7080
848. 188.2.217.94:80
849. 24.135.1.177:80
850. 137.74.106.111:7080
851. 206.15.68.237:443
852. 45.161.242.102:80
853. 219.92.13.25:80
854. 185.94.252.12:80
855. 110.142.219.51:80
856. 77.238.212.227:80
857. 212.71.237.140:8080
858. 204.225.249.100:7080
859. 82.76.111.249:443
860. 68.183.190.199:8080
861. 5.196.35.138:7080
862. 181.30.61.163:443
863. 177.74.228.34:80
864. 199.203.62.165:80
865. 177.72.13.80:80
866. 58.171.153.81:80
867. 73.213.208.163:80
868. 24.148.98.177:80
869. 190.195.129.227:8090
870. 192.241.146.84:8080
871. 12.162.84.2:8080
872. 72.47.248.48:7080
873. ```
874. #### Epoch 1 - Spam C2s ####
875. ```
876. 93.115.23.115:8080
877. 80.86.81.31:4143
878. 54.38.143.246:7080
879. 103.80.51.122:8080
880. 104.236.168.190:7080
881. 145.239.64.167:8081
882. ```
883. #### Epoch 1 - Stealer C2s ####
884. ```
885. 45.55.82.2:8080
886. 88.217.172.165:8080
887. 192.95.4.184:8080
888. 67.225.201.19:8080
889. 81.4.105.175:8080
890. ```
891. #### Current Epoch 1 RSA Public Key ####
892. ```
893. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAOZ9fLJ8UrI0OZURpPsR3eijAyfPj3z6
894. uS75f2igmYFW2aWgNcFIzsAYQleKzD0nlCFHOo7Zf8/4wY2UW0CJ4dJEHnE/PHlz
895. 6uNk3pxjm7o4eCDyiJbzf+k0Azjl0q54FQIDAQAB
896. ```
897. #### Epoch 2 C2s ####
898. ```
899. 67.68.210.95:80
900. 142.44.137.67:443
901. 162.241.242.173:8080
902. 45.55.36.51:443
903. 168.235.67.138:7080
904. 91.211.88.52:7080
905. 5.39.91.110:7080
906. 209.141.54.221:8080
907. 104.131.11.150:443
908. 169.239.182.217:8080
909. 109.74.5.95:8080
910. 93.147.212.206:80
911. 180.92.239.110:8080
912. 24.137.76.62:80
913. 190.160.53.126:80
914. 139.130.242.43:80
915. 79.98.24.39:8080
916. 78.24.219.147:8080
917. 87.106.136.232:8080
918. 87.106.139.101:8080
919. 95.179.229.244:8080
920. 121.124.124.40:7080
921. 120.150.60.189:80
922. 84.39.182.7:80
923. 97.82.79.83:80
924. 85.66.181.138:80
925. 139.162.108.71:8080
926. 139.59.60.244:8080
927. 24.179.13.119:80
928. 103.86.49.11:8080
929. 167.86.90.214:8080
930. 85.105.205.77:8080
931. 152.168.248.128:443
932. 98.109.204.230:80
933. 204.197.146.48:80
934. 157.245.99.39:8080
935. 200.41.121.90:80
936. 47.146.117.214:80
937. 137.59.187.107:8080
938. 201.173.217.124:443
939. 67.205.85.243:8080
940. 107.5.122.110:80
941. 139.99.158.11:443
942. 173.81.218.65:80
943. 45.55.219.163:443
944. 94.23.237.171:443
945. 24.43.99.75:80
946. 174.45.13.118:80
947. 75.139.38.211:80
948. 62.75.141.82:80
949. 37.187.72.193:8080
950. 46.105.131.79:8080
951. 200.114.213.233:8080
952. 113.160.130.116:8443
953. 174.102.48.180:443
954. 5.196.74.210:8080
955. 74.109.108.202:80
956. 194.187.133.160:443
957. 95.213.236.64:8080
958. 94.200.114.161:80
959. 173.62.217.22:443
960. 74.208.45.104:8080
961. 187.161.206.24:80
962. 216.208.76.186:80
963. 190.55.181.54:443
964. 137.119.36.33:80
965. 1.221.254.82:80
966. 41.60.200.34:80
967. 62.30.7.67:443
968. 37.70.8.161:80
969. 172.91.208.86:80
970. 203.153.216.189:7080
971. 174.137.65.18:80
972. 74.120.55.163:80
973. 50.81.3.113:80
974. 70.121.172.89:80
975. 61.19.246.238:443
976. 37.139.21.175:8080
977. 47.144.21.12:443
978. 83.169.36.251:8080
979. 189.212.199.126:443
980. 203.117.253.142:80
981. 176.111.60.55:8080
982. 68.171.118.7:80
983. 89.205.113.80:80
984. 188.219.31.12:80
985. 104.236.246.93:8080
986. 185.94.252.104:443
987. 181.230.116.163:80
988. 110.145.77.103:80
989. 104.131.44.150:8080
990. 153.232.188.106:80
991. 112.185.64.233:80
992. 68.188.112.97:80
993. 85.152.162.105:80
994. ```
995. #### Epoch 2 - Spam C2s ####
996. ```
997. 144.91.127.82:8080
998. 167.114.122.37:80
999. 219.94.242.134:8080
1000. 51.38.237.230:8080
1001. 217.160.19.232:8080
1002. 89.248.250.44:8080
1003. 95.215.46.191:8080
1004. ```
1005. #### Epoch 2 - Stealer C2s ####
1006. ```
1007. 151.236.60.57:8080
1008. 159.65.222.75:8080
1009. 198.144.158.120:443
1010. 195.14.0.12:8080
1011. 23.111.136.190:8080
1012. 51.255.40.241:443
1013. 87.106.225.180:8080
1014. ```
1015. #### Current Epoch 2 RSA Public Key ####
1016. ```
1017. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhANQOcBKvh5xEW7VcJ9totsjdBwuAclxS
1018. Q0e09fk8V053lktpW3TRrzAW63yt6j1KWnyxMrU3igFXypBoI4lVNmkje4UPtIIS
1019. fkzjEIvG1v/ZNn1k0J0PfFTxbFFeUEs3AwIDAQAB
1020. ```
1021. #### Epoch 3 C2s ####
1022. ```
1023. 210.1.219.238:80
1024. 162.144.42.60:8080
1025. 134.209.193.138:443
1026. 68.183.233.80:8080
1027. 172.105.78.244:8080
1028. 181.113.229.139:443
1029. 139.59.12.63:8080
1030. 185.142.236.163:443
1031. 113.203.250.121:443
1032. 74.208.173.91:8080
1033. 173.94.215.84:80
1034. 31.146.61.34:80
1035. 115.78.11.155:80
1036. 95.216.205.155:8080
1037. 82.239.200.118:80
1038. 81.17.93.134:80
1039. 179.5.118.12:80
1040. 162.249.220.190:80
1041. 77.74.78.80:443
1042. 24.26.151.3:80
1043. 188.0.135.237:80
1044. 192.241.220.183:8080
1045. 190.53.144.120:80
1046. 60.125.114.64:443
1047. 50.116.78.109:8080
1048. 2.144.244.204:443
1049. 192.210.217.94:8080
1050. 201.213.177.139:80
1051. 81.214.253.80:443
1052. 178.33.167.120:8080
1053. 186.227.146.102:80
1054. 201.235.10.215:80
1055. 37.205.9.252:7080
1056. 198.57.203.63:8080
1057. 175.29.183.2:80
1058. 181.137.229.1:80
1059. 185.86.148.68:443
1060. 46.105.131.68:8080
1061. 118.101.24.148:80
1062. 115.79.195.246:80
1063. 188.251.213.180:443
1064. 88.249.181.198:443
1065. 91.83.93.103:443
1066. 5.79.70.250:8080
1067. 54.38.143.245:8080
1068. 45.182.161.17:80
1069. 91.75.75.46:80
1070. 37.187.100.220:7080
1071. 190.96.15.50:80
1072. 189.39.32.161:80
1073. 181.122.154.240:80
1074. 190.55.186.229:80
1075. 203.153.216.178:7080
1076. 157.245.138.101:7080
1077. 190.225.150.234:80
1078. 192.163.221.191:8080
1079. 107.161.30.122:8080
1080. 197.232.36.108:80
1081. 172.96.190.154:8080
1082. 113.161.148.81:80
1083. 190.164.75.175:80
1084. 75.127.14.170:8080
1085. 177.144.130.105:443
1086. 71.57.180.213:80
1087. 86.98.143.163:80
1088. 220.254.198.228:443
1089. 190.136.179.102:80
1090. 195.201.56.70:8080
1091. 51.38.201.19:7080
1092. 179.62.238.49:80
1093. 157.7.164.178:8081
1094. 175.139.144.229:8080
1095. 37.46.129.215:8080
1096. 222.159.240.58:80
1097. 190.190.15.20:80
1098. 46.32.229.152:8080
1099. 66.61.94.36:80
1100. 143.95.101.72:8080
1101. 190.212.140.6:80
1102. 168.0.97.6:80
1103. 177.32.8.85:80
1104. 185.208.226.142:8080
1105. 105.209.235.113:8080
1106. 197.221.158.162:80
1107. 41.185.29.128:8080
1108. 103.80.51.61:8080
1109. 177.94.227.143:80
1110. ```
1111. #### Epoch 3 - Spam C2s ####
1112. ```
1113. 185.82.126.114:8080
1114. 162.214.68.171:8080
1115. 82.118.225.196:7080
1116. ```
1117. #### Epoch 3 - Stealer C2s ####
1118. ```
1119. 104.236.52.89:8080
1120. 103.38.12.139:443
1121. 195.159.28.229:7080
1122. ```
1123. #### Current Epoch 3 RSA Public Key ####
1124. ```
1125. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAM/TXLLvX91I6dVMYe+T1PPO6mpcg7OJ
1126. cMl9o/g4nUhZOp8fAAmQl8XMXeGvDhZXTyX1AXf401iPFui0RB6glhl/7/djvi7j
1127. l32lAhyBANpKGty8xf3J5kGwwClnG/CXHQIDAQAB
1128. ```
1129. #### Credits and Notes Section ####
1130. ```
1131. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.abuse.ch
1132. because they rock and report everything to ISPs as it is confirmed to be malware. Additionally,
1133. this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1134. https://pastebin.com/u/jroosen
1135.  
1136. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1137. I am providing them for your benefit in case you want to parse them to be sure.
1138. ```
1139. #### What is Epoch 1, Epoch 2 and Epoch 3? ####
1140. ```
1141. (Updated 08/19/20)
1142.  
1143. We get a lot of questions about Epoch 1-3 and what they really mean. These are different botnets of Emotet with different
1144. infrastructure supporting them. I called them Epochs because they seemed to follow a different timeline and timescale of releases
1145. for updates. They do not share C2 infrastructure and they can behave independently. In general these are
1146. the rules governing to Emotet's Botnets/Epochs:
1147.  
1148. 1. All C2 combos are hard coded in a list of up to 127 C2 combos in a given Epoch's loader. These Tier 1 C2s are never shared
1149. between Epochs. E1-E2-E3 will all have a unique list of IPs/Ports(Combos) per Epoch. (Usually updated once per day)
1150.  
1151. 2. Module C2s are also unique per Epoch and usually are former C2 Combos that were published in the loader but now are used for
1152. the special purpose of the module for that Epoch. (Usually updated once per week)
1153.  
1154. 3. All Epochs have a unique RSA Public key that is used to communicate and decode messages from the C2 infrastructure. These are
1155. listed in the daily reports. Using CAPE's excellent Emotet Extraction module you can easily find what Epoch a sample is from.
1156.  
1157. 4. All Epochs will use a unique location for distribution downloads. You will never see the same directory on the same compromised
1158. distro tier 1 host used for a different botnet. e.g. host A may be used for distributing Emotet E1 loaders in directory /wp-fail/X/
1159. and you may also see E2 documents hosted out of /wp-sucks/Y/. You will never see E1-E3 use the root of X or Y again for another
1160. distro job to host loaders or docs for another botnet. (Note: a given distro directory will usually become abandoned and stop
1161. hashbusting after 48-72 hours from inception.)
1162.  
1163. 5. Spam from each Epoch will be used to add new bots to that Epoch. While there have been very rare exceptions or maybe even mistakes
1164. on the distro side, Epoch 1 spam will be used to create more Epoch 1 bots, Epoch 2 spam will be used to create more Epoch 2 bots and Epoch
1165. 3 spam will be used to create more Epoch 3 bots.
1166.  
1167. 6. Macro Documents from a given Epoch will always contain 5 URLs(Quintet)as of 08/19/20 now Sextet or Septet! that download the loader for
1168. that same Epoch.(There have been very rare exceptions to this rule but in general this is the TTP.)
1169.  
1170. 7. Macro Documents from a given Epoch will have the same Creation Time for a given Quintet of URLs. This allows for quick identification
1171. of the origin of the document per Epoch. When the Creation Time metadata changes for a document, there is almost always a new quintet
1172. of loader URLs.
1173.  
1174. 8. Malspam Templates are usually unique to a given Botnet/Epoch. They may later be shared to the other Botnet/Epoch but at the time of
1175. the run, they are usually run on a single botnet. Example would be the Ransomware one from Friday 1/17/20 that was only on E3.
1176.  
1177. 9. Bot can be transferred from Epoch to Epoch and we have seen this over time. Normally it is done by dropping an EXE from another
1178. Epoch deliberately for the C2 update.
1179.  
1180. 10. Macro Document Creation times usually change on Epoch 2 first and then shortly there after change on E1 and E3. We believe E2 is
1181. really the primary botnet for Ivan/Emotet and they put changes on this botnet first.
1182.  
1183. ```
1184. #### Community Lists/Samples ####
1185. ```
1186. https://pastebin.com/9ZsFT8QY - @Paladin3161
1187. https://pastebin.com/pq4D5DgA - @Paladin3161
1188. https://pastebin.com/a9wUPQWw - @executemalware
1189. https://pastebin.com/XhgkcGSt - @pollo290987
1190.  
1191.  
1192. (sorry if we miss anybody, make sure to send it to @cryptolaemus1 in your tweet and we will try to include it!)
1193. ```
1194. #### Credits ####
1195. ```
1196. Combination work of the Cryptolaemus Team - https://paste.cryptolaemus.com/about/ and/or specifically the following:
1197.  
1198. Doc DL URLs - @devnullnoop, @spamhaus, Anonymous
1199.  
1200. C2 info/RSA Keys - @hatching_io, @CapeSandbox, @unixronin, @devnullnoop, @MalwareTechBlog, @lazyactivist192, @executemalware, Anonymous
1201.  
1202. Payloads - @devnullnoop, @MalwareTechBlog, @lazyactivist192, @malware_traffic, @executemalware, @Paladin3161, Anonymous :)
1203.  
1204. Spam Templates - @devnullnoop, @lazyactivist192, @proofpoint, Anonymous :)
1205.  
1206. We would like to thank the parts of the community that explicitly request to NOT be listed here. You know who you are! :)
1207. Special thanks to @lazyactivist192, @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/
1208. infrastructure and helping out with this!
1209.  
1210. Very special thanks to @hatching_io, @proofpoint, @unpacme, @herrcore, @seanmw, @Binary_Defense, @lazyactivist192, @capesandbox,
1211. @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey, @digitalocean, @mploessel,
1212. @anyrun_app, @unixronin, @hurricanelabs, @MalwareTechBlog, @KryptosLogic, @0xtadavie, @MsftSecIntel, @abuse_ch/urlhaus.abuse.ch,
1213. @urlscanio, @BlackLotusLabs, @TrendMicro and @Virustotal for providing services/software at no charge to this cause!
1214. ```
1215. ### Daily Log ###
1216. ```
1217. This report was gathered by @jroosen and @ps66uk:
1218.  
1219. @Jroosen Here - Today was an odd day. No E2 docs or exe were observed on distro as well as no document DL links! Clearly there were
1220. problems with packing and hashbusting for the loaders as we had a total of maybe 18 hashes on all 3. This is a far cry from the 18k
1221. that was possible previously with hashbusting at 11. :) Also Ivan did not seem to be able to get E2 running correctly or there was
1222. a very low distro campaign that didn't show up anywhere that we are monitoring. Strangely, E3 was strong in the morning which was a
1223. pattern we have seen before on a monday. I received a 40ish different malspams from Emotet E3 all as attachments and all on E3 during
1224. the very early hours of Monday morning.
1225.  
1226. Also we had the ULTRA lame template for Windows 10 Mobile dropped today which I had to take a jab at because it was so lame. We only
1227. saw it on E1 and honestly I dont have much more to stay about it other than what I did earlier here:
1228. https://twitter.com/JRoosen/status/1300476064146362370
1229.  
1230. ```
1231. ### Emotet Domain Bucket ###
1232. ```
1233. NEW - Created a pastebin of all domains used from 08/14/20+: This is sorta like the Emotet Hashbucket but it is all domains used
1234. for distro by Emotet either Doc or Exe downloads. They are piled together and deduped for your blocking on your DNS platform of
1235. choice. CAUTION - Use at your own risk! While every effort is made to make this data valid, there is always a chance for a mistake,
1236. or one of these compromised sites actually being legitimately being used.
1237.  
1238. Current domains listed: 70 new today but deduped with existing it was 67 total new domains + 3303 = 3370 unique total emotet domains.
1239.  
1240. You can get this file here, I will keep updating it until it gets too big.
1241. https://pastebin.com/raw/u8avFVD6
1242. ```
1243. ### Emotet Hash Bucket ###
1244. ```
1245. Emotet Hash Bucket
1246. EXE Hash values fell off a cliff because hashbusting has stopped on both C2 Updates AND distro!
1247.  
1248. We are now up to the following stats since 8/31/20:
1249.  
1250. 648 hashes for docs and exes. - Really shows the problems.
1251. New bucket here:
1252. https://pastebin.com/raw/dvBzXknD
1253.  
1254. Note - Everytime it gets close to 64k, pastebin seems to have issues dealing with it.
1255. ```
1256. #### General News ####
1257. ```
1258. @Anyrun_app released the top 10 list from last week and yet again Emotet was on top:
1259. https://twitter.com/anyrun_app/status/1300321006154846210
1260.  
1261. @andpalmier's daily thread for .IT domains with active Emotet samples:
1262. https://twitter.com/andpalmier/status/1300407108383498241
1263.  
1264. @phage_nz spotted Dutch templates being used this morning in NZ:
1265. https://twitter.com/phage_nz/status/1300388252969394177
1266.  
1267. Federico @3_riku3 was one of the first to find the new Windows 10 Mobile template:
1268. https://twitter.com/3_riku3/status/1300465803465306112
1269.  
1270. @VirITeXplorer was once again posting the latest from Italy:
1271. https://twitter.com/VirITeXplorer/status/1300434661500481536
1272.  
1273. @bigmacjpg gave an example of the HTML blob that is showing up in the maldocs:
1274. https://twitter.com/bigmacjpg/status/1300451785254072325
1275.  
1276. News from our friends in Japan who are unfortunately being heavily targeted:
1277.  
1278. I saw a few reports this morning in Japan indicating the rate of infections is increasing :(
1279.  
1280. Here is such a report from @sugimu_sec:
1281. https://twitter.com/sugimu_sec/status/1300598577480097792
1282.  
1283. @papa_anniekey has some interesting obversations with popular web filtering appliances versus URLHaus:
1284. https://twitter.com/papa_anniekey/status/1300602221323722752
1285.  
1286. @papa_anniekey shares their cyberchef receipe to deobfuscate the emotet macro:
1287. https://twitter.com/papa_anniekey/status/1300605901729009666
1288.  
1289. Infection Notices:
1290. https://twitter.com/autumn_good_35/status/1300405342749126661
1291. https://twitter.com/sugimu_sec/status/1300581617409208320
1292.  
1293. Samples:
1294. https://twitter.com/abel1ma/status/1300392409965015044
1295. https://twitter.com/abel1ma/status/1300542686852571137
1296. https://twitter.com/papa_anniekey/status/1300597839098048512
1297. https://twitter.com/papa_anniekey/status/1300599151705485313
1298. https://twitter.com/papa_anniekey/status/1300599631999463424
1299. https://twitter.com/papa_anniekey/status/1300599701998239745
1300. https://twitter.com/papa_anniekey/status/1300603210210582528
1301. https://twitter.com/papa_anniekey/status/1300603267689230342
1302. https://twitter.com/papa_anniekey/status/1300635148040380416
1303.  
1304. Interesting Doc sample from @papa_anniekey which is in Nepali/Hindi for the doc name:
1305. https://twitter.com/papa_anniekey/status/1300607792537985025
1306.  
1307. Templates:
1308. https://twitter.com/58_158_177_102/status/1300587039306391552
1309. https://twitter.com/abel1ma/status/1300647877723607040
1310. https://twitter.com/bomccss/status/1300626653891063809
1311. https://twitter.com/bomccss/status/1300590601256144896
1312. https://twitter.com/bomccss/status/1300600389516001283
1313. https://twitter.com/satontonton/status/1300390507646873600
1314. https://twitter.com/sugimu_sec/status/1300418762722611200
1315.  
1316. Thank you to @58_158_177_102, @abel1ma, @autumn_good_35, @bomccss, @papa_anniekey, @sugimu_sec for excellent coverage!
1317.  
1318. ```
1319. #### Drops Report ####
1320. ```
1321. Qakbot botgroup ID partner01 and Trickbot gtag mor118.
1322. In the case of Trickbot we did not see any examples of mor118 being dropped but it would
1323. be the correct gtag under normal conditions.
1324.  
1325. ```
1326. #### Email Template Report ####
1327. ```
1328. I received at least 35 Swedish malspams again from E3. I really dont get what Ivan's problems
1329. is with targeting my domain which is clearly in the USA with this garbage.
1330.  
1331. A common theme that seems be going around in Japan today it the variations of the "Meeting Notices"
1332. for a Friday meeting. Here are some good subject examples of this from @abel1ma:
1333. https://twitter.com/abel1ma/status/1300647877723607040
1334. ___________
1335.  
1336.  
1337. Paul's Boutique of Documents:
1338. includes distro and urlhaus report time
1339.  
1340. E* Created Primary_Domain Distro Urlhaus Template
1341.  
1342. E1 2020:08:31 06:52:00 bullardstowing.com 07:49 red_dawn
1343. E2
1344. E3 2020:08:31 06:23:00 gallerygreenscreen.co.uk 08:22 red_dawn
1345.  
1346. E1 2020:08:31 11:23:00 marianbernabe.com 14:35 red_dawn
1347. E2
1348. E3 2020:08:31 11:40:00 metalscape.com 12:02 red_dawn
1349.  
1350. E1 2020:08:31 14:43:00 learn2wow.com 14:43 win10_mobile
1351. E2
1352. E3
1353.  
1354. E1 2020:08:31 17:43:00 kanzlei-hermes.com 19:24 red_dawn
1355. E2
1356. E3 2020:08:31 18:23:00 lepik.pri.ee 18:54 red_dawn
1357.  
1358. E1 2020:08:31 20:00:00 jmnwebmaker.com 20:26 win10_mobile
1359. E2
1360. E3
1361.  
1362. E1 2020:08:31 21:46:00 itac2.com red_dawn
1363. E2
1364. E3 2020:08:31 23:27:00 www.kunstefan.de red_dawn
1365. ---
1366. notes
1367. should have called the new template “bluesmobile” - missed an opportunity there :(
1368. E2 MIA
1369. bit of a queue on urlhaus - submissions may take a few hours to come through - catch the tweets instead
1370.  
1371. bundle of documents seen today: https://tria.ge/200901-ntll9h9xwj
1372. ```
1373. #### Link Regex Report ####
1374. ```
1375. (These are experimental, use at your own risk.)
1376.  
1377. We had the pleasure of speaking with @aristoteles42 who wanted to share their Regex with you to detect epoch 1 links:
1378. https://twitter.com/aristoteles42/status/1295732095134904330
1379. https://twitter.com/aristoteles42/status/1295737612054016002
1380.  
1381. @aristoteles42 E1 Regex #1:
1382. http(s)?:\/\/.+?\/((en|public|default|gallery|upgrade|uploads|download)|(((available|closed|common|individual|multifunctional|open|personal|private|protected|test|verifiable)|([a-zA-Z0-9]{3,16}[-_][a-zA-Z0-9]{3,16}))[-_]((area|array|box|disk|module|resource|section|sector|zone)|([a-zA-Z0-9]{3,16}[-_][a-zA-Z0-9]{3,16}))))\/(.+\/)?\s
1383.  
1384. @aristoteles42 E1 Regex #2:
1385. http(s)?:\/\/.+\/(([a-zA-Z0-9]{3,16}[-_][a-zA-Z0-9]{3,16})|(((additional|close|corporate|external|guarded|individual|interior|multifunctional|open|security|special|test|verifiable|verified)|([a-zA-Z0-9]{3,16}[-_][a-zA-Z0-9]{3,16}))[-_]((area|box|cloud|forum|module|portal|profile|sector|space|warehouse)|([a-zA-Z0-9]{3,16}[-_][a-zA-Z0-9]{3,16}))))\/.+?\/\s
1386.  
1387. One day I will have time for this but surprisingly most of this still works but check out the new stuff above this^ from kind people in the community working
1388. to help you!
1389.  
1390. Most of these still worked surprisingly. For the most part the E1 works but I need to update Karttoon's regex to make it catch the new Spanish directory names.
1391.  
1392. Karttoon's E1:
1393.  
1394. (?:http(s)?:\/\/)?(?:[^\x2F]+\/)+(((available|open|closed?|common|multifunctional|personale?|speciali?|privat(e|a)|test|additional|security|inter(ior|nal|ni)|individuale?|verifi(ed|able|cabile)|guarded|external|protected|disponibile|corporate|multifunzionale|contestee|aggiuntiva|chiusi|disponibile|sicurezza|custodito|aperto|comune|verificato)[_-]([a-zA-Z0-9]{3,16}[_-][a-zA-Z0-9]{4,15})\/)|(([a-zA-Z0-9]{2,16}[_-][a-zA-Z0-9]{4,16})[_-](resource|content|box|disk|sector|modul(e|o)|array|cloud|warehouse|forum|space|portale?|profil(e|o)|zon(e|a)|area|marketing|spazio|allineamento|module|disco|settore|sezione|risorsa)\/)|((available|open|closed?|common|multifunctional|personale?|speciali?|privat(e|a)|test|additional|security|inter(ior|nal|ni)|individuale?|verifi(ed|able|cabile)|guarded|external|protected|disponibile|corporate|multifunzionale|contestee|aggiuntiva|chiusi|disponibile|sicurezza|custodito|aperto|comune|verificato)[_-](resource|content|box|disk|sector|modul(e|o)|array|cloud|warehouse|forum|space|portale?|profil(e|o)|zon(e|a)|area|marketing|spazio|allineamento|module|disco|settore|sezione|risorsa)\/)|([a-zA-Z0-9]{4,14}[_-][a-zA-Z0-9]{5,16}[_-][a-zA-Z0-9]{3,13}[_-][a-zA-Z0-9]{2,16}\/)){2}([a-zA-Z0-9]{3,16}[_-][a-zA-Z0-9]{3,14}|[a-zA-Z0-9]{9})(\/)$
1395.  
1396. E2:
1397.  
1398. 1: https?:\/\/.+?\/(addons|admin|attachments|balance|browse|calendar|Document|Documentation|DOC|docs|esp|eTrac|FILE|INC|invoice|index_files|LLC|lm|network|parts_service|payment|OCT|Overview|Pages|paclm|public|public_html|report|Regenerated:"2020-08-19T22:16:00"porting|Scan|sites|statement|swift|system|test|uploads|vendor|wp|wp-(admin|content|includes))\/([a-z0-9]{4,18}\/)?(([a-z0-9]{19,56})\/)?(\"|\n)
1399.  
1400. 2: https?:\/\/.+?\/(addons|attachments|balance|browse|calendar|Document|Documentation|DOC|docs|esp|eTrac|FILE|INC|invoice|index_files|LLC|lm|network|parts_service|payment|OCT|Overview|Pages|paclm|public|public_html|report|Reporting|Scan|sites|statement|swift|system|test|uploads|vendor|wp-(admin|content|includes))\/([a-z0-9]{4,18}\/)?(([a-z0-9]{5,15})\-([0-9]{2,9})\-([a-zA-Z0-9]{8,20})\/)?(\"|\n)
1401.  
1402. OLD: https?:\/\/.+?\/(addons|attachments|balance|browse|calendar|Document|Documentation|DOC|docs|esp|eTrac|FILE|INC|invoice|index_files|LLC|lm|network|parts_service|OCT|Overview|Pages|paclm|public|public_html|report|Reporting|Scan|sites|statement|swift|system|test|uploads|wp-(admin|content|includes))\/([a-zA-Z0-9]{4,18}\/){0,2}?(([a-zA-Z0-9]{1,12})\-([0-9]{3,10})\-([0-9]{2,10})\-([a-zA-Z0-9]{4,12})\-([a-zA-Z0-9]{4,12})\/)?(\"|\n)
1403.  
1404. E3:
1405. I believe E3 has a new Regex and it looks like a combo of E1 and E2's old/current regex.
1406. I made up this frankenstein regex tonight to cover it:
1407.  
1408. NEW: https?:\/\/.+?\/((.+\.com)|addons|admin|attachments|balance|bin|(_)?borders|browse|calendar|cgi-bin|css|dev|Document|Documentation|DOC|docs|dup-installer(\-)?|esp|eTrac|FILE|form|INC|images|_installation|intro|invoice|index_files|journal|LLC|lm|network|OCT|open_zone|Overview|Pages|paclm|photos|parts_service|public|public_html|report|Reporting|Sales|Scan|sites|statement|swift|sys-cache|system|temp|test|turismo|uploads|WordPress(_02)?|wp|wp-(admin|content|includes))\/([0-9]{4,17}\/){0,2}?(([a-zA-Z]{2,10})|(([a-z0-9]{1,13})\-([0-9]{2,12})))\/(\"|\n)
1409.  
1410. Updated: https?:\/\/.+?\/(_old|ABOUT|AdminPanel|backup|calendar|captchacache|cgi-bin|cloud|cpnl|css|Documentation|engl?|fancybox|fonts|images|media|oauth|pub|report|Register|scripts|setup|sys-cache|test|tmp|tr|us|web|wp(scripts)?|wp-(admin|content|includes))\/([A-Za-z0-9\-]{2,7})\/(\"|\n)
1411.  
1412. OLD: https?:\/\/.+?\/([A-Za-z0-9\-\_]{2,13})\/(([0-9a-z]{2,7}\-[0-9a-z]{2,7}\-[0-9a-z]{2,7}\/){1,2})(\"|\n)
1413.  
1414. Also keep in mind, your filter needs to look inside PDF files to find the URI to test against these above. Otherwise
1415. this does not help.
1416.  
1417. ```
1418. #### Loader Report ####
1419. ```
1420. Payloads and C2 report has been combined into this section and it is now known as the Loader Report.
1421. _____________
1422.  
1423. There have been some improvements in the loaders and code cleanup. @lazyactivist192 will update us more on this.
1424.  
1425. E1
1426. Distro_UTC Bytes Compile SHA256 CAPE IP_1 Triage hashes
1427. 20200831_0756 626811 20200831_064931 a5049c5692fa32ac6f04d97af9a41a05cfd169c8e15067f0180e9f08b27e0ee6 53316 45.16.226.117 200831-72kc4penq6 2
1428. 20200831_1152 151552 20200831_113335 9d2493c1d1d45fd6e4aa03594a974bfd2f6ebf0e9fd3d82277f6ce2a7ef75117 53476 216.10.40.16 200831-el7nj12jdn 1
1429. 20200831_1543 548864 20200831_153205 b7f07a690cd50f5f722ef1b5a7a940a5c64e341f6a46f94c4dcbe10f18d6b516 53707 216.10.40.16 200831-yvz8v7mhej 1
1430. 20200831_1822 131072 20200831_172751 ea17f66ea1428d971e73160197d768fd962328761e683b29a222b76c3fcf7649 53726 216.10.40.16 200831-c41y51vmlj 1
1431. 20200831_2011 290816 20200831_173312 efedcc357becbda9b72bf2ce4c4886bb66c4a7560a60286961d39a5e28db46c4 53754 216.10.40.16 200831-99bk9feyra 1
1432. 20200831_2247 315392 20200831_185403 2db0758d60d1e61b6c69778283df5dde77c84cc771b29953c9821433f348b336 53769 216.10.40.16 200831-yb8yyxqzf2 1
1433.  
1434. E2
1435. Distro_UTC Bytes Compile SHA256 CAPE IP_1 Triage hashes
1436. 20200831_0715 626811 20200831_064832 d37cd7f7c2edd2429e85875ad021d3cd461ab54f477ded04ca507d1b2bba2611 53761 67.68.210.95 200831-nag36bhb5e 1
1437. 20200831_1150 151552 20200831_113319 afcafee1263f5672209de17b9e11f9e65b3fbdb31aa57e7a9349223d6be85b79 53762 67.68.210.95 200831-8a74vst176 1
1438. 20200831_1544 548864 20200831_153129 712e010680cd2cb5e4a7580e672e68e0d6887b276c53ce2c48a6f349a815af53 53763 67.68.210.95 200831-6q5f5vjlns 1
1439. 20200831_1824 131072 20200831_172730 513b3e707968ef597fe2c788e11576abd225876dcc593d173b36fa7e353a7d50 53764 67.68.210.95 200831-gw95gqr5ts 1
1440. 20200831_2244 319488 20200831_185126 1208371b7d80499d487504018c27a9e60c0173ed38340bb42789191fe566f6a1 53772 67.68.210.95 200831-jngccm8gwn 1
1441. 20200831_2339 294912 20200831_173332 8301c2b2d296a1ed1253bbd8feae853f5b5fecfbc3c9c7451577e14fa9de32af 53773 67.68.210.95 200831-xz39pvwesx 1
1442.  
1443. E3
1444. Distro_UTC Bytes Compile SHA256 CAPE IP_1 Triage hashes
1445. 20200831_0731 626811 20200831_064952 65815079d042a589f61bf72390c76bdaa8304efbf19b4b0340860efd12729d4a 53317 190.136.179.102 200831-hdxhhgeqka 1
1446. 20200831_1151 147456 20200831_113348 d0b243a6b594882fe6ff6c9db16cb3315a4afae40d36b0fdf675f359596416b6 53477 210.1.219.238 200831-vwc4dyt21s 2
1447. 20200831_1543 548864 20200831_153318 ff2bfa3fa6912e4d316ded094b9d4db307f116b3f8080302f4c178c5c7ca5c9d 53708 210.1.219.238 200831-3dvar3nx66 1
1448. 20200831_1827 131072 20200831_172826 af142b7fe2c82f2d6b15556a8878fa264d769cb69c0a991898c58d40d610ca6f 53727 210.1.219.238 200831-6e474wr8pe 1
1449. 20200831_2011 290816 20200831_173151 bffebdc528cd9ec678f8ebd7167b822d398534abafca0704669a0f169aff2467 53755 210.1.219.238 200831-hep5t4fj42 1
1450. 20200831_2247 315392 20200831_185442 685f2be45a4cbb4e68d5ce68725add860f9dc3c7586d41084d754739252da8c5 53770 210.1.219.238 200831-tx6gkxdc4e 1
1451.  
1452. ---
1453. notes
1454. no hashbusting at all today - virtually single hashes all day
1455.  
1456. unpacked binary timestamp changed overnight
1457. E1 2020-08-23 22:51:18 > 2020-08-27 10:33:30
1458. E2 2020-08-23 22:51:13 >
1459. E3 2020-08-23 22:51:22 > 2020-08-27 10:33:37
1460.  
1461. bundle of binaries seen today: https://tria.ge/200901-qa1xjyatr2
1462.  
1463. We have gone back to the packing method with garbage PE headers with news reports. This is often used by Trickbot
1464. and is likely a service that is preferred by the actors or run by one of them.
1465.  
1466. ---
1467. Notes:
1468.  
1469. C2 Deltas:
1470. E1 now 100 combos, -2.
1471. E2 now 95 combos, nil.
1472. E3 now 90 combos, +3.
1473.  
1474. ---
1475. ```
1476. ### E1 ###
1477. ```
1478.  
1479. Full List: https://pastebin.com/raw/37E5bi2a
1480.  
1481. Old count: 100
1482. New count: 98
1483.  
1484. Dropped:
1485. 24.135.198.218:80
1486. 81.129.198.57:80
1487. 89.32.150.160:8080
1488. 149.62.173.247:8080
1489.  
1490. Added:
1491. 216.10.40.16:80
1492. 64.201.88.132:80
1493.  
1494. ---
1495. ```
1496. ### E2 ###
1497. ```
1498.  
1499. Full List: https://pastebin.com/raw/8h5sfHuq
1500.  
1501. Old count: 95
1502. New count: 95
1503.  
1504. Dropped:
1505. 69.30.203.214:8080
1506.  
1507. Added:
1508. 142.44.137.67:443
1509. ---
1510. ```
1511. ### E3 ###
1512. ```
1513.  
1514. Full List: https://pastebin.com/raw/urAuM7pK
1515.  
1516. Old count: 90
1517. New count: 87
1518.  
1519. Dropped:
1520. 97.107.135.148:8080
1521. 94.102.209.63:7080
1522. 87.106.231.60:8080
1523. 202.5.47.71:80
1524. 178.87.171.199:80
1525. 181.126.54.234:80
1526. 1.54.67.22:80
1527.  
1528. Added:
1529. 210.1.219.238:80
1530. 190.225.150.234:80
1531. 175.139.144.229:8080
1532. 222.159.240.58:80
1533. ```
1534.  
1535. #### Closing ####
1536. ```
1537. It remains to be seen if Ivan can get it up tomorrow or if he will remain unable to perform again. With the changes in their
1538. loader, they may be dropping some big changes tomorrow so be ready for just about anything to come up. Stay alert, stay safe!
1539. We will do our best to report anything as it happens.
1540.  
1541. -TT
1542.  
1543. ```
1544. #### Sandbox ####
1545. ```
1546. E1
1547. https://capesandbox.com/analysis/53769/
1548. https://tria.ge/200831-yb8yyxqzf2
1549.  
1550. E2
1551. https://capesandbox.com/analysis/53773/
1552. https://tria.ge/200831-xz39pvwesx
1553.  
1554. E3
1555. https://capesandbox.com/analysis/53770/
1556. https://tria.ge/200831-tx6gkxdc4e
1557.  
1558. ```
1559. #### SHA256s for Epoch 1 Loader EXEs ####
1560. ```
1561. 2db0758d60d1e61b6c69778283df5dde77c84cc771b29953c9821433f348b336
1562. 9d2493c1d1d45fd6e4aa03594a974bfd2f6ebf0e9fd3d82277f6ce2a7ef75117
1563. a5049c5692fa32ac6f04d97af9a41a05cfd169c8e15067f0180e9f08b27e0ee6
1564. b7f07a690cd50f5f722ef1b5a7a940a5c64e341f6a46f94c4dcbe10f18d6b516
1565. ea17f66ea1428d971e73160197d768fd962328761e683b29a222b76c3fcf7649
1566. efedcc357becbda9b72bf2ce4c4886bb66c4a7560a60286961d39a5e28db46c4
1567. ```
1568. #### SHA256s for Epoch 2 Loader EXEs ####
1569. ```
1570. 1208371b7d80499d487504018c27a9e60c0173ed38340bb42789191fe566f6a1
1571. 513b3e707968ef597fe2c788e11576abd225876dcc593d173b36fa7e353a7d50
1572. 712e010680cd2cb5e4a7580e672e68e0d6887b276c53ce2c48a6f349a815af53
1573. 8301c2b2d296a1ed1253bbd8feae853f5b5fecfbc3c9c7451577e14fa9de32af
1574. afcafee1263f5672209de17b9e11f9e65b3fbdb31aa57e7a9349223d6be85b79
1575. d37cd7f7c2edd2429e85875ad021d3cd461ab54f477ded04ca507d1b2bba2611
1576. ```
1577. #### SHA256s for Epoch 3 Loader EXEs ####
1578. ```
1579. 65815079d042a589f61bf72390c76bdaa8304efbf19b4b0340860efd12729d4a
1580. 685f2be45a4cbb4e68d5ce68725add860f9dc3c7586d41084d754739252da8c5
1581. af142b7fe2c82f2d6b15556a8878fa264d769cb69c0a991898c58d40d610ca6f
1582. bffebdc528cd9ec678f8ebd7167b822d398534abafca0704669a0f169aff2467
1583. d0b243a6b594882fe6ff6c9db16cb3315a4afae40d36b0fdf675f359596416b6
1584. ff2bfa3fa6912e4d316ded094b9d4db307f116b3f8080302f4c178c5c7ca5c9d
1585. ```
1586. ### END ###