SHARE
TWEET

Emotet Malware IoCs 2019/03/14

jroosen Mar 15th, 2019 567 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. ## Emotet Malware Document links/IOCs for 03/14/19 as of 03/15/19 03:00 EDT ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 03/14/19 ####
  5. ```
  6.  
  7. http://109.97.216.141/@eaDir/sec.accs.send.com/
  8. http://122.180.29.167/landx-test/wp-content/sec.myacc.send.net/
  9. http://13.127.68.11/newstoot/verif.myaccount.resourses.net/
  10. http://13.127.80.82/ClvW8ZSqo0icX_OiB6Mv8/trust.myacc.send.com/
  11. http://132.145.153.89/trust.accs.send.net/verif.myaccount.docs.biz/
  12. http://140.143.240.91/yfwta7q/sec.accounts.docs.net/
  13. http://142.93.56.178/wp-includes/company/RD/Operations/EcsH-wrV6b_nCPVA-uI/
  14. http://159.203.191.166/wp-admin/secure.accounts.docs.net/
  15. http://167.99.197.172/utou2km/sendincencrypt/service/Nachprufung/de_DE/201903/
  16. http://211.159.168.108/wp-content/Telekom/Rechnung/022019/
  17. http://222.106.217.37/wordpress/trust.myacc.resourses.com/
  18. http://34.73.24.125/wp-admin/secure.myaccount.resourses.biz/
  19. http://35.226.136.239/US_us/verif.myacc.send.net/
  20. http://3gksa.com/temp/sec.myacc.docs.net/
  21. http://78.207.210.11/@eaDir/secure.myacc.resourses.com/
  22. http://94.191.48.164/hf9tasw/verif.accounts.send.net/
  23. http://95.177.143.55/wp-content/trust.accs.resourses.com/
  24. http://agtrade.hu/images/trust.myacc.resourses.com/
  25. http://almutanafisoon.com/42mldks/sec.myacc.send.net/
  26. http://amlak20.com/wp-includes/secure.myacc.send.net/
  27. http://anorimoi.com/wp-includes/sec.accs.send.com/
  28. http://apollo360group.com/5dcipv1/trust.myaccount.send.com/
  29. http://ayodhyatrade.com/ww4w/verif.myacc.send.net/
  30. http://barbieblackmore.com/wp-includes/secure.accounts.resourses.net/
  31. http://bashheal.com/eymakax/sec.myacc.docs.com/
  32. http://bis80.com/mwqw190/secure.myacc.docs.com/
  33. http://bluehost.tv/testbunder2.com/verif.myaccount.send.biz/
  34. http://cedrocapital.xvision.co/vckej2kgj/secure.accs.docs.biz/
  35. http://chigusa-yukiko.com/blog/trust.accounts.docs.net/
  36. http://crawsrus.com/css/sendincsec/support/sich/DE/03-2019/
  37. http://cskhhungthinh.com/wp-content/sendinc/messages/question/En_en/03-2019/
  38. http://cyzic.co.kr/widgets/trust.myacc.resourses.com/
  39. http://decospirit.com/sec.myaccount.docs.biz/
  40. http://desite.gr/rglxp-2s4lh-ytetxsc/secure.accounts.send.net/
  41. http://disal-group.kz/cacheec916813e9047d94e78f6564a70a635a/sec.myaccount.resourses.biz/
  42. http://dkw-engineering.net/purchase_order_2018/verif.myaccount.resourses.biz/
  43. http://ecofreshmarket.com/wp-admin/trust.accs.resourses.net/
  44. http://emseenerji.com/wp-content/sec.myacc.resourses.com/
  45. http://eventpho.com/wp-content/sendinc/legale/nachpr/DE/03-2019/
  46. http://filfak-online.su/wp-content/uploads/trust.myacc.docs.biz/
  47. http://firemode.com.br/1021blindagens/wp-admin/sec.accounts.resourses.biz/
  48. http://firstmnd.com/wp/wp-content/verif.accounts.send.com/
  49. http://fondtomafound.org/wvvw/Telekom/Rechnung/022019/
  50. http://frankcahill.com/wp-admin/Intuit/llc/Redebit_Transactions/jadCs-eSSV_UTVcl-h4/
  51. http://freezard.com.do/enjoya/trust.myacc.send.biz/
  52. http://g20digital.com.br/SN/verif.accs.docs.com/
  53. http://gcslimited.ie/wp-includes/js/tinymce/plugins/wpemoji/Telekom/Transaktion/02_19/
  54. http://generalwebmayhem.com/2k11/sec.accounts.docs.biz/
  55. http://geologia.geoss.pt/wp-content/verif.accs.resourses.net/
  56. http://getdripfit.com/wp-content/sendincsecure/nachrichten/sich/De_de/03-2019/
  57. http://glampig.com/projectx/Telekom/RechnungOnline/02_19/
  58. http://gruporc.com.br/imagens/Intuit_US_CA/document/Redebit_Transactions/Redebit_op/eNHUB-zaH_kxleMk-mG8r/
  59. http://grupoweb.cl/wp-admin/secure.myaccount.docs.net/
  60. http://gvpmacademy.co.za/css/sec.myaccount.send.net/
  61. http://healthwiseonline.com.au/wp-admin/Intuit_US_CA/doc/RDEB/MIJa-L5fyv_pfF-O3c/
  62. http://hepsiburadasilivri.com/wmxm8d7/secure.accounts.resourses.net/
  63. http://himappa.feb.unpad.ac.id/images/trust.accs.docs.com/
  64. http://hitme.ga/cgi-bin/secure.myaccount.docs.biz/
  65. http://hostech.com.br/img/verif.myacc.send.com/
  66. http://hubcelab.in/zga0bip/secure.accounts.resourses.com/
  67. http://hyperbaricthailand.com/wp-content/uploads/sendincsec/nachrichten/Nachprufung/DE_de/03-2019/
  68. http://i-genre.com/wp-admin/trust.accounts.docs.com/
  69. http://ineteam.com/lalineacity/trust.accounts.resourses.biz/
  70. http://informacjezkraju.pl/zoh1cdr/verif.accounts.docs.net/
  71. http://instituthypnos.com/1sxuh6w/trust.accs.docs.com/
  72. http://irismal.com/ecsmFileTransfer/trust.accounts.docs.com/
  73. http://jensnet.se/wp-admin/Intuit_EN/scan/Redebit_op/9889612330/dDOc-eFj_Jupye-Ck/
  74. http://jerryshomes.com/vendor/US_CA/info/RD/UifUK-Z38jO_YZRyw-LWk/
  75. http://jimrigby.com/FM/secure.myacc.send.biz/
  76. http://jjcole.com/wp-admin/trust.accounts.resourses.biz/
  77. http://jmduarte.com/wp-admin/trust.myaccount.docs.biz/
  78. http://jornaldofontes.com.br/cgi-bin/trust.accs.docs.net/
  79. http://jpmtech.com/css/trust.myaccount.resourses.biz/
  80. http://jsya.co.kr/@eaDir/trust.myacc.send.biz/
  81. http://judygs.com/there/secure.myaccount.resourses.net/
  82. http://junctioneight.com/resume/verif.myaccount.resourses.net/
  83. http://jycingenieria.cl/images/trust.myacc.resourses.biz/
  84. http://kamir.es/controllers/trust.myaccount.resourses.biz/
  85. http://kannada.awgp.org/wp-content/uploads/secure.accs.send.net/
  86. http://kaoudenaarde.be/mail/secure.myacc.send.biz/
  87. http://karakhan.eu/grav/secure.myaccount.resourses.com/
  88. http://kelp4less.com/wp-includes/trust.myaccount.resourses.net/
  89. http://khachsanrevungtau.com/f7wmgnw/trust.myacc.resourses.com/
  90. http://korneragro.com.ua/wp-admin/secure.myaccount.resourses.biz/
  91. http://ksafety.it/awstats-icon/verif.myacc.docs.com/
  92. http://lab5.hu/wp-content/sec.myaccount.resourses.com/
  93. http://lala.si/wp-admin/sec.accounts.docs.com/
  94. http://larissapharma.com/fobn/secure.accounts.resourses.net/
  95. http://lawsongrafix.com/webdesign/secure.myaccount.resourses.net/
  96. http://lawsongrafix.com/WebDesign/secure.myaccount.resourses.net/
  97. http://liquidigloo.com/scripts/verif.myaccount.docs.net/
  98. http://lisergy.info/images/sec.myacc.send.com/
  99. http://lopxe.itvina.co/wp-content/uploads/secure.myacc.docs.net/
  100. http://lswssoftware.co.uk/Accounts/secure.accounts.docs.net/
  101. http://luisromero.es/cafe/verif.myacc.send.biz/
  102. http://macssnow.com/downloads/verif.myaccount.resourses.com/
  103. http://makrohayat.com/wp-admin/secure.myacc.resourses.net/
  104. http://manaku.com/images/trust.accs.resourses.net/
  105. http://mangaml.com/jdownloader/scripts/pyload_stop/trust.myacc.resourses.net/
  106. http://maravilhapremoldados.com.br/imagens/trust.accounts.docs.com/
  107. http://marcojan.nl/webshop/trust.myacc.docs.net/
  108. http://mezzemedia.com.au/En/sec.accs.resourses.net/
  109. http://mireiatorrent.com/wp-includes/secure.myaccount.resourses.com/
  110. http://mistcinemas.com/cgi-bin/sec.accs.send.net/
  111. http://mistransport.pl/sass/verif.myacc.send.biz/
  112. http://mj-web.dk/administrator/verif.accs.resourses.biz/
  113. http://nealhunterhyde.com/HappyWellBe/trust.accs.send.com/
  114. http://netcom-soft.com/eng/secure.accs.docs.net/
  115. http://nexusinfor.com/img/sec.accounts.resourses.net/
  116. http://nitech.mu/Scripts/trust.accs.send.net/
  117. http://pefi.sjtu.edu.cn/wp-content/Intuit/llc/RD/Operations/8060122705/HCnO-Wf_PTUH-2q/
  118. http://pefi.sjtu.edu.cn/wp-content/verif.accounts.docs.com/
  119. http://pji.co.id/iug1iha/sec.accs.send.com/
  120. http://pufferfiz.net/spikyfishgames/sec.myaccount.send.com/
  121. http://sidtest.site/cgi-bin/verif.myacc.docs.biz/
  122. http://sinding.org/cgi-bin/secure.accounts.resourses.net/
  123. http://smartchoice.com.vn/data/sendincsecure/support/sec/En_en/201903/
  124. http://sobyso.vn/wp-admin/secure.accounts.send.com/
  125. http://soil-stabilization.ir/wp-admin/sec.myacc.docs.com/
  126. http://somossostenibles.pe/wp-content/trust.myacc.docs.biz/
  127. http://studyosahra.com/css/secure.myaccount.resourses.com/
  128. http://sunkids.dp.ua/wp-admin/secure.accs.docs.com/
  129. http://tech99.info/wp-admin/verif.myaccount.send.com/
  130. http://teknotown.com/wp-admin/secure.accs.resourses.net/
  131. http://ten.fte.rmuti.ac.th/wp-content/verif.myaccount.resourses.biz/
  132. http://test-lab55.ru/wp-content/Telekom/Transaktion/022019/
  133. http://textilkopruch.com.br/wp-includes/sec.myaccount.send.net/
  134. http://thetourland.com/wordpress/sec.accs.docs.biz/
  135. http://thewatchtrend.com/cf8zrq1/secure.myaccount.docs.com/
  136. http://tokozaina.com/wp-content/trust.myacc.docs.net/
  137. http://toyotahadong5s.com/wp-content/verif.myacc.docs.com/
  138. http://triodance.net/at1uzmh/trust.myacc.send.net/
  139. http://triton.fi/trust.myaccount.resourses.net/
  140. http://tutranquilo.com.co/wp-admin/verif.myaccount.docs.com/
  141. http://tuval-mobilya.com/wp-admin/trust.myaccount.docs.com/
  142. http://umakara.com.ua/icon/sec.accs.docs.biz/
  143. http://v2sk.com/bpvipsg/sendincsecure/service/nachpr/De_de/032019/
  144. http://vetah.net/signature/Telekom/Rechnungen/022019/
  145. http://vitalacessorios.com.br/cgi-bin/sec.myacc.send.biz/
  146. http://voicetoplusms.com/wp-admin/trust.accounts.docs.com/
  147. http://walburg.pl/cache/sendinc/service/sich/DE/2019-03/
  148. http://waverleychauffeurs.com/wp-content/verif.accs.resourses.com/
  149. http://webdemo.mynic.my/school6/Telekom/Rechnung/022019/
  150. http://wessexchemicalfactors.co.uk/css/secure.myaccount.send.net/
  151. http://wpgtxdtgifr.ga/wp-content/secure.accounts.send.com/
  152. http://www.buzztinker.com/wp-content/trust.myaccount.docs.net/
  153. http://www.cbmagency.com/wp-content/trust.accs.docs.com/
  154. http://www.gifftekstil.com/wp-admin/trust.myaccount.resourses.net/
  155. http://www.gym.marvin.tech/wp-content/secure.myaccount.resourses.com/
  156. http://www.heldermachado.com/wp-content/sendincverif/service/nachpr/DE/032019/
  157. http://www.la-reparation-galaxy.fr/wp-admin/Intuit_EN/document/Redebit_operation/faq/346178436/aDTP-Uhktd_wHV-Hr/
  158. http://www.majoristanbul.com/cgi-bin/trust.myacc.send.net/
  159. http://www.nhadatquan2.xyz/wjf85ri/sec.myaccount.send.com/
  160. http://www.urschel-mosaic.com/ajax/verif.myacc.resourses.biz/
  161. http://www.yindushopping.com/wp-admin/verif.accounts.send.com/
  162. http://www.zhanxiantech.com/google_cache/secure.accs.send.com/
  163. http://zendenweb.com/luckw96/verif.myacc.send.com/
  164. http://zoomphoto.ir/thumbnails/verif.myaccount.send.com/
  165. https://apresupuestos.com/cgi-bin/Telekom/Rechnung/022019/
  166. https://arcticbreathcompany.com/wp-includes/verif.myaccount.send.biz/
  167. https://arinidentalcare.com/files/trust.accs.resourses.biz/
  168. https://asociatiaumanism.ro/wp/secure.myaccount.resourses.com/
  169. https://blog.adflyup.com/wp-includes/trust.myacc.docs.net/
  170. https://buyecomponents.com/0sdnhcx/sendincsec/support/nachpr/De/201903/
  171. https://catba.goodtour.vn/wp-content/plugins/adventure-tours-data-types/assets/fonts/Telekom/Rechnungen/022019/
  172. https://eptq.kz/blogs/secure.accs.docs.com/
  173. https://eventpho.com/wp-content/sendinc/legale/nachpr/DE/03-2019/
  174. https://expresstattoosupply.com/wp-content/sendinc/legale/vertrauen/DE/2019-03/
  175. https://firemode.com.br/1021blindagens/wp-admin/sec.accounts.resourses.biz/
  176. https://fk.unud.ac.id/wp-includes/sendincencrypt/support/Frage/de_DE/201903/
  177. https://gazikentim.com/wp-admin/secure.accounts.send.biz/
  178. https://getdripfit.com/wp-content/sendincsecure/nachrichten/sich/De_de/03-2019/
  179. https://gvpmacademy.co.za/css/sec.myaccount.send.net/
  180. https://huskennemerland.nl/wp-content/Intuit_US_CA/llc/Redebit_Transactions/Operations/jWPSM-cjbW_pUb-9kk2/
  181. https://informacjezkraju.pl/zoh1cdr/verif.accounts.docs.net/
  182. https://jerryshomes.com/vendor/US_CA/info/RD/UifUK-Z38jO_YZRyw-LWk/
  183. https://kcxe.net/wp-admin/verif.accs.resourses.biz/
  184. https://ksoncrossfit.com/rylawpc/sec.myaccount.docs.com/
  185. https://liblockchain.org/wp-content/Telekom/RechnungOnline/022019/
  186. https://liquidigloo.com/scripts/verif.myaccount.docs.net/
  187. https://myphamthienthao.com/wp-admin/sec.accs.resourses.net/
  188. https://nhathongminhsp.vn/sendincencrypt/verif.myaccount.send.com/
  189. https://oxyfi.in/mmcv/trust.myaccount.resourses.biz/
  190. https://pefi.sjtu.edu.cn/wp-content/Intuit/llc/RD/Operations/8060122705/HCnO-Wf_PTUH-2q/
  191. https://pefi.sjtu.edu.cn/wp-content/verif.accounts.docs.com/
  192. https://perfectradiouk.torontocast.stream/openb/sec.myacc.send.com/
  193. https://pji.co.id/iug1iha/sec.accs.send.com/
  194. https://qualityansweringservice.com/icon/trust.myacc.docs.biz/
  195. https://slickcoder.com/wp-includes/sendinc/legale/nachpr/DE/03-2019/
  196. https://sobyso.vn/wp-admin/secure.accounts.send.com/
  197. https://somossostenibles.pe/wp-content/trust.myacc.docs.biz/
  198. https://sovintage.vn/wp-admin/verif.accounts.send.net/
  199. https://spirtnoe.org.ua/hf37pan/sec.accounts.send.biz/
  200. https://sredamoney.com/wp-content/trust.myacc.resourses.com/
  201. https://studiomarceloteixeira.com.br/wp-includes/sec.accounts.send.com/
  202. https://sultrax.com.br/wp-includes/verif.myaccount.docs.biz/
  203. https://sundarbonit.com/wp-includes/secure.myaccount.docs.biz/
  204. https://tapchicaythuoc.com/cgi-bin/secure.accs.resourses.com/
  205. https://teacherlinx.com/uploads2/trust.myaccount.docs.com/
  206. https://ten.fte.rmuti.ac.th/wp-content/verif.myaccount.resourses.biz/
  207. https://tnnets.com/qchaxx2/sec.accs.send.net/
  208. https://tokokacaaluminiummurahjakarta.com/cgi-bin/verif.accs.send.net/
  209. https://tokokacaaluminiummurahjakarta.com/cwflfmf/sec.accs.send.biz/
  210. https://tokozaina.com/wp-content/trust.myacc.docs.net/
  211. https://totalbersih.com/wp-includes/sec.myacc.send.net/
  212. https://toyotahadong5s.com/wp-content/verif.myacc.docs.com/
  213. https://transloud.com/wp-admin/sendincsecure/support/vertrauen/De_de/2019-03/
  214. https://triodance.net/at1uzmh/trust.myacc.send.net/
  215. https://tunaucom.us/wp-admin/sec.accounts.docs.biz/
  216. https://uander.com/Javascript/verif.accounts.send.net/
  217. https://vrfantasy.gallery/wp-admin/secure.myacc.docs.net/
  218. https://waverleychauffeurs.com/wp-content/verif.accs.resourses.com/
  219. https://webinar.cloudsds.com/js/trust.accs.resourses.com/
  220. https://worldbestinternetmarketingworkshop.com/wp-includes/sendincsecure/support/vertrauen/DE/032019/
  221. https://www.bollardsolution.com/bin/trust.accounts.send.net/
  222. https://www.esteticabiobel.es/wp-admin/sendincencrypt/legale/nachpr/de_DE/03-2019/
  223. https://www.gokmengok.com/wp-admin/sec.myaccount.send.com/
  224. https://www.heldermachado.com/wp-content/sendincverif/service/nachpr/DE/032019/
  225. https://www.kelaskuliner.com/tyoinvur/sendinc/legale/Frage/De/201903/
  226. https://www.la-reparation-galaxy.fr/wp-admin/Intuit_EN/document/Redebit_operation/faq/346178436/aDTP-Uhktd_wHV-Hr/
  227. https://www.udhaiyamdhall.com/images/trust.myacc.resourses.net/
  228. https://www.voicetoplusms.com/wp-admin/trust.accounts.docs.com/
  229. https://www.xiaojiaoup.cn/wp-includes/secure.accounts.resourses.com/
  230. https://www.zhanxiantech.com/google_cache/secure.accs.send.com/
  231.  
  232. ```
  233. #### Epoch 2 Document/Downloader links seen for 03/14/19 ####
  234. ```
  235.  
  236. http://104.155.134.95/verif.myacc.docs.net/s3uz6-lqqzt5-rnqphv/
  237. http://1080wallpapers.xyz/tvcgyma/uic8-ujxza4-awofezlm/
  238. http://114.115.215.99/wp-includes/6ymw-hzj8t-yziswqr/
  239. http://118.24.9.62:8081/wp-content/6gow-h6cnn2-aabkaz/
  240. http://12pm.strannayaskazka.ru/wp-content/ay2pd-8w3h7o-smomp/
  241. http://13.124.23.174/wp-includes/9sqe-q5ekv-zzaqzzodo/
  242. http://13.209.31.54/wp-content/5aj8-kuztfk-eeiyg/
  243. http://140.143.224.37/fb5sreu/tkiy-msnwm-ocmfz/
  244. http://159.89.31.29/wp-content/bx6n-83qbbx-aejixm/
  245. http://2bebright.net/a4inhdw/frsh-t8vphw-tlhak/
  246. http://35.184.197.183/De_de/c7cjq-0oo748-iwfcs/
  247. http://35.221.147.208/wp-includes/ss740-w5h1jg-tlcz/
  248. http://47.75.114.21:83/wp-includes/l8cs4-3wxc6-hbki/
  249. http://47.91.44.77:8889/wp-includes/i6dw-l2vt2c-wxlad/
  250. http://66.55.80.140/wp-content/6blqn-hrx87-nqlgzrrnv/
  251. http://6connectdev.com/bots/pnlsj-rzti93-sapdcuvq/
  252. http://84.28.185.76/wordpress/lv6rh-4i2k6c-rtnoiuzz/
  253. http://aasinfo.hu/images/euxo-jo6h1u-efos/
  254. http://akashicinsights.com/absolute_abundance_files/1mntv-bjae9-oxdaqbh/
  255. http://allitlab.com/config/8wabt-0430e-razmbs/
  256. http://altifort-smfi.com/wp-content/uploads/1dcrb-2fqwe7-pkhlbrku/
  257. http://altifort-smfi.com/wp-content/uploads/1dcrb-2fqwe7-pkhlbrku/)/
  258. http://annual.fph.tu.ac.th/wp-content/uploads/yuo3-k2nys3-hucb/
  259. http://arendakass.su/wordpress/fq4r-5gkg7w-eejk/
  260. http://assistenzacomputervr.it/wattcalc/less/559c-y2fnnw-dgmcdmg/
  261. http://ayitilevanjil.com/wp-content/sbglcn-5kvu4n-uoyb/
  262. http://barabooseniorhigh.com/En/bly1-g42zf-bsrqkaki/
  263. http://beloa.cl/application/tests/q0ue-2vdud-wuxrgil/
  264. http://bergdale.co.za/wp-admin/jejxy-dzb24-ljqqgzz/
  265. http://bernardlawgroup.com/wp-admin/g51m1-4mdty5-vksht/
  266. http://biederman.net/leslie/7kth-xlspp-zwejfxp/
  267. http://bitbuddybtc.com/btcbetpal.com/8ad91-oltcg9-cbon/
  268. http://blog.almeidaboer.adv.br/vo3mynw/egrs-vh2a03-yhqn/
  269. http://blog.ariamusicstore.com/wp-includes/uz7el4o-41x4lv-ecvvi/
  270. http://bloodybits.com/edwinjefferson.com/lxxiw-nt5b63-hoirtvgsq/
  271. http://brandconscience.in/css/usutk8-aa0ic-kgtlub/
  272. http://buckmoney.xyz/cgi-bin/g0wwk-kjrlcd-yayjxol/
  273. http://campustunisie.info/cgi-bin/zy3r-412rju-zhifdmrdt/
  274. http://canacofactura.com.mx/factura_admin/fx27l-5dqbqv-wppohrnyn/
  275. http://carlosmaneta.pt/29hvno0/4pp8-pvxa3-zletb/
  276. http://carmendaniela.ro/cgi-bin/5wll-3hwdlb-ibytq/
  277. http://catamountcenter.org/cgi-bin/hgcw-r6i4j-qjjctshs/
  278. http://ccontent.pro/psmc9yj/8x6u9-ak8gj-pyywgjplq/
  279. http://ckingdom.church/wp/uc3v-6id4rl-wbrul/
  280. http://click.senate.go.th/wp-content/uploads/2019/5kf9xg-1ew5g4j-ajij/
  281. http://colbydix.com/simpleSiteBack/ty9fr-r5jsv-unllqudn/
  282. http://colbydix.com/simpleSiteBack/ty9fr-r5jsv-unllqudn/)/
  283. http://contabil-sef.creativsoft.md/css/7tj2-xp81h-iosiqna/
  284. http://crabnet.com/admin/ph3mf-471clb-ocgyeqbze/
  285. http://creatoruldevise.ro/img/3skh-pghlwa-lnrd/
  286. http://cybernicity.com/xbmp-1v7a03-kbgng.view/m79j-h4yuz-lqdeuogc/
  287. http://dagda.es/cache/f6u1-m0uwhk-pefhin/
  288. http://dda.co.ir/wp-snapshots/2z98bmn-kbupwz-laaqn/
  289. http://demu.hu/wp-content/upgrade/vf9o-03vfw4-hvll/
  290. http://design.ftsummit.us/wp-includes/ya1w-nhg7bf-ljopsa/
  291. http://dev15.inserito.me/almumtaz2/nkh6-ngcm8q-hxslwk/
  292. http://digitaldarpan.co.in/wp-admin/ew3ipb-qrj30sh-hpavn/
  293. http://digitalprintshop.co.za/kgyhf1s/jg9iil2-dp5he-jixh/
  294. http://dimeco.com.mx/factura/3nb3-hhzecy-ocjpluefz/
  295. http://ditec.com.my/js/ymcc-99rnr-mqcfoc/
  296. http://divacontrol.ro/images/var3-grecla-cfoqykg/
  297. http://dogtrainingtips.me.uk/YAHOO/i1dsjp0-efshv-javen/
  298. http://dotpos.in/fwqkese/l6m9-9v47st-jykp/
  299. http://dqbdesign.com/wp-admin/6qyv4-9tq8s-zzarro/
  300. http://drszamitogep.hu/_BACKUP-20190208-HACKED/mz58-5k5jp-lxiv/
  301. http://dtk-ad.co.th/r20yp8t/speqs7y-mngn1yj-ugzcwuf/
  302. http://duncaninstallation.com/images/yptss-ia6pha-mgohqoeep/
  303. http://edtech.iae.edu.vn/wp-includes/4dj9-k6eyn-vhznya/
  304. http://elevituc.vn/old/csom-9kdwt-rvpgjwouo/
  305. http://esenlives.com/yyvmbi9/ear3t-r5slea-zbdvcqlb/
  306. http://estatecondos.com/blogs/xy73ab-tuq3j2-vlbug/
  307. http://euforikoi.xyz/application/wzoo-k6txu-zyjfxokwc/
  308. http://ewoij.xyz/250iox-6ww52-uxrgzcd/
  309. http://farstourism.ir/wp-admin/tu7r-bygz1k-qvozx/
  310. http://fgmedia.my/order/to11-j9r1l-bqrppyo/
  311. http://fictionhouse.in/wp-content/v5v14-mcb8h-sfpd/
  312. http://fisika.mipa.uns.ac.id/icopia/files/fyhwj8-sx526d-ngfto/
  313. http://flikh.com/flikh/6718-yp53b-vlpzyo/
  314. http://fpvnordic.com/img/jki0k-tqeal6-dgsyrzsbk/
  315. http://frtirerecycle.com/images/4uia2-5dur1-qvjqdz/
  316. http://fullstature.com/mid/udt1l-5amos-vzgvmcwye/
  317. http://gamarepro.com/plugins/x3qs-c607v-norfdkxa/
  318. http://geecon.co.uk/autochatbot/1280e-g24o98-dqjqsh/
  319. http://gelatidoro.sk/zrdgo4p/9n2q-riojg-qtdzm/
  320. http://gisec.com.mx/expertos/xcck-u6too2-uhrnpotz/
  321. http://grameenshoppers.com/old-site/ba9u-emivu-pxcedhq/
  322. http://halal-expo.my/wp-admin/g7wn-vqjivi-iaflnb/
  323. http://haru1ban.net/files/2xzy-klugix-bmhtibiu/
  324. http://healthwiseonline.com.au/wp-admin/g3h8g-2rfkqz-tttvtsip/
  325. http://hillhousewriters.com/images/vjjz-erxqi-kqkbql/
  326. http://horseshows.io/c2nkrlt/wm1f4-ozg75-eqdvotudf/
  327. http://icpn.com/shawtroop342/873d-oo9v7-qnxh/
  328. http://id.launcher.mankintech.com/wp-content/uploads/d8rk-yyzib-ckwt/
  329. http://idealjackets.com/wp-admin/6vap5-1igm7-oxxxjh/
  330. http://iextant.com/1zmraii/xbyu-a3ttxv-bbtf/
  331. http://ifilo.com.tr/old/4uyga-bykhf-mlxikab/
  332. http://iheartflix.com/wp-content/wta5r-8hi2k-pnddqitf/
  333. http://ilcltd.net/eienbsu/p41rbi-h21yh-qenkt/
  334. http://ilgcap.net/wp-includes/v1ts-pdvdy-byjps/
  335. http://ilimler.net/wp-includes/ouen-arhq1a-alhko/
  336. http://impro.in/components/wtv92-h7574-etbff/
  337. http://impro.in/components/wvzvl-si9qlj-jsgorld/
  338. http://indirimpazarim.com/cgi-bin/b7zw-w4pv48-koow/
  339. http://infomagus.hu/wg5/yrm5-bl98hh-pupq/
  340. http://itpractice.com.au/wp-content/6neg-zq2h5m-bsgeeo/
  341. http://jabalnoor.sch.id/wp-content/60yhe2l-mn05v-jcojd/
  342. http://jargongeneration.com/Gambia/iuhz3-mi76u-idqrwi/
  343. http://jjsdesignandbuild.com/tw34yvw/3ymrs-jt8451r-wijgvjx/
  344. http://jobspatrika.com/leoloka.com/89jd-783cv-qxsbocsn/
  345. http://jofox.nl/stream/ksyh-b2xj6-bckuuqc/
  346. http://johnclive.co.uk/id/zv3pc-3gtms-wlehkhtmd/
  347. http://johnstranovsky.com/96t8b-z2ns7-galcijo/
  348. http://joshcomp15.com/old/server/ppjxi-li0pps-mqppir/
  349. http://juarren.com/css/zb53-kxrcqu-moxwb/
  350. http://junkmover.ca/wp-includes/k0ls-mfrxg-axfn/
  351. http://kadutec.com/cma/aoi8-f6v6x-fybuwfng/
  352. http://kamel.com.pl/wp-content/jee8j-r6t06-kkmaz/
  353. http://karenamme.de/sntfy-d5u7rd-icbooohpt/
  354. http://karl0s.com/Amazon/6bwc-utf4m-apdqm/
  355. http://kianse.ir/svsvbk/ppcf-pvdu7z9-nkghe/
  356. http://kitakami-fukushi.ac.jp/wp-admin/8x324v2-zlz81-djrtueq/
  357. http://klasisgk.or.id/fonts/ad10-xbqpw-rxto/
  358. http://k-marek.de/assets/egxv-ii7ihy-yazagvls/
  359. http://kndesign.com.br/css/gpji-gkxndz-ldzz/
  360. http://koatz.com.br/vanbora/29cl-x97c5y-vyys/
  361. http://koehler-cosmetic.de/wp-content/a244r-y9ohc4-mbbeo/
  362. http://kosmoverse.com/games/ue92x-phk709-wdxiy/
  363. http://kowil.com.vn/wp-admin/lpmj-855ev-sgveuhw/
  364. http://kuy-ah.id/megabusbandung.com/7mbn-byibei-cuptgwv/
  365. http://kysmsenivisual.my/wp-includes/8lcj-aq6gr-poomjlddr/
  366. http://lalaparadise.com/ponytale/dk44m-cp1tp-cbtmooz/
  367. http://layoutd.net/aukro/270p-f03urt-zudsp/
  368. http://lemuria.sk/ww4w/vr1h-kaegqe-cxtp/
  369. http://leoloka.com/89jd-783cv-qxsbocsn/
  370. http://lgubusiness.ph/wp-includes/2kc5-j9la5-rfra/
  371. http://lifeguidesinc.com/ww4w/fzh1-vsmia1-xsgkcrwpl/
  372. http://li-jones.co.uk/css/0nca-tf09q-nhdmsfn/
  373. http://linkmaxbd.com/ww4w/4s87-ame04-jholkr/
  374. http://lloydsong.com/wp-content/2f40u-e0cur-uamjqz/
  375. http://lockedincareers.com/stats/izsx-w1jh7v-dldxpuhf/
  376. http://logologi.vn/xo4875d/ynfcc-nnq1or-sbidwq/
  377. http://love2wedmatrimonial.com/webfonts/niw6-nh3og0-azltpi/
  378. http://luacoffee.com/wp-content/uploads/z861-utcyb-qpcrmi/
  379. http://lukejohnhall.co.uk/wolfehall.com/ulxfn-5gi0cd-huytcym/
  380. http://madbiker.com.au/logs/2sxb-8mp0q-xmheeitd/
  381. http://makson.co.in/Admin/vjnf-p4m1a1-ksgqvtp/
  382. http://manorviews.co.nz/cgi-bin/vm8qb-0u8iq-tzhtjwxg/
  383. http://markelliotson.com/css/3b83-5zdz5-umii/
  384. http://marketinsight.hu/wp/l0kc-5xkfp8-tayrwjmie/
  385. http://matefactor.com/go/bhooq-yxo50-tacnfk/
  386. http://mcbeth.com.au/nick.mcbeth.com.au/59xr-fvwj2f-yjssgad/
  387. http://mdtraders.com/wp-admin/cse4a4-00xuo1-bjwr/
  388. http://media-crew.net/bao/wxfuq-8y5cr-zebw/
  389. http://mediariser.com/wp-content/z1iid-2eem68-iqngc/
  390. http://mlewisdesign.com/AT_T/br0j-rgl2t-ddbyl/
  391. http://mnatura.com/photo/9tn3f-rjkal-frshoo/
  392. http://muacangua.com/wp-admin/ddmp-77o87-uuch/
  393. http://mukunth.com/shop/hqg3-jrufu-zbwgg/
  394. http://multicapmais.com/js/l3qj-lwh0g-eorjnwag/
  395. http://multiesfera.com/wp-content/814et-buyfq5-nkahh/
  396. http://nemnogoza30.ru/ugqwuiu/2dgf-242z2z-giriqqqu/
  397. http://nfbio.com/img/upload_Image/edm/pic_2/h1te-t8jpu-yadpky/
  398. http://nguyenthituyet.org/wp-admin/nger-xhkcnz-dywfrio/
  399. http://nhuakythuatvaphugia.com/wp-includes/wnw7-psnv4-pjhk/
  400. http://pannewasch.de/Artetra/pf6f0-vlkuko-dcshgay/
  401. http://pasb.my/videos/v48pu-rg7di-llwdp/
  402. http://petite-pop.com/wp-content/e35d-msulvg-bnquh/
  403. http://projectconsultingservices.in/1/p8ncs-egjpf-guuy/
  404. http://property-in-vietnam.com/cgi-bin/vxzb-3hjug-midvyu/
  405. http://ptpos.com.vn/wp-snapshots/t78e1-nb06m-iwghnhe/
  406. http://quranyar.ir/wp-includes/7fn9m-vd7do-ifllme/
  407. http://raccanelli.com.br/cgi-bin/1bfsm-3scphyq-oinr/
  408. http://redmiris.com/wp-admin/219mi-m1uzz-jemdgdap/
  409. http://research.fph.tu.ac.th/wp-content/uploads/4qbxx-tvwu0-exphx/
  410. http://rmhwclinic.com/wp-content/0jpz6-5ghbm-xdnbyf/
  411. http://rozhan-hse.com/wp-includes/deo7t-dcaum4-fykaarrdt/
  412. http://sannicoloimmobiliare.com/s5v4bzr/kg5em-8s0zg-wyrk/
  413. http://semicon-tools.com/++install/s6mnx9l-eiyrz-bcqdqms/
  414. http://shawktech.com/shawktech.com/91nw-hd0kc8-ingjmpx/
  415. http://shoppworld.com/migrar-wp/u9esy-5oz3f-jmvlvsw/
  416. http://skulpturos.com/wp-content/gu7lcrn-24dpp-jaxojrr/
  417. http://smartklampindonesia.com/site/1o46-ic4n0r-lptrxge/
  418. http://smblouse.com/cozayg4/9xwpi-0kekjp-fybn/
  419. http://sohuco.com.vn/wp-includes/yl0a7-sv25l-ubbkqwiqh/
  420. http://sorwar.online/wp-admin/75np-ualbr-fcqixhfl/
  421. http://sosyalmedyasatisi.com/wp-includes/vf7ai-xciuvf4-qnghg/
  422. http://straightnews.in/css/3klo-6mtta-cwmhox/
  423. http://t3-thanglongcapital.top/wordpress/gkby-mqn1k8-oqxoc/
  424. http://taekwon-do.gr/blogs/u9b33-068dp-jetkznhvq/
  425. http://tanphuchung.vn/cgi-bin/qkadt-tmizk-nmoc/
  426. http://teatropamokos.lt/wp-includes/sa3v-oq8le8-eabfkbmg/
  427. http://tem2.belocal.today/beauty-house/1ja10-cuvei1-hvvjkdgrd/
  428. http://teo.solutions/icon/r6xqr-39bq5-hfqpiohxh/
  429. http://thaddeusarmstrong.com/wp-content/txxwd-me7gh-slgzwqla/
  430. http://theclaridge.org/wp-includes/blol-1795ky-xmdpc/
  431. http://thehaidars.com/cgi-bin/l1tc-2geoc-juulely/
  432. http://theitvity.com/wp-admin/43hi6d-d8xjykp-oytc/
  433. http://thepennypocket.com/ikpfcip/vs8f-6qgqxq-ihdkadmj/
  434. http://thongtachutbephot.info/wp-content/9cx3-i2cxt-xfcwnsp/
  435. http://thunship.fi/wp-includes/gd947-2buw1-cvsh/
  436. http://todaysincome.com/wp-content/7h8nd5j-2ssh9-jcuyc/
  437. http://topsystemautomacao.com.br/Produtos/3yih-qhhauy-xgzixh/
  438. http://total.org.pl/wp-content/eydpm-exlyx-rjxoa/
  439. http://trainingcleaningservice.com/waerjqd/laq7-p9uy33-cyjhvgada/
  440. http://tranhtuong.top/wp-includes/nfjrbri-kps82at-inzynzk/
  441. http://trusticar.lt/cgi-bin/smc1-dgtz3-gnslysvn/
  442. http://ulco.tv/1v7wu20/8ke0q-lxmwr-kwxn/
  443. http://umshopmall.com/wp-includes/ofq3-8jf01-lcbziwfc/
  444. http://upwitch.com/wp-includes/l0tqz-kpj8u-wbnrochs/
  445. http://uscsigorta.com/wordpress/h9nc-6ps0e-yfqedxqfe/
  446. http://utit.vn/wp-includes/0bs4-l1c5x-ypgzxqk/
  447. http://uxconfbb.labbs.com.br/wp-admin/pqfuq-gs3qw-qrfxnsv/
  448. http://vinhchau.net/ngocvan/qxwa3-90zewe4-mvjpriy/
  449. http://vldk.life/wp-content/1fwbw0-vrhqsga-dqgcfdo/
  450. http://vnv.dance/wordpress/ukkb-od3d0a-kvugekta/
  451. http://wedowebsite.ca/y0r06fd/a7lj-x02nz-lfmlhw/
  452. http://weisbergweb.com/lxPU-3j60nDONL_Sy-66/gzlvc-m1nkv-naxyc/
  453. http://woofaa.cn/wp-admin/q9mv-ofau9-fukesbx/
  454. http://wpldjxxxua.ga/wp-content/7r5u-w654yw-lefjakrjb/
  455. http://www.1080wallpapers.xyz/tvcgyma/uic8-ujxza4-awofezlm/
  456. http://www.donghuongkiengiang.com/wp-admin/cdxm-4dmlem-apal/
  457. http://www.handbuiltapps.com/wp-content/w3tc-config/oinz-ejykf-cwltfngf/
  458. http://www.hotels-vercors.com/stats/97vgeb-78jzwj-oryjrz/
  459. http://www.i3program.org/wp-snapshots/e05o-2xz787-owuimq/
  460. http://www.idealjackets.com/wp-admin/6vap5-1igm7-oxxxjh/
  461. http://www.irqureshi.com/wordpress/wp-content/72ww5x-i3e1zf-uhjxwce/
  462. http://www.karaoke-honeybee.com/ztbr/d5bbc02-8tze05-dthg/
  463. http://www.koehler-cosmetic.de/wp-content/a244r-y9ohc4-mbbeo/
  464. http://www.lojasereviver.com/cgi-bin/1ybe-q4x1u-bqifep/
  465. http://www.monfoodland.mn/wp-admin/1zgq-1fibo-fzaqgxh/
  466. http://www.psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
  467. http://www.shinespins.com/wp-content/7088-fn5aye-hekldt/
  468. http://www.smilefy.com/it3fqqo/lcrsd-d2qpq-yixdwk/
  469. http://www.webliu.top/wp-includes/wr5bmyx-fernh-tidwmzn/
  470. http://www.ysfweb.com/wp-admin/5ghq-d48en-igkode/
  471. http://xn--bp8hu0b.ws/wp-content/5t6c5-6mz2wz6-qibv/
  472. http://xn--nmq177o11e.xn--6qq986b3xl/wp-admin/gymbg-obdbf8-avkf/
  473. http://xploramerica.com/roct/ny9rr-d21r9s-moxqao/
  474. http://yadep.ru/wp-admin/xuhif-2rds7-zrpwq/
  475. http://yallagul.com/wp-admin/t4l1-vq4xf-inxv/
  476. http://zairehair.com.br/wp-admin/dlc51-7ws12e-cutccjm/
  477. http://zakatandsadaqat.org.ng/otycixa/rhu6-2g4lgw-jfmno/
  478. http://zona-h.com/wp-admin/r8bx5-69sc3-xigws/
  479. https://1040mfs.com/wp-admin/8fd61-zjg0m-vkyo/
  480. https://abi.com.vn/BaoMat/8bklf-t2r3z-bthqpzsyt/
  481. https://ahmadrosyid.com/_layouts/jrhgs-8u7bdp-fejrzkotb/
  482. https://amaiworks.com/wp/tn7a-opg7l-rstfub/
  483. https://asis.co.th/cisco-sg300/8leo-kxoz2a8-msiq/
  484. https://asis.co.th/cisco-sg300/9tiw-qr96pq-ngmxwrj/
  485. https://boymockup.uteeni.com/nbrm/3hzxf1r-25x9y-mmkio/
  486. https://brightervisionsites30.com/wp-content/0opr-elb0mx-mkzsjmt/
  487. https://ccontent.pro/psmc9yj/8x6u9-ak8gj-pyywgjplq/
  488. https://click.senate.go.th/wp-content/uploads/2019/5kf9xg-1ew5g4j-ajij/
  489. https://creatoruldevise.ro/img/3skh-pghlwa-lnrd/
  490. https://elevituc.vn/old/csom-9kdwt-rvpgjwouo/
  491. https://elmatemati.co/wp-includes/prei-h65j4-xnbao/
  492. https://etprimewomenawards.com/apply2/uploads/2v2n-rpiiw3-zsrbujpsd/
  493. https://euforikoi.xyz/application/wzoo-k6txu-zyjfxokwc/
  494. https://evytech.co.il/wp-admin/7u6y-7qmp0-edbhdoj/
  495. https://evytech.co.il/wp-admin/7u6y-7qmp0-edbhdoj/)/
  496. https://ewoij.xyz/250iox-6ww52-uxrgzcd/
  497. https://flikh.com/flikh/6718-yp53b-vlpzyo/
  498. https://flikh.com/flikh/dqmlb-a671a-tcak/
  499. https://freshradio.cc/wp/z0em-mvp0s8-hmnvtn/
  500. https://gid58.ru/cgi-bin/vhr1-q7gt6-fbfwgg/
  501. https://gilsanbus.com/wp-includes/vvdav-nxbrs-umreykyl/
  502. https://hangtrentroi.com/s/g5a1-4zuh28-emygdo/
  503. https://healthandenvironmentonline.com/inpiv6s/tcw4-s7l0x95-ywzy/
  504. https://hjemmesidevagten.dk/wp-admin/l73w7yt-w4yf6b-vtotlko/
  505. https://horseshows.io/c2nkrlt/wm1f4-ozg75-eqdvotudf/
  506. https://ieatghana.com/nycm/lgv0-si28jw-jjxcis/
  507. https://ilimler.net/wp-includes/ouen-arhq1a-alhko/
  508. https://informativohainero.com/admin/owttd-vemyo08-ciie/
  509. https://intrinitymp.com/site/163qa5i-cw6oj-ngioh/
  510. https://jerryshomes.com/vendor/667n-m3xe8-ryzeegmp/
  511. https://kebulak.com/puppies/7y17w-6mb1ih-hucpj/
  512. https://kitakami-fukushi.ac.jp/wp-admin/8x324v2-zlz81-djrtueq/
  513. https://k-kyouei.co.jp/peosqaa/a4i7b1-u5o45b-rcehr/
  514. https://knsgrup.com/wp-admin/k034-erx2n-ohfjdxvgv/
  515. https://kovar.sbdev.io/xhol/yr38-j1tvm-iuotaujr/
  516. https://ksoncrossfit.com/rylawpc/7ys1-3pc4x1-lhezgcfmo/
  517. https://lab.ydigital.asia/steve/uees-g2v0eij-dxxj/
  518. https://lagucover.xyz/8agtetk/hp6jh-umij6p-rdxg/
  519. https://lockedincareers.com/stats/izsx-w1jh7v-dldxpuhf/
  520. https://marketing-mm.com/wp-includes/h3cz8-yyppwy-hxmpprdw/
  521. https://myphamthienthao.com/wp-admin/w91c-njm03-hrdflnasg/
  522. https://nhuakythuatvaphugia.com/wp-includes/wnw7-psnv4-pjhk/
  523. https://projectconsultingservices.in/1/p8ncs-egjpf-guuy/
  524. https://rmhwclinic.com/wp-content/0jpz6-5ghbm-xdnbyf/
  525. https://rozhan-hse.com/wp-includes/deo7t-dcaum4-fykaarrdt/
  526. https://rssdefense.com/wp/ndkd-vz3emo-vnlfoxuec/
  527. https://sankaraa.com/our-customers/kbw7-6j5qw8-nvjphhk/
  528. https://smblouse.com/cozayg4/9xwpi-0kekjp-fybn/
  529. https://sukmagedoan.com/files/0ef5-p22er-djded/
  530. https://tainhacchuong.online/uploads/rvltq-bt8plw-pqjydib/
  531. https://tanphuchung.vn/cgi-bin/qkadt-tmizk-nmoc/
  532. https://taynguyen.dulichvietnam.com.vn/wp-includes/js/tinymce/priceLib/8ix7-f166qm-pfkgwtql/
  533. https://test.danalaven.com/bs24rqv/3rk1q-hwh25u-ymtshbhc/
  534. https://thaddeusarmstrong.com/wp-content/txxwd-me7gh-slgzwqla/
  535. https://theitvity.com/wp-admin/43hi6d-d8xjykp-oytc/
  536. https://therecipe.co/ec/tevnw-kduad-jxqqjy/
  537. https://thongtachutbephot.info/wp-content/9cx3-i2cxt-xfcwnsp/
  538. https://thoughtchampion.com/wp-admin/hv2f-wgw5o5-pbtnfciwx/
  539. https://thunship.fi/wp-includes/gd947-2buw1-cvsh/
  540. https://time-goldisnew.press/wp-admin/kklk-o6nh6-bkqe/
  541. https://trainingcleaningservice.com/waerjqd/laq7-p9uy33-cyjhvgada/
  542. https://trimkings.com.au/videos/k6qj-emjl3z-kdvxbzec/
  543. https://utit.vn/wp-includes/0bs4-l1c5x-ypgzxqk/
  544. https://vinafruit.net/dckd4o0/4glcc-v7lx8-tugfjo/
  545. https://vinhchau.net/ngocvan/qxwa3-90zewe4-mvjpriy/
  546. https://vldk.life/wp-content/1fwbw0-vrhqsga-dqgcfdo/
  547. https://vtr.kz/vir/h7tgk-jzsjb-hvmnmfvn/
  548. https://wasteartstudio.com/files/le3lc-yfgxn3-sncdgk/
  549. https://whimerie.com/crop-image/pjt6g-p8gbr-jemsli/
  550. https://wp.radio614.org/wwscsei/ceuq9-ardv37-nuejjn/
  551. https://www.grameenshoppers.com/old-site/ba9u-emivu-pxcedhq/
  552. https://www.handbuiltapps.com/wp-content/w3tc-config/oinz-ejykf-cwltfngf/
  553. https://www.idealjackets.com/wp-admin/6vap5-1igm7-oxxxjh/
  554. https://www.kuy-ah.id/megabusbandung.com/kq6f-p7168w-brnlvtpz/
  555. https://www.lagucover.xyz/8agtetk/hp6jh-umij6p-rdxg/
  556. https://www.la-reparation-galaxy.fr/wp-admin/zdw1p-m4hfm-gymmip/
  557. https://www.lojasereviver.com/cgi-bin/1ybe-q4x1u-bqifep/
  558. https://www.psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
  559. https://www.studiowideangle.com/wp-content/ptpu6-2jhhjl-kuqvxtvhm/
  560. https://www.techekt.ml/backuptechekt/t0df-behcd-wyfamraoz/
  561. https://www.ucuzbitcoinal.com/wp-includes/molc-kwo5f-ngzw/
  562. https://www.webliu.top/wp-includes/wr5bmyx-fernh-tidwmzn/
  563. https://www.ysfweb.com/wp-admin/5ghq-d48en-igkode/
  564. https://wzydw.com/wp-content/uploads/bu5z-9y1uo-xaoifl/
  565. https://xn--bp8hu0b.ws/wp-content/5t6c5-6mz2wz6-qibv/
  566. https://xploramerica.com/roct/ny9rr-d21r9s-moxqao/
  567. https://yallagul.com/wp-admin/t4l1-vq4xf-inxv/
  568. https://zahirbanjarmasin.com/wp-includes/iv7p0-qmpdja-qjhytrqb/
  569. https://zahirbanjarmasin.com/wp-includes/xebl-ndtt0q-livk/
  570.  
  571. ```
  572. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  573. ```
  574.  
  575. Creation Time   2019-03-14 20:31:00 (DOC Based - ENG - 365 Blue Box)
  576. SHA256:
  577. 298405314ab2b46b80efda533ffcf2b5e92584baff5c87b17fbfd3b5b7093b3f
  578. 6987ee92b404bf4dfc698ed37c4d6547b577b65658edfb6ce5fd68558f369a11
  579. e7cec0c1e38ddd872cdca6da84ab406daab78cff6a250b7213e7b9596f3ecfc2
  580. e8c39618254a95178165840c0526e7392e89732bbf8e0753cb8b3f14165f3bb5
  581. 3ada73c610cef94aa2e3ef6b6a0d9ea835895f4bc19ec32f6e3508c5b43e84c7
  582. 4668b7f974f775d249b8be01939690872e95ad042e329d57592aac2b825c6cd8
  583. c2814811582584f19e9c0a779354149bb7c334bd12ec7b6dfc7300b6817c3557
  584. 28022a215b0f681b76943cc9fc6f9e1f2c64cc67b9b75e70aa444d226a00eacf
  585. 7fd654a123f117fb2c1c0827b25c52b4147aa880111399fc6c05fe11d1a63299
  586. 73c754c33b47e9e4295b6a035b55cab8451855e5a3df5f33042087d1440b09ad
  587. 7f06200e6d8a88ab22aad92c2860a6b4751a13a997a379785ccc5413af273b46
  588. dacfc2496b0464d3bc29d95c0cf3cf67560d631c769c7a0692d10edc384da835
  589. c1623d2b2e1fdca5a5bcdf4f52905072f4d78b2194c7d65d5ab85e2fc71284f5
  590. 71b06b15649960e7540ffc5c8ee111d3522e969c8d2207e967fc009e2c906321
  591. 2a0abc135cb7e2b2131b838babfbf4cef210ab2609fd0f964ba92bc14e69a6b4
  592. b063bfd0b93101229534a7ff69e1bef6ead5f51091f0b0ecea450deece99e2db
  593. 1b382931218e4adee9bec367b378dd97983695af76e0e195e62fd52064c82727
  594. db344ee03d043efadc48cc86f6b675b07dd20cc7252e9adc59d52a95b6dea95b
  595. ac9e016b1771afbbcae60da0e2393354c46bb8c4918716c510da50357894ddb5
  596. d9906755f505fcd060c4672d7977e82d21863eb023b58fbd82954243c840118a
  597. 03bb3621b7ec92fb8f86111e1d77b5f42e2cc77ffac76860f368ea20676ac8dd
  598. 2b1299c5f8decdff75dc37ef25e7abebfed25e9287e2ba37177d242c6667696c
  599. beaf5d744c87e53630c8fc5095678775a5786de350538409b82ebf3181a7d4fa
  600. f17281896f0814a69d2e68a99f95d2d48003da959cd798735705bf2fc4d030e8
  601. b630ac19071b35931abc47fb04f0a6ba6ecba18bd41e2ab461db7491ec0ef2f9
  602. de5f54d25e4820856ab34b7394561937ad365efbd712c4c090b0cff6a11e0e6b
  603. db12bd01917d9d2395c3c5b37b344c542975062850b3828876c9fe6a2e0cadb8
  604. 3a38e8a5483c9fcf4c1698acc4e1b174c14b55e16403f8134f71ef8d89353726
  605. 4d475b91d09d23a122ecad9f46f648e5017ab569ae705682a1adcc6c22df794e
  606. 3f4cf74bb6b1face65af2e5b2f7897072a59dd10b2dea2568327098de5e13ad9
  607. 00c1ed0fb173c266b5a3135fb548b3280477d5f712dcf8ee6a6030927d804270
  608.  
  609. https://tuvancondotelarena.com/z18rrbu/DQa/
  610. http://toolbeltonline.com/wp-content/uploads/368n/
  611. http://territoriomapache.com/wp-admin/bEkL/
  612. https://www.thebakingtree.com/s75ldvl/NW7Zz/
  613. http://tgmsc.com/0t418lt/NIq/
  614.  
  615. Creation Time   2019-03-14 14:54:00 (DOC Based - ENG - 365 Blue Box)
  616. SHA256:
  617. 032bba8fc5b50e983cf7dc3a026a6abc6bdcaf836a3db80201bceb8389131a1a
  618. 9185132f689a984dd6a9af9d071f5fa70ba158b72421eeb8b5181814e04cc1e5
  619. 6082582f55df7baa2e1556ecef332c817cf4f7fa6f63a25953f7423c4a76721e
  620. 190a43874e8c841b9aeb4c134e5c16958f476d82b5bbd0781ecef7b236f18814
  621. ae6b0e3a3c69dfd01719ffef807998fd369ce35cec86d8c00d58299f52ef6a7b
  622. 85eddd3f6f7d4ba988e290107a5fc3dd1227e5b77fa83bdce67f8b5259052ddf
  623. 6e8b7dafb2026f4529e1a3e1b346a9216ffb695a23d9cd1d643778f1a7fd2192
  624. a4f6139816fe7a7fd9be197afa83463f88f8d716a0abcd1a936bc6ef9fb5f23d
  625. 103ad4fcc7e9d7c0ee8258fa53b5fb2cfd52a7cf73fd3639e5399b8b8cc95322
  626. 72f28b1b69d7c9c10d73bc79a8991e135ec73a51e1987bc425dd0166e2cce668
  627. fe851abf4da0f483927bffeddbdaa5ebd5d62e8daa7130be2a098acd718d914d
  628. 2119eab2db52a7c73a2755c84f25f11b591a336f3754d3c0e4153d3c12e6bce9
  629. 736e6ac877fd4d043ee8572a7d5a73ef7d1cf3b1d6719e4cb69eac62a975adf5
  630. f5b0ac70e785424496eadc9329962b5b6fb37c67955b9895f4d186ac9c26b868
  631. a47ae1cfff2e1905c52e0b003da82c85a31888f12abaf0529aa6e2e6ed12c79e
  632. c4b8cdb793a5ea94bfa5dbb4e1fb8e6876df9b2842c8254c6d51f6162c5e25b2
  633. ac391132c0e2baac63c838867214a0c45345e82fbbb3ddb765d1a8a7dab7a034
  634. cc3f692f3594f6db8a0727f7199169535ffbf6227f7936a72b6b0ca1ea8f1a47
  635. 3451a2d2ed99ca9bb02ef7c05d80b389b08d351071f9e87c56dffbfff6199b8b
  636. dabcac2bec47c9b62ecea09295ba36ec63f7718a359ecc363c72312ff964d22b
  637. c2cccd7fafc6e21c7d024602be8ed99c6e0d6cde408fd301eced81ca16e3f6c3
  638. dafd680c94d3342d03a839cc2426ff30918e9e5d635982ffb276cd15fde54824
  639. f271048a6fb8212fe50c42bf9c6608d97a1de1b2c8b1f9cab9f1962fbedc3312
  640. a82ac91e904649134fd6f8849bfb21b13f86311b8896313dc046b4b430a1a52e
  641. 92b0e057ab6db7ec683f589b00a79316c0691784e1db38188d3fa57a18aa3169
  642. 788ec3f0ba74bda45a6f9539c50166eade8ce6d4f98cc2f4ea3b3bf1d5ec090d
  643. ebbe02073b2dfc4be3d39adc3081753e7b9c45e84cd7d4d0e8faffb61c38dff6
  644. ab4e8bfe934a99a4233434006a3ec80afd25f1855c6003472b7b4da739eeff20
  645.  
  646. https://www.yanjiaozhan.com/wp-includes/f0c/
  647. http://uzeyirpeygamber.com/wp-admin/nH4/
  648. http://navewindre.xyz/wp2/wp-content/ktVWQ8/
  649. http://superschoolstore.com/old/nuB9/
  650. http://iryna.biz/wp/7E8gM/
  651.  
  652. Creation Time   2019-03-14 06:50:00 (DOC Based - ENG - 365 Blue Box)
  653. SHA256:
  654. a6310575fc2e5dd38f5bd09f3a48d0dd2a78ebbe8490faeadfda335b1ac29e69
  655. 45618c5e559c9153454d0418e3d8c5f3931eca4a21ffcab5839055bccdfa9c6b
  656. 02fc347726000148699c3e29a51adbc40c141d64c57b2044ea381bc76f03a49c
  657. c7d754e69ffbe5b557be828ccc20b2f542322d1c621def297fa7485ac1f0c1c9
  658. 8130a41e0a62eacc0edc4ad4e23fffefe9e2afc3002a8831545c6d9d595e2048
  659. 1f737773ae72828b7b2ae8bd5344a0a6283b2f9208bcef9ad866fff60812beb2
  660. 78d716d01aabc6f5978edb1ef7a9009fc034662abf02a9f97b11ef7d34f9cd26
  661. 1dee03b761e67dff40fb470afe9a57a935760631c47bdb14c01d6aa9d28c4a6f
  662. ba201ff8308d6c6dcb1d57c3d3b7ba41455a5ad8422364aadab1bbddc4cbf4c2
  663. d9a76c693ca85c2a01a4626a3154a67ae6e3120b5243ccd92d0f0d780896cf65
  664. b1c5275501caf2b65e812161116756f115bc7147719ff9089e712ba997cbd5e8
  665. 41649b8bd47f27848977ec9ac4d56f5c857f9bd73821867658762192ea97d8d2
  666. 2b51843fdd85f5e217aea090113149464ad2ce5953f06867ed6d6fe0a2b473c8
  667. 28c42f05f014b12a1649fd7813f3105ae4358a0facc8e8b95bc982a67c8f8f57
  668. 7371b0d290cdc3e0e91452b1b4a72c6976b5ba0340b1cb219f7bfa7a5aa386ed
  669. afa6a91d56b2b7ad44ddaa388df8f223bac04f5d9e2cbd71cc5b2c1789348150
  670. a81db02bf914f53e9965b7a96b734b224ba9e91e871c14c4e2d1eb442859ca2b
  671. b373066fc3a462ecd0d0741d335743cf9cf6e8d6ec7a575dac81f5ce3b855072
  672. 20f4d7bb58808c0ef7d6dfd9b899e5170999f94808700b7e4bdac25fde87e9d7
  673. 1bcaabbe07c8ec65ba643402271b2c248a997fa58db616a1388ac4469480d402
  674. 9e61468767b57da2e1d5063bf0c51e11259c84ed11600cfc2621657bb0e046b8
  675. 04baa92a5b2f81cc2888e6966f77d9b707b37d029207888d28693e9e4c7b3b63
  676. a7d335913445ae1807fdd9f4664b7d7e8cf9d5b9abe70ea482e0280fd197b97f
  677. eb24bfed85d8ae692c935de4dd07f4a409057aaa49774a2d2d17b648fff18034
  678. 61cd65890ec3a1bf8c5d5d93f8e5e7463246c281d9042dc91d0c258c22c6d72c
  679. 008316b843e229cd893d0a6f2a497e69fff4797ca6ee8ad41782a7db0757ddf7
  680. 1da577cc36113f342fb1d47d9f75056ca7792c1cc40aa38be150f4554c0cdf65
  681. 1da577cc36113f342fb1d47d9f75056ca7792c1cc40aa38be150f4554c0cdf65
  682. 34dd1fe0374ce3e969229223ea1692a1c0d345d92a186f54e310ca4952fbac3a
  683. 5f9566138e350135ffa42ea776ef56c5c73488d0b9f7604adf3a52e679dc8822
  684. 83453db0b74fdf3f9381e7ff66c2296e0368ff2a86e58b940cf4c4de3382585c
  685. 7f5b8f1002cd444403a0ade885d50a1fd1e1ba3d2e36e2f79c46c6f9778965d9
  686. f732d4683d065e2d367cd56e0d297e145f8a282bf68a5a7399bc4ca2800161ba
  687. af878f53830935a89349e7b26dc0a8d2b3f8a1edfb66783ab7a0ce0bc8807805
  688. e17456b3ba80a732e848481b3142fc332f08db3db7135d80cb29eb6a355c09c9
  689. 67142a582216486df7ea2c9b01f81af08c342bc34daedeff93d4bc8c9b5d3ee2
  690. 220b22b969d2b92cdc53d74baf8cbbfd82d772eceec10004ef683f96d66fe1be
  691. ca99260e9f2c08cd1bcfcb817a8e5897402615415a2e7c195f008e6bf5b4a335
  692. 685ddee079e74a549c0c6784a626b7c065cb26d9a9877ecabbf524dd0702c5d9
  693.  
  694. http://ngkidshop.com/wp-content/Vtm8/
  695. http://cnfamilywealth.com/css/pu/
  696. http://159.65.47.211/wp-content/uploads/suhn/
  697. http://dzyne.net/jzahb-pnzc6s-oydtsbquq/2a6A5/
  698. http://118.24.109.236/wp-includes/4Pu4/
  699.  
  700. Creation Time   2019-03-13 20:55:00 (DOC Based - ENG - 365 Blue Box)
  701. SHA256:
  702. 459397a134b2b4a201c2855bbb2ed4d1eeda9cc7637d7c65201e0a78217a8780
  703. c060ca7e926c137d2a9b90d0182b288b86117430f8a7614a1bff92b722ee1fa6
  704. c060ca7e926c137d2a9b90d0182b288b86117430f8a7614a1bff92b722ee1fa6
  705. f8218ee2327f0a0d1a545aa4289a62547a4f5c186022939b8e7b7300f5dce0a8
  706. d1c7f942134f76263a65b79372b15eb5c0e2f48d4842c09105836c4be4a8be76
  707. 5bb87a0173b861f7790dd1489c31c32f4a5757ddc5186976e06b63bd7ef6c46b
  708. 21019fdba804009eae5d26e4341954a66178838fcd0987bc4c5fa6407cf02ea9
  709. 561b5e6ed0be4a0d73063bab95cee962c10dec9d0df889837d7cfc9876f2d8d3
  710. c2cc283b1dacbd7b0adcbe069aff437c1fc7c93ffd2d3bad152333301e1ca913
  711. 649bb7107a06b05284c26bbddcf1ac7b7178081cfa5fe6555cf3a36ff1fb6856
  712. a97fa9403745a0870ce9825e8b6d5591b53dfa935e52e09d874f9118a661207f
  713. e5cccae034b70600078ceffa36bc978f093a812398bbe75ad33b057ae3f50d49
  714. d1f2d6371dac7d666a0286551b68bf5bff6fd0c105a36c602272b7a33a8f90ec
  715. a4b0538364ea5b39b92022bc5a4ba0dfc73e17b407e98d29b2de968586f1b42b
  716. 99886b194a90abc88812eee1fa28a9a4fc18c103855fc8d972766524c7c6ef5d
  717. f307734cb3bed7d13b9a497d3388eed0aba98bd1618c2419a4c72fe609006c06
  718. 8de3f82c3775e3c0b38daa26bc3f7b7a6cc6a67ad8d99b02f92bc5e0da60263c
  719. 984e46e8b29172a632f76dbeaa82b0188a563d25e9862f6d8d725ef4e1823a85
  720. 9f121e7e36b53ee05c9514868ff7bf9ac111bf4c37d39e00927a50417d6e042a
  721. f856dcad62f7192f9fc5bf924ff8a7bdefa1036c5672a9a6d5b1052bbecd9ebf
  722. f3ecf08abb0b2523b110c78e58e554a0e0acc75f83af11326b628d068aa58d3c
  723. 000476cef7ce5d5a1cb3a1ed4f4d8f261cb2394df4a759f9aba2c6be58164331
  724. dc2d7d84c882fbcb016241f24c84e12a57310517357d87b6733cc697bacbfa02
  725. c818398d17982116d2a5d29d33c44c5af6feed867a8caa639c78aca1c1ba362b
  726. 807dcf4834bfaa4587ab4cf4ae71fd1c0d1f64b67dfc9341e001b1efb6b1e949
  727. 9688017da94967bee0abaed3a776532c84aeef410c40dcdfb477c2060b05248e
  728. 8481adc2004a97bbc07bbc47f6601a7e7639b6e037e797686dd1a8d159264b2d
  729. 78d791edc7d71e6fc275a9bc93e66a58934f4cd2ad6b5468cb021d1fbd0d13c7
  730. dc87d93d01f22c38de94079e6eb4fe5e97001b37753be5a5c503fcf36ad4f528
  731. 312ffe5cf618e82bbe2ab1a4425b6c2927319b52c0d440721a97f3eda519f145
  732. 8f03a01f8f47e53607f1a6a9297a246e336df4ea26d62a8560652bae569a3fb6
  733. c4bad470544e10dd6cced30cd7401a15d69dafb03d07c65cc08f4d20d4b5bf58
  734. 2e93e7c34ebf56a7df68553db3978fe84969e0689f6df6fd66f04209d2a6efa8
  735. 04e5044ec07d08ddfcf21f295befc3a633824c74a62aa8ab701a8a1928e95cd2
  736. a51704c674881ecea35f356a5752d350beb4fd262fd2d497d12632c7e966681b
  737. 0d5981ea8f3a35516b953b2a7388228ecc2f89da80fec3ac5b13dba11145edac
  738. 42a2583e3e1d624482f525e388ca5aa9a13f7f9759c10712879280a105b0f47d
  739. 17afdf7759ed22dab50bc59c3577df7d3ede2098f7d1cfeda4d52a34b6b0b00a
  740. 1de033897656da4d0da38e639e78de54d3a98a93d3439787fe2eea65024cd960
  741. baa05ce9d41917c1998e4d992ade31e001f94bbbeebd941c8d0f4b9b37176f8b
  742.  
  743. https://webalanadi.com/u2go5i4/HIoJ3/
  744. https://heritagemaritimeservices.com/wp/pKKS9/
  745. https://webspeedtech.com/i1kk0xi/lv2/
  746. https://pjk3indotraining.com/sendinc/vDRz/
  747. http://turkmega.net/wp-content/8po6/
  748.  
  749. ```
  750. #### SHA256s for Epoch 1 Payload EXEs seen on 03/14/19 ####
  751. ```
  752.  
  753. 5aaa7b47e03b4883016f4cc54e0ab908beee8a54e5a2058f7f9cde3dbe893aca
  754. d5c3adafacd86bed9c4f02aa3d0ec14ef79f81767285f4dbeaa3e86768d65b5a
  755. 7f75052b03d64fa42d05ed0afe34247b8d7122c2eb317ec1c499952d0a69dd58
  756. 5f7a33f4423f9d255a64709e2fdd1008f9462cc83dc3d7c29f33603b38f604c9
  757. a1fbb29614204c6522b44e0c6541d89671d8a407aa6e0a223a66b7d4a3061439
  758. bdb0df1774c43298c4ead8a5fd6e73e62e81a4eb7070526e606ac57d493191ea
  759. 8cea750307227cb351e8680b08edd3c4c57934cf3405757ba69b7ab77d68221a
  760. c13d7fb43e01e0a5a9db03ff31e2060990a3f8a068a42cb0c63a05e1cdc119f6
  761. ead850aa18cb6b4f65fc961e7d157b3917f989b50c48398033cb741eeffc6c4f
  762. 7bbf64c60d03945808c53da3c09cd9e48991d6b38d2b3f36851ce457a6d18ade
  763. 1a95968467012cbed7e273be5b9c93c6e199f45fef88897333b116ab1fd29819
  764. 60e9ff9466569ea2d3b27fcda1a780a51413642915c936e41ca407dbb7312095
  765. 2fd1d071496ae46e9998181e2c6a77a20a02928cc0b2e665cc9217a0573320c5
  766. 90436a23d3340055ff4b5b7f0d7cbf7ff5d3a87ed9e0a6d74084790547860d51
  767. 02fe87450fa1c53f9c0d97a069f6438310a7c92cc16a282df40f398c1b0e0be2
  768. 1c00d7705c6aeb1c97869618b82b39bfbfee7f699c2fd1f9d3e997754f71256d
  769. c0aeb3c739809532ee9d6eba5a6249028a6a9b008da486df06c3af9befbf81fd
  770. 72bf1b0aaacd8f97d9c5251dce3a7591df148cabc28cc3d99599149ee71243b2
  771. b19c3a9f5839637fd33694a7644217ad0c5a73321b2134a984fdb2238317bb6b
  772. 4e32cf936d187fc07378a1e2bfa756d507f0575d91e621495c15f531542be2ec
  773. 2027e411aaaa85f4d0cb98d739ad0bb9d3dbc7e7c9961812c6335bdcf1c55d88
  774. 5ea41afbf36bda52eec99f60d043fc61fdb4c77f615a4feef0a7bc8096f3f504
  775. 5e1af19ef1065505856a16915992b31cc6681fa39247b0093b58775d8a790179
  776. 5275875bc80d5039328232d24cfe60e4db6e1e31e606abf1b38d00e13f4e155a
  777. 8dab1b7e92c2bbbcb29e524496fe4e864edaa98b6bfd9de78aee6a70c97b187c
  778. 1160f1fc02dcc1e28087f1d0ee5aca2566cca0e28d0faa012fbfc770b3dbe98d
  779. a778e64999ded84f5d332da7c4ed428468a6d1cc9585adc03481387f9a534a00
  780. 61cd250b58420a61a5c2adf579cd796c1e3c8416e2cec30a4efbb1aac439c1b6
  781. 0370730dcec45b388dbcb80ce8da090bd53990f5f7fe8b5c660bba0d038bdcc3
  782. 2d681e9ae8e35eab12a1549d2bb598c738d92b74f534ec1c6c7a34baae3baaa9
  783. ffb7934ba175c0e1fc6090aa36dc8b03e990b723ea7f9761239382e3c49f6afa
  784. 2395efa3f93f82665d2657bdd72bd8c442f4ad810d0ce73d997555910e8ccdbe
  785. 9e8ec93bc3f5ab1bb4eca9876a262797f94ad21ddb1858509d3b80e0505bef8d
  786. 9127e72a6fd697f54f4cf38bbef340e742804be39d87f67d7ecdf2b0acb6274d
  787. a8f54d7644cf81ad16b72bde5786c496f21b282e68d957fb70c4b51f8b3b9bd7
  788. 51b9c2ef31ae9da4a16cfdd4e165c5e4ccc121aba285787515a638568af6341d
  789. b8602812959cc580b32a878d2a1b5334ee22f39578751334e0413916d7aec80f
  790. 0aec6477d1623452d7e485a1d29d3a77508be32345e6f15aa100f30860bfdded
  791. 71c0c2b5ae203d0215810ca271a1c248f7c3d2e811fd0ea8cc0d48b1bd070179
  792. 030d73649424629f0c686b346b0fe1e0dc0a3349649c16ff1cce57e462b5a3cd
  793. 27236b6af1e0676f381c9a917c7d870099fc4a0e133dc9dba786792bdc1433e2
  794. 8e2dc1eba135283c0fef8ac425e413bd736773d16442bd33050db10a9d1a056e
  795. dab64cd58b4bd5d9baf41bcb992d5f5943770646a3b0b6151f8f4a89ffd1b1ea
  796. e44d3dc2a07fc182396cd0dd54e76908d076883be4b19ae7a7d67e8a9e6fc640
  797. c801f9e3fda6feef6baad75fdafa4c8b83c17d40bb0a584501cbdb2068f596b3
  798. 822343a777a3ccc4e465fd21dd293ccc5da7495c69a17dc7232d8759423087ec
  799. 3f3b36e9c66399e90ed1c03fa188b389bee6263f10ad0f7e9d4b3670325ee612
  800. ba208748f1181f2afdb705b78b8f2875f9a864c22df66f3f44d7d7ff7f1e417e
  801. 6e3d925170c3b4b498101df88b189cd435ace2a327a5847525421886278addd2
  802. 76d92912030b9ff18e3fb7b236ef1bff8933b631e328b6223a7300c3a56af713
  803. 29e96fb7e2925da29fa8850739cc2a23416408474a441bed6096e85bfd70121b
  804. 6d36997229a280149dc09d14e8c95c0c69cf09d97d3cad285cf2c3edee46d6bf
  805. 2bac99c686a7e6b7be41fb39f218855e9c93eaf5ac20197c0336dfba3542aa73
  806. ab4414564be6ac8f5384d8b02255f3fa411f4393d89092bea85f6fb35aaf53f8
  807. 63b9d2e986f7375ed96c5da213a1167ec2cd2faa1c028bc94b5bf5cfd4b2a54c
  808. 5625588feaa885413bbaff92ab2aafae80c6f4fe35d02782b73a8fcc7a5e6b08
  809. 4072c0e6df9b00c247b6e40d12b45ab957d0f8fb5e063a83945f0cfd374db685
  810. e87335918aa7699ea21163fcbb5c092cce2c3ce315339cd6f1a5d2b49f40ee23
  811. 4823687717c31a6f14e80682a94c38a7b8303c718ee6ab343640c1c4cd5a8c78
  812. 5dd59dd538bcefde3d3f914a7834dc374b97260928d08720c33f0419c7c5c365
  813. 0a6c48266af7944520300d24beda4e41a1781fa870e701c1e19aaa8497d0852d
  814. 5539544fff769e075e1e4001241bf99f50ae54522860820d927f5a70046a49b7
  815. 5d19da495343e56995bdaf42243f586cfc2d0fbcd0083a0723a673f6d505bfb0
  816. 7218993e1163f824a450cd8f997483ead16982e89c82000f3c3a90731dc0320b
  817. 37e629ea5097b81c5e0a6de546003955ba56f2ac46eb0d125dfba2b1887b6a51
  818. 09160f0aae57d08465220b38564145642c38e99ba27174356eae3229922ed187
  819. 894086b75688a1108d0a73f49ad12ca19f718c142222836980293422fba1c172
  820. b3a8a530b7c7e481d6516e001dbb9f0caafd8b0efaa368a1fac142a6ff8517ed
  821. 6e6a3b2182069da78680c31ed30cd55d029da68551c2db6d26fbac103b04eba8
  822. 4e3faf451041d8a03cbe71e4a05a9fe66cf87a4f22ccfc6c108d5425e8c7191e
  823. 130e254a13742a3a55eb8a0b6ce6cad6e3f7f70b170fb051be4b14b41f0e41f2
  824. 08953d60d21080b41946415c0f5a3a15b0630a0b20339f4ab88cfdb0ff31560b
  825. de3841cd0ab0001fdfd28a4f3fd15d5d20c09629f7857642083e95fa9b716364
  826. ee21917b1596852818813250aa9a5ee37e87f7ca43120e17f09f940d058c1557
  827. 895ca7a117fba8a710ffa11055df4b88a73a44dec199ef1973471701f5f17726
  828. d626aacbbd26f0c7d5baee7fd6e49ee8ae2aed7c6352d39ac25134e9985400c6
  829. d86584f92b6af0bfde4a4720878d5ad64f6d8c295b61f5cc345b2fcfa952758e
  830. ce02af48d799e21d832c1dca0607e583c5870ebe179b3c096c3a54d7431c7ca7
  831. 98d752dc5874bfaa2739aeb0b83e5ca0c00624d86db827422070a9da9b69d866
  832. 022d00d614338ac8e437fd735dab85097d2743a0e4d4e2b9e7e3f1727fb73e26
  833. 1e7b0711ea10e083bbf4ed19b798cb4016a8d7cbcb61b94e56290c9ea954e66e
  834. 5c5acd7e82fb19bfa8a9759c1fc51e93acffb579661fc9b4455fa2f87fd05089
  835. f75984cfa2bb3c33629e71565da34a8af4b087acf91a19b1dca7481d7adff22b
  836. 7b124522b276e8e7ac3e7bf332b7d153902b257119c33082e5fb97f529635d8d
  837. baffded947b9179545a8792871fae5a0b57425cd62a94e0d7dc16b7b2525a5c8
  838. 60234752a28355b39c1fee9788bbb22b9e257e56d9a178b28b4f1c6a71990ed4
  839. 77a5bc84a5be4def68a699b95364a83fee890182b9ea786dadac7843af047c3c
  840. 863f875586afd75b34c38ad0451959ee648c870a56ce97b392391e7eb25274e6
  841. 29d971f790f31f3749e8b82b80b62b8f528f28174f2923b58c7032abb13da07f
  842. ef0bed98d6f616aff66f9057a7539fcd9a610e9b84ac0f2ddd583e3ee77e2939
  843. 9de3f30a6de4e1bca82b22f12982f6600764be38fd29f2ecf162c79bcf977dff
  844. 8cd8922d29ea60faf1076082815611ce7787d8cd36d954dee45ff20b170ee52b
  845. d8199db09a16c0f851cb3dde4fc06183d23650295836d1a24c4d868af5acc7e3
  846. 49901c6e92224c150f8ee2a3b0ac070994b8c2c0b983c8d570b689227af501bb
  847. 065f32411db332bb6bba294bcbc7ff3250fcfaa8626648d48b67564be9ed99fb
  848. 0597f7ab25ef6f29165e7d6485828342f282bc2b3b0ce7308e08f83df1e0a597
  849. 516efab4a4db7b95341c6a561b3191e4e2ad6ed63b2305724998a00f2ad95860
  850. b681565893796b7147bdeeabae464bf847ac52118ba86752f9b4e31497f7d088
  851. 23366809d729f79d799bdeae6c1ac940acea3b44d3938c5ee24058adf7092dfa
  852. a23ec414050101d59d86882af4b08352b69127cd2cec22b9037ee2d5468293c5
  853. 42aa5262d90aa2674d92cb7983c3fceca8f1d7858980012567d713d0a0052462
  854. 3ded6a6d106453e18c0b9e105c2958555cf9e64d6a385eae9288ea4c9382dd7e
  855. 206068cecaf6cbae480d5e78586f631125463d8bdb108e6f00e021afd8f52f5e
  856. 21784d7b810861d07345f96a144a80d1cc8772220f5eb1ca3d858c6f74403d13
  857. a1a218d04238e14c5d1c97cb539a6f1d105e559fd6fd1ba86aa3cccd1af1e6e5
  858. 2c885c8bc6710f04f7da80ce7b16afa847e0126e6edd0a6b4dcd3acbaae84149
  859. 48955b9c5bc8171e00950576b342500551009fcb9bfceb7c2ee8726340f1a05c
  860. e77b28036819813a8ac3eec8ea6ffef7494bae2d6c77fac2b40a39e71c510828
  861. 9796b197c3fc64060c3ef127d761efea85d5c5141de24fd523f983791bbbdbe0
  862. d84f1c8a95d3032306ed8b289b8de4ce66d210633ad5c9775c05a77779547d93
  863. 312526f2b4a6f7561b36909208e72938479336fbdef8434ae7e7f90cf691f81f
  864. 1d67bf77fff4a7689a2f47b09e9037990975e8d9a0c4662a57e9289887080941
  865. 252a3fa3034c996bab274046262306d95ce8021fdbd608ba239a61e4a66c2fea
  866. bfb98b4f11a67d318b673334bf7f2f570fc9f19f21109936ba89759ccc221b48
  867. 5be0baaf0ceef97d164ab686096e0282b965e56f5bc3c590d6e42d4e4ee95437
  868. 1b9bb27fd2ce4f34b73fdaec6fc1ee5f7e38256dff436f8e4f393eba5cf4934e
  869. 8561d2615682a30cd8878916466e049364bcf2adc26b7aa8ffe1f6c9b09d3dcf
  870. f8dd325d14c667b9d4fb85cd47836ea85b10bdb30abefc3c490e07039021d465
  871. 01f4ec155adcea5c0aa4351deede7e6556f6e982f97b0fe3a4a5022bc7fdbf90
  872. fdabe7455451d59a87941a18817e7ef18e5123ec40f807810e2b1a71be0f4fcc
  873. 52eebc92dceb5fc2efe24323ab1414066765e67145dc156a1891c856a0105951
  874. c33e7531f5b70f6ff5edac77bb0988ff094660a8550b4911a2eb8c06f9107271
  875. 95b3cf9bf25f806a6789a12b5be21a319c0b8f2ea2592105e5594d6f44b6246c
  876. 9a077b9e0c7b01350684ffd0687723d9da6912a8c932a4bb513931ea7fe50e2a
  877. 93809ef370a8c557997ccdf2259931ad877b69d11a6598201cdc01d4233415db
  878. b89e531b4bf91686edc75f4f80d0decc551e10cd987b40c592f7e250825383aa
  879. b79a56d3f02dd636fe5a8f1c07a05d397b838780bc190d2b9b249f41fc2b08b4
  880. e6451730e64a72210b05e2ae85cf1160cc0994bb78b8010c68e3cc61f90d3494
  881. ffa0cb5b45df7a33c92c8fc64d1ab1ec6ade9d7abc8aafed71c3917a43a6af4b
  882. b17bff4e87d5bf46816a04e212d36539813ccfc6c2a1aa77fde3e19d777403b3
  883. 485b4259e2a0c5931d399e898de23e2ad58fc8dc4cc3952370916f0ab4bed161
  884. 1648bf32e8e643b1626ba8a73b8c56e3dfb61a91698f1fa7f264df59b8572bde
  885. ff05173d0a417d53e0e9bcc6576dbb0725beb6cd12fa271834f78b383ea3a134
  886. 27b3b1190fca97a4e8c138483ee10bc12b885573c167385d881b6877590b2fba
  887. 17fc94c0dc5b96391cf4d6219a210555487123eda20869d4785f5527c7c1c71d
  888. d0944f15e7e3c4f285faee9800f2c8ec5069f34682e542dc7f1d5be160f0c823
  889. d5b35baf6a04d1769100b03189183090c099c33fc59080b9b95af5eeee3f64d8
  890. b03c6d154b9c6e32b442243138b8236b77255fe70f6aca19dd6718ab3556cc28
  891. 9ca1df36a1a600ed5b3f7e2f2dc53729527ea137d39ed7bab80afd2945463946
  892. 76cad0defa19f8e06284e63d07a6f3f2c990f807175bf26b5d63758cdc0fa5f8
  893. 055af7e2d0cac8d13d090d9667081dfdd32807019f8ddee0aa5322703b331928
  894. 7f9ee8370e6d39cd4f3903d8e88b41ece6e802024f4c48f226576a2e254adc14
  895. d0a4279f9b3dc07944d267d0707b9b272e2f06f56bf63d67c7cfa7df198c574b
  896. c928843f5160c6302cd6e1310337f3c9ebf84dd9c8cdaa261ec58fa829e22b22
  897. 408a51b513b872ebde98767cfdeed93c63f3284c220d5e5840df6640d13ca1f5
  898. b576ad87762a60e9127381cec5a5f1ea61a80fa858f430d90b74cd60af993562
  899. 3a5617e9e91d8bc6d0a680cfc3e29bcd800b3e8c1d47fe40f513995802933aa5
  900. fa2de97d91259dd478d504f1b419677b44cf82ac7f627a7c1e1ce0e3d87867fc
  901. 7f65770b8695a9e2561a2bd0593cb06572babf1ae2baf249aa73d6e621eaeea3
  902. 2f0552c1daf1f5a442039c27ec9570246e500ad323acf63d9b8999d61135b0a9
  903. cb53e1ba3eaaaa724b0bb394a0c3985f7c03befc9a73c5dc41c9e72eee369e15
  904. a81782cb92c2891e16cbc615b99948c53964397afb98ed7b645e8802ce7e3e3e
  905. 0847501d8e8523051d54189afee8f4245bfb23b83bc5437e817a0924f22672f7
  906. 57fd2b8f603bd19a0c09f22f6d0ae6ed8f2c21b3bd83019c95ce4ea52f32abb9
  907.  
  908. ```
  909. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  910. ```
  911.  
  912. Creation Time   2019-03-14 20:23:00 (DOC Based - ENG - 365 Blue Box)
  913. SHA256:
  914. 74a8910000d81c657beb26f73a668d649c30c6ea1e9867d7086e00d08a1b0c77
  915. cf262f6b2cee7e95b3900bdc19ff12a06a01f262694d0c99c827687556f7b5b5
  916. bd6b0a8c2ba7dd51fd2816f8f4b588a93dbf5f89f52bdce125e309ddb1858433
  917. e9e4cd2f2128f1782443cd369f130a08f0098b21c4abb4ebfcffe9849dbe6d6f
  918. b90e38df9762ced356dcb51126bbc6a51532947e1b1f04f12203679068bf514b
  919. ff40bd95310cba92effbe22a1eae2fc9e198224624f6c590aeefc283187b2e28
  920. 25a3edf18876053ba37f18681bc0d32405d0bce2399a7e76f7251e05633e4c88
  921. 05f052aca11ad0d1d2dabea4ce046669131b23c30347e864e373bf2f02a84606
  922. cedc85b1d669256b90cb39373cb3c355863f662e49a1bfcc8cca893d2c5efa76
  923. bb8f603dc0e356ac1c4ab5e9c6b8005ecd39a392e681402ad40b5d0cd804f668
  924. 28b4db9be8b5f8420b7e6a2129f73f525d6124bb0a009c12eb22e6eedd1584a3
  925. 562d5b97c79d21bf2f6ab0bc588c8ee6c2754257451cd48986c86f389f21116c
  926. bcce04516238a62408668fad8574e17813b890503a3f6a79d15c218ba90232eb
  927. b807cf6ef14aaf1772472560882a29022118ee224c27c1500bee0a481539d76e
  928. ec6c34b5caf9381cd07ac2f6ed1320707e64e5ab77b19751d89116d1c81fc00a
  929. 32ba942cecac3d19ec25037356f984066cf1d22d609c9eda6765283a237e57b8
  930. 76764d3d22bf183e62a16b907edf2a7381571cc7386a39e37718f2643de55ff8
  931. 569c99524164a9525b2180f21451f80d90e91098965dcae3db1e854a5c4b8f23
  932. 092fc30364d1bc30ba813c65589b8974581b1f13fca93a44c979b67f3ef2dcf8
  933. e44af298e1fb69027db9f6ffcf9b20791065a1debb1809596ab7f9ebca2166b4
  934. 1a9e9a743e6cefb2d374a535fc46324207185bfd7825b4b48a941f2652517d7c
  935. 720321e902e4cab3268d63dbae83f164286a7d12aa73e6648278fa6b3bfcf644
  936. 4313abf129ec8df85b4405839b7d38bcad07414890ce78da5dbf5f56aa496a59
  937. b386e29b91a22090f09e821c0aeb8b171d2b693116d8d95f4a4596788bb59f45
  938. 70044d8dc58309606a693e0f5f9dcb7586075da46da06a69def13a995a37489e
  939. 5cea0075a5a75595d2b75b84f651fbe3c69241c40845e85452037a03a90c5359
  940. 3c3b87897819b700ec830e317fdb2d79448f4d7af9c7b7f831aa554a1989cabe
  941. 1bd75b896c0b24b407b13405a901c84eacb952dafa5565c4617777d436417d68
  942. 388ca94d387497a4ccc6c2d6df665fe3ccc0e6e57bbef45d64ef654fb2c11a18
  943. 6d68a290585c0c8c14872708dc770c050331039ca3e18aba84e769e032171277
  944. 4690378f78e894b2f9669c0b86cdc1528e663d77a8987938b70357cd962b3a36
  945. 0342e996472cd13ec651c008a23bfaf4728784cf17c726f17d92f6db4f7beb67
  946. afb618b3e57391c0a07ca2a2e8c9080fcdcf2331f4790cb47c3352abab9e8025
  947.  
  948. https://thanhphotrithuc.com/wp-admin/3bL/
  949. https://www.gcwhoopee.com/cgi-bin/t28/
  950. https://thinknik.ca/wp-includes/FY3B/
  951. https://tinydownload.net/wp-admin/1r41/
  952. http://tr.capers.co/xjoma8v/jb/
  953.  
  954. Creation Time   2019-03-14 14:23:00 (DOC Based - ENG - 365 Blue Box)
  955. SHA256:
  956. 87d748238573658dc6e3fbebafafa3e22006d4f73e6ed60197b70f94d7d662ac
  957. f9380a52275a0b8661bfbdb17992ae6e15d8053f3ee937f2bdaccaa9aa0987e8
  958. 742d2d3cd5908d4c5e7730e43181b793512c36df2dcd1e9083e1cc834a885bb3
  959. 2c7e6bcd1ca2520a87053ccd01b210a850e6846eba5cf291a53723b75e3e3cf5
  960. dca4d945c877cb761af0260da5444b51786fdfdb0eb4f3fb749ece6ba86bcd80
  961. fec99d5048f8de769828b7bd914c1f3e0598dff06a102ee328798dbd58e22466
  962. f536195233656e0eb03b82aa5ebf58dd17af4aad1aed47d149837a26b93eefca
  963. be50454383891b6b4c8c99bd70bbfcbc9595b2e56ae77d0619a4437dfc4c4ce6
  964. 168399973502212b1938656d770f7c8197c3cc6cd45ec9198495a1ccca08c90c
  965. 851560c9049919208b320f946eba01ed7133b402ac40824d8039094a45f73719
  966. 90b389ea0ad281d78c57b8002497b12c3665f4ecf533785b679a75583bb729ca
  967. 6463b40e63fdb8fe75bed1c9c568c990dd6c52c1a772b81a02c9f4c827bf3b2a
  968. 7d3089cb9930a9d0c0fdb7d4e5909ee4a9b470476cc9b99e57bb1eefba7cf7b7
  969. 3a5cb31558f8cfa9e3d0bc7517b7df7886963cbe63757d308507464855948252
  970. 3eb82a4222e85a3bf961d094c19520e14f28142b9b58cc0ad165aaa219c788b8
  971. e2db4bb6197ceb3f7f526b90f798ab50ae9da76d3bb73613d099762a4d9114fd
  972. 456159e926a54ef47b04b71e38c1ce18f61497e88eb7d9543b7274cda809018c
  973. b4230f9bf711e4e1e28421129ab0b7933dcc2b9c99d6026e2b74a16d782e6078
  974. 2e265dcff1e52fdc87ef63d5fb75575f8521388a4801b770a502dafb4619b229
  975. 8b3c8e2a58bfb217575976153da622a16080b631a764aa9c6c0c8d49b4a20f7e
  976. 7f601495b0e3cbca55b2019a759af31ae1628ef4cb9706b73322e6640c861e0a
  977. d255e5211b7cae6180d9afec9663c09d4202e217fd2817ce9a63e8ec4467aa53
  978. 154153974d0ecf3c75cc6469f6fd4345cc2e652a7c01901e5ba00f299fc64d17
  979. 771e28c10f99edfc9b521781812ba97f23cbb55da672049ee7f3cdeaeb039e07
  980. 04ca9621f75adf50a9f0bce9ae46d4bc7d800c7cc92b823f73cbb43855ad2da1
  981. c6cd11d5d0a76acd4657ddc00fca031bc39df67350baeaf8e3714a982cdedec6
  982. b8daa50621bbf387c2cab8d2788eea874f3e178d75bc3978b3bb817aedb6ecb3
  983. 6a372b1b2ed89c0a7b5e71a77f23cf0d8ae9b8f315d7b9ad19f3f655ee295806
  984. 5f5a00ed2f6f8e405a0800e7d34ac7fec27a2019e2385ae4dc25d9e59f36840d
  985. e34c2e3d493cf67c31fd7adfff5041b773f3a45b959245e62d922e93c1750573
  986.  
  987. https://vesperia.id/wp-content/TO/
  988. http://turningspeech.com/rm44r5z/usg/
  989. http://zarabianiegeorge.cba.pl/images/JN/
  990. http://strugglingcreative.com/wp-content/M0K/
  991. http://rossairey.com/images/hf/
  992.  
  993. Creation Time   2019-03-14 12:45:00 (DOC Based - ENG - 365 Blue Box)
  994. SHA256:
  995. 4f1e3178082a06256c13dac380d5c33f005296df47a37ad92188added8500589
  996. b0a1885a6c9c9acdcedb5a167dd6ea48a160e9b0a61a49a8d71070f76a5dcad3
  997. 52dd153ad00295d51556ebc3221df7d3df1c9d7b9f34f8ee75c50caaee790c0d
  998. 7cf568a80f9e6e47a18e36d724ef05e22799ff9458d5b6660b428b2d49553e53
  999. 6bc32963aba0c8a057037e33b878d806aaf0d36e768f33407c74a5094d28df26
  1000. a09af7559ece9e43da3988f4d5622c1683f655d5cb3048895d30cd93038a6814
  1001.  
  1002. http://www.wujingwei.com/yis24.com/NH0/
  1003. http://g6connecti.com.br/wp-admin/PWh/
  1004. https://wdss.top/qvjrgdk/zoCT/
  1005. https://nikisae99.com/wp-content/1KB/
  1006. http://visa.org.ua/wp-content/Z9vF/
  1007.  
  1008. Creation Time   2019-03-14 09:03:00 (DOC Based - ENG - 365 Blue Box)
  1009. SHA256:
  1010. 36eb851688c4d08e8e913010a08ae48647d9f414f66e52227dbb1aeedf5420ed
  1011. 7ac8aca9b6b8a0eb21ce982f78784a39c29552663e278570951b0aa52dc491f9
  1012. 3d6f9d448cf807a6ead21e2ecc9eb419d99222af0fc1c5a4d051857cdf34f189
  1013. cad4e4277dd8b18e158d11a07af396c57c831fbd3bd6dcab61389e1bb602d21a
  1014. 4a8b46e4acf204a5c90e278f8cb6cf7c751c0de754991e64182f7788c081d85e
  1015. 60ec20a865756d7e13704dc6396fdd487db39763ee8dcdf977f877c8221373a4
  1016. 8f1931f7bd6758af6a41b0e553ce691acd035b57f59579f5f38ad4ec55b649d6
  1017. 7061428f52d85d4795cca7d35c8994577c861abe1770012fb5cbfa7a2367f698
  1018. a84f577a6a828fa6e52967597d0e9c724d84c368a82f0735b327a6299396da54
  1019. 55e71b4c09811fe80c49e2ef13f2bbc994ee2a664b19baf0e10b4e05cda923b1
  1020. 470f6512e929539ded3d53ca7e2391b194aad516b18afa4dd97ce1dc3f6b344d
  1021. f7435edefb20ef0ff2f05f5202b2429bf56a72409b19f316af5dcc844ae5e0b4
  1022. bf53b0ad2903506ec0b895ea6370af33e2953413cc9eeac79322438f79d24b81
  1023. 81e394ee6932b58a71c825dff60f4f051d211fe7b215777a6217a139de62be04
  1024. 71cfcc18effcb5455aed5ad4938de2a2b237c5ad186721bde6a88cf89c09f314
  1025. 2e358c3b5c303b1e4202d84d134698aab2d3d51fe6201b8dc183da58a089819b
  1026. 863a4fb4d5684efbddaf88be7f43ab72a8bcf58bf868ae4740139b45bfeec6e8
  1027. 8b2764644abac68e3c065483f9a20f161109b41580f8a89f1a7f0d99356b7ded
  1028. f44eba5083630aaf1b74be5801c80b25617e17b16f91c6d1e0b61918a80cb24e
  1029. afc41141baff743549981a8d26c2de01843e31f0bfda03fdafc7e4514012fa88
  1030.  
  1031. https://smesmedia.com/wp-includes/dk/
  1032. https://tribuana-aerospace.com/wp/q2MP/
  1033. https://pasioncontinental.com/wp/mGP/
  1034. http://shefdomi.com/ihrbuild.com/niL/
  1035. http://georgekiser.com/test/Rt/
  1036.  
  1037. Creation Time   2019-03-13 20:41:00 (DOC Based - ENG - 365 Blue Box)
  1038. SHA256:
  1039. 3c6f64a5be116d88b759fc3a625da4265353f3a23de5d03faacad67fb58dd4af
  1040. f796de28c88f033d69534752ff49bca27ebd200bee01b952935949ac35f281a5
  1041. d4289aa9de0d2c6c43c6e6974a683d035a3028d9bc92721523a1812124489640
  1042. a0e00bec8ffa0cf7764b060320b11b6d8695f31202160021412b19f1817a5604
  1043. 15d409d467034ad2e178a3be9a5cb52145a1bba20e9e9fa6fa1bdfc91179af78
  1044. 8c77b90bcec1ccfdca3f73dcc1835ec0b99a6bc07abdd01a89ad8d8274e92db1
  1045. debf1ecc7c45e8bac881e02196120c8959248527587a5c3b7b88b3fde7fd1288
  1046. 690e114212075dcffa45e897f29e5bbd8228e50e7c5ed18733cea303953bf5bd
  1047. d0f8398e793c3f58f92bdfed9d6e35e7efcddb390e12d27da290ae7337baaf73
  1048. 2dd867e283fc4339fb8e50e5533a33c54d74a5c7a751f3658d7562776d2d4aba
  1049. 1682386b9177d40fc22fd1e61811028efea833647e20bd42aac2f5e35447f5d2
  1050. 7aaae27a6312a6d03986087014cebe564c8c4f8cedf4b03732ad286b66985cf1
  1051. 7be5fae00a742991167b5c94e8c70fce4386dd1b9edd3809b3b6d6371033ec71
  1052. eb3c38dda1056ed44c025d2fe6dfec474763ec1a3c29b53baddf197ccd00d04c
  1053. 833985e81022a7cc0ea35d711858fe9b13b177447b6af63797582ec791157534
  1054. bb9bfb39636c3697663138308ab99ee659921cbc6b6e87967de380ceb72918ab
  1055. 5d9db9fca3f1fa3121d7abdd1d31c6b6d89dbef899d4fdc8c62dd111b23d7f30
  1056. 1834e3a7f71294a8d9ed80ecb42f3d267a7e90eda5c3c3ff4114724318dbfe26
  1057. 1834e3a7f71294a8d9ed80ecb42f3d267a7e90eda5c3c3ff4114724318dbfe26
  1058. 76821dd9e856cdfba038c71c3cf644f08faaf39727a5a72ae11a062433f9409b
  1059. 56df2da33e0c69a1e3be5d5e307f1ddbded66836a43b14eb59181ec0629ba7c5
  1060. 2ee4992b3d273f10d16c3addeff7f5ff6d7f498f542be2522777680d2eeb0e38
  1061. 08550f8cbf40ac692bcc8dc2a92115c24ca1dab8087eff0576e94ac3e2981eaf
  1062. 55459e00951738dff222dba5e71e29b2829af68b1419bcfb472279754de86511
  1063. daca06f67f177b0e7b659f8c3d954b1ab06f563f2cbda3e1cdababf5e02b796a
  1064. 4098d536c359dc63d3120c2e1f64870240860e90893ed61c7c560cb4a91eb734
  1065. ad0b0ec3287da293ee568e1ceea2e5650da8f9bf26126b0ab62ca6a9f04011fd
  1066. 4980463e2b50f6fd5cfa08c9ff743e5f6878bea3a753f8b992818723baea9642
  1067. 0366801927431f9bacb7f9fe7fb45c3060f20640f750b1c930bb6141be205990
  1068. 70df1c010f3a153732b9d35608df974b997f0d0ade26a4c0ac10b901507bced2
  1069. 0e0f87407e98baf9c5a00a2ef33319ded224cb30c352208cc00972a3931412ec
  1070. dc724e42ec75a11bb8303c163323cc54689a0d99950b5a912c7586d1255ae591
  1071. 653d04b96f376ee2a1196bd42f741ce2cffb3fb82267a1b84ce8f94a8bf48fb2
  1072. 5b336ddbad66d4990622940f95c0468875680ed223eb91da64b8f06787f62880
  1073. 68dce955a6bc3d64ef8e4ec0c45fb667a41d01278b4b7f777b3a82f1065c407e
  1074. 08aa80a6582dd6738d7afba27bb39ef88b0168d1a7ce656ec02863ca5f9d3474
  1075. bb98d6883a5d7169513f3b6016fe927ec6a44d1a5c0b661112175e66e554e719
  1076. c8ccd9bccc525a4ee561fcb42daca80c8c4b116579e4bde8197777d416b7e8bb
  1077. 1228b439b723a9009e82cce1f7b50d99fc24e09a271d5afca9a758ac9fa4f7f8
  1078. 84fe6397446dd37de37f0bbc598764d696cc11215bb0b99e3b01b1f514dc23c2
  1079. e8e0725c73c862428d35807060c04fc4100c753f6bedccbee71bf43953e6c90e
  1080. 07195b1c470d44d02650b4eddca96698fc79cc91a50f5794cba66ebeb72ffaa8
  1081. b05b6104f9cf5885cd0e95d71086b75aa958c95ce56d62f49bc4b9820374acaa
  1082. 7b6110adbe805d0d96997256f6f302079a2619542b8fb7e16a35c3f263dd2a98
  1083.  
  1084. https://www.theblackcadstudio.com/wp-includes/3T/
  1085. https://whyepicshop.com/wp-admin/1YD/
  1086. https://www.wl-interiors.co.uk/wp-admin/occ/
  1087. http://aliyev.org/ldfkbse54k/oX6/
  1088. https://interia.co/wp-includes/a4d/
  1089.  
  1090. ```
  1091. #### SHA256s for Epoch 2 Payload EXEs seen on 03/14/19 ####
  1092. ```
  1093.  
  1094. 26b8ca51745aa8ec71181af4279a7464b44366140cd28e116cfddc8bfffc6e93
  1095. 4c2344880e0b48de7c328973b70b98defb7348983207fb227d2a7b3626c734b8
  1096. 74d055b9e5c3bc88596a4cbca37402a93cb900c046c82464c6abe8aeb75dc2d5
  1097. f7af8930bc835bb12412be7948f257fc247a939cb5a436f19530c6e0e416b2fb
  1098. 88f54013db739b6e601821986a5c6cb2f0b4c36eec7259642f50a55b966fe646
  1099. 5d512a8cf32ca4e011ce6af313d9be115aeb20fc4e80d48195f2216db9c03577
  1100. 91feded3f71e9e6d929481579da8f2268717351728e1efe10b7d0e657249dee4
  1101. 1d13e85e7ccc79e0101b115cc5f1e1444428c0a99df06427e69b846282c106eb
  1102. 745b3f844eeafe9a67162dc78f4d6320c233427941eb17b4e42956c285ea2e2e
  1103. 2884899ca06a447b6998f9bbf1798e768376f8c8816fe1aaeb9a3d435c6a46b0
  1104. 2f887dd7e01e16269442428f5d6d0941b32c8c4d1cc58338a0c575b03ce162e7
  1105. f5a4db3915899085c0b167214b4db2155db1a7a7829b95865dbfc8f62acaeb19
  1106. 0db26ce8427840ee2f48baeeaf73e119ba471c398194ab4c7dafd80d1af8b4f0
  1107. fc797d1a2418425467e658a6cc509b90e209e522a159cf06c0a1d746c70c0077
  1108. d10f0495573867205bc8fcf2913a4cd47c4c92ca0381949978aedd8a91e7fc36
  1109. 69dc68fb562627d250e78a5b3e8b811512458b4f3d41eb17a91ab6abb85c52f5
  1110. 493544cf6ef9cb84853b8b69d8c45e0e3fe74695fd71b6468f4ddd74b4b69395
  1111. faef6d174c3583a087746ce14c2c79a45110120d8042be9f3edc321dd6928ded
  1112. 1e44c1acda69523aabdb75b22c3c67a138f5343366c6241062e3ee5a44d9c158
  1113. f148d054d661d9925fc621ff60604e455eb8ea1ec6efdf5e6071cf8e3de25d91
  1114. 359a236e7aacf6c4ef2ee11cf625b6f3cae148b31f6bc7b53c88ecdd13680483
  1115. 7e3195e46ef36afa15f08e6263734ee06fd335f3caf824a81564e3ba4747f8db
  1116. 3ee6ed04bb5f7e3e3c913575306429525a0f654335d747688ccd7139e740efd6
  1117. cc2738184543217e41e8bb9031ce07d6a634cfe675c8813b78cf350b19f5f2e7
  1118. 54f84264971e19560ac5c98e6898295042465b2c854945d86b7bb0fdcc7573ab
  1119. 4baa06b4c3c75c623431989780a6d6d6023a2d0b1c20799f934d902e2e8be6d8
  1120. e67ba63a5cf54f33a6e8893eab2277b23538a5b33c6924e414a0d8eba3396fb5
  1121. 5ce9200f1385999b8193f7993c9a4418b34dad851bf20b47bec649d13096cca2
  1122. 263b15bf420a570e75f76439df22b591fd8e16914fe671371d7b98cd667781df
  1123. bd236d5179242c359dda63d838e47a917ab5cde2da9a48f3aa96f761adf601f5
  1124. 680b60af276d8d35a0452e14a760ab26c6add9bcb58fe2bb026ab94e8ddae198
  1125. 11d14e11570ebaa756b4083a58a336e0489eec1703012534096131836b4e0519
  1126. 50efa3e7ffdb398e3af40b581b46a6190abeef3eca61ccc9c7df7bdef626b7aa
  1127. c6311de17cc62a48b391fb0638cd411b0b328139693c2c3437e17fffdb13bbef
  1128. 3334aff96db45f698b00be54cc7d07ee37ad9ed21b35c0c4727b92003cd6e70d
  1129. 3d0e256fa1027c0eef53f345609be37cec1c9745c432b2ddee47972773e68dd0
  1130. b38f37482a4f7e2eafb35df299cc79f2261e2cb29ce94c726db2ed873aec5755
  1131. c1d4159650bffcf5210309ef9b9cb6188da372fae46cc1a447ae3b6a4de7bf13
  1132. 2bf2b5ea4ea8c6e9f611d614c26dfbca28548ddaf6b4a196c07c844a17c944e6
  1133. 40c2e1cc9a29685d572a869dd62338ce872cfeb4980d2e7ae246d9e0d9b6e4ee
  1134. 790080870ee232ecb556e58ff19e2277b5e8e0275541e62079544111d76b9d79
  1135. 4eee4aa4630ae75793f4b6cb3f06d0045288ed7468d2925970bd687c61650cc7
  1136. 0a15a00a5b5fa7f0e832def0744516d917b48cd14778eea896c2a1f06d2b9621
  1137. bca0259a18b10afb354889d25e272272573750e191fb070362092b83093789dd
  1138. 441373b506a70c44fb9b962fae196dd6f7bd25ae8365474b99dabd5c5b8a6318
  1139. 4d7ef094f29a1b276d3be868913f36e3a60135c5ae76c535881d35532bcc3778
  1140. 7296dc6bb3bf63a81bee616166ecfaa9a044ef41bf6fb4d277261ce4626a4d92
  1141. 1c0c875fe89d9498bbb0f5017fa29cbbdeb0862ea5b459aa84e96e5cd04a4fdd
  1142. 310e824d0fc7b1fbdcb5c6d7c73ecf27e76c81207ba6c890213fe4a31add73b4
  1143. 8c114f46da5378542d0eb92434465cf9bf50801370c27ce3beaf0099f2cbf4e1
  1144. 09ee74e794f6bc25f4fc612cc25f83c396f7bdc93dad8b713296b6c444118a90
  1145. b9277328e9263c6b5203d4e4ed88470ff694919af1bf2ae18d786e7bc34db161
  1146. 582c7b4880dee7268dcfb1171e84bd63dac1eab41a4553b8be09d01103202a61
  1147. c5df0bb3c0ea5d0d9b5d71f7e94b84af8778e694c7786a338089c80819c49b1b
  1148. e4dff58dfc88abe7fac1250fe36bb51c00bf2676e41c4a5b294e2da3c50f6998
  1149. c2462b89d0ac5b0dd4a741dcc69493b1001d0e674fd1928e69020806a9700034
  1150. 54b72327070ac5b2034cb14629a5dce4138763086872a637a1186226e5f5bdcf
  1151. 5ccff6a776df70f3db4e0eda7b5bc05f9602dee9d836b279752f1fbce2964670
  1152. d0ccf47dfc364a1ecc44887568d71dc0f309b96b253158e1929eff7b56056456
  1153. 2a2471851e1127875a92bb66f65dd00c41571662fc7250e6a74c66c8296fa643
  1154. c717b0aa3df38736937ceb44765fb880c86c4c10bcc43339f9f6449c120c0a56
  1155. 940afa85e5da60701019a8d71f4d85b5338548bbef6a6db2b6c16ad0f8651f7c
  1156. 70a12d0d7bb00f878556915a7fc266698f5cc87d3625ac19682f018aabd8050c
  1157. 9056d3e465fcc6f14163e1a5d90e61fbd5255b4af69dff290ef8142783a30bac
  1158. 5afea574d14ca4e811230d27e70e570f70d2aa392ab88593eb389fe2e6981647
  1159. 1dade85a30542adb07e686182ef50a654a4961ea4645bdf5086397fee655a5e7
  1160. 002126fbba172e396555d57d34903ac572c12c70a9f55c09cd85334306d91fb2
  1161. c15be020a73c9a655c49fdde613a8056729a7afbf13fde1d509d2b15ab9ca954
  1162. 10ea8ad5be30351e201a85fc408e0446a559f00e0d356c34550f0cc189341e1b
  1163. eb5e02c68aa470f22900fe1051907a3674f6da6e9be7ebb9792f924056dd8386
  1164. 952548526257c23e4092480170fb70e9158e6be85e3e8bb6f2cedcef14757f02
  1165. 20397e555a216e08f40c2b5f5ea074fca77d61a0ab2807115ce5701d6d436ae3
  1166. bf301895350bac4b2e0ef38955637782b49d77e1eb12e06f6e3f4d781512f313
  1167. 8bae23db6c65d5491f378080582bbc9f92231f13e4d390cf6bb545740bbbe205
  1168. 0daa1c2e8bf230ff66869bcc1f6a781a7809ea5e6ab8bcf736a3fb84cd64336e
  1169. 80c9feace63d279100ce511b343f0f5903f772610fdd04debd855011cbdfbef0
  1170. 41a4b259b7eea97003af926184d91ae5bb243157c91758bd8240adad6fc5043f
  1171. 8c06893c91ffd97b69d7f2fda1ad3e53eee0c9e4f71d2013f28c2fd9481e1bac
  1172. a2269ea055a7ea6dfc5065b6f69854b9702d94d97af43f8c2c50342f9cf62195
  1173. 89de28661560a1886ca0a2073ea40dc29ab0e5f5a39bf01d33a239ebbf3dd5ac
  1174. d216233e221ea4feca1e63efa0f6aee086644dd1cbb720e4a4e2638a3b325472
  1175. bf96688fdfe86355343cd8cf0fdab6e6563d23ad3bde584c4437e48d3c12434c
  1176. 7db3dab503f55572b8b336076d7a17a57cdd27f7efce578f2e334161679cd9f0
  1177. 0fa5840ef17ce9b9ce5aa1c19c6be1acbf7b8eae99598f842903d281583936d3
  1178. a6440113028bcf03e1b3157bb94e46a0d91621ac802e39f12230dab0e5ef2297
  1179. 6ae942fadb3492cde97ef4f9dbf08ab6faee6602de4f0fe1771413691717ed6d
  1180. 78493aa7c5e4723ebeb6bc77804d23ccc5ea1d5129f39a03170f9e4ad6f703c2
  1181. cf0e66b4c6344c94f0170839ba7ac22e48df06b1251bd1085acbc9fde6514d82
  1182. dd548ecec987eb64c9bd20f31f7af016f080a8a4ce209549ac2780a35d973908
  1183. 7f48cbc0a3e02e6b3e02add99b9f5c18015441da29aa8dc16b51f6d6cdceaf76
  1184. 5a937b9ac2acbab25dce44068e1576a8803f86e04a65d28c9dbe9849479901c4
  1185. 2ab99f8fd69ddc469a3b7d473fcc7459f5205a1db88f04683f1a9a7766a953bf
  1186. 0d29f7f4fa52853bd5059a9c421c84a0638e0548086c60d90a07db9ec78fa52b
  1187. 6bdc24e113ebb4ee8d670236df07c677dc1e5fea9cfe53aae19af5050e40b578
  1188. 2118e3813ccca10e5efa4b3615ee31227f94637f68fb044959f00f0b0e6efc01
  1189. 3e20886f4b3ab4e650f32aa2efdb3e8a6cb59945a3936de36d36e2eb8536ab64
  1190. 2a557afe0f6fcc1737658ce8bfeb96eee9420c3d6be1d0468823ce63db742e51
  1191. ce4ad0d11e8b6a900fcdf57d4d107fcac521680de4a2a52e244195deda671e18
  1192. e06ff8ceec3345ce209e89224d5f9f005ef81c5f3354ff57307154e0acc836de
  1193. a8fece97c6ad2c890bd9a3451f66f9bbb609836c599d074b88cc44357db868f3
  1194. c324d916167e5baa999d8b9201794ad447267884a658d76a3df54886e8debcce
  1195. 48e674eccdcd51c22754aa39fac7d8e7d4e9000ecbf996e8f243b591954b6ecc
  1196. 012e1d36884b190c7a313cec027114189c5315ca869c5b87e32f20a2552ce572
  1197. 70e651b3b3d1ce0d07068dc10b5cbe28ff2c8126c1b7d23dc5483e43e0bd9280
  1198. e09e8e7bc571dcbef05dce441a7d0fb0fad125d7086a80221b49f676c44fb0fa
  1199. 8aa9fa4f535f93212aeef8d6eb30a986dfd995e2748cf23fa6a6b3a124dc320d
  1200. da84624703ab3bbb68de1e4728a06c9205175fbac7480db45d0cce02f0b33358
  1201. 1f4fe003474a934dfb368d4d55e03e7132bce6e6e40c9413fcd922810139b6ac
  1202. 01d7771d458ee4a476486ad9093a613e2a547386b5e43ed6e3651324ee85a103
  1203. ef1301bf0b5abd7dbd6e6d7fb9f8069c570e5262958ab9a49408c30a035442e7
  1204. 774ed85e5246fb8bff22624e7be039edf96198541a5248c49a7cec6a77eed801
  1205. 3a77906f89902af7c639ee060ead1dc4a8e0f6659cc4d96d17fe3a13ac91ea18
  1206. 8d1aee8268ab3ec21099ce579b9d390dd7432567de8586af9c519fde025a7bbe
  1207. 69b7a3ba8bab4bb4d6acc92ea64e24d9e6978ef48b8fc25827be828718546eca
  1208. cf516dc0892e8ac2b2d03524c9c358cc8b1256ef3454ce5df260311414741a4c
  1209. 732c5676581ea47ff9257da4ffec222b48468c7d47ebf94014e879da11299c58
  1210. 3e9656446cf6bfb91bc55a8e9900430f7734b9b88e485e193bcc9693dd9d00e3
  1211. 26a5d1b481460ec29e5ec54836a6288300b9eb89a166af25a4a3f907841044b3
  1212. 7d13a5490d47ec13ffaad274e809ab9c44771b1d6991931fe45dfabb4f2cf841
  1213. 6a093d0323480ff40d5dc33fb63eace538dad05ab4f4464a3402ae20b4b27425
  1214. d4f18a004435158f6ec253ffb05c3fdafe8c52558b14e24eec40c8388d3a7aed
  1215. d8009c2f99a61687205ce28dbf366f5cbbd7efaf8b90be6d0cdf80101083e54a
  1216. 0f61068d8970c6745256f3dfb0512acbf7cd9920238ee0d764e5c3d5e750a8aa
  1217. 3f36805b076728b1f799b0e2714cf0f839a6d50a3a8b83720dc9abbb834ebe66
  1218. c48815718db25607d95341a3890e2cdc3f1fa07f16c010447119e5586cb9da31
  1219. 88772728d739e01cb70234550ee5bda32bd99de57b248ccb58aa680078281ee6
  1220. 1c0a72cb35d59687ccbe1eb987538fdb54300fd9268f2b2731e7fb7b19feb63e
  1221. 956a64b3fca925c4ee31079cfc7f9481c11acbdf1412772fefb7108841f8810c
  1222. 185942fc55aa9fa99b553426a324e36a57e32a3dc530ad8523961654b01ef7c1
  1223. c5a49f565424f532192e9b3b007c05fa7f5e1201e81ad46a792261e8464380c6
  1224. 2943ab69ba6a140f3b38360601cdfbe8b6577316743801b50437a5e378b8014d
  1225. 6cb1a0a1bfe3544de8602c0bf14a34ad051b643bdc5559e61fe28ac4e2ba6f6f
  1226. ae1a1ca14cd74bff461fffe8cf17a5371df8937cd8b13bdcb7ece1c61913421c
  1227. f251d5b1372d7cdf52a0cdbe4e0723e11055e1843c574ffa2f5ac490c7f29346
  1228. 13b31a115a0fb2f4048483b20e1aee4376d9d64371375913dcc165ec80069ae0
  1229. daf9bcfa069de7e37ba322c119ea54f44ac33f25f5d1d418cbb70a93f1b81190
  1230. c00a323a3afe63541b8d51d2c93e019c3b03a37625e06b7e849dcd4768a8f2e0
  1231. bd0131e7be8f79a014a2b4e12557884465e4c57d6939c3279acc02a43cfc44e5
  1232. d6c7339167655af988425a72a41b8a64d3b864c71610fc46cf5248b4fd7b6e6a
  1233. 640d43358c816f9fb3f18b588dbe0c89625f84f3688ec34fb6085649e8c42326
  1234. 0f289160ecad13546756c2ca6978bef686e1512494c795a666897b1165ff3c84
  1235. 51ba6dc5b7b6e43befa8af3632855d5b046cd491874eec72ad0a28f390be6034
  1236. c1843642f8de1bc5e17528c1772ffb499c4ca687e8d8cb3a96b13186855f2f4a
  1237. 3d8dcc6b63bb354977b86cdd7e7063696eb19f5ed4754766433042d543a30952
  1238. bb8b1b0bfe1a7e490a68e6a5efaae5d4d599ced3df6686de3b4bfe8d5671c0c9
  1239. 43b914ad6ca5c855edb4960a200dd2d36e20e03d65c412bc8ab91ddc12d4cccd
  1240. 0ed0bfbf99797e16ac9a608062338167313a27254118a5e187e20eb6ce5c9a7b
  1241. 820539873f692489c469835ca41bff712ffa69799940f60c30e62550687f2858
  1242.  
  1243. ```
  1244. #### Epoch 1 C2s ####
  1245. ```
  1246.  
  1247. 109.104.79.48:8080
  1248. 109.73.52.242:8080
  1249. 138.68.139.199:443
  1250. 139.59.19.157:80
  1251. 144.76.117.247:8080
  1252. 152.171.65.137:8090
  1253. 159.65.76.245:443
  1254. 165.227.213.173:8080
  1255. 173.248.147.186:80
  1256. 173.94.53.3:8080
  1257. 178.78.64.80:8443
  1258. 181.16.4.180:80
  1259. 181.228.211.100:443
  1260. 181.29.214.233:8080
  1261. 181.40.122.122:8080
  1262. 181.56.165.97:53
  1263. 181.61.221.146:80
  1264. 185.86.148.222:8080
  1265. 186.137.133.132:8080
  1266. 186.138.205.189:80
  1267. 186.3.188.74:80
  1268. 187.207.188.248:443
  1269. 189.208.239.98:443
  1270. 190.117.206.153:443
  1271. 190.146.214.85:80
  1272. 190.146.86.180:443
  1273. 190.15.198.47:80
  1274. 190.210.3.93:443
  1275. 192.155.90.90:7080
  1276. 192.163.199.254:8080
  1277. 208.180.246.147:80
  1278. 209.159.244.240:443
  1279. 210.2.86.72:8080
  1280. 213.107.110.253:143
  1281. 219.94.254.93:8080
  1282. 23.254.203.51:8080
  1283. 5.9.128.163:8080
  1284. 50.246.45.249:7080
  1285. 51.255.50.164:8080
  1286. 66.209.69.165:443
  1287. 69.163.33.82:8080
  1288. 70.184.97.144:8443
  1289. 70.28.22.105:8090
  1290. 70.28.3.120:7080
  1291. 71.11.157.249:80
  1292. 72.47.248.48:8080
  1293. 82.78.228.57:443
  1294. 89.211.193.18:80
  1295. 91.205.215.57:7080
  1296. 92.48.118.27:8080
  1297.  
  1298. ```
  1299. #### Spam/Stealer C2s ####
  1300. ```
  1301.  
  1302. 104.236.185.25:8080
  1303. 181.168.129.146:80
  1304. 189.159.195.202:995
  1305. 190.147.23.76:80
  1306. 47.180.177.96:80
  1307. 50.116.63.9:7080
  1308. 70.44.163.160:443
  1309. 73.14.76.77:20
  1310. 81.168.92.58:443
  1311.  
  1312. ```
  1313. #### Current Epoch 1 RSA Public Key ####
  1314. ```
  1315.  
  1316. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
  1317.  
  1318. ```
  1319. #### Epoch 2 C2s ####
  1320. ```
  1321.  
  1322. 108.188.116.179:80
  1323. 133.242.156.30:7080
  1324. 138.201.140.110:8080
  1325. 147.135.210.39:8080
  1326. 167.114.210.191:8080
  1327. 173.255.196.209:8080
  1328. 173.255.250.241:443
  1329. 178.62.37.188:443
  1330. 181.57.193.10:80
  1331. 185.94.252.3:443
  1332. 186.113.255.229:22
  1333. 186.4.234.27:443
  1334. 187.142.0.234:22
  1335. 187.189.195.208:8443
  1336. 187.209.46.240:21
  1337. 187.233.152.78:443
  1338. 190.97.219.241:80
  1339. 200.113.185.229:8080
  1340. 200.50.185.54:80
  1341. 201.220.152.101:80
  1342. 201.239.154.191:443
  1343. 203.143.86.111:8080
  1344. 208.78.100.202:8080
  1345. 213.191.168.93:80
  1346. 217.13.106.160:7080
  1347. 24.243.101.134:80
  1348. 41.220.119.246:80
  1349. 45.123.3.54:443
  1350. 45.33.49.124:443
  1351. 45.36.20.17:8443
  1352. 5.230.147.179:8080
  1353. 50.31.0.160:8080
  1354. 50.80.248.108:443
  1355. 58.171.215.214:8080
  1356. 59.103.164.174:80
  1357. 62.151.17.5:8090
  1358. 62.75.187.192:8080
  1359. 64.13.225.150:8080
  1360. 64.46.91.165:80
  1361. 64.9.43.60:8080
  1362. 67.205.149.117:443
  1363. 67.209.208.130:8443
  1364. 67.248.56.82:22
  1365. 69.198.17.7:8080
  1366. 70.57.82.196:80
  1367. 76.168.149.66:8080
  1368. 78.188.105.159:21
  1369. 80.115.91.222:443
  1370. 83.222.124.62:8080
  1371. 85.104.59.244:20
  1372. 86.239.117.57:8090
  1373. 87.106.139.101:8080
  1374. 87.106.210.123:80
  1375. 94.76.200.114:8080
  1376.  
  1377. ```
  1378. #### Epoch 2 - Spam/Stealer C2s ####
  1379. ```
  1380.  
  1381. 183.82.123.254:80
  1382. 198.58.114.91:4143
  1383. 213.136.86.219:7080
  1384. 37.209.252.79:80
  1385. 64.228.72.40:8090
  1386. 67.202.178.142:443
  1387. 78.149.210.211:22
  1388.  
  1389. ```
  1390. #### Current Epoch 2 RSA Public Key ####
  1391. ```
  1392.  
  1393. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
  1394.  
  1395. ```
  1396. #### Credits and Notes Section ####
  1397. ```
  1398. Updated 7/13/18
  1399. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
  1400. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
  1401. https://pastebin.com/u/jroosen
  1402.  
  1403. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
  1404. I am providing them for your benefit in case you want to parse them to be sure.
  1405.  
  1406. ```
  1407. #### What is Epoch 1 and Epoch 2? ####
  1408. ```
  1409.  
  1410. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
  1411.  
  1412. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
  1413. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
  1414. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
  1415. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
  1416. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
  1417. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
  1418. time period.
  1419. Here are some observations I have noted since I have been watching these botnets:
  1420.  
  1421. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
  1422. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
  1423. being delivered in maldocs on Epoch 2 at any one time.
  1424. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
  1425. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
  1426. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
  1427. Monday morning/Sunday night.
  1428. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
  1429. Epoch 2 may have a document hosted on host.tld/B.
  1430. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
  1431. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
  1432. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
  1433. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
  1434. - C2s are never shared between Epochs/Botnets.
  1435. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
  1436. via C2 to stay ahead of AV defs.
  1437. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
  1438. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
  1439. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
  1440. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
  1441. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
  1442. spam template, word template, document type and even payload.
  1443.  
  1444. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
  1445.  
  1446. ```
  1447. #### Community Lists ####
  1448. ```
  1449. https://pastebin.com/S093mxcv - @ps66uk
  1450. https://pastebin.com/7EadunCz - @pollo290987
  1451. https://pastebin.com/NBFVyT31 - @executemalware
  1452. https://otx.alienvault.com/pulse/5c8aba971f158a1966aec5ef/ - @SecSome
  1453.  
  1454. ```
  1455. #### Credits ####
  1456. ```
  1457. (OC from @JRoosen and/or combination work of the following)
  1458.  
  1459. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
  1460. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42,
  1461. @papa_anniekey, @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
  1462.  
  1463. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
  1464. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial
  1465.  
  1466. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
  1467. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
  1468. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman
  1469.  
  1470. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
  1471.  
  1472. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
  1473. helping out with this!
  1474.  
  1475. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
  1476. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch, @urlscanio
  1477. and @Virustotal for providing services/software no charge to this cause!
  1478.  
  1479. ```
  1480. #### Daily Log ####
  1481. ```
  1482.  
  1483. Short on time today so quick notes.
  1484.  
  1485. C2s changed for E1 but stayed at 50 combos in total. - recorded above
  1486. C2s changed for E2 and decreased from 57 combos to 54 total. - recorded above
  1487.  
  1488. Still out of time lately. Will do a better update tomorrow.
  1489.  
  1490. ```
  1491. #### Sandbox 03/14/19 ####
  1492. (all with fakenet and MITM unless spam/secondary infection)
  1493. ```
  1494.  
  1495. Epoch 1 C2 run on 2019-03-15 at 06:45 UTC - https://cape.contextis.com/analysis/48660/
  1496.  
  1497. ```
  1498.  
  1499. ```
  1500.  
  1501. Epoch 2 C2 run on 2019-03-15 at 06:45 UTC - https://cape.contextis.com/analysis/48661/
  1502.  
  1503.  
  1504. ```
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top