Emotet Malware IoCs 2019/03/14

1. ## Emotet Malware Document links/IOCs for 03/14/19 as of 03/15/19 03:00 EDT ##
2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
3.  
4. #### Epoch 1 Document/Downloader links seen for 03/14/19 ####
5. ```
6.  
7. http://109.97.216.141/@eaDir/sec.accs.send.com/
8. http://122.180.29.167/landx-test/wp-content/sec.myacc.send.net/
9. http://13.127.68.11/newstoot/verif.myaccount.resourses.net/
10. http://13.127.80.82/ClvW8ZSqo0icX_OiB6Mv8/trust.myacc.send.com/
11. http://132.145.153.89/trust.accs.send.net/verif.myaccount.docs.biz/
12. http://140.143.240.91/yfwta7q/sec.accounts.docs.net/
13. http://142.93.56.178/wp-includes/company/RD/Operations/EcsH-wrV6b_nCPVA-uI/
14. http://159.203.191.166/wp-admin/secure.accounts.docs.net/
15. http://167.99.197.172/utou2km/sendincencrypt/service/Nachprufung/de_DE/201903/
16. http://211.159.168.108/wp-content/Telekom/Rechnung/022019/
17. http://222.106.217.37/wordpress/trust.myacc.resourses.com/
18. http://34.73.24.125/wp-admin/secure.myaccount.resourses.biz/
19. http://35.226.136.239/US_us/verif.myacc.send.net/
20. http://3gksa.com/temp/sec.myacc.docs.net/
21. http://78.207.210.11/@eaDir/secure.myacc.resourses.com/
22. http://94.191.48.164/hf9tasw/verif.accounts.send.net/
23. http://95.177.143.55/wp-content/trust.accs.resourses.com/
24. http://agtrade.hu/images/trust.myacc.resourses.com/
25. http://almutanafisoon.com/42mldks/sec.myacc.send.net/
26. http://amlak20.com/wp-includes/secure.myacc.send.net/
27. http://anorimoi.com/wp-includes/sec.accs.send.com/
28. http://apollo360group.com/5dcipv1/trust.myaccount.send.com/
29. http://ayodhyatrade.com/ww4w/verif.myacc.send.net/
30. http://barbieblackmore.com/wp-includes/secure.accounts.resourses.net/
31. http://bashheal.com/eymakax/sec.myacc.docs.com/
32. http://bis80.com/mwqw190/secure.myacc.docs.com/
33. http://bluehost.tv/testbunder2.com/verif.myaccount.send.biz/
34. http://cedrocapital.xvision.co/vckej2kgj/secure.accs.docs.biz/
35. http://chigusa-yukiko.com/blog/trust.accounts.docs.net/
36. http://crawsrus.com/css/sendincsec/support/sich/DE/03-2019/
37. http://cskhhungthinh.com/wp-content/sendinc/messages/question/En_en/03-2019/
38. http://cyzic.co.kr/widgets/trust.myacc.resourses.com/
39. http://decospirit.com/sec.myaccount.docs.biz/
40. http://desite.gr/rglxp-2s4lh-ytetxsc/secure.accounts.send.net/
41. http://disal-group.kz/cacheec916813e9047d94e78f6564a70a635a/sec.myaccount.resourses.biz/
42. http://dkw-engineering.net/purchase_order_2018/verif.myaccount.resourses.biz/
43. http://ecofreshmarket.com/wp-admin/trust.accs.resourses.net/
44. http://emseenerji.com/wp-content/sec.myacc.resourses.com/
45. http://eventpho.com/wp-content/sendinc/legale/nachpr/DE/03-2019/
46. http://filfak-online.su/wp-content/uploads/trust.myacc.docs.biz/
47. http://firemode.com.br/1021blindagens/wp-admin/sec.accounts.resourses.biz/
48. http://firstmnd.com/wp/wp-content/verif.accounts.send.com/
49. http://fondtomafound.org/wvvw/Telekom/Rechnung/022019/
50. http://frankcahill.com/wp-admin/Intuit/llc/Redebit_Transactions/jadCs-eSSV_UTVcl-h4/
51. http://freezard.com.do/enjoya/trust.myacc.send.biz/
52. http://g20digital.com.br/SN/verif.accs.docs.com/
53. http://gcslimited.ie/wp-includes/js/tinymce/plugins/wpemoji/Telekom/Transaktion/02_19/
54. http://generalwebmayhem.com/2k11/sec.accounts.docs.biz/
55. http://geologia.geoss.pt/wp-content/verif.accs.resourses.net/
56. http://getdripfit.com/wp-content/sendincsecure/nachrichten/sich/De_de/03-2019/
57. http://glampig.com/projectx/Telekom/RechnungOnline/02_19/
58. http://gruporc.com.br/imagens/Intuit_US_CA/document/Redebit_Transactions/Redebit_op/eNHUB-zaH_kxleMk-mG8r/
59. http://grupoweb.cl/wp-admin/secure.myaccount.docs.net/
60. http://gvpmacademy.co.za/css/sec.myaccount.send.net/
61. http://healthwiseonline.com.au/wp-admin/Intuit_US_CA/doc/RDEB/MIJa-L5fyv_pfF-O3c/
62. http://hepsiburadasilivri.com/wmxm8d7/secure.accounts.resourses.net/
63. http://himappa.feb.unpad.ac.id/images/trust.accs.docs.com/
64. http://hitme.ga/cgi-bin/secure.myaccount.docs.biz/
65. http://hostech.com.br/img/verif.myacc.send.com/
66. http://hubcelab.in/zga0bip/secure.accounts.resourses.com/
67. http://hyperbaricthailand.com/wp-content/uploads/sendincsec/nachrichten/Nachprufung/DE_de/03-2019/
68. http://i-genre.com/wp-admin/trust.accounts.docs.com/
69. http://ineteam.com/lalineacity/trust.accounts.resourses.biz/
70. http://informacjezkraju.pl/zoh1cdr/verif.accounts.docs.net/
71. http://instituthypnos.com/1sxuh6w/trust.accs.docs.com/
72. http://irismal.com/ecsmFileTransfer/trust.accounts.docs.com/
73. http://jensnet.se/wp-admin/Intuit_EN/scan/Redebit_op/9889612330/dDOc-eFj_Jupye-Ck/
74. http://jerryshomes.com/vendor/US_CA/info/RD/UifUK-Z38jO_YZRyw-LWk/
75. http://jimrigby.com/FM/secure.myacc.send.biz/
76. http://jjcole.com/wp-admin/trust.accounts.resourses.biz/
77. http://jmduarte.com/wp-admin/trust.myaccount.docs.biz/
78. http://jornaldofontes.com.br/cgi-bin/trust.accs.docs.net/
79. http://jpmtech.com/css/trust.myaccount.resourses.biz/
80. http://jsya.co.kr/@eaDir/trust.myacc.send.biz/
81. http://judygs.com/there/secure.myaccount.resourses.net/
82. http://junctioneight.com/resume/verif.myaccount.resourses.net/
83. http://jycingenieria.cl/images/trust.myacc.resourses.biz/
84. http://kamir.es/controllers/trust.myaccount.resourses.biz/
85. http://kannada.awgp.org/wp-content/uploads/secure.accs.send.net/
86. http://kaoudenaarde.be/mail/secure.myacc.send.biz/
87. http://karakhan.eu/grav/secure.myaccount.resourses.com/
88. http://kelp4less.com/wp-includes/trust.myaccount.resourses.net/
89. http://khachsanrevungtau.com/f7wmgnw/trust.myacc.resourses.com/
90. http://korneragro.com.ua/wp-admin/secure.myaccount.resourses.biz/
91. http://ksafety.it/awstats-icon/verif.myacc.docs.com/
92. http://lab5.hu/wp-content/sec.myaccount.resourses.com/
93. http://lala.si/wp-admin/sec.accounts.docs.com/
94. http://larissapharma.com/fobn/secure.accounts.resourses.net/
95. http://lawsongrafix.com/webdesign/secure.myaccount.resourses.net/
96. http://lawsongrafix.com/WebDesign/secure.myaccount.resourses.net/
97. http://liquidigloo.com/scripts/verif.myaccount.docs.net/
98. http://lisergy.info/images/sec.myacc.send.com/
99. http://lopxe.itvina.co/wp-content/uploads/secure.myacc.docs.net/
100. http://lswssoftware.co.uk/Accounts/secure.accounts.docs.net/
101. http://luisromero.es/cafe/verif.myacc.send.biz/
102. http://macssnow.com/downloads/verif.myaccount.resourses.com/
103. http://makrohayat.com/wp-admin/secure.myacc.resourses.net/
104. http://manaku.com/images/trust.accs.resourses.net/
105. http://mangaml.com/jdownloader/scripts/pyload_stop/trust.myacc.resourses.net/
106. http://maravilhapremoldados.com.br/imagens/trust.accounts.docs.com/
107. http://marcojan.nl/webshop/trust.myacc.docs.net/
108. http://mezzemedia.com.au/En/sec.accs.resourses.net/
109. http://mireiatorrent.com/wp-includes/secure.myaccount.resourses.com/
110. http://mistcinemas.com/cgi-bin/sec.accs.send.net/
111. http://mistransport.pl/sass/verif.myacc.send.biz/
112. http://mj-web.dk/administrator/verif.accs.resourses.biz/
113. http://nealhunterhyde.com/HappyWellBe/trust.accs.send.com/
114. http://netcom-soft.com/eng/secure.accs.docs.net/
115. http://nexusinfor.com/img/sec.accounts.resourses.net/
116. http://nitech.mu/Scripts/trust.accs.send.net/
117. http://pefi.sjtu.edu.cn/wp-content/Intuit/llc/RD/Operations/8060122705/HCnO-Wf_PTUH-2q/
118. http://pefi.sjtu.edu.cn/wp-content/verif.accounts.docs.com/
119. http://pji.co.id/iug1iha/sec.accs.send.com/
120. http://pufferfiz.net/spikyfishgames/sec.myaccount.send.com/
121. http://sidtest.site/cgi-bin/verif.myacc.docs.biz/
122. http://sinding.org/cgi-bin/secure.accounts.resourses.net/
123. http://smartchoice.com.vn/data/sendincsecure/support/sec/En_en/201903/
124. http://sobyso.vn/wp-admin/secure.accounts.send.com/
125. http://soil-stabilization.ir/wp-admin/sec.myacc.docs.com/
126. http://somossostenibles.pe/wp-content/trust.myacc.docs.biz/
127. http://studyosahra.com/css/secure.myaccount.resourses.com/
128. http://sunkids.dp.ua/wp-admin/secure.accs.docs.com/
129. http://tech99.info/wp-admin/verif.myaccount.send.com/
130. http://teknotown.com/wp-admin/secure.accs.resourses.net/
131. http://ten.fte.rmuti.ac.th/wp-content/verif.myaccount.resourses.biz/
132. http://test-lab55.ru/wp-content/Telekom/Transaktion/022019/
133. http://textilkopruch.com.br/wp-includes/sec.myaccount.send.net/
134. http://thetourland.com/wordpress/sec.accs.docs.biz/
135. http://thewatchtrend.com/cf8zrq1/secure.myaccount.docs.com/
136. http://tokozaina.com/wp-content/trust.myacc.docs.net/
137. http://toyotahadong5s.com/wp-content/verif.myacc.docs.com/
138. http://triodance.net/at1uzmh/trust.myacc.send.net/
139. http://triton.fi/trust.myaccount.resourses.net/
140. http://tutranquilo.com.co/wp-admin/verif.myaccount.docs.com/
141. http://tuval-mobilya.com/wp-admin/trust.myaccount.docs.com/
142. http://umakara.com.ua/icon/sec.accs.docs.biz/
143. http://v2sk.com/bpvipsg/sendincsecure/service/nachpr/De_de/032019/
144. http://vetah.net/signature/Telekom/Rechnungen/022019/
145. http://vitalacessorios.com.br/cgi-bin/sec.myacc.send.biz/
146. http://voicetoplusms.com/wp-admin/trust.accounts.docs.com/
147. http://walburg.pl/cache/sendinc/service/sich/DE/2019-03/
148. http://waverleychauffeurs.com/wp-content/verif.accs.resourses.com/
149. http://webdemo.mynic.my/school6/Telekom/Rechnung/022019/
150. http://wessexchemicalfactors.co.uk/css/secure.myaccount.send.net/
151. http://wpgtxdtgifr.ga/wp-content/secure.accounts.send.com/
152. http://www.buzztinker.com/wp-content/trust.myaccount.docs.net/
153. http://www.cbmagency.com/wp-content/trust.accs.docs.com/
154. http://www.gifftekstil.com/wp-admin/trust.myaccount.resourses.net/
155. http://www.gym.marvin.tech/wp-content/secure.myaccount.resourses.com/
156. http://www.heldermachado.com/wp-content/sendincverif/service/nachpr/DE/032019/
157. http://www.la-reparation-galaxy.fr/wp-admin/Intuit_EN/document/Redebit_operation/faq/346178436/aDTP-Uhktd_wHV-Hr/
158. http://www.majoristanbul.com/cgi-bin/trust.myacc.send.net/
159. http://www.nhadatquan2.xyz/wjf85ri/sec.myaccount.send.com/
160. http://www.urschel-mosaic.com/ajax/verif.myacc.resourses.biz/
161. http://www.yindushopping.com/wp-admin/verif.accounts.send.com/
162. http://www.zhanxiantech.com/google_cache/secure.accs.send.com/
163. http://zendenweb.com/luckw96/verif.myacc.send.com/
164. http://zoomphoto.ir/thumbnails/verif.myaccount.send.com/
165. https://apresupuestos.com/cgi-bin/Telekom/Rechnung/022019/
166. https://arcticbreathcompany.com/wp-includes/verif.myaccount.send.biz/
167. https://arinidentalcare.com/files/trust.accs.resourses.biz/
168. https://asociatiaumanism.ro/wp/secure.myaccount.resourses.com/
169. https://blog.adflyup.com/wp-includes/trust.myacc.docs.net/
170. https://buyecomponents.com/0sdnhcx/sendincsec/support/nachpr/De/201903/
171. https://catba.goodtour.vn/wp-content/plugins/adventure-tours-data-types/assets/fonts/Telekom/Rechnungen/022019/
172. https://eptq.kz/blogs/secure.accs.docs.com/
173. https://eventpho.com/wp-content/sendinc/legale/nachpr/DE/03-2019/
174. https://expresstattoosupply.com/wp-content/sendinc/legale/vertrauen/DE/2019-03/
175. https://firemode.com.br/1021blindagens/wp-admin/sec.accounts.resourses.biz/
176. https://fk.unud.ac.id/wp-includes/sendincencrypt/support/Frage/de_DE/201903/
177. https://gazikentim.com/wp-admin/secure.accounts.send.biz/
178. https://getdripfit.com/wp-content/sendincsecure/nachrichten/sich/De_de/03-2019/
179. https://gvpmacademy.co.za/css/sec.myaccount.send.net/
180. https://huskennemerland.nl/wp-content/Intuit_US_CA/llc/Redebit_Transactions/Operations/jWPSM-cjbW_pUb-9kk2/
181. https://informacjezkraju.pl/zoh1cdr/verif.accounts.docs.net/
182. https://jerryshomes.com/vendor/US_CA/info/RD/UifUK-Z38jO_YZRyw-LWk/
183. https://kcxe.net/wp-admin/verif.accs.resourses.biz/
184. https://ksoncrossfit.com/rylawpc/sec.myaccount.docs.com/
185. https://liblockchain.org/wp-content/Telekom/RechnungOnline/022019/
186. https://liquidigloo.com/scripts/verif.myaccount.docs.net/
187. https://myphamthienthao.com/wp-admin/sec.accs.resourses.net/
188. https://nhathongminhsp.vn/sendincencrypt/verif.myaccount.send.com/
189. https://oxyfi.in/mmcv/trust.myaccount.resourses.biz/
190. https://pefi.sjtu.edu.cn/wp-content/Intuit/llc/RD/Operations/8060122705/HCnO-Wf_PTUH-2q/
191. https://pefi.sjtu.edu.cn/wp-content/verif.accounts.docs.com/
192. https://perfectradiouk.torontocast.stream/openb/sec.myacc.send.com/
193. https://pji.co.id/iug1iha/sec.accs.send.com/
194. https://qualityansweringservice.com/icon/trust.myacc.docs.biz/
195. https://slickcoder.com/wp-includes/sendinc/legale/nachpr/DE/03-2019/
196. https://sobyso.vn/wp-admin/secure.accounts.send.com/
197. https://somossostenibles.pe/wp-content/trust.myacc.docs.biz/
198. https://sovintage.vn/wp-admin/verif.accounts.send.net/
199. https://spirtnoe.org.ua/hf37pan/sec.accounts.send.biz/
200. https://sredamoney.com/wp-content/trust.myacc.resourses.com/
201. https://studiomarceloteixeira.com.br/wp-includes/sec.accounts.send.com/
202. https://sultrax.com.br/wp-includes/verif.myaccount.docs.biz/
203. https://sundarbonit.com/wp-includes/secure.myaccount.docs.biz/
204. https://tapchicaythuoc.com/cgi-bin/secure.accs.resourses.com/
205. https://teacherlinx.com/uploads2/trust.myaccount.docs.com/
206. https://ten.fte.rmuti.ac.th/wp-content/verif.myaccount.resourses.biz/
207. https://tnnets.com/qchaxx2/sec.accs.send.net/
208. https://tokokacaaluminiummurahjakarta.com/cgi-bin/verif.accs.send.net/
209. https://tokokacaaluminiummurahjakarta.com/cwflfmf/sec.accs.send.biz/
210. https://tokozaina.com/wp-content/trust.myacc.docs.net/
211. https://totalbersih.com/wp-includes/sec.myacc.send.net/
212. https://toyotahadong5s.com/wp-content/verif.myacc.docs.com/
213. https://transloud.com/wp-admin/sendincsecure/support/vertrauen/De_de/2019-03/
214. https://triodance.net/at1uzmh/trust.myacc.send.net/
215. https://tunaucom.us/wp-admin/sec.accounts.docs.biz/
216. https://uander.com/Javascript/verif.accounts.send.net/
217. https://vrfantasy.gallery/wp-admin/secure.myacc.docs.net/
218. https://waverleychauffeurs.com/wp-content/verif.accs.resourses.com/
219. https://webinar.cloudsds.com/js/trust.accs.resourses.com/
220. https://worldbestinternetmarketingworkshop.com/wp-includes/sendincsecure/support/vertrauen/DE/032019/
221. https://www.bollardsolution.com/bin/trust.accounts.send.net/
222. https://www.esteticabiobel.es/wp-admin/sendincencrypt/legale/nachpr/de_DE/03-2019/
223. https://www.gokmengok.com/wp-admin/sec.myaccount.send.com/
224. https://www.heldermachado.com/wp-content/sendincverif/service/nachpr/DE/032019/
225. https://www.kelaskuliner.com/tyoinvur/sendinc/legale/Frage/De/201903/
226. https://www.la-reparation-galaxy.fr/wp-admin/Intuit_EN/document/Redebit_operation/faq/346178436/aDTP-Uhktd_wHV-Hr/
227. https://www.udhaiyamdhall.com/images/trust.myacc.resourses.net/
228. https://www.voicetoplusms.com/wp-admin/trust.accounts.docs.com/
229. https://www.xiaojiaoup.cn/wp-includes/secure.accounts.resourses.com/
230. https://www.zhanxiantech.com/google_cache/secure.accs.send.com/
231.  
232. ```
233. #### Epoch 2 Document/Downloader links seen for 03/14/19 ####
234. ```
235.  
236. http://104.155.134.95/verif.myacc.docs.net/s3uz6-lqqzt5-rnqphv/
237. http://1080wallpapers.xyz/tvcgyma/uic8-ujxza4-awofezlm/
238. http://114.115.215.99/wp-includes/6ymw-hzj8t-yziswqr/
239. http://118.24.9.62:8081/wp-content/6gow-h6cnn2-aabkaz/
240. http://12pm.strannayaskazka.ru/wp-content/ay2pd-8w3h7o-smomp/
241. http://13.124.23.174/wp-includes/9sqe-q5ekv-zzaqzzodo/
242. http://13.209.31.54/wp-content/5aj8-kuztfk-eeiyg/
243. http://140.143.224.37/fb5sreu/tkiy-msnwm-ocmfz/
244. http://159.89.31.29/wp-content/bx6n-83qbbx-aejixm/
245. http://2bebright.net/a4inhdw/frsh-t8vphw-tlhak/
246. http://35.184.197.183/De_de/c7cjq-0oo748-iwfcs/
247. http://35.221.147.208/wp-includes/ss740-w5h1jg-tlcz/
248. http://47.75.114.21:83/wp-includes/l8cs4-3wxc6-hbki/
249. http://47.91.44.77:8889/wp-includes/i6dw-l2vt2c-wxlad/
250. http://66.55.80.140/wp-content/6blqn-hrx87-nqlgzrrnv/
251. http://6connectdev.com/bots/pnlsj-rzti93-sapdcuvq/
252. http://84.28.185.76/wordpress/lv6rh-4i2k6c-rtnoiuzz/
253. http://aasinfo.hu/images/euxo-jo6h1u-efos/
254. http://akashicinsights.com/absolute_abundance_files/1mntv-bjae9-oxdaqbh/
255. http://allitlab.com/config/8wabt-0430e-razmbs/
256. http://altifort-smfi.com/wp-content/uploads/1dcrb-2fqwe7-pkhlbrku/
257. http://altifort-smfi.com/wp-content/uploads/1dcrb-2fqwe7-pkhlbrku/)/
258. http://annual.fph.tu.ac.th/wp-content/uploads/yuo3-k2nys3-hucb/
259. http://arendakass.su/wordpress/fq4r-5gkg7w-eejk/
260. http://assistenzacomputervr.it/wattcalc/less/559c-y2fnnw-dgmcdmg/
261. http://ayitilevanjil.com/wp-content/sbglcn-5kvu4n-uoyb/
262. http://barabooseniorhigh.com/En/bly1-g42zf-bsrqkaki/
263. http://beloa.cl/application/tests/q0ue-2vdud-wuxrgil/
264. http://bergdale.co.za/wp-admin/jejxy-dzb24-ljqqgzz/
265. http://bernardlawgroup.com/wp-admin/g51m1-4mdty5-vksht/
266. http://biederman.net/leslie/7kth-xlspp-zwejfxp/
267. http://bitbuddybtc.com/btcbetpal.com/8ad91-oltcg9-cbon/
268. http://blog.almeidaboer.adv.br/vo3mynw/egrs-vh2a03-yhqn/
269. http://blog.ariamusicstore.com/wp-includes/uz7el4o-41x4lv-ecvvi/
270. http://bloodybits.com/edwinjefferson.com/lxxiw-nt5b63-hoirtvgsq/
271. http://brandconscience.in/css/usutk8-aa0ic-kgtlub/
272. http://buckmoney.xyz/cgi-bin/g0wwk-kjrlcd-yayjxol/
273. http://campustunisie.info/cgi-bin/zy3r-412rju-zhifdmrdt/
274. http://canacofactura.com.mx/factura_admin/fx27l-5dqbqv-wppohrnyn/
275. http://carlosmaneta.pt/29hvno0/4pp8-pvxa3-zletb/
276. http://carmendaniela.ro/cgi-bin/5wll-3hwdlb-ibytq/
277. http://catamountcenter.org/cgi-bin/hgcw-r6i4j-qjjctshs/
278. http://ccontent.pro/psmc9yj/8x6u9-ak8gj-pyywgjplq/
279. http://ckingdom.church/wp/uc3v-6id4rl-wbrul/
280. http://click.senate.go.th/wp-content/uploads/2019/5kf9xg-1ew5g4j-ajij/
281. http://colbydix.com/simpleSiteBack/ty9fr-r5jsv-unllqudn/
282. http://colbydix.com/simpleSiteBack/ty9fr-r5jsv-unllqudn/)/
283. http://contabil-sef.creativsoft.md/css/7tj2-xp81h-iosiqna/
284. http://crabnet.com/admin/ph3mf-471clb-ocgyeqbze/
285. http://creatoruldevise.ro/img/3skh-pghlwa-lnrd/
286. http://cybernicity.com/xbmp-1v7a03-kbgng.view/m79j-h4yuz-lqdeuogc/
287. http://dagda.es/cache/f6u1-m0uwhk-pefhin/
288. http://dda.co.ir/wp-snapshots/2z98bmn-kbupwz-laaqn/
289. http://demu.hu/wp-content/upgrade/vf9o-03vfw4-hvll/
290. http://design.ftsummit.us/wp-includes/ya1w-nhg7bf-ljopsa/
291. http://dev15.inserito.me/almumtaz2/nkh6-ngcm8q-hxslwk/
292. http://digitaldarpan.co.in/wp-admin/ew3ipb-qrj30sh-hpavn/
293. http://digitalprintshop.co.za/kgyhf1s/jg9iil2-dp5he-jixh/
294. http://dimeco.com.mx/factura/3nb3-hhzecy-ocjpluefz/
295. http://ditec.com.my/js/ymcc-99rnr-mqcfoc/
296. http://divacontrol.ro/images/var3-grecla-cfoqykg/
297. http://dogtrainingtips.me.uk/YAHOO/i1dsjp0-efshv-javen/
298. http://dotpos.in/fwqkese/l6m9-9v47st-jykp/
299. http://dqbdesign.com/wp-admin/6qyv4-9tq8s-zzarro/
300. http://drszamitogep.hu/_BACKUP-20190208-HACKED/mz58-5k5jp-lxiv/
301. http://dtk-ad.co.th/r20yp8t/speqs7y-mngn1yj-ugzcwuf/
302. http://duncaninstallation.com/images/yptss-ia6pha-mgohqoeep/
303. http://edtech.iae.edu.vn/wp-includes/4dj9-k6eyn-vhznya/
304. http://elevituc.vn/old/csom-9kdwt-rvpgjwouo/
305. http://esenlives.com/yyvmbi9/ear3t-r5slea-zbdvcqlb/
306. http://estatecondos.com/blogs/xy73ab-tuq3j2-vlbug/
307. http://euforikoi.xyz/application/wzoo-k6txu-zyjfxokwc/
308. http://ewoij.xyz/250iox-6ww52-uxrgzcd/
309. http://farstourism.ir/wp-admin/tu7r-bygz1k-qvozx/
310. http://fgmedia.my/order/to11-j9r1l-bqrppyo/
311. http://fictionhouse.in/wp-content/v5v14-mcb8h-sfpd/
312. http://fisika.mipa.uns.ac.id/icopia/files/fyhwj8-sx526d-ngfto/
313. http://flikh.com/flikh/6718-yp53b-vlpzyo/
314. http://fpvnordic.com/img/jki0k-tqeal6-dgsyrzsbk/
315. http://frtirerecycle.com/images/4uia2-5dur1-qvjqdz/
316. http://fullstature.com/mid/udt1l-5amos-vzgvmcwye/
317. http://gamarepro.com/plugins/x3qs-c607v-norfdkxa/
318. http://geecon.co.uk/autochatbot/1280e-g24o98-dqjqsh/
319. http://gelatidoro.sk/zrdgo4p/9n2q-riojg-qtdzm/
320. http://gisec.com.mx/expertos/xcck-u6too2-uhrnpotz/
321. http://grameenshoppers.com/old-site/ba9u-emivu-pxcedhq/
322. http://halal-expo.my/wp-admin/g7wn-vqjivi-iaflnb/
323. http://haru1ban.net/files/2xzy-klugix-bmhtibiu/
324. http://healthwiseonline.com.au/wp-admin/g3h8g-2rfkqz-tttvtsip/
325. http://hillhousewriters.com/images/vjjz-erxqi-kqkbql/
326. http://horseshows.io/c2nkrlt/wm1f4-ozg75-eqdvotudf/
327. http://icpn.com/shawtroop342/873d-oo9v7-qnxh/
328. http://id.launcher.mankintech.com/wp-content/uploads/d8rk-yyzib-ckwt/
329. http://idealjackets.com/wp-admin/6vap5-1igm7-oxxxjh/
330. http://iextant.com/1zmraii/xbyu-a3ttxv-bbtf/
331. http://ifilo.com.tr/old/4uyga-bykhf-mlxikab/
332. http://iheartflix.com/wp-content/wta5r-8hi2k-pnddqitf/
333. http://ilcltd.net/eienbsu/p41rbi-h21yh-qenkt/
334. http://ilgcap.net/wp-includes/v1ts-pdvdy-byjps/
335. http://ilimler.net/wp-includes/ouen-arhq1a-alhko/
336. http://impro.in/components/wtv92-h7574-etbff/
337. http://impro.in/components/wvzvl-si9qlj-jsgorld/
338. http://indirimpazarim.com/cgi-bin/b7zw-w4pv48-koow/
339. http://infomagus.hu/wg5/yrm5-bl98hh-pupq/
340. http://itpractice.com.au/wp-content/6neg-zq2h5m-bsgeeo/
341. http://jabalnoor.sch.id/wp-content/60yhe2l-mn05v-jcojd/
342. http://jargongeneration.com/Gambia/iuhz3-mi76u-idqrwi/
343. http://jjsdesignandbuild.com/tw34yvw/3ymrs-jt8451r-wijgvjx/
344. http://jobspatrika.com/leoloka.com/89jd-783cv-qxsbocsn/
345. http://jofox.nl/stream/ksyh-b2xj6-bckuuqc/
346. http://johnclive.co.uk/id/zv3pc-3gtms-wlehkhtmd/
347. http://johnstranovsky.com/96t8b-z2ns7-galcijo/
348. http://joshcomp15.com/old/server/ppjxi-li0pps-mqppir/
349. http://juarren.com/css/zb53-kxrcqu-moxwb/
350. http://junkmover.ca/wp-includes/k0ls-mfrxg-axfn/
351. http://kadutec.com/cma/aoi8-f6v6x-fybuwfng/
352. http://kamel.com.pl/wp-content/jee8j-r6t06-kkmaz/
353. http://karenamme.de/sntfy-d5u7rd-icbooohpt/
354. http://karl0s.com/Amazon/6bwc-utf4m-apdqm/
355. http://kianse.ir/svsvbk/ppcf-pvdu7z9-nkghe/
356. http://kitakami-fukushi.ac.jp/wp-admin/8x324v2-zlz81-djrtueq/
357. http://klasisgk.or.id/fonts/ad10-xbqpw-rxto/
358. http://k-marek.de/assets/egxv-ii7ihy-yazagvls/
359. http://kndesign.com.br/css/gpji-gkxndz-ldzz/
360. http://koatz.com.br/vanbora/29cl-x97c5y-vyys/
361. http://koehler-cosmetic.de/wp-content/a244r-y9ohc4-mbbeo/
362. http://kosmoverse.com/games/ue92x-phk709-wdxiy/
363. http://kowil.com.vn/wp-admin/lpmj-855ev-sgveuhw/
364. http://kuy-ah.id/megabusbandung.com/7mbn-byibei-cuptgwv/
365. http://kysmsenivisual.my/wp-includes/8lcj-aq6gr-poomjlddr/
366. http://lalaparadise.com/ponytale/dk44m-cp1tp-cbtmooz/
367. http://layoutd.net/aukro/270p-f03urt-zudsp/
368. http://lemuria.sk/ww4w/vr1h-kaegqe-cxtp/
369. http://leoloka.com/89jd-783cv-qxsbocsn/
370. http://lgubusiness.ph/wp-includes/2kc5-j9la5-rfra/
371. http://lifeguidesinc.com/ww4w/fzh1-vsmia1-xsgkcrwpl/
372. http://li-jones.co.uk/css/0nca-tf09q-nhdmsfn/
373. http://linkmaxbd.com/ww4w/4s87-ame04-jholkr/
374. http://lloydsong.com/wp-content/2f40u-e0cur-uamjqz/
375. http://lockedincareers.com/stats/izsx-w1jh7v-dldxpuhf/
376. http://logologi.vn/xo4875d/ynfcc-nnq1or-sbidwq/
377. http://love2wedmatrimonial.com/webfonts/niw6-nh3og0-azltpi/
378. http://luacoffee.com/wp-content/uploads/z861-utcyb-qpcrmi/
379. http://lukejohnhall.co.uk/wolfehall.com/ulxfn-5gi0cd-huytcym/
380. http://madbiker.com.au/logs/2sxb-8mp0q-xmheeitd/
381. http://makson.co.in/Admin/vjnf-p4m1a1-ksgqvtp/
382. http://manorviews.co.nz/cgi-bin/vm8qb-0u8iq-tzhtjwxg/
383. http://markelliotson.com/css/3b83-5zdz5-umii/
384. http://marketinsight.hu/wp/l0kc-5xkfp8-tayrwjmie/
385. http://matefactor.com/go/bhooq-yxo50-tacnfk/
386. http://mcbeth.com.au/nick.mcbeth.com.au/59xr-fvwj2f-yjssgad/
387. http://mdtraders.com/wp-admin/cse4a4-00xuo1-bjwr/
388. http://media-crew.net/bao/wxfuq-8y5cr-zebw/
389. http://mediariser.com/wp-content/z1iid-2eem68-iqngc/
390. http://mlewisdesign.com/AT_T/br0j-rgl2t-ddbyl/
391. http://mnatura.com/photo/9tn3f-rjkal-frshoo/
392. http://muacangua.com/wp-admin/ddmp-77o87-uuch/
393. http://mukunth.com/shop/hqg3-jrufu-zbwgg/
394. http://multicapmais.com/js/l3qj-lwh0g-eorjnwag/
395. http://multiesfera.com/wp-content/814et-buyfq5-nkahh/
396. http://nemnogoza30.ru/ugqwuiu/2dgf-242z2z-giriqqqu/
397. http://nfbio.com/img/upload_Image/edm/pic_2/h1te-t8jpu-yadpky/
398. http://nguyenthituyet.org/wp-admin/nger-xhkcnz-dywfrio/
399. http://nhuakythuatvaphugia.com/wp-includes/wnw7-psnv4-pjhk/
400. http://pannewasch.de/Artetra/pf6f0-vlkuko-dcshgay/
401. http://pasb.my/videos/v48pu-rg7di-llwdp/
402. http://petite-pop.com/wp-content/e35d-msulvg-bnquh/
403. http://projectconsultingservices.in/1/p8ncs-egjpf-guuy/
404. http://property-in-vietnam.com/cgi-bin/vxzb-3hjug-midvyu/
405. http://ptpos.com.vn/wp-snapshots/t78e1-nb06m-iwghnhe/
406. http://quranyar.ir/wp-includes/7fn9m-vd7do-ifllme/
407. http://raccanelli.com.br/cgi-bin/1bfsm-3scphyq-oinr/
408. http://redmiris.com/wp-admin/219mi-m1uzz-jemdgdap/
409. http://research.fph.tu.ac.th/wp-content/uploads/4qbxx-tvwu0-exphx/
410. http://rmhwclinic.com/wp-content/0jpz6-5ghbm-xdnbyf/
411. http://rozhan-hse.com/wp-includes/deo7t-dcaum4-fykaarrdt/
412. http://sannicoloimmobiliare.com/s5v4bzr/kg5em-8s0zg-wyrk/
413. http://semicon-tools.com/++install/s6mnx9l-eiyrz-bcqdqms/
414. http://shawktech.com/shawktech.com/91nw-hd0kc8-ingjmpx/
415. http://shoppworld.com/migrar-wp/u9esy-5oz3f-jmvlvsw/
416. http://skulpturos.com/wp-content/gu7lcrn-24dpp-jaxojrr/
417. http://smartklampindonesia.com/site/1o46-ic4n0r-lptrxge/
418. http://smblouse.com/cozayg4/9xwpi-0kekjp-fybn/
419. http://sohuco.com.vn/wp-includes/yl0a7-sv25l-ubbkqwiqh/
420. http://sorwar.online/wp-admin/75np-ualbr-fcqixhfl/
421. http://sosyalmedyasatisi.com/wp-includes/vf7ai-xciuvf4-qnghg/
422. http://straightnews.in/css/3klo-6mtta-cwmhox/
423. http://t3-thanglongcapital.top/wordpress/gkby-mqn1k8-oqxoc/
424. http://taekwon-do.gr/blogs/u9b33-068dp-jetkznhvq/
425. http://tanphuchung.vn/cgi-bin/qkadt-tmizk-nmoc/
426. http://teatropamokos.lt/wp-includes/sa3v-oq8le8-eabfkbmg/
427. http://tem2.belocal.today/beauty-house/1ja10-cuvei1-hvvjkdgrd/
428. http://teo.solutions/icon/r6xqr-39bq5-hfqpiohxh/
429. http://thaddeusarmstrong.com/wp-content/txxwd-me7gh-slgzwqla/
430. http://theclaridge.org/wp-includes/blol-1795ky-xmdpc/
431. http://thehaidars.com/cgi-bin/l1tc-2geoc-juulely/
432. http://theitvity.com/wp-admin/43hi6d-d8xjykp-oytc/
433. http://thepennypocket.com/ikpfcip/vs8f-6qgqxq-ihdkadmj/
434. http://thongtachutbephot.info/wp-content/9cx3-i2cxt-xfcwnsp/
435. http://thunship.fi/wp-includes/gd947-2buw1-cvsh/
436. http://todaysincome.com/wp-content/7h8nd5j-2ssh9-jcuyc/
437. http://topsystemautomacao.com.br/Produtos/3yih-qhhauy-xgzixh/
438. http://total.org.pl/wp-content/eydpm-exlyx-rjxoa/
439. http://trainingcleaningservice.com/waerjqd/laq7-p9uy33-cyjhvgada/
440. http://tranhtuong.top/wp-includes/nfjrbri-kps82at-inzynzk/
441. http://trusticar.lt/cgi-bin/smc1-dgtz3-gnslysvn/
442. http://ulco.tv/1v7wu20/8ke0q-lxmwr-kwxn/
443. http://umshopmall.com/wp-includes/ofq3-8jf01-lcbziwfc/
444. http://upwitch.com/wp-includes/l0tqz-kpj8u-wbnrochs/
445. http://uscsigorta.com/wordpress/h9nc-6ps0e-yfqedxqfe/
446. http://utit.vn/wp-includes/0bs4-l1c5x-ypgzxqk/
447. http://uxconfbb.labbs.com.br/wp-admin/pqfuq-gs3qw-qrfxnsv/
448. http://vinhchau.net/ngocvan/qxwa3-90zewe4-mvjpriy/
449. http://vldk.life/wp-content/1fwbw0-vrhqsga-dqgcfdo/
450. http://vnv.dance/wordpress/ukkb-od3d0a-kvugekta/
451. http://wedowebsite.ca/y0r06fd/a7lj-x02nz-lfmlhw/
452. http://weisbergweb.com/lxPU-3j60nDONL_Sy-66/gzlvc-m1nkv-naxyc/
453. http://woofaa.cn/wp-admin/q9mv-ofau9-fukesbx/
454. http://wpldjxxxua.ga/wp-content/7r5u-w654yw-lefjakrjb/
455. http://www.1080wallpapers.xyz/tvcgyma/uic8-ujxza4-awofezlm/
456. http://www.donghuongkiengiang.com/wp-admin/cdxm-4dmlem-apal/
457. http://www.handbuiltapps.com/wp-content/w3tc-config/oinz-ejykf-cwltfngf/
458. http://www.hotels-vercors.com/stats/97vgeb-78jzwj-oryjrz/
459. http://www.i3program.org/wp-snapshots/e05o-2xz787-owuimq/
460. http://www.idealjackets.com/wp-admin/6vap5-1igm7-oxxxjh/
461. http://www.irqureshi.com/wordpress/wp-content/72ww5x-i3e1zf-uhjxwce/
462. http://www.karaoke-honeybee.com/ztbr/d5bbc02-8tze05-dthg/
463. http://www.koehler-cosmetic.de/wp-content/a244r-y9ohc4-mbbeo/
464. http://www.lojasereviver.com/cgi-bin/1ybe-q4x1u-bqifep/
465. http://www.monfoodland.mn/wp-admin/1zgq-1fibo-fzaqgxh/
466. http://www.psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
467. http://www.shinespins.com/wp-content/7088-fn5aye-hekldt/
468. http://www.smilefy.com/it3fqqo/lcrsd-d2qpq-yixdwk/
469. http://www.webliu.top/wp-includes/wr5bmyx-fernh-tidwmzn/
470. http://www.ysfweb.com/wp-admin/5ghq-d48en-igkode/
471. http://xn--bp8hu0b.ws/wp-content/5t6c5-6mz2wz6-qibv/
472. http://xn--nmq177o11e.xn--6qq986b3xl/wp-admin/gymbg-obdbf8-avkf/
473. http://xploramerica.com/roct/ny9rr-d21r9s-moxqao/
474. http://yadep.ru/wp-admin/xuhif-2rds7-zrpwq/
475. http://yallagul.com/wp-admin/t4l1-vq4xf-inxv/
476. http://zairehair.com.br/wp-admin/dlc51-7ws12e-cutccjm/
477. http://zakatandsadaqat.org.ng/otycixa/rhu6-2g4lgw-jfmno/
478. http://zona-h.com/wp-admin/r8bx5-69sc3-xigws/
479. https://1040mfs.com/wp-admin/8fd61-zjg0m-vkyo/
480. https://abi.com.vn/BaoMat/8bklf-t2r3z-bthqpzsyt/
481. https://ahmadrosyid.com/_layouts/jrhgs-8u7bdp-fejrzkotb/
482. https://amaiworks.com/wp/tn7a-opg7l-rstfub/
483. https://asis.co.th/cisco-sg300/8leo-kxoz2a8-msiq/
484. https://asis.co.th/cisco-sg300/9tiw-qr96pq-ngmxwrj/
485. https://boymockup.uteeni.com/nbrm/3hzxf1r-25x9y-mmkio/
486. https://brightervisionsites30.com/wp-content/0opr-elb0mx-mkzsjmt/
487. https://ccontent.pro/psmc9yj/8x6u9-ak8gj-pyywgjplq/
488. https://click.senate.go.th/wp-content/uploads/2019/5kf9xg-1ew5g4j-ajij/
489. https://creatoruldevise.ro/img/3skh-pghlwa-lnrd/
490. https://elevituc.vn/old/csom-9kdwt-rvpgjwouo/
491. https://elmatemati.co/wp-includes/prei-h65j4-xnbao/
492. https://etprimewomenawards.com/apply2/uploads/2v2n-rpiiw3-zsrbujpsd/
493. https://euforikoi.xyz/application/wzoo-k6txu-zyjfxokwc/
494. https://evytech.co.il/wp-admin/7u6y-7qmp0-edbhdoj/
495. https://evytech.co.il/wp-admin/7u6y-7qmp0-edbhdoj/)/
496. https://ewoij.xyz/250iox-6ww52-uxrgzcd/
497. https://flikh.com/flikh/6718-yp53b-vlpzyo/
498. https://flikh.com/flikh/dqmlb-a671a-tcak/
499. https://freshradio.cc/wp/z0em-mvp0s8-hmnvtn/
500. https://gid58.ru/cgi-bin/vhr1-q7gt6-fbfwgg/
501. https://gilsanbus.com/wp-includes/vvdav-nxbrs-umreykyl/
502. https://hangtrentroi.com/s/g5a1-4zuh28-emygdo/
503. https://healthandenvironmentonline.com/inpiv6s/tcw4-s7l0x95-ywzy/
504. https://hjemmesidevagten.dk/wp-admin/l73w7yt-w4yf6b-vtotlko/
505. https://horseshows.io/c2nkrlt/wm1f4-ozg75-eqdvotudf/
506. https://ieatghana.com/nycm/lgv0-si28jw-jjxcis/
507. https://ilimler.net/wp-includes/ouen-arhq1a-alhko/
508. https://informativohainero.com/admin/owttd-vemyo08-ciie/
509. https://intrinitymp.com/site/163qa5i-cw6oj-ngioh/
510. https://jerryshomes.com/vendor/667n-m3xe8-ryzeegmp/
511. https://kebulak.com/puppies/7y17w-6mb1ih-hucpj/
512. https://kitakami-fukushi.ac.jp/wp-admin/8x324v2-zlz81-djrtueq/
513. https://k-kyouei.co.jp/peosqaa/a4i7b1-u5o45b-rcehr/
514. https://knsgrup.com/wp-admin/k034-erx2n-ohfjdxvgv/
515. https://kovar.sbdev.io/xhol/yr38-j1tvm-iuotaujr/
516. https://ksoncrossfit.com/rylawpc/7ys1-3pc4x1-lhezgcfmo/
517. https://lab.ydigital.asia/steve/uees-g2v0eij-dxxj/
518. https://lagucover.xyz/8agtetk/hp6jh-umij6p-rdxg/
519. https://lockedincareers.com/stats/izsx-w1jh7v-dldxpuhf/
520. https://marketing-mm.com/wp-includes/h3cz8-yyppwy-hxmpprdw/
521. https://myphamthienthao.com/wp-admin/w91c-njm03-hrdflnasg/
522. https://nhuakythuatvaphugia.com/wp-includes/wnw7-psnv4-pjhk/
523. https://projectconsultingservices.in/1/p8ncs-egjpf-guuy/
524. https://rmhwclinic.com/wp-content/0jpz6-5ghbm-xdnbyf/
525. https://rozhan-hse.com/wp-includes/deo7t-dcaum4-fykaarrdt/
526. https://rssdefense.com/wp/ndkd-vz3emo-vnlfoxuec/
527. https://sankaraa.com/our-customers/kbw7-6j5qw8-nvjphhk/
528. https://smblouse.com/cozayg4/9xwpi-0kekjp-fybn/
529. https://sukmagedoan.com/files/0ef5-p22er-djded/
530. https://tainhacchuong.online/uploads/rvltq-bt8plw-pqjydib/
531. https://tanphuchung.vn/cgi-bin/qkadt-tmizk-nmoc/
532. https://taynguyen.dulichvietnam.com.vn/wp-includes/js/tinymce/priceLib/8ix7-f166qm-pfkgwtql/
533. https://test.danalaven.com/bs24rqv/3rk1q-hwh25u-ymtshbhc/
534. https://thaddeusarmstrong.com/wp-content/txxwd-me7gh-slgzwqla/
535. https://theitvity.com/wp-admin/43hi6d-d8xjykp-oytc/
536. https://therecipe.co/ec/tevnw-kduad-jxqqjy/
537. https://thongtachutbephot.info/wp-content/9cx3-i2cxt-xfcwnsp/
538. https://thoughtchampion.com/wp-admin/hv2f-wgw5o5-pbtnfciwx/
539. https://thunship.fi/wp-includes/gd947-2buw1-cvsh/
540. https://time-goldisnew.press/wp-admin/kklk-o6nh6-bkqe/
541. https://trainingcleaningservice.com/waerjqd/laq7-p9uy33-cyjhvgada/
542. https://trimkings.com.au/videos/k6qj-emjl3z-kdvxbzec/
543. https://utit.vn/wp-includes/0bs4-l1c5x-ypgzxqk/
544. https://vinafruit.net/dckd4o0/4glcc-v7lx8-tugfjo/
545. https://vinhchau.net/ngocvan/qxwa3-90zewe4-mvjpriy/
546. https://vldk.life/wp-content/1fwbw0-vrhqsga-dqgcfdo/
547. https://vtr.kz/vir/h7tgk-jzsjb-hvmnmfvn/
548. https://wasteartstudio.com/files/le3lc-yfgxn3-sncdgk/
549. https://whimerie.com/crop-image/pjt6g-p8gbr-jemsli/
550. https://wp.radio614.org/wwscsei/ceuq9-ardv37-nuejjn/
551. https://www.grameenshoppers.com/old-site/ba9u-emivu-pxcedhq/
552. https://www.handbuiltapps.com/wp-content/w3tc-config/oinz-ejykf-cwltfngf/
553. https://www.idealjackets.com/wp-admin/6vap5-1igm7-oxxxjh/
554. https://www.kuy-ah.id/megabusbandung.com/kq6f-p7168w-brnlvtpz/
555. https://www.lagucover.xyz/8agtetk/hp6jh-umij6p-rdxg/
556. https://www.la-reparation-galaxy.fr/wp-admin/zdw1p-m4hfm-gymmip/
557. https://www.lojasereviver.com/cgi-bin/1ybe-q4x1u-bqifep/
558. https://www.psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
559. https://www.studiowideangle.com/wp-content/ptpu6-2jhhjl-kuqvxtvhm/
560. https://www.techekt.ml/backuptechekt/t0df-behcd-wyfamraoz/
561. https://www.ucuzbitcoinal.com/wp-includes/molc-kwo5f-ngzw/
562. https://www.webliu.top/wp-includes/wr5bmyx-fernh-tidwmzn/
563. https://www.ysfweb.com/wp-admin/5ghq-d48en-igkode/
564. https://wzydw.com/wp-content/uploads/bu5z-9y1uo-xaoifl/
565. https://xn--bp8hu0b.ws/wp-content/5t6c5-6mz2wz6-qibv/
566. https://xploramerica.com/roct/ny9rr-d21r9s-moxqao/
567. https://yallagul.com/wp-admin/t4l1-vq4xf-inxv/
568. https://zahirbanjarmasin.com/wp-includes/iv7p0-qmpdja-qjhytrqb/
569. https://zahirbanjarmasin.com/wp-includes/xebl-ndtt0q-livk/
570.  
571. ```
572. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
573. ```
574.  
575. Creation Time 2019-03-14 20:31:00 (DOC Based - ENG - 365 Blue Box)
576. SHA256:
577. 298405314ab2b46b80efda533ffcf2b5e92584baff5c87b17fbfd3b5b7093b3f
578. 6987ee92b404bf4dfc698ed37c4d6547b577b65658edfb6ce5fd68558f369a11
579. e7cec0c1e38ddd872cdca6da84ab406daab78cff6a250b7213e7b9596f3ecfc2
580. e8c39618254a95178165840c0526e7392e89732bbf8e0753cb8b3f14165f3bb5
581. 3ada73c610cef94aa2e3ef6b6a0d9ea835895f4bc19ec32f6e3508c5b43e84c7
582. 4668b7f974f775d249b8be01939690872e95ad042e329d57592aac2b825c6cd8
583. c2814811582584f19e9c0a779354149bb7c334bd12ec7b6dfc7300b6817c3557
584. 28022a215b0f681b76943cc9fc6f9e1f2c64cc67b9b75e70aa444d226a00eacf
585. 7fd654a123f117fb2c1c0827b25c52b4147aa880111399fc6c05fe11d1a63299
586. 73c754c33b47e9e4295b6a035b55cab8451855e5a3df5f33042087d1440b09ad
587. 7f06200e6d8a88ab22aad92c2860a6b4751a13a997a379785ccc5413af273b46
588. dacfc2496b0464d3bc29d95c0cf3cf67560d631c769c7a0692d10edc384da835
589. c1623d2b2e1fdca5a5bcdf4f52905072f4d78b2194c7d65d5ab85e2fc71284f5
590. 71b06b15649960e7540ffc5c8ee111d3522e969c8d2207e967fc009e2c906321
591. 2a0abc135cb7e2b2131b838babfbf4cef210ab2609fd0f964ba92bc14e69a6b4
592. b063bfd0b93101229534a7ff69e1bef6ead5f51091f0b0ecea450deece99e2db
593. 1b382931218e4adee9bec367b378dd97983695af76e0e195e62fd52064c82727
594. db344ee03d043efadc48cc86f6b675b07dd20cc7252e9adc59d52a95b6dea95b
595. ac9e016b1771afbbcae60da0e2393354c46bb8c4918716c510da50357894ddb5
596. d9906755f505fcd060c4672d7977e82d21863eb023b58fbd82954243c840118a
597. 03bb3621b7ec92fb8f86111e1d77b5f42e2cc77ffac76860f368ea20676ac8dd
598. 2b1299c5f8decdff75dc37ef25e7abebfed25e9287e2ba37177d242c6667696c
599. beaf5d744c87e53630c8fc5095678775a5786de350538409b82ebf3181a7d4fa
600. f17281896f0814a69d2e68a99f95d2d48003da959cd798735705bf2fc4d030e8
601. b630ac19071b35931abc47fb04f0a6ba6ecba18bd41e2ab461db7491ec0ef2f9
602. de5f54d25e4820856ab34b7394561937ad365efbd712c4c090b0cff6a11e0e6b
603. db12bd01917d9d2395c3c5b37b344c542975062850b3828876c9fe6a2e0cadb8
604. 3a38e8a5483c9fcf4c1698acc4e1b174c14b55e16403f8134f71ef8d89353726
605. 4d475b91d09d23a122ecad9f46f648e5017ab569ae705682a1adcc6c22df794e
606. 3f4cf74bb6b1face65af2e5b2f7897072a59dd10b2dea2568327098de5e13ad9
607. 00c1ed0fb173c266b5a3135fb548b3280477d5f712dcf8ee6a6030927d804270
608.  
609. https://tuvancondotelarena.com/z18rrbu/DQa/
610. http://toolbeltonline.com/wp-content/uploads/368n/
611. http://territoriomapache.com/wp-admin/bEkL/
612. https://www.thebakingtree.com/s75ldvl/NW7Zz/
613. http://tgmsc.com/0t418lt/NIq/
614.  
615. Creation Time 2019-03-14 14:54:00 (DOC Based - ENG - 365 Blue Box)
616. SHA256:
617. 032bba8fc5b50e983cf7dc3a026a6abc6bdcaf836a3db80201bceb8389131a1a
618. 9185132f689a984dd6a9af9d071f5fa70ba158b72421eeb8b5181814e04cc1e5
619. 6082582f55df7baa2e1556ecef332c817cf4f7fa6f63a25953f7423c4a76721e
620. 190a43874e8c841b9aeb4c134e5c16958f476d82b5bbd0781ecef7b236f18814
621. ae6b0e3a3c69dfd01719ffef807998fd369ce35cec86d8c00d58299f52ef6a7b
622. 85eddd3f6f7d4ba988e290107a5fc3dd1227e5b77fa83bdce67f8b5259052ddf
623. 6e8b7dafb2026f4529e1a3e1b346a9216ffb695a23d9cd1d643778f1a7fd2192
624. a4f6139816fe7a7fd9be197afa83463f88f8d716a0abcd1a936bc6ef9fb5f23d
625. 103ad4fcc7e9d7c0ee8258fa53b5fb2cfd52a7cf73fd3639e5399b8b8cc95322
626. 72f28b1b69d7c9c10d73bc79a8991e135ec73a51e1987bc425dd0166e2cce668
627. fe851abf4da0f483927bffeddbdaa5ebd5d62e8daa7130be2a098acd718d914d
628. 2119eab2db52a7c73a2755c84f25f11b591a336f3754d3c0e4153d3c12e6bce9
629. 736e6ac877fd4d043ee8572a7d5a73ef7d1cf3b1d6719e4cb69eac62a975adf5
630. f5b0ac70e785424496eadc9329962b5b6fb37c67955b9895f4d186ac9c26b868
631. a47ae1cfff2e1905c52e0b003da82c85a31888f12abaf0529aa6e2e6ed12c79e
632. c4b8cdb793a5ea94bfa5dbb4e1fb8e6876df9b2842c8254c6d51f6162c5e25b2
633. ac391132c0e2baac63c838867214a0c45345e82fbbb3ddb765d1a8a7dab7a034
634. cc3f692f3594f6db8a0727f7199169535ffbf6227f7936a72b6b0ca1ea8f1a47
635. 3451a2d2ed99ca9bb02ef7c05d80b389b08d351071f9e87c56dffbfff6199b8b
636. dabcac2bec47c9b62ecea09295ba36ec63f7718a359ecc363c72312ff964d22b
637. c2cccd7fafc6e21c7d024602be8ed99c6e0d6cde408fd301eced81ca16e3f6c3
638. dafd680c94d3342d03a839cc2426ff30918e9e5d635982ffb276cd15fde54824
639. f271048a6fb8212fe50c42bf9c6608d97a1de1b2c8b1f9cab9f1962fbedc3312
640. a82ac91e904649134fd6f8849bfb21b13f86311b8896313dc046b4b430a1a52e
641. 92b0e057ab6db7ec683f589b00a79316c0691784e1db38188d3fa57a18aa3169
642. 788ec3f0ba74bda45a6f9539c50166eade8ce6d4f98cc2f4ea3b3bf1d5ec090d
643. ebbe02073b2dfc4be3d39adc3081753e7b9c45e84cd7d4d0e8faffb61c38dff6
644. ab4e8bfe934a99a4233434006a3ec80afd25f1855c6003472b7b4da739eeff20
645.  
646. https://www.yanjiaozhan.com/wp-includes/f0c/
647. http://uzeyirpeygamber.com/wp-admin/nH4/
648. http://navewindre.xyz/wp2/wp-content/ktVWQ8/
649. http://superschoolstore.com/old/nuB9/
650. http://iryna.biz/wp/7E8gM/
651.  
652. Creation Time 2019-03-14 06:50:00 (DOC Based - ENG - 365 Blue Box)
653. SHA256:
654. a6310575fc2e5dd38f5bd09f3a48d0dd2a78ebbe8490faeadfda335b1ac29e69
655. 45618c5e559c9153454d0418e3d8c5f3931eca4a21ffcab5839055bccdfa9c6b
656. 02fc347726000148699c3e29a51adbc40c141d64c57b2044ea381bc76f03a49c
657. c7d754e69ffbe5b557be828ccc20b2f542322d1c621def297fa7485ac1f0c1c9
658. 8130a41e0a62eacc0edc4ad4e23fffefe9e2afc3002a8831545c6d9d595e2048
659. 1f737773ae72828b7b2ae8bd5344a0a6283b2f9208bcef9ad866fff60812beb2
660. 78d716d01aabc6f5978edb1ef7a9009fc034662abf02a9f97b11ef7d34f9cd26
661. 1dee03b761e67dff40fb470afe9a57a935760631c47bdb14c01d6aa9d28c4a6f
662. ba201ff8308d6c6dcb1d57c3d3b7ba41455a5ad8422364aadab1bbddc4cbf4c2
663. d9a76c693ca85c2a01a4626a3154a67ae6e3120b5243ccd92d0f0d780896cf65
664. b1c5275501caf2b65e812161116756f115bc7147719ff9089e712ba997cbd5e8
665. 41649b8bd47f27848977ec9ac4d56f5c857f9bd73821867658762192ea97d8d2
666. 2b51843fdd85f5e217aea090113149464ad2ce5953f06867ed6d6fe0a2b473c8
667. 28c42f05f014b12a1649fd7813f3105ae4358a0facc8e8b95bc982a67c8f8f57
668. 7371b0d290cdc3e0e91452b1b4a72c6976b5ba0340b1cb219f7bfa7a5aa386ed
669. afa6a91d56b2b7ad44ddaa388df8f223bac04f5d9e2cbd71cc5b2c1789348150
670. a81db02bf914f53e9965b7a96b734b224ba9e91e871c14c4e2d1eb442859ca2b
671. b373066fc3a462ecd0d0741d335743cf9cf6e8d6ec7a575dac81f5ce3b855072
672. 20f4d7bb58808c0ef7d6dfd9b899e5170999f94808700b7e4bdac25fde87e9d7
673. 1bcaabbe07c8ec65ba643402271b2c248a997fa58db616a1388ac4469480d402
674. 9e61468767b57da2e1d5063bf0c51e11259c84ed11600cfc2621657bb0e046b8
675. 04baa92a5b2f81cc2888e6966f77d9b707b37d029207888d28693e9e4c7b3b63
676. a7d335913445ae1807fdd9f4664b7d7e8cf9d5b9abe70ea482e0280fd197b97f
677. eb24bfed85d8ae692c935de4dd07f4a409057aaa49774a2d2d17b648fff18034
678. 61cd65890ec3a1bf8c5d5d93f8e5e7463246c281d9042dc91d0c258c22c6d72c
679. 008316b843e229cd893d0a6f2a497e69fff4797ca6ee8ad41782a7db0757ddf7
680. 1da577cc36113f342fb1d47d9f75056ca7792c1cc40aa38be150f4554c0cdf65
681. 1da577cc36113f342fb1d47d9f75056ca7792c1cc40aa38be150f4554c0cdf65
682. 34dd1fe0374ce3e969229223ea1692a1c0d345d92a186f54e310ca4952fbac3a
683. 5f9566138e350135ffa42ea776ef56c5c73488d0b9f7604adf3a52e679dc8822
684. 83453db0b74fdf3f9381e7ff66c2296e0368ff2a86e58b940cf4c4de3382585c
685. 7f5b8f1002cd444403a0ade885d50a1fd1e1ba3d2e36e2f79c46c6f9778965d9
686. f732d4683d065e2d367cd56e0d297e145f8a282bf68a5a7399bc4ca2800161ba
687. af878f53830935a89349e7b26dc0a8d2b3f8a1edfb66783ab7a0ce0bc8807805
688. e17456b3ba80a732e848481b3142fc332f08db3db7135d80cb29eb6a355c09c9
689. 67142a582216486df7ea2c9b01f81af08c342bc34daedeff93d4bc8c9b5d3ee2
690. 220b22b969d2b92cdc53d74baf8cbbfd82d772eceec10004ef683f96d66fe1be
691. ca99260e9f2c08cd1bcfcb817a8e5897402615415a2e7c195f008e6bf5b4a335
692. 685ddee079e74a549c0c6784a626b7c065cb26d9a9877ecabbf524dd0702c5d9
693.  
694. http://ngkidshop.com/wp-content/Vtm8/
695. http://cnfamilywealth.com/css/pu/
696. http://159.65.47.211/wp-content/uploads/suhn/
697. http://dzyne.net/jzahb-pnzc6s-oydtsbquq/2a6A5/
698. http://118.24.109.236/wp-includes/4Pu4/
699.  
700. Creation Time 2019-03-13 20:55:00 (DOC Based - ENG - 365 Blue Box)
701. SHA256:
702. 459397a134b2b4a201c2855bbb2ed4d1eeda9cc7637d7c65201e0a78217a8780
703. c060ca7e926c137d2a9b90d0182b288b86117430f8a7614a1bff92b722ee1fa6
704. c060ca7e926c137d2a9b90d0182b288b86117430f8a7614a1bff92b722ee1fa6
705. f8218ee2327f0a0d1a545aa4289a62547a4f5c186022939b8e7b7300f5dce0a8
706. d1c7f942134f76263a65b79372b15eb5c0e2f48d4842c09105836c4be4a8be76
707. 5bb87a0173b861f7790dd1489c31c32f4a5757ddc5186976e06b63bd7ef6c46b
708. 21019fdba804009eae5d26e4341954a66178838fcd0987bc4c5fa6407cf02ea9
709. 561b5e6ed0be4a0d73063bab95cee962c10dec9d0df889837d7cfc9876f2d8d3
710. c2cc283b1dacbd7b0adcbe069aff437c1fc7c93ffd2d3bad152333301e1ca913
711. 649bb7107a06b05284c26bbddcf1ac7b7178081cfa5fe6555cf3a36ff1fb6856
712. a97fa9403745a0870ce9825e8b6d5591b53dfa935e52e09d874f9118a661207f
713. e5cccae034b70600078ceffa36bc978f093a812398bbe75ad33b057ae3f50d49
714. d1f2d6371dac7d666a0286551b68bf5bff6fd0c105a36c602272b7a33a8f90ec
715. a4b0538364ea5b39b92022bc5a4ba0dfc73e17b407e98d29b2de968586f1b42b
716. 99886b194a90abc88812eee1fa28a9a4fc18c103855fc8d972766524c7c6ef5d
717. f307734cb3bed7d13b9a497d3388eed0aba98bd1618c2419a4c72fe609006c06
718. 8de3f82c3775e3c0b38daa26bc3f7b7a6cc6a67ad8d99b02f92bc5e0da60263c
719. 984e46e8b29172a632f76dbeaa82b0188a563d25e9862f6d8d725ef4e1823a85
720. 9f121e7e36b53ee05c9514868ff7bf9ac111bf4c37d39e00927a50417d6e042a
721. f856dcad62f7192f9fc5bf924ff8a7bdefa1036c5672a9a6d5b1052bbecd9ebf
722. f3ecf08abb0b2523b110c78e58e554a0e0acc75f83af11326b628d068aa58d3c
723. 000476cef7ce5d5a1cb3a1ed4f4d8f261cb2394df4a759f9aba2c6be58164331
724. dc2d7d84c882fbcb016241f24c84e12a57310517357d87b6733cc697bacbfa02
725. c818398d17982116d2a5d29d33c44c5af6feed867a8caa639c78aca1c1ba362b
726. 807dcf4834bfaa4587ab4cf4ae71fd1c0d1f64b67dfc9341e001b1efb6b1e949
727. 9688017da94967bee0abaed3a776532c84aeef410c40dcdfb477c2060b05248e
728. 8481adc2004a97bbc07bbc47f6601a7e7639b6e037e797686dd1a8d159264b2d
729. 78d791edc7d71e6fc275a9bc93e66a58934f4cd2ad6b5468cb021d1fbd0d13c7
730. dc87d93d01f22c38de94079e6eb4fe5e97001b37753be5a5c503fcf36ad4f528
731. 312ffe5cf618e82bbe2ab1a4425b6c2927319b52c0d440721a97f3eda519f145
732. 8f03a01f8f47e53607f1a6a9297a246e336df4ea26d62a8560652bae569a3fb6
733. c4bad470544e10dd6cced30cd7401a15d69dafb03d07c65cc08f4d20d4b5bf58
734. 2e93e7c34ebf56a7df68553db3978fe84969e0689f6df6fd66f04209d2a6efa8
735. 04e5044ec07d08ddfcf21f295befc3a633824c74a62aa8ab701a8a1928e95cd2
736. a51704c674881ecea35f356a5752d350beb4fd262fd2d497d12632c7e966681b
737. 0d5981ea8f3a35516b953b2a7388228ecc2f89da80fec3ac5b13dba11145edac
738. 42a2583e3e1d624482f525e388ca5aa9a13f7f9759c10712879280a105b0f47d
739. 17afdf7759ed22dab50bc59c3577df7d3ede2098f7d1cfeda4d52a34b6b0b00a
740. 1de033897656da4d0da38e639e78de54d3a98a93d3439787fe2eea65024cd960
741. baa05ce9d41917c1998e4d992ade31e001f94bbbeebd941c8d0f4b9b37176f8b
742.  
743. https://webalanadi.com/u2go5i4/HIoJ3/
744. https://heritagemaritimeservices.com/wp/pKKS9/
745. https://webspeedtech.com/i1kk0xi/lv2/
746. https://pjk3indotraining.com/sendinc/vDRz/
747. http://turkmega.net/wp-content/8po6/
748.  
749. ```
750. #### SHA256s for Epoch 1 Payload EXEs seen on 03/14/19 ####
751. ```
752.  
753. 5aaa7b47e03b4883016f4cc54e0ab908beee8a54e5a2058f7f9cde3dbe893aca
754. d5c3adafacd86bed9c4f02aa3d0ec14ef79f81767285f4dbeaa3e86768d65b5a
755. 7f75052b03d64fa42d05ed0afe34247b8d7122c2eb317ec1c499952d0a69dd58
756. 5f7a33f4423f9d255a64709e2fdd1008f9462cc83dc3d7c29f33603b38f604c9
757. a1fbb29614204c6522b44e0c6541d89671d8a407aa6e0a223a66b7d4a3061439
758. bdb0df1774c43298c4ead8a5fd6e73e62e81a4eb7070526e606ac57d493191ea
759. 8cea750307227cb351e8680b08edd3c4c57934cf3405757ba69b7ab77d68221a
760. c13d7fb43e01e0a5a9db03ff31e2060990a3f8a068a42cb0c63a05e1cdc119f6
761. ead850aa18cb6b4f65fc961e7d157b3917f989b50c48398033cb741eeffc6c4f
762. 7bbf64c60d03945808c53da3c09cd9e48991d6b38d2b3f36851ce457a6d18ade
763. 1a95968467012cbed7e273be5b9c93c6e199f45fef88897333b116ab1fd29819
764. 60e9ff9466569ea2d3b27fcda1a780a51413642915c936e41ca407dbb7312095
765. 2fd1d071496ae46e9998181e2c6a77a20a02928cc0b2e665cc9217a0573320c5
766. 90436a23d3340055ff4b5b7f0d7cbf7ff5d3a87ed9e0a6d74084790547860d51
767. 02fe87450fa1c53f9c0d97a069f6438310a7c92cc16a282df40f398c1b0e0be2
768. 1c00d7705c6aeb1c97869618b82b39bfbfee7f699c2fd1f9d3e997754f71256d
769. c0aeb3c739809532ee9d6eba5a6249028a6a9b008da486df06c3af9befbf81fd
770. 72bf1b0aaacd8f97d9c5251dce3a7591df148cabc28cc3d99599149ee71243b2
771. b19c3a9f5839637fd33694a7644217ad0c5a73321b2134a984fdb2238317bb6b
772. 4e32cf936d187fc07378a1e2bfa756d507f0575d91e621495c15f531542be2ec
773. 2027e411aaaa85f4d0cb98d739ad0bb9d3dbc7e7c9961812c6335bdcf1c55d88
774. 5ea41afbf36bda52eec99f60d043fc61fdb4c77f615a4feef0a7bc8096f3f504
775. 5e1af19ef1065505856a16915992b31cc6681fa39247b0093b58775d8a790179
776. 5275875bc80d5039328232d24cfe60e4db6e1e31e606abf1b38d00e13f4e155a
777. 8dab1b7e92c2bbbcb29e524496fe4e864edaa98b6bfd9de78aee6a70c97b187c
778. 1160f1fc02dcc1e28087f1d0ee5aca2566cca0e28d0faa012fbfc770b3dbe98d
779. a778e64999ded84f5d332da7c4ed428468a6d1cc9585adc03481387f9a534a00
780. 61cd250b58420a61a5c2adf579cd796c1e3c8416e2cec30a4efbb1aac439c1b6
781. 0370730dcec45b388dbcb80ce8da090bd53990f5f7fe8b5c660bba0d038bdcc3
782. 2d681e9ae8e35eab12a1549d2bb598c738d92b74f534ec1c6c7a34baae3baaa9
783. ffb7934ba175c0e1fc6090aa36dc8b03e990b723ea7f9761239382e3c49f6afa
784. 2395efa3f93f82665d2657bdd72bd8c442f4ad810d0ce73d997555910e8ccdbe
785. 9e8ec93bc3f5ab1bb4eca9876a262797f94ad21ddb1858509d3b80e0505bef8d
786. 9127e72a6fd697f54f4cf38bbef340e742804be39d87f67d7ecdf2b0acb6274d
787. a8f54d7644cf81ad16b72bde5786c496f21b282e68d957fb70c4b51f8b3b9bd7
788. 51b9c2ef31ae9da4a16cfdd4e165c5e4ccc121aba285787515a638568af6341d
789. b8602812959cc580b32a878d2a1b5334ee22f39578751334e0413916d7aec80f
790. 0aec6477d1623452d7e485a1d29d3a77508be32345e6f15aa100f30860bfdded
791. 71c0c2b5ae203d0215810ca271a1c248f7c3d2e811fd0ea8cc0d48b1bd070179
792. 030d73649424629f0c686b346b0fe1e0dc0a3349649c16ff1cce57e462b5a3cd
793. 27236b6af1e0676f381c9a917c7d870099fc4a0e133dc9dba786792bdc1433e2
794. 8e2dc1eba135283c0fef8ac425e413bd736773d16442bd33050db10a9d1a056e
795. dab64cd58b4bd5d9baf41bcb992d5f5943770646a3b0b6151f8f4a89ffd1b1ea
796. e44d3dc2a07fc182396cd0dd54e76908d076883be4b19ae7a7d67e8a9e6fc640
797. c801f9e3fda6feef6baad75fdafa4c8b83c17d40bb0a584501cbdb2068f596b3
798. 822343a777a3ccc4e465fd21dd293ccc5da7495c69a17dc7232d8759423087ec
799. 3f3b36e9c66399e90ed1c03fa188b389bee6263f10ad0f7e9d4b3670325ee612
800. ba208748f1181f2afdb705b78b8f2875f9a864c22df66f3f44d7d7ff7f1e417e
801. 6e3d925170c3b4b498101df88b189cd435ace2a327a5847525421886278addd2
802. 76d92912030b9ff18e3fb7b236ef1bff8933b631e328b6223a7300c3a56af713
803. 29e96fb7e2925da29fa8850739cc2a23416408474a441bed6096e85bfd70121b
804. 6d36997229a280149dc09d14e8c95c0c69cf09d97d3cad285cf2c3edee46d6bf
805. 2bac99c686a7e6b7be41fb39f218855e9c93eaf5ac20197c0336dfba3542aa73
806. ab4414564be6ac8f5384d8b02255f3fa411f4393d89092bea85f6fb35aaf53f8
807. 63b9d2e986f7375ed96c5da213a1167ec2cd2faa1c028bc94b5bf5cfd4b2a54c
808. 5625588feaa885413bbaff92ab2aafae80c6f4fe35d02782b73a8fcc7a5e6b08
809. 4072c0e6df9b00c247b6e40d12b45ab957d0f8fb5e063a83945f0cfd374db685
810. e87335918aa7699ea21163fcbb5c092cce2c3ce315339cd6f1a5d2b49f40ee23
811. 4823687717c31a6f14e80682a94c38a7b8303c718ee6ab343640c1c4cd5a8c78
812. 5dd59dd538bcefde3d3f914a7834dc374b97260928d08720c33f0419c7c5c365
813. 0a6c48266af7944520300d24beda4e41a1781fa870e701c1e19aaa8497d0852d
814. 5539544fff769e075e1e4001241bf99f50ae54522860820d927f5a70046a49b7
815. 5d19da495343e56995bdaf42243f586cfc2d0fbcd0083a0723a673f6d505bfb0
816. 7218993e1163f824a450cd8f997483ead16982e89c82000f3c3a90731dc0320b
817. 37e629ea5097b81c5e0a6de546003955ba56f2ac46eb0d125dfba2b1887b6a51
818. 09160f0aae57d08465220b38564145642c38e99ba27174356eae3229922ed187
819. 894086b75688a1108d0a73f49ad12ca19f718c142222836980293422fba1c172
820. b3a8a530b7c7e481d6516e001dbb9f0caafd8b0efaa368a1fac142a6ff8517ed
821. 6e6a3b2182069da78680c31ed30cd55d029da68551c2db6d26fbac103b04eba8
822. 4e3faf451041d8a03cbe71e4a05a9fe66cf87a4f22ccfc6c108d5425e8c7191e
823. 130e254a13742a3a55eb8a0b6ce6cad6e3f7f70b170fb051be4b14b41f0e41f2
824. 08953d60d21080b41946415c0f5a3a15b0630a0b20339f4ab88cfdb0ff31560b
825. de3841cd0ab0001fdfd28a4f3fd15d5d20c09629f7857642083e95fa9b716364
826. ee21917b1596852818813250aa9a5ee37e87f7ca43120e17f09f940d058c1557
827. 895ca7a117fba8a710ffa11055df4b88a73a44dec199ef1973471701f5f17726
828. d626aacbbd26f0c7d5baee7fd6e49ee8ae2aed7c6352d39ac25134e9985400c6
829. d86584f92b6af0bfde4a4720878d5ad64f6d8c295b61f5cc345b2fcfa952758e
830. ce02af48d799e21d832c1dca0607e583c5870ebe179b3c096c3a54d7431c7ca7
831. 98d752dc5874bfaa2739aeb0b83e5ca0c00624d86db827422070a9da9b69d866
832. 022d00d614338ac8e437fd735dab85097d2743a0e4d4e2b9e7e3f1727fb73e26
833. 1e7b0711ea10e083bbf4ed19b798cb4016a8d7cbcb61b94e56290c9ea954e66e
834. 5c5acd7e82fb19bfa8a9759c1fc51e93acffb579661fc9b4455fa2f87fd05089
835. f75984cfa2bb3c33629e71565da34a8af4b087acf91a19b1dca7481d7adff22b
836. 7b124522b276e8e7ac3e7bf332b7d153902b257119c33082e5fb97f529635d8d
837. baffded947b9179545a8792871fae5a0b57425cd62a94e0d7dc16b7b2525a5c8
838. 60234752a28355b39c1fee9788bbb22b9e257e56d9a178b28b4f1c6a71990ed4
839. 77a5bc84a5be4def68a699b95364a83fee890182b9ea786dadac7843af047c3c
840. 863f875586afd75b34c38ad0451959ee648c870a56ce97b392391e7eb25274e6
841. 29d971f790f31f3749e8b82b80b62b8f528f28174f2923b58c7032abb13da07f
842. ef0bed98d6f616aff66f9057a7539fcd9a610e9b84ac0f2ddd583e3ee77e2939
843. 9de3f30a6de4e1bca82b22f12982f6600764be38fd29f2ecf162c79bcf977dff
844. 8cd8922d29ea60faf1076082815611ce7787d8cd36d954dee45ff20b170ee52b
845. d8199db09a16c0f851cb3dde4fc06183d23650295836d1a24c4d868af5acc7e3
846. 49901c6e92224c150f8ee2a3b0ac070994b8c2c0b983c8d570b689227af501bb
847. 065f32411db332bb6bba294bcbc7ff3250fcfaa8626648d48b67564be9ed99fb
848. 0597f7ab25ef6f29165e7d6485828342f282bc2b3b0ce7308e08f83df1e0a597
849. 516efab4a4db7b95341c6a561b3191e4e2ad6ed63b2305724998a00f2ad95860
850. b681565893796b7147bdeeabae464bf847ac52118ba86752f9b4e31497f7d088
851. 23366809d729f79d799bdeae6c1ac940acea3b44d3938c5ee24058adf7092dfa
852. a23ec414050101d59d86882af4b08352b69127cd2cec22b9037ee2d5468293c5
853. 42aa5262d90aa2674d92cb7983c3fceca8f1d7858980012567d713d0a0052462
854. 3ded6a6d106453e18c0b9e105c2958555cf9e64d6a385eae9288ea4c9382dd7e
855. 206068cecaf6cbae480d5e78586f631125463d8bdb108e6f00e021afd8f52f5e
856. 21784d7b810861d07345f96a144a80d1cc8772220f5eb1ca3d858c6f74403d13
857. a1a218d04238e14c5d1c97cb539a6f1d105e559fd6fd1ba86aa3cccd1af1e6e5
858. 2c885c8bc6710f04f7da80ce7b16afa847e0126e6edd0a6b4dcd3acbaae84149
859. 48955b9c5bc8171e00950576b342500551009fcb9bfceb7c2ee8726340f1a05c
860. e77b28036819813a8ac3eec8ea6ffef7494bae2d6c77fac2b40a39e71c510828
861. 9796b197c3fc64060c3ef127d761efea85d5c5141de24fd523f983791bbbdbe0
862. d84f1c8a95d3032306ed8b289b8de4ce66d210633ad5c9775c05a77779547d93
863. 312526f2b4a6f7561b36909208e72938479336fbdef8434ae7e7f90cf691f81f
864. 1d67bf77fff4a7689a2f47b09e9037990975e8d9a0c4662a57e9289887080941
865. 252a3fa3034c996bab274046262306d95ce8021fdbd608ba239a61e4a66c2fea
866. bfb98b4f11a67d318b673334bf7f2f570fc9f19f21109936ba89759ccc221b48
867. 5be0baaf0ceef97d164ab686096e0282b965e56f5bc3c590d6e42d4e4ee95437
868. 1b9bb27fd2ce4f34b73fdaec6fc1ee5f7e38256dff436f8e4f393eba5cf4934e
869. 8561d2615682a30cd8878916466e049364bcf2adc26b7aa8ffe1f6c9b09d3dcf
870. f8dd325d14c667b9d4fb85cd47836ea85b10bdb30abefc3c490e07039021d465
871. 01f4ec155adcea5c0aa4351deede7e6556f6e982f97b0fe3a4a5022bc7fdbf90
872. fdabe7455451d59a87941a18817e7ef18e5123ec40f807810e2b1a71be0f4fcc
873. 52eebc92dceb5fc2efe24323ab1414066765e67145dc156a1891c856a0105951
874. c33e7531f5b70f6ff5edac77bb0988ff094660a8550b4911a2eb8c06f9107271
875. 95b3cf9bf25f806a6789a12b5be21a319c0b8f2ea2592105e5594d6f44b6246c
876. 9a077b9e0c7b01350684ffd0687723d9da6912a8c932a4bb513931ea7fe50e2a
877. 93809ef370a8c557997ccdf2259931ad877b69d11a6598201cdc01d4233415db
878. b89e531b4bf91686edc75f4f80d0decc551e10cd987b40c592f7e250825383aa
879. b79a56d3f02dd636fe5a8f1c07a05d397b838780bc190d2b9b249f41fc2b08b4
880. e6451730e64a72210b05e2ae85cf1160cc0994bb78b8010c68e3cc61f90d3494
881. ffa0cb5b45df7a33c92c8fc64d1ab1ec6ade9d7abc8aafed71c3917a43a6af4b
882. b17bff4e87d5bf46816a04e212d36539813ccfc6c2a1aa77fde3e19d777403b3
883. 485b4259e2a0c5931d399e898de23e2ad58fc8dc4cc3952370916f0ab4bed161
884. 1648bf32e8e643b1626ba8a73b8c56e3dfb61a91698f1fa7f264df59b8572bde
885. ff05173d0a417d53e0e9bcc6576dbb0725beb6cd12fa271834f78b383ea3a134
886. 27b3b1190fca97a4e8c138483ee10bc12b885573c167385d881b6877590b2fba
887. 17fc94c0dc5b96391cf4d6219a210555487123eda20869d4785f5527c7c1c71d
888. d0944f15e7e3c4f285faee9800f2c8ec5069f34682e542dc7f1d5be160f0c823
889. d5b35baf6a04d1769100b03189183090c099c33fc59080b9b95af5eeee3f64d8
890. b03c6d154b9c6e32b442243138b8236b77255fe70f6aca19dd6718ab3556cc28
891. 9ca1df36a1a600ed5b3f7e2f2dc53729527ea137d39ed7bab80afd2945463946
892. 76cad0defa19f8e06284e63d07a6f3f2c990f807175bf26b5d63758cdc0fa5f8
893. 055af7e2d0cac8d13d090d9667081dfdd32807019f8ddee0aa5322703b331928
894. 7f9ee8370e6d39cd4f3903d8e88b41ece6e802024f4c48f226576a2e254adc14
895. d0a4279f9b3dc07944d267d0707b9b272e2f06f56bf63d67c7cfa7df198c574b
896. c928843f5160c6302cd6e1310337f3c9ebf84dd9c8cdaa261ec58fa829e22b22
897. 408a51b513b872ebde98767cfdeed93c63f3284c220d5e5840df6640d13ca1f5
898. b576ad87762a60e9127381cec5a5f1ea61a80fa858f430d90b74cd60af993562
899. 3a5617e9e91d8bc6d0a680cfc3e29bcd800b3e8c1d47fe40f513995802933aa5
900. fa2de97d91259dd478d504f1b419677b44cf82ac7f627a7c1e1ce0e3d87867fc
901. 7f65770b8695a9e2561a2bd0593cb06572babf1ae2baf249aa73d6e621eaeea3
902. 2f0552c1daf1f5a442039c27ec9570246e500ad323acf63d9b8999d61135b0a9
903. cb53e1ba3eaaaa724b0bb394a0c3985f7c03befc9a73c5dc41c9e72eee369e15
904. a81782cb92c2891e16cbc615b99948c53964397afb98ed7b645e8802ce7e3e3e
905. 0847501d8e8523051d54189afee8f4245bfb23b83bc5437e817a0924f22672f7
906. 57fd2b8f603bd19a0c09f22f6d0ae6ed8f2c21b3bd83019c95ce4ea52f32abb9
907.  
908. ```
909. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
910. ```
911.  
912. Creation Time 2019-03-14 20:23:00 (DOC Based - ENG - 365 Blue Box)
913. SHA256:
914. 74a8910000d81c657beb26f73a668d649c30c6ea1e9867d7086e00d08a1b0c77
915. cf262f6b2cee7e95b3900bdc19ff12a06a01f262694d0c99c827687556f7b5b5
916. bd6b0a8c2ba7dd51fd2816f8f4b588a93dbf5f89f52bdce125e309ddb1858433
917. e9e4cd2f2128f1782443cd369f130a08f0098b21c4abb4ebfcffe9849dbe6d6f
918. b90e38df9762ced356dcb51126bbc6a51532947e1b1f04f12203679068bf514b
919. ff40bd95310cba92effbe22a1eae2fc9e198224624f6c590aeefc283187b2e28
920. 25a3edf18876053ba37f18681bc0d32405d0bce2399a7e76f7251e05633e4c88
921. 05f052aca11ad0d1d2dabea4ce046669131b23c30347e864e373bf2f02a84606
922. cedc85b1d669256b90cb39373cb3c355863f662e49a1bfcc8cca893d2c5efa76
923. bb8f603dc0e356ac1c4ab5e9c6b8005ecd39a392e681402ad40b5d0cd804f668
924. 28b4db9be8b5f8420b7e6a2129f73f525d6124bb0a009c12eb22e6eedd1584a3
925. 562d5b97c79d21bf2f6ab0bc588c8ee6c2754257451cd48986c86f389f21116c
926. bcce04516238a62408668fad8574e17813b890503a3f6a79d15c218ba90232eb
927. b807cf6ef14aaf1772472560882a29022118ee224c27c1500bee0a481539d76e
928. ec6c34b5caf9381cd07ac2f6ed1320707e64e5ab77b19751d89116d1c81fc00a
929. 32ba942cecac3d19ec25037356f984066cf1d22d609c9eda6765283a237e57b8
930. 76764d3d22bf183e62a16b907edf2a7381571cc7386a39e37718f2643de55ff8
931. 569c99524164a9525b2180f21451f80d90e91098965dcae3db1e854a5c4b8f23
932. 092fc30364d1bc30ba813c65589b8974581b1f13fca93a44c979b67f3ef2dcf8
933. e44af298e1fb69027db9f6ffcf9b20791065a1debb1809596ab7f9ebca2166b4
934. 1a9e9a743e6cefb2d374a535fc46324207185bfd7825b4b48a941f2652517d7c
935. 720321e902e4cab3268d63dbae83f164286a7d12aa73e6648278fa6b3bfcf644
936. 4313abf129ec8df85b4405839b7d38bcad07414890ce78da5dbf5f56aa496a59
937. b386e29b91a22090f09e821c0aeb8b171d2b693116d8d95f4a4596788bb59f45
938. 70044d8dc58309606a693e0f5f9dcb7586075da46da06a69def13a995a37489e
939. 5cea0075a5a75595d2b75b84f651fbe3c69241c40845e85452037a03a90c5359
940. 3c3b87897819b700ec830e317fdb2d79448f4d7af9c7b7f831aa554a1989cabe
941. 1bd75b896c0b24b407b13405a901c84eacb952dafa5565c4617777d436417d68
942. 388ca94d387497a4ccc6c2d6df665fe3ccc0e6e57bbef45d64ef654fb2c11a18
943. 6d68a290585c0c8c14872708dc770c050331039ca3e18aba84e769e032171277
944. 4690378f78e894b2f9669c0b86cdc1528e663d77a8987938b70357cd962b3a36
945. 0342e996472cd13ec651c008a23bfaf4728784cf17c726f17d92f6db4f7beb67
946. afb618b3e57391c0a07ca2a2e8c9080fcdcf2331f4790cb47c3352abab9e8025
947.  
948. https://thanhphotrithuc.com/wp-admin/3bL/
949. https://www.gcwhoopee.com/cgi-bin/t28/
950. https://thinknik.ca/wp-includes/FY3B/
951. https://tinydownload.net/wp-admin/1r41/
952. http://tr.capers.co/xjoma8v/jb/
953.  
954. Creation Time 2019-03-14 14:23:00 (DOC Based - ENG - 365 Blue Box)
955. SHA256:
956. 87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac
957. f9380a52275a0b8661bfbdb17992ae6e15d8053f3ee937f2bdaccaa9aa0987e8
958. 742d2d3cd5908d4c5e7730e43181b793512c36df2dcd1e9083e1cc834a885bb3
959. 2c7e6bcd1ca2520a87053ccd01b210a850e6846eba5cf291a53723b75e3e3cf5
960. dca4d945c877cb761af0260da5444b51786fdfdb0eb4f3fb749ece6ba86bcd80
961. fec99d5048f8de769828b7bd914c1f3e0598dff06a102ee328798dbd58e22466
962. f536195233656e0eb03b82aa5ebf58dd17af4aad1aed47d149837a26b93eefca
963. be50454383891b6b4c8c99bd70bbfcbc9595b2e56ae77d0619a4437dfc4c4ce6
964. 168399973502212b1938656d770f7c8197c3cc6cd45ec9198495a1ccca08c90c
965. 851560c9049919208b320f946eba01ed7133b402ac40824d8039094a45f73719
966. 90b389ea0ad281d78c57b8002497b12c3665f4ecf533785b679a75583bb729ca
967. 6463b40e63fdb8fe75bed1c9c568c990dd6c52c1a772b81a02c9f4c827bf3b2a
968. 7d3089cb9930a9d0c0fdb7d4e5909ee4a9b470476cc9b99e57bb1eefba7cf7b7
969. 3a5cb31558f8cfa9e3d0bc7517b7df7886963cbe63757d308507464855948252
970. 3eb82a4222e85a3bf961d094c19520e14f28142b9b58cc0ad165aaa219c788b8
971. e2db4bb6197ceb3f7f526b90f798ab50ae9da76d3bb73613d099762a4d9114fd
972. 456159e926a54ef47b04b71e38c1ce18f61497e88eb7d9543b7274cda809018c
973. b4230f9bf711e4e1e28421129ab0b7933dcc2b9c99d6026e2b74a16d782e6078
974. 2e265dcff1e52fdc87ef63d5fb75575f8521388a4801b770a502dafb4619b229
975. 8b3c8e2a58bfb217575976153da622a16080b631a764aa9c6c0c8d49b4a20f7e
976. 7f601495b0e3cbca55b2019a759af31ae1628ef4cb9706b73322e6640c861e0a
977. d255e5211b7cae6180d9afec9663c09d4202e217fd2817ce9a63e8ec4467aa53
978. 154153974d0ecf3c75cc6469f6fd4345cc2e652a7c01901e5ba00f299fc64d17
979. 771e28c10f99edfc9b521781812ba97f23cbb55da672049ee7f3cdeaeb039e07
980. 04ca9621f75adf50a9f0bce9ae46d4bc7d800c7cc92b823f73cbb43855ad2da1
981. c6cd11d5d0a76acd4657ddc00fca031bc39df67350baeaf8e3714a982cdedec6
982. b8daa50621bbf387c2cab8d2788eea874f3e178d75bc3978b3bb817aedb6ecb3
983. 6a372b1b2ed89c0a7b5e71a77f23cf0d8ae9b8f315d7b9ad19f3f655ee295806
984. 5f5a00ed2f6f8e405a0800e7d34ac7fec27a2019e2385ae4dc25d9e59f36840d
985. e34c2e3d493cf67c31fd7adfff5041b773f3a45b959245e62d922e93c1750573
986.  
987. https://vesperia.id/wp-content/TO/
988. http://turningspeech.com/rm44r5z/usg/
989. http://zarabianiegeorge.cba.pl/images/JN/
990. http://strugglingcreative.com/wp-content/M0K/
991. http://rossairey.com/images/hf/
992.  
993. Creation Time 2019-03-14 12:45:00 (DOC Based - ENG - 365 Blue Box)
994. SHA256:
995. 4f1e3178082a06256c13dac380d5c33f005296df47a37ad92188added8500589
996. b0a1885a6c9c9acdcedb5a167dd6ea48a160e9b0a61a49a8d71070f76a5dcad3
997. 52dd153ad00295d51556ebc3221df7d3df1c9d7b9f34f8ee75c50caaee790c0d
998. 7cf568a80f9e6e47a18e36d724ef05e22799ff9458d5b6660b428b2d49553e53
999. 6bc32963aba0c8a057037e33b878d806aaf0d36e768f33407c74a5094d28df26
1000. a09af7559ece9e43da3988f4d5622c1683f655d5cb3048895d30cd93038a6814
1001.  
1002. http://www.wujingwei.com/yis24.com/NH0/
1003. http://g6connecti.com.br/wp-admin/PWh/
1004. https://wdss.top/qvjrgdk/zoCT/
1005. https://nikisae99.com/wp-content/1KB/
1006. http://visa.org.ua/wp-content/Z9vF/
1007.  
1008. Creation Time 2019-03-14 09:03:00 (DOC Based - ENG - 365 Blue Box)
1009. SHA256:
1010. 36eb851688c4d08e8e913010a08ae48647d9f414f66e52227dbb1aeedf5420ed
1011. 7ac8aca9b6b8a0eb21ce982f78784a39c29552663e278570951b0aa52dc491f9
1012. 3d6f9d448cf807a6ead21e2ecc9eb419d99222af0fc1c5a4d051857cdf34f189
1013. cad4e4277dd8b18e158d11a07af396c57c831fbd3bd6dcab61389e1bb602d21a
1014. 4a8b46e4acf204a5c90e278f8cb6cf7c751c0de754991e64182f7788c081d85e
1015. 60ec20a865756d7e13704dc6396fdd487db39763ee8dcdf977f877c8221373a4
1016. 8f1931f7bd6758af6a41b0e553ce691acd035b57f59579f5f38ad4ec55b649d6
1017. 7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698
1018. a84f577a6a828fa6e52967597d0e9c724d84c368a82f0735b327a6299396da54
1019. 55e71b4c09811fe80c49e2ef13f2bbc994ee2a664b19baf0e10b4e05cda923b1
1020. 470f6512e929539ded3d53ca7e2391b194aad516b18afa4dd97ce1dc3f6b344d
1021. f7435edefb20ef0ff2f05f5202b2429bf56a72409b19f316af5dcc844ae5e0b4
1022. bf53b0ad2903506ec0b895ea6370af33e2953413cc9eeac79322438f79d24b81
1023. 81e394ee6932b58a71c825dff60f4f051d211fe7b215777a6217a139de62be04
1024. 71cfcc18effcb5455aed5ad4938de2a2b237c5ad186721bde6a88cf89c09f314
1025. 2e358c3b5c303b1e4202d84d134698aab2d3d51fe6201b8dc183da58a089819b
1026. 863a4fb4d5684efbddaf88be7f43ab72a8bcf58bf868ae4740139b45bfeec6e8
1027. 8b2764644abac68e3c065483f9a20f161109b41580f8a89f1a7f0d99356b7ded
1028. f44eba5083630aaf1b74be5801c80b25617e17b16f91c6d1e0b61918a80cb24e
1029. afc41141baff743549981a8d26c2de01843e31f0bfda03fdafc7e4514012fa88
1030.  
1031. https://smesmedia.com/wp-includes/dk/
1032. https://tribuana-aerospace.com/wp/q2MP/
1033. https://pasioncontinental.com/wp/mGP/
1034. http://shefdomi.com/ihrbuild.com/niL/
1035. http://georgekiser.com/test/Rt/
1036.  
1037. Creation Time 2019-03-13 20:41:00 (DOC Based - ENG - 365 Blue Box)
1038. SHA256:
1039. 3c6f64a5be116d88b759fc3a625da4265353f3a23de5d03faacad67fb58dd4af
1040. f796de28c88f033d69534752ff49bca27ebd200bee01b952935949ac35f281a5
1041. d4289aa9de0d2c6c43c6e6974a683d035a3028d9bc92721523a1812124489640
1042. a0e00bec8ffa0cf7764b060320b11b6d8695f31202160021412b19f1817a5604
1043. 15d409d467034ad2e178a3be9a5cb52145a1bba20e9e9fa6fa1bdfc91179af78
1044. 8c77b90bcec1ccfdca3f73dcc1835ec0b99a6bc07abdd01a89ad8d8274e92db1
1045. debf1ecc7c45e8bac881e02196120c8959248527587a5c3b7b88b3fde7fd1288
1046. 690e114212075dcffa45e897f29e5bbd8228e50e7c5ed18733cea303953bf5bd
1047. d0f8398e793c3f58f92bdfed9d6e35e7efcddb390e12d27da290ae7337baaf73
1048. 2dd867e283fc4339fb8e50e5533a33c54d74a5c7a751f3658d7562776d2d4aba
1049. 1682386b9177d40fc22fd1e61811028efea833647e20bd42aac2f5e35447f5d2
1050. 7aaae27a6312a6d03986087014cebe564c8c4f8cedf4b03732ad286b66985cf1
1051. 7be5fae00a742991167b5c94e8c70fce4386dd1b9edd3809b3b6d6371033ec71
1052. eb3c38dda1056ed44c025d2fe6dfec474763ec1a3c29b53baddf197ccd00d04c
1053. 833985e81022a7cc0ea35d711858fe9b13b177447b6af63797582ec791157534
1054. bb9bfb39636c3697663138308ab99ee659921cbc6b6e87967de380ceb72918ab
1055. 5d9db9fca3f1fa3121d7abdd1d31c6b6d89dbef899d4fdc8c62dd111b23d7f30
1056. 1834e3a7f71294a8d9ed80ecb42f3d267a7e90eda5c3c3ff4114724318dbfe26
1057. 1834e3a7f71294a8d9ed80ecb42f3d267a7e90eda5c3c3ff4114724318dbfe26
1058. 76821dd9e856cdfba038c71c3cf644f08faaf39727a5a72ae11a062433f9409b
1059. 56df2da33e0c69a1e3be5d5e307f1ddbded66836a43b14eb59181ec0629ba7c5
1060. 2ee4992b3d273f10d16c3addeff7f5ff6d7f498f542be2522777680d2eeb0e38
1061. 08550f8cbf40ac692bcc8dc2a92115c24ca1dab8087eff0576e94ac3e2981eaf
1062. 55459e00951738dff222dba5e71e29b2829af68b1419bcfb472279754de86511
1063. daca06f67f177b0e7b659f8c3d954b1ab06f563f2cbda3e1cdababf5e02b796a
1064. 4098d536c359dc63d3120c2e1f64870240860e90893ed61c7c560cb4a91eb734
1065. ad0b0ec3287da293ee568e1ceea2e5650da8f9bf26126b0ab62ca6a9f04011fd
1066. 4980463e2b50f6fd5cfa08c9ff743e5f6878bea3a753f8b992818723baea9642
1067. 0366801927431f9bacb7f9fe7fb45c3060f20640f750b1c930bb6141be205990
1068. 70df1c010f3a153732b9d35608df974b997f0d0ade26a4c0ac10b901507bced2
1069. 0e0f87407e98baf9c5a00a2ef33319ded224cb30c352208cc00972a3931412ec
1070. dc724e42ec75a11bb8303c163323cc54689a0d99950b5a912c7586d1255ae591
1071. 653d04b96f376ee2a1196bd42f741ce2cffb3fb82267a1b84ce8f94a8bf48fb2
1072. 5b336ddbad66d4990622940f95c0468875680ed223eb91da64b8f06787f62880
1073. 68dce955a6bc3d64ef8e4ec0c45fb667a41d01278b4b7f777b3a82f1065c407e
1074. 08aa80a6582dd6738d7afba27bb39ef88b0168d1a7ce656ec02863ca5f9d3474
1075. bb98d6883a5d7169513f3b6016fe927ec6a44d1a5c0b661112175e66e554e719
1076. c8ccd9bccc525a4ee561fcb42daca80c8c4b116579e4bde8197777d416b7e8bb
1077. 1228b439b723a9009e82cce1f7b50d99fc24e09a271d5afca9a758ac9fa4f7f8
1078. 84fe6397446dd37de37f0bbc598764d696cc11215bb0b99e3b01b1f514dc23c2
1079. e8e0725c73c862428d35807060c04fc4100c753f6bedccbee71bf43953e6c90e
1080. 07195b1c470d44d02650b4eddca96698fc79cc91a50f5794cba66ebeb72ffaa8
1081. b05b6104f9cf5885cd0e95d71086b75aa958c95ce56d62f49bc4b9820374acaa
1082. 7b6110adbe805d0d96997256f6f302079a2619542b8fb7e16a35c3f263dd2a98
1083.  
1084. https://www.theblackcadstudio.com/wp-includes/3T/
1085. https://whyepicshop.com/wp-admin/1YD/
1086. https://www.wl-interiors.co.uk/wp-admin/occ/
1087. http://aliyev.org/ldfkbse54k/oX6/
1088. https://interia.co/wp-includes/a4d/
1089.  
1090. ```
1091. #### SHA256s for Epoch 2 Payload EXEs seen on 03/14/19 ####
1092. ```
1093.  
1094. 26b8ca51745aa8ec71181af4279a7464b44366140cd28e116cfddc8bfffc6e93
1095. 4c2344880e0b48de7c328973b70b98defb7348983207fb227d2a7b3626c734b8
1096. 74d055b9e5c3bc88596a4cbca37402a93cb900c046c82464c6abe8aeb75dc2d5
1097. f7af8930bc835bb12412be7948f257fc247a939cb5a436f19530c6e0e416b2fb
1098. 88f54013db739b6e601821986a5c6cb2f0b4c36eec7259642f50a55b966fe646
1099. 5d512a8cf32ca4e011ce6af313d9be115aeb20fc4e80d48195f2216db9c03577
1100. 91feded3f71e9e6d929481579da8f2268717351728e1efe10b7d0e657249dee4
1101. 1d13e85e7ccc79e0101b115cc5f1e1444428c0a99df06427e69b846282c106eb
1102. 745b3f844eeafe9a67162dc78f4d6320c233427941eb17b4e42956c285ea2e2e
1103. 2884899ca06a447b6998f9bbf1798e768376f8c8816fe1aaeb9a3d435c6a46b0
1104. 2f887dd7e01e16269442428f5d6d0941b32c8c4d1cc58338a0c575b03ce162e7
1105. f5a4db3915899085c0b167214b4db2155db1a7a7829b95865dbfc8f62acaeb19
1106. 0db26ce8427840ee2f48baeeaf73e119ba471c398194ab4c7dafd80d1af8b4f0
1107. fc797d1a2418425467e658a6cc509b90e209e522a159cf06c0a1d746c70c0077
1108. d10f0495573867205bc8fcf2913a4cd47c4c92ca0381949978aedd8a91e7fc36
1109. 69dc68fb562627d250e78a5b3e8b811512458b4f3d41eb17a91ab6abb85c52f5
1110. 493544cf6ef9cb84853b8b69d8c45e0e3fe74695fd71b6468f4ddd74b4b69395
1111. faef6d174c3583a087746ce14c2c79a45110120d8042be9f3edc321dd6928ded
1112. 1e44c1acda69523aabdb75b22c3c67a138f5343366c6241062e3ee5a44d9c158
1113. f148d054d661d9925fc621ff60604e455eb8ea1ec6efdf5e6071cf8e3de25d91
1114. 359a236e7aacf6c4ef2ee11cf625b6f3cae148b31f6bc7b53c88ecdd13680483
1115. 7e3195e46ef36afa15f08e6263734ee06fd335f3caf824a81564e3ba4747f8db
1116. 3ee6ed04bb5f7e3e3c913575306429525a0f654335d747688ccd7139e740efd6
1117. cc2738184543217e41e8bb9031ce07d6a634cfe675c8813b78cf350b19f5f2e7
1118. 54f84264971e19560ac5c98e6898295042465b2c854945d86b7bb0fdcc7573ab
1119. 4baa06b4c3c75c623431989780a6d6d6023a2d0b1c20799f934d902e2e8be6d8
1120. e67ba63a5cf54f33a6e8893eab2277b23538a5b33c6924e414a0d8eba3396fb5
1121. 5ce9200f1385999b8193f7993c9a4418b34dad851bf20b47bec649d13096cca2
1122. 263b15bf420a570e75f76439df22b591fd8e16914fe671371d7b98cd667781df
1123. bd236d5179242c359dda63d838e47a917ab5cde2da9a48f3aa96f761adf601f5
1124. 680b60af276d8d35a0452e14a760ab26c6add9bcb58fe2bb026ab94e8ddae198
1125. 11d14e11570ebaa756b4083a58a336e0489eec1703012534096131836b4e0519
1126. 50efa3e7ffdb398e3af40b581b46a6190abeef3eca61ccc9c7df7bdef626b7aa
1127. c6311de17cc62a48b391fb0638cd411b0b328139693c2c3437e17fffdb13bbef
1128. 3334aff96db45f698b00be54cc7d07ee37ad9ed21b35c0c4727b92003cd6e70d
1129. 3d0e256fa1027c0eef53f345609be37cec1c9745c432b2ddee47972773e68dd0
1130. b38f37482a4f7e2eafb35df299cc79f2261e2cb29ce94c726db2ed873aec5755
1131. c1d4159650bffcf5210309ef9b9cb6188da372fae46cc1a447ae3b6a4de7bf13
1132. 2bf2b5ea4ea8c6e9f611d614c26dfbca28548ddaf6b4a196c07c844a17c944e6
1133. 40c2e1cc9a29685d572a869dd62338ce872cfeb4980d2e7ae246d9e0d9b6e4ee
1134. 790080870ee232ecb556e58ff19e2277b5e8e0275541e62079544111d76b9d79
1135. 4eee4aa4630ae75793f4b6cb3f06d0045288ed7468d2925970bd687c61650cc7
1136. 0a15a00a5b5fa7f0e832def0744516d917b48cd14778eea896c2a1f06d2b9621
1137. bca0259a18b10afb354889d25e272272573750e191fb070362092b83093789dd
1138. 441373b506a70c44fb9b962fae196dd6f7bd25ae8365474b99dabd5c5b8a6318
1139. 4d7ef094f29a1b276d3be868913f36e3a60135c5ae76c535881d35532bcc3778
1140. 7296dc6bb3bf63a81bee616166ecfaa9a044ef41bf6fb4d277261ce4626a4d92
1141. 1c0c875fe89d9498bbb0f5017fa29cbbdeb0862ea5b459aa84e96e5cd04a4fdd
1142. 310e824d0fc7b1fbdcb5c6d7c73ecf27e76c81207ba6c890213fe4a31add73b4
1143. 8c114f46da5378542d0eb92434465cf9bf50801370c27ce3beaf0099f2cbf4e1
1144. 09ee74e794f6bc25f4fc612cc25f83c396f7bdc93dad8b713296b6c444118a90
1145. b9277328e9263c6b5203d4e4ed88470ff694919af1bf2ae18d786e7bc34db161
1146. 582c7b4880dee7268dcfb1171e84bd63dac1eab41a4553b8be09d01103202a61
1147. c5df0bb3c0ea5d0d9b5d71f7e94b84af8778e694c7786a338089c80819c49b1b
1148. e4dff58dfc88abe7fac1250fe36bb51c00bf2676e41c4a5b294e2da3c50f6998
1149. c2462b89d0ac5b0dd4a741dcc69493b1001d0e674fd1928e69020806a9700034
1150. 54b72327070ac5b2034cb14629a5dce4138763086872a637a1186226e5f5bdcf
1151. 5ccff6a776df70f3db4e0eda7b5bc05f9602dee9d836b279752f1fbce2964670
1152. d0ccf47dfc364a1ecc44887568d71dc0f309b96b253158e1929eff7b56056456
1153. 2a2471851e1127875a92bb66f65dd00c41571662fc7250e6a74c66c8296fa643
1154. c717b0aa3df38736937ceb44765fb880c86c4c10bcc43339f9f6449c120c0a56
1155. 940afa85e5da60701019a8d71f4d85b5338548bbef6a6db2b6c16ad0f8651f7c
1156. 70a12d0d7bb00f878556915a7fc266698f5cc87d3625ac19682f018aabd8050c
1157. 9056d3e465fcc6f14163e1a5d90e61fbd5255b4af69dff290ef8142783a30bac
1158. 5afea574d14ca4e811230d27e70e570f70d2aa392ab88593eb389fe2e6981647
1159. 1dade85a30542adb07e686182ef50a654a4961ea4645bdf5086397fee655a5e7
1160. 002126fbba172e396555d57d34903ac572c12c70a9f55c09cd85334306d91fb2
1161. c15be020a73c9a655c49fdde613a8056729a7afbf13fde1d509d2b15ab9ca954
1162. 10ea8ad5be30351e201a85fc408e0446a559f00e0d356c34550f0cc189341e1b
1163. eb5e02c68aa470f22900fe1051907a3674f6da6e9be7ebb9792f924056dd8386
1164. 952548526257c23e4092480170fb70e9158e6be85e3e8bb6f2cedcef14757f02
1165. 20397e555a216e08f40c2b5f5ea074fca77d61a0ab2807115ce5701d6d436ae3
1166. bf301895350bac4b2e0ef38955637782b49d77e1eb12e06f6e3f4d781512f313
1167. 8bae23db6c65d5491f378080582bbc9f92231f13e4d390cf6bb545740bbbe205
1168. 0daa1c2e8bf230ff66869bcc1f6a781a7809ea5e6ab8bcf736a3fb84cd64336e
1169. 80c9feace63d279100ce511b343f0f5903f772610fdd04debd855011cbdfbef0
1170. 41a4b259b7eea97003af926184d91ae5bb243157c91758bd8240adad6fc5043f
1171. 8c06893c91ffd97b69d7f2fda1ad3e53eee0c9e4f71d2013f28c2fd9481e1bac
1172. a2269ea055a7ea6dfc5065b6f69854b9702d94d97af43f8c2c50342f9cf62195
1173. 89de28661560a1886ca0a2073ea40dc29ab0e5f5a39bf01d33a239ebbf3dd5ac
1174. d216233e221ea4feca1e63efa0f6aee086644dd1cbb720e4a4e2638a3b325472
1175. bf96688fdfe86355343cd8cf0fdab6e6563d23ad3bde584c4437e48d3c12434c
1176. 7db3dab503f55572b8b336076d7a17a57cdd27f7efce578f2e334161679cd9f0
1177. 0fa5840ef17ce9b9ce5aa1c19c6be1acbf7b8eae99598f842903d281583936d3
1178. a6440113028bcf03e1b3157bb94e46a0d91621ac802e39f12230dab0e5ef2297
1179. 6ae942fadb3492cde97ef4f9dbf08ab6faee6602de4f0fe1771413691717ed6d
1180. 78493aa7c5e4723ebeb6bc77804d23ccc5ea1d5129f39a03170f9e4ad6f703c2
1181. cf0e66b4c6344c94f0170839ba7ac22e48df06b1251bd1085acbc9fde6514d82
1182. dd548ecec987eb64c9bd20f31f7af016f080a8a4ce209549ac2780a35d973908
1183. 7f48cbc0a3e02e6b3e02add99b9f5c18015441da29aa8dc16b51f6d6cdceaf76
1184. 5a937b9ac2acbab25dce44068e1576a8803f86e04a65d28c9dbe9849479901c4
1185. 2ab99f8fd69ddc469a3b7d473fcc7459f5205a1db88f04683f1a9a7766a953bf
1186. 0d29f7f4fa52853bd5059a9c421c84a0638e0548086c60d90a07db9ec78fa52b
1187. 6bdc24e113ebb4ee8d670236df07c677dc1e5fea9cfe53aae19af5050e40b578
1188. 2118e3813ccca10e5efa4b3615ee31227f94637f68fb044959f00f0b0e6efc01
1189. 3e20886f4b3ab4e650f32aa2efdb3e8a6cb59945a3936de36d36e2eb8536ab64
1190. 2a557afe0f6fcc1737658ce8bfeb96eee9420c3d6be1d0468823ce63db742e51
1191. ce4ad0d11e8b6a900fcdf57d4d107fcac521680de4a2a52e244195deda671e18
1192. e06ff8ceec3345ce209e89224d5f9f005ef81c5f3354ff57307154e0acc836de
1193. a8fece97c6ad2c890bd9a3451f66f9bbb609836c599d074b88cc44357db868f3
1194. c324d916167e5baa999d8b9201794ad447267884a658d76a3df54886e8debcce
1195. 48e674eccdcd51c22754aa39fac7d8e7d4e9000ecbf996e8f243b591954b6ecc
1196. 012e1d36884b190c7a313cec027114189c5315ca869c5b87e32f20a2552ce572
1197. 70e651b3b3d1ce0d07068dc10b5cbe28ff2c8126c1b7d23dc5483e43e0bd9280
1198. e09e8e7bc571dcbef05dce441a7d0fb0fad125d7086a80221b49f676c44fb0fa
1199. 8aa9fa4f535f93212aeef8d6eb30a986dfd995e2748cf23fa6a6b3a124dc320d
1200. da84624703ab3bbb68de1e4728a06c9205175fbac7480db45d0cce02f0b33358
1201. 1f4fe003474a934dfb368d4d55e03e7132bce6e6e40c9413fcd922810139b6ac
1202. 01d7771d458ee4a476486ad9093a613e2a547386b5e43ed6e3651324ee85a103
1203. ef1301bf0b5abd7dbd6e6d7fb9f8069c570e5262958ab9a49408c30a035442e7
1204. 774ed85e5246fb8bff22624e7be039edf96198541a5248c49a7cec6a77eed801
1205. 3a77906f89902af7c639ee060ead1dc4a8e0f6659cc4d96d17fe3a13ac91ea18
1206. 8d1aee8268ab3ec21099ce579b9d390dd7432567de8586af9c519fde025a7bbe
1207. 69b7a3ba8bab4bb4d6acc92ea64e24d9e6978ef48b8fc25827be828718546eca
1208. cf516dc0892e8ac2b2d03524c9c358cc8b1256ef3454ce5df260311414741a4c
1209. 732c5676581ea47ff9257da4ffec222b48468c7d47ebf94014e879da11299c58
1210. 3e9656446cf6bfb91bc55a8e9900430f7734b9b88e485e193bcc9693dd9d00e3
1211. 26a5d1b481460ec29e5ec54836a6288300b9eb89a166af25a4a3f907841044b3
1212. 7d13a5490d47ec13ffaad274e809ab9c44771b1d6991931fe45dfabb4f2cf841
1213. 6a093d0323480ff40d5dc33fb63eace538dad05ab4f4464a3402ae20b4b27425
1214. d4f18a004435158f6ec253ffb05c3fdafe8c52558b14e24eec40c8388d3a7aed
1215. d8009c2f99a61687205ce28dbf366f5cbbd7efaf8b90be6d0cdf80101083e54a
1216. 0f61068d8970c6745256f3dfb0512acbf7cd9920238ee0d764e5c3d5e750a8aa
1217. 3f36805b076728b1f799b0e2714cf0f839a6d50a3a8b83720dc9abbb834ebe66
1218. c48815718db25607d95341a3890e2cdc3f1fa07f16c010447119e5586cb9da31
1219. 88772728d739e01cb70234550ee5bda32bd99de57b248ccb58aa680078281ee6
1220. 1c0a72cb35d59687ccbe1eb987538fdb54300fd9268f2b2731e7fb7b19feb63e
1221. 956a64b3fca925c4ee31079cfc7f9481c11acbdf1412772fefb7108841f8810c
1222. 185942fc55aa9fa99b553426a324e36a57e32a3dc530ad8523961654b01ef7c1
1223. c5a49f565424f532192e9b3b007c05fa7f5e1201e81ad46a792261e8464380c6
1224. 2943ab69ba6a140f3b38360601cdfbe8b6577316743801b50437a5e378b8014d
1225. 6cb1a0a1bfe3544de8602c0bf14a34ad051b643bdc5559e61fe28ac4e2ba6f6f
1226. ae1a1ca14cd74bff461fffe8cf17a5371df8937cd8b13bdcb7ece1c61913421c
1227. f251d5b1372d7cdf52a0cdbe4e0723e11055e1843c574ffa2f5ac490c7f29346
1228. 13b31a115a0fb2f4048483b20e1aee4376d9d64371375913dcc165ec80069ae0
1229. daf9bcfa069de7e37ba322c119ea54f44ac33f25f5d1d418cbb70a93f1b81190
1230. c00a323a3afe63541b8d51d2c93e019c3b03a37625e06b7e849dcd4768a8f2e0
1231. bd0131e7be8f79a014a2b4e12557884465e4c57d6939c3279acc02a43cfc44e5
1232. d6c7339167655af988425a72a41b8a64d3b864c71610fc46cf5248b4fd7b6e6a
1233. 640d43358c816f9fb3f18b588dbe0c89625f84f3688ec34fb6085649e8c42326
1234. 0f289160ecad13546756c2ca6978bef686e1512494c795a666897b1165ff3c84
1235. 51ba6dc5b7b6e43befa8af3632855d5b046cd491874eec72ad0a28f390be6034
1236. c1843642f8de1bc5e17528c1772ffb499c4ca687e8d8cb3a96b13186855f2f4a
1237. 3d8dcc6b63bb354977b86cdd7e7063696eb19f5ed4754766433042d543a30952
1238. bb8b1b0bfe1a7e490a68e6a5efaae5d4d599ced3df6686de3b4bfe8d5671c0c9
1239. 43b914ad6ca5c855edb4960a200dd2d36e20e03d65c412bc8ab91ddc12d4cccd
1240. 0ed0bfbf99797e16ac9a608062338167313a27254118a5e187e20eb6ce5c9a7b
1241. 820539873f692489c469835ca41bff712ffa69799940f60c30e62550687f2858
1242.  
1243. ```
1244. #### Epoch 1 C2s ####
1245. ```
1246.  
1247. 109.104.79.48:8080
1248. 109.73.52.242:8080
1249. 138.68.139.199:443
1250. 139.59.19.157:80
1251. 144.76.117.247:8080
1252. 152.171.65.137:8090
1253. 159.65.76.245:443
1254. 165.227.213.173:8080
1255. 173.248.147.186:80
1256. 173.94.53.3:8080
1257. 178.78.64.80:8443
1258. 181.16.4.180:80
1259. 181.228.211.100:443
1260. 181.29.214.233:8080
1261. 181.40.122.122:8080
1262. 181.56.165.97:53
1263. 181.61.221.146:80
1264. 185.86.148.222:8080
1265. 186.137.133.132:8080
1266. 186.138.205.189:80
1267. 186.3.188.74:80
1268. 187.207.188.248:443
1269. 189.208.239.98:443
1270. 190.117.206.153:443
1271. 190.146.214.85:80
1272. 190.146.86.180:443
1273. 190.15.198.47:80
1274. 190.210.3.93:443
1275. 192.155.90.90:7080
1276. 192.163.199.254:8080
1277. 208.180.246.147:80
1278. 209.159.244.240:443
1279. 210.2.86.72:8080
1280. 213.107.110.253:143
1281. 219.94.254.93:8080
1282. 23.254.203.51:8080
1283. 5.9.128.163:8080
1284. 50.246.45.249:7080
1285. 51.255.50.164:8080
1286. 66.209.69.165:443
1287. 69.163.33.82:8080
1288. 70.184.97.144:8443
1289. 70.28.22.105:8090
1290. 70.28.3.120:7080
1291. 71.11.157.249:80
1292. 72.47.248.48:8080
1293. 82.78.228.57:443
1294. 89.211.193.18:80
1295. 91.205.215.57:7080
1296. 92.48.118.27:8080
1297.  
1298. ```
1299. #### Spam/Stealer C2s ####
1300. ```
1301.  
1302. 104.236.185.25:8080
1303. 181.168.129.146:80
1304. 189.159.195.202:995
1305. 190.147.23.76:80
1306. 47.180.177.96:80
1307. 50.116.63.9:7080
1308. 70.44.163.160:443
1309. 73.14.76.77:20
1310. 81.168.92.58:443
1311.  
1312. ```
1313. #### Current Epoch 1 RSA Public Key ####
1314. ```
1315.  
1316. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1317.  
1318. ```
1319. #### Epoch 2 C2s ####
1320. ```
1321.  
1322. 108.188.116.179:80
1323. 133.242.156.30:7080
1324. 138.201.140.110:8080
1325. 147.135.210.39:8080
1326. 167.114.210.191:8080
1327. 173.255.196.209:8080
1328. 173.255.250.241:443
1329. 178.62.37.188:443
1330. 181.57.193.10:80
1331. 185.94.252.3:443
1332. 186.113.255.229:22
1333. 186.4.234.27:443
1334. 187.142.0.234:22
1335. 187.189.195.208:8443
1336. 187.209.46.240:21
1337. 187.233.152.78:443
1338. 190.97.219.241:80
1339. 200.113.185.229:8080
1340. 200.50.185.54:80
1341. 201.220.152.101:80
1342. 201.239.154.191:443
1343. 203.143.86.111:8080
1344. 208.78.100.202:8080
1345. 213.191.168.93:80
1346. 217.13.106.160:7080
1347. 24.243.101.134:80
1348. 41.220.119.246:80
1349. 45.123.3.54:443
1350. 45.33.49.124:443
1351. 45.36.20.17:8443
1352. 5.230.147.179:8080
1353. 50.31.0.160:8080
1354. 50.80.248.108:443
1355. 58.171.215.214:8080
1356. 59.103.164.174:80
1357. 62.151.17.5:8090
1358. 62.75.187.192:8080
1359. 64.13.225.150:8080
1360. 64.46.91.165:80
1361. 64.9.43.60:8080
1362. 67.205.149.117:443
1363. 67.209.208.130:8443
1364. 67.248.56.82:22
1365. 69.198.17.7:8080
1366. 70.57.82.196:80
1367. 76.168.149.66:8080
1368. 78.188.105.159:21
1369. 80.115.91.222:443
1370. 83.222.124.62:8080
1371. 85.104.59.244:20
1372. 86.239.117.57:8090
1373. 87.106.139.101:8080
1374. 87.106.210.123:80
1375. 94.76.200.114:8080
1376.  
1377. ```
1378. #### Epoch 2 - Spam/Stealer C2s ####
1379. ```
1380.  
1381. 183.82.123.254:80
1382. 198.58.114.91:4143
1383. 213.136.86.219:7080
1384. 37.209.252.79:80
1385. 64.228.72.40:8090
1386. 67.202.178.142:443
1387. 78.149.210.211:22
1388.  
1389. ```
1390. #### Current Epoch 2 RSA Public Key ####
1391. ```
1392.  
1393. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1394.  
1395. ```
1396. #### Credits and Notes Section ####
1397. ```
1398. Updated 7/13/18
1399. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
1400. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1401. https://pastebin.com/u/jroosen
1402.  
1403. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1404. I am providing them for your benefit in case you want to parse them to be sure.
1405.  
1406. ```
1407. #### What is Epoch 1 and Epoch 2? ####
1408. ```
1409.  
1410. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
1411.  
1412. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
1413. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
1414. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
1415. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
1416. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
1417. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
1418. time period.
1419. Here are some observations I have noted since I have been watching these botnets:
1420.  
1421. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
1422. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
1423. being delivered in maldocs on Epoch 2 at any one time.
1424. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1425. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1426. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
1427. Monday morning/Sunday night.
1428. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
1429. Epoch 2 may have a document hosted on host.tld/B.
1430. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
1431. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1432. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
1433. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1434. - C2s are never shared between Epochs/Botnets.
1435. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
1436. via C2 to stay ahead of AV defs.
1437. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1438. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1439. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
1440. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
1441. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
1442. spam template, word template, document type and even payload.
1443.  
1444. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1445.  
1446. ```
1447. #### Community Lists ####
1448. ```
1449. https://pastebin.com/S093mxcv - @ps66uk
1450. https://pastebin.com/7EadunCz - @pollo290987
1451. https://pastebin.com/NBFVyT31 - @executemalware
1452. https://otx.alienvault.com/pulse/5c8aba971f158a1966aec5ef/ - @SecSome
1453.  
1454. ```
1455. #### Credits ####
1456. ```
1457. (OC from @JRoosen and/or combination work of the following)
1458.  
1459. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
1460. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42,
1461. @papa_anniekey, @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
1462.  
1463. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
1464. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial
1465.  
1466. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
1467. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
1468. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman
1469.  
1470. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1471.  
1472. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
1473. helping out with this!
1474.  
1475. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1476. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch, @urlscanio
1477. and @Virustotal for providing services/software no charge to this cause!
1478.  
1479. ```
1480. #### Daily Log ####
1481. ```
1482.  
1483. Short on time today so quick notes.
1484.  
1485. C2s changed for E1 but stayed at 50 combos in total. - recorded above
1486. C2s changed for E2 and decreased from 57 combos to 54 total. - recorded above
1487.  
1488. Still out of time lately. Will do a better update tomorrow.
1489.  
1490. ```
1491. #### Sandbox 03/14/19 ####
1492. (all with fakenet and MITM unless spam/secondary infection)
1493. ```
1494.  
1495. Epoch 1 C2 run on 2019-03-15 at 06:45 UTC - https://cape.contextis.com/analysis/48660/
1496.  
1497. ```
1498.  
1499. ```
1500.  
1501. Epoch 2 C2 run on 2019-03-15 at 06:45 UTC - https://cape.contextis.com/analysis/48661/
1502.  
1503.  
1504. ```