Emotet Malware IoCs 2019/03/13

1. ## Emotet Malware Document links/IOCs for 03/13/19 as of 03/14/19 03:00 EDT ##
2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
3.  
4. #### Epoch 1 Document/Downloader links seen for 03/13/19 ####
5. ```
6.  
7. http://104.42.214.105.xip.io/wp-content/sendincsecure/legale/nachpr/de_DE/032019/
8. http://13.127.80.82/ClvW8ZSqo0icX_OiB6Mv8/trust.myacc.send.com/
9. http://140.143.240.91/yfwta7q/sec.accounts.docs.net/
10. http://142.93.56.178/wp-includes/company/RD/Operations/EcsH-wrV6b_nCPVA-uI/
11. http://159.203.169.147/yhpbh7i/sendinc/support/Nachprufung/de_DE/201903/
12. http://167.99.197.172/utou2km/sendincencrypt/service/Nachprufung/de_DE/201903/
13. http://222.106.217.37/wordpress/trust.myacc.resourses.com/
14. http://35.196.203.110/wp-content/sendinc/support/sichern/de_DE/032019/
15. http://35.226.136.239/US_us/verif.myacc.send.net/
16. http://3gksa.com/temp/sec.myacc.docs.net/
17. http://78.207.210.11/@eaDir/secure.myacc.resourses.com/
18. http://accurateadvisors.in/nh3gezc/sendincverif/nachrichten/Nachprufung/de_DE/03-2019/
19. http://affordablephpdeveloper.com/blog/sendincverif/legale/nachpr/DE_de/201903/
20. http://ahiyangrup.com.tr/wp-admin/sendincencrypt/nachrichten/Nachprufung/DE/03-2019/
21. http://alannonce.fr/cgi-bin/h09h-mf54ru-bfqde.view/
22. http://almutanafisoon.com/42mldks/sec.myacc.send.net/
23. http://anandbrothers.co.in/wp-admin/RDEB/61373497/pmMmx-avZy_dhpyF-7vPo/
24. http://anorimoi.com/wp-includes/sec.accs.send.com/
25. http://apollo360group.com/5dcipv1/trust.myaccount.send.com/
26. http://ardali.eu/picture_library/sendincsecure/support/Nachprufung/De/2019-03/
27. http://atelierap.cz/administrace/6vhs-8yr9lt-mdaf.view/
28. http://auliyarahman.com/wmli/Intuit_EN/llc/RDEB/faq/DwhU-48cg_HWKGP-g7k3/
29. http://ayodhyatrade.com/ww4w/verif.myacc.send.net/
30. http://barbieblackmore.com/wp-includes/secure.accounts.resourses.net/
31. http://beflaire.eazy.sk/wp-includes/q8t9-msip7-xwdom.view/
32. http://blog.altinkayalar.net/wp-admin/48sot-l4lei5-sxhvn.view/
33. http://blog.apdev.cc/blogs/trust.accs.send.net/
34. http://blog.esati.net/wp-admin/sendincverif/legale/Frage/De/201903/
35. http://blog.powersoft.net.ec/wp-includes/sendincsecure/service/Frage/DE_de/032019/
36. http://bridgearchitects.com/Library/trust.myacc.docs.biz/
37. http://brunerpreschool.co.uk/blogs/Intuit_US_CA/llc/terms/rzrV-ZmK_MoVec-tRKK/
38. http://cantinhodobaby.com.br/img/Intuit_EN/download/Redebit_operation/xQxo-ssFW_xl-ysx/
39. http://cedrocapital.xvision.co/vckej2kgj/secure.accs.docs.biz/
40. http://chigusa-yukiko.com/blog/e0ud-2s36gp-vcnxq.view/
41. http://chigusa-yukiko.com/blog/trust.accounts.docs.net/
42. http://comrepbuchten.com/prestashop1.7/sendincverif/support/Nachprufung/DE/032019/
43. http://concourse.live/content/sendincsecure/legale/Frage/De_de/2019-03/
44. http://crawsrus.com/css/sendincsec/support/sich/DE/03-2019/
45. http://cyzic.co.kr/widgets/trust.myacc.resourses.com/
46. http://dagda.es/cache/Intuit_US_CA/corporation/Redebit_Transactions/Transactions/DGbK-3W_Zr-VOt/
47. http://decospirit.com/sec.myaccount.docs.biz/
48. http://demopn.com/lab/components/Intuit_Transactions/info/RDEB/terms/UNMrD-Mzdv7_qcGz-ubj/
49. http://dkw-engineering.net/purchase_order_2018/verif.myaccount.resourses.biz/
50. http://efigen.com.co/wp/c6s0-f6xgvv-okhr.view/
51. http://elko.ge/elkt/wp-content/uploads/Intuit_EN/company/Instructions/LRPcB-1Zh_TvOR-pB3c/
52. http://elmatemati.co/wp-includes/US_CA/info/Redebit_Transactions/Instructions/3512692/IsTNB-bcmb_n-2iFQ/
53. http://elzinhaeogarfo.com.br/aguarde/Intuit_US_CA/RD/Redebit_op/50672474/xaDV-Fe1_UxQlU-on7/
54. http://emona.lt/wp-admin/corporation/Notice/FFMPG-ZQj_SKT-SM/
55. http://en.gilanmetal.com/wp-admin/pm97j-lrlee-daeei.view/
56. http://entec.vn/zdiks2j/Redebit_operation/faq/745272118/pxiB-k1_EmAAl-pf9/
57. http://eventpho.com/wp-content/sendinc/legale/nachpr/DE/03-2019/
58. http://fa.ilotousgroup.com/xfietvb/sendincsecure/service/vertrauen/DE/2019-03/
59. http://felixschaffert.ch/font/company/Redebit_operation/Operations/cMOj-21aC_CYv-5dp/
60. http://fidarsi.net/ww4w/US_CA/company/Redebit_operation/Redebit_op/boqhb-92z_udW-mA/
61. http://filfak-online.su/wp-content/uploads/trust.myacc.docs.biz/
62. http://firemode.com.br/1021blindagens/wp-admin/sec.accounts.resourses.biz/
63. http://fmaltd.co.uk/dist/Intuit_EN/faq/42712438/Qinj-10LI3_dr-c8/
64. http://fortgrand.com/wp-content/uploads/Intuit_Transactions/Instructions/uLPNW-WnMA_jsIZ-x3n0/
65. http://frankcahill.com/wp-admin/Intuit/llc/Redebit_Transactions/jadCs-eSSV_UTVcl-h4/
66. http://further.tv/trust.myaccount.docs.biz/Intuit_US_CA/files/Redebit_operation/71119396/NiKXr-1HB_kf-yQ5i/
67. http://fusiongrade.com/wp-content/files/Redebit_operation/Notice/iuwLk-SUHW_FECNc-GFPj/
68. http://g20digital.com.br/SN/Intuit_US_CA/company/Redebit_Transactions/terms/VQnk-MZ_e-GW/
69. http://garo.org.tr/form/cwd7-tm4cs-bwjru.view/
70. http://gavinvestments.com/yoffiwurt/sendincsec/nachrichten/sichern/De/032019/
71. http://geologia.geoss.pt/wp-content/Intuit/Redebit_operation/Operations/BHWP-uUm_gMpVtb-ov/
72. http://getdripfit.com/wp-content/sendincsecure/nachrichten/sich/De_de/03-2019/
73. http://giftscrazy.in/wp-admin/Intuit_Transactions/company/RDEB/Redebit_op/DIBKU-Twzb_wUJ-U2/
74. http://gilhb.com/jhb/US_CA/scan/Redebit_Transactions/terms/4369744647/bYcd-Jo_TcQlm-pMv1/
75. http://gosmi.net/Cart/download/RDEB/Notice/06018413/IWRmK-fz_EYU-gv/
76. http://grownix.com.pk/h00rgmq/US_CA/doc/RD/Notice/MyNye-oP5zY_Pe-4sI/
77. http://gvpmacademy.co.za/css/sec.myaccount.send.net/
78. http://hackdunyasi.tech/cgi-bin/sec.myacc.send.com/
79. http://halalpro.com/kmg5cgf/sendinc/legale/sich/DE_de/201903/
80. http://haru1ban.net/files/Intuit_EN/document/Redebit_operation/faq/ukgve-M9Z_oyL-HSN/
81. http://hdfilmseyretmeli.com/wp-content/sendincencrypt/support/Frage/de_DE/201903/
82. http://healthandfitnesstraining.shop/test/sendinc/nachrichten/sichern/De_de/201903/
83. http://healthwiseonline.com.au/wp-admin/Intuit_US_CA/doc/RDEB/MIJa-L5fyv_pfF-O3c/
84. http://hepsiburadasilivri.com/wmxm8d7/secure.accounts.resourses.net/
85. http://hidaka.com.br/cris/US_CA/llc/Redebit_Transactions/terms/8273954677/woACd-ysP7_vR-Eu/
86. http://hille-company.de/wp-admin/US_CA/doc/Redebit_Transactions/Transactions/237337107/MSlGo-JtHKz_Wp-9R2T/
87. http://himappa.feb.unpad.ac.id/images/trust.accs.docs.com/
88. http://hitme.ga/cgi-bin/secure.myaccount.docs.biz/
89. http://hopex.com.co/cgi-bin/5cq0y-1sea6a-yjibk.view/5cq0y-1sea6a-yjibk.view/
90. http://husainrahim.com/v1/Intuit/document/RDEB/Redebit_op/8014356/faTqH-WVPmv_RYoyUH-W4/
91. http://iappco.ir/royesh1/Intuit/document/Redebit_Transactions/Redebit_op/0841139664/SaFA-lUMIh_jsR-motD/
92. http://industriasrofo.com/Connections/files/RDEB/Notice/5666424/udBCB-EMfF2_C-fo/
93. http://inf.ibiruba.ifrs.edu.br/teampass/sendincverif/support/Nachprufung/De_de/201903/
94. http://informacjezkraju.pl/zoh1cdr/verif.accounts.docs.net/
95. http://invertilo.com/yrfygy6/Intuit_EN/company/Redebit_operation/Redebit_op/0890188662/HgMv-pt9cm_LUlu-ty/
96. http://iransbc.ir/wp-includes-old/doc/Redebit_operation/Redebit_op/knrw-xfegB_mdM-zg/
97. http://irantourism.tk/wp-includes/sendincverif/support/sichern/De_de/032019/
98. http://irismal.com/ecsmFileTransfer/Intuit_Transactions/corporation/Redebit_operation/Notice/907451825/exhYq-5hM8_Nl-NA/
99. http://isn.hk/cgi-bin/Intuit_EN/files/Redebit_Transactions/faq/411520272/UAUHn-xltA_he-oF9i/
100. http://jargongeneration.com/Gambia/Intuit_Transactions/corporation/Redebit_operation/Transactions/ZwKCi-js044_jsNdQ-xqTH/
101. http://jensnet.se/wp-admin/Intuit_EN/scan/Redebit_op/9889612330/dDOc-eFj_Jupye-Ck/
102. http://jenthornton.co.uk/wp-includes/Intuit/corporation/Transactions/vXSF-VIe_Rm-wmIK/
103. http://jerryshomes.com/vendor/US_CA/info/RD/UifUK-Z38jO_YZRyw-LWk/
104. http://jobnest.in/awstatsicons/US_CA/Redebit_operation/faq/109536014/QoEoY-ipki_IScD-QcG/
105. http://kannada.awgp.org/wp-content/uploads/Intuit_US_CA/doc/RD/Redebit_op/kfYj-3Uc_qQPWL-mmx/
106. http://keyi888.com.tw/wp-admin/sendincsec/legale/sich/De/032019/
107. http://kkk-3728.com/wp-content/sendincencrypt/legale/Frage/De_de/201903/
108. http://korneragro.com.ua/wp-admin/secure.myaccount.resourses.biz/
109. http://kotel-patriot.com.ua/2rbqqvd/sendincsec/nachrichten/nachpr/De/2019-03/
110. http://kowil.com.vn/wp-admin/Intuit_US_CA/info/Redebit_Transactions/Notice/lDiGI-OB41P_d-n3/
111. http://lastmilecdn.net/wp-includes/Intuit/info/terms/Tmzru-ybtZ_elsf-4Dr/
112. http://leonpickett.com/con7ext_sym/r0bo-v8e4q-jylv.view/
113. http://levana.com.vn/wp-admin/Intuit/RD/DqPsX-7qEvW_wBB-Jkf/
114. http://lopxe.itvina.co/wp-content/uploads/Intuit/scan/RD/faq/gUnLI-Hjuuo_SOtVB-MCs/
115. http://maerea.com/blog/wp-content/y8hz-k9kbg-ndech.view/
116. http://maymarproperties.com.au/wp-content/Intuit_EN/llc/Transactions/LQWZG-UB_tqxxGI-2gnb/
117. http://miris.in/wp-includes/dn09-upnt3-gypas.view/
118. http://mistcinemas.com/cgi-bin/sec.accs.send.net/
119. http://pefi.sjtu.edu.cn/wp-content/Intuit/llc/RD/Operations/8060122705/HCnO-Wf_PTUH-2q/
120. http://pji.co.id/iug1iha/sec.accs.send.com/
121. http://pufferfiz.net/spikyfishgames/sec.myaccount.send.com/
122. http://raeburnresidential.co.uk/cgi-bin/verif.accs.resourses.net/
123. http://ragnar.net/cgi-bin/sendinc/service/nachpr/De_de/03-2019/
124. http://rebuildkerala.info/wp-content/files/RD/terms/qvhQ-cdc_ZKXAKz-i4/
125. http://redmiris.com/wp-admin/Intuit_US_CA/corporation/RDEB/PhrJ-h8cHm_Jx-M4F/
126. http://rouze-aurelien.com/wp-content/uploads/sendinc/nachrichten/nachpr/DE_de/032019/
127. http://rychlapreprava.sk/css/secure.accounts.resourses.com/
128. http://shop.dreamstyle.cl/__MACOSX/sendinc/legale/sich/de_DE/032019/
129. http://sidtest.site/cgi-bin/verif.myacc.docs.biz/
130. http://soil-stabilization.ir/wp-admin/sec.myacc.docs.com/
131. http://studyosahra.com/css/secure.myaccount.resourses.com/
132. http://teknotown.com/wp-admin/secure.accs.resourses.net/
133. http://telovox.com/log/sendinc/support/Frage/DE_de/03-2019/
134. http://textilkopruch.com.br/wp-includes/sec.myaccount.send.net/
135. http://thetourland.com/wordpress/sec.accs.docs.biz/
136. http://trident-design.net/wp-content/sendincsec/nachrichten/Frage/de_DE/201903/
137. http://umakara.com.ua/icon/US_CA/RD/Notice/bodo-cF_sLXwuI-G8/
138. http://vetah.net/signature/9ivx-p59hu-quup.view/
139. http://vitalacessorios.com.br/cgi-bin/sec.myacc.send.biz/
140. http://waterhousecleaning.co.uk/dir/secure.myaccount.docs.net/
141. http://wessexchemicalfactors.co.uk/css/secure.myaccount.send.net/
142. http://wheenk.com/lib/company/Notice/7372081/jpfGt-WaoC_j-v9iO/
143. http://www.cbmagency.com/wp-content/trust.accs.docs.com/
144. http://www.cortijoguerra.es/wp-snapshots/91fsn-fh5mr-bsive.view/
145. http://www.encut.us/wp-content/uploads/company/Notice/sbkVf-Hrstf_Nia-sln/
146. http://www.fabinterio.co.in/wp-admin/sendincsec/service/Nachprufung/DE/03-2019/
147. http://www.grameenshoppers.com/old-site/US_CA/Redebit_Transactions/Instructions/rnxLR-K48_oUp-qnr/
148. http://www.graphicsbygabby.com/wp-content/US_CA/company/RDEB/Redebit_op/hSUta-8OZ_W-ram/
149. http://www.heldermachado.com/wp-content/sendincverif/service/nachpr/DE/032019/
150. http://www.kelaskuliner.com/tyoinvur/sendinc/legale/Frage/De/201903/
151. http://www.la-reparation-galaxy.fr/wp-admin/Intuit_EN/document/Redebit_operation/faq/346178436/aDTP-Uhktd_wHV-Hr/
152. http://www.localbizz.in/wp-admin/Intuit_EN/doc/terms/TwlY-Omkd_WSS-Fi7/
153. http://www.majoristanbul.com/cgi-bin/trust.myacc.send.net/
154. http://www.nhadatquan2.xyz/wjf85ri/sec.myaccount.send.com/
155. http://www.ninepoweraudio.com/cgi-bin/Intuit_EN/company/Notice/sFVxJ-tg_M-FBsQ/
156. http://www.zhanxiantech.com/google_cache/secure.accs.send.com/
157. http://xn--jos-mrio-correia-jmb5l.pt/js/trust.accounts.docs.net/
158. http://zaferhavuz.com/wp-content/sendincsecure/support/sichern/de_DE/03-2019/
159. https://anandbrothers.co.in/wp-admin/RDEB/61373497/pmMmx-avZy_dhpyF-7vPo/
160. https://arinidentalcare.com/files/trust.accs.resourses.biz/
161. https://asociatiaumanism.ro/wp/secure.myaccount.resourses.com/
162. https://e-cart-solutions.com/ff0osxw/llc/dUXBn-TT_qQ-NX5/
163. https://elmatemati.co/wp-includes/US_CA/info/Redebit_Transactions/Instructions/3512692/IsTNB-bcmb_n-2iFQ/
164. https://entec.vn/zdiks2j/Redebit_operation/faq/745272118/pxiB-k1_EmAAl-pf9/
165. https://eptq.kz/blogs/secure.accs.docs.com/
166. https://esfahanargon.com/wp-content/sendincsec/nachrichten/vertrauen/DE_de/201903/
167. https://eventpho.com/wp-content/sendinc/legale/nachpr/DE/03-2019/
168. https://expresstattoosupply.com/wp-content/sendinc/legale/vertrauen/DE/2019-03/
169. https://fbufz.xyz/sendincverif/support/vertrauen/DE/032019/
170. https://firemode.com.br/1021blindagens/wp-admin/sec.accounts.resourses.biz/
171. https://fk.unud.ac.id/wp-includes/sendincencrypt/support/Frage/de_DE/201903/
172. https://flintfin.com/wp-includes/scan/RDEB/terms/daaMn-gDhPs_y-oF/
173. https://fxqrg.xyz/sendincsecure/legale/nachpr/DE/201903/
174. https://gbazar.com.br/aas6fdp/sendincencrypt/support/Nachprufung/DE_de/03-2019/
175. https://getdripfit.com/wp-content/sendincsecure/nachrichten/sich/De_de/03-2019/
176. https://gitbim.com/braz/secure.accounts.send.com/
177. https://gskr.kz/wp-content/sendincencrypt/nachrichten/Frage/De/201903/
178. https://gvpmacademy.co.za/css/sec.myaccount.send.net/
179. https://hille-company.de/wp-admin/US_CA/doc/Redebit_Transactions/Transactions/237337107/MSlGo-JtHKz_Wp-9R2T/
180. https://hotelmysurupalace.com/wp-admin/document/Redebit_Transactions/Operations/NhFRB-8Ev_RzGTe-lZhG/
181. https://huskennemerland.nl/wp-content/Intuit_US_CA/llc/Redebit_Transactions/Operations/jWPSM-cjbW_pUb-9kk2/
182. https://inclusao.enap.gov.br/wp-content/Intuit/company/RDEB/Operations/ansh-WkZ6p_dFs-qSn/
183. https://informacjezkraju.pl/zoh1cdr/verif.accounts.docs.net/
184. https://informapp.in/xvyf69e/sendincsec/nachrichten/nachpr/DE_de/03-2019/
185. https://jerryshomes.com/vendor/US_CA/info/RD/UifUK-Z38jO_YZRyw-LWk/
186. https://kcxe.net/wp-admin/verif.accs.resourses.biz/
187. https://kkk-3728.com/wp-content/sendincencrypt/legale/Frage/De_de/201903/
188. https://kkk-3873.com/wp-content/sendincsecure/service/sichern/DE_de/03-2019/
189. https://kkk-7681.com/wp-content/sendincsecure/support/Nachprufung/de_DE/032019/
190. https://leonpickett.com/con7ext_sym/r0bo-v8e4q-jylv.view/
191. https://longmiaplus.com/sendincsecure/trust.myacc.send.biz/
192. https://nhathongminhsp.vn/sendincencrypt/verif.myaccount.send.com/
193. https://oxyfi.in/mmcv/trust.myaccount.resourses.biz/
194. https://pefi.sjtu.edu.cn/wp-content/Intuit/llc/RD/Operations/8060122705/HCnO-Wf_PTUH-2q/
195. https://pji.co.id/iug1iha/sec.accs.send.com/
196. https://rebuildkerala.info/wp-content/files/RD/terms/qvhQ-cdc_ZKXAKz-i4/
197. https://sagrathi.com/sendincverif/sendincsecure/nachrichten/vertrauen/de_DE/2019-03/
198. https://studiomarceloteixeira.com.br/wp-includes/sec.accounts.send.com/
199. https://sundarbonit.com/wp-includes/secure.myaccount.docs.biz/
200. https://tokokacaaluminiummurahjakarta.com/cgi-bin/verif.accs.send.net/
201. https://tokokacaaluminiummurahjakarta.com/cwflfmf/sec.accs.send.biz/
202. https://vinhomesgoldenriver.info/tyoinvur/verif.myacc.send.com/
203. https://webinar.cloudsds.com/js/trust.accs.resourses.com/
204. https://www.3d-designcenter.com/img/k9ad-34z7d-ungd.view/
205. https://www.atadisticaret.com.tr/wp-content/sendincencrypt/service/sich/DE/2019-03/
206. https://www.brunerpreschool.co.uk/blogs/Intuit_US_CA/llc/terms/rzrV-ZmK_MoVec-tRKK/
207. https://www.esteticabiobel.es/wp-admin/sendincencrypt/legale/nachpr/de_DE/03-2019/
208. https://www.gokmengok.com/wp-admin/sec.myaccount.send.com/
209. https://www.grameenshoppers.com/old-site/US_CA/Redebit_Transactions/Instructions/rnxLR-K48_oUp-qnr/
210. https://www.hanviewpacific.com/test/sendincsec/legale/Frage/de_DE/201903/
211. https://www.heldermachado.com/wp-content/sendincverif/service/nachpr/DE/032019/
212. https://www.hk026.com/2zsjmbk/sendinc/legale/vertrauen/DE/03-2019/
213. https://www.kelaskuliner.com/tyoinvur/sendinc/legale/Frage/De/201903/
214. https://www.lagucover.xyz/8agtetk/Intuit_US_CA/files/terms/piRm-X0_GK-NpBv/
215. https://www.la-reparation-galaxy.fr/wp-admin/Intuit_EN/document/Redebit_operation/faq/346178436/aDTP-Uhktd_wHV-Hr/
216. https://www.lnkjdx.xin/wp-admin/sec.accounts.resourses.com/
217. https://www.localbizz.in/wp-admin/Intuit_EN/doc/terms/TwlY-Omkd_WSS-Fi7/
218. https://www.ninepoweraudio.com/cgi-bin/Intuit_EN/company/Notice/sFVxJ-tg_M-FBsQ/
219. https://www.yildirimlarholding.com.tr/wp-admin/secure.myaccount.send.com/
220. https://www.zhanxiantech.com/google_cache/secure.accs.send.com/
221.  
222. ```
223. #### Epoch 2 Document/Downloader links seen for 03/13/19 ####
224. ```
225.  
226. http://104.155.134.95/verif.myacc.docs.net/s3uz6-lqqzt5-rnqphv/
227. http://109.97.216.141/@eaDir/y7y7-s6p8as-auqzvlfb/
228. http://114.115.215.99/wp-includes/6ymw-hzj8t-yziswqr/
229. http://118.126.111.163/q1j4pt0/vffk-h65jg3-pffz/
230. http://118.24.117.137/iolfcmx/d5xxauc-qa19o-lnsyqia/
231. http://128.199.68.155/wp-content/uploads/5q73-5aggn8-agovfen/
232. http://12pm.strannayaskazka.ru/wp-content/ay2pd-8w3h7o-smomp/
233. http://13.209.31.54/wp-content/j56ie-q4pr7-hyskte/
234. http://140.143.224.37/fb5sreu/tkiy-msnwm-ocmfz/
235. http://159.89.31.29/wp-content/bx6n-83qbbx-aejixm/
236. http://192.144.136.174/wp-content/ey8d5-0dglm-imizohy/
237. http://2bebright.net/a4inhdw/frsh-t8vphw-tlhak/
238. http://35.200.202.215/wp-content/uploads/k8iag-wulnvn-ahohpbt/
239. http://35.221.147.208/wp-includes/ss740-w5h1jg-tlcz/
240. http://35.221.42.220/wp-admin/tmft-2msnea3-hnzs/
241. http://3drendering.net/wp-content/bg4d-dxjqx-oler/
242. http://6connectdev.com/bots/pnlsj-rzti93-sapdcuvq/
243. http://79.137.39.145:8080/wordpress/wp-content/uploads/pj6e-2vdcd-kijjr/
244. http://84.28.185.76/wordpress/lv6rh-4i2k6c-rtnoiuzz/
245. http://94.191.48.164/hf9tasw/o983-cfbni-epxvp/
246. http://aasinfo.hu/images/euxo-jo6h1u-efos/
247. http://agtrade.hu/images/m6az-uc1m0-pfze.view/
248. http://akashicinsights.com/absolute_abundance_files/1mntv-bjae9-oxdaqbh/
249. http://akashicinsights.com/absolute_abundance_files/jzf7-vnq2h-jvkq.view/
250. http://alannonce.fr/cgi-bin/8b1m6-v5bbir-iycrvob/
251. http://alkadi.net/osama/qgv4-e389a-szzkeilmg/
252. http://altifort-smfi.com/wp-content/uploads/1dcrb-2fqwe7-pkhlbrku/
253. http://amigosdealdeanueva.com/mail/vqm8u-frm4ws0-pwjaa/
254. http://ammedieval.org/wp-includes/6x3r-lxpns1-itpef/
255. http://angelareklamy.pl/cgi-bin/5sea-qryp0b-xpkpzpepx/
256. http://annual.fph.tu.ac.th/wp-content/uploads/yuo3-k2nys3-hucb/
257. http://artecautomaten.com/wp-content/80g4z1-mtiz70k-mjta/
258. http://artmaui.com/wp-content/f3ug8-law6e-xfcqh.view/
259. http://atelierap.cz/administrace/2kzrm-u29hj-jlvrrgoee/
260. http://ayitilevanjil.com/wp-content/sbglcn-5kvu4n-uoyb/
261. http://barabooseniorhigh.com/En/bly1-g42zf-bsrqkaki/
262. http://beloa.cl/application/tests/q0ue-2vdud-wuxrgil/
263. http://bergdale.co.za/wp-admin/jejxy-dzb24-ljqqgzz/
264. http://bernardlawgroup.com/wp-admin/g51m1-4mdty5-vksht/
265. http://bernielandry.com/wp-includes/3qmtd-xmr7y8-vjwdmzk/
266. http://bernielandry.com/wp-includes/3qmtd-xmr7y8-vjwdmzk/)/
267. http://betonbrother.com/cuki/4e9sv-1ki9v-fzkt/
268. http://bhumikajyoti.com/css/vnjbt-m9ozd-jkukz/
269. http://biederman.net/leslie/7kth-xlspp-zwejfxp/
270. http://bitbuddybtc.com/btcbetpal.com/8ad91-oltcg9-cbon/
271. http://blockseal.com.br/pdf/9v87-70hvk-mrenqnqb/
272. http://blockseal.com.br/pdf/z4lug-bpbx8r-rkzeuyfl/
273. http://blog.atlastrade.biz/wp-includes/qxmsx-z9c7je-lqhvywa/
274. http://blog.clubedocapacete.com.br/wp-admin/2my9z-t8iwf-ckcey/
275. http://blog.marianemaikomatsuo.jp/ja9hnln/qxfv6-6lffk-lceqp.view/
276. http://bloodybits.com/edwinjefferson.com/lxxiw-nt5b63-hoirtvgsq/
277. http://blueheartfeed.com/jxpk/7r69y-i6eh4b-clzkkh/
278. http://bmserve.com/mobile/jqb4p-d55u4g-zdzeuwf/
279. http://brams.dothome.co.kr/wp-includes/2aao-80urg-pagaagzc/
280. http://browsers.dn.ua/wp-content/czac-nrzgo-hysdwy/
281. http://buckmoney.xyz/cgi-bin/g0wwk-kjrlcd-yayjxol/
282. http://businesswebintegrations.com.au/wp-admin/fg1i-4ka9d7-yvzau/
283. http://buybywe.com/invoiceplane/e33v-47lnw-hortestf/
284. http://californiamotors.com.br/site/ffsi-ckg5x-hqphz/
285. http://campustunisie.info/cgi-bin/zy3r-412rju-zhifdmrdt/
286. http://canacofactura.com.mx/factura_admin/fx27l-5dqbqv-wppohrnyn/
287. http://candyflossadvisor.com/oldsite/k75z-p81wz-vdteq/
288. http://carlosmaneta.pt/29hvno0/4pp8-pvxa3-zletb/
289. http://catamountcenter.org/cgi-bin/hgcw-r6i4j-qjjctshs/
290. http://ccontent.pro/psmc9yj/8x6u9-ak8gj-pyywgjplq/
291. http://cedrocapital.xvision.co/wp-includes/qiteq-rvg79-qewp.view/
292. http://chefadomiciliopadova.it/wp-includes/acu08-lfh69zc-amukgt/
293. http://chuyennhatietkiem.com/wp-content/c93as-7a7sutu-wesqqb/
294. http://click.senate.go.th/wp-content/uploads/2019/5kf9xg-1ew5g4j-ajij/
295. http://colbydix.com/simpleSiteBack/ty9fr-r5jsv-unllqudn/
296. http://colbydix.com/simpleSiteBack/ty9fr-r5jsv-unllqudn/)/
297. http://contabil-sef.creativsoft.md/css/7tj2-xp81h-iosiqna/
298. http://design.ftsummit.us/wp-includes/ya1w-nhg7bf-ljopsa/
299. http://designer.ge/wp-admin/ml0g-b4cnhs-jbxftzd/
300. http://dev15.inserito.me/almumtaz2/nkh6-ngcm8q-hxslwk/
301. http://dfydemos.com/chiropractor/o96z-wapmc-pahhmsk/
302. http://digitalprintshop.co.za/kgyhf1s/jg9iil2-dp5he-jixh/
303. http://dimeco.com.mx/factura/3nb3-hhzecy-ocjpluefz/
304. http://divacontrol.ro/images/var3-grecla-cfoqykg/
305. http://dogfood.gq/alfacgiapi/19zecs3-g0s5b-bkeydld/
306. http://dogtrainingtips.me.uk/YAHOO/i1dsjp0-efshv-javen/
307. http://dqbdesign.com/wp-admin/6qyv4-9tq8s-zzarro/
308. http://drszamitogep.hu/_BACKUP-20190208-HACKED/mz58-5k5jp-lxiv/
309. http://d-snpagentdirectory.com/hosvctb/gnbo7-2vzgm-licrkml/
310. http://dtk-ad.co.th/r20yp8t/speqs7y-mngn1yj-ugzcwuf/
311. http://duncaninstallation.com/images/yptss-ia6pha-mgohqoeep/
312. http://edtech.iae.edu.vn/wp-includes/4dj9-k6eyn-vhznya/
313. http://ekimkayadropshipping.com/ozan/5c5w7-gcoq7-atef/
314. http://ellajanelane.com/ejloffice/124s9-fm1qq-abgix/
315. http://embraercssguide.com/wp-admin/gpjk6-y3ql8w-imxxewr/
316. http://emporiodochefkaka.com.br/wp-content/6via-rgiz4-dxxmis/
317. http://e-n-g.ru/wp-admin/ct4w-993wbu-kolgphei/
318. http://erdelt.nl/administrator/jsk1-w41hwa-qskany/
319. http://esenlives.com/yyvmbi9/ear3t-r5slea-zbdvcqlb/
320. http://estatecondos.com/blogs/xy73ab-tuq3j2-vlbug/
321. http://e-techconnectivity.in/sitefiles/0ukwn-3p2242-yhyugo/
322. http://evaksgrup.com.tr/wp-admin/3o71jou-kc2h1oj-bvqqghv/
323. http://factoryoutlets.pk/wp/602kmrl-u9vqfy-xonjxs/
324. http://faisalera.sg/blogs/75vh0-4c3tl-gsqfe/
325. http://farstourism.ir/wp-admin/zybx3-ogcjh-yxcgfs/
326. http://fictionhouse.in/wp-content/v5v14-mcb8h-sfpd/
327. http://firma-malarska-poznan.pl/wp-includes/fqio168-q23pt1-kjzidv/
328. http://fisika.mipa.uns.ac.id/icopia/files/fyhwj8-sx526d-ngfto/
329. http://flyingmutts.com/stats/f06bn-kgh24-ncoviajp/
330. http://foresightastro.com/astro/bmykd-8efx9u0-ycjg/
331. http://fp.unived.ac.id/wp-content/uploads/90kg-bcsnns-qytzs.view/
332. http://fundmanagertalk.com/cgi/7f7y0-y6vnr-jjhzgbycu/
333. http://fuzzyconcepts.com/residential/vgf0-uy9ho-blimv/
334. http://gadgetzone.bh/store/x9jx-bu03m0y-dvtgpdj/
335. http://gamarepro.com/plugins/kmco-qr04fy-xtvulaut/
336. http://garo.org.tr/form/jv91g-is162-zqfypgt/
337. http://geoclimachillers.com/wp-includes/knyp-sfhcsha-hulqc/
338. http://gged.nl/geocaches/z2xp-g0vptp-rltpmf/
339. http://ginfo.lol/wp-gone/xebc-b1pswx-uxmk.view/
340. http://gourmetreats.in/zzse/x2j3-pcsurv-hcpdfg/
341. http://gourmetreats.in/zzse/zwjz-2yhdx-eldv.view/
342. http://grafit.co.rs/cgi-bin/2bshi-3eutih-rvwqf/
343. http://greenfenix.com.uy/blogs/jmtov-6hww10-njzzbgtd/
344. http://grupoweb.cl/wp-admin/bx5k-6wssps-byqzqqteq/
345. http://gunpoint.com.au/jqQB6bFC/qllom-cj8f2m-uphx/
346. http://halal-expo.my/wp-admin/g7wn-vqjivi-iaflnb/
347. http://hand.nl/ads/i84c-eb26hq-vncjkijf/
348. http://harmonygroup.ci/wp-admin/se4y8h-ckebn4h-mkmpss/
349. http://hbsparticipacoes.com.br/wp-includes/4nzh69-q3jbj2-liiz/
350. http://hds69.pl/ww4w/j5m48-5hz5w6-pwglab/
351. http://hep.dk/bobler/uf4op-691f1i-cydkgk/
352. http://herms.com/backupDBsup/j4e7-76x2f-lcced/
353. http://hillhousewriters.com/_notes/ti8c-u5jpix-zgipgrvz/
354. http://hoief.iq/59eskvt/fhn4my9-489jwhc-mevyk/
355. http://holosite.com/3d/wku1-5a74w-tcrfsmtub/
356. http://homeopharma.pt/wp-includes/prta-9oao9-utpa/
357. http://hopex.com.co/cgi-bin/9dt85-4v81pu-fwct/
358. http://horseshows.io/c2nkrlt/s72w-42ruwc-ggfgto/
359. http://hos.lwdev.nl/wp-includes/0h5v-fitc79-bwbiadf/
360. http://hostbox.ch/8hdu-cd7z4d-wwwh/
361. http://hottest-viral.com/tyoinvur/z3hl84-dhnqp-wqyl/
362. http://hpbio.com.br/logon/4b28-bals6-txsb/
363. http://humanointegral.cl/wp-admin/ozm7-aldl8z-qysat.view/
364. http://hussaintibbenabawi.com/blogs/x6x73-skouwnt-qxegd/
365. http://icpn.com/shawtroop342/873d-oo9v7-qnxh/
366. http://ifilo.com.tr/old/4uyga-bykhf-mlxikab/
367. http://i-genre.com/wp-admin/vlnk-0a28ky-gcxl/
368. http://iglecia.com/threelittlepigsgotoyoga/go16l-yg546-baojzny/
369. http://iheartflix.com/wp-content/2o10-v1ndx-aupxlnse/
370. http://ilcltd.net/eienbsu/p41rbi-h21yh-qenkt/
371. http://ilgcap.net/wp-includes/4gzh5-stgopw-sotgs/
372. http://implantis.kh.ua/wp-content/y1vyg-3zgcq8c-dnmnco/
373. http://impro.in/components/wtv92-h7574-etbff/
374. http://improfy.com/wp-admin/a0ur621-bwq0u-cgqptd/
375. http://infinitec.com/support/api/dauh-4edsat-piprrj/
376. http://ink-spot.gr/ww4w/ij38x-bn07q-mhtusp/
377. http://instituthypnos.com/1sxuh6w/mq4zg-lhprzn-yooemce/
378. http://internetport.com/wp-content/3s57f-jwrlh-rxazex/
379. http://ione.sk/isotope/fa9n-ilztc-raiydwlsg/
380. http://iribx.ir/gjhrs/uyhc-ast0o-qhmz/
381. http://itconsortium.net/images/qtkdo-xz1ps-jpgbdabng/
382. http://itecs.mx/wp-content/c2422-zqvc3a-qsgo/
383. http://itpractice.com.au/wp-content/6neg-zq2h5m-bsgeeo/
384. http://jabalnoor.sch.id/wp-content/60yhe2l-mn05v-jcojd/
385. http://janetjuullarsen.dk/ydcb7-9ftb6-beob/
386. http://jaspinformatica.com/boxcloud/re9tl-u4aic3-rkty/
387. http://javorsky.eu/knihy/7l10d-wchl8-wcdxui/
388. http://jbimpex.com/cgi-bin/okr2-bbqpd-pcqloy/
389. http://jeantetfamily.com/nbYKX-tuyPjfD9eJIDLdI_GSUQXuUwr-SJM/p0toi-wvvspg-pzauhekva/
390. http://jjsdesignandbuild.com/tw34yvw/3ymrs-jt8451r-wijgvjx/
391. http://jobsinholland.ro/szuh/j5rm-9cj8c-vtma/
392. http://junkmover.ca/wp-includes/yscl-n56pu-cnshz/
393. http://jupiter74.ru/bhwfper/mvhs-jjz361q-uvvkk/
394. http://justcarjewelry.com/awdtjmb/kpdh5fu-kuouvo6-leclagg/
395. http://kabmetodist.ru/wp-content/d3cwi-3kek1-kutsly/
396. http://kapis.com.tr/wp-admin/yaq59-ba9aw-rswkpxrzr/
397. http://kapporet-e-learningsolutions.com/wp-admin/dnbcu-is4koz4-ioaqtxk/
398. http://kemaster.kz/wp-admin/6rz2l2o-jbjb2nu-kvaml/
399. http://kevs.in/wp-content/uploads/fyrm-tila91-hjiqfkat/
400. http://khachsanrevungtau.com/f7wmgnw/c9kn-cl8djx-bzrlkuh/
401. http://kinomax.vn/wp-includes/vomwqab-syfcg-cgpw/
402. http://klasisgk.or.id/fonts/ad10-xbqpw-rxto/
403. http://koehler-cosmetic.de/wp-content/a244r-y9ohc4-mbbeo/
404. http://ksoncrossfit.com/rylawpc/7ys1-3pc4x1-lhezgcfmo/
405. http://kuy-ah.id/megabusbandung.com/7mbn-byibei-cuptgwv/
406. http://kysmsenivisual.my/wp-includes/8lcj-aq6gr-poomjlddr/
407. http://labsinitiative.com/wp-content/4wiv-w4ervw-gvsyeph/
408. http://laptrinhwebcoban.com/wp-content/90p7-9zd1h-chuah/
409. http://larissapharma.com/fobn/egvl-hwiww-sfcidhb/
410. http://legginsandtights.com/xgerdse/wbuwueo-u51po7-nphyyrb/
411. http://lemasc.hotrogoogleadwords.com/wp-includes/s69o-2a3o2-iifi/
412. http://lgubusiness.ph/wp-includes/2kc5-j9la5-rfra/
413. http://limblo.net/wp-content/pa6h-s8he0r-bvwfu/
414. http://locaflex.com.br/wp-includes/j30zkp6-d4uus-zrvj/
415. http://logologi.vn/xo4875d/v22ho-qlb8v-ihywq/
416. http://luacoffee.com/wp-content/uploads/hwqu-5dj22r-chrsl/
417. http://lydproduksjoner.no/wp-content/vabw3-m8xxm-rtbvks/
418. http://lymphaticyogaexpert.com/wp-content/mvuw-69ilwj-ahzzb/
419. http://mc.kalselprov.go.id/wp-content/kqep-4bgoas-vyfdpr/
420. http://modelsofmeerut.com/wp-admin/yoag3-iinsv-fkab.view/
421. http://muacangua.com/wp-admin/shes-u7pd1-uvlyle/
422. http://nanyangbaobao.com/wp-content/o0l5v-cqofge-msavm/
423. http://nguyenthituyet.org/wp-admin/nger-xhkcnz-dywfrio/
424. http://nowokay.shop/wp-admin/fjbza-zhv8tt-cuanbzsge/
425. http://oneadbiz.com/wp/wp-content/1qttp-xpjgn3-bieu.view/
426. http://pannewasch.de/Artetra/pf6f0-vlkuko-dcshgay/
427. http://pantone-iq.com/test3/bzk5-q6bt2o-thwi/
428. http://pasb.my/videos/v48pu-rg7di-llwdp/
429. http://petite-pop.com/wp-content/e35d-msulvg-bnquh/
430. http://pharmanecia.org/wp-admin/sn3c-awm1k-ttpxpk/
431. http://profitorg.kz/index.files_/5d0z-i3i1ds-hojyl/
432. http://project.hoangnq.com/tour/images/catalog/vuemiv-9rtmff-stfucv/
433. http://pueblosdecampoymar.cl/wp-admin/bj7t7w-6du67-pgzflw/
434. http://regiosano.mx/wp-admin/vqkjx-7k190-nswloca/
435. http://research.fph.tu.ac.th/wp-content/uploads/4qbxx-tvwu0-exphx/
436. http://rychlapreprava.sk/css/ilv6l-vtxj1-bmylx.view/
437. http://sahkocluk.com/css/mm3w-pog9i6-dbnn.view/
438. http://sannicoloimmobiliare.com/s5v4bzr/kg5em-8s0zg-wyrk/
439. http://sannicoloimmobiliare.com/s5v4bzr/stay-6vaz2k-gxplb.view/
440. http://scenography.om/dhl/s1w0v-2hdmi5-jfgv/
441. http://sevensites.es/D1J/cxxbg-0d5nwo-pjufq/
442. http://shawktech.com/shawktech.com/91nw-hd0kc8-ingjmpx/
443. http://shoppworld.com/migrar-wp/u9esy-5oz3f-jmvlvsw/
444. http://soil-stabilization.ir/wp-admin/im6p-txr1q6-bfzd.view/
445. http://spc-rdc.net/blogs/fr3l-p5snm-fhpmcysg/
446. http://speedcargomovers.net/assets/6lb0f-41p609-dufh.view/
447. http://stargellenterprise.com/home/id42uh-rmk38y-bjtkp/
448. http://switchandplug.co.ao/concrete5/kyam-j7xftq-rxuya/
449. http://taxi.seotm.pro/wp-admin/45kr-bp03x-bzgwb.view/
450. http://taxi.seotm.pro/wp-admin/d6l8-4oz3g-bvmagr/
451. http://technorash.com/howe3k5jf/5x1vy6-mkjsab-gpkel/
452. http://tecnologiacervecera.com/wp/fhxjtox-k9uqwvw-wdpjep/
453. http://teknotown.com/wp-admin/d96m-5kduyd-gmzsf.view/
454. http://tem2.belocal.today/beauty-house/1ja10-cuvei1-hvvjkdgrd/
455. http://temp4.com/polygon/d1nc-dnq36w-vvqs.view/
456. http://templatewordpresss.com/wp-includes/3lm8-ykcsag-ihjnv.view/
457. http://theta-energy.ir/1/zs6b-vuo29n-mvmk/
458. http://thientds1809a.dizito.me/wordpress/wcbrx2-vd4uq0-wsrjd/
459. http://todaysincome.com/wp-content/7h8nd5j-2ssh9-jcuyc/
460. http://tom11.com/images/8azg9-cyflvl-juspgb/
461. http://triratnayouth.org/wp-admin/1eer-0njhp-kenz/
462. http://triton.fi/trust.myaccount.resourses.net/smanw-aa2qk-rrqt/
463. http://ue.nz/wp-content/zkgk-th6a8s-qnzsm/
464. http://ulco.tv/1v7wu20/8ke0q-lxmwr-kwxn/
465. http://urbanelektro.no/wp-admin/llpb-c51b3-bvckp.view/
466. http://van-stratum.co.uk/www.haishabu.com/ix5g-x8m3l-fysyeubjn/
467. http://wdsonlobo.online/ddh9fua/oe5b-uvnthq-cwckmf/
468. http://weisbergweb.com/lxPU-3j60nDONL_Sy-66/gzlvc-m1nkv-naxyc/
469. http://wessexchemicalfactors.co.uk/css/rzyj-spr1lb-dyyo.view/
470. http://www.1080wallpapers.xyz/tvcgyma/klmi-malohv-prbqgs/
471. http://www.alrafahfire.com/images/h3ry4g-kbtfg-pvrm/
472. http://www.bilgiegitimonline.com/wp-admin/iovt-qv0vom-wcmvn/
473. http://www.breathenetwork.co.uk/tmp/c0hyf-k641oc-fvwe.view/
474. http://www.bstartware.com/wp-includes/2iwrje-tchjvs-lifj/
475. http://www.doblealturacasas.com/htaw38fovf/hu3j-uk77zc-dhbiixesz/
476. http://www.emporiodochefkaka.com.br/wp-content/6via-rgiz4-dxxmis/
477. http://www.flux.com.uy/fw2xzy5/thu2-4gtlj-semt/
478. http://www.gifftekstil.com/wp-admin/6gs5-tt5ah-hkeeb/
479. http://www.gorkemevdenevenakliyat.com/wordpress/m6vb-oiw2b-ourq.view/
480. http://www.gym.marvin.tech/css/zjseo-hdlmxw-chwelf/
481. http://www.hdtnet.cn/wp-includes/0g2cj-52x85-figojyex/
482. http://www.hotels-vercors.com/stats/97vgeb-78jzwj-oryjrz/
483. http://www.hurrican.sk/img/jau8x-rpk0t-htuqykyp/
484. http://www.i3program.org/wp-snapshots/e05o-2xz787-owuimq/
485. http://www.indufan.cl/cgi-bin/79xi-x5lp9-xvmc/
486. http://www.irqureshi.com/wordpress/wp-content/72ww5x-i3e1zf-uhjxwce/
487. http://www.jar5.com/wp-content/coz40-j9mm7c-hmogkdwx/
488. http://www.jazlan.ideaemas.com.my/wp-includes/aa2qgjm-ut6qkb-omrpk/
489. http://www.karaoke-honeybee.com/ztbr/d5bbc02-8tze05-dthg/
490. http://www.koehler-cosmetic.de/wp-content/a244r-y9ohc4-mbbeo/
491. http://www.lymphaticyogaexpert.com/wp-content/q4qj0-oupui-zklv.view/
492. http://www.mmcountrywidepages.com/cronkwq/z7sm6-gi5ab2v-dnfta/
493. http://www.nhadatquan2.xyz/wjf85ri/aut50-w4vz58-gqtgg.view/
494. http://www.sahafstandi.com/wc-logs/t84h5-iv2n0-rnuar.view/
495. http://www.sdhjesov.cz/wordpress/papcc-koe6n-lsric.view/
496. http://www.smilefy.com/it3fqqo/lcrsd-d2qpq-yixdwk/
497. http://www.tarakiriclusterfoundation.org/lbjjqctggh/7qm4-lbuy9a-tddag.view/
498. http://www.teknotown.com/wp-admin/d96m-5kduyd-gmzsf.view/
499. http://www.triratnayouth.org/wp-admin/1eer-0njhp-kenz/
500. http://xn--80ahduel7b5d.xn--p1ai/wp-includes/bc2db-cdkps4-vzwapi/
501. http://yallagul.com/wp-admin/t4l1-vq4xf-inxv/
502. https://0xff.pl/wp-content/oo0t-8gv3d4-rhfyaafqg/
503. https://1040mfs.com/wp-admin/8fd61-zjg0m-vkyo/
504. https://34.196.157.118/upgrade/dfpiw40-c24cn0-hhuwhea/
505. https://abi.com.vn/BaoMat/8bklf-t2r3z-bthqpzsyt/
506. https://amaiworks.com/wp/tn7a-opg7l-rstfub/
507. https://anhduongdetailing.vn/wp-content/0wy4-ygzxbc-djpiljgmb/
508. https://asis.co.th/cisco-sg300/8leo-kxoz2a8-msiq/
509. https://biddettes.com/xakgexg/m9og-gd2ka-rqicg.view/
510. https://blueheartfeed.com/jxpk/7r69y-i6eh4b-clzkkh/
511. https://boymockup.uteeni.com/nbrm/3hzxf1r-25x9y-mmkio/
512. https://ccontent.pro/psmc9yj/8x6u9-ak8gj-pyywgjplq/
513. https://chefadomiciliopadova.it/wp-includes/acu08-lfh69zc-amukgt/
514. https://click.senate.go.th/wp-content/uploads/2019/5kf9xg-1ew5g4j-ajij/
515. https://d-snpagentdirectory.com/hosvctb/gnbo7-2vzgm-licrkml/
516. https://elevituc.vn/old/csom-9kdwt-rvpgjwouo/
517. https://epcocbetongmb.com/h0s94dr/sy2uw-y1te5d-pdbibvva/
518. https://euforikoi.xyz/application/wzoo-k6txu-zyjfxokwc/
519. https://evytech.co.il/wp-admin/7u6y-7qmp0-edbhdoj/
520. https://ewoij.xyz/250iox-6ww52-uxrgzcd/
521. https://fanfanvod.com/css/jhyb6-8yql6-cthotb/
522. https://fedzbot.com/wp-admin/bf55r-s64sv4-xjgtevj/
523. https://fmmagalhaes.com/wp-admin/pxpx79-nzmh3ej-auih/
524. https://garibas.kz/wp-admin/ti5mczb-uvbsj-hhanmx/
525. https://goodjob-group.com/img/jnil-cfr9w8-iohlmogc/
526. https://growthsecret.in/wp-includes/gqr9-cvmtdx-jpquetzhc/
527. https://hangtrentroi.com/s/g5a1-4zuh28-emygdo/
528. https://healthandenvironmentonline.com/inpiv6s/tcw4-s7l0x95-ywzy/
529. https://hechizosdelcorazon.info/p1xemen/197l-ijzoo-verlrr/
530. https://hjemmesidevagten.dk/wp-admin/l73w7yt-w4yf6b-vtotlko/
531. https://horseshows.io/c2nkrlt/s72w-42ruwc-ggfgto/
532. https://hotmailsignuplogin.com/wp-content/glgrf-nwowrn-rqjitr/
533. https://hottest-viral.com/tyoinvur/z3hl84-dhnqp-wqyl/
534. https://ieatghana.com/nycm/lgv0-si28jw-jjxcis/
535. https://ilimler.net/wp-includes/t1n6-08oe8z-zaksvzr/
536. https://improfy.com/wp-admin/a0ur621-bwq0u-cgqptd/
537. https://indianvisa-online.com/css/shj5h-zgvph5-bhsxqdt/
538. https://internetport.com/wp-content/3s57f-jwrlh-rxazex/
539. https://intrinitymp.com/site/163qa5i-cw6oj-ngioh/
540. https://ispet.com.tr/wp-includes/7nnl7-u9kqn9-xudtrq/
541. https://itimius.com/wp-content/p8y8q-gf2lxv-llurzkr/
542. https://jobs.spyreporters.com/wp-includes/wg9m9-xc14x-cmnz/
543. https://jobsinholland.ro/szuh/j5rm-9cj8c-vtma/
544. https://jsonpop.cn/ddxwo0f/xi8xz-syxpq-zddhctvxt/
545. https://justkp.com/axzcmlb/apgw-tyix1m-rgiuahdc/
546. https://kanttum.com.br/blog/wp-content/uploads/hw1c-rmvsb-fqdwv/
547. https://kbpmnusantara.com/wp-includes/0x3275q-i39w2-cruqzjj/
548. https://kkk-2365.com/wp-content/i9m89-0hw6nf-hldmb/
549. https://kkk-5278.com/wp-content/xazlu-z6iu4f-ftnu/
550. https://k-kyouei.co.jp/peosqaa/a4i7b1-u5o45b-rcehr/
551. https://knsgrup.com/wp-admin/kjul-gu7et-wkmmfm/
552. https://kovar.sbdev.io/xhol/5a9nc-8lxsrp-ufyh/
553. https://ksoncrossfit.com/rylawpc/7ys1-3pc4x1-lhezgcfmo/
554. https://lab6.com.br/ekgxadc/lbv5-rhw5n-yhddb/
555. https://labsinitiative.com/wp-content/4wiv-w4ervw-gvsyeph/
556. https://lifestyle-mobil.de/e308wtq/4r8t5-8y37l4-tfeqejs/
557. https://like.com.vc/wp-content/hs9lx-y568i-nwzfkbdo/
558. https://lockedincareers.com/stats/pvif-3nktd4-ruhorzu/
559. https://lopd.nath.es/wp-admin/ce51-l9ucoh-qszsjy/
560. https://luxur.club/wp-content/25ke-t65cr-eczyfts/
561. https://madublackbee.id/wp-admin/9qgwb-px79p-givtffuw/
562. https://myphamthienthao.com/wp-admin/w91c-njm03-hrdflnasg/
563. https://nhuakythuatvaphugia.com/wp-includes/aq7f-1erdmq-oyrhluy/
564. https://noithatmt5c.com/wp-admin/vpfgn-rs81tm-zpob/
565. https://pbts.net.ph/wp-admin/wsr3-o90mn-lpwjgtfdt/
566. https://pharmanecia.org/wp-admin/sn3c-awm1k-ttpxpk/
567. https://phenieconsult.com/wp-includes/o5viy-gk8wj-lvrbwta/
568. https://qualityansweringservice.com/icon/c0y3-ozvypr-vardnqxi/
569. https://rename.kz/wp-admin/5seaw-yqkmhp-biktaqf/
570. https://rozhan-hse.com/wp-includes/deo7t-dcaum4-fykaarrdt/
571. https://sukmagedoan.com/files/0ef5-p22er-djded/
572. https://teacherlinx.com/uploads2/7vdv-1pm4cj3-kbhxtpi/
573. https://trendingoffers4you.com/wp-admin/571ft-teg5h-hejd/
574. https://trimkings.com.au/videos/k6qj-emjl3z-kdvxbzec/
575. https://tuivaytien.com/wp-admin/9en9-uldjeq5-tmppidy/
576. https://umrah2u.com/heyj/pt0s-gghpod-hoyveau/
577. https://unitboxes.com/wp-includes/52ckg-c0fbx-sljwk/
578. https://vinafruit.net/dckd4o0/4glcc-v7lx8-tugfjo/
579. https://vtr.kz/vir/h7tgk-jzsjb-hvmnmfvn/
580. https://whimerie.com/crop-image/pjt6g-p8gbr-jemsli/
581. https://www.acquavivahotel.com/wp-content/53460-0iqp3-tlgsvh/
582. https://www.doblealturacasas.com/htaw38fovf/hu3j-uk77zc-dhbiixesz/
583. https://www.dream-implementation.com/wp-includes/99b1-j2uez-ifzw/
584. https://www.ekimkayadropshipping.com/ozan/5c5w7-gcoq7-atef/
585. https://www.fictionhouse.in/wp-content/v5v14-mcb8h-sfpd/
586. https://www.hakkiefendi.de/btafobj/yyrzz51-3nse8-wqjljw/
587. https://www.homeopharma.pt/wp-includes/prta-9oao9-utpa/
588. https://www.homing.us/wp-content/1zha-7s86pey-vkegrux/
589. https://www.idealjackets.com/wp-admin/ylaa-ln6p6-gqhzgvapg/
590. https://www.kuy-ah.id/megabusbandung.com/7mbn-byibei-cuptgwv/
591. https://www.sanarflix.com.br/portal/wp-content/uploads/d3tq5-yw5fd-avymywn/
592. https://yallagul.com/wp-admin/t4l1-vq4xf-inxv/
593.  
594. ```
595. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
596. ```
597.  
598.  
599. Creation Time 2019-03-13 20:55:00 (DOC Based - ENG - 365 Blue Box)
600. SHA256:
601. 8481adc2004a97bbc07bbc47f6601a7e7639b6e037e797686dd1a8d159264b2d
602. 78d791edc7d71e6fc275a9bc93e66a58934f4cd2ad6b5468cb021d1fbd0d13c7
603. dc87d93d01f22c38de94079e6eb4fe5e97001b37753be5a5c503fcf36ad4f528
604. 312ffe5cf618e82bbe2ab1a4425b6c2927319b52c0d440721a97f3eda519f145
605. 8f03a01f8f47e53607f1a6a9297a246e336df4ea26d62a8560652bae569a3fb6
606. c4bad470544e10dd6cced30cd7401a15d69dafb03d07c65cc08f4d20d4b5bf58
607. 2e93e7c34ebf56a7df68553db3978fe84969e0689f6df6fd66f04209d2a6efa8
608. 04e5044ec07d08ddfcf21f295befc3a633824c74a62aa8ab701a8a1928e95cd2
609. a51704c674881ecea35f356a5752d350beb4fd262fd2d497d12632c7e966681b
610. 0d5981ea8f3a35516b953b2a7388228ecc2f89da80fec3ac5b13dba11145edac
611. 42a2583e3e1d624482f525e388ca5aa9a13f7f9759c10712879280a105b0f47d
612. 17afdf7759ed22dab50bc59c3577df7d3ede2098f7d1cfeda4d52a34b6b0b00a
613. 1de033897656da4d0da38e639e78de54d3a98a93d3439787fe2eea65024cd960
614. baa05ce9d41917c1998e4d992ade31e001f94bbbeebd941c8d0f4b9b37176f8b
615.  
616. https://webalanadi.com/u2go5i4/HIoJ3/
617. https://heritagemaritimeservices.com/wp/pKKS9/
618. https://webspeedtech.com/i1kk0xi/lv2/
619. https://pjk3indotraining.com/sendinc/vDRz/
620. http://turkmega.net/wp-content/8po6/
621.  
622.  
623. Creation Time 2019-03-13 16:35:00 (DOC Based - ENG - 365 Blue Box)
624. SHA256:
625. d3b83219e9d0b536ebf678843e2f58ee30cfa9496ce391ebead925e0d1e4bb6e
626. be0c3609eaf16a3be0029364ff4ff8ade035332b134e5a0768e7b8cacc210262
627. f6ad8975fffe05390e74f611fe5a6c3c1e06b390aee11e7c1c52b742235adbeb
628. f68c7456e421ffda8dfee45a8ba0949ec875ed4fd934dab089ad102e96368a45
629. c215620d5042541ca6333af0bda5d949d9bf4474a576ef376646fa99349b1a55
630. 9d704e49a7679713cf5e3c7e2f0624fdbc8bdf9ba1ba9e1ee9a8c11d70cc72c8
631. 88407184a92e100b6b4870b5580c59acfbebc9ab735de3e3772b9e31b217a6e3
632. eb3eadec34e340d1980fec06f0b010a2c85262d487d238b497925d083fe80f5b
633. 03b839a583518851cfa649ba42889c759b56f6fd21ead9235e60ce0be5a5156d
634. 77f87389b50a69463262576c6dbab4326564433d83a2aeba21d953ceba2d3a8f
635. 2da5f4d10f7fae3b1145933206f31e270c87bc21e53ee00937b2cd6b803518d8
636. d5806ed71265c2d88ec5dafaada469e8de62285ca344b4e2829e5c616f16e58d
637. 295a025435e80b275f02237dcd8762a3d5f5bc8e2392c7d4b9a00e1837325d07
638. 278852c85a959736504168dadce542dc8f083510e7dc31e65273dfe4cd3c1b5a
639. 814842d9361d9fad65a2f5f05c09a1fcab4f7d5828eb74856129d3c67ef7cb0d
640. 75929072a2be789fd9d4f977fd05a552f075f85fa0c71f094d0a4355a10afe0b
641. 0d52d02c62742631761157105eba7976eee8c7acaa703761c8813f0d05e3028b
642. efcdfcad79c1de0c00d2a9307aa7f13ef7a9a64a9dbd996e29615cc99e80d7c6
643. c8644f90df79d4b5820438b383391b37b11c56795c6ae4ebff807586a9382692
644. dcf1c680fefbc1188a607f99e3d6a427025e227cf3cf80bd6671713d6d02e54e
645. 05c3b84310d870eb0acd511c1ec7b338718cafd6c953fcba40a15e9a2a7e7126
646. ac452f895ebdb6662b96035b019afb4746e4d3b6ec22ad46184cc80a06118bf4
647.  
648. https://inovatips.com/9yorcan/Cz0lHV/
649. https://hechizosyconjurodeamor.info/wp-includes/oH1/
650. http://www.tarakiriclusterfoundation.org/lbjjqctggh/2avk/
651. http://hiphopbrasil.com.br/wp-content/uploads/Y81LP/
652. http://www.fabiennebakker.nl/wp-content/uploads/1rW0P/
653.  
654. Creation Time 2019-03-13 13:15:00 (DOC Based - ENG - 365 Blue Box)
655. SHA256:
656. 006b2cd4c2c02412fe0dd8a9cf7e611ad5c6fa460a4b567c1dcc20894111b40d
657. 55724f81733d6c4da965a6a0cf488219263a5b7365b0781ef1b38398aee66742
658. ea799ce1d76161be37c5525785ea0b345016bdfe84f42c1b114a3ab60dbd5cb5
659. d426bb335d11917363958e30f898ca53fa988e0a2602cb051b3d8a2c586e0099
660. 44754da26847905082c85e6be8907c5512e7afb35e1936b3afc8cc3ae4cee412
661. 5504a099f5ff7ac92643c19098ad366629549a5fcdf880e0924a66845f7b7a64
662. 02db0b0060c650cd0e10af4377eae0a76452eeb99d30c3a636ab0be2933b654a
663. 97dbe3c733157d66bf760766b3655740179c5374515578650b71d0b09f031214
664. b4c7a89c1e188964e091ad9889aced80e1aff662c4a6f0baaf6aee9639e9c132
665. c6af372f360f24ee7df4606f1e7c97e3ec50a224eaa0a137981f98629f9af6d5
666. b81f2a6ee7fe7f23ff3d6b05cf4505843c8f1ff3fa0c0652c0855e668f5cd205
667. 71dd9d4f7b07f04bf0394a425c77e6834a991529f0044ca34553bf37ebbb117c
668. 6e61af278952468fe43dbd3da7576a945ee69245c9003e1b50db67038cd8ea41
669. 6e61af278952468fe43dbd3da7576a945ee69245c9003e1b50db67038cd8ea41
670. e65037694bb149bfc29e1f2925377e7160be6eebe1667dfb018310ec28c448a8
671. e988fb7108fbf9d6ac2cd8ef821272437dca3c97572ea8d43cc8ca1b001a31d7
672. 7b0aeb1fafd01c1ff8a60bf60943f927b682a0a63596e222b87c824fff7b1913
673. c750fbae7c0e21fd16048169b3cd224b2daa36da53614c786672d46c6994d54c
674. 7465cde86ed61dbf839d1bc110216c6457a8342abd181c3fa91053bbe34e9e3b
675. d7e33a6c9faf1d74c674132651d74a7a6816fb98c135fd0966cea6bfad79798e
676.  
677. https://sisitel.com/wp-admin/crO5h/
678. https://www.oppa-casino.com/wp-includes/ev09CT/
679. http://alpinaemlak.com/wp-contents/qubF/
680. http://basr.sunrisetheme.com/database/Yz/
681. http://india24x7.zeecdn.com/bq1yj4a/v8J/
682.  
683. Creation Time 2019-03-13 06:33:00 (DOC Based - ENG - 365 Blue Box)
684. SHA256:
685. 21588dfc9f03ec5f0b9b93b7f4df6b6f7f451d0ee83f0c9b5d2b7360fa4727cd
686. 99828606abf0fea099576f550192ee67621fa4dca310a0108adac5be96bcf84c
687. 2a083b74b963d4cf26db34ee675f3142a7be535da19ddcc1caee23f192bfdda0
688. 6769276aba59cb97262830af74100fa072254feaf1639a5474080492e5ec8849
689. 4970fbdc821b4e7777b49abae8bdb7829f929f3068cfa38d3aa61361a2eb1095
690. da052ab5e595f10a7d847f39f33deca3b9a23103d73e57f3cadd69a08810eea3
691. 3eedcefa0e9b7bc764508ba86d5d83169f1d910c258623993012349cd886dcd7
692. 17ea3b98b9c14e26840d9c4817ef44934d1e0bf820560e365caf66719c440640
693. c535878524e6b0d722ef8bf5585f62b545879ffc600c1618b7917b55cb9f2a63
694. ad85cc216d004051b26a5ec7ecc6955435f6dfb50a2a44ba481e9f33ab493cd4
695. b3725804dc49d1defc2001030259bdbdc0aea2a75d9b9b30a86e25488feff80c
696. 9b0eb35b785a275c51a5cbf8f761dd321fde2919597401a9a766ba09652024fd
697. 8b944eb452495b51a88ba872bce0f8f0f0108b5ea77ae04e3f5874bfeab0a65f
698. 58203f5f7a6ab49eb06d017d1228249d2757c2ac1acc1b554207c1092d4f8a96
699. 43035af2818fced7c6f61cf72a4e1040f7072ecc58f154802f8a866d48480239
700. deb5fd68208b44044f6d6c48fe635a65aefb71a8bcc2a4d14f2b1df436807ae7
701. a326ef41dd5c17ea3948b8a24f25d1134c6f00d77af3f01ad43143c90a19900c
702. 231b5b04de5eabbf5c806d3b49b65777f71c63e85c52a08f421d34252625525d
703. d7258b9426eba5b4d12c0c3ee5606c3e9e7a32089a040a795cdf5c7ae5df16ba
704. d653d670a42ab6346be9beacef5cd371185f09fa1a495331194317da4d721df3
705. 01146cd6a40d4d55312f40b728590463303ce8fa73e46ca83e9f71fc66baf9c1
706. 59bc63a32ff342b65e90e7ee7f976b4d2876c75f08fa77af832f43de96fdc5bb
707. aad4f9881e9d46f8e14dc0241d6cd0d1e1e821cdc176670ac953f5326d998393
708. 67f0f39a3ab851a27fcbac32f968abb61fc02537bc1c8b6a35537faa96475b68
709. 14d4efc93586ef405c2ae570d1ab4d80be97b33c01816b6a920d76b9578d862b
710. 72abcf1d50b1cbb7aba4cb49119c4bbb52bc0e9bef9b377c4f829c5ccedf5063
711. 545adf14ffa66e5315dc39d8fbd92857f73c328519df5fbad7a54c05e2305126
712. 1defd5695f2e471f07cca2434198f391a6e17a8b75acd85054a3bd8337801f02
713. f19d03e679ddb5282fe74013d83d7918c9061eecf818232c8e026543345cc0f2
714. a8c8515e31237286f648b81c37c76199cdac21b1230398028633b6c0b7cf2625
715. 8032dba523f7e585897f5de4e18844376b88888215bdc3c2132038f60a297ef8
716. e9ba1950c0cba787afceb3c933f1875b6bd6d4c98e5f6922e3e556513daeb379
717. 61d6d3d852d8d8dabc04ad8b14374546125467ffd1519c30e81f04ede7c3ad9f
718.  
719. https://gamesuk.com/nlapwof34k/6Cf2M/
720. https://nralegal.com/wp-content/HcOEPe/
721. https://quizological.com/wp-admin/IBXm/
722. http://18.188.117.134/wp-content/nFDn/
723. https://bai.alphaomedia.org/8fkjkyl/aTi7/
724.  
725. Creation Time 2019-03-12 21:40:00 (DOC Based - ENG - 365 Blue Box)
726. SHA256:
727. f3d7d9b36113ffc6aa4388f4d2f3f52349a3ba0984f9adc696b1a6d9db4108e0
728. 2ed65e9a1e796862f97eeebdf46152caf4f7f4204b801287bafe5b11e948ee1b
729. 4c9295e6906108f3dc926a9591a148e4e2636a893d4d2505b35a0d030635462a
730. d818fd24d2ee5426ca535b7c966021cafbe7bcbb68b9d6ce420b9006859f2df0
731. bf0ee1f25309aea8e27968f5d927fe8d05a66437cb86102d367305e61ec9f5d6
732. 563991d43d484069890ca97745c1d7267c918afc260d31a52ec5bfc899a30c94
733. 848b0b2455cb049ec8dfa798592de326b67abe036ae7a637c8aa3ab9e91f5cb7
734. c9bdfb2d6ac9e493bc391b2f64b48d8d5cde10645ea921951b23112e6d73545c
735. a42af575f713389ca1b0cd0156dceb753c1728cfe7c0e7a6036c53aef2d2d3fc
736. f832543e87f24eaa23f85c8976b79d7e49d1b4899f5358ba54a71b7c5f803e2d
737. 6cc050dadebd893bfeff98d848d2da02c9905dfb84b45b4a7004c784572e86fc
738. 75338c1551c3b7e1747e374d2d1e048eda3301e788bed120f976394a82197a70
739. 7ace18922dc77927af28d05164d4354e2ea1cc56292dc0780a137e888bb13f05
740. 888d9d4fc7fe06f42588d50edf544c1e4d94c76409e426b98747c947ba2964b0
741. 376ce4e82d96e1b20146e94bb7d595c2d36670c77d9971a2b05cb1d4894831eb
742. a91af6020eba6ce116b4a6f31da99ab28b94cffab38283b01f6efe7d3bb002f3
743. a06d630f62bc13cb49c794bf934a4a3dbe8cf63f352304e71c056199a065958f
744. ab99f14070a1880146bf32846020ba5145087e7690d50ccf8c0b38d09af5de48
745. 149fda501c9b22d7a769c06c3ab012903178e468405a6bd9cb7668a1ecd68c02
746. 3d06cca2fa9525c544d9afcbdb407df1ac94c225dbb7db55f8a2cfd6d3164aec
747. 938728fb61a1e0c5a5346e779b2d079d5e61b406c5888d724849830184ed25e1
748. 45239ba48e3bfce88487f1580b8966812bb1ce03c695a6a82f77a5545d2fc330
749. e6edef78f5e2f0aede80d62fb6c216721e8f26433fde5b37430738e22ba1f7e6
750. c60eb3d68445ab0471aceef71bf75182d9d2f92e3ef3ab4fb148d8852dd2c5d0
751. adaf3f62905f7f759c99478fc76a33c952ed41a1a0379ce0ac85e029a600f96b
752. 1f0a0b3801a3419a73b62daef965701107b30021db356d2c456de134fb35afac
753. ef77abec1d367990842b4cfe39a40724c696827f221f0582e3490aa0a9c26242
754. b9f83bd5eebbdabf1cc5ff8587ca2f12a91f4905538e65587b35bd8bf1132e9c
755. 778f3e4a81d385672da53104120943cb8b38458538aa9fb7da63b69043d6a29e
756. 37464b00b1c560cc0c45c400392040247176d700350e3464ba6df504789fd0e4
757. f05c9254634215a7d41caabfa7c59414c9be03d2876478e9c86022390df6ba9d
758. d8a23a26c477426b0a0d61191a036bc03e38f5811a600571f4f573b47d25fbe7
759. f6e3f5662d6950e77041dde2a384b25e4fe1fd94dfbd103a816c52f087f4b0ba
760. 907ee123931eaa562f4fc2f2942ff0f2161408a667e53b84d1b702c004a13359
761. 52a7dedd13c877665987b4b48254653445827bee819390dcb0989a0729e85bf0
762. 92412b4e4586736f6956dec8799274280f58be69d01dcb32ac4efa776dc2724e
763. 51f492b97688d8bd1f8b2ccb4e5a52f4e779df474243c79d462f0a8e5f352010
764. f68b9d8f5f8c0746a021934e42dd0944e77cc79a6bbb3129bb115e2b9240c197
765.  
766. http://emseenerji.com/wp-content/RRKu/
767. https://hacosgems.com/wp-admin/1114/
768. https://www.handbuiltapps.com/wp-content/w3tc-config/1b/
769. http://www.ryanprest.com/cgi-bin/jmEoN/
770. https://servifive.com/wp-content/wRvN/
771.  
772. ```
773. #### SHA256s for Epoch 1 Payload EXEs seen on 03/13/19 ####
774. ```
775.  
776. 0847501d8e8523051d54189afee8f4245bfb23b83bc5437e817a0924f22672f7
777. 57fd2b8f603bd19a0c09f22f6d0ae6ed8f2c21b3bd83019c95ce4ea52f32abb9
778. a2bf96369f1e0977488440397fd7d42ef7bd5904fd646f13d732d86f339f506b
779. 1adf937e8ce628c95b4fdb1f56a50e4ce424450645e2e99f0ea95539fd043193
780. 92fa7634cfa43436077c7355cefa11e81368766de36b2430cdb909a908dd058d
781. 8a546027d2a03e515abf89d820286c2c178b90640c82c97864b8f1a3a12e4ff1
782. 3090950749d9c3342166805eb48cf03ff5d950e1abc01bfefd8dcd4dd41c0616
783. 57505bd59bffbcb586121b11a634e6ddee9ebbbfd7416e6434c9c3bb83b636db
784. 7aed5529bc0f798af1a1abf7a75eb4ddaf95206686e431eba9268280d7ca1293
785. 1d4582d390718593502f0363c9a677506473280067ed2b5327c16a2c72ec31fb
786. 7be9d704af50234848e797e40f63097f9b289d5a137cc4cde9097dca1e14ec98
787. d2b9cadb4c3cbabb12d3ad1f46a8b55375a93f3ba1477b9e02591bbe7ecdea95
788. 92cdc90e15535dc1017a647c4cb1b7610bdb148cc2f4dcd16e3340899946a941
789. 4e821c60e3f1b7c4824051a7743813a63b81edcb284a721589bed9147d917ac4
790. e5cb099e98bb2dd4ebdabc3a89f4e8306136525bd6049fa82e437cc0273b8c1a
791. 5756493a4ca5209ebcde79feb918d211e6550fa643cd41e0eabdcb7571bec0d0
792. 9f0103311f2e99de7a0ebb71fa4b6f110051ceb55119debfa5229b52de9d716e
793. f46fc8d5d17b2caf4a389e08bc740921d985818dd33eefc6227c25a6f03c943f
794. 21955c092c1021b12546335bff90ea551c9a40e6a88a58c453a7286c112cd8eb
795. 3951c94e521a2304c38dd3c72372013992f2217d3f716ee43d6f3ba9a3d051f6
796. 633ce0bf5b83c1c7a2daf954fe59a1f9b49e67e1e065dd25068124b841e3ce35
797. 5b21287a79c13a7d9ec29ab8c2b8989b9d8f71a51da41f4b548f6e846cdd0b0a
798. a0efba494e3e4238723b56269e9e9a167ae07e6f6c9642f2ff9bf3a8e4045c77
799. 73d7c53956c84ab35cecb35bc80e07aab9cfdf648693b33dc63283053e0d7cc4
800. 2f91d320cfa8e25120a98b70ab3e340715619583d0e275dacb432e547ea80952
801. 6d55a42f7097019be3a1dfacba227c0b1f444c0dfd3ec343dd09ded83dc82562
802. 306acd2d0fc4c82170d41d962bd8cd00ebd66f0882d42c56eb5f47154946110d
803. 0b3d582d75820f270e27c9f092da60d5d5b0727d4efc7901c35df26506355d6f
804. abe90a6ed37e2ef60b52fbd69758687350b6a74990207ab05c280b29e142d1f5
805. 267399396b805aea0199c25358776353ce095f19527fd4451a518afd33d77807
806. 3259eabed6037a17e080f2f8dd3053350151cbadf98690e1c7539c5e68f5c5b5
807. e19b40958056093aa9143d508d17427345ba5fd3586fc6d709a8c19bf5590d48
808. 19201e5c952a43646c6552123af6026c825ad8392a86f2489717e25ddf447d79
809. aae3baaf9ccc1b361a6194e5833ca923b5e825aeec3fe22a17e880cb91b5efa2
810. f3da1c3a520f5338c46be109a49c569ae1c4fc4b8085952c111edc2c1515cbed
811. 5a769a4912df65b5129b7bbae2a05ca2f59ae6f15b45906ad74908fd80e4aaed
812. 4b7aa07d9c121c9d049c2999623cfddaccc74be17453a640c86a1674fe358dba
813. 9920d5120c8fd8f4fc1b42e380c44f58a818bd8a63de00217f606cd33132796d
814. 45401694a56129749aaba0fbc0d8ade465a1c1cbb745a7daabfa12e704e05650
815. 52bb9ffe1600566a488d6bf23a63ceba38f9c930f4018bddca57212ce3a55d32
816. 99880eb0f9cafbf9db1b30f108d70e4b0a82fcd9f6bb74ba08641b7ed6735437
817. 626b319eac3a5380fccc9a0dcb481e1e1d2d1dba7703f9515c9706d109ff6690
818. 4db4bafe12f7ee2fda8a158c2e6665304a7f63370fbb3648a5ece5566d344339
819. 00d2f4c09983e202112c9b415b02660d0ee88dfda55a504ce03c1788373360e2
820. 7bb6ed0514a8a3372d5cc517e96a5fe4b35b9ee6d4dbf25a7b85d3491002c026
821. fe9d33c80dfb14b6dd7fa1dd3d8cb60a413ea257ad352b29b16c8f4ad9573d45
822. aef3bc8c71f3b3b2ee34c3db7187f6b073001400f25ede2b269c7156f348bf08
823. 3cd063992fad8ba50de718ee8c8fcb760ed4721e9168c8af14c07a00e642580a
824. 66da2b9856ec75c865d297f21f7ee3906a28a4ec66067e4ddb0cc7e8ae30a445
825. d8286a561fdeb369b413d650af22e180feaca06f990daa842d64e81aea462c2d
826. 3234ee249f031b088e68052cf4afdc7fe683775d0aa5993f6191b364cec516bb
827. 07a246ab4adf0899d2281e1695dccedfa6ade5ba2e64ea7083a368c5e53b5000
828. 148896366873ef29b9b63bfb49755b885ada781f7f9e092b4ea2313b887c2e7c
829. 7877832d2f3b4fc65acc8c9a5e180ca261e7912efe731a87869a4f44dde3d849
830. 91574423e4a79182151148d8613d0dc1fd2892bec917e3c73608347fc44c6640
831. 5f457ee713c728ad3fad78ffeeef48c7868a82761f79d058d575dc544eca0e7b
832. c9c2b10028cebfb974d33b9588d39f363a0d3f18ac9c8ba348d518112c060e7f
833. a0be46e1a84f0900b2309c3f34d46064f15c4de3d246839a43e83ec1af2e2b1f
834. 89279bad065d1f296a02233dfd0cd7e71487113189a200b08dd935a00d4e3c4e
835. 71fb53c5ba0c13c58e91db5fb92abc9d47d2f78062cc786250b462161bba3865
836. bb9c18085017ef1db2d78295d73f27cb7d913ba5b976670f1f90ac1f4c2a89af
837. 770ac08c425dc70ec7b5f3e5b62331ee0b498ffaa28c96ed2b013686697880d4
838. 0e0cb43552eba661563aa4cf5a293adfb37cc89667568f1543cc615fa2112f6e
839. f597cc53c34ec96cb531d687b454d590cdf35ec7983097293d3c1f6bb3a46f3f
840. 44dc93a144aaaf5d18397a4bd5513f8ef030c120dec0447b5e143d1a0ff105d5
841. d19425ffbfa2eddc31b9e6c69db1bbb104b071c193741b417651d8d85c416407
842. 55074137cdb98e5556cdddf362bce32ff2a95acd5b5e0716a19b7c07ea56902c
843. 2cee5d4bcbe804c9897182a3b48e29fa09aba628293c60295b36612f1afc66df
844. 23ddd7f95f44c19409f88d9590820d27956ed35cb6c9aaae1ffb614934e533a8
845. c03e30bdd31d8812fb5b6dfdafc4d441812bf1cf08901281dc6d481fe2ebba46
846. 239e25e75c9a3a6f6b6cfaeb2965df4cfee05c81deda3f4276ff24c23d6b1fdf
847. 5e1233772dad5b9572fd8ebaa1f982bc3bf5126b888dd81c6c1cacee76759a11
848. 41277ea8c85413e1c33ed35ab0843d104e0b2fcafccb29dcacd14c97c21facc9
849. 244659171986d91a38fcfbdbe34ff4b38b9e4e013e1fb579cd1186839b546e76
850. d3f35ace1556e67064e96dd0812bf4b9bcd5afb84704214defef3b4245fc3c2b
851. 50726d27c10b617a8421032b4cceaa990a11892fb8dcc20259905d2b6ba5ba95
852. c71625bc3c3bd309c66fab8c2a354678d374228af5a01ad4920a4f31e43d1ff1
853. 3fbb0f5f5756561bff4ba734bbf6df817d67fba612b9420e2a01a448c9e576d0
854. e055e069ed13887f20dbe249b787086a196a8b8c515848ba48625902be84ce37
855. 32528c053e4824970817de753d900cf4071022c4e2617d507415f633a3497492
856. d8993b19e577ad0faa5db80ebb14fe790e837dea53560550a999ad307513fd56
857. 8ef42dd0b9a05a5761f3131f6eb215e95f5163bdc8fd5bdd01552f3b23c101b3
858. 320e474598c75521f6d84846fde887ed4ec5a952a6ea13f208ffb280431f2f7b
859. 3ec3ab297d4d1134f1735ee5167cf8beb8f14a57df963527e33417f3c2ac434d
860. 03a9465098c19a2a6910f0f26980b862b19db67630e8d5879d0f3cf0fb02b0ba
861. c0651af105df7bbad99c0faf285901c2271a4c027a0c2df64f1011ad2b7253cc
862. 75332680f5b7cb6a3cf6189dc4b868fe65493ff923196f4cb6ca6ed99bafa961
863. 92ef032904121434287222d92eace4a13821fc528432ca14d92154273e8032b4
864. b71a7eee111e96ab7fe09b3340af03242ec2c681460a37203f8d67d4e493b86a
865. eb8285ffeeb06f4c981c629c4719dcc7d7e5967ebabcc5ee5da67f0e1a9229d3
866. 28d79a5b12a777c481ff971224ecd759d706f14e2b12943db1df6f47546c9685
867. b3952b06ad8895a7b2fe0ce5c0379249f4d6ed096336497bb1c6f25f356c2d54
868. 147069abe6b7390d9500fed46cae22b06db5aa7887de65e1e9c27a99b4501bb9
869. ca2ca8187cf671320ad1fef4c970314c1d454b17672814bfd756f8cee62c5883
870. cb9b6ee3528c5f9538e5089cfe39b0aa04a3668a5f9b3e0dbd1b4a5fc6c8dd1b
871. 2d814daecf5bb3564dd49eed374816eff56fa4c1cfb0b2d39e7ae318b4bdd452
872. 467cc7354f957b4d54cc26d544a7f3a4b3f14d8c45f71407af4eae4ca99c4722
873. 1e3ef051305e6292816186828f1087ce50f0d10568d61f8df7c9b06dae1765cb
874. d07b5cfe04303021f78ea1b282e8d63f89387000709ae1f06fe4ec9d6ce42ab5
875. f8fe6bcf2d8b9d072b2ada141aeedb4c0bee475351101054eb66c073517b400f
876. 9effb9e39785342b07288a5167c4f57b16e7443845fedd1446cef0108cec134c
877. b62a6a557d2ddbe4e0c34768bb2dbd2806dbf550a3bb3dda5baec35d7636a181
878. 1ecf66a8250ada3a01f7fbd027b08254d4747b07c1c35ccd4472455aaebb2563
879. 6cac3b307508307a3a54b60b9c63d11b2bf2d4b96ab162f12b4beaef38ddd270
880. 1bdf911bac795cbac8bac81595da23b91d8309cf01d3d2d288fcb2f8d666551e
881. 95dff2d1bba48bdd20cfa266224e191a28f9aa84a208523e68941883327b8823
882. db8e8be72055e05560ba18703a8ecb38e578efcf367745f50feed7a2115523e3
883. 96df3a5fe992006f83ce216d644aafc3883adf39b1e0eaa07ed162fd122d8d18
884. f6885254828fe0d341adf12a93f090f2877ee7eb99a9e27408c8fdd5121d3ecb
885. 961a0d4b074626720c3430af724a519099810f89bbd23fb79a1e83e1d2d6831e
886. 3ce1cea3192a82b0bbd9f65619042633dbd5d70e4f6426295f0960897fe1c6ce
887. a5ac1c6c19cbda0c73340724dc3e51947e201fc8998318b4d3ddb9ce32544c95
888. 110d8aea4d0f360838010dc72ed0b2e8b09e8f2950bd2d3f38fa17452657cfd9
889. 33611de2f350afd335f98ec2a0f08c4e0ba3051b433a668c72b9cb4fc54956dc
890. 89c6ae21128f1b03d5c4bc8bc75f1672caea3f0a17741e9d80e036e4ba80519f
891. 880dcc9d3be4b77f2fc4a7c664770442a1b668076fc9c644edf1b9d35ed212c7
892. 023d53a311958769a4d34929a04eeb9fc07ae133600b63e1604755cd9b31b430
893. 9a87b69c86104f6aa0c78d8da86de5e0a35013e05ea6c22255fc037bb269acc4
894. c129780ffedb8d33ea7f5c4862f67b146526cb4ca3284ca086b4dd454c11aa8e
895. 94dc718b65fea9f80eb8f8aa454b648d1527c50b6e46a737fb5bbcf1e543e184
896. b5918af35c041b1084a218ea8add78e60bda28d2e00a9d19930411ec1329d6de
897. 666c5700418811241dafdbb8a0dd2447cfd24f618f6cfcede16d1a9cab940f1f
898. bc13a2baf9353f8503a0e2a804f9694bd6e0f2070bf8e1d34e75f76e5d17ea2d
899. 47f8b30111081957eb06a5b6833f2ff8c619ce74444bbb4b87e69ab91e6c7ebc
900. 936589b51b63eeee50f38dc42654a1a3affae1173b08565757b3e294102d8779
901. 8a9311f7b37cd744b421ca17de6b6e510b4a1838181955d0472601d1d18c22d6
902. e319ed37ab3bbcf53a97866c8a130efcca49b886d455372085abb7401d265767
903. f57fd13f5b72fd9e1766b73fc811aa0949727b60451509bbd47ce65206faf3ee
904. a3a9b866ff5ce76d84ce4fbd5a63d4490c64518222b5b1689429b66658ef7aec
905. 73b2607d42c3d212a87ee9a3e87bec3f9250d029fb9ac47b0237ed0af34307bd
906. 7800628f2457a989340f375d4265fb9bff77a39428adc5847ad46ca93ce1361c
907. a1d560412dbd98fa4862807c6e4667281cc724ea8bb9c871640bd337be92e2d2
908. 7611e8f01391b3bad46ef1b5323ce640f15c2911c62948ff65886e1383569154
909. a6b7b6df0843219e1b011782b011b7f73397b907cc7f95ef584b46462c305ac9
910. 984213af9bdc55735111cf3dfab491c4510be8ffa09c65ad30b272dc4d5ceb51
911. 32ba7562b04aef4eaf0e8e0f4fd9f81b3eeb4765ff28ce9e7a615d213749e643
912. f144ec0229ced3ab9489ec5ca6ca0834c1b7a183dad22222741cb861e6e19813
913. 702718728014a4523aa018b7ccae38bcbfc3f80a4dc3c47e2e83e63dcbc43709
914. 702718728014a4523aa018b7ccae38bcbfc3f80a4dc3c47e2e83e63dcbc43709
915. 780a0fa60c3e5c741f36bc3bdbc5019a902faba1ea68ef2404052029cbffa93b
916. 3a28b1b94ba9d5829104738024ebc94fcc06b74cdf0e04262ac1bed5d370c4a4
917. e5650cc0ce09caf5c6258936f03e251443af954d682045fdbf0c80721c68735b
918. 6a2baf0196daa619ba996118a3a2b9bb298b41a24d00baacd683a2320f712c59
919. 5f93f4fe8e449618c25ab755c617507efbe1d974b2f0e0122778373f56309f16
920. 79adf71cc11f34e2e30291ccde6d4f46a504d188a972bf5b30f6619d213f27d6
921. 24c1e2ecacc56dd0481555d748d2b5779bc68f26118093213b714c789e5a61b1
922. 5f53d08eae9b42959b9ca5b2bafbfbc8b7563b4e0b0b53b82e74f3ccadce586c
923. bdf8b7e04e8ac9a6a684e866a3607a5edfa822ba43b8c8996c68b5ed782cbef1
924. ac8ade03b5c629940a4f93cdf4201b9f4d33de64b717786e2b167b0b15af45f3
925. 09a4b4eecb910ae8d86e3cb34c215b8fa2e0bc8d3cbd11117089556b77f1e520
926. 2b1fd74b5dd1af6a665d2a0f4573c2ef240ebad7c5c13ba99dc3ddd3fbabb8e2
927. 34483e2be620542fdbc754632fc665e039084b6f11b25be3334179b47cd57d35
928. d39ef61e46deaaa88c15692c52b357358001ba0663920c3ec48a721eda54eb5f
929. 646d27d5e2d703d199898ae5474c78f6c3ef98ce11cace71bb657ccc4093eb39
930. 8c71224476257305f0ec794b44b5cfeb9ab310b65cb69406bd5bab4d3459c2e9
931. c9c6b2aa3fd6ba06ef4d59050a864931b663337d753ae9aaacfebfaa67c56af3
932. 89efeb02d166bab71bc91c4e3a9ab4e79b42682f0a605430b7a3a13eb1a9da3c
933. 3d9c842cddec5621a9b0ce6b74419f97f2f39361f0a35ea032a073687e155562
934. 423b248e186ad02bb6110070d4abd8effc9e00ed74ed47c5413a6fa5eaff9b53
935. ce6f0c7e7b3e92a5b8241f5490985ebb402b5625fd87dcc6c7f17f9abbc46daa
936. b9b7b059e197372a8a1af3755a3604ff0bbe3339dbf435e198dfc82557cde9a8
937. ffb44c5928861a41412017596cbe59326ffaca7ffe89cd0cd98c40f4fc5f8f48
938. 254066aca4e5234cdcd399a96b2a111f78f0e013476d12b3aba8b1335d8f0fee
939. 1a1da325d42d1d096d69d9fe4e973f65a7eafc84d7e57f4feaf0a92e6bd4d62a
940. 81de1948bfe39a0a9dda4ac16cfad7932125f7b005af543c814c36eac214f95e
941. 0d23b88389a44399cb2b5f85c369d7292e0a54ac5893faa2c3411e9a40c5f72a
942. 0a91815a052c823c85b9f28e0fad530299a77e97efca848bce5e6830d88a5712
943. 049a73457b1e7cf35470393ef21909eab2feef93d01e4760913e501e66162adc
944. 56177ca0ca39f7c8f11684839c968113ad6ec47c3b4ae5b918ffff4d85a49909
945. 69813855655f02c0581bbeab893bd301c16bd9272b0642530724518c6a6704cb
946. 583eb1e96657811a66683aba460ddb88ca04cc362cfbdbdd20238f99b7db78b2
947. 500e7b4093d48d4557078b99f0f37e3c6ae93b843affbc3953cdf8938ad2112c
948. 5df25f7c17f84ddbf3a6e557199c65a2f4a6a51dd080611f4e4bbd4980eb0a7b
949. 7752737fe141cbf8d71a544b1352b7819ba7c727733eb5cd559dd81744a240d9
950. e79924138581dc47ef038d91313f4696ae1376aee5bf48cad45c3742ac125866
951. cd190b85b1a07d45b987b830b22a48e8eff62a7758d8f0ab3546dcfd588dba77
952. 917343ae0e075fc373308461295a2635424095906ac231407050171feb1dafc7
953. 34c0dd7158b361a47ee85134698bbd77d9b15e0402db81b67896530e104a2119
954. d4568d37f551873b92b54635ff794d43de50d18e723d700ac88b4a893c381094
955. 3632b816a1fe4a4541ca1e1b42c832610f0cb0e048bc5ce50c5ac08c174da630
956. 501df600ba6bb4cd1ae32d33b4abfb389ccb96f0f510166b584458aaf9be4d92
957. 4f67f8c71fdf0f8e1f7bfc350b6455e67e058a0b9831abd9d32fae33eb21ee2b
958. 22d25a64d4e36578a9e00d60cbcb46f6de6cfb2c45f8526f408ff7367de5676b
959. e7ba0e7123aaf3a3176b0224f0e374fac3ecde370eedf3c18ea7d68812eba112
960. f6c01fa219ea9a8d802fd0f97e6226045f08357b7768400c0502dbe94e4620d3
961. 43e077fae73c849bbd1f51c6d5a3990277b047252aa6d71fca0afd064482ec6d
962. 94731155bc37a2b6150a6e8d1f25f825fa3174857d7de65d3ebc2d4c381f6e11
963. 68f4ae11a59bb05434c5157d657a55961292d3482c4818f9f65f46ad1f078498
964. 86b1cb620be8d2354bf0d793a9de1519dba185f2649902062f15d4c507730fdf
965.  
966.  
967. ```
968. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
969. ```
970.  
971. Creation Time 2019-03-13 20:41:00 (DOC Based - ENG - 365 Blue Box)
972. SHA256:
973. 4980463e2b50f6fd5cfa08c9ff743e5f6878bea3a753f8b992818723baea9642
974. 0366801927431f9bacb7f9fe7fb45c3060f20640f750b1c930bb6141be205990
975. 70df1c010f3a153732b9d35608df974b997f0d0ade26a4c0ac10b901507bced2
976. 0e0f87407e98baf9c5a00a2ef33319ded224cb30c352208cc00972a3931412ec
977. dc724e42ec75a11bb8303c163323cc54689a0d99950b5a912c7586d1255ae591
978. 653d04b96f376ee2a1196bd42f741ce2cffb3fb82267a1b84ce8f94a8bf48fb2
979. 5b336ddbad66d4990622940f95c0468875680ed223eb91da64b8f06787f62880
980. 68dce955a6bc3d64ef8e4ec0c45fb667a41d01278b4b7f777b3a82f1065c407e
981. 08aa80a6582dd6738d7afba27bb39ef88b0168d1a7ce656ec02863ca5f9d3474
982. bb98d6883a5d7169513f3b6016fe927ec6a44d1a5c0b661112175e66e554e719
983. c8ccd9bccc525a4ee561fcb42daca80c8c4b116579e4bde8197777d416b7e8bb
984. 1228b439b723a9009e82cce1f7b50d99fc24e09a271d5afca9a758ac9fa4f7f8
985. 84fe6397446dd37de37f0bbc598764d696cc11215bb0b99e3b01b1f514dc23c2
986. e8e0725c73c862428d35807060c04fc4100c753f6bedccbee71bf43953e6c90e
987. 07195b1c470d44d02650b4eddca96698fc79cc91a50f5794cba66ebeb72ffaa8
988. b05b6104f9cf5885cd0e95d71086b75aa958c95ce56d62f49bc4b9820374acaa
989. 7b6110adbe805d0d96997256f6f302079a2619542b8fb7e16a35c3f263dd2a98
990.  
991. https://www.theblackcadstudio.com/wp-includes/3T/
992. https://whyepicshop.com/wp-admin/1YD/
993. https://www.wl-interiors.co.uk/wp-admin/occ/
994. http://aliyev.org/ldfkbse54k/oX6/
995. https://interia.co/wp-includes/a4d/
996.  
997.  
998. Creation Time 2019-03-13 16:28:00 (DOC Based - ENG - 365 Blue Box)
999. SHA256:
1000. 5a117fa2056db6e2722e04adf9ef66e9c190f390d57aee7f4213bac34bb85be7
1001. 0c8013e24c009372f522d5bc6394f69f9786a7418e68b802a65001439f9b0cd5
1002. e05626027cf2f2c9238e783d5ccfe15b9a785aa068cd3ae615e2b94ae271d5a8
1003. 453ae71569c49be9931836de1975dbe6391f599db93ebf1d25dde287b6a7b4e0
1004. 885d450805b4533de239d8ad07d9a829ac95828f6e4efea60dd9660a547e6708
1005. 035ff77c196a9179e00d6767ac5c3ae754ce4876670144bcfe53fbf62ee11621
1006. f4c1cb77cb4187b8d07590da7e54bde5b90f34bf9c0d6850ee9caddd7ba06b56
1007. e7e02fb9ba249ba8bc0ea891684551c7aa141c7d49fe2efbb462f0c57779920b
1008. 2fd6fde0096dc8267c469772b413e930a025c94c92c581b01f82caee15f2c4bd
1009. 3ea8aefa60827908cf6349f97593905805f7a8e82bd717108e8a818fd2682595
1010. 5560ad1362c9e6f66b16e48a4ab157b48bc3c6a265832cb8cbf37793aeae96a9
1011. a3bda6ae0782fdb40dd26ed33fb1168f05ae1b1e5c5d420a3dde5a1cf747b3f3
1012. 510cbceb74044f566c7bee69e4d187f0581c3eaad4739bca16a48bb8003e1f46
1013. 0b773b5e59c67e54c5df0c164f3114003029896abb569affe089ddd3635fba02
1014. d58a028acda9657310f24c7f0cc597540b14729046c72323acc2e2a5150e681c
1015. 4e5f528dc971e4d928591fcb12617187c253ec93b5342287c94becd825754f2f
1016. c4c1e78cc4bc1df1efbba653d4d79c1a63e7edf2205c4cfe01c09f0d3341c745
1017. 77cbe65661e22ec82b15e84af22596ba101a5008cd313fc52d269835cf46c4be
1018. ba67ee187edf67affde3b109037e866e3754198de04fee3deec965cbbaa5f8ac
1019. 5bdef04d199d548f940201ad17a530ee2ff27a76c95ab4ab321a5b1e8d259fbc
1020. f1fa3cf1282c2f630490ddfb88adb7c4c672cab80c78edab602d90d712f21704
1021. d2005ac2c423a81d101e6ffc535e593b47c55aca7ee52aef03c591504e24bcfc
1022. 4dd0c2414e57ac8a5dbae791bca1911aa53a404b01c37b9ceba0961a35787991
1023.  
1024. https://kkk-3712.com/wp-content/aQjF/
1025. https://financialdiscourse.com/gnh1bcv/waG7/
1026. https://giangocngan.com/css/vK/
1027. http://1lorawicz.pl/plan/lQFE/
1028. http://zymogen.net/releases/zgl01/podcast/qpUY/
1029.  
1030. Creation Time 2019-03-13 14:14:00 (DOC Based - ENG - 365 Blue Box)
1031. SHA256:
1032. 4dd0c2414e57ac8a5dbae791bca1911aa53a404b01c37b9ceba0961a35787991
1033. e79e52b33e81b6d039817aa3cf87726db6de496fcb36477f29483a5730dd2874
1034. 96ab8b7fc0b45cf2fc1277ad938ad4aabb1bcc157f0259e456b76f1684e4896e
1035. cd75eda017abff329abfa5162be02c8042c86730dd948a6b423d3ebce5f5e3b8
1036. f54ad758e4ee395a12956b665b611ad69b622e672d9f4086e8754f4b301cfb04
1037. 8ef79e33fc1ebf640f78cebe13485489f85caf08fbf4cee696aadb977f21d6e7
1038. f679763abeea019bdfdc22e23d9be3159ca1f325453f34e94954bee50176664c
1039. 0a923af3433f18c4d3c317602c3a00ba8f0f49e87da469b06b69df428e7698b4
1040. 1157bbcfa2438b4142bc1dc163952714ef2e084cd27698f5c2f78193367f8033
1041. c177de169b84382b1809efd361d8e5a6ee6eff262f479724856686d03c6bb6db
1042. 64732ab1f700b865a24a0fe06e94a54a40724568af5381afd126096b59f18606
1043. e09474de88f323075c3ef4ba54c458e3275ee102b72a2bfc4894e79a9703c542
1044. f256396752c6a4164b4097d493b202de43fb8f8d7bba372dcd7ba45ba3edfd16
1045. 3eaba85e842d0ed0489d430cb1bc37d1fca702845ba478a0e290115bebfd8827
1046.  
1047. http://indhrigroup.com/wp-content/uploads/BU/
1048. https://lackify.com/wp-admin/N9/
1049. https://financialdiscourse.com/gnh1bcv/waG7/
1050. http://loris.al/wp-content/b89t/
1051. http://fiberoptictestrentals.net/wp-admin/fs/
1052.  
1053. Creation Time 2019-03-13 06:48:00 (DOC Based - ENG - 365 Blue Box)
1054. SHA256:
1055. 6295b0ffde635729cc0aef53a06ded688f669bf3f6e613929ee22b5472152df7
1056. e22b8402e2deef40b1d2f6e8f57744dba945fa04430c1c44b6e32127c143ff05
1057. 38621a8ae5316ff3ea50746e746c16c4df6a4d9df0ccda56332b450019461d75
1058. 47f3f87bc57341c15aaf9fc6736ed513185e8347dcd6bed30b3248a5bbec92ee
1059. 3b44f8ac63dff8be2361c9be9767bdcf8e58a35e4d985c5ed9625304e0211b50
1060. b2f349451dd5ac198c12d4fffb265ca99f0d9325939b53570aa52ed6a94f56b4
1061. 7bc5adcbc4a6b78f2ac46e65a760ea4f1eb71a3e61a7e03542b300de351c582b
1062. fde0cf9181d6806d3be77a08573104c0ad2b75857439ba42df309bbe1ce82927
1063. 5ddbf58f792b050f2451b4cc8658747da000c4ffa4cfba9b2b09acd649faab72
1064. 6767e37d28018d2258fdad24eab974537a5379a8ac23ca55c47eecaaffad8ccc
1065. ea4513e22bf373d8dc75abb1db7f176816eda88750d38902d9cb27191c9dd20d
1066. 0ac845a32b3f6d9de16fb02bbbe80b278862610284abd0c5d711cabbd4046162
1067. 6a3d5393b867c0233e8099f31ee17936bb2f106dc49135cd3b7edcd28c8f1d3d
1068. 0c4646cd74ba4e2679effe7eac5501cc5652f7be7068a0e3b64029c622b84a09
1069. 31f414ea0c92a45c21bfff83ba56921c9e679d8e9536affeba5ef27a58372edf
1070. 7769b1c45fbc460c5b14a5b623d82dbdd22535b80a99d770933132253cbddc20
1071. 062080a241916c13988d1be4196e03855c473fcc3cb370bcf988643a84bf36c4
1072. 0d03625e351b5f1f91de3253bf7a85ec4c5d34166069e089bbb4f0b7e92dd85e
1073. 6504e47451130b175450a92454397f219d27bd39613050c6e2d90590f2763922
1074. d0cc9d389ccc80a09d9f241ddfd4ebd0560667aed9d89f94d4deba3811f7232e
1075. b2dc409576f5fb294aea1ee3ee9fa8d0bbb0221700d6aade1107d71f5bdd7bdd
1076. e007aec492e7d715ef55ecddc00c4a5b1b08bbb6e97e558db02841489e09f0fe
1077. 97f1937fdb3e3352a8d543d9fa888f317342469159f447909a32fdcf12ef2375
1078. 97d756aa53ffafd6ee88e1e873d9476014bea132e6e8922e001eaeafde70d1a7
1079. 9d2104ed763c7cc7766366d95bd92c05a813881a42be0f44aa1fdf8496a652ce
1080. bcde8c683c72ed70f903b6cb88b01976e2c37ea735b02719f4ad04a956780f1f
1081. 5f62b4e951270d74a32dea3a80caac1ea810b08475cea1e51dfc665a608922dc
1082. 54d8c502a0b6326dc098a1ff932662a1f394f28c8392f30143bd08084ae87add
1083. ec36e27710133703ea0b27ea2b0f94fc48042895a13117058bf25e39507d0594
1084. a07fd7d2cdae5fbf0001cae6c854480647bfdd147e82a79de54d0b142fd09a75
1085. 7d3089cb9930a9d0c0fdb7d4e5909ee4a9b470476cc9b99e57bb1eefba7cf7b7
1086. f6f00c225c8825c2c44e826556fa0c9f099d9b25b5fe7eb0087396742b58c513
1087. 105adeff0a2090e95c400094a1f1ae53e4ff2b57677c771e5e10291e81b5d9bf
1088. ca1dd75b2b289e24966828108846664b2a0c664ccf1a992f15edcadd73c11c34
1089. f5e059691605cd8a750a84e35bb59acc2dfe50be4bebade07a61d5c66f3ce595
1090. 19bffbd1d63574f440e9ccd70a2a188558010d8a1f34fb175b1cef2f6f13e2a9
1091. 09155122612febf71e09c3e646831af62c6a3c15202b196ff378c363e9f09051
1092. 9035f9ec39078357560ee6c86e41c62fedcd755433235d0563dd91715d61371f
1093.  
1094. https://haicunoi.ro/cgi-bin/2TX/
1095. https://crosscountrysupply.com/wp-includes/OpF/
1096. https://akuntansi.widyakartika.ac.id/wp-content/uploads/tEEe/
1097. https://giangocngan.com/css/vK/
1098. http://ebe.dk/_borders/cZJi/
1099.  
1100. Creation Time 2019-03-12 22:05:00
1101. SHA256:
1102. dd8f42677463d31afea67c4849c85d1e6b44c47dbf6e6dd91d51bb5f8506712e
1103. b1cc443013d6bb4f027d3a210d785eb0774da87a4a235379743b12899c366a31
1104. 67de982961e0e8302abdcedee42a267fec7ad634a91b8bfc61853cff8eb5110a
1105. 917136a08639a09992ae538ab96b6fed8f6d9b4b0b89c2701c98d1578554fc7c
1106. 95cd97d5bda4321e29652e558564261378177c32548759f84c219f7a979dddb3
1107. 33263e1db9f53ac685e18896142c4709b70b1aa8df205cdfd5cbddcdec615ada
1108. 9cdb4ad5d8c7e747143f793a24a23a62a990438ed88c00eb316170674b2eb8d4
1109. 34831397888c2264fa3dd379bbb2c4b536c73e886d973c1b23f4d3a0a255c026
1110. 15c590d30333f5849a124b6fb3d9a5050e98acb5a4d1f7012e1c95ee809a6500
1111. 17264bd694798a1487e8f996428ea3e22bfd75dc5b4ef3acfa16483944282dd5
1112. f90063f685c1e7d8fb09bce10a46d8bb55f02456554a6ea9ecae519d65364f3c
1113. 9182694141ec79eac6fa2293f456eefd3c60102e8302d2c27c131af8750d2490
1114. aa91b81aa51852d422acd478250b2723fabf678782c62ad5fb2e42f9a329c6b9
1115. c56e776e3e401b58cbd6b718ed3a55fc9ea8f6a8285441cbe9d8536fa31f32a8
1116. ced8afcc928741d9af968bb9792d764e0217e3a8588cf5e64261068429693c94
1117. 4008e847c3353217bee1a8e56338c60af43cb8deecd4381742bdda42c3b18518
1118. bb2da6ffa17b63967a8b53f2587ade7242558133405ac27a0972518a37c82994
1119. ec478fd4170182e11d933ad8c46ca467d2c23612325d1b3da2ae9f60950b0c21
1120. f104ce56fa0105538b4a5292877792928fc1f0b940fd08a228c80e7b7d47355a
1121. 3286a649828564bed5dac4ae9abf61465499c02d45c162e1687e38052fa58b04
1122. 4266478e3971aa9fa7d63123f3de71a9858aeda034ccc1423985f62a1aa4280c
1123. 2cd981c0e17b6f2f863d7a31edde40e0d77a5aff9061faa0ff65e77d9b2fa559
1124. 1717f67f1c5e0575d090d5320228d92e085c7a1f1c151ef3b25dd4a64542801a
1125. 0fff0a9d7fc656ed51843a14cf70e9dbfff30b5bd6a87b68d64cdd83bb0d157f
1126. a0bb6b4166562e4510aafdddba6efbaa48badbc6a64a4272fa71b94a59aa5e53
1127. 27a8842b69927746489d11a3d1c8370f79efd16181121b194281757237cf3598
1128. ac32faf532410005c0b38b8cabc3b3cad397803188b67252c6ec9b277fad77c9
1129. 0403c2433da352b39fcc7c3841134f4f92d6da6728f7ccc0bceda895103af4f9
1130. 9de9635117421d4dfba8bc1859c7e97fdd31e36f7097b3f71263d83c0b3cb062
1131. 9de9635117421d4dfba8bc1859c7e97fdd31e36f7097b3f71263d83c0b3cb062
1132. ebf0236016bd26bc51a3baf6c96dfa121b7687f2c8a4ec34387e3de37623ab9e
1133. 4146667bef94add4c7d2810b1b5b53812fb854c688294b8c04a25e3a82ecab46
1134. 4b4d8a990f406af35a4b75941a67f17415043a9891e996dbdb126eb4e6cf8b6d
1135. 9702da355c82aa7234cb83fdab133147447ce94b43d90b4ab584bd95ac436034
1136. 48a05e42c864732c48cc5c71a47697454252a527c23a0761e981ffc7f9637345
1137. 9b3c46584ad0db8612896a19c1c2a0ea2c45bf33445c852e15a04eb6701438be
1138. 2c23061c8d875a9ea799d2ea6d689967c947a82cf49a70ae7d2fdf6d4da0ec84
1139. 93ed81779f701882b3686a5a15d6f377c71b957c05bcbe410dc2068313a36b19
1140. 8a498dd1e1073f81097bc1216846eb6dc1123398c946e085a06be7e7ab64b626
1141. 31b9a179451f9110863376bbc0ab529adea834edfda8eaf667d73422b76ae19a
1142. c759dbc70c2d11c0664b44d28a6ad48274d7576b84ec359ec45306f7d1eee5ea
1143. 9644e6dbdea52d13e5891a14696d32ffa08e4c7821b078858f7a981328389f72
1144. c1f35be03eba8bd07474f8f2bc6040513edd11b9832d42b41d41b839d98cd353
1145. 263ebd30efccbab8eb6b80d41720f5797f6d8d3ee8eb045e1d6e6746d4265f47
1146. 5015ed9aa5bc208368bc38e20aed1071acb342ab4dfa61becbb14c124f07c55c
1147.  
1148. http://gastar-menos.com/wp-content/0x3/
1149. http://globaliaespacios.com/wp-admin/R3G/
1150. http://gisec.com.mx/expertos/J5f/
1151. http://globus.pt/cgi-bin/0JB/
1152. http://gocreatestudio.com/ibilling/wZL/
1153.  
1154. ```
1155. #### SHA256s for Epoch 2 Payload EXEs seen on 03/13/19 ####
1156. ```
1157.  
1158. 0ed0bfbf99797e16ac9a608062338167313a27254118a5e187e20eb6ce5c9a7b
1159. 820539873f692489c469835ca41bff712ffa69799940f60c30e62550687f2858
1160. ba9f20ec716b11e16f2dd26661152eb0cf50331141c57fdb5b013915b6248fb9
1161. 6884ff13688210b058fb8894bd91f4748f8f09b78db6f2cc7f378561a00ad826
1162. d536c6f612cade3714bd0456ace828b62c7390b722d418df79ab36fd79727c36
1163. 812e722f6be52a36b5af6089ecd586371452262b31ed4ec8e33961efebf66855
1164. ab9ce727fb8818edcfc4f54a7d4d581d131c31904ce8115b2474136c6007d182
1165. a5aafa815d5251491d9368dbcbb854d574abaf3782c3653ab0b0cad0a2765b67
1166. 9628279a12ca771dcc8679d53b894e00a2cb0569c58093f8a8aa39b29a963114
1167. c6ba81b030d76052a4f9fbcda9b6bf114a7d5f3a3d1e24c07c657bddfd705ba8
1168. 742125d223ab77c4d3bade31d3ce379089c6281384117005d6e0a35756ae7694
1169. 2536f9c4669cefac21f979076deffbac5108fbb0b0faee9c814ca30d97bd41bc
1170. 92e3a4d5dc8314a577e882b2f011b83b203b17a19e19a147b070347c887620f5
1171. 421d0c96ea2a5b8954e27d826898035b9e0376343e6e20f6dd13b733551d757f
1172. 1207d111b1a3fee8e966a4c4708ed91067cb34239f28332e8b057efc0bddebcb
1173. 3571cdcb2e9b1f2be7183317986ac828d08ec7a95beb3fa9d9b50a92a2ba9cfc
1174. c5d54767a9a64c4432bf90c506cc65775e22ab46167bfd8f7c04ee8d7793d90d
1175. 3edf54504aae9be19a7fecbbf440a48b846dfc8dbc744627c60c427bdd04fa4f
1176. c332c3dcb1ace184a42df009965e4a967cb8fc5a8912afd87e6459087f8b0748
1177. cc8fc33f9267106da366c905deb9f1242bf016880db99ff881125c3958578282
1178. fa594767ca7127f2bde87a738b814f71434a0118c617bc37373085a81b97216b
1179. e7d2bd28f63ca557e6791d3bbf257ad789140fbb0fd7de5b6626513c050db09a
1180. af1294b29e16ee39a179668a1b972dab0b11bae8414278dcd90f42343e2c411f
1181. f2829d7441be5f7187686e2596814367b2170c15a5a0073b22772466550fdde3
1182. dd999c0f7c78e7d40b71f614c97576e39d2a75fe30e3c5b8305e48454f856344
1183. 8af58441e3e74188b91d8fccf292ea6374354865e02ca3c0c6fcd82e75640b2c
1184. f910f8b8a268b4b59e740b80d9c55e2ebf0b7598da58e6a976e7184166c8c056
1185. a8fed238139b36cdffbe4578ed88a81a2bea257ddd4b347755dea04672be2f5a
1186. b456f8fa32c18a98eea0b8b42f179f0ccea73df46b1bb690932182662752465f
1187. 44bd2981e3bb8af616283f73e06f1f9f7f1d7dfe5390dff6582807ac4245f3cd
1188. b26866c05f2e93105388eb7a69b69a0d9d46788e1a12a6d349232b20da5e521b
1189. 760cbfca6d7baf1a513176c7346da30c279440f603cda2598ed888bcf54c33f3
1190. d64650798e8539b904ebc95a4d9002b45592b271d4abbb12ca0f58a323057243
1191. b7173e1cd0f4d4b4db41bab3de9719d951d9e2215927a5afca528c18a522bc09
1192. 76ad03894d3a64da8c9178880962c5137be66bf5e46bde781a7366da8d662deb
1193. b386e118f00de9d6c91975028b84a8c4bff29e99c47a9441c7aa920940a0a078
1194. 85300199ac9d543514c85b8bb741be8e06de9486a141f865e01413d2dfcc4f8e
1195. 35a1eefc3bb59c73e24e68a7543f4fdd6780d90e0541b1b5b32ea58f5e937a8c
1196. 9d0652eeae46d88ddc5e202ce4b07d30203ed40687b45b4a013a3be5839927be
1197. 7e51817f294688879fc6c4eafbeda5643c4ddcaf336deaf174a2bd293424ca0d
1198. 24db4178f0f371713d09ec4fce4141af3801859cfce0494c6075c5ab87c0b694
1199. deade7ed7e5da6e9f971493feb8e771e090428d957f45d2ac6722b7aa41e5c9f
1200. 859af573ff1bf0e72ee6d4a7facf19534496616f7d3472f3d75b5dbc08348da5
1201. a7b8685be277962d51781c788dfcd13d1864a7fef5b6c4c7ff46a1799be5c318
1202. a59a3a328a01a373f853af0139bcaccb2d309413cb3ac7a3b1558f9c7110b347
1203. 956c52b988227177e52ca753f39dfff28c45118e64a7c2f02004f8b7a217ae1e
1204. 1697f4033a4ad6077ebd851c84dc12c925e28fd13e64dfa8c3507b0992740147
1205. 1cc1e4ed40a46beb24c058bd607d3b894fe0d1bf04d816022a6d2781d01609f2
1206. 01be666907814ca80dac3bffd12fd0840490305caef8b2d7876aeb833c243173
1207. c9d7102a43b8790d9e69764f819be9f1e25e3e3d65e544cbf5489b0b192c4af7
1208. fec4a327a5cb565adab892e539d4dd9ae9cf9dffa9d5382e98b6ec3b89bfe16d
1209. bf2bbc33060e5f72ca802ea23fe0e7b68d22022050ae8245e5027bf4076975cc
1210. 6ae02092ba1b5418ba6376835f4ef7952c658808c1a9689d50ffe92ec5019a9d
1211. 3867c0ce601c8447ad884b50b7d15ba89e7e75afaece1e7ffce4d24dfbfecaf2
1212. 0a9214dd0806b9ef9d09a7689d9c9359715a14a06144325be575b4e35a802593
1213. 4b7034cb33381cb37eb87dac8dabfebab8498314e6ad38817a8285832548d9a2
1214. 66140ed2f9c2941f768640f1fc5ca50e5d9d43a4cabd153f3f2bdfd800b791f0
1215. ac2336ac9e7e2cb0f0ae8a5a8c9c59d0ab1cafa74a2bbd79e7f2ab72511c33a3
1216. d4a5cf94744827a767a6e819d23d9adac732fc8b63f5077476f1b1a59b6ca0e0
1217. c66f6b8ee8f09ffae12d88155533d7b9eab73682464541bb25918eff1e18c80d
1218. afb9c9f210fa3ae2951910151a82b563bb2c30c982be5200c9c1b35bd4314918
1219. 8fc9b631cd01fe74bfb546e77d7d05d73dd6f924ade16365ecf1417544382fb2
1220. 49690a0f0eb65555b7fb165c1f352ff03c729cd6197ebfb59f0f74bd1bb9334e
1221. 57c6a5bce50001c3ef4cc3de4ec6e499454ce9de65558cc06d70860c27df0d87
1222. e6f8a933bfffbb1adaec21ec605094772d812d1e9ab01a32c25835034c9f9e57
1223. b3be65222eb4140a1e0f5bbd1d3961d7555bcc9f33f4b8745fd4aaa794d9cc79
1224. 5621c0a06ce938c120b27f738f1dd4c677d842fd054bfaafd757775c7cc5a7b9
1225. d9fc849d42dc45cbab131391b183b6b89e7a5b46817c7eec75f14cc42afcbd82
1226. 83ba051c18304f76cdc9383ee95189c7e91f663a3e9b745891895581567272ac
1227. ccf33b504b0ebe5716c85f153d9763852da2045b3b7ca7fc50152a79c4320a85
1228. fed62c40b88c4383cf16ed5e555ef9589d3e8d03ccf7a1b1c23f0e078fd6b37e
1229. 580bfbeb8d211ce63e5e3e16a13809fd3cf69d8798c5113e95685e2deadd78c8
1230. 19da95a67f5ab66243e20349a9274c750ea04a556c9ddab8b7a7bd8e02c08ecb
1231. e3987ed7977f1caae1da003f0e1ed8c7000af59616cd08eeb81fc09b7c46322d
1232. ca662a0491557089261022f781868af09abe622ca04ca4f34cb3239fd68e9b38
1233. 077d2325246b9ac1cd026a41e2d0db3efedfb633c751b92132bf3d6b433dcaeb
1234. e76062ed545e2539a4f36753222762b49424a4919d24eb342b634fc0318e7810
1235. a2a43b1de3d14becc08020630d0ce5f9176b4d1c61cda61517581cfbcfcf4617
1236. f9fac965ebac7f0341fb303a8880b4986d4dc79c1682a5b123f67b1d11bf1745
1237. df033e4f7dcfee1a424e1285dd2463e9300c4037de0675a5a1984132f1c2f7a5
1238. 8445216d864015ca232ea42184c98fd9f62e5b8812ac042a415b55006b4e0073
1239. 484eceb2fdea1b211225dc212b4c13ecd75ae4b2b5b522ce8fac7e70eb663df0
1240. 44b15219b8662bc7860d0e6bf811ea977ed0584cf24c8eb66c28d101d5559443
1241. 399103b571e66a633d48388b7b16619da5e2e54e9bbd14fe5537cb79e60d09c4
1242. fd85ad052d6f637a199757b6f6aa8a6374a6ac313a7fb1d9f4de25e74e03f62b
1243. f9fc0fc08a0fa79099bc7ac8bc3b018cc404f6ecb2654c2ac3706ebe1110d907
1244. e7a6ee2739375591cc319818c395d85c68cc88d92603a7aa6e86eb11d9353a34
1245. 9c6975000c3565232138e1dc55ac4cb6c51b15030f003bc710a4256e9b38f0df
1246. 798cf4ef78ae515ffa7f68d1720d88c4c333a0c53f53eb37520885c9c89dace9
1247. ef300bce4e48428a9e3ba37e41a6c1c77f9f9228286400b1f1038cb051a7fcf9
1248. 2fbbc9024275c1b161667325e431db72f647fb92886f19998a98d4655836e093
1249. 313745a06e2fa0e76a8ecd467041edd33ed86d57068a0be46a8806927f1bcb30
1250. f8af06e18cb168619036bb44cad6f3c9e3486cb46944dc1255505e040c3edf27
1251. e71ff06f8fe94f825523cdc0b770b11fba0ac5b382bdc3828fc508073c667a61
1252. cc9075068fac9fd6b893234a0e9964ca2777f7f74a9f4aaa9f2483c1a4c1d0e1
1253. 4903c60f723a37656b4492a6857906ba8accb479ca938e6f79bc7c43177413f4
1254. 6058018c80271f84c25d842617a7c07c506ff0e09625e48c5063b5dfd16625af
1255. 7d465fee5da87f02b7b021a24d02df2ed633beae6f5d5249565e3e85b8e525d4
1256. 23916a1002623f6cf79f63fde4a7b786a85fb86faa414eb10c19100e82a78dde
1257. 55100137c6a52b547cc782ce5b4991b35fa9acfb0ad970c17ff0d1b5b0ed1130
1258. b2f8ee7266f14ba9bd737ae58e490224bc5ab1f479daf1f7f009d5c41263d3eb
1259. c18b0959aaa201d11ee2ed671988d5cf6d48a0b1592682226b8d977c4262cbeb
1260. 2efb6fe07aa4f607dbdbd089009b1d1537c92208d2ad5f9f6624a8afee991e88
1261. ad0ca54301c52499fac0e52729fcb567a594b253b85d6488ad55aa725a8542d9
1262. 9ba211f2ed6e05fccda3e08fc81242c74949f28b2c0cd4035bb25336b83fd26c
1263. e52c2c77a676c315d7cd03ce507d214c590a063ac56119bdead10751c1efe50b
1264. a09b1dc00f3fd5aa5cce718457db65134508b3e6b7f935c495b9e490e0390ea5
1265. 45817b4c5d5acdb60b90a30533bfd84c51195f4694cd00c3968e5427ddf7900f
1266. 036355bc9ee83e424ccd72330a25e9a832e5785b53ca19fc3225679829a13094
1267. 6ad33fdf75026d3353653083393a9dd7e77e8c24d7694104ec893246cc22a92c
1268. 76fb05776c3e2356ea3acbcef79f02cdaff063142a8149bd8ec9cbbeede5c00c
1269. e59af5ce4ceec3a2b57cfc8249e3565e904b4b3bf74033ea1bd1689c97bf33fb
1270. 1ef50c9ce994097b0202f4c79ccd09548c4804b98dbf15f7c3bdd143a2b60526
1271. 859febb610799778b77675b6e7c3792b4e602b2697c8e28a9953d65e234c5bf9
1272. 56feb679f6955f18d7e3cbaa1891dc69c3f22b4ec5249a0e4ef19a2e5923bbea
1273. c7856a2ef359cad498090773a5cc6cff32138482ba526441c8a03c515c448d4e
1274. 29cd2894d028ef0e76ad814f5ba9a621041191ea32cefc1ff7e714c848334301
1275. 642f3779f067a046fa97faccc29505a0ae6c4575ed14b97b74a1c2f1c9fef1d1
1276. 4d8ef6159c6c48fe0e98ea48657344f9f772391aa074e0b196916523e2e7b1b8
1277. 912aeac46d27f92467a8ae966224df14392db43552533bbcc41ddef8080bad84
1278. 3d2769f08b5e99151d505c5317fe1b64b063cb2e65897543e6911cb6ae01b19d
1279. 31f07160fbd1c16bd2111d2aee116771ac5e52e3ee708a597eb653e3658ab2d3
1280. 55af6accd3ff5524b2fca6c2ed07379b55095a9e7e7de5356f5864c4ffe7ee1a
1281. d028675a9afea7b46d6124a0ea5195f1e7555c440b5747f4df51ec7a9d82809a
1282. fde04a8ba4ad1f3255fed324242d654841ba2812736c879191da89942a67f2ba
1283. b334ddb7042da7dd8aa706db6610adcec9cd13392230dab9b49e0541475d8057
1284. af8565713404ccc0a20a9dbe3d76d9e8a1331ccb18ba2b4a39cd3334f4a6a714
1285. e35278cc75439c3b61cf5807ede351f2c77387e24d6abf9e6b993f6668b0fcb4
1286. c795c2596f351683c3908f91bc0590f7b33bb1dcbcb17843ce91d2e8f8e1f761
1287. d0302ecd71eb2f0dd89305dbb563caea73e18aead7a232b9500c6e7a6a0efd71
1288. 1b96e06da49fa7b90d4229d769b927eeacacd6af2c6b2fdb93cc2b5272266858
1289. a816d494ffa6396db37815dcbda575da8512193fcf188384cca250b786563834
1290. 81f9e438582ffb3937ff3f1fa8025f3f64768d42cf1c07d16016d53c34777922
1291. cf0fd5544c94b0b45d7168ad5c2fcc28502eaeb0a7f89656eb726e9fa89e32e4
1292. 8d67b8a0a26574174b27c1db7514b21b7ef05e2f06f47766fce57f95feaacaef
1293. 53cdfb6e207925c80af6ecd301eaa6437ea32f2440e61e5720e47b6a16101443
1294. 4b954f0953a2384d3d7fea6d0423b395c385c2ad223430c764234b8d3399ee49
1295. 08a2dc21a34843dab5dcd225435c60308fe7075dbd25b95542d4a46c422f0938
1296. 738132eec4c8555377c96aff3ff38a3683f8694b35ed00ad99f709885545842c
1297. dc0c6d0cd3a32f35fbeeec08956a70fddab87861cdfa6aa66696c7ed57930bf2
1298. 69627bdf4fe82861005b3a69997fc31416adadc92785faac49d37dd35b88e722
1299. 9ff76f7d71beed5e0285091b183810092207d0bcf414eae3eeb281bbc4ff583c
1300. ef3ed678c82a1f16aac31583b9f195d936bfac51115d44ad35860aa9941eb238
1301. 5473115dc7bb881ea2c69d9a021e19b230588a20f81493111949d7947c0ca534
1302. f156701a38bd748acace1aef13b65fa094b4fd728ba451028399b89376f3ece8
1303. e55af426121f1a9d1acb075d64caa91fc8737dba9aa1be73cda083ddbd806e42
1304. 41f4a0910aa8db25c7598c6bc24ba66f8e711c4d06bdd1a32ac9b70d94e2a9dd
1305. 676bab1b557a7f8d00fa1ab790baef2177541fe886788b557f6b8daea0070e9e
1306. 5089ed0d61cbac0d7a1fcaf82864818d52147027b97dd5d3bf6053177c1a56fa
1307. 9e7f9055a6f406d43877053b5c2e6994fc7873847bd7cdce529bcea63cd53222
1308. 55399e24ec38c6d1f59ae4317b3fc87032a7d131290553bf1ed041d4c4566020
1309. 413702b4bb5957bac202d52d09cf5275cb2ea4b0fddbb75a5e9c7babb15da8be
1310. 6cb8ed827c1cc2cf8583c5ff990e4382063235f1977fb98c90d60176f0a422da
1311. 06ee98d84ae2f644c62b4666049ba37b023e0f5cf33e08d9c9bd3d603828484a
1312. 110de55bfa01a6dea69fa664c7c7bcbdb9fc68e89fa9dd7073adc9bff8ec81f9
1313. ba58136d490006da47ba6d72e81fe7d0cb258494bcc67fd167390881e6fea4fc
1314. 2cbd1f062769a409fc15c891c8e7a8cb2ae03c9e3e2f05d23bae97c26cd9d26a
1315. 2b13f2f095436e31b8c1b4c90a37f26b22d10acff9f68ae311553d1443d68ab6
1316. 64a53fe71db5a177e1c183d8bb7b83309898beef88394d3a66124a8edce917e6
1317. fec6473190546fe62cdd545bed8537eebd8f5a3b1faf2a2e8fc5350596e3c148
1318. 00ed0b59a3f048219291c5a90bf962c6a3ba329376dbb4033834810070eeb18e
1319. 5b20c60f83ddc5e6eb098ce6bcce9d99444c3e6eacf1eac8d30dc30833483b5a
1320. 0ed702cb04ab5343422719c2bf609b9134b86a1eed990c5e8d54e71dadd1fb98
1321. c9a0770537f27905efa0338753cf00ae5e21e970fbe1d4c54def7031b7f707ae
1322. d36885c0f1cdd72e8634fc4585412b8a76e79f41c1b846d2708861258efd5f2c
1323. 0d5f2e5aafadc985b98d10bc4f269b4f5d64768c24e28254713291792fa54665
1324. 1d455045494ac7a7e79a796371410d73d2b7b94bc30919d57f97683295ba87f8
1325. 6d1053db13c78eea6281d200e7d628637821eafc56514ca5756b6428bf5fd6d5
1326. e3630a408cf246e49f162746a2fcde0a16f2e4c59aefa4d978e18c315abd8e9b
1327. 16553086a9b78035155eae8c047b887e0922a1b35429b8aa1bd1bb299f08bcbc
1328. e0a6639e3fde963052d94e1511bb2dc7d97c75cc4cc19fb997ada05b08c40c0a
1329. 5ef947e1f77715bc2ba1c56f0e59793475b07ce28a8d3ef6611f0f4e6f758c92
1330. 29fc20599e848b53f00341900a5af198452c7a5edde89d7f5ec6aa0dddce64a3
1331. 5988c47c686382ee40f1248e28db1f4e6bb5d8ecca5006dbe523ec6cd445b41b
1332. abf7fbb1230af26697e7c0f05662c594921d244b91866ab1cceac1f65dc07b92
1333. 9bf266822cd2ed5c1052c8a5bb2545b7b06d295fb04297001b9a8b2bcfd27b43
1334. bd99d1665b216c16ea0f6035fea472fe8cec98da27a55ee5f8b73994fc536d71
1335. 70535986f9f0c2b1490a5ac2ddc33f42ce71b91d95508203e018af61b7c9185e
1336. 82bdcf9370f9b534061389e45c4780cab25485cb99e403a44cac6bc5a1fe717d
1337. b38f2498d28e4f136cd8b206363df16b7e8690bebb360c6afeedb07680aa2ff7
1338. a6ce95126397ba4e751295575cc9787d95fbc01ddf76325ef4f96ced2cd5b690
1339. 74e99830ec69c0e2596bc7e46492287fa450029a237312080aa32572a3ee954d
1340. df838e8a0e7edf2be5c130a3ec13d5ad22fbc2dfe03f3c230c4bb88ad99b75c6
1341. 1022b338ec0b252d67e5af3e4b6ba77d110b0d9b1ead2693ef33a1332194137d
1342. 8ee466f190e3d9e40b4f93f0621ea7232eca353fa0ac498980e99e9e3fdf5d40
1343. b080237318c91c1099eafd143e484273bc344abcf9c659eb651222582e4e8c06
1344. 57ef467d6bc2bf0235b5971369a89f651c81e7b2c4e7d7a718dc138fe89de09d
1345. 837891ad5d5a007f2671227600f9a3b29e9b38e1af89818acb44bce36755729a
1346. 4970db9cc33e814a48bb0560548f1fd08fa4c37fb644456ffbb40cb06fbab724
1347. dde63bfa041eb1bf6830bdd91cc1b05d6d067e0fdee5ebab79cce886d91743ec
1348. 4d8bc6741d1298c270db6bb1bf4be550519398a3e82a5fc3f9ea91ff1f713e65
1349. 938fc7e926c0ab109006f9a9fc6ffb1f8d5e592e188ad92eb26b0a40ff3670d0
1350. e445bcb988acee1d03a26ceb28a4a5914d840c85b183dcd22e034d9af5e8dc1e
1351. fd4680b75be6918b12ced164b5085531f2fa30e01ce13fca5be286a6fa59ba2f
1352. cdbf24c724fb434a768e82c7489e9340bf464bb2d213c6a410ec08beabc1d268
1353. 167f23eca7590228f8698458cdc0f7d59a583300d7c8acf2467f06abafd6f1ab
1354. 65accb7b18f8d96a3e8c0066614db0d82e201253045ff9c0c5fb6f8373afdd0f
1355. d70c8ad30700599fc1b7386de043f5c84caef9e0ac97c30da167d0c2650433d1
1356. a1ea01114067dcf5c5aca00c7d0b6f9d7b8db6a1ddb7b8afcaa20febae68cf9d
1357. 9402ac71b29d6908d323c1da1b4a64ceda7181970b06d7bda0c87dd068473cf1
1358. cf2ef6d0e393dee7b85436358d85338a53538443aca99877f9f688ee63e31dc2
1359. d9ee84c3273147c1b5133e6994f604c4320662cab74ea0a01ec6f0902eacda73
1360. b86b7ccc6b1c52b58bc9b82cab9bab5f05970c6649d320b8efa16553f2c8912c
1361. 870e4bf793a72062718a2f7fd7ebda241bea17b8ef75cb7aaa7c5e359d0d8416
1362. b3a5106672666ba12de02afe97dc0f366a818d4ed34000c57825e02e20dcd1b1
1363. 3cc1c0488799f6e1395e7376d7c94c90da011f63e9c1bfb26f462e4343e47100
1364. 0bfd87a16a52bed1867eb620f5974b4df738ef9d094e43c6b04f4bf85819f4ff
1365. 7354bf49865d1f002093230e94d34639c3f753874d0a843269c1cf15a027cf15
1366. 672b711e45d96f53f40dba846a5c535d05a5f59c104efcb37ad052b2db88e0f6
1367. b174855acd6e116ba812144f8a4a78abf145a1ed43cab5dfa59257892c620be6
1368. abe713420559250bb52789153798ee891d1a80e0034d1972f30c83110c2b40af
1369. ed2d45772670fe68292d6a8a966c43fada9aec0c56ad3d3f6c822c27b548e863
1370. d2dedb9521cee56e92fc807edee76b1f49bdb1b4b39bb6785da04d08bd049236
1371. 50e81ecb1bab96d5a889c1946367eb836c9bb706759ed7961610ab79198a6b95
1372. 647cc09960d412b8d13ab7edd956563535b15d3d9d553fabb7dd6cffd5fca46c
1373. bfb66fb64707940301432f4139738f986f7e50ddc8e75c9eb01bf7661e77035d
1374. d4dcb59181058a3c2acd7946b3d6c30c076a3a6b9049f73fcfa97f4aed83a9d7
1375. d6b208e66e7d7d10dee604161a5ae837c84a339c2c6fe4a9e95d367cb5ad232b
1376.  
1377. ```
1378. #### Epoch 1 C2s ####
1379. ```
1380.  
1381. 109.104.79.48:8080
1382. 109.73.52.242:8080
1383. 138.68.139.199:443
1384. 139.59.19.157:80
1385. 144.76.117.247:8080
1386. 152.171.65.137:8090
1387. 159.65.76.245:443
1388. 165.227.213.173:8080
1389. 173.248.147.186:80
1390. 173.94.53.3:8080
1391. 178.78.64.80:8443
1392. 181.16.4.180:80
1393. 181.198.203.150:443
1394. 181.228.211.100:443
1395. 181.29.214.233:8080
1396. 181.40.122.122:8080
1397. 181.56.165.97:53
1398. 181.61.221.146:80
1399. 185.86.148.222:8080
1400. 186.137.133.132:8080
1401. 186.138.205.189:80
1402. 186.23.186.99:443
1403. 189.208.239.98:443
1404. 190.117.51.248:443
1405. 190.193.141.52:443
1406. 190.210.3.93:443
1407. 192.155.90.90:7080
1408. 192.163.199.254:8080
1409. 200.51.94.251:143
1410. 207.134.207.44:7080
1411. 208.180.246.147:80
1412. 209.159.244.240:443
1413. 210.2.86.72:8080
1414. 213.107.110.253:143
1415. 219.94.254.93:8080
1416. 23.254.203.51:8080
1417. 41.60.202.26:22
1418. 5.9.128.163:8080
1419. 50.246.45.249:7080
1420. 51.255.50.164:8080
1421. 66.209.69.165:443
1422. 69.163.33.82:8080
1423. 70.184.97.144:8443
1424. 70.28.22.105:8090
1425. 70.28.3.120:7080
1426. 71.11.157.249:80
1427. 72.47.248.48:8080
1428. 89.211.193.18:80
1429. 91.205.215.57:7080
1430. 92.48.118.27:8080
1431.  
1432. ```
1433. #### Spam/Stealer C2s ####
1434. ```
1435.  
1436. 104.236.185.25:8080
1437. 181.168.129.146:80
1438. 189.159.195.202:995
1439. 190.147.23.76:80
1440. 47.180.177.96:80
1441. 50.116.63.9:7080
1442. 70.44.163.160:443
1443. 73.14.76.77:20
1444. 81.168.92.58:443
1445.  
1446. ```
1447. #### Current Epoch 1 RSA Public Key ####
1448. ```
1449.  
1450. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1451.  
1452. ```
1453. #### Epoch 2 C2s ####
1454. ```
1455.  
1456. 103.39.131.88:80
1457. 108.188.116.179:80
1458. 133.242.156.30:7080
1459. 138.201.140.110:8080
1460. 147.135.210.39:8080
1461. 160.3.238.131:50000
1462. 167.114.210.191:8080
1463. 173.255.196.209:8080
1464. 173.255.250.241:443
1465. 178.62.37.188:443
1466. 185.94.252.3:443
1467. 186.113.255.229:22
1468. 186.4.234.27:443
1469. 187.142.0.234:22
1470. 187.189.195.208:8443
1471. 187.209.46.240:21
1472. 189.209.217.49:80
1473. 190.46.30.14:443
1474. 190.97.219.241:80
1475. 200.113.185.229:8080
1476. 200.50.185.54:80
1477. 201.192.156.113:8090
1478. 201.220.152.101:80
1479. 201.239.154.191:443
1480. 201.253.238.50:80
1481. 203.143.86.111:8080
1482. 208.78.100.202:8080
1483. 211.63.34.183:443
1484. 213.191.168.93:80
1485. 217.13.106.160:7080
1486. 24.243.101.134:80
1487. 45.123.3.54:443
1488. 45.33.49.124:443
1489. 45.36.20.17:8443
1490. 5.230.147.179:8080
1491. 50.31.0.160:8080
1492. 58.171.215.214:8080
1493. 59.103.164.174:80
1494. 62.151.17.5:8090
1495. 62.75.187.192:8080
1496. 64.13.225.150:8080
1497. 64.46.91.165:80
1498. 64.9.43.60:8080
1499. 67.205.149.117:443
1500. 67.209.208.130:8443
1501. 67.248.56.82:22
1502. 69.198.17.7:8080
1503. 71.182.128.166:80
1504. 76.168.149.66:8080
1505. 78.188.105.159:21
1506. 83.222.124.62:8080
1507. 85.104.59.244:20
1508. 86.239.117.57:8090
1509. 87.106.139.101:8080
1510. 87.106.210.123:80
1511. 90.219.97.38:80
1512. 94.76.200.114:8080
1513.  
1514.  
1515. ```
1516. #### Epoch 2 - Spam/Stealer C2s ####
1517. ```
1518.  
1519. 183.82.123.254:80
1520. 198.58.114.91:4143
1521. 213.136.86.219:7080
1522. 37.209.252.79:80
1523. 64.228.72.40:8090
1524. 67.202.178.142:443
1525. 78.149.210.211:22
1526.  
1527. ```
1528. #### Current Epoch 2 RSA Public Key ####
1529. ```
1530.  
1531. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1532.  
1533. ```
1534. #### Credits and Notes Section ####
1535. ```
1536. Updated 7/13/18
1537. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
1538. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1539. https://pastebin.com/u/jroosen
1540.  
1541. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1542. I am providing them for your benefit in case you want to parse them to be sure.
1543.  
1544. ```
1545. #### What is Epoch 1 and Epoch 2? ####
1546. ```
1547.  
1548. What is Epoch 1 and Epoch 2? (updated 03/07/2019)
1549.  
1550. I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
1551. payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
1552. Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
1553. rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
1554. This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
1555. to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
1556. time period.
1557. Here are some observations I have noted since I have been watching these botnets:
1558.  
1559. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
1560. Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
1561. being delivered in maldocs on Epoch 2 at any one time.
1562. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1563. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1564. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
1565. Monday morning/Sunday night.
1566. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
1567. Epoch 2 may have a document hosted on host.tld/B.
1568. - The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
1569. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1570. *- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
1571. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1572. - C2s are never shared between Epochs/Botnets.
1573. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
1574. via C2 to stay ahead of AV defs.
1575. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1576. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1577. - The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
1578. easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
1579. - Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
1580. spam template, word template, document type and even payload.
1581.  
1582. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1583.  
1584. ```
1585. #### Community Lists ####
1586. ```
1587. https://twitter.com/ps66uk/status/1105969256473202689 - @ps66uk
1588. https://pastebin.com/cwtkEVqS - @pollo290987
1589. https://twitter.com/malware_traffic/status/1105987176255229953 - @malware_traffic
1590. https://otx.alienvault.com/pulse/5c89646294d89b72abcd032a/ - @SecSome
1591.  
1592. ```
1593. #### Credits ####
1594. ```
1595. (OC from @JRoosen and/or combination work of the following)
1596.  
1597. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
1598. @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42,
1599. @papa_anniekey, @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk
1600.  
1601. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
1602. @devnullnoop, @gorimpthon, @Racco42, @Jan0fficial
1603.  
1604. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
1605. @pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
1606. @papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman
1607.  
1608. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1609.  
1610. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
1611. helping out with this!
1612.  
1613. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1614. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch, @urlscanio
1615. and @Virustotal for providing services/software no charge to this cause!
1616.  
1617. ```
1618. #### Daily Log ####
1619. ```
1620.  
1621. Short on time today so quick notes. Still seeing more Intuit templates and eInovice templates.
1622.  
1623. Seems like a lot of URLs and Attachments are coming in lately. I received 144 malspams and the majority were all attachments today.
1624.  
1625. C2s changed for E1 and increased from 47 combos to 50 total.
1626. C2s changed for E2 and increased from 53 combos to 57 total.
1627.  
1628. I am going to be back from my trip tomorrow and hope to do a better update the. Thanks to the members of the team for filling in. :)
1629.  
1630. ```
1631. #### Sandbox 03/13/19 ####
1632. (all with fakenet and MITM unless spam/secondary infection)
1633. ```
1634.  
1635. Epoch 1 C2 run on 2019-03-14 at 00:00 UTC - https://cape.contextis.com/analysis/47831/
1636.  
1637. ```
1638.  
1639. ```
1640.  
1641. Epoch 2 C2 run on 2019-03-14 at 00:00 UTC - https://cape.contextis.com/analysis/47832/
1642.  
1643.  
1644. ```