Repost: Emotet Malware IoCs for 2019/03/15

## Emotet Malware Document links/IOCs for 03/15/19 as of 03/16/19 01:30 EDT ##
*Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.

#### Epoch 1 Document/Downloader links seen for 03/15/19 ####
```

http://122.180.29.167/landx-test/wp-content/sec.myacc.send.net/
http://167.99.197.172/utou2km/Telekom/Rechnung/022019/
http://192.144.136.174/wp-content/Telekom/Rechnung/022019/
http://222.106.217.37/wordpress/trust.myacc.resourses.com/
http://35.240.217.161/wp-content/secure.accs.resourses.com/
http://5057365.com/wp-admin/trust.accounts.send.com/
http://79.137.39.145:8080/wordpress/wp-content/uploads/secure.myacc.send.biz/
http://agtrade.hu/images/verif.myaccount.send.biz/
http://alfoldoo.com/wp-content/trust.accs.send.net/
http://binjaket.com/direktwebung/sec.accounts.docs.net/
http://blog.payyolimixture.com/wordpress/Intuit_Transactions/scan/RDEB/faq/1022078/lznxi-Ohiaf_dpVYPR-eG/
http://currantmedia.com/cgi-bin/secure.myacc.send.com/
http://dar-ltd.uk/ocart2/sec.myaccount.resourses.net/
http://designlinks.co.zm/vendors/trust.accounts.send.com/
http://desite.gr/rglxp-2s4lh-ytetxsc/secure.accounts.send.net/
http://doma.lt/covoiturage/secure.myacc.docs.com/
http://dph.neailia.gr/error/secure.accounts.docs.net/
http://drpradeepupadhayaya.com.np/osticket/Telekom/Rechnung/02_19/
http://emseenerji.com/wp-content/sec.myacc.resourses.com/
http://freiraeume-ev.de/Joomla3/images/trust.accs.resourses.net/
http://geologia.geoss.pt/wp-content/verif.accs.resourses.net/
http://grupoweb.cl/wp-admin/secure.myaccount.docs.net/
http://holz.dk/awstats-icon/trust.accounts.send.biz/
http://hyperbaricthailand.com/wp-content/uploads/sendincsec/nachrichten/Nachprufung/DE_de/03-2019/
http://irismal.com/ecsmFileTransfer/trust.accounts.docs.com/
http://jycingenieria.cl/images/trust.myacc.resourses.biz/
http://kamir.es/controllers/trust.myaccount.resourses.biz/
http://kannada.awgp.org/wp-content/uploads/secure.accs.send.net/
http://kaoudenaarde.be/mail/secure.myacc.send.biz/
http://kean.pro/wp-admin/sendinc/nachrichten/sich/De_de/03-2019/
http://kelp4less.com/wp-includes/trust.myaccount.resourses.net/
http://ksafety.it/awstats-icon/verif.myacc.docs.com/
http://kylerowlandmusic.com/verif.accs.docs.biz/
http://lab5.hu/wp-content/sec.myaccount.resourses.com/
http://lafulana.com/wp-content/verif.myacc.docs.biz/
http://lala.si/wp-admin/sec.accounts.docs.com/
http://larissapharma.com/fobn/secure.accounts.resourses.net/
http://lastmilecdn.net/wp-includes/verif.accs.send.biz/
http://lawsongrafix.com/WebDesign/secure.myaccount.resourses.net/
http://link2u.nl/sec.accs.resourses.com/
http://liquidigloo.com/scripts/verif.myaccount.docs.net/
http://macssnow.com/downloads/verif.myaccount.resourses.com/
http://maravilhapremoldados.com.br/imagens/trust.accounts.docs.com/
http://martinamasaze.cz/modules/trust.myacc.send.net/
http://mateada.com.br/conteudo/verif.myaccount.docs.com/
http://meblan-gawlik.pl/wp/Telekom/Transaktion/022019/
http://megatelelectronica.com.ar/wp-admin/secure.accounts.resourses.com/
http://mezzemedia.com.au/En/sec.accs.resourses.net/
http://mireiatorrent.com/wp-includes/secure.myaccount.resourses.com/
http://mistcinemas.com/cgi-bin/sec.myaccount.docs.biz/
http://mistransport.pl/sass/verif.myacc.send.biz/
http://mktfan.com/admin/trust.myaccount.resourses.biz/
http://multimix.hu/angol/US_CA/info/RDEB/Instructions/uhaJ-vAB_kwrqa-gx9l/
http://mytravel-trips.com/bmo.com-onlinebanking/trust.myaccount.send.com/
http://nitech.mu/Scripts/trust.accs.send.net/
http://nk.dk/3d/Intuit_EN/Notice/iXFgd-bG15_kd-Vm/
http://pefi.sjtu.edu.cn/wp-content/verif.accounts.docs.com/
http://plugnstage.com/logo/sec.accs.docs.net/
http://sag.ceo/wp-content/verif.myacc.send.com/
http://scenography.om/dhl/verif.myaccount.resourses.com/
http://selkjugend-hessensued.de/bilder/sec.myacc.docs.net/
http://songlinhtran.vn/OosCQKy7/sendincencrypt/legale/sich/de_DE/03-2019/
http://spazioads.site/lpmir/sec.myacc.docs.net/
http://studyosahra.com/css/secure.myaccount.resourses.com/
http://studyosahra.com/css/trust.myaccount.resourses.com/
http://stunninglearning.com/wp-content/verif.myacc.resourses.com/
http://superdad.id/wp-content/sec.myaccount.send.com/
http://teacherlinx.com/uploads2/trust.myaccount.docs.com/
http://ten.fte.rmuti.ac.th/wp-content/verif.myaccount.resourses.biz/
http://tnnets.com/qchaxx2/sec.accs.send.net/
http://tunaucom.us/wp-admin/sec.accounts.docs.biz/
http://urbanfoodeu.de/wp-includes/sec.accs.send.biz/
http://vaughanwindowreplacement.ca/wp-includes/Telekom/RechnungOnline/022019/
http://vibrantpk.com/1zyvebr/sec.myacc.send.net/
http://wessexchemicalfactors.co.uk/css/sec.accs.resourses.net/
http://whistlergrandofficial.com/wp-admin/verif.myacc.docs.biz/
http://worldclimax.com/wp-includes/secure.myacc.resourses.biz/
http://www.2328365.com/wp-admin/sec.myacc.send.biz/
http://www.3656050.com/wp-includes/verif.accs.resourses.biz/
http://www.3656053.com/z5gzc0r/verif.accounts.send.biz/
http://www.3656058.com/wp-includes/trust.accounts.send.net/
http://www.3658501.com/wp-includes/trust.myacc.resourses.biz/
http://www.5051365.com/wp-admin/trust.accounts.resourses.biz/
http://www.5057365.com/wp-admin/trust.accounts.send.com/
http://www.6053365.com/wp-includes/sec.myaccount.docs.biz/
http://www.6056365.com/wp-includes/trust.accounts.docs.biz/
http://www.6058365.com/wp-includes/verif.accs.send.com/
http://www.6083365.com/wp-includes/trust.myaccount.resourses.com/
http://www.85szv.com/wp-content/secure.accs.docs.net/
http://www.88fpw.com/wp-content/verif.myaccount.resourses.net/
http://www.8m8cm.com/wp-content/trust.accs.docs.com/
http://www.buzztinker.com/wp-content/trust.myaccount.docs.net/
http://www.e-365.com/mysql/trust.myaccount.send.net/
http://www.gifftekstil.com/wp-admin/trust.myaccount.resourses.net/
http://www.hurrican.sk/img/verif.accs.docs.biz/
http://www.imageia.co.il/wp-admin/trust.myaccount.send.net/
http://www.jianyuanguoji.com/wp-admin/trust.myaccount.send.biz/
http://www.wmg128.com/wp-includes/sec.accs.docs.net/
http://www.yasarlarinsaat.com.tr/wp-admin/secure.myacc.send.com/
http://www.yindushopping.com/wp-admin/verif.accounts.send.com/
http://www.ys1999.com/wp-includes/trust.accs.resourses.net/
http://www.zkeke.xyz/wp-admin/secure.myaccount.send.com/
http://www.zlxsgg.com/wp-includes/secure.accounts.send.net/
http://xoso.thememanga.com/zevfpdd/trust.accs.docs.net/
http://zendenweb.com/luckw96/verif.myacc.send.com/
http://zhouse.com.ua/wp-content/secure.myacc.docs.com/
https://berikkara.kz/wp-admin/sec.accounts.resourses.net/
https://bhpsiliwangi.web.id/wp-includes/sendinc/legale/sichern/de_DE/03-2019/
https://blog.adflyup.com/wp-includes/trust.myacc.docs.net/
https://ccontent.pro/psmc9yj/sec.myaccount.send.biz/
https://dph.neailia.gr/error/secure.accounts.docs.net/
https://euforikoi.xyz/application/trust.myaccount.send.com/
https://fachrian.com/library/secure.accounts.send.biz/
https://fk.unud.ac.id/wp-includes/verif.myacc.resourses.com/
https://fynamics.ae/wp/secure.accs.send.biz/
https://hk3.my/wp-content/verif.myacc.docs.com/
https://inovatips.com/9yorcan/secure.accs.send.net/
https://iqbaldbn.me/wp/Intuit_US_CA/scan/Redebit_Transactions/Redebit_op/EQvLk-1SfwZ_QHHoj-liV/
https://lafulana.com/wp-content/verif.myacc.docs.biz/
https://liquidigloo.com/scripts/verif.myaccount.docs.net/
https://mbgrent.ge/cwhsxgv/Telekom/RechnungOnline/022019/
https://pefi.sjtu.edu.cn/wp-content/verif.accounts.docs.com/
https://qualityansweringservice.com/icon/trust.myacc.docs.biz/
https://skinazhanquoc.vn/wp-content/Telekom/Rechnungen/022019/
https://social8.asia/iskj/Telekom/RechnungOnline/022019/
https://studiomarceloteixeira.com.br/wp-includes/sec.accounts.send.com/
https://stunninglearning.com/wp-content/verif.myacc.resourses.com/
https://tapchicaythuoc.com/cgi-bin/secure.accs.resourses.com/
https://teacherlinx.com/uploads2/trust.myaccount.docs.com/
https://ten.fte.rmuti.ac.th/wp-content/verif.myaccount.resourses.biz/
https://toyotahadong5s.com/wp-content/verif.myacc.docs.com/
https://transloud.com/wp-admin/sendincsecure/support/vertrauen/De_de/2019-03/
https://tunaucom.us/wp-admin/sec.accounts.docs.biz/
https://vaultit.app/odc8z7l/verif.myacc.resourses.com/
https://vrfantasy.csps.tyc.edu.tw/wp-includes/Telekom/Rechnungen/02_19/
https://vtr.kz/vir/trust.accounts.docs.biz/
https://webinar.cloudsds.com/js/verif.myacc.docs.com/
https://www.clarityit.com/wp/verif.myacc.send.net/
https://www.imageia.co.il/wp-admin/trust.myaccount.send.net/
https://www.lnkjdx.xin/wp-admin/sec.accounts.resourses.com/
https://www.orixon.org/wp-admin/sec.accs.resourses.net/
https://www.udhaiyamdhall.com/images/trust.myacc.resourses.net/
https://www.utterstock.in/wp-content/trust.myacc.docs.biz/
https://www.warafe.com/qrq89up/secure.accs.send.net/
https://www.zhanxiantech.com/google_cache/secure.accs.send.com/
https://xact.ma/wp-admin/Telekom/RechnungOnline/022019/
https://xoso.thememanga.com/zevfpdd/trust.accs.docs.net/

```
#### Epoch 2 Document/Downloader links seen for 03/15/19 ####
```

http://107.170.177.11/wp-includes/y0db-g6wepz-stjsec/
http://118.24.81.160/wp-includes/ovxb-f8x2wa-yoya/
http://13.209.31.54/wp-content/5aj8-kuztfk-eeiyg/
http://134544.server-webtonia.de/dev_assets/fdb3-7jbm1c-icvc/
http://140.143.20.115/wp-content/5l07s-3a2o3-zkbs/
http://159.89.31.29/wp-content/bx6n-83qbbx-aejixm/
http://167.99.28.125:8001/wp-admin/js/yzph-ago31-jtxjzd/
http://1lorawicz.pl/plan/ua8sy-stadwt-rqwkhsekw/
http://35.185.96.190/wordpress/08sf-08dw4-zlhn/
http://84.28.185.76/wordpress/ii6g4-idp23j-spdwvv/
http://aastudios.co.in/Fun/dzgnn-wouzs-mozxzjv/
http://aela.co/cgi-bin/53n7-jt3bz-naqeiyk/
http://afriworthvalley.co.ke/wp-admin/ut4n-dtbweh-rpxp/
http://ahmedpak.com/cgi-bin/519r8-fgf4ee-peqv/
http://akashicinsights.com/absolute_abundance_files/t0rp-tks8tk-ookutqgz/
http://alcg.ir/wp-login/wwvx-pe3ygb-ynqilwf/
http://allied-hr.co.za/signature/0nbw-itwdp-gzqca/
http://alparslansenturk.com/biletmix/qljrf-i282g-xvxo/
http://alpinaemlak.com/wp-contents/b8jt-5xl9om-hwktqaz/
http://alterstream.fi/wordpress/33uqs-c3ifdh-htdb/
http://annual.fph.tu.ac.th/wp-content/uploads/yuo3-k2nys3-hucb/
http://arkifield.com/wordpress/m3cr-ybjoi-pedz/
http://assistenzacomputervr.it/wattcalc/less/559c-y2fnnw-dgmcdmg/
http://autopflege-toni.ch/wordpress/9j881-crb0l8-inpoa/
http://avis2018.cherrydemoserver10.com/wp-content/n0dh-wgwkt4-uwtmt/
http://ayodhyatrade.com/ww4w/jxpo-9bd0yo-kowtcy/
http://barabooseniorhigh.com/En/bly1-g42zf-bsrqkaki/
http://behnambadakhshan.com/wordpress/batq-vz6i7z-torfofmks/
http://beloa.cl/application/tests/khyn-sa1kg-mconxo/
http://beloa.cl/application/tests/q0ue-2vdud-wuxrgil/
http://bergdale.co.za/wp-includes/yu7s-8vo13-fcbmqq/
http://biserioustech.fr/cgi-bin/x2qh-uabrrj-jyhjnbkx/
http://bitbuddybtc.com/btcbetpal.com/8ad91-oltcg9-cbon/
http://blog.almeidaboer.adv.br/vo3mynw/egrs-vh2a03-yhqn/
http://bloodybits.com/edwinjefferson.com/qdav-ufkfg-aiurvb/
http://bobby.hkisl.net/cgi-bin/eajl-e0w19-nvtrtcj/
http://bridgearchitects.com/css/eqp2-ov15p-arryg/
http://buckinghamandlloyds.com/wp-admin/09pol-ttb17v-bbjjbzh/
http://bundlesandnoodles.co.uk/wordpress/7eic-72hqju-lqjm/
http://catamountcenter.org/cgi-bin/hgcw-r6i4j-qjjctshs/
http://catamountcenter.org/cgi-bin/y03j-ynuzi-zutgv/
http://cedrocapital.xvision.co/obqyrtjsyq/y17vh-vfjoao-mdtwybdl/
http://ckingdom.church/wp/uc3v-6id4rl-wbrul/
http://click.senate.go.th/wp-content/uploads/2019/47cr-hrnruo-enxyprsnt/
http://crabnet.com/admin/dsx5l-k07r4g-cnvawrh/
http://danisolar.org.ng/wp-admin/t5rg6-enldh-voeane/
http://databacknow.com/logos/vfwd-7alsh8-eyleksa/
http://dayzerocapetown.co.za/wordpress/sb2n-s073h-dlgysyefr/
http://demo-progenajans.com/icceturkey/przs-blyroc-zwiwygz/
http://dibaholding.com/wp-includes/qyqfg-z8jxc-rnbbuheny/
http://dogtrainingtips.me.uk/YAHOO/i1dsjp0-efshv-javen/
http://dqbdesign.com/wp-admin/5063l-cbqn2o-evvfzgp/
http://dtk-ad.co.th/css/8alo-84l61-wygg/
http://dtk-ad.co.th/r20yp8t/speqs7y-mngn1yj-ugzcwuf/
http://easternmobility.com/js/lall-8ak7p2-fypnxq/
http://edtech.iae.edu.vn/wp-includes/fxlh-3660qj-itjphncw/
http://egyptcarefm.com/wp-content/4uaxl-dmj34l-bwes/
http://electroriente.com.co/wp-admin/silrr-lq0oe7-pyxobatg/
http://elpresalegend.com/wp-includes/pecw8-6uehx-dgpphjh/
http://esenlives.com/yyvmbi9/agbg-6wvv2-lyyekr/
http://estatecondos.com/blogs/xy73ab-tuq3j2-vlbug/
http://geoclimachillers.com/wp-includes/wmqr-2o1gyb-ofhmoqx/
http://gilsanbus.com/wp-includes/vvdav-nxbrs-umreykyl/
http://gisec.com.mx/expertos/xcck-u6too2-uhrnpotz/
http://hakkiefendi.de/btafobj/nkyti-8lb84-lcchqvkam/
http://hakkiefendi.de/btafobj/nkyti-8lb84-lcchqvkam/./
http://hangtotma.com/2e1kf82/0vh0h-bujjl-mwbyhge/
http://healthwiseonline.com.au/wp-admin/g3h8g-2rfkqz-tttvtsip/
http://himappa.feb.unpad.ac.id/images/j1xu5-sxs90c-fzzsntf/
http://holosite.com/3d/ytnn-uwgg8-gjjaf/
http://hotcode.gr/wp-admin/5wti-172yr-pdgwdcvj/
http://hyperbaricthailand.com/wp-content/uploads/zpqmz-w4lmo-ctkiecvu/
http://iamhereai.me/wp-content/zl2cy-6joxo-aylpdnxmn/
http://iextant.com/1zmraii/xbyu-a3ttxv-bbtf/
http://ilcltd.net/eienbsu/p41rbi-h21yh-qenkt/
http://ilcltd.net/ldfkbse54k/f4yg7-7peo1o-tjpdc/
http://imbt.info/css/fdrl-fv9wb-hvazs/
http://infomagus.hu/wg5/yrm5-bl98hh-pupq/
http://jerryshomes.com/vendor/667n-m3xe8-ryzeegmp/
http://jjsdesignandbuild.com/ldfkbse54k/otio-6z5vrw-iejgwxtjl/
http://johnstranovsky.com/96t8b-z2ns7-galcijo/
http://jslink.com.vn/wp-admin/6ia7d-3yeanv-knafb/
http://jualviagraasli.online/wp-admin/xoli-kudjfa-dana/
http://junkmover.ca/wp-includes/k0ls-mfrxg-axfn/
http://kcxe.net/wp-admin/vg1wb-h8vd5g-lbyokkjws/
http://kean.pro/wp-admin/n4gk-i535gl-qzxikx/
http://kianse.ir/svsvbk/ppcf-pvdu7z9-nkghe/
http://klasisgk.or.id/fonts/9as3-ut4pj-pvherx/
http://klasisgk.or.id/fonts/ad10-xbqpw-rxto/
http://k-marek.de/assets/egxv-ii7ihy-yazagvls/
http://knsgrup.com/wp-admin/k034-erx2n-ohfjdxvgv/
http://korneragro.com.ua/wp-admin/kvua0-lxzx76-ijyddyn/
http://lalaparadise.com/ponytale/dk44m-cp1tp-cbtmooz/
http://legginsandtights.com/xgerdse/wbuwueo-u51po7-nphyyrb/
http://lockedincareers.com/stats/izsx-w1jh7v-dldxpuhf/
http://magicfrog.iwn.co/wp-content/0ilm-ui7p7-sbevyk/
http://majoristanbul.com/cgi-bin/2urp0-wrqjf-whyqxgkn/
http://makson.co.in/Admin/vjnf-p4m1a1-ksgqvtp/
http://matefactor.com/go/bhooq-yxo50-tacnfk/
http://mdtraders.com/wp-admin/cse4a4-00xuo1-bjwr/
http://media-crew.net/bao/wxfuq-8y5cr-zebw/
http://mobileadsservice.com/videostatus/rlxvz-3bdpi-sxdzwpaxl/
http://mondrian.ir/4/jw6ba-7iway-ttfvo/
http://morgal.com.ar/wordpress/wp-includes/buvog-d9wug-cirvnt/
http://morgal.com.ar/wordpress/wp-includes/uafvq-9jg35-rrnywiytw/
http://muacangua.com/wp-admin/ddmp-77o87-uuch/
http://murarijha.com/wordpress/blogs/jtt33-tme056-wmsgoyncy/
http://ninepoweraudio.com/cgi-bin/d2fin-bmck5-ghwg/
http://nontoxic-pest-control-expert.ro/wp-includes/hpmmf-7k4bui-ttdizsi/
http://not2b4gotten.com/bodybyjoy/e4i09-xbs6u-mvecmvp/
http://nsrosamistica.com.br/doc/ehh3-47vrn-rxumlpdkd/
http://obelsvej.dk/forum/v56ty-2wpi3u-ieaxijdv/
http://omegaconsultoriacontabil.com.br/site/2azv-63m98r-tvatz/
http://omnisolve.hu/sites/ls5i-ywbviu-cyny/
http://ooshdesign.com/cgi-bin/yx8k-todsvn-qqzv/
http://orawskiewyrko.pl/wp-includes/gnck-jp9bsy-bpxhz/
http://pd0rt.nl/cgi-bin/5hhu-3l6l7-qxbmtg/
http://peet.cl/webmaster/f0jvj-ogany8-xppj/
http://peksimida.upstegal.ac.id/wp-content/0zjxa-m2cb5a-fjeydk/
http://pequenosgrandesnegocios.pt/cgi-bin/0toeh-9gcekt-lfcrcsvuu/
http://phitemntech.com/serveroptions/yzja-t23zhf-lnwljmvky/
http://phpsolutions.nl/blog/wp-content/uploads/2017/2nrnr-fo5aae-pmantxrj/
http://piccologarzia.it/admin/p89zx-blpm5-qcwzncle/
http://pixymind.ir/wix/xt2te-wbj1vu-rtqvoem/
http://placelogistics.com/app_grid_log/6f4xi-za6vf-jnswcqu/
http://placelogistics.com/app_grid_log/f3h2-g4khlz-soxi/
http://planetatecnico.com/cgi-bin/v8jh1-alwiex-qmolidxp/
http://poetasmuertos.mx/wp-admin/5wdb-3jewd-aqxsf/
http://polytechpipe.com/wp-admin/clbr-zunesl-swswevwx/
http://pomdetaro.jp/sys-common/ofx0n-6avjia-ojog/
http://popitnot.com/KCBalloonJams/83rph-0yo4b-nzyyxxhg/
http://potterspots.com/cgi-bin/0zzm-et3bb-jxbwoegy/
http://praktijkcharite.nl/massages/mis5-nwi27-cwxwywdb/
http://predeinas.lt/mantis/if345-557r5v-vvyeujtri/
http://privat-cyprian.sk/_ZALOHA_/4ql19-ch4bnm-czfjdlr/
http://pro.tmb.8interactive.co.th/wp-content-backup/uuq32-i4htc-pvcsjf/
http://profilegeomatics.ca/rvsincludefile/jn1m0-8cu62a-tfuirnrn/
http://pro-forma.com.pl/stuff/vyyb8-zcxr2j-lbvot/
http://propertymentor.co.uk/cgi-bin/30n8a-al4yog-fgwkb/
http://psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
http://pueblosdecampoymar.cl/wp-admin/bqaq-pbrvk-ogmhv/
http://pufferfiz.net/spikyfishgames/yx70r-yd0nxm-nffk/
http://puglicarlog.com.br/wp-content/aqlme-f08en9-byadqqc/
http://puglicarlog.com.br/wp-content/si0c3-sc1c5-iptdkwqne/
http://pujashoppe.in/css/0zr0g-mx6nv-vdtqrf/
http://pulsejobs.net/nar1u-hdsqbz-gkarc/
http://putsplace.net/cgi-bin/uh7r-gejpq-nzmhsxv/
http://pvfd.us/cc/hk3ir-grto4b-coiznw/
http://pyromancer3d.com/forum/c6pj3-qrcn10-txxgl/
http://qbico.es/jAlbum/j8vkz-1xclk-mfpx/
http://quest42.com/pictures/u9yu-y1ypn-iagnfk/
http://quinuapan.com/cgi-bin/halc-or0g5-gnrkezbb/
http://radioshqip.org/qgtn8-ure66-wkyndtjcv/
http://rafaelcarvalho.com.br/assets/qiet-a8ljuj-fypdvhm/
http://raimann.net/_backup/tiki/szfq7-ec8sa1-sellt/
http://rddadv.com.br/wp-admin/40s8-bbivh9-jcvmqnf/
http://recepsahin.net/assets/iaxpl-79dck-pquxzpz/
http://repuestoscall.cl/fw2s-4yu61-vjpadj/
http://reteachmedia.com/nxt/0br7s-gox7jz-cqmtdl/
http://revistadaybynight.com.br/sac/49upt-kf9lcm-qpguybzb/
http://rgrservicos.com.br/erros/3bk2-ys30vo-bleauamq/
http://riccocard.com/test/noacr-0evjh-phormjrnn/
http://rmhwclinic.com/wp-content/0jpz6-5ghbm-xdnbyf/
http://rodoservengenharia.com.br/site1/xdcs-15vnh5-uibgooxe/
http://roxhospedagem.com.br/chatonline2/k4apf-dzcyuz-bcfmwr/
http://russellgracie.co.uk/images/tcc26-1f011d-fzjme/
http://sandovalgraphics.com/webalizer/ej8jq-qliyb4-krnkxhqvd/
http://santoexpedito.com/includes/qkqv-mf365-vykze/
http://sebastien-marot.fr/webmail/z8tqq-iuhij-vrpaie/
http://servicepartner.sk/usage/drbz1-7b0rw-xxzestmp/
http://shagua.name/fonts/7vpm4-haqrr-zefm/
http://shapeshifters.net.nz/slade/levtm-a6q55s-marclt/
http://siamnatural.com/tmp/209p-sdrhz-xldvrtja/
http://sic.cs.unud.ac.id/hotlw/2mdpr-ux0f7-thkw/
http://simbratec.com.br/language/1bjq-zex3u-tgqt/
http://simplyresponsive.com/samples/c4pt5-vj3g5t-aykkrthcn/
http://sinapseestudio.com.br/bin/7wi5d-589ow-xbxhhvts/
http://sintraba.com.br/wp-content/ifa7-zww95n-rfwjz/
http://sionoware.com/a/2ih2-ch79o-vfolapygi/
http://skulpturos.com/wp-content/gu7lcrn-24dpp-jaxojrr/
http://slfeed.net/images/u43l-w81xo-bgexpyhxm/
http://sohuco.com.vn/wp-includes/yl0a7-sv25l-ubbkqwiqh/
http://soil-stabilization.ir/wp-admin/2zmc-y70br-plxmsv/
http://sosyalmedyasatisi.com/wp-includes/vf7ai-xciuvf4-qnghg/
http://teaheaven.co.uk/wordpress/prj6o-ud7es8-dhjumudv/
http://tem2.belocal.today/beauty-house/1ydow-o1ilw9-vfrx/
http://theclaridge.org/wp-includes/blol-1795ky-xmdpc/
http://thetourland.com/wordpress/nauhv-l9bk3-zazzdgoh/
http://tom11.com/images/djqj-l6h6k-bjej/
http://tranhtuong.top/wp-includes/nfjrbri-kps82at-inzynzk/
http://trusticar.lt/cgi-bin/smc1-dgtz3-gnslysvn/
http://umshopmall.com/wp-includes/ofq3-8jf01-lcbziwfc/
http://uniquehealthtip.com/cgi-bin/58ex-uak0b-tfqkerkpz/
http://viaconcepts.com/wp/wp-content/uploads/j7mz-fjf5po-mdipviyy/
http://vissua.com/vissua.com/q5my-rhrfg9-lvwfvrwc/
http://visualendodontics.net/wp/wp-content/uploads/akj5-lo9161-iwemmnrkl/
http://waqf.sa/wordpress/g9i7p-homskf-tzpp/
http://weisbergweb.com/lxPU-3j60nDONL_Sy-66/7qk0-484rm-hgfg/
http://weisbergweb.com/lxPU-3j60nDONL_Sy-66/gzlvc-m1nkv-naxyc/
http://whatmixed.com/js/9t3n-5ty1cw-ifgw/
http://writesofpassage.co.za/cgi-bin/txcj8-c21fa1-kvoqlmgu/
http://www.0026365.com/wp-admin/jwda4-eqcwx-jhvyk/
http://www.16365.net/wp-admin/49d9-02uzw-dyjinq/
http://www.2612365.com/wp-includes/z17gn-qfpbj-hvweofi/
http://www.2q3w.com/wp-admin/vq8ij-4k7z0-kkjhcyj/
http://www.333365.net/wp-admin/wouwm-7k7bm-vqmlktxmi/
http://www.365365c.com/wp-admin/rf2af-rmtby-mbwr/
http://www.3656059.com/b5oqklh/9renk-bba1jp-atzdt/
http://www.3658502.com/wp-includes/4wqle-ba934-wkhzpdfxk/
http://www.3658503.com/wp-includes/mxc5y-92y9dx-pictelusz/
http://www.3658504.com/wp-includes/zq4e-ruswv-rgaxsm/
http://www.400df.com/dlumqpy/wve7v-wsbch-lsfnqewds/
http://www.5052365.com/wp-admin/62svp-uf84xd-lhqmf/
http://www.5058365.com/wp-admin/xq5dd-ksopo-vwkcvxah/
http://www.567-365.com/wp-admin/hifw8-2ya9i-jbdy/
http://www.5850365.com/wp-admin/w6gzq-aijzr3-auuhja/
http://www.6057365.com/wp-includes/borp-ggqdrp-xhayhys/
http://www.6059365.com/wp-includes/hxgd-u9oqpy-eekerlm/
http://www.6081365.com/wp-includes/qlxla-r36xnw-sfdqmnwfx/
http://www.6084365.com/wp-includes/yf4e5-vl40m7-ylurqhvyg/
http://www.666-365.net/wp-admin/3t9j-jlr3g-zdkvduphy/
http://www.666999365.com/wp-admin/2b8i-rrhod-hcoyeqd/
http://www.86mld.com/wp-content/zrj35-8x64z-khvkn/
http://www.acquavivahotel.com/wp-content/53460-0iqp3-tlgsvh/
http://www.beemsterhoeve.nl/wp-admin/g8vij-159e6-ricwfe/
http://www.bilgiegitimonline.com/wp-admin/7ihl-qco70g-aavya/
http://www.cbmagency.com/wp-content/35wz-2l9lc-nywhr/
http://www.donghuongkiengiang.com/wp-admin/gzh62-8c2avq-eobnqb/
http://www.esteticabiobel.es/njcdqgd/nsg0l-eh4kw-xhbo/
http://www.flux.com.uy/fw2xzy5/oewt-cg7r5-eiszau/
http://www.hakkiefendi.de/btafobj/nkyti-8lb84-lcchqvkam/
http://www.heldermachado.com/wp-content/2aztk-l5iy0-dmeg/
http://www.hurrican.sk/img/jau8x-rpk0t-htuqykyp/
http://www.i3program.org/wp-content/uploads/pfcp-ptpmv8-wtlc/
http://www.karaoke-honeybee.com/ztbr/as1d8-cx831q-urnhapkrn/
http://www.majoristanbul.com/cgi-bin/2urp0-wrqjf-whyqxgkn/
http://www.monfoodland.mn/wp-admin/1zgq-1fibo-fzaqgxh/
http://www.not2b4gotten.com/bodybyjoy/e4i09-xbs6u-mvecmvp/
http://www.psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
http://www.smilefy.com/it3fqqo/lcrsd-d2qpq-yixdwk/
http://www.smilefy.com/it3fqqo/u7lj-b9cr4-sxsouq/
http://www.wecoen.com/wp-admin/c1bj-vd6oqr-sohlz/
http://www.xgmkj.com/wp-includes/udm3-72uiq-yplz/
http://www.xoxo88.com/wp-includes/9m1l-hnkkkt-tietw/
http://www.xtex.com.br/mi4/gbjrm-yxibgx-zzcbng/
http://www.y-bet365.com/wp-admin/on0e-efnnz-rwmqfiexp/
http://www.yinli888.com/wp-includes/7vf47-5cpc3-geqcib/
http://www.zgzchs.com/wp-includes/ogyo-4wfs14-wmzxli/
http://www.znbsyj.com/wp-includes/k2y8-yx25sr-yxassk/
http://www.zoha.farosur.com.ar/wp-admin/vk4r-8ye2ko-qdmhb/
http://xn--80aedgbafpadn1becc9adiie.xn--p1ai/wp-includes/f4eh-tpa6y1-gukt/
http://xn--lwen-forum-ecb.de/wp-content/f10ib-u1xpzw-qckfeec/
http://xn--nmq177o11e.xn--6qq986b3xl/wp-admin/gymbg-obdbf8-avkf/
http://xsoft.tomsk.ru/kdlkxl/viue-z34n1-naehgcb/
http://yftcabinet.com.my/wp-includes/8193-ps59d-slih/
http://zaey.com.tr/joomla30/hynze-tr8w3j-jtovr/
http://zakatandsadaqat.org.ng/otycixa/rhu6-2g4lgw-jfmno/
http://zeynet.kz/cgi-bin/buul3-h44ufd-skux/
https://3asy.club/wp-admin/pwcu7-mwv2d-jgqyi/
https://abi.com.vn/BaoMat/j3i2s-apbyt8-ywbytm/
https://ahaanpublicschool.com/wp-content/jjjnv-zybz9-riztf/
https://asgoods.vn/wp-snapshots/f92rk-7du9c-hlbfec/
https://asis.co.th/cisco-sg300/9tiw-qr96pq-ngmxwrj/
https://asociatiaumanism.ro/wp/hsiwt-5xppo-okclgn/
https://buckinghamandlloyds.com/wp-admin/09pol-ttb17v-bbjjbzh/
https://click.senate.go.th/wp-content/uploads/2019/47cr-hrnruo-enxyprsnt/
https://construccionesblanco.com/imagenes/kt6xo-yuedu-ywsb/
https://electroriente.com.co/wp-admin/silrr-lq0oe7-pyxobatg/
https://etprimewomenawards.com/apply2/uploads/2v2n-rpiiw3-zsrbujpsd/
https://ewoij.xyz/vt1v-j2ok32-ecxf/
https://fbufz.xyz/ozbe0-o5e0z-jultt/
https://fxqrg.xyz/pjl7a-aty9v-peuakrwq/
https://gerbanglampura.co/wp/w1zi-ja6prn-digdriuz/
https://gilsanbus.com/wp-includes/vvdav-nxbrs-umreykyl/
https://hangtrentroi.com/s/g5a1-4zuh28-emygdo/
https://hangtrentroi.com/s_/3w7d-bmu23-whgxo/
https://healthandenvironmentonline.com/inpiv6s/91s2m-ga6ve-lrupgmphp/
https://hechizosdelcorazon.info/p1xemen/6remn-fbui0f-dpeedelr/
https://hechizosyconjurodeamor.info/wp-includes/7jo1l-wh6drf-mwsmpyi/
https://honchoseung.com/wordpress/xemnq-phibd-dvptbnbsv/
https://iamhereai.me/wp-content/zl2cy-6joxo-aylpdnxmn/
https://informapp.in/xvyf69e/8wn8-8vvwp-lspnwn/
https://informativohainero.com/admin/owttd-vemyo08-ciie/
https://intrinitymp.com/site/163qa5i-cw6oj-ngioh/
https://jerryshomes.com/vendor/667n-m3xe8-ryzeegmp/
https://kanttum.com.br/blog/wp-content/uploads/39zi-a4yxm-omryan/
https://kcxe.net/wp-admin/vg1wb-h8vd5g-lbyokkjws/
https://kitakami-fukushi.ac.jp/wp-admin/8x324v2-zlz81-djrtueq/
https://k-kyouei.co.jp/peosqaa/1czx6-0leq7s-rpvkopnbi/
https://knsgrup.com/wp-admin/k034-erx2n-ohfjdxvgv/
https://ladoctoracorazon.info/wp-includes/yijr-f3ay5-dpeoqpi/
https://lockedincareers.com/stats/izsx-w1jh7v-dldxpuhf/
https://lumbers-ua.com/crqkwle/v752-8vvnn-phshyrxtr/
https://masjid-alhikmah.com/wp-content/zsxki-oi2df-tcinpich/
https://navyastudios.com/wp/2muf-98qcg5-eobqjyqsl/
https://nontoxic-pest-control-expert.ro/wp-includes/hpmmf-7k4bui-ttdizsi/
https://oneexpo.ro/wp-content/p2qd-gkm1gp-zcxg/
https://privdata.us/iso/bpws-oqpfes-yefrfros/
https://pro.tmb.8interactive.co.th/wp-content-backup/uuq32-i4htc-pvcsjf/
https://rddadv.com.br/wp-admin/40s8-bbivh9-jcvmqnf/
https://rmhwclinic.com/wp-content/0jpz6-5ghbm-xdnbyf/
https://servinfo.com.uy/crm/7l840-f9u5a-iksvae/
https://studiomarceloteixeira.com.br/wp-includes/54ea-alqt4-nkmtozhw/
https://taynguyen.dulichvietnam.com.vn/wp-includes/js/tinymce/priceLib/8ix7-f166qm-pfkgwtql/
https://utit.vn/wp-includes/0bs4-l1c5x-ypgzxqk/
https://vinafruit.net/dckd4o0/655r-8yf1r-vctijnlg/
https://vinhchau.net/ngocvan/qxwa3-90zewe4-mvjpriy/
https://www.acquavivahotel.com/wp-content/53460-0iqp3-tlgsvh/
https://www.esteticabiobel.es/njcdqgd/nsg0l-eh4kw-xhbo/
https://www.hakkiefendi.de/btafobj/nkyti-8lb84-lcchqvkam/
https://www.handbuiltapps.com/wp-content/w3tc-config/oinz-ejykf-cwltfngf/
https://www.heldermachado.com/wp-content/2aztk-l5iy0-dmeg/
https://www.hk026.com/2zsjmbk/r9wz2-ims6p-yfxfbsfhv/
https://www.la-reparation-galaxy.fr/wp-admin/zdw1p-m4hfm-gymmip/
https://www.lifeandworkinjapan.info/wp-includes/iri2p-nwk341-jenqhkdli/
https://www.ninepoweraudio.com/cgi-bin/d2fin-bmck5-ghwg/
https://www.psc-prosupport.jp/wp/zb9qa-alzmbw-urgb/
https://www.startbootstrap.net/tr41/sxv5v-lbtkok-wifzxztw/
https://www.webliu.top/wp-includes/wr5bmyx-fernh-tidwmzn/
https://www.xtex.com.br/mi4/gbjrm-yxibgx-zzcbng/
https://xn--lwen-forum-ecb.de/wp-content/f10ib-u1xpzw-qckfeec/
https://yumurtasiorganikkoy.com/cdpfex7/dqvl-k3g8q-pwgnafyyx/
https://yumurtasiorganikkoy.com/cdpfex7/qz6xl-fo4z2-nssze/


```
#### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
```

Creation Time	2019-03-15 21:12:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
599090f793d1f4752439e670affdba99777d930827e733c05bff4529d0dc1676
3826137a54e6d54a11fd3abc91ccf1f6a8ebe5fb97249b9acc1b78743e7fd2b6
50b6a072ba9d674f974bf4b63a71c7d4a5edf2aa45c1274e565f1661e647a7ad
c2fafdea65121542a5eaabc866c357056578622b9ad35c5eec9d6b1f0a0e32cc
7a0c1e98b6cd1ab15de3a02fcbf9109fc0ef60f5782542ce0a4fcde9e97e0510
12b3278ea6bd4f0d1871972ef70f8fa85ff57eaee913cd0623839839ac3a637c
06b4ce2f7e662c39b5bdbe3e0259274068eec935a4c94f7f14894253665b1db3
20a89df1a440432d35bac1fcd2a355dcef0e3a586180710669076e58b4c3c5aa
f02e6224c6abab128890cb86360afa3503ae97f368223ee0a55f0fa90e412152
4b44321c887786e399d73cfdeb6a1f44dfc3b6820f412324933af3e1a4470a24
d92dcadbddefbfb244f1f8b98b642fc25769f48a7ddca9cf2717ab7535ef3179
2d01980c4cec30b55dc47ff3b9b720cce20cf2dc3f49bfaac6aa141ca6e6a815
342001d88dd249354eaac47693ee4704bd736b6ab253e430e01d9b16968757bb
379f56b94f4d9a3fcfff535e6352579e2a097487512f5e708ca637abb3b9a3fb
f973bf6429cd7f943327f693d3b924b7d8f205a063e82afb324704c3656c7f0a
bb12c614eace8d4d7b8189aac27d2abb3bebd376443720f019a4e0c2b889d9ce
b8171f79b97106f4d8cb7e4973f925dc682390842ab386b8182ab58591fad50f
3dbd2c570a9fefab5ae5423b4a1e4ee2e5880690db9d44a85e76352e07b2421e
5aca51ef3565dd63e6996f2e650a9d4474f75f3a3bd63839ad1039d7df86fdd8
d5045f79618588abf0f79ca1aecd5e75e586453da66a54efc266df943852d44f
caa997dccfc927ee5acb725c817c195fada447bcc8ff13c55322bcc0fb752597
c3ea24f00b1c7d19ab9a5950fca634cc48472ef956529aa76fd97e5bb3acedc0
b542e1dcee9bd6b5f6e568ab45e96067c823d00510b6e557f2ac138d3ef0ba70
c6717315ad9667ac4b93634a72cbff6e9e743d617abbce289c3e2e5845bdbea5
72f4edd6d9a0d0f97af9d60ae15fe29fa3fb47a36b8a431004868e875192699f
8835c4045c9d6fbd9e4ea35529a3ab434369458feab327a7d08ed878cc6f5925
db1f563cabfd7405cff597ebeee4662d500ba0efc17e682de0938ac6db6cf9a0
45ba1e45fb0948ba35f375a0260815114972d5d9cbcd93ce3c9df8e00b039c49
a203b6af59485d57d4530f2ba99f787233466005eef20da05b17976311370e2f
661530f5346e05fee9521e2c3925a1b75ff9512f9fbe4f3818a256b0dbfea830
5c77f3a493cabe60afa8403288fd2cf521c373dbf286aa4299d5195a602161ba
60683e4d53f06d4fa4501753e6fc6068adce1da7e23903635406e85bbd299607
c4fbe1560255335c1841233e59cb2311a29a0c8e9fa048e5b9c17d63229a9af2
bcd76cfbb19148316273e9474206fc37f92a3359838a63c6898368ced0ba3fcc
fca65dab5ad7ecf95f0fd270155481011075e57d39fd72c0c651565dfd570483
a5509b36a9b9f001b6ec7abf32474ea8f71e3d79df8567e19b2bb3b30009deee

http://mrpiratz.com/wp-admin/u7/
http://wonderfulbrandss.com/wp-content/ZuEO0/
http://opequenoprincipe.com/pdf_pages_lepetitprince/fA/
http://outpoststudios.com/doteasy-under-construction/EbH5/
http://tranhcanvas.top/wp-includes/Vm7Vb/

Creation Time	2019-03-15 16:04:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
de1074f8627fbb859007ddc42cae4ed2726e4a1e9bd71578e4490d32416d651f
691c0336f5b168c16fb7741a56f0016dc27fcc7e6f8262b48e126fd35b63ba75
bf14aedaf97ce161aa6c05eb12a9d956ccd320a333e7df811eab261657efaeca
cc1f1f483183f878d5eee9ca6eccc5f632ca499a8ca1dadc83faa53199a8c332
14db79623415fc45e2354cfed559f6c56aa3cae7385f9eb7359f5ad7335cb583
348012b3621f020c6f410c6305b925cde374a6c3eeede6fa3002a29741261c2c
6a1a7e4618a1803fce47331915610ffacc49abf261ee5783ef409e20b78c8e6d
01b1232dee4ac560ba34061aa65f5de79c7182de3b6f313ad1a83c39ce61550c
e3467e09f74aed3c66b9966cee1c36b1ed161bc93782c48e98514ff3122f6564
781ac0d18d99b193564766a40fbfea262a48883f0700958abc9ec2e579cfbd8d
dd98ba51e60c6208b445fa6bbfcfa758762387c292698ff1bc3b19bf4c4d2460
1ecd64aa6006c73cb14c06bb987317222b365237fcdbe64d97fa8f99e31648bf
555a4d9d27d754c07ff182e3ecc1f68310479ea5a6cb30303bcfba232d49ebe0
745c85d5c39c721ebacaffc4b6cc1c8050c0592faa1b8348d34212b0e76deede
cc00fe1971c3af231965da04aa0098a0c4ed8074d42ad7013ec9de42d82d46e0
b663ef80f6300005b31579ac18d5525c3958535989acc1b8776f5fe5d10418dd
d1538cd3821bbacf4d29806aea589e16d08e7aab94620b29fef50c9d6bb21369
099bcb5b2179f7c14bd95dc7c3f3f19bb0ed63e0bb5ebf8a687fb95947d12430
b55863a00d9d824499a8fad46cf881168e4d242ec955f49017aecca185bc11ba
b0a33ba67b12ed524e6b3c050676396ff9f6cffb7f334ca6df7c0c773d9d3830
57277c706a102860896ee631755e31fa9624d1fb3e1683da4ae2bdef627b5b72
ab6b15a847a89156226e33725e55831fe2fe05979901233036adc218a9c33cb9
a55d9122466c6eb88120037ab1a926ec30bb415eefabe6cf6e5f65f8efb54d18
21af84f4b453bf740bd23fd90d43f3f3c135895f04f838a9ddcbc50bcb7f3754
95db6c5047b4a5cf0ead0140c395bb71e699efaf1d0794bc46f9aac005fe72eb
531d1d9c1f88f2f4608df5714cded69207e27052a9efa757a95da6007a790dc4
531d1d9c1f88f2f4608df5714cded69207e27052a9efa757a95da6007a790dc4
601d367ffbcf26ae3ba80740c07ee9c61ee5a016ffaead2f0078d67f9f290024
03ca5982faa6c9b87856b9484a929eaee59f72d6a5644ed3b11c18b91a4c8978

http://dautudatnenhoalac.com/wp-admin/DYAsI/
http://www.bewebpreneur.com/wp-admin/daHN/
http://www.allgreennmb.com/wp-content/themes/pridezz/t9iV/
http://www.baiduwanba.com/css/Ubh/
http://rileyaanestad.com/wp-includes/DXn1R/

Creation Time	2019-03-15 07:32:00 (DOC Based - ENG - 365 Blue Box)
SHA256:
aefe7bc9669501aac86e7657da9bee8eae28002b3e1744cdcc1710a242e1fc5b
f5aaf81c747d98a8b5590a5d74bb1b0f5edb2a590b0448839378e64739bf2fe7
cce9c8ed4388323e99e96716c40394b922c59088332db0c7d0ac13a654e2a032
da8c3f7530bd78692ddccf4acc9f5d2fe679e80df6af930f7950e3e8ff8ded5a
723e4253603ae19c6b41bb7396bf6930ae4ae2bdc1f86f81a9534de873390fec
2931f22ed1ea9b8ce4617a6e56d11b0c991b0157ef3b7beaa52971aa961b6dfb
749d4a8f81cfe055e906209ab8c3982145c601e90a9cc3a3160a7e41a676652c
286cc43239929ce7dfb691be87777b0e90de21ff13d098d5cc0c9c333fb3899b
efbf5be7a0fea87cbe061f2354766a2281ca8ed014856ec9040d8f92ae9cc862
ee7e20b588960bc3f7ef742dab49ca1baed73dc2f8a6f4ceaffe5adf80781855
94a03f9c183473a1192dc0ff84564257d35da3a78e4a1d8e65e10954be09b156
94a03f9c183473a1192dc0ff84564257d35da3a78e4a1d8e65e10954be09b156
17effc3d0e3b2a88ea08c0e84028957f87166167e124d1b364f67ba13c7c3330
361eec42c87c66770fa6aa1a378108bf75eea4167272f7ab80ec0dbe89170ff7
d79f3da6fe867d1666c5489c6678f0c82563e9360691eac88685366709918d8a
d41d8866dced42b2543fa99e45a7f63f7c15d061b8436127246309b9b86917e0
873c8022389ef6de529d43d977be29e3c393625c37fa67a8f4532213f1331514
8cb8fc03cc319a0ca1e0ed71273170d852f4229205c14b23222e92850c5837cb
c8ea267cba0ab5d8b5e01537d8c3cb72201ed8353a2a642cc0e7d7194b1cbff6
dfee5f473f99ca078a95349aee169b4b6d2268e1e633da68853360dce4ebc398
cadcdbf1124f43fa93a4144f68d5432778dee9496eceb7e0a78dab6fcb3387ea
5e39b8e5c9e3d853220be8ab87538f5e898a20425271683f05f07562daeb31e9
159fea99bc86316d12bdebbc878569a8c861e1eb4c22e49515c3a3c849de1a90
8eba6abedaa89bd0bcefdb2bffe458b1c87210890aa7a82870cf6537f5dbd52e
f2bdad40e4c32b6595b4f39c03906c6c2361dee4b15d458940a1b60572ff60ef
929166200f29b3413adc44e8a6783da7beefedb622fc7ee06289950f87b9cc71
b94c345e10a01c58672976360ec45afa31c2645bbf4f2a446ba6f0cc7b705ac6
025fca5f16d187d4a20ecedf83d017c280486899e2eade85eeba30a297eeb06f
ea952c143ad267a71ff1325bde9c87b1458bca74a11e4e7299e9562edc82cced
fe1b744fca925cd6901d093b8ef1ae51081d3e7b27730122f7f386b553f8770d
30450839d96d9de5c1efec585e38a6077ec3bc96fb7a7ec9caeb454501a97637
42d21fa68553d21d0f3e96bbbbd346212d1f139c78c5933ff6ae703368418ad6
fc6cf2505aca62987c807a24b10ad5aefd2f6be9ee41f765daf93e6d59716be2
c9007a2fb68a440060989bfd3d03b9cbffe0464449abf6d7430d2d674e3f3022
7ad28b39dc5a22e29f98ac8d32ea0964bc2d10d9722e7377e19a00afddf37f69
7e58edccd30c16b70d77a727ad07a7acb7f4757cd6d65ffe627098b33d793953
5df9828f7b15497e7b1fb3d96e96bbed8bd484797e15b2c498d099c8ebf811ab
d6f3a24b6c396907c2e46a8ef0ccca59dffe1007613db69e0d285644036371d0
0bdcdfc3679be739984ccc267b0080a347cde63fd307bb78cc004a62a1c64319
cbd5d503e34756ceb5358e60fc39f57312d81bceb91b631a6b91057cca049e19
1b8ebfae3f67ae9044fa15c079c2fe6834611c94d3847e5a340499e6688a7a5b
2f25b4fc4bb9f7bb8c94855b84944859f406d0115c3c3ce8c667cc5f26468d47

https://natureduca.com/images_reporteros/FZd/
http://mazzottadj.com/wp-content/CYB/
http://machulla.com/_vti_cnf/4xi/
http://usaistefl.com/css/wbzht/
http://lemondropmoon.com/UfwE/

Creation Time	2019-03-14 20:31:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
298405314ab2b46b80efda533ffcf2b5e92584baff5c87b17fbfd3b5b7093b3f
6987ee92b404bf4dfc698ed37c4d6547b577b65658edfb6ce5fd68558f369a11
e7cec0c1e38ddd872cdca6da84ab406daab78cff6a250b7213e7b9596f3ecfc2
e8c39618254a95178165840c0526e7392e89732bbf8e0753cb8b3f14165f3bb5
3ada73c610cef94aa2e3ef6b6a0d9ea835895f4bc19ec32f6e3508c5b43e84c7
4668b7f974f775d249b8be01939690872e95ad042e329d57592aac2b825c6cd8
c2814811582584f19e9c0a779354149bb7c334bd12ec7b6dfc7300b6817c3557
28022a215b0f681b76943cc9fc6f9e1f2c64cc67b9b75e70aa444d226a00eacf
7fd654a123f117fb2c1c0827b25c52b4147aa880111399fc6c05fe11d1a63299
73c754c33b47e9e4295b6a035b55cab8451855e5a3df5f33042087d1440b09ad
7f06200e6d8a88ab22aad92c2860a6b4751a13a997a379785ccc5413af273b46
dacfc2496b0464d3bc29d95c0cf3cf67560d631c769c7a0692d10edc384da835
c1623d2b2e1fdca5a5bcdf4f52905072f4d78b2194c7d65d5ab85e2fc71284f5
71b06b15649960e7540ffc5c8ee111d3522e969c8d2207e967fc009e2c906321
2a0abc135cb7e2b2131b838babfbf4cef210ab2609fd0f964ba92bc14e69a6b4
b063bfd0b93101229534a7ff69e1bef6ead5f51091f0b0ecea450deece99e2db
1b382931218e4adee9bec367b378dd97983695af76e0e195e62fd52064c82727
db344ee03d043efadc48cc86f6b675b07dd20cc7252e9adc59d52a95b6dea95b
ac9e016b1771afbbcae60da0e2393354c46bb8c4918716c510da50357894ddb5
d9906755f505fcd060c4672d7977e82d21863eb023b58fbd82954243c840118a
03bb3621b7ec92fb8f86111e1d77b5f42e2cc77ffac76860f368ea20676ac8dd
2b1299c5f8decdff75dc37ef25e7abebfed25e9287e2ba37177d242c6667696c
beaf5d744c87e53630c8fc5095678775a5786de350538409b82ebf3181a7d4fa
f17281896f0814a69d2e68a99f95d2d48003da959cd798735705bf2fc4d030e8
b630ac19071b35931abc47fb04f0a6ba6ecba18bd41e2ab461db7491ec0ef2f9
de5f54d25e4820856ab34b7394561937ad365efbd712c4c090b0cff6a11e0e6b
db12bd01917d9d2395c3c5b37b344c542975062850b3828876c9fe6a2e0cadb8
3a38e8a5483c9fcf4c1698acc4e1b174c14b55e16403f8134f71ef8d89353726
4d475b91d09d23a122ecad9f46f648e5017ab569ae705682a1adcc6c22df794e
3f4cf74bb6b1face65af2e5b2f7897072a59dd10b2dea2568327098de5e13ad9
00c1ed0fb173c266b5a3135fb548b3280477d5f712dcf8ee6a6030927d804270

https://tuvancondotelarena.com/z18rrbu/DQa/
http://toolbeltonline.com/wp-content/uploads/368n/
http://territoriomapache.com/wp-admin/bEkL/
https://www.thebakingtree.com/s75ldvl/NW7Zz/
http://tgmsc.com/0t418lt/NIq/


```
#### SHA256s for Epoch 1 Payload EXEs seen on 03/15/19 ####
```

f24376b7baea28659eece84c2c8a5eb960900fe7db80ff9c80b81172365102a3
bda19e20cb021e1f9312b579ae4a152f7eb988090eb15592a9764520125b7649
ce8d049cdd820489798c96470e851e14c7dd9b5031161cae18d5ea24ae5398de
94ddc5b7a89505bad11a8d8614c2360264170808d6d0f6eb4a4e365e03ed10d5
48982539e8c8b983a9d9608fdb78114601cc83144e8dc05e3792e381fd94a668
d5e85df284cbd51ac0756a2aa8c931e20a5f35295bd2a6d8785a020a3b90ea97
7895e71c6912481212299c0e2a2c61b5fc40c4bc261123b04a269d4c58c3e0dd
5c6bcd314560f310f2b89d81f35eb8b1877f1e41dbe656e05873ab613a6d4534
6a41a7e6a54e27e16fd2fd7a5f2ae44338374475e940bb6e900236fefb61a3ab
e3e69276321e2a80d1768a00e90dab55cae6e26dea4d4f070bac51f64720b9ef
564d0165bc4ddd00573db02c8ac141c1946619d69fb6e1be00ba1c1a8329f8f5
0f1c519d5ff3691f395d6efee2a3ea27b742f86db3ec2e72748397e32be38aed
937612da152cafd0a8722a0e1ed33c5718331d083911f07747baab4ff675fde0
0bef0f8192c83c41e501488fc2c70e1e260e8e814423013483694b65ac527aaa
5b7288792beb69388019d989bb1cfa6c63bf16245114bb5121bd043b7a53edfa
ec81036ffc901459d8d8ea82e0e8568126feb5e9beb29c5dcdc6c2cbc174cd9a
8b8b89f01956a878286b26fb94fc54ca9c8938f46b60656e669462959a1eef72
ec43318f48307ae28d1e79f69c1582b97a49b87de712c90397f224049b4d57c2
b3f3d04906143e3d1707d42e8ae8aee03df0f9f8e51951bf752b82fabf58faad
ddf187a3b3d96bb045dfe6ea4337b61f8b7efa2fff1502958d9b8a30a60ac044
2f9a6e13f97186928005c7f95d2546121dff413745f55236effdd7a2edacf4b4
e0ed2d3bbe830122aa92e2b045604a55cb008a8bc7e74cef68dfc443b45104a8
319127c116588dff82cc9bab65aa0b0ab152bfeaec99c7b19a825c161895038e
573aae53ba735c659e871aa75213c5fe5530c3acbf5832ae84f5f99dba840a4c
b933a3dd46508756481f66dfc4900a6632ba2c0122355dab24d48aaceb1ba497
f6e45432e78065dae15a5f465a78d957f8156bbdc0dd50a8cc46240728233477
85a2873c7efbb1e570f0628fc47837a982328cf616c6dd409c76e9c817fbbe89
fae13ad0d2917bcc25a962a9d8a5634cf903593a27441b03e79e72e0fbeb4de5
6a971329c970553fdda6262e7579dc54fe215e324faaae3c38891fa8ddc4f119
ef3f27aaf5aa4b87e4b74b4c9ec31c01c43e5c4541ac5557e4a324d210f2bef4
0a61485b10edae698f8b033300c047ef9ec3f8901e6adf586df157e0c17e3acd
0f8c83584c31725bee73ff099178737d1262a988cd4eb9bc319ae25ad79e6762
2c32fceff108a277fbcad55e7eaf8a91dd577696bf80abcef2846033fb637a12
dacc3f27b6c84b1c27f48731ac837b31b9743a33d812fec0a38d20f57f8588e7
58111f08dbe9f6aa931e14e925c533b9571ddc70eb3570ad2042c208ecb47508
dac8abd45c8b275405658e9c909b68a715c72c89352387573061f55548554dae
6a80ca51dfd39164414c223acd1db6077d1c91829a69be6095a623b0605cea2e
a44438337361527adf2da9823efd6c87af79e3668a95b1ed05dda806193fd278
2963912e045b77ae2dbe099fb95364ba0bb8b936ef78c121bd38eaa44851b1e9
24b4f3bd61b3f531474f26d13abda15f057e11bf306c889cd2983c3f05e7d55e
f538ec4346de97819d46c28548aa42ebb1eadd43797423a03edf79d5d79966b8
d1efd395f3914fa1c4489e7ea8dd8d7072a4df0ca5d76ef2b27ae61cfed40927
40a3ea1944ea83434a464b26f59bdda4d704db6dedc9ee6d28710b516c37ee61
cf86bf9e92840c849aec9df7c3c85ac9267f7c70b365e1b37cda80f48051216b
b1832b7ae424933628e931abf2c526135425aac557f03b56e80b610355e9f1f2
569da482b947efe5906ba20f299c62ea1d213aea7dc4a49e56f897f35765c576
ab8f17e202812d8260624f8c1f3461c4aa6990e273348e526308b297b03026a4
cf57a0a5778dc9c2c618bd8d6d2aaadcda9a1f6ed597fe5494548ed0ce3130a5
29a13f266ab29c01aea0661a76fdc441409079ce59d9e9fc27ea2c2f309fbdf9
137d5eef88bfc23e9462895fe371c52f7339d232ddfa56d19aa57e1987f116f5
c53a9d13d56285ebc4b3f2071edd456e5bacc0b77946ff49c911c87ae5dde738
0ac8eec69d0116e784c3649dad3c7c5771a68841efc8487745428d38676740e7
4b471718dc6a8ae3079fb30054d4b3a60ce805c87212d716ff63a59d5665443a
5241defd495bfe46740ab0607c1cf7672b615bd23fc25e6d2d7599b37b1b8902
85de1338e975b38a80bef3fbc0ea9d86b4349a5ff6619efb4bda7745430305e6
4fbf1549fd77b35ef485da04c1985259aa8085067b436127fc360446a4189ad3
a3f18f57ce7c16d6a922a519e4492aaacb8c96091093ca43657b90de40c6932e
dc9f7aeb6bb6de155bb909b89eb23b03a161f80f7b92662e8ef0ff7ec989933c
be90571b6f513e76e7d771087d057508b69f2c85c08c00a58178ac80a56453b7
9a0cfda2f65cee505a998f6537f50236b4a320ad0b214195c2e329f07a9c1a53
1539da5c93eb28959753d7ba044e46ee01ce357fd21710fa820f507444baec93
c7611e2289478a7aa787df623f8ee7dbb7aa6f37e463fe33eee22e35767fa3ae
8dbb8f32174b066b208b5e8b31e7290191d02537584845d00d01e3cff54fd844
afbc5005d40c4d671402f03b5090ebaef80acecd4b776cd7a72ebfc645d763f2
ffe7c033678aa750cdbbe18f4aa493fa607d1f6738d759a5d087020690c9fc56
173136dc0cc2852856ee1b8d127b4402041ca87dd8bbc5b63970ee4631f383df
cc3b1f6a2e8e958bf762a24a9ffad92ebde3db38bbcdaeac8a5e81b835e19652
d6d0e37e4638431687044979452682656ca9cb25e33e89abd7ce439bd0978dab
df1cadefd22ab7a6270a4e03b04e57d37264383eb3612333b605c2d4c097823f
05ee2eba8160f8597ddabf03485d03d0493c2768956a8aa78819d60122239a90
3c4aeba9e5e61204661d07de254818028009f45ad9e87259bc442dfc495c721f
83a1cdb4f546f9fab6f6aed83d0900a4f0e7aff7bfacc8d11a5df8b2602628e1
af2f82adf716209cd5ba1c98d0dcd2d9a171bb0963648bd8bd962edb52761241
00af24bb1be8c17106c19ba0c55acd011088c6c5b1cb01d44cc4b829b3449bcb
f2c598460fa9f53edc3fea07d19dc3a1f313b27e97d196d00a305f645d15442c
07a83d56f3354fbfeb2ca01985fbcc10e1b9583b4d4df9dc02d38815614d5692
1509b64fede992e84375127289803ffe9fe3331835c5f21fdd5c9bc7f4082143
9fd01ab007a66260c71ff7f72bb7e47feef009b5c184e05dd58cc193631cfb33
9b3fa13b7d778c790c68fc4f99369f234f0ee54f3df8730ed44aae17ab6b0cee
0f3f620ddf93b26410cf3efa8948b228cfdf6ae7571024bad62cbb79b66c8b07
f1a5a2d0529ddafd9b0a21e210965a08d0fac1ac3d81129968e4520428b6c530
29824646c0aa615bca78654125c165c2d473cfe19900e26fa3453a8510bfa1e9
1fa322e9fc02ec4229ba4b1bf9a0bb7122ac1c2b16664aa542f71b80a8d8ec86
3a13d8c0bc9674302a314f8ce9d77189f9d58b5bb1445bdfb79166abf6661e70
d4946b1e8005e700c806961ea25c68d65a5975e0698e36869bb84bd1aa911c43
7a9e422dd9e60fa12584d662b0c696db8e139f2c94d652a296c15c686a82bc3c
5ace0f709e5e9990acc14ed1659e75ce2013ed76edf524955e925513e0dbc9ca
5d1e554f0b640f03170c5be289b6586bf434d26eb66403d80296bca5556c3889
dd959c6c8b23d0b658f27236f2b7a7c3972638dfeb5ea7f198b6740d99fd8d09
4ae3a854f3262e516c836e23d2b0272306a0e3f89c1505025a8e82d906d78b57
b48dc77bbedf4a6cb11e038d3fe75bc2e54653d3e0bf889865cd4e95c49839dc
61f3ec55e933ec9cbe1487e41bdbd63945986187313c2219a8af60047c1ea8cd
9232fc9928bb3d2af7e1d70ed0b5425bd72e6bc10779d5c56cc53971642ed39e
8c10ce08667cbd98af58c9cfa8a826dc7f0cd3e1b0291dcb303b0443d612d2d5
c8b2cdf4ad9461ea8367cc6a3c55cb28ad8bc282372af9484c2606583d60594f
5f39f09070cd7d6d0764f3743c6134404c3e3a0243c1475a742dc30337bfdabc
8bc0424aaa3e28017816b6d1534ceea2f8b540a078db996acec2de2007ad9bc0
fbf18e47e539d1c30b2a5cffc9bb2d51b30e6ca0235534aebd1bbb1c8ca7fd78
bda697b692def5da4ea13775dfa398ec5a89c375f1b6a72745b2cdf1ed405542
1bc753f70c7d9d2e7077f7ff5871f6f95ef3b1e60cc84f9921ea2b5432c03904
1a844bd1c8845e6c1772a38da9e4d94c04b814e4a070dff72c564191fc5d1021
36ee6aedf353a6ea25a78e45ad9a63ec886f77aa1fa742505a572e9251c3e3be
b5052aa056ea791df88257e4082ae39f79958d81524f5be23f362c05aeae0c06
25375db3dbb02a48842063f2c82fcf3f5d870cf335de071b5b19c6a8e06f90d7
3a4a3da791883f09aa5990acfde76d07830b28f9927c687f41f60caf3f0445b9
9a7f01e84d6eb635fb2d704ddbc8b2b45109a8005197b28f43053679981bab23
cfec499782942211079231f77d63c7d07be08b86648df6abb514da0f02b1872a
efc370e5249e7b94fb111dccaa96ce73853376a0cb82f337ef76cc54b131aab3
be81c6cea10111d08cf8b40d70b8a822822bb7dbe82b6bf9ca4856dbf28ea40c
f1b8dc26d96d782ab291c0548c54907fba2beecfce34cc6868aec443e302532d
2150e65b4c3bfcc9a3cf156d1b6b2f7ef8a39ee1586cb2cfab698756947020af
1fc78329c0efb776020efbe1629122ef2411160b48645fe8cdee895335682a54
dde1c71740b85b6fa511c493480a314411ff64ed31384d483a7dc026493f3352
089c88ee808e964c15bc54096490c0258c1e5e47269859b02e9d0a1ff88cebc0
089c88ee808e964c15bc54096490c0258c1e5e47269859b02e9d0a1ff88cebc0
7229f8b8e6ea08a714d5ec035837d83618083d131f2596ebeb008088bfc70d8a
17b21fba63fedf9fbf9b65b91eb553a0d810801060a04a12d59b0e2af179236d
4da2f2321436f165418e3685d2a08155025c5fa182f2c1335c72fdd992a5ddc6
7cb7f50984bc94b3d9c764ea69f88ca19d25d54067c9d4beaf8bcea7af84fcba
d709cf57bf5db6f01fd037fafe7565a75da9cce6a199307907a2ac1de06e755b
0abaa138910d7934d3e45c70369e6785c55185f8155bb1b87222dfafaeb7f263
ec0968084122d3ad877614c09960121fd518987680f4ba8d418f37578bc7862a
3975590960c19b83a1d55966381a28c298fbb742f332fecd66d6aa7723c511d6
6ee8d69da13fe48830f09d758bfa0f415049b9b0697e41eea5ed962c430f45bc
c5108c3d64e15ad0ad6449791e98b484b2b0395eaf566ce2e511290f14b4b8bc
5518c910c3407df96a2cad9a4b113495bc2472b2b2d873d104efd866306e3e0b
85015a5e19bdf4dfbd63f9871b3760400d8aecbd10b0919264ac597d831d9b0f
b018d361924df529d692938f5cdf7bae95d16ce2dbbd0f48fb2c202a544a1692
fe0c10a457b13fb4c96c872d3104aab444ca1c2c880ad914237d688c49947c69
3f1e7ad99f3e434e86b81d7de5da45b0349d58d7caabcbd9eac01e9eca38add3
417d6a7b70019a1f8c7ee042bfee2c4aa42f43510484a9fa795025ff67851140
ecc4cd2ed73a4c327cc3e52160d62c0b3c4b1f11dd6369f680e0a0b1d913f68a
f1a4a9d79d67857e0445153a68679250476c31f262b6cf57665002d32d1bd92e
a33cfbfc6bea464f9d74c100691599661048072b304f42317a0f8a9bc4ddfe15
60ac3f03c31539260ca9750ad742c5f2e59f0a88d3136834ab9ac5c8efd91da0
7f60c159563ba108a483803d5388de912f5839968a28210d980a70d3a4d7ade5
e0f04e2fbf3beed2dc836567006890f6f0442db78248cc2fd049437547be462e
6ed6147e752511b10d48bbf8fe39186b52dfa3723feb0b43695a2ba5b9600b57
742275ace5f15d654548ec62a4d6c65ac8e4316f6bd8509e1680950681d55a31
9bb2d98823f89184dc2c24b93217acc4064bb253ebcfd3d34062504edc5ff3ef
e7ee5d900b5a83701c48cd7a9b0f8cd2e2b636bd8522ddaffc7422c8597f8bef
1e6ba61172ddd5a3efe4bd65e54e407e5756db8490632a4fd68bc668c5ed16d5
fc2c8bfbaf45615f4020978d7d0f36c0d532536f763660e3fdbb8b842fc25486
cbe45ceb1686f619c098c23592f9c499adf8021552388aa0130c9747f63f8b2d
bf99f08c4cc9cbef5038f06ee03581bf7d35edc0f15e6daf57ea8c24a14e7eb5
b8555e50ab1602f20d62a14973f323bb12e147e0c8670166f7f870245f3cab44
6edd7fe1daa84f692ee102756ecf528fe8742efdd23a34e8073d77223c830b46
bbf19013997ed55fac4b4d7691faaffadb2ac99b03a81457862981a9fafa5a17
9e661b1ed278a3a79730960350a8624fd284812b44f7c17186ff86c64334b662
e0efd768cc3eae4982202d7bf396e42abad967061a3a036d598bc0df2990cd2a
2c9d9f912f3c56b491bd402aed339287890686068c5de8e0d604158ec3aa2df8
440f9229f00a6b86b839dc1a1fe8bea5d4e55f922a31c1808f865036c2681b5c
9f82288a33cc5c5f0affa8b88a418b3cfbb0904153e433e8a15a423b1c864b9e
d8e1a836f3fa6ec77f5d1bff1715f37f8c3d36b6ec4fe482db9b5411b0281fe0
f10a265c9c07caa8acb2604711b16abb639137ca5913858776b41a3a8f098919
687806ea9df1ca6124a3cb873a133f1cf7a04c0c71ed9de94725346e96a1cedf
3ae4cf277910142997f70c63ce76b91e1f095d408707022b4aac32f385e888a7
37d54d555ac333aec3f3e0a710e25df4378d642c7ffe67fc8b1ab5a3d8c3568b
8f26197f796b411d05e068310262be5cec4588864a6e15d618368b2dabda5872
77174558d0223439e2372df2bca8aa5c33bea9217125a95f83712eb458e42e20
37521c83381c7d3442ee7079d90684e030161f3ed845b2e7f5e00c06399605dd
651d31162c572fde1ef33d2c52c4e08117a325841d987def6d0d5599eb2a4a75
5b65ed88c46d2efcb822da245237abae3141afd7ce47b6d44073031e1746f2d4
4db668470e5d3f9646bc32cde5bfb27be0cc43a0aacc2f3ad100228d376e54b1
9bd726be54fcb2da6175081bf3aa64943ff2ea96be32b44d880c2858410a3474
2e3612410451229528de30df978e4b2f98a19f6c283a0acf2be7f666be38c09e
6617e1b02f54b8220308f8feb073b602ba82f831b4bf1aedb10cb5cfcdcf1fb6
8e52d641b8581d4871c09cac0a53c9f6de16d14f527c0a0a540047eaa07d74ab
ea2965d7661202c2a1d3025263336f03b45dbf928930a2052d7172ef1126b5a9
ae251392b9f318349c84a11c230229d9529253ec9743d72a669acf30c82cc3d8
0c0e80d1f4dd92debc9bc79a6acfc168cd761a2548e43ad076e73266f7376b69
9d350f99baf3e33acac807175408b0bf00ed91cd6b6eee6958c8f724ed12153a
301032f66ff3bde57536c7b3084ad7ae8a4e38f3cdddfc8b91958ee5c90d8273
b4e473038786c694eed6edd7d49a1648bbb93db8f0f49cbb70dfb9e651042451
b4b570ddff286ccfc910c7c4e2c9d3d9753abb9399635bcf34f189abb00594d0
5f037d9da63307618b3172824e2cca394c0681841f3888cbcc9acb7bb1a720e5
1a5805ff0c7f7c09254e2fa72e849d195465aed702a0e0725bc7a41f630070d5
afdd0850bbbd9878308fca1a981e388d04420e3a68ee91ef01f28452f7bcabd9
eb45ea7574d1ef24b28be6c467764c10567774e5d6a6a727b2848aa0ca23b565
64536ec7095738eaaa1089d717751fdd623dd45e9127676124ed0a049b9f7d40
3a19847b3f9c62565e4b0fb9cfcb6e87205a82aaf20a54b7a2e81f9db161b77e
8984637d1d766c19bafc05c777b8b8562759e8b54d2d0a99731bc07d0d94aa47
eb4aa88d7332854ab72f3e0978cbc51e479b6be97eb8efdd8086e00ec39c4c9a
59e21ab94f15c154e1755989537e479b81e99a1359d0c16026a1a89d6d64b768
21ecb1c1611def4ddf27b1aa6a35ccfab5facc06c3e5482e4eb26a2d905a220c
68cd7fcbff591939e49a86a42f568068d0740719e74c7ee54c78c09a15500791
68c609aa1e62fa07ec3a0c371487b6002371a336a8226cd39768c7bf7c121cac
d915e9269e2e76d8fa3707052b3b91ea265848d65c0937f1c9772397c1157d30
b66ef293d8f0563f60671b73aae33d5a1f2ab494df9c7fe9c48a7e5b97e65797
6fe259a04ab7c899e13567f95c67bcf1b83c23a81fe88b5a76b5ab20a745586b
2bee2e2fc9f2e083e19721781c1c1d868c057779b260708d9c0b70a2893d8f9d
f1159cc147b3c2fdbf659e7f7a714fc86186f638660c5cf459ed7db86bebec68
3ce405fe1f050fc0210a8cacd8723044dbc9b41b651c0683a000e09b16c9e190
5524e5520899204df143a853bd7162817854563f5eb7abd7fd83e59bd7fd1468
7b4274a84a6014d33cafdd63ff6d44000380be119d88609bf692b08f9e2ede12
c604943af943f2e6c161f17a57a5ab7fcbf656fb7e3dcb15a52eda41ee78a9dc
104d2b7cfd6f0cb53a4739307b68d3a5cf512a97057f5e2dce44fe81b2e39a9a
36e8824be5fe9326355ce10b2bcd9c80cca5cd28fb544be5b45396689fb849da
0abc87d605b410217779b300ce3fab701ec52cd5f974c9c1b403cb6c568d06e5
565a484326802add5f9d744811833d78c88f4f35cc0dbe759cbbc7e86c9c85f9
f2a56535841392831b9e46014c7078ee7dc75e741000d103c1aaaa19cc3f8b55
70cf93703b720789aa697506380d45898630b458f40d08cc65c930b4b69ebfc2
3cb301babaefdb9f2a505a179293b4d3fdacaf3e2ea0040e0f7a44d5b695a306
f869504fab804d4db98b943be898ef18cec1d23eccb90016c6ed1a387f69dda0
9f387c9a4a972eb24a6b04477829539701366646759ca12fb9045892fd5c2df8
5be680d7dc3c1a58a790bc2c6369800ac06c0fdb9fb065698d47f0ebfd6b7b1a
e692475d924fce6cf6f9b042b50f53cd383332909f680717a83cc975f08ca5ce
73989f29e0063575ad497db8a44422e2be4e78e18b3a5ca0c2d01dce9331c806
265de14ebd5f0f5e3b8930c1757ef4a75b3ea46a0ddbe196cf0695b533dfa8dd
6b414616d91aabff20d422e94eaa62b410f40a754bfd7387eff2ac5d13094bd9
227c84185bf74cf76627ac04c1455a52f3b0af17044ad1137615651625deb5da
9b93c1ff3e97514a35debbeac22272cfc40cbb920e93c04786a622a8721a8145
071ee1b23b8b9f0eb4b89363d46f8513845a620a15489d337f9b123770e56395
5aaa7b47e03b4883016f4cc54e0ab908beee8a54e5a2058f7f9cde3dbe893aca
d5c3adafacd86bed9c4f02aa3d0ec14ef79f81767285f4dbeaa3e86768d65b5a

```
#### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
```


Creation Time	2019-03-15 14:12:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
f350612cd869a24a2eda1831234957a0d039007e64060b0532960a9daaf76d03
e26f27fc9f96fd81d4ea35e8a646abc2dffc19025b758a19b80511d9f4c77c07
37d1202eb265a09f8a50520c4d3709d0db0020c1f6700ab5fba2acd5bf8612da
553330a94c186826929df11dc1e7bac6afb2078a9dd4272b41f10b48ead75a12
c523c1feaf944ceda2f7cd3f7153826adde1c17bc1cfd23315e1b1d853adf4ce
17bd003cc3b5d5179b7f9ae72c5c9030a1bb860f50f9826b6a737c25cc597cb9
af8e2888bd64490a70b1309b3860118339130a019d32a57de1d95d8d73123d69
cac22557ceaec572f0783ebe2e01fbfa9356d447a8efd457a46a8c3c0284a9c7
72347ba8b7e6f89637b64f773655d9769c7f753188960d54f11978ad07b1f484
28a4b33b6539f006b20d02f1bab38c3f25fe2ebb515e0c6b00a07c6e99dcc959
bbf554b9fb07d7fb4b3bf21b4c53b1769b678d6bd5a3023c62e344b7ecbe07cb
36ca2cb9b898a45501d282239dbd50a31d4bc3dc7bb35f12181edb3563bc1b25
0fcba547b52ec4523cae954a6ba30c2862206e24fe521b2987b85c8991e29ec2
ddf8088e8d20e6320e6b8381ffc11303bae71c0ced56739ccc4a00cdd5ebd249
7d9e94517584a288d05bc6da8a38a2e55aec5f05481e752eb56343857f02ba4e
362b8a185f5462bc87c79f3774eb02399bde94bbb3890f2cc5042e12ada68c2f
39752866b4e0aab0bccc1d8a153619ab2e6b01d18802d2e0db2590576e85d263
744a61510c073117c7bdeb66cacb336f7783c0d8de37517729dfd5813546e4d2
2fbd64621b79df5e283e3a678f8e19f5d6915606c3c3b76aa51b8ec43be5115f
e2c2fded2d4d0d44484f496ef3b47fd4bde46aad6c768af715842d612ab4ab63
425ff319be68ed1402f40b6e6abbf188a0857d9e0d59d5b6e57a2ea8a7ebe039
ede18ac09dd9ab563bc95d5a3a3d91e0319bfc5b0bbae509fb03ba8c11228e22
d43575d88a7ccd73a4d265a6b1937d6df10dd504ad4b647e57818cd8f4c8cb81
509067b017fc594b417b93d6fb8b122ac7fd467fc384ed3e06b34d4fea8e36cf
914afb21dad659e1289991c0cf11194b04d7b83b3e6397857d3310e41a75552c
dfdd975cd860626d4edcbc854d8b867fc2d05a953524884d4cbb75cc72ff9b4f
f236525e9c45c8f47c90b25f282b107183b7d0926d4e9f821bf2c50a8b6e959d
457ae565a800e5627bb08489fcdcb2b0d010a766ac5bd6784836c387644fd0b3
1e897b6aa1607f22a9016bd31302ba7666a9d89b3ef509a70d580d4faf0fa0d6
2c26a0a8a62cccc87a258f73ac8d0a3ed16b75ae85923251140d14b174fa200c
1550c23045c33ac74a7246df56d2c1021e58e216f0d95c7a18e29035cf4c33bb
e54ce33083b377ac80463785d9300214958673ff30797750da30d0661f82f35f
f123c3f1bb4c1bb17297cf1b7d6f247a20e84d06a4888e50461d846621e6fcbe
ab64cafb80f50f8178f035adfa03d893da9db01cfaa47ff2fbe15be89014b86b
db407e674507467231a1a24ebd21199212ab21a70a35bf4e735419d22f32c89a
fc269ab7069e6fbf795f2e0c89cd4b5863961bc3bae6d5fe6c422714db1a04e9
43addf8c1d6a54c0d082c7bbaace5789c44f5d94a5b18b65c621dd55cb9d68e6
56443b5dcae8501d615a7b2982bdb51c47bb7fe239224ea898da35bcad6511aa
2d2fa29185ad0f48f665f9c93cc8282d3eeca9c848543453cd223333ea2485b4

https://uninortediverso.com/awstatsicons/QThc/
http://lesserassociates.com/wp-content/E8h/
http://forexproservice.com/wp-content/tW/
http://nieuwhoftegelwerken.nl/g9A/Wj/
https://vigor-dragon.com/wp-content/bIO/

Creation Time	2019-03-15 08:10:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
084e0587e2e14e944285e875056a28e318c8391578ce0af716bfebcad0ac07dd
98dd2b2f79cf4d684466ef6f3eb60c6cc5380f3482f10ed3adb93ce5c5783760
ba95bec390cf5b946e1fcd0021d188c4a7cf3198cd2aeb9d48cbbdf173de7660
f1ce6ab5148117f52adaf4336fd856d430127449d240669c4ef30870e8855c49
40f585459627ac46733137a24070168b295c44af801e144b8c3a4295a11713eb
58a852c0f098dda910e51699d10c457e0e5f329bbf36074eaa42b189a0670afa
956255ee5b334e78de4f91e77a831d05d11a743e2a5ab7ff162ab59bdc6eebdb
688a43d13e6e2705c89c40d50d19439b6115957c819de8aed256b213303d0be8
2d90727ed2fe84052ac39eab12e5a2b5423b7433702f143813c31b74df3d03f9
78ecd05655529b01fa2cc6c9f36d4cfb2f96b882386de3e88b13bd5ace01d43b
f08b97e6d49b39e6b582adb71eabd39278c242625c31530c6cf9d79120a92a5a
c2aa60c14d857f98e372b34e710a13341c110c0b57baa52f5feb30e461bfe122
73133e1ac9f4b0354b9e32b8c15bd19b0a47773dc7e200c133b87f7e250ccf00
1846e510c68959be3da55f9c9779b33c86b056aa0027add02dc1bc37d6917ca3
bf1a1ef70a4d2f45740c873eb408f2c8d8a4a90da6479afcb93a6fcd75b1ef11
78475fe5467a1edc384b7c514bb877dc39be78037462809c4200b70ddeb93faf
549031b6c501442409ac1e90ee674b4e07e75cf529a54060b53c8bac740ce0bd
8f8cf818f62abe9a0228bbe73247cac12c9c76a28c656145dfb45b1b95245bf8
6687c785ca45539ea76158d1af08f3e58031d01130cb76d510863f786aebf4fb
2990c3836b1caa49d2aa557dbfa71874411f1cc8a0c2cfab4d3be86b00c3adc7
3e8d1d3cbecdc6d8de0d0331bf79ebb6ff555b575e2e91c66f2040bd9f744a3e
956ebdd66cd219be94e56d98379369c32d6251ebcbd7948d0f465050efae55ff
fb46729bc2d71e7467f8fbb25a967882172b8de20b7777729593ed18ec2be2ce
89115bb2c800e35a3db323f329857f37cc82ef33376ab911fb5f246d8385aff2
fe7473fe66dced3337d14e09f976e1ec0537f0ea4866f7df6d4460099db2a2a4
ebd2e95e7f136fa2274b9f0711394a78252c3f146aef707f75e6b81d8483d9b0
07e992db0d01560e68faf557acb2b60b9978577c27522d70a4f2fa2f347bb430
07e992db0d01560e68faf557acb2b60b9978577c27522d70a4f2fa2f347bb430
799bb9af040ba880f789ab9307a2b5ebff334849698481279f4c4f1c1fdb2340
c7a16fe65d845ff45e5896b2b46510ca06c295e5fdb87b3089f2164d56f96fe4
3206949d81876f9934067f894cd0d2f3a9b061139c86525d0bd95ad45a00c72d
2669686968d5761cbd9ccf6cfb1e2cbf2b36b174c9b7595b15b82971ad131573
90b143bb53cb6841d9da935af1e5213f61e08e3d439de992e06e442d012992ba
7dbccbdcad299185bba7f79d61b63d13cfa4a4c4dd514c519e97ec649bb1d71f

http://mstechpages.com/wp-includes/X5/
http://morrell-stinson.com/sqlbase/RtQ/
http://monacos.us/8EUP/
http://mmesupport.com/pligg/k6/
http://wirelessearphonereviews.info/wp-includes/qu8/


Creation Time	2019-03-14 20:23:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
74a8910000d81c657beb26f73a668d649c30c6ea1e9867d7086e00d08a1b0c77
cf262f6b2cee7e95b3900bdc19ff12a06a01f262694d0c99c827687556f7b5b5
bd6b0a8c2ba7dd51fd2816f8f4b588a93dbf5f89f52bdce125e309ddb1858433
e9e4cd2f2128f1782443cd369f130a08f0098b21c4abb4ebfcffe9849dbe6d6f
b90e38df9762ced356dcb51126bbc6a51532947e1b1f04f12203679068bf514b
ff40bd95310cba92effbe22a1eae2fc9e198224624f6c590aeefc283187b2e28
25a3edf18876053ba37f18681bc0d32405d0bce2399a7e76f7251e05633e4c88
05f052aca11ad0d1d2dabea4ce046669131b23c30347e864e373bf2f02a84606
cedc85b1d669256b90cb39373cb3c355863f662e49a1bfcc8cca893d2c5efa76
bb8f603dc0e356ac1c4ab5e9c6b8005ecd39a392e681402ad40b5d0cd804f668
28b4db9be8b5f8420b7e6a2129f73f525d6124bb0a009c12eb22e6eedd1584a3
562d5b97c79d21bf2f6ab0bc588c8ee6c2754257451cd48986c86f389f21116c
bcce04516238a62408668fad8574e17813b890503a3f6a79d15c218ba90232eb
b807cf6ef14aaf1772472560882a29022118ee224c27c1500bee0a481539d76e
ec6c34b5caf9381cd07ac2f6ed1320707e64e5ab77b19751d89116d1c81fc00a
32ba942cecac3d19ec25037356f984066cf1d22d609c9eda6765283a237e57b8
76764d3d22bf183e62a16b907edf2a7381571cc7386a39e37718f2643de55ff8
569c99524164a9525b2180f21451f80d90e91098965dcae3db1e854a5c4b8f23
092fc30364d1bc30ba813c65589b8974581b1f13fca93a44c979b67f3ef2dcf8
e44af298e1fb69027db9f6ffcf9b20791065a1debb1809596ab7f9ebca2166b4
1a9e9a743e6cefb2d374a535fc46324207185bfd7825b4b48a941f2652517d7c
720321e902e4cab3268d63dbae83f164286a7d12aa73e6648278fa6b3bfcf644
4313abf129ec8df85b4405839b7d38bcad07414890ce78da5dbf5f56aa496a59
b386e29b91a22090f09e821c0aeb8b171d2b693116d8d95f4a4596788bb59f45
70044d8dc58309606a693e0f5f9dcb7586075da46da06a69def13a995a37489e
5cea0075a5a75595d2b75b84f651fbe3c69241c40845e85452037a03a90c5359
3c3b87897819b700ec830e317fdb2d79448f4d7af9c7b7f831aa554a1989cabe
1bd75b896c0b24b407b13405a901c84eacb952dafa5565c4617777d436417d68
388ca94d387497a4ccc6c2d6df665fe3ccc0e6e57bbef45d64ef654fb2c11a18
6d68a290585c0c8c14872708dc770c050331039ca3e18aba84e769e032171277
4690378f78e894b2f9669c0b86cdc1528e663d77a8987938b70357cd962b3a36
0342e996472cd13ec651c008a23bfaf4728784cf17c726f17d92f6db4f7beb67
afb618b3e57391c0a07ca2a2e8c9080fcdcf2331f4790cb47c3352abab9e8025

https://thanhphotrithuc.com/wp-admin/3bL/
https://www.gcwhoopee.com/cgi-bin/t28/
https://thinknik.ca/wp-includes/FY3B/
https://tinydownload.net/wp-admin/1r41/
http://tr.capers.co/xjoma8v/jb/

```
#### SHA256s for Epoch 2 Payload EXEs seen on 03/15/19 ####
```

2aa739b7898beee2b1c4ae8ee936554f7a411867cac19c2af886af1e977cb910
c0df1fb63191af8f14f75878e157c5cf1dd59470745bef9ee82a6e7b27a1a808
9c645f5e53b19ded7783cc609171f81ab9ca0a57766ee68d7aa37164e2d826ce
8ae665b2d4f947a8e5a8ae8f31a0608a66e838bf0aef087d9b31c993756e7b3e
95898f6c14a72eb06c64302052fdd326c3a5f37e5af2962016ad6a123d23e961
a795a35308d70b68b34fe770123484a914edaa2c0eaea7ee29e2b33cd5748ad9
aa20501792e0e79fe836d9c714fce1612da383db47e7c7deaa485bc8a2d0e7a0
73f61ea779fd4c5e1a6c2a4a81ab982ef56c3173d731477a071b9e2f864af14c
01c12c2b4ff4ffc7a82f6e720cf2c8cad5721b6ad6378141ce6600c9761313ef
1049c84799fb32c11d30911c7a50c09b53d754696c4a7b172ab30c88a3ea8735
08a463d16339eeedfdef4ae3cb79ad16610559d5389820c992e749b13675cca0
087507220b57fd01fbbf12d369fd64a7dac9d334864691c15e961b8f8822ea3f
b796bf3e3d7b87604c9ed34f6d4edfaec0b2abed85ae9d5105ebbc4498470e55
616605f2b528efa81aff7a4766c3e35ceb803c515d260dc121dec4931b8a13f8
dc6a277d1a754c6915d5167b4cf0a968ba6866f719704b4bd0c2eac95bd9361f
fff69417e06c7390edf6b5e73fcf85c7a93f6ea80bb3a2f2c9e3dde965503f42
a58d9ac07bbcda3dc394331956d35de5beb57ec109fa7c0244e559b1c5916532
c6629448caa04f6ca40dee2220ac8671e0a274f8d6859dc86b729c8b95a4b3ff
923b1c5eb0294bc125db0e1a6ecea0ab8d7e17912b8acc5589ff636467af5976
5feff137d930a19f7efecb56bdd300dfa61ab6ad5cc048d742faacb2616bc057
5e927106cb0f27d91ce14d27cba852c30ac896e3f367ab50e58c95c2f1d91335
df08a1cdd9002a95d7b3af670ec7f81268cdbd23bcbe5f6c22bcaa6dc6a301a9
d66111630573d06ce239332b9411d6f21bd9138e34cd12f3eb92c997e12770b7
b7c39414cbf2acde68cfd333b549b31ade1e0274321369179da89c5c5e640b9f
6a5e49f12cca372282024136d89badd8bc17c342221c779c2da233403ac81948
a79eedb25278bc95ab8079f32c03ec80ebabd5788959ab21d471be794ff800f2
e89a9e52a7ff35cf9f27c6a499315eea83483c6c5d29006c21e56e25ca967ffb
a48cc7788a6665bd563f8cd4db6efa3d95e7fda851b39398a6410d9a2174c591
68892ba6637f1c9bb0ac257f7ec17b017a26d7f2844ba644b05b3f4b08e3fefa
19f30e0809f2c2abdfbd4e01f1162589aec66fa66286e030f0fb0c03e5203d00
be6aa818844f4d47554c720b8271a79fbd954a53c2da0f15d548b06561b0d978
fa903a5b59968838b03b67efffd8ee1e7448a476bdc9564bf83c1d5745dc6eb7
306d9f03e324389034a676f1212105028dbf9b34a8161aa669706817fe9b3026
2143ab3f88c80489cfa1fe8640dce77c939b1625b03b37613a54e470b2d356b6
08816983da8acd13bf74e03abcc491bb983bd54ef2d2b172f88792a741849d34
ed04e0f13dd75967b0b74189db124f02d0f3b4d2479669244f8ce9ea09852669
c50c3cb08a6fc9c70732d3c1c914ed6207a76af13a5509b64d4ca5269a90b47b
091380b00f44b15f7f4335cd6bdc8c2042305160b9997a36b31bf0dc88767b53
8d34c06c9df4be3bbd37981a02eef133a421b8427817cfaf1e01ef8c79c159fe
fe5ade3a5124ebceb71df398a32511f92520344f7362ebcbd3fddf18e4a7739f
2515d55d101e1460de0e836cc1d542259a3eea3780071b4e3ca088e2d09e7f80
76d260b964f631865f8b228405754c76d9af7cb3d06d536261412fe77bd9ae6d
57aacf6b97baa9d821d856dd4acf3c6edbafbb2e8fe476e3c0b4de8bca55b3a5
84f4df82bf6092a96eb6c8231aa328209191bbc42709f1255462d07c84c164e1
c8584b95b3cfa586f5cda3b90041069aef32577dd1a722b40500024090964dc6
f0a4d6702d29fb4302c6db3038ba5117f49f4ed114c16b0795e4deff91fc51ab
fc0840b8acad1e8f687c53d71ac71daf2dcf06b98cd440c76498ea3a3fb5d0e6
72dfc0cfa34a13b1f86fcc1a0f73103cdf1b0401ef16b1f1429d41f7723c914e
a165fd674eaf4623071b36baf11252196098de9bbe8a2d2a770466ed75098c48
5d509d719f0e7225938b5b4484c73eb54715742fce8582989357905d37eba734
427b2b4e0b6626539243c0c3465ea9838936c4207d13f68b126597f9e1e53827
2571a3c1f143865678b6be2730801faf498359b7c99de5891ba6a4acbb87b6a5
2571a3c1f143865678b6be2730801faf498359b7c99de5891ba6a4acbb87b6a5
169497774d459b90097a5ca9daddefa03b8e2f5b336c9850d751c6ff934804c4
0de581742fbc62477cab52f61cf6259a56acc2df9b51e43e73909d46abf08674
ee9bc8bdfe5e09ac8b6c3434b3b7f155afb086427b4251428bf6e6ffc1e3c3eb
c9797e05a30235a3bd10699a551400c752ff67b4beb1ddf39f1b8fb6f201acb9
4315047c184a825ea80c5cc42ff5239cb9721daf501ead88e98b6cfdc48f0797
f8d9b583ea1daf5b0e7d03b6c1630cd44afecc03a06b5295d19c69cc9abdd902
d633c61a125d19fe33cf434f6940f5b8bf567b43ced14d4ac13f6fcd20514d9d
d918ede95aa70f551eb5236a4b712878306e9cd6338183a1662ef83aa29f8581
9968aa0e63b1d9f0299f834015ee05927d14030395f26288a368f1f120655631
87b846d83dd3bd27470b7ea39de3e27b6935c3cb34a458a3330c5815cda1ad93
0200f8f1bf4219c8fd0e6f53996ca0731fc2ecf2b3975aa9de2a5e5815f14f37
12aa663cc24e1ef40829eb62d6a6318099d00893b50fa7c0520ee11b7dbc1edc
50bac44c5f35c2b9f096644856fb65aa7a19cc29c1d5cca01c6d4d9858abcb54
cdc8801e574567fd38aa9d079488120e8cb432bf6b4e6f69ea9c7705fd4db5ea
01fb6493407a301200a25616820eba3a392b09da1a1511f90cc03ed4ac7dddac
e62da384733a06e59270bd5be2ac742a7abe2177dc34b85cb42d82853c0ec01b
f71e2ca75c31ea4a76fead23171c76978727c7e3c2904443299d4d135d46498f
8da54ecb068d5932fae892a478d6dde139213fe1106e560a70d8c848d3950e85
0867b7f94580ab05f0d7746c53771f2ca5cc1eb19d0a080a729532f2d8442a0e
bb1b7a9017ed9bcf2eff1fe8f5676e493a96bb1ded4afe80f012b2cd0901d39b
faa9cfa61dcd78b541c957cf50025b51056e5796a66457098e4024242839bc55
94e482cf7616c2c39e7482c4a1e4a41797a02240c48a47f3123b4f1e8387c612
31c91644656e4f4856ce9ca1c0cbd45c620b5b5b13846f1e334bde0aa00651c9
903c6d2c818c4b675b15b7ad509ff7057f6c70dca2e9e8c2d411be7965f1aad9
aaf356d6973d26431167239fa14eeb4786c630e379dfdd232fac262d007868e0
7d274512a10087c69f66b6116d3e531fee6011b991004dd5da3fac90681a3bd5
b73395cb5ff7b6dfced8718b759c48859f275774461e3b58d274dbeba99fb28e
71e9dcccbb3b9d58e09382a63181c83f8e24b138aebf85d107336ad45539337f
670468abf4fca2e0d35112da8394390f23438b7974e899a8ddef17bfe43f5466
5d465071303fbd28dd04c7610b71bf66b5b0998c0696ada65d1b2a992af16b54
99c7aa3849162190cff9aca14d1cf4aee7d508eb7db5bde71650d096c31f0c09
0bb82d9d255ed8cc6da86ad8e2a3a46ddd80c70c63a0c79761bac4c4a58c6f2d
ca94f9d99e43a59220356ecb7a96acbb48010388860b9e7f94a36e834157cb60
454c19b83a3de3eb7e3ede5e76234d92027badf0391c0b5293ab210389cc3f43
292613457fe63665940ccda67dbc3e10d0b903b6152fa4d15b81598e22eb0a2d
6eeffd0a5b2c210d23241adc4eda421b43d4b430c716028bedac5b3c52dd1387
66b2122ce3109c1908f129c8d3a4ec4aa00e9b87f2ae10bd587a85d195fae373
8791c0ad238ba1b3371a690b8c05a4b04c7b3411ee7d5893fb7ec5321511378e
f43d508fbafbfc486b76a81f1e51c4f055551409f541177fdb0a4e527264347b
ed2bee24b9d35b9c9def654948eeafee3f0f79d625da557d5a088263fc1c999b
fb63181e5e283cb8fa93ac94d38d20dd15cbcb9665cc501a75abec541f65aed4
bf36c103e9d653b98a6095b02a4e8187eebe2f44725e71360a5ab8bb129ed090
a95e222a2e95c716d425c95c9cfb260b1e984d42a0153409e127d382ef5845f2
6f6ef48a0fb60c10d72c8789639fe44b535b3ad770593f2beefcb5a90373743d
3c2992b0ffd9f9c169e9fda5bfa767dde3dc617d35655d4c8cdd38652935573c
f86b2a6c742264eebc153bea8756b3611dbf977af86e7b2399fa3bf4c6e665c6
f614e2802bc1416459167b6f6b9adda9eaff92f1fdf0f4d2d9b6b9512b4aa6c4
c2e7a5a1b0be9196842bb14b6c2d516c6f3d0a5c122a705b12b482e0be05c29b
c4985c5f2f4e196a9694999a4ec0b240fa8a7de199176242bd4343003cef6c0b
ef091b826401d16856d2dae20155a8c415ca7564eca0e036183e30ca72b32e6a
6f59698382d06ffa288bc0cce81b6ce1a35411a9626c7a632bb7b86bcf581fa5
16d15bf91084115c1cb2d19c6ade045459bd78dfc3b5cbdb1a1fce57909cab01
8a5fad77fc9418210fa0f6ba506d702cb6ec5b69e6249f31ca2ff73314375e20
26f9735876b30b8383f194c120d8271e717d2fe6f737c930d04973dffcd95fad
135ce54129fa2a4974ccdfe4becd9815180feeaa2da7ae0e6df7fbf56ec6771a
e6dfad65b4daf85bbc3ecec38ec5b5d191b585b71b4ee5e0e909d1e9cbc10ca2
6f7e4c47d4fdb5e56a3cfd3ada41633df110460a7996075797c4fb7c15384290
03349df77ae0138feb0eb38582392d0b7543565eaa2a815862da6486baa99e15
291d89e4ce793ecf6e9edbf1f081d8bde8a1c00d463eed3998a773831fe54315
b85e0054f385ebba89cc08b7d1948aa1edefec543b670096eab898d15886854b
28974e84e67a6906488f433e262749f71ede12df94d41fefde80b81233047913
4dc002d01db276a01bff30c751bbfe19c8405ef64c63b79e8c245a23a468820d
09a695462eb12af6afa9836b28bcb21f84caa64abb0ba4ea8e5358462d240ac8
944cc7acbdd10985a5c53c9dcce0631894b196987c88c0d05b75114e385d4964
6df53973b89709f561156187cc31fb363039ce0cc198ee1ef2cc7aa32fe2e650
3bfd4f2eebaefb14ff031fe4ce16e62860f1120e4399521127d6a3ab8712a9f5
cdb1ab40d9d133a4809785d1eae877f098f339d488eb4d37093d46f4cc691173
8bad530bf0f5d217d187ca54d90180e3eb8d45facc9db1371e4e6f2858ae3c30
67e5d9980ee391a53245dc7d31ce2369f1a6f458a41b35ddc578c4ae2e709e15
c91c05e34c12918ade60e70aa852cb8ac640486871432a4464c4f55c91b4558c
0755bbccb14fafe53281afdf39d8b21cd4d3c35a05fb687b8fa3a78dfca893dc
24e9fb65a079eaa4380487f4f6b11c324a62f2fb68ef6a383070d713d651bdbd
3ca8604d1520507361a6c4933413c6bf2d05ecd9830d15241ca1c49ffdca6525
5be8ab7916a8071b57b74fa1dcb578cf5af04f48452f3a88890309a4cefc7b4b
6ddebcd38ff61cb042c9a82f9b8ba639351f8f3cfb9148cd6c1ae0084a6ccc6a
e0562668a47221c0c8a951e7e2d4350fcaf693ed78ec196fe25c74078770944a
410b8044b2dae474a2386d8ff19628584bab127f24c2293dbdb0b92369f5f291
71f852d6883f7290b4372f549f131198055caf88e8f4548666cc16c43904e265
c536d91225629b33d17cc7e57eeeccd90e995a8e28a8be2adad361260df88067
13983c276ced2ef61cb66177f2d40d970e2a7688a67c5a69e2686486e3f5b8de
68d737c0f836d5c600b80c74998e6c7482e76832c4a737f72a15815156387e65
a18562bc73a79aad878efe944bf7676bb76a2c386d8e74d7bd7ea827867bceb3
e695a153669fe99319e1c6bbfd47871b13fdf66fdccde42d0ae317dc211bde4f
2daf4ef0877ce560f11302557f85e8cdf0387d3fabe465c6f9051fbb5097c635
86f0fea23e3ed375569619816c59e9bae47bb4c97b897b55d87df06fc0c49b7b
13ee57d92ba734e26e98d2a3baaf0f56169e1899b6833e3d9ad8ae38aea9b150
ada0a2cc41edc4fec478cdf04638f209b6525346904eed96317fa8d5a81f848b
c027fc8ac8322d60e66defd243fb0961882ab7456f05bf3c253b9b4c32fa454b
51e489949c9219c4613e62e4a4eb9dfc5f139974a34b86751eb5953487d311c8
31d08a827691a9fdc9f396309376722a955a7b5a8156930f69d12e29a25a7f0d
be6ef16415f8b20ed2ac090afada616809bd03e5e7cc8292eeb9572143c8b1e2
65a60352271ce7ee4934967173ab68896726fe8e922e39fd2a399d468657d2a5
b99093f9022d7a2bcf160a4a14c81c75c832bb0e3c6efbfd7d37ff4560b9c5c2
53a11179fafa305c5a682bbeffa1dea40f037ee8fc1fdc1e9412d0993213da1f
6770b76ee4a9f11f238344ac5799bb2279304e2307ad0ea0f88cdbb29d154691
6381328fdf8314b2eee99710fb23075856c071b256ee85b85d670268a9aad9a2
fac37e0e63ecb99bb1d267a14593edf59520fd743be4f7a72eadad08784b0991
840632aceeb76dff58c049339ae4a5e2eae6f974846034033f9ab77e1362b1cc
890001b312a1e36d86c938f8e4c3d4b72b4eee339227658566c816691e86084a
5bf8284ea5ddc723f841489740da82f453304e317542ada9c6a07ce4c9ac2803
5b7ec92f07dad7fe34f0651a43e69ea670eb1c7c525b13fdadeceb1b26cde2a5
3176ff05972f9d88ea6084fcfd9d8dd1a116b4feaf323f7dad84122d4f0bce05
a7205facbd90009ec76aa3fbd177bc68036004ddb7ecf15ff6f979577a5d6d8e
cd38a2925675abfedcf34ccee437c54e327711dfd2489250277ae9c71e7da4d1
e22ac3bbe48fa97b31001ee9641cd1945a52a049b6ffb36aa1f6945678490c14
895ea9da145cc7de47bd845c4b3c500392dd1b8ffaa64be9fd47ef7d39f77915
191eafd5d12b7aa2aafe64146b792a20bf1cd081724fb518bbdf6fab325f982f
0d39ce6cc80c6c3477cca30e181728fe2470a74eca5de7f6057e27284df7f1e4
ff83b4721582c28dc2ba361b8ab47293ccdededeaf5541bedba77af123d7e86f
e4891bdac699267cecb2f39f57eba3acd6205e1a2d382da696c8522050952ada
52257ee7948102cc358dbca2386f85460df6a4bdc3812f34f5e2791361d2a7c8
216269e746b1bae4a5768d168ecbacbb6a9b3bc54820ab639f4737083d0ceacf
073c4249fe4f6f8b4daa0b3e6f529bf406c347d231fff7cd3ff1335eed0b9c93
19aa4b50b9d7ffa26666cb99bbd3593f02c2d75ffb96a091957d7b7147b5f2c8
6620a2acfaf9bbd4ebecabadb663795aac8159b4c582b2d36015afcff7c17b75
1c1124a73311db421519fdacaafdacbbb65f504c876edd4bd9030be86337f041
b981478f74f9c2a3c4fdc10dcf7d2fe39090a92015f82045cfdc4fc03c81a5b0
9197d1abeee4cb8ec1dd8627ead2bbcfa4f6d4b03b94a8c0f837871717b7278e
78210cbffa4868e0e859b9ca1cd28008d08f0c588e3e361b2216a71d5fd18e3e
d954989ae9bbe0f85b59b7282a2dc5bca85e02576c7e5b921605c422c3c7b943
33d96b8d7411af78eb453372e1167f9a16f034f4ec686bf56e0058ca099a4661
4e989d7059627482b9f224401cfbc44a9a034c5afd638f7e9594a3f0dfc60faf
d28b78f4a27d773716460baa1af121d7a386b3c4d476cef775f67463f7e172a7
4bc94b17bb652088e9fd36b163ae5154c825b19f4ea1f5047d033ed2e67c608e
357ae58a4848b1d8f210453bfd0289b15a8f06fa5e21ea5634d8d7b9a22ca3ba
ad8a70c1a1a07ba47d10e6fc2124ca2e2aa7c80f8ee054bca496e4a416ab5080
a417f80a65e942d3bbafe6c49c625fc7c502aa3ae383cdaed723ac83011cce16
59697821c5ef906bb937c1e8bb5c913f2ff4eeface3a8ab866301e0303a4e9a4
2d201298a70de418909f27a96f5ad0eec2d5b34ae4af8fa38442ce8ba6f9d6f5
f9247f1ed78ae6699053de8a09ecf72fa3f2f4ea85ffe8803ad68a3b4318cd14
287c913df5b6906e26e4d7cefdad426606c837df9c6913161e53cc64075adf78
b6353ec308ebf3440f0e06bd5eb6d3c03394e970277538592349d635016c6c24
3b38f2b24219abcf2fba7a0cb351d607aabe53b13f85ef5409f1d035da2679c6
a6c9fdb1674b3f2dc6a70adfdee6445eeeada5ca6e9872bde9955ee7a6c5204c
d3ea69e39410eeeb3c1276e7dc752c4f980c7741d9747259c81c1b59eb4f3ce4
802d089589d14e050e38af80c7b3e9bf56c51d5e6a7c9c4f0411945d129136e5
0b19ac576d3d90093bdf9b732d59db5ec772ad19e0f6fbec32ed41aa7dcc33f3
44e5db1e4e875ef89270cd8b043134d488c9a41e5374bdeed6ba97e227aa35a0
8905c04f77458f87382909535e9137430817017d232c568e9d7fbba5bda00f32
cbc364ff4ddb6db04b1aaf7ef344ff3dbec5ac715ab15f28fcd69e3a0d71a694
c332b83d859aadd699cdffee7356e5a7eeff49944df309b8fba062f94223e77a
856d5af1fc70d30e4315867215f4f085b0c5d4c63d989e43ec20ad4b58fba69b
fbfb80665c3100d11f5ecad102436e235fc5d38ca1119a3554e14dc30329484e
35f35542de8c0b5179b5c41942675b0b1fad9434f43781abc781990fb43c63a2
e288d0f717eabc33ac977092a75c4a6453de4e0a9a15a51086c9e6dc36c7a380
75a9e53c6df03b6570aab3044f7fca4bfc532e9b8cdde963337ce351c58df94d
06a06dc5b7420c7b0c576aea32f29ae0e527b1252f4ebfa2d8fa5d131333bcd7
4f67b25051242638cab9934a8445e46c1ce07fe9fcdddb0166036e2b82c7f9af
d68f3fe24a2acc3e9f9bda44962cebddf1907312ae325730a3fa1518d43e85b5
31fe699054df7671b3edad7b7005505a667b3682fe437330a676aeecb247c735
a6c8d24217f4b7850422887957a6e9959bad84175dd7b3e5cdecdb9fddbc479e
e3123e19730fb8956de0941c55043272cb6da28fa62c6536062ba2deb7fd8d81
26b8ca51745aa8ec71181af4279a7464b44366140cd28e116cfddc8bfffc6e93
4c2344880e0b48de7c328973b70b98defb7348983207fb227d2a7b3626c734b8

```
#### Epoch 1 C2s ####
```

109.104.79.48:8080
109.73.52.242:8080
138.68.139.199:443
139.59.19.157:80
144.76.117.247:8080
152.171.65.137:8090
159.65.76.245:443
165.227.213.173:8080
173.248.147.186:80
173.94.53.3:8080
178.78.64.80:8443
181.16.4.180:80
181.228.211.100:443
181.29.214.233:8080
181.40.122.122:8080
181.56.165.97:53
181.61.221.146:80
185.86.148.222:8080
186.137.133.132:8080
186.138.205.189:80
186.3.188.74:80
187.207.188.248:443
189.208.239.98:443
190.117.206.153:443
190.146.214.85:80
190.146.86.180:443
190.15.198.47:80
190.210.3.93:443
192.155.90.90:7080
192.163.199.254:8080
208.180.246.147:80
209.159.244.240:443
210.2.86.72:8080
213.107.110.253:143
219.94.254.93:8080
23.254.203.51:8080
5.9.128.163:8080
50.246.45.249:7080
51.255.50.164:8080
66.209.69.165:443
69.163.33.82:8080
70.184.97.144:8443
70.28.22.105:8090
70.28.3.120:7080
71.11.157.249:80
72.47.248.48:8080
82.78.228.57:443
89.211.193.18:80
91.205.215.57:7080
92.48.118.27:8080

```
#### Spam/Stealer C2s ####
```

104.236.185.25:8080
181.168.129.146:80
189.159.195.202:995
190.147.23.76:80
47.180.177.96:80
50.116.63.9:7080
70.44.163.160:443
73.14.76.77:20
81.168.92.58:443

```
#### Current Epoch 1 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB

```
#### Epoch 2 C2s ####
```

105.185.141.205:80
108.188.116.179:80
133.242.156.30:7080
138.201.140.110:8080
147.135.210.39:8080
167.114.210.191:8080
173.255.196.209:8080
173.255.250.241:443
173.3.29.123:7080
178.62.37.188:443
185.94.252.3:443
186.113.255.229:22
186.4.234.27:443
187.142.0.234:22
187.189.195.208:8443
187.209.46.240:21
187.233.152.78:443
190.211.207.11:443
190.97.219.241:80
200.113.185.229:8080
200.50.185.54:80
201.220.152.101:80
201.239.154.191:443
203.143.86.111:8080
207.255.210.196:80
208.78.100.202:8080
212.122.71.196:995
213.191.168.93:80
217.13.106.160:7080
24.243.101.134:80
41.220.119.246:80
45.123.3.54:443
45.33.49.124:443
5.230.147.179:8080
50.31.0.160:8080
50.80.248.108:443
58.171.215.214:8080
58.9.168.7:990
59.103.164.174:80
62.75.187.192:8080
64.13.225.150:8080
64.46.91.165:80
67.205.149.117:443
67.209.208.130:8443
67.248.56.82:22
69.198.17.7:8080
70.57.82.196:80
73.183.131.231:990
76.168.149.66:8080
78.188.105.159:21
83.222.124.62:8080
85.104.59.244:20
86.239.117.57:8090
87.106.139.101:8080
87.106.210.123:80
94.76.200.114:8080

```
#### Epoch 2 - Spam/Stealer C2s ####
```

183.82.123.254:80
198.58.114.91:4143
213.136.86.219:7080
37.209.252.79:80
64.228.72.40:8090
67.202.178.142:443
78.149.210.211:22

```
#### Current Epoch 2 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB

```
#### Credits and Notes Section ####
```
Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen

NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.

```
#### What is Epoch 1 and Epoch 2? ####
```

What is Epoch 1 and Epoch 2? (updated 03/07/2019)

I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
time period.
Here are some observations I have noted since I have been watching these botnets:

- Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
being delivered in maldocs on Epoch 2 at any one time.
- Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
- Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
- On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
Monday morning/Sunday night.
- Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
Epoch 2 may have a document hosted on host.tld/B.
- The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
- Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
*- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
- Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
- C2s are never shared between Epochs/Botnets.
- Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
via C2 to stay ahead of AV defs.
- Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
- Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
- The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
- Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
spam template, word template, document type and even payload.

If I think of anything else to add or if anyone else has any suggestions, I will add them here.

```
#### Community Lists ####
```
https://pastebin.com/PepQp9iL - @ps66uk
https://pastebin.com/7EadunCz - @pollo290987
https://otx.alienvault.com/pulse/5c8c038b4bd8e22846232e5b - @SecSome

```
#### Credits ####
```
(OC from @JRoosen and/or combination work of the following)

Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
@0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42,
@papa_anniekey, @Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk

C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
@devnullnoop, @gorimpthon, @Racco42, @Jan0fficial

Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
@pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
@papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman

Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt

Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
helping out with this!

Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
@digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch, @urlscanio
and @Virustotal for providing services/software no charge to this cause!

```
#### Daily Log ####
```

Mostly the same type of malspam today that we have been seeing for the past 2 weeks. I received about 50 today 90%+ were link only.
UPS templates, Invoice templates and a couple of Intuit messages for payroll. All in all old crap or reused junk except for
the Intuit Payroll one which seems to be new since yesterday. I meant to show this one yesterday but I did not have time to do so.
This one is HTML and seems decent. Picture will be attached to post for those that have not see one.


Brad and Cofense noticed today that the C2s were communicating with posts to webforms vs using the cookie method for talking back with C2s.
Here are those posts:
https://twitter.com/malware_traffic/status/1106788893318217728
https://twitter.com/malware_traffic/status/1106576866205302784
https://twitter.com/Cofense/status/1106613373586866176

C2s DID NOT CHANGE for E1 and stayed at 50 combos in total. - recorded above
C2s changed for E2 and increased from 54 combos to 56 total. - recorded above

Finally this week is over. :) Have a great weekend everyone.

```
#### Sandbox 03/15/19 ####
(all with fakenet and MITM unless spam/secondary infection)
```

Epoch 1 C2 run on 2019-03-16 at 04:30 UTC - https://cape.contextis.com/analysis/49215/

```

```

Epoch 2 C2 run on 2019-03-16 at 04:30 UTC - https://cape.contextis.com/analysis/49216/


```