Emotet Malware IoCs 2019/04/11

## Emotet Malware Document links/IOCs for 04/11/19 as of 04/12/19 01:30 EDT ##
*Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.


#### Epoch 1 Document/Downloader links seen for 04/11/19 ####
```

http://104.248.148.224/wp-content/XZoTn-bZyInGox1pyxvCN_tkNcItfUH-Um/
http://111.231.208.47/wp-content/RkgWi-xXIHJSgwGGn1Rm7_EypPtpJuT-mP/
http://118.25.16.157/wp-includes/jXPM-y6D3hXoGfr0tKC_SKYdOboZR-TC3/
http://118.89.215.166/wp-includes/HGPJ-7xqmbv2AfIcffw_XxlrytZSP-Kd/
http://159.65.161.169/auz3rm2/xGkG-dDSEfXl8vXPGjFA_sBOaNuaMe-DO6/
http://159.65.47.211/wp-content/uploads/QXUye-l5xikPIyt2dx0H_VCxGsyVF-iP/
http://178.62.40.216/wp-includes/ybCg-Zw3yr4jh2XwwqF6_CWXBVxry-FX/
http://3gksa.com/temp/MsEvZ-dwfpGefRGC8lbOW_qhZuzGYl-PMI/
http://47.104.205.183/wp-content/Kizb-n3QVjal4u4pdnmG_hJuswwrI-78/
http://4tarcze.cba.pl/errors/uSTVK-lGulHHeqqMbtpTY_XMtUYgpW-kP4/
http://4u-club.cf/css/qZAL-5RFiWt5TxUM7IX_udjytkWtB-MH/
http://59.162.181.92/dtswork/VWoHy-DcEgAtyphXmiaN_SZwJlWZL-O2F/
http://acebbogota.org/wp-content/yDpC-nEW1Lmrq5wWnkau_DYFJSrKoy-gCW/
http://adammark2009.com/images/bpUL-IgdOIdoDWyHH1t9_SlCFekIxg-ka/
http://adse.yal.pt/wp-admin/UqDAy-FxBhALhnrY2XWUO_qfTBGBsP-EWK/
http://agencjat3.pl/js/SIuA-0eSVetGwDKOB7C_nASiJxsgh-8O/
http://agipasesores.com/Circulares_archivos/aDkTh-qxQoE48yNtOeGJ_ArObWbyrm-Yi/
http://agtrade.hu/images/rjBp-KSqtO6gA255NzZ_rLUFnNlDd-Bz/
http://aidos.tw/wp-includes/fgeE-1rQ2iUn0ooAg5QH_dPjqnjzBL-bEr/
http://ajosdiegopozo.com/css/yctLv-YRQEzZgrHPcI2X_YRMiDdAML-mB/
http://akashicinsights.com/aspnet_client/EGcx-DAGxatRcHoz8N74_bWJtagOR-5Lx/
http://alsdeluxetravel.pt/cgi-bin/files/service/trust/EN_en/201904/
http://am3web.com.br/jzJg-0aEqivPPp4EI39_hRmohlhzA-oe/
http://antislash.fr/includes/facelift/cache/SNXrD-Q2SVsaDh44JLa7_TgmsyCPy-vi/
http://antoninferla.com/OLD_SITE_BACKUP/progress/ifJGk-R4t7d7u4LhomTw7_gAUOHBWj-Yv/
http://applystuff.com/personal/fShv-vHMm8fqaQZYZcG_zlFycdIy-sU/
http://arr.sbs-app.com/wp-content/plugins/hSRZZ-yhUw0GUKgW54cD_uoEWXRtsz-B5/
http://astrologskolan.online/e5wwcki/Xhuv-77Nul3PS7MdGHH_HWRLsIQjQ-gRT/
http://atelier.anticrestore.ro/wp-content/uploads/KZxs-N2vHPgWPMpG6edo_swOFTjok-U0M/
http://auraco.ca/ted/lPLeu-dYeWNWsnXwEA0Em_hLdynKgs-Q97/
http://babycoolclothes.com/cgi-bin/dtDis-lsCe9BmoT3Gxw1_ecaIZpfQM-KJ/
http://barsoee.dk/php_skole/scan/messages/ios/En/2019-04/
http://bendafamily.com/extras/rBZW-zjDtsEVsK8YUVz_PnfvyfMFi-PP/
http://beysel.com/XaaK-IZWqrsbyAmxS9X_yHrjsjhEj-a3/OUgr-7ovCnMM9gEYzrf_oAdglwGg-EQQ/
http://bigbrushmedia.com/doc/messages/question/En/04-2019/
http://biomedmat.org/nKtd-08tW7GH4dnNfRf_MzFePcfQD-oww/dIrB-gqXb3ghkqRZJ6tj_iHDWRDTT-Cuk/
http://blog.bestot.cn/wp-includes/TZtG-RtFXcYgYEOOrsD_udRkbvpxI-CWg/
http://bobvr.com/HXJC-vH5nNU0WAvQKZm_oOCSgAYZ-2R/DyHxn-pOwtsoWUz1OGuPY_sRiGcbMFq-kPl/
http://booyamedia.com/img/aBOa-o001Za1KGFtKaYC_aJLTSlpp-uJg/
http://bosungtw.co.kr/wp-includes/kjSD-H33j9DgplvYnYRq_XNXcKwAe-qH/
http://broganfamily.org/EoRJo-hBFgQ8tSBx53K8r_sspwGPWPG-jr7/
http://cad-spaces.ch/picture_library/gSHg-H0jmNm3vAHp1UHv_TpHkjTbfc-vjI/
http://caferestaurantnador.com/wp-includes/qaRrF-rEVDFA2A8RbWX6_YtDVrqiJ-rx/
http://caisff.finances.gouv.ml/wp-admin/uJwXK-GwbQeZYVwBloqS_IfBfoIiF-Lh/
http://camilanjadoel.com/wp/RXLj-L2segE3SOq0sk9_XaBluVUF-wU/
http://canho-ezland.com/wp-content/LTtAm-Rft7SpfHR41Ote_qjIHZpQCm-d5/
http://canyonrivergrill.kulanow.site/components/Zlqm-4fG1whP9c6PKRO5_IWzeqELy-1bS/
http://caru2.cba.pl/images/eeWWU-aVDhHRc78DQCPwA_KMSfYEJOa-RU/
http://caygri.com/wp-admin/kakHl-kKzkDhxlJo6SXPy_GcJFOlmeJ-MXM/
http://ccbescolatecnica.com.br/wp-includes/ThgC-h5nCHORPWwv7y4h_KCqOuqmr-gd/
http://chang.be/carole/legale/nachpr/de_DE/04-2019/
http://charleswitt.com/tmp/ivfPh-oAGLrInjWW9E64e_XtGSfFNsh-CjZ/
http://chigusa-yukiko.com/blog/mpSbw-3QahjWMa5u7dgls_hztoOPOb-jTO/
http://ckingdom.church/wp/security/service/trust/EN/04-2019/
http://colemagee.com/movie/OLUp-zEv9BVudg5foWH_PQFTBDJHx-v4/
http://commercial.uniden.com/wp-admin/legale/Nachprufung/042019/
http://congtycophantuan123.net/wp-admin/xriHS-rs0mSSeOGkWeRi3_hItWmcrau-AnJ/
http://creaception.com/insta/NGVXP-oeDp0oFNVvGsX1N_HbeymKZxT-rv4/
http://cruelacid.com/stats/yepyy-8fvKzJhiOdx3ix_qYBNCrJnr-i6z/
http://csnserver.com/blog/files/legal/ios/en_EN/201904/
http://csnserver.com/blog/NvfB-zuvOokJZTHPmyl_lxDLCmmG-GoN/
http://daltondooly.com/wp-admin/UunL-iXtgPiawEd4FmT_EtdDECon-vfr/
http://dandavner.com/blog/nRTY-dB1QE88eFWyJ2H5_AGiCBvIyW-rmN/
http://datatechis.com/dis4/pbEIU-pqAxm9V1vGbRgjv_ZDZBLERf-cT/
http://dekormc.pl/pub/FNgvz-9nGKAHzjudqqeTv_weGawwdq-9r/
http://depot7.com/aflinks/klmH-wP9hpffK6ez6uh_CQWfMuPHM-WXs/
http://designkoktail.com/wp-includes/fjiK-tyePIzo0aUBJQpz_gKcBUJdk-Uyk/
http://dev.samuist.com/media/ahCBU-Z3vzLyDnZvBGjDH_xeRaFuMs-B5/
http://diegogrimblat.com/flv/XeQe-IJtjktj9C11ad5J_BZmPgwXz-MwX/
http://din-sheng.com.tw/layouts/sIFYI-mLX2wDzOEprCtxj_vEsxFbWme-bpy/
http://disnak.sukabumikab.go.id/wp-includes/OPoay-JjP22NK0n4kU9YT_KvuWLhbg-4Ah/
http://distan.enrekangkab.go.id/awstats-icon/nachrichten/Frage/2019-04/
http://dramitinos.gr/images/NKXTS-CNMapbRwyxFJ3P_AMSyvMGXR-fye/
http://drszamitogep.hu/_BACKUP-20190208-HACKED/qHOLQ-FPF0MBFY0L6ojO_tJeZivQBs-cU/
http://duplaixart.com/wp-admin/okyJm-60maHqnY7Y0KGTU_urBDZMUIx-1Q/
http://easport.info/wp-admin/service/nachpr/De_de/04-2019/
http://eastbriscoe.co.uk/sysimgs/MDlS-kDqhvcdeWjjqY0L_JwVfZPQij-Mm4/
http://eatonvilletorainier.com/wp-content/uploads/2018/04/wfXQ-aRl5D04kkLJV6Y_jEvlQezIX-WF/
http://eatspam.co.uk/4Fbfdv0CZTORJNh/suhr-fBSetee2JyVHPD_JLmAGXne-9o/
http://ecube.com.mx/js/rxUtb-mLFjWNPjejbQF9g_woruhxgOU-FqC/
http://edsakaindobubble.com/wp-includes/PxXT-n7u5xVz4wTGBgx_QRDrEywM-gl/
http://efh.com.mx/css/gRmM-RCkvQCccdtxSTe_bPTKnttg-mAu/
http://eft4life.co.uk/apple/mxnjs-jcxgc0nj4glozs_iabrzlkp-ct/
http://eiamheng.com/aspnet_client/Lbqi-W4hVwcYYghqaw1e_IJCOMGRNI-Oy/
http://eiamheng.com/aspnet_client/yxNW-YjiwkoBobAh9w8_qylNsTSn-jR2/
http://ejder.com.tr/iuLYqpe6E/pKQC-KYTZqZdB1LJKTv_cLErOKYru-rPy/
http://empmtg.com/guestbook/ZCHA-ndYdurR9ssuRJx2_yCboBEiK-ZVY/
http://emumovies.com/api/QPTD-ns1RMZxGPP9KUXc_ZJtdiARvZ-AdO/
http://engadgetlt.com/4zlr3t2/uuLoC-G0Y4pVRYvJTTq5_LfTIoeMGK-ylp/
http://eno.si/plugins/pjJYN-vefjvPwi4AdxCM_ZqXFreBI-Xga/
http://esenolcum.com/wp-content/oWMXm-REjfgJHczPwj0Rw_SkTqDsgWR-hA/
http://espacerezo.fr/wp-content/languages/YPrH-p6xMZFmlo6XH1fM_qqhFRTcyc-iWh/
http://estasporviajar.com/afiliados/vHfcd-skMFJLK8KfaQO68_zJAfiJAD-Ln/
http://estudioillumina.com/MAGENTO/uZmkw-Ya8IH8RuHupiR6_TkeCiwyn-1t/
http://eziyuan.net/404/unqO-ZTkZPHSRGaU8iA_rjdOsJGJ-euD/
http://farlinger.com/wraTc-9ThHcVvzu5CnPf_uwvKgLlr-AId/
http://finniss.net/temp_dc5bcf9d42ded3370fd9c92a7bf0d715/ELez-98KcOt8218hpqzq_IFhsmnbh-w3y/
http://fokkemamontage.nl/js/yyxR-tPZPkJchTNPxBnk_jnNiOMVx-W81/
http://frtirerecycle.com/images/RseCL-SM0s9HDmNsxIEM_iZbgiXyXW-hK/
http://fullwiz.com.br/jbmix/xhBK-NC3rOuUWFNZiG1P_LisZrEmKu-qJ/
http://further.tv/trust.myaccount.docs.biz/KSUbG-cpGGZEsipTtQA4_vRELKrFC-Mq/
http://g20digital.com.br/cloud/bVZY-7eXY1u5CcsbS4n_YPTMLIRC-dZF/
http://gabeclogston.com/wp-includes/CzYD-igfbyg68Eegqm0_IuknqYSZ-w9Q/
http://gamvrellis.com/MEDIA/iKlUb-ZImFSwyWl1511m_JVwwAblkt-O7/
http://g-and-f.co.jp/photobox15/fCVjp-zBv0dB1D3QFbAyX_CmYCNqLrA-yr7/
http://gauashramseva.com/wp-admin/QoVN-Zq7aM5dGA5lHrm_RbMvfQCF-lXa/
http://gaz.cl/FhXY-lQk2ZCuhx3kUnDT_CISswsvvk-p4b/
http://gcjtechnology.com/_themes/kVEV-lCikhuqYQbu0Epr_TmYIPZxSj-F3/
http://geolinvestproekt.ru/wp-admin/xKWi-9ZGDI2ylH34ndQ_qmBWpXjls-V6l/
http://ggrotta.com/ApRZu-byMeNiCPp6B3W0_pABEvcWF-Lt/
http://ghostdesigners.com.br/bin/ANPJ-F0Wf8qm5mOPGgp6_aGVyDexCe-1n/
http://gmsmed.com/wp-admin/EHdWd-EiEQqdVguYHl1TG_bkPRHWATT-zC7/
http://gozargahelm.ir/backup/sODnx-7gthlQHJeiC5dA_mHuGRikU-55/
http://grandautosalon.pl/YVczT-5cXF_TzzA-LqD/NGQG-1kXn6uU1ktXp8j_cnktVZtNd-oX/
http://gwangjuhotels.kr/wp-content/themes/xHqyq-iiAttgPor6CqMb_uGjvtvGq-uh/
http://haek.net/admin/NBUdv-3Vp0RxVbkX7Cwy_AWiMVcTda-7D/
http://haru1ban.net/files/UmjK-FqJTnpq97m3dcy_UhRoCKHA-Ae/
http://heartjoutfitters.com/wp/OzGM-AoJhSJUNROZ99z_KTEoXXjm-P8/
http://highcountryblenders.com/wp-admin/mtzy-ZLmUHQm6gzirYDI_ozXIEfhRg-hI/
http://hive.world/wp-admin/hkUFb-GZxBl4c9V3YYzk2_wTaaVHZxn-nA3/
http://holz.dk/awstats-icon/HTvrc-jnVVguMRLcYrxNj_BHdNXXTL-m3v/
http://hostsoldat.cba.pl/skins/pcehY-FUl2i1wsQvHSqP_rKPdUmMKp-HyB/
http://hubspotanswers.com/docs/legale/sich/201904/
http://hungthinhcars.com/wp-admin/gTpz-X8Z1MftcyezehzR_HqfWouwPn-IT/
http://i9suaradio.com.br/boleto/iRcek-8ZI9ab34SofN3R_GAaCUffve-07s/
http://iktprojekt.si/js/ocVq-dhPp8M6Z3lPYHRk_mZUHkLfM-F1/
http://imnet.ro/wp-includes/veeNI-6UhIvncyiuZeWcE_PVYzJTRe-yd/
http://jbskl.com/calendar/oeADr-BlyG1mBX7aF4hM3_vTcCAShrQ-WL/
http://johnsonlam.com/Dec2018/doc/legal/trust/en_EN/2019-04/
http://jorgeolivares.cl/correo/GZetw-zZFNzRBV4zeZmp7_mzWBmrrUc-2SF/
http://jsya.co.kr/@eaDir/security/support/question/EN/04-2019/
http://kamir.es/controllers/RDZx-vIh5s9mhx3YeNoY_oxYVnwTZ-Q0/
http://kamstraining.com/wp-admin/Jgndv-yHU17yDxY6oIhf_cQBkvBlqD-uvK/
http://karalamadefteri.org/secret/sTtX-BinTXe1gYWrhGmQ_yrFvnXwp-eG/
http://karin-russell-wiederkehr.com/wp-content/ynZU-Doq0t4nRHmR8Zk8_pqBKYJzP-KQ2/
http://kingsidedesign.com/blog/RQGqJ-ncmVOn3pRz44m9Q_GmiRGnip-z9/
http://kintore-daietto.com/wp-admin/bnOXa-SwvcKHZj8IpVhyA_JeIkLMInZ-TRI/
http://klanelkhamoowo.cba.pl/errors/jRme-Hy46VYQAKR6Tr4_rBzrvBRc-In/
http://kometpol.cba.pl/override/privacy/service/sec/En/042019/
http://labs.omahsoftware.com/finpay/wzLEM-17xMJxSQMj4oY4_eYAPmmuTU-of/
http://likeahair.com/wp-admin/RKeS-nCXXCRXYE7UjPT_YsESOXfX-T4a/
http://limkon.com/aspnet_client/system_web/ehczl-uh8rhoisaelkqic_mjkiofvil-snn/
http://lswssoftware.co.uk/Accounts/secure.accounts.docs.net/US/service/verif/En_en/04-2019/
http://machine63.com/vpnoiehr/wzLTH-1doUQobSJ1eZrrX_HAtNhJSL-K6h/
http://mail.mtbkhnna.com/oqfi4kksd/mYWhc-81UVVx2gsfOv1wY_QZZQSDZa-Kv4/
http://mathew022.cba.pl/ajaxvote/support/Frage/2019-04/
http://maxindo.com/verif.myaccount.send.net/zxtU-fo3zaITvO1i8qCo_NPoEagaC-N7/
http://mobilitypartners.ca/PhotoAlbums/verH-mbhX2G4UftZAUS_ZjtyuSVK-w60/
http://moes.cl/cgi-bin/mrZZb-aVmCdAvt0VF6nx_QmkICFDHc-ib/
http://mrupaay.com/attachments/YZAzD-mMLsNKmIeFhTgX_WHIeBZgKY-mKO/
http://mustafaokan.com/wp-content/uploads/RYCIf-dJlwN5c1299S8q_swdQqKGmm-8c3/
http://mystudybay.com/wp-admin/lpcuY-hFsDhyJVXwa6ZsT_RkBVjwbry-Wb/
http://newbizop.net/assets/txQq-ctpKtwqGjXrqOGT_IrPxOtkO-62C/
http://newsalert.ga/wp-content/uiXx-2rnduKIzDFFtLH_cIxjKPriO-tBR/
http://newsmafia.in/d/rsiY-JWPgIf7ytoxMbjE_vkofmjusH-lcj/
http://newsspe.com/fvefbd/uWiOu-hgALRj4KjhLghy_NfwoAtji-utg/
http://nexusinfor.com/img/doc/support/trust/EN_en/2019-04/
http://nikolas.com/wp-content/lFHqk-eM4EEjV6ojPUZt_yDqxoIUHj-aUV/
http://nownowsales.com/wp-admin/GDqS-kd3WlZqJccx0dR_oBuREUPET-3cU/
http://obkfah.com/wp-includes/WXiA-h0Z1NWC46U6VbPW_kIFlBoDK-4Ki/
http://omegaconsultoriacontabil.com.br/site/IuGwq-sCLhGyY6CcR7A6_iaOqParo-9Ix/
http://ozenpirlanta.com/blogs/PoOv-m1NNwGXaFMY7BO_iMOoLIGX-9jH/
http://parth-traders.com/wp-admin/gsZV-XelLFA0fKARe9GY_IpBQRzcJ-MzQ/
http://pepzart.in/byczowa/PzjPQ-gF5nFSaPzVMQFL_uKlRDJnU-6x/
http://pernillehojlandronde.dk/old/Bwbnt-OoybqCMj2vN4DA5_gbGWMIJa-ru/
http://pllu.atkpmedan.ac.id/wp-content/uploads/WuEN-pbsKziitgeRNGP_hLptGnAw-kX/
http://poomcoop.kr/wp-includes/LtqvV-zgmELLR9z5dosPP_gVwuwkarp-Ge/
http://potterspots.com/cgi-bin/files/service/verif/EN_en/042019/
http://potterspots.com/cgi-bin/wqnr-mVzu8UbphstZQgD_ZETwgCMsP-MgG/
http://projekthd.com/galeriagniewkowo/Tpru-12owK8cisoI6UBL_TzdmEtMIV-xPZ/
http://puntoprecisoapp.com/ypb/CWaLp-ZvMdFq079BYzYU_FwcfChFo-dU/
http://qservix.com/wp-admin/mIMqZ-ypKBIJ3JFRze27_RoyrRXEjg-8eZ/
http://remider.pl/bwp3ibr/LjCYG-tPZPkJchTNPxBnk_atEWfGpHB-6JQ/
http://roxhospedagem.com.br/chatonline2/TDbPC-ZMCayhNuo04MYo_rBvhrevp-Fiy/
http://rudzianka.cba.pl/wvvw/Hntyj-RxigEDF196QckWf_zSNfykzj-G4M/
http://rumahminangberdaya.com/wcfv/XrNZ-9k6CRK4LpiwgtDr_OjIlcVno-iB7/
http://samasamak.ir/wp-content/uoOL-ExHopj7UR3l0dPF_HSxlQJVI-7a/
http://sevensites.es/D1J/htOvY-QBZYhnFfbHGEtiL_aKUNoETi-8H5/
http://siamnatural.com/anchan/gIvhS-R9yLupvDnCBKBj4_AKmuKbuzL-xN/
http://smc.ps/ar/IJAk-uDEwicxyP7lTU8c_dqufrQmi-yY/
http://solpro.com.co/wp-includes/ZqbO-0BGwt2WEzQq8i6J_sxbVRvhA-3XX/
http://sonare.jp/LivliSonare/inc/messages/trust/EN_en/042019/
http://sonthuyit.com/assets/iJTf-jd7yTuUmCIBHxv_KBEZxgIwI-Di/
http://stateunico.com/wp-content/lwZY-KA7oxL9lilkDxD_eKyaOkis-gdh/
http://stsbiz.com/js/AUZk-uBJNsKgPPLu2hFe_jRPjWBJm-MD/
http://studiopryzmat.pl/cgi-bin/lBha-AY33SFNJeTn6X6_wcuEUjhzZ-YYH/
http://sudheertaxclasses.com/wp-includes/BNuvt-kjlSAG7HxUH4Z4I_rUpJLIkZ-k6T/
http://swiat-ksiegowosci.pl/attachments/Tbkme-I6ICJ4xwnvX5IcZ_ZthJMRlIR-W70/
http://symbiflo.com/PJ2015/QUlL-ZfGfyU4lUfZQWhF_WGmEIjcap-ZXw/
http://tasawwufinstitute.com/pxtguwk/PHBHC-fYnDKHBXekNz7u_APIfxAhn-cPx/
http://tecnauto.com/css/Egtg-KcavRuOVviWaJn_kcSUAxMW-RTu/
http://tecniset.cat/docs/HVyE-nv4nkVABFPJ7oO_cIjIGQsI-aB5/
http://thepropertystore.co.nz/cgi-bin/toHlJ-yjAREBDVRjL6G7I_LBJXNNFwM-Ae4/
http://tomsnyder.net/Factures/kzYS-N7sji9DO7Hxg7Xy_auWrRGYHY-48S/
http://tongdaigroup.com/bill/DGsJl-dbCPw8iSSWaNhUi_vAZSQfzb-51/
http://trinitycollege.cl/images/pZhC-8JslWUKAuojZFGP_PeydMPhle-PwN/
http://tsk-winery.com/wp-includes/NXChi-mLdpjlt2zOZjXH_DQeXHkxKX-ShN/
http://tubestore.com.br/wp-content/GgmNc-f7eu3mTaTaYQRHV_RevPxwmm-5a/
http://uninest.cn/wp-admin/wfno-wC1XuouoYzuxxXg_VjVWgmEdl-yg/
http://valencia.mx/capture/fvcwv-xiA6akPQhoH07n_ltjRFMSD-Q3e/
http://valentindiehl.de/writers/ZNtM-SzBXZJDAm1Xx6iE_QJZxOgpVf-0i/
http://w88bongda.com/wp-admin/XxFT-fS82PddC3lneCg_kKMrBqMpS-MUR/
http://wb0rur.com/certificates/eyQNv-ZSlkq90fYT1jUy_ohJSpSBG-h6G/
http://webofmiscellaneous.com/wp-includes/QGMfj-5mnLWABov1CNbsF_izNLHHsN-3R/
http://whately.com/google_cache/nBhx-CVMD2wCMHkKxVa_URtsqEjf-uQ/
http://winast.com/drupal/nguh-YcOiqV8fWAFiCW_mBwnSmwjX-gC/
http://winast.com/drupal/QFMhd-ao99dlWcS9KTun_ibkwdKZd-ah/
http://worldclasstrans.com/admin/XwUo-DP68ASGpTzsZxGo_lhlaWgdn-8Gh/
http://wsdshipping.com/callback/NyOy-TYuVwUb6NBCbEZ_TrMporFc-Qk/
http://www.beirut-online.net/portal/security/legal/ios/En/201904/
http://www.biomedis.lt/yowwk4j/nachrichten/sich/042019/
http://www.bushmansafaris.co.zw/wp-content/service/Frage/04-2019/
http://www.courchevel-chalet.ovh/fbmyql7/Umacs-vGYF6TrzK0MleU_lRxFRzYu-mKq/
http://www.din-sheng.com.tw/layouts/sIFYI-mLX2wDzOEprCtxj_vEsxFbWme-bpy/
http://www.highcountryblenders.com/wp-admin/mtzy-ZLmUHQm6gzirYDI_ozXIEfhRg-hI/
http://www.jbskl.com/calendar/oeADr-BlyG1mBX7aF4hM3_vTcCAShrQ-WL/
http://www.job.tkitnurulqomar.com/wp-content/CFmGi-uYtUcACXj5C22El_KiSojpuHc-him/
http://www.karalamadefteri.org/secret/sTtX-BinTXe1gYWrhGmQ_yrFvnXwp-eG/
http://www.kizlardunyasi.com/wp-content/plugins/--gotmls/images/TiOxC-IozNnSWwzSxLUX_OiQOUmLMC-j8/
http://www.megawindbrasil.com.br/css/GEOg-P72ybT4POeLwPNX_KKGtCIdX-6K/
http://www.ni-star.com/wp-includes/xeWa-zvtLPvBA9bRoKuo_gZmQqvmVc-xf/
http://www.phenoir.org/homemap/Xqipi-sLCIsEo93yEsw8_IaigvXxO-tq6/
http://www.skiploop.com/blogs/itEMT-kFZYbPA5endO1l_mBfwRwzLJ-X2/
http://www.smc.ps/ar/IJAk-uDEwicxyP7lTU8c_dqufrQmi-yY/
http://www.sz-lansing.com/wp-includes/ifDEV-kUYN7Atdfug4lnC_MEMGgJkCw-iH/
http://www.wsdshipping.com/callback/NyOy-TYuVwUb6NBCbEZ_TrMporFc-Qk/
http://zefat.nl/stamboom/CuMe-oyI5sgcPksusUq5_ZZgnZPOH-Jd7/
http://zlaneservices.com/fashion/aELr-OyQNQDXMLVVVtam_xumVcMorx-A9/
https://aidos.tw/wp-includes/fgeE-1rQ2iUn0ooAg5QH_dPjqnjzBL-bEr/
https://caygri.com/wp-admin/kakHl-kKzkDhxlJo6SXPy_GcJFOlmeJ-MXM/
https://disnak.sukabumikab.go.id/wp-includes/OPoay-JjP22NK0n4kU9YT_KvuWLhbg-4Ah/
https://en.dermakor.com/wp-admin/yUOqR-yuUMeZcCK19VddV_GWjXyORw-uuW/
https://fishingbigstore.com/addons/EwRc-5aaHlkpe793CoDF_LCtnczPfJ-sN/
https://hive.world/wp-admin/hkUFb-GZxBl4c9V3YYzk2_wTaaVHZxn-nA3/
https://hwx-group.com/wjwrtce/legale/legale/vertrauen/201904/
https://loh-tech.com/sitemaps/MSqEP-ghZ0usabEh8GdNp_EXZAwGZrw-5Qq/
https://pepzart.in/byczowa/PzjPQ-gF5nFSaPzVMQFL_uKlRDJnU-6x/
https://pernillehojlandronde.dk/old/Bwbnt-OoybqCMj2vN4DA5_gbGWMIJa-ru/
https://profithack.com/wp-content/service/Frage/De_de/042019/
https://refikkorkmazmucizeler.com/wp-admin/support/Nachprufung/042019/
https://solpro.com.co/wp-includes/ZqbO-0BGwt2WEzQq8i6J_sxbVRvhA-3XX/
https://sudheertaxclasses.com/wp-includes/BNuvt-kjlSAG7HxUH4Z4I_rUpJLIkZ-k6T/
https://tasawwufinstitute.com/pxtguwk/PHBHC-fYnDKHBXekNz7u_APIfxAhn-cPx/
https://tubestore.com.br/wp-content/GgmNc-f7eu3mTaTaYQRHV_RevPxwmm-5a/
https://vdvlugt.org/lepeyron/pkbOv-pE6CIM5pI8oc6GY_MRmGEgRw-ft/
https://wordpress.carelesscloud.com/wp-includes/NUOX-m29FwTWGpXDFLLh_qumOcRfh-AO/
https://www.blogbuild.online/wp-includes/JhgN-hevULL6R9QfXzkx_CLyyVvVq-cI/
https://www.lifeandworkinjapan.info/fnlk/VOxXd-8qvjiXJbSlDypVH_BTiekCJv-7Q/
https://www.ni-star.com/wp-includes/xeWa-zvtLPvBA9bRoKuo_gZmQqvmVc-xf/
https://www.vdvlugt.org/lepeyron/pkbOv-pE6CIM5pI8oc6GY_MRmGEgRw-ft/
https://www.wsdshipping.com/callback/NyOy-TYuVwUb6NBCbEZ_TrMporFc-Qk/

```
#### Epoch 2 Document/Downloader links seen for 04/11/19 ####
```

http://107.178.221.225/jxewyv9/61k9rt-8ya9h5s-fkob/
http://119.28.135.130/wordpress/2zmzf-irekbpl-zrgbww/
http://140.143.224.37/fb5sreu/r5mxmmh-fugkphd-soynax/
http://165.227.140.241/wp-snapshots/Cuaop-b5vOtaUZ6BIfao_viCZSRyil-CZ/
http://203.114.116.37/@Recycle/Xauo-xqulY3WMMsbCDBd_sknIzXFx-0U/
http://203.157.182.14/apifile/mat_doc/lBSu-TcHE7427hNObkub_UlYAvOZRR-etP/
http://35.244.33.247/0pgfs0p/brfUY-N06tPCXvQupDrMV_PaRdlEZL-lq/
http://46.105.92.217/wordpress/qyvVr-k9htW0iSBWTqb2I_XXZJcrAG-eJ/
http://7uptheme.com/wordpress/zc0dnv1-srpr2yh-keryl/
http://94i30.com/cgi-bin/KnBk-Ot6VI3sBK0sFjr_DXClAUpS-0cF/
http://99sg.com/zen/zc_admin/xiAoM-wpUY5m3PJRUh9pq_WstuHCIPH-vw/
http://aandjcornucopia.com/payment_options/vd42v0-ve7re-zuzzv/
http://acteon.com.ar/awstatsicons/ukxtO-nDdWDjaZ1IqCpM_hpLQEsZNR-w1R/
http://adremmgt.be/pages/z10n-0t74tp2-dqvar/
http://aegweb.nd.co.th/wp-content/FBirs-H0XiQJzz6VUJf7_NAjoLnpxw-Tc/
http://airmaxx.rs/nulvt-xbrcbp-yfcpetgo/VZcjR-5TStHqkxrGDnY8B_xWRWNJTMt-Wz/
http://airtechscubaservices.com/wp-includes/o9aa-kcldly-vssncy/
http://aktifsporaletleri.com/assess/xUezr-9llr0J37rjFTPWr_TRBcviot-2Ue/
http://alaattinakyuz.com/wp-includes/a7xha80-111co-ycgl/
http://alexwacker.com/nginx-custom/g2s89b-jcofbdr-dvqywlq/
http://alfaperkasaengineering.com/dokumen/xHyL-RgFeuEVQ9Pnf1EB_IKSVBCbWA-Dnw/
http://alokitokantho.com/calendar/892lcp-5tm19m2-xeoivib/
http://alry.com.br/wp-includes/g4ju6-bco3vt-shseeqn/
http://ansolutions.com.pk/US/CGfS-Jeww2O12FWBMXD_YxFkhUAw-ww/
http://apecmadala.com/homemap/tffvarx-0ci5enk-ixsu/
http://applianceworld.co.ug/cgi-bin/PtLTZ-grJ4bK2VxDEdJh6_SbMlRwunz-Eyy/
http://areapaperjapan.com/ww4w/2uqi-ira8lm-eoff/
http://artificialfish.com.ar/lXpeo-EPNWYjrxjNfOmEU_XwBuyNFy-nCG/3otqui-5f53h-jyzyqk/
http://artvest.org/roseled/cCjg-7NYo9QKN8uhCHF_uZSLrgyqE-fj5/
http://ashantihost.com/hsrr0i0/e8necdb-cp46so2-cwtup/
http://atelierap.cz/administrace/kqaO-caQlCSo7aiz99mE_fqxyowPUE-U3U/
http://banglanews24x7.com/wp-includes/0kv1v7x-i2fva-jzaoc/
http://bayboratek.com/28032019yedek/jpcj-u3WUi3wRKpVQwPE_twbkuKxQ-kr/
http://bbfr.cba.pl/errors/MRGjk-u0uwNJE0zLAF6R_DoglSsFhJ-Q15/
http://bcdc.com.ph/image/f2vl-gohnfk8-hvvkgq/
http://beljan.com/images/OXZMQ-otGAiktyn4XXvmZ_UOOjsKvCe-dz/
http://berith.nl/wp-content/YmtLF-VL23CRsMg2wiMeI_geAVKvDq-D3B/
http://beta.chillitorun.pl/pl/kbxgh1-2jy9g-bijue/
http://bility.com.br/agencia/owgw-aVQ9V1pzRTTOZq_zUzLBltGC-wI/
http://bk18.vn/homemap/atqh8u6-2yl1c-kxfr/
http://blog.almeidaboer.adv.br/wp-admin/KrIEq-drWGxfuWUy6QMN_nfKxPvkv-NE/
http://blog.postfly.be/gdyk/fnfBE-9mc5W0qSuzuhs3x_pAEjaQzxd-LOC/
http://bomboklat-online.com/mphoi5j6h/zpsp-tpgcp-effdj/
http://bonsaver.com.br/sendinc/HBHOs-Yb6WNN5L5YBEbDV_TpgeAPpge-2p/
http://borggini.com/pages/TYuu-QcfxaYRNtuzjNe_nOfTavVR-rD6/
http://borsodbos.hu/kavicsospart/ongyT-yyjRD9kj1R2glL3_Yblyxypuv-COE/
http://brainzoom.ch/thetahealing/0j8mmnq-78hg8js-idiwcd/
http://brelecs.com/wpp-app/TSBa-5WLU1G7RRffMrZ2_kmvPIgbI-nDl/
http://brutalfish.sk/dropbox/dUfX-D6Poz0M3Jh9eOoL_YJxieAtkx-xI/
http://bryanlowe.co.nz/blog/sQKji-vhQKpKHxqhzZFCn_pmLuXzJi-KQY/
http://businesssforex.com/engl/7jhojcj-px6yy-bevv/
http://byworks.com/wp-includes/p0b8-crvw7a-brlh/
http://campanus.cz/wp-content/isRbk-SvOleLctyW4T0p_YLaoLFib-wEB/
http://cars24.org.in/wordpress/yi66-k67tlx-yqqx/
http://catherinetaylor.co.nz/Self-publishing/wUJNq-0drRFahegBaS0E_SnTcuixWj-1n/
http://cdmedia.pl/wp-admin/Lkil-aTP0inyHzTb098_rBzfPQen-o9c/
http://chanoki.co.jp/Library/7kzy2ua-j0n0z-xpng/
http://chedea.eu/IQwK-H3ozxvddE7COI2_JSFxHwyu-e6/roIg-oodyvdCkpHxV44f_NzKgaZgsQ-fp/
http://ciga.ro/jgOE-9cfplM25WsdqpEV_KtEXmnrS-JBd/
http://classicimagery.com/System/mfEHo-AarKdQsJcsCKyt_eDszeDmgJ-B4p/
http://classify.club/wp-content/ihjwj1u-b3xpxkw-vyargp/
http://cliner.com.br/antigo/2tmle2-x6mb8e-fwbyu/
http://closhlab.com/Footer/AwYX-EDOf2FKxWPmTYv_ZyAJzuWhL-2Cy/
http://cnhlwml.org/wp-content/xGyBG-iiHDEVKY9SpUZq_zsdBwbkU-Z1/
http://connectedwarriors.org/owbbryy/qm4i-kxvr60-nnxvm/
http://conormcbride.com/wp-content/QLpJ-RsS95KNcPKS974_KCwbdfKcI-Rx/
http://corpmkg.com.au/cgi-bin/iUBz-TkJWyIHueOGZKgr_FdQWzGqY-VmV/
http://corredordepropiedades.tv/videos/Qvxg-UYtD6hVpTPkLqyg_wMHoIFLJV-EW/
http://cortinadosluft.com/loggers/sppza6-7970hf-dqowfqx/
http://cotacaobr.com.br/application/0xngof0-8e9yl-yvjnta/
http://creaception.com/insta/IIwD-ORWvCYkURIJbzuN_ZRRBNWPPQ-U8/
http://cuviko.com/wp-content/uploads/f6wa90m-jgjrq8p-piehqp/
http://cyborginformatica.com.ar/_notes/g9dae-5fnty-xemw/
http://danielahantuchova.com/wp-admin/fz86w7o-j25amn-zcbsb/
http://datasheep.co.uk/www.skye-tours.com/MhzEd-U9M0SONwohw1Ubz_oDNLLFGN-3J4/
http://dbv.ro/mphoi5j6h/ezgK-ZfP8iiL7q3bI1B_aNhUYqNLQ-lhH/
http://deepindex.com/wp-admin/KkPes-V31deF4mwmdcNO_XsMQlVpHT-toE/
http://denmaytre.vn/wp-content/juLsk-qsxnvQMElpq15P_ieWrTWMwP-rY/
http://denocreer.com.ar/wp-content/cb3r-0hlkel-tgdbxh/
http://dev.livana-spikoe.com/wv4gres/9wpc9y4-naic83-dykcnzi/
http://dev-en.rewallonia.be/wp-content/CIdk-qq24qMNGC4XEZ8_ZhwayYAfZ-5pu/
http://dibaholding.com/wp-includes/thjgp-45p577-zvno/
http://dierquan.com/wp-content/4cvr-tq5fz1k-ihqyut/
http://distorted-freak.nl/html/el8hqq-dfhpjt-gldxxgg/
http://diy.ldii.or.id/wp-content/qbkm4e-06sksy-fxifvwb/
http://dmgh.ir/wp-admin/WhRs-iPLJ99haAM471xB_lDSgkzcK-BEP/
http://dobrojutrodjevojke.com/wp-content/jl7v-1112zg4-rkvf/
http://downinthecountry.com/logsite/wUaQ-z4ywQr6GFvLxWSf_YsCVXFmT-wN/
http://dracos.fr/Scripts/se3gyh-hjwvd-rwarb/
http://dragonsknot.com/cgi-bin/FEhYD-Dy5sZQzjctfE5E_rrwExwNd-FZf/
http://eastblueridge.com/page3/PtZyv-vvVIacKrLWJKzP_gYlxqZDqk-yC/
http://easternmobility.com/js/HDJXM-PaftjRX8VrrVFKt_HuUxykyri-fem/
http://edenhillireland.com/webalizer/iJti-n9n2Q1kQaNXvZN_raSqSoiXN-suz/
http://edisolutions.us/tmp/jVxm-ZEZHG1tUWXIYCwh_dpuizYtCu-ka/
http://efcvietnam.com/aspnet_client/qQQed-s2rnduKIzDFFtL_lvstxZnFi-E7/
http://efcvietnam.com/aspnet_client/qQQed-s2rnduKIzDFFtL_lvstxZnFi-E7/./
http://elgrande.com.hk/xxx_zip/0jl1-ynjv9g-ntrvmq/
http://eltnest.com/qsuf3qv/526f-vk47qj-yfua/
http://encorestudios.org/verif.myacc.resourses.net/Dhce-wSvaVoeRR2lOLIq_yCbREXuAm-QH/
http://enginesofmischief.com/loges/owKC-hGwppnuQyTlcPwF_bualNZckU-Hj0/
http://epicoutlet.ro/engl/37kzy2u-rj0n0z-xpng/
http://erlcomm.com/BNzC-VgDgOLD9aPylaRI_sdwzsBjeN-XK/
http://essyroz.com/wp-content/q4xao7b-j13tpz-chqs/
http://etherbound.org/test-images/DCRl-zvVKSUvBoF2bCB_FAnTHIFL-Hi/
http://eugroup.dk/bal-billeder/fFpL-U2pwwipaOxxcCIG_HAmZqTCt-mUs/
http://everandoak.com/css/xtjithd-m97y6ph-yelmiwi/
http://exotechfm.com.au/YDmHx-wlaRWdBx0K3g9n_PDbPkfUl-iT/
http://famaweb.ir/intro/CqsjJ-kTIeifGZpFxDvR_iYvvziNGn-iKT/
http://famillerama.fr/roundcube/vendor/pear-pear.php.net/yvrNh-CzM6wQb7OpHHuud_sDKOZaYwc-2Ml/
http://faroholidays.in/cgi-bin/brpV-OQZ741wYiyKgWgO_jUOqLXAB-Ub/
http://feryalalbastaki.com/kukuvno/b6br32w-pu6plc-igxe/
http://film2frame.com/WEui-ZF9HB4OtuNl1abl_yhQccdXgi-dA/WEui-ZF9HB4OtuNl1abl_yhQccdXgi-dA/
http://firstmutualholdings.com/wp-content/pKPv-7kSNzvrNIUVXV77_EVCIYjGkT-Mc/
http://fit.yazhouxingti.com/wp-includes/eueaoh-nud2vog-iogytz/
http://fk.unud.ac.id/bicp/05cyhb-k53zv7w-pigkyw/
http://flynet.travel/sqy71uu/242fkw-4ph8ys-obvdghe/
http://fmlnz.com/wp-includes/pFlD-BRVcswx1qkJcIn_azBLlwEnY-M5I/
http://foodphotography.in/v1/WVjVi-P0rfOXzLcY29LJC_lMafAvpi-ku/
http://frameaccess.com/wwvvv/XtcM-nhHn1hqxCEtlgW_yXSucFGkR-wX/
http://gamarepro.com/plugins/jfNl-GgsP8XQkIpaStDr_uFGYeJDAc-L2/
http://gamarepro.com/plugins/tBtiE-6gQWuklmcGqENc_qwEKwjoXS-cx/
http://gamemechanics.com/dbtest/71iwuf-3rfj2-imna/
http://gccpharr.org/assets/JNHN-rSasBmJrxmcTol_qnxCOsoZ-WS/
http://gemabrasil.com/mcassab/Mqdz-QwuZNxvQgLRoOo_eSRzhaPG-TEQ/
http://ghostdesigners.com.br/bin/HZmcM-7a15g1pdER5aARv_ZQBwFZaIE-FNy/
http://giftlog.com.br/wp-admin/oswv-6o00s4G8xgaT4EF_KryPvdGz-x3T/
http://glaub-online.de/TKXX-uimJ7QIvYAeTKe5_amjYqUvx-n3P/
http://gnimelf.net/CMS/32vtk-64vsa3-fqvqm/
http://graficalura.com.br/hinode/BziK-8MIjHRRhdWIIfC_iyCctuHRN-sYo/
http://greenhausen.com/cgi/tvnul-q0y7xo-bwvzibs/
http://grondverzetjousma.nl/cgi-bin/9d0n-hnswlg-onsazv/
http://gunpoint.com.au/jqQB6bFC/vKDMG-0YMGBBMrnvLitEe_wWVuGgfJh-7Xo/
http://hadrianjonathan.com/floorplans/AOzi-d2HfNsEVTe6p1qp_SqPuosiuJ-8g/
http://hagebakken.no/loggers/z94f1x0-2669du4-cyxvi/
http://hanbags.co.id/layouts/bSAf-Y772OSbSIHsaxf_EQHDIzRp-gW6/
http://hanifiarslan.com/wp-admin/88cb6-n4zn6-wqfffyl/
http://hanoihomes.net/wp-includes/cdyry-cmgbwg-kbkvae/
http://hawkinscs.com/wp-includes/ziuC-zHS6BiR8XVVV1V_DpqydMduV-xY/
http://healthwiseonline.com.au/wp-admin/MXxr-rw4MeXzC5HLeISL_tFLLfKMp-gPm/
http://healthwiseonline.com.au/wp-admin/NoGH-3jyhcs9GhXV7FvY_MvPpLARzD-HPu/
http://healthyadvice.ml/neio2mv/6ork-8cp3j8-oylcko/
http://henneli.com/Telekom/HbkJ-n6tqYr5Cvccpsz_dpCLtfUQe-Nm/
http://herflyingpassport.com/wp-admin/sAzeP-97YZrc0sCFDvIS_qUjpnxqh-PA/
http://hgrp.net/doli00/7kvu-ncjnnf-rpkkgk/
http://hoiquandisan.com/wp-includes/sblu-ia69v-mwagvib/
http://homeairmachine.com/wp-content/uploads/752f3b1-5slncd-ftbtm/
http://hqsistemas.com.ar/img/p03qudg-l1c93-kubqxmy/
http://huisartsenpraktijktenberg.be/wp-admin/vCfsl-lRzUYBMfFKzAiQW_nUSJEyBfm-sr/
http://hyboriansolutions.net/wp-includes/zRjjf-tmsOSoKYIAM8FAc_mryIaBWST-Eru/
http://imenergo.com/wp-content/mmlz9q-3lhgzn-tqqjfhz/
http://impact-hosting.co.uk/eeba775940ac3c2fbde942cfe06d657d/eCDf-0qYgRAAOBqQ10n_JiXIxMQHX-DV/
http://indiaautentica.es/calendar/wbtp5-0awptpf-mqolfom/
http://indieliferadio.com/loggers/HjNQm-rPhEVLUlrBea0Kr_YLtTYFZF-Y6/
http://industriasrofo.com/Connections/sk54h-6xuzxbh-etbahl/
http://infoteccomputadores.com/bin/5esg0w-ab7u2-afyj/
http://inovatips.com/9yorcan/mts33-18ob6hx-frmyru/
http://iran-gold.com/BzCYu-9u_ldXkubCA-K4/jk6hy-ql8wf-mxxe/
http://irismal.com/ecsmFileTransfer/6jlw-d5z832-rgmy/
http://javiersandin.com/wp-admin/fnlkg-d52q7s-vyho/
http://jkncrew.com/d6qqocv-nyrbbg-ldkgwkr/
http://johnnycrap.com/verif.myaccount.send.biz/att41-8i8z8jh-crxvtiz/
http://johnsonlam.com/Dec2018/DENWM-dwUV27Vkol90zs_vITVRNAe-aqx/
http://judygs.com/there/nVXL-zAbkn8l0MQUhU2_VZSKTelJT-n16/
http://jupiter.fabatech.xyz/toolsl/j6213-yogzqv-eyfoz/
http://kamel.com.pl/wp-content/gmmosm-d8h06-uuxcqdi/
http://kanttum.com.br/blog/wp-content/uploads/WYsS-ktOMRYOXfEwZXMx_kbURpZCk-6A/
http://k-marek.de/assets/h33lr-dbz3ll-ybbalxm/
http://korpushn.com/wp-content/qll8coz-jdm9n6-ygajgy/
http://kowil.com.vn/wp-content/uploads/2018/HYspj-do61RUgIBFbOQg_GgrWrOLm-vw/
http://kuss.lt/uploads/2zhg-4e0l9oz-ibmlsk/
http://kvsc.com.my/rtrtgtm/PApeb-njjPlYeH26E8SA_MPiUKYif-43b/
http://lagemann.com/Nwkhj-Z3dda24aAcEBSE_pYEytgnab-Y8/9bcm-162vljh-jkbwk/
http://lagilaku.shop/lebct/hmbin-nlyitq-mhklqnu/
http://lavocatcrochet.com/wp-content/yyoDY-ViwiG6NW5yxgle_XYEdHDBYe-aWu/
http://lecombava.com/Surlenet/u717oo-68awtw-cijxil/
http://lefaturk.com/wp-admin/l0t5-s0wy0f-gmkfj/
http://livecricketscorecard.info/engl/OMfu-AGe7KBavyydPte_xDKiuOhn-o0W/
http://llona.net/wp-admin/hauqu-ig81win-imdstuu/
http://locagroup.club/p/baj5-6oe6y-uaexk/
http://loftmebel.by/cgi-bin/8flesu-z9rvhje-xxuw/
http://lphmedia.com/ardbrookStripe/5chovl-tt6jdqs-zryp/
http://mail.mtbkhnna.com/oqfi4kksd/n3jo-wwtpd-rpzj/
http://makepubli.es/tshirtecommerce/0mzfjk2-flqmcqd-glec/
http://mangaml.com/jdownloader/scripts/pyload_stop/y3jauw-olcpgd-xslsep/
http://marbellastreaming.com/2016/a1hs-ddega-rnctkzk/
http://mattshortland.com/OLDSITE/ksbn-zhmf4-hhvewc/
http://mazury4x4.pl/galleria/kcdln-gsl0viu-tzdhlrz/
http://mc-squared.biz/note2/ljtuvj-xd3z9kj-bwzifza/
http://mersia.com/wwvvv/OFmI-tmuqG8UQg0PsMDu_IcVcFLXs-9zR/
http://michaelterry.net/pambula/VWhV-MxzBocitppJV4U_etzKQJUfF-pN/
http://mktfan.com/admin/mQwM-T44MiJLt8hD1st_ebDHKvgL-ll/
http://moiselektronik.com/css/ayVwW-HS9rtXdqI5gbMXN_GHZrFBjK-Saq/
http://monset.it/journal/mvlJF-8bvATqgrpJrLss_EASuAdCS-JKK/
http://morrell-stinson.com/wp-admin/iAMz-cvWgTMkHYY1I7nV_froTxOFu-fW/
http://msecurity.ro/sites/8894bt-u8wb4-dude/
http://musicianabrsm.com/8uhpkl5/6xzziw-uf66m-ozjyrq/
http://mustafaokan.com/wp-content/uploads/kjlb43-pgqbqxg-bynj/
http://mymachinery.ca/DI/nDIb-GhJy36OJ74gA8X_NtAXqmdy-JQ/
http://netcom-soft.com/eng/mf02s-v87n7h-wdsff/
http://netimoveis.me/wp-content/w65332x-0s9f3v-fxdkos/
http://netimoveis.me/wp-content/wa4ps7-zuytpyo-ljeyawg/
http://nickawilliams.com/ownthisaudi/79pb-qrmvt-xoosau/
http://nitech.mu/j0i6bm-o0urb3h-weuuaic/
http://noithattunglam.com/wp-admin/UUCk-gLOJPgYsWSgPId_hUcRvQLni-XW/
http://nomore-nomoney.com/wp-includes/uqjb8s-tb8il8n-cvryfmc/
http://nongdon.saraburi.doae.go.th/wordpress/wp-content/uploads/2019/3jcsn8i-uc31b0-ylxko/
http://nonprofit.goknows.com/wp-content/upgrade/nhcgspn-4baxn-ovea/
http://noordzeekranen.be/video/jtcp-hdhq4vf-cspuptx/
http://norperuinge.com.pe/norperuana_archivos/kb8j-dzfsd-xxswlc/
http://nosentreiguais.org/rsjnvui/tifo5-ewulcm-xnxmh/
http://oushode.com/wp-includes/2hvfxs-cnlvc-lnmnsl/
http://parbio.es/bjals-dfFqucV9CD0cLX_eJnSTzxi-cFP/wnza6k7-zlv2qg-tjjcci/
http://pasirmatogu.tapselkab.go.id/wp-admin/KBAsu-wAAsMxwm5XwQDcP_GsxyMWRW-4ri/yQBlK-Qcy15gEiFYzIvx_AGDrhcYKC-EEU/
http://peacewatch.ch/fileadmin/ONCC-J2W6jolNJZufTX_gwOdJdkBl-k8M/
http://petr.servisujem.sk/81.89.61.188/pqcy-15icz1-geucmn/
http://pilota14.com/cgi-bin/WYFEX-tgZTHS77HqUhWiy_MMhRHjuUP-9O/
http://polytechnicstudy.online/wp-content/pfnyj-1qdm0mb-tixvrdq/
http://positiv-rh.com/xy4zpct/xJYXY-TidLXaq7ti1N7sQ_OQGjxxmY-IC/
http://potenpet.com.br/lhvf/9cxwz-hz7i5xb-tkvgk/
http://privcams.com/screen/HQWi-Ml9qKSyqqP9r1nX_WjYqZOFa-NT/
http://promo-snap.com/p/ffRS-eObYdTN9BU5wtT_eojxtpCL-Bg/
http://provio.nl/collector/vt69bfy-g146p0-hxeaik/
http://provolt.ro/wp-content/cmsuq-7x6eho-ssmxm/
http://psicologiagrupal.cl/wp-admin/9s5yx-f0th65s-auxjxh/
http://pulsejobs.net/aymr3lj-458ju9-pnvqie/
http://quatet365.com/wp-admin/i3uu-mc5tn-dpdlgma/
http://radsport-betschart.ch/sgqlzly/1g3wc0t-ozfngvc-mvenrtj/
http://recep.me/welovemilk/GIMEp-CL7m4P2bDnJT1Mx_hmXhlpREH-Uve/
http://redklee.com.ar/css/mLTk-pZRLMLSQa5v0rz_PyfprCQN-sCm/
http://rek.company/components/avFA-wIAtwyDBtNXNyvU_IqAnZiElr-ga/
http://reviewhangnhat.info/wp-content/toAf-5bvZCsSKUTiRsr_ONlhYoNF-H8/
http://rvo-net.nl/awstats/8sqpl-7hl194n-asvsumx/
http://sainikchandrapur.org/wp-content/15j4-sjj8764-vtfrvvh/
http://savetax.idfcmf.com/wp-content/rpfjcf-7yhqg-eexvzms/
http://secomunicandobem.com/wp-content/aYMU-2bgmPfZ1JgX4kd_xsvovMFFa-cme/
http://servintel.com/newsletter/6r8z-cuctny-qang/
http://sikoruiz.es/INTERNACIONALESMUSIC.COM/x6yxo-khzgxd-mdykbl/
http://sim.ttvmax.com/__MACOSX/fj3o1c-ptmsr-barzptj/
http://sistemahoteleiro.com/libs/cwqut-poog3nb-jlzwn/
http://sixthrealm.com/dee/kasmh3-fg2cfvw-wqtqtyw/
http://sjhoops.com/nJVH-CMEKYjoXf0SnUO_CAtCGxtN-lvw/
http://slcasesoriasyconsultorias.co/l0o54ka/b4wxt-798nk-hsnypfr/
http://slovak-cts.sk/wp-admin/z99og-rxg6k3-ojvfya/
http://socialpostmanager.com/instantinfographic/tqj32-5y8ge6g-hwnvwqb/
http://solpro.com.co/wp-includes/lphggti-7261cqj-pbkb/
http://solpro.com.co/wp-includes/z6w5-2qq5cj-sstyfbv/
http://sorimanaon.tapselkab.go.id/wp-admin/4xdgc-uwzyo-baqnfi/hwtl-p7MJnsGuz7nf8L_zRbzvCFo-9N/
http://splejkowo.cba.pl/errors/kfsx-sUvesbBNBUFks8_vNloNeYE-yD/
http://sta.ossia.com/wp-includes/h87ited-g4pwgz-kjjdqdh/
http://stelliers.cn/demo/CADU-cdNjYo4bnsKzng_gJxwnJaWl-Kz/
http://studiospa.com.pl/images/kYQPS-uW1tRvKxicHJYE_odQoDOpi-MU/
http://tapchitinmoi.com/wp-content/n13z5s-9ls59o3-svkk/
http://taphoaxanh.online/wp-includes/a19f0i-u30ac-sujxis/
http://taphousephotography.com/Anna_&_Simon/bldnuyg-j57yi4-vqirey/
http://t-comp.sk/qmECW-FkeQnzxaezI5E1_jbhgzFwa-c1w/1qofp-tzgpt-woevtum/
http://teams.fanchest.com/wp-content/9z6s-xbu1e2-rfdtmw/
http://tem2.belocal.today/optometrist/h9h5v-yxz9x-qyyxner/
http://temp3.inet-nk.ru/be5hd1b/XBlHQ-9fEdFsSvTIQQRXU_JLcSYvwXu-2K/
http://thinking.co.th/styles/iqx6d-qa5tlm-ympzd/
http://thoratindustries.com/wp-admin/HPkt-6vvbyllpA86UxqM_GyYEXGTp-mU0/
http://thutashwekyal.com/o/zAArn-x9h4jHhh2EiY68_OjKjkVLTU-Ke8/
http://tienganhvoihothu.com/js/d5rsl4-at5ja9-sqntn/
http://tienphongmarathon.vn/wp-content/bo9h-l5e0s-fzge/
http://tigerlilytech.com/fUaR0ijAH/IkGcd-00kfke917O48zzh_WfkhzIPYZ-Rb/
http://trangsucnhatlong.com/cgi-bin/6ssndee-6vdxrp-abxkkgz/
http://tripperstalk.com/engl/z8khlr-x82ef2-lzitny/
http://tristanrineer.com/sec.accs.docs.biz/KhzUX-YAVVL5b7a9OWGY_GqjasSikK-SJ6/
http://turkexportline.com/e-bebe/tkjrhv6-zj4bt-mnxa/
http://tuvidaysalud.com/controllers/bnpj-IOF7Jqmq9pF6mt_vEHgUqWe-JU/
http://twistingdistance.com/wp-includes/421c-0vrd1-fhhacc/
http://upick.ec/wp-content/1or2ew-p0rl3qe-dpogqdz/
http://ural.today/wp-content/uploads/n0pqws-x81sfa-bwpt/
http://urbaniak.waw.pl/wp-includes/BqxeC-xBPjfxzv1Xieg8_RAJxRoBD-SP/
http://vanspronsen.com/test/XGjl-T2mO4VZ0AFXbpF_bUvMQxAY-0v/
http://vcontenidos.com/inspiration-break/lvuj4-en42a-qtdrvg/
http://vfxfesst.com/tjylctp/FNML-v8wIn0ojFsQe95P_lORfecSQx-KR/
http://vistadentoskin.com/wp-includes/8917-7uiutv-tjxvy/
http://voumall.com/wp-content/uploads/lsx2-o6qt60k-mxeeo/
http://vpacheco.eu/xzds8sq/8duk-vixybm-yfrq/
http://warriorllc.com/logon/oYuwh-lm4Ur8ieEKXwoOn_ANMBXfJCa-2yJ/
http://warwickvalleyliving.com/components/xLov-PWz2jQQ2gCpL1Uz_sHqCKllh-PZB/
http://webarte.com.br/css/nwrb8wm-wt1s8q8-fmbv/
http://websmartworkx.co.uk/site/wp-content/uploads/a7vc-cypggn-pcjg/
http://wittyhealthy.com/wp-includes/14hnes-gvi07-onru/
http://wordpress.demo189.trust.vn/wp-content/uploads/1aaa-6utx9-tegvf/
http://wp.hopure.com/mphoi5j6h/Rlou-eBiYEODKo4FRZmD_pAKRALyjf-it8/
http://www.aktifsporaletleri.com/assess/xUezr-9llr0J37rjFTPWr_TRBcviot-2Ue/
http://www.am99.com.au/wp-content/uploads/dta5-dxq2rg-imqxt/
http://www.capstone-homes.com/wp-content/SGvb-2ttJ8XPkP4LVjBV_tJZWKNytP-G6/
http://www.cei-n.org/wp-includes/8chtt-a1rl22-xwjcdeg/
http://www.cottagesneardelhi.in/includes/HloA-tgo1socF8yYLp8_BXkRtJIT-0bp/
http://www.dev.livana-spikoe.com/wv4gres/9wpc9y4-naic83-dykcnzi/
http://www.dmgh.ir/wp-admin/WhRs-iPLJ99haAM471xB_lDSgkzcK-BEP/
http://www.dobrojutrodjevojke.com/wp-content/jl7v-1112zg4-rkvf/
http://www.giztasarim.com/wp-includes/kdSK-QdWseNNSZM3U1N_dhwAQkJM-SF/
http://www.goldsilverplatinum.net/wp-admin/pVIGz-npN2pcs2q5bc7c_LWAAydQN-Nf/
http://www.grondverzetjousma.nl/cgi-bin/9d0n-hnswlg-onsazv/
http://www.hanifiarslan.com/wp-admin/88cb6-n4zn6-wqfffyl/
http://www.karalamadefteri.org/secret/vahtc0-s2rdhb-eezguv/
http://www.kvsc.com.my/rtrtgtm/PApeb-njjPlYeH26E8SA_MPiUKYif-43b/
http://www.lecombava.com/Surlenet/u717oo-68awtw-cijxil/
http://www.mustafaokan.com/wp-content/uploads/kjlb43-pgqbqxg-bynj/
http://www.promo-snap.com/p/ffRS-eObYdTN9BU5wtT_eojxtpCL-Bg/
http://www.secomunicandobem.com/wp-content/aYMU-2bgmPfZ1JgX4kd_xsvovMFFa-cme/
http://www.sonmoicaocap.vn/tdq5mpz/luauulk-2wwilj-uinsb/
http://www.vfxfesst.com/tjylctp/FNML-v8wIn0ojFsQe95P_lORfecSQx-KR/
http://www.xtime.hk/wp-admin/ufFLs-Wp0vYMyac0mJBV_efmZzLru-QL/
http://www.your-choice.uk.com/docs/TdLT-OhAh7irjwCgdEg_xbaQilZt-Vx/
http://xetaimt.com/ooecgp9/98w5ghf-xgcxdi-ncmg/
http://xn--80aao0acd1ak7id.xn--p1ai/wp-content/themes/creattica/eap184-lz6890-rbdqxhk/
http://xtremeplay.co/phpMyAdmin/tmp/pzbxu5-otdslm-pyjtzqt/
http://yesimsuit.com/ajax.googleapis.com/wgtpz-5hdib4d-qvbjrlt/
http://yjsys.co.kr/wp-includes/oqVP-HWP6YaD1FNo41x_HvVqylmq-qE/
http://yourmarketsolution.com.ng/wp-includes/w9xfq3-rylxr-uzdv/
http://yucatan.ws/cgi-bin/lytcql-xhgau-llyyqh/
http://zinganet.com/cgi-bin/LMKR-kQ2bYpuM3KKy5Q_TWJIqWqOT-28/
http://zoracle.com/verif.accounts.docs.com/dk9vd-gaa5e0-qmbqz/
http://zuix.com/leads/dttvl-ot94z-ugvr/
http://zulimovil.com/p/b11btzt-luyri-krxfba/
https://aabbcc.gq/wp-content/z5vmjc-hb80vnx-wqiie/
https://alry.com.br/wp-includes/g4ju6-bco3vt-shseeqn/
https://altop10.com/wp-includes/m2xu-jxkyu-ycinc/
https://banglanews24x7.com/wp-includes/0kv1v7x-i2fva-jzaoc/
https://bomboklat-online.com/mphoi5j6h/zpsp-tpgcp-effdj/
https://cars24.org.in/wordpress/yi66-k67tlx-yqqx/
https://connectedwarriors.org/owbbryy/qm4i-kxvr60-nnxvm/
https://datagambar.club/xerox/LGCpC-HRwOhoIX07uuiu_ckgabWPvp-cHu/
https://delzepich.de/wp-admin/sWUx-ktPsdQCF5uWnPNm_PwVEsvPEr-9B/
https://dev-en.rewallonia.be/wp-content/CIdk-qq24qMNGC4XEZ8_ZhwayYAfZ-5pu/
https://dobrojutrodjevojke.com/wp-content/jl7v-1112zg4-rkvf/
https://ecigcanadazone.com/pages/YOQL-8c2Fe3t21pjYsAi_zHcZndaRE-IPO/
https://escuro.com.br/ckeditor/REbsY-hO5q5yM1hDogpAV_tSNqAyKZh-HQ/
https://fk.unud.ac.id/bicp/05cyhb-k53zv7w-pigkyw/
https://flynet.travel/sqy71uu/242fkw-4ph8ys-obvdghe/
https://glaub-online.de/TKXX-uimJ7QIvYAeTKe5_amjYqUvx-n3P/
https://hasukovillage.com/wp-admin/9yp14w-5yq5b66-ztpewoh/
https://homeairmachine.com/wp-content/uploads/752f3b1-5slncd-ftbtm/
https://hwx-group.com/wjwrtce/dxke0-5q5bg-cecuome/
https://ingelse.net/AUxDp-b4CSupAMfWu2Ne_jRJanUStb-P3/
https://inovatips.com/9yorcan/mts33-18ob6hx-frmyru/
https://kanttum.com.br/blog/wp-content/uploads/WYsS-ktOMRYOXfEwZXMx_kbURpZCk-6A/
https://korpushn.com/wp-content/qll8coz-jdm9n6-ygajgy/
https://laarberg.com/test/BRbg-A0UufkZCWovQ9HX_SoCPyszp-YBd/
https://lagilaku.shop/lebct/hmbin-nlyitq-mhklqnu/
https://lavocatcrochet.com/wp-content/yyoDY-ViwiG6NW5yxgle_XYEdHDBYe-aWu/
https://locagroup.club/p/baj5-6oe6y-uaexk/
https://lphmedia.com/ardbrookStripe/5chovl-tt6jdqs-zryp/
https://musicianabrsm.com/8uhpkl5/6xzziw-uf66m-ozjyrq/
https://netimoveis.me/wp-content/w65332x-0s9f3v-fxdkos/
https://nonprofit.goknows.com/wp-content/upgrade/nhcgspn-4baxn-ovea/
https://polytechnicstudy.online/wp-content/pfnyj-1qdm0mb-tixvrdq/
https://provolt.ro/wp-content/cmsuq-7x6eho-ssmxm/
https://solpro.com.co/wp-includes/lphggti-7261cqj-pbkb/
https://solpro.com.co/wp-includes/z6w5-2qq5cj-sstyfbv/
https://stelliers.cn/demo/CADU-cdNjYo4bnsKzng_gJxwnJaWl-Kz/
https://tempatkebaikan.org/wp-content/zarkgjo-gtpt6-miltfvz/
https://thutashwekyal.com/o/zAArn-x9h4jHhh2EiY68_OjKjkVLTU-Ke8/
https://vistadentoskin.com/wp-includes/8917-7uiutv-tjxvy/
https://visualhosting.net/img/Kunn-gq0qbn3cZg6p0y_PFxmfJYPx-N4P/
https://vpacheco.eu/xzds8sq/8duk-vixybm-yfrq/
https://worshiphubug.com/p/to7qp-422w3xx-auku/
https://www.capstone-homes.com/wp-content/SGvb-2ttJ8XPkP4LVjBV_tJZWKNytP-G6/
https://www.dierquan.com/wp-content/4cvr-tq5fz1k-ihqyut/
https://www.essyroz.com/wp-content/q4xao7b-j13tpz-chqs/
https://www.goldsilverplatinum.net/wp-admin/pVIGz-npN2pcs2q5bc7c_LWAAydQN-Nf/
https://www.herflyingpassport.com/wp-admin/sAzeP-97YZrc0sCFDvIS_qUjpnxqh-PA/
https://www.indiaautentica.es/calendar/wbtp5-0awptpf-mqolfom/
https://www.lefaturk.com/wp-admin/l0t5-s0wy0f-gmkfj/
https://www.netimoveis.me/wp-content/gcABx-dxHHevlAGfxfQy_DbVHvajk-iV/
https://www.netimoveis.me/wp-content/w65332x-0s9f3v-fxdkos/
https://www.promo-snap.com/p/ffRS-eObYdTN9BU5wtT_eojxtpCL-Bg/
https://www.promo-snap.com/p/oqOg-o1lcCHpxL84HvMZ_mwZOPhra-mzc/
https://www.sonmoicaocap.vn/tdq5mpz/luauulk-2wwilj-uinsb/
https://www.your-choice.uk.com/docs/TdLT-OhAh7irjwCgdEg_xbaQilZt-Vx/
https://www.yourmarketsolution.com.ng/wp-includes/w9xfq3-rylxr-uzdv/
https://xetaimt.com/ooecgp9/98w5ghf-xgcxdi-ncmg/
https://xn--80aao0acd1ak7id.xn--p1ai/wp-content/themes/creattica/eap184-lz6890-rbdqxhk/
https://zzlong.xyz/wp-content/tl2h-n73gl-hdzl/

```
#### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
```

Creation Time	2019-04-11 22:10 (JS Based - Fake Error)
SHA256:
b6cfe1983ff1d2fb772c8e68fcbd69f805d5b488ded023a6c13de39965af95f6

http://sanalgram.com/wp-admin/ERHH/
http://hongvinh68.com/wp-includes/KSEb/
http://shahedrahman.com/Backup/pypZJ4/
http://tomiauto.com/sec.myaccount.resourses.com/uL46z9/
http://sangpipe.com/inquiry/Tjz/

Creation Time	2019-04-11 16:11:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
79ccf889a234b30293d922a450cba0cd0cc1df614fb05bc57dbbfe08cf808df9
7ca4540e7f5caf44b46378c7861c9403373c7b752034f5ef7d4bc06d2c1e28fa
941288646feeefba41274ba6d76ae9ef936a4a75265f4b76d812d2c762d82d59
e2a11a63b4671b0f5f73973dd064e0bac6e5b79ccafef064488da5a3b885146d
7712ca3ce8eaafbec596710a4164a651155ec63070955212b6c770edb7f13c1a
56551134c8787e629bae380e03f286b5060d0034375a843cb736ab53a4de8b05
6d2fd47dd288e21a673b08602ec959e624c3a711ca9e2ad0a2c44ccbd9a69738
4cbf340b5b3e21206fcdca35016b0d5045f2c509f982961585407c451ae2a238
5716bf4aad603aca391522b87fbc5eba36fbbce5281df92c5ced5d59fd79b7e1
220dd039e243cabe205a5d7ec82845bd22998d36859fffae2e0d9b22c9e6a662
3501e4e4c86e7f0acf77d18b68f9adce40422224d04d148e27ed02578df76c92
d4503e43caf7492232d2b491140499bd4da6a3c09ccbbcca31849dbfa01b1c51
24c4aca484e4174e45a83c270afe1ed31fe710f4ce8285ea9084fbcc0344a6ce
2c455198539fef7e43c06f1715f7d947896c98f3b3129c792cf086959edbd295
a5ee1d697ca24e67bbd9dead396d2fd94f3a785bd8f9969ce51e5a8cb8fe6bbc
300650d9887fbd102ddf55a830136ddbad73271497e560eb73b666aa29ade2e6
b1a6afc983ad35e8c5cae8e6ef315e43f6555983a863c141872698c9135959a6
d194ff91d5c737ca5fb69b24e3118a426e54b65e968824691eb9bd463f6cc4d1
713f84fc17d6c37720e731f364ff47c9dee7f3142872a24d35f81b86973b3b1f
181915f7fa382ade554714cab6f2819e9c9ff984d466fed79d1feab803cf50e7
4a6ddeb9d4f38ed9a77ae3fef4d181697104ee065e3a1d28a620bb3f995f7469
ad23b779d4003171a8b5780144004d88e5b01c16e74b2d6ec91c2805f57e6da7
7184986780a4c1f14b49e53f064518f0c5c12b47d12a5ad687a0df344b6188f4
48e3f8e6c681906cd7761367509c928ac0baef0060568a9bd5bb5abe3f84f30b
2c7146a994115c681aa8233732d8c69b6981bbe020f139955a6a537db6f7fbe3
4108d75540b3dd19fe9e6aa8024cb2d9ffc62f42146ca745034941dc8d33f0cc
8a1a1d1ca48c3886c2dd482907ce8981495899d7e19bb0c2e0b873bcc7e62ec5

https://etprimewomenawards.com/wp-admin/G63C7/
https://www.ninepoweraudio.com/wordpress/6NA4/
http://healthytick.com/wp-content/uploads/PRBF/
http://servidj.com/cgi-bin/KC/
http://matrixinternational.com/Site/Media/css/5Yxi/

Creation Time	2019-04-11 11:16:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
7b2a0b61f399cff8642376258f775efa0e6a41e4738f67cb325ace0cb19f5239
71d3f1735aa96e8f7a858361d0e50b6ad9b4bcfce0947a23e473d7788a034d8f
ad608ce9d7e544f8fa1e7542a35dab08028121f0cb6628d5122196de6c2f21f1
8ff871e80c34f355495850fccb410b081f5864388dbe2bedcdbb42edcb2460da
158d252f55e7c988742a96ef3b4b7107a7160d691dd3cafac003135daefd0261
700233317224ddffb5758cbb56b47c96d4c64ded3c36c323166332f0844cb6ad
29a6c47667ecbae40b103c6d227b57395b4282d5731c6aae1e11435f30d12f80
1c2f5b6c9d595a323357419ca2a48ad6052d4e57b22b34fd1bcb8922726967aa
9dc8b7ede9a1ed639e0dc5da40dc9fdfb9f018ab65730d5c7f047b67f6ab2dc5
9d7fd5567f281343156d80c5b7839847814580d51998ee6b46bf349f243134ef
63a7da3e7d14a23680ad39ea0032b70ea050db8ae3a330b98f3a1ecbd7bd7b40
d3d78c3938d6ffc08c85615bed31fe15c138562d7166dd7cc389ee8085080462
031a13f8b3d2c6cc24a9ee7fdf1b46aface18643b3288023b6f7a8344467fac1
4cab7e0976d4aa657ed879862051049df634fce4ee89e5ab2a564cc4cc1d03f7
ff77e443ab3da421e88bf69322ee7f5e8c433737116f0028c8b1ac4994c4c45e
d4ec3551dab4cf9d9ac57c3b86edaa7d11142b140a77b328501493334eaf5fa1
6c5bd27f8a935692b8ae2032d53bc25f5aa35ccccbd8d699dcc299e913d1f700
2ec7e8dc8b7e0eda7ec0d2721c7ec01c7b43a8ffd66351661a3b0716d139ad9a
325c1bcff4186c22d990c7600d2daf9692071d8513dd34e534aa47133a2e461e
51b932181b9deb019da2419bc372f8de65534f3e9ad755dfbae7d0ec598144ca
316a16f472413a134de4059c39aa06e8a572d40b5ede0d6c5f1e1d98a89bed27
e5b27847ab84edc1e0de1fa9d26aa56413cc944f5ba316bda27b072405a8b38e
7464e95cb2189b4fbd01993afae23f52049916dd7dd6d0f4aaa6f5a34d5df21b
2204ed4ad2b67ac75d71fe70ac623a79557ff7cbf934f8e0c8c14b2dcc521025
0e93d5f23fa1f6443b5175cc7d9c042cf55b7c67f1d96f0d8a7cfba42409bfa2
096cc19cd18c9c37053ac37d443373568485da432589dd1d0f3a2912e4ec3245
153adfa6d577cdd7d605358bbfe7e2a4487e328343938d12beb7d95b1fce7fc4
0d361738542120899be420d3ee578f8b7699f6668b69233889b5a934d4f145bf

http://taskforce1.net/wp-admin/BoY/
http://twindstorm.com/wp-admin/d0pHTF/
http://offersgod.com/parseopmll/CH2f/
http://teamsofer.com/store/0zb/
http://tubbzmix.com/07u6/

Creation Time	2019-04-11 07:20 (JS Based - Fake Error)
SHA256:
5a2758a184e31e068584766b5abe5843f3d6327714e60ff4b8888be2809d2f03

http://odiseaintima.com/wp-content/zmHNG/
http://bussonnais.com/images/nDRhx/
http://carcounsel.com/hid/NhU/
http://pufferfiz.net/spikyfishgames/4BxRZf/
http://hostzaa.com/song/mDqU6/

Creation Time	2019-04-10 20:10 (JS Based - Fake Error)
SHA256:
7d91ca89ded649dd8a7f691d603d22435d13fc741a7d78b3f587b18370184029

https://abaoxianshu.com/sendincsecure/DfS/
http://flcquangbinh.com/wp-admin/baG90/
http://nealhunterhyde.com/HappyWellBe/joLiO/
http://pemasac.com/css/Uy/
http://uflawless.com/kceggkl/zop/

```
#### SHA256s for Epoch 1 Payload EXEs seen on 04/11/19 ####
```

6b7522dcb9e8ee1c4e2c35ac6edb265d06f4ce82ad6d0f81359b2acbc6cfa285
2dacf0c3d9677908231639424084e7e97f45eb523ffeae96b3156edb9074099a
29eaaab784e347432d45c437acbd0c9c711564f44dbb65a6c3d61ee2566d2ff5
e14dbee023c7aad73fc6f7fbbe88646809e8e99c480540d29420d5ae62c8c37e
0f3c0cce37107a32ee362da30eca7679a4c1566f1ae268be8951c4b8ce992644
24afacce36917855b756dc31f3b8597bbfc07cdf6433f0d1037afd54bcb5be78
aa0119d31a3ea83f5e913c4ec28f8e0c59b1b5f9e39040003a81f10923d214bc
548a09200aad86eb38dabd6f073cab5a8feeec25b5b5e8bbfe43203888c7a958
240b910b1f7038cf3b5e72a3f8868d0c827ce2a44f4b9dddf54552627c509c96
d2f6303b3aa3affd66b093fc8bc79d6b2690854abdaf223fad39fe8a7b3355ce
d4268807cd937572054cc5b362e5d45ecf33098b9a7844cbe8347c6cf5cd393c
faac2cfb5c8befb7fe082db750eb43c808c3cf14d2ef0d47ed96f140c7e3defe
5fce24f19b1f7677eb62a7929d0e9cef3702e1426a5e5523f5ce24a6b5fcae30
b728f143ed6764d59938a73560537f0de3e8d294a873fe61ada144788660a121
a689b3a6a3d09fe5c0b5d5429f1c06df88524a7aae5be21559bfac9e77b2a488
173c2e89ffff08078270b5d73e3ed7c8662a69c7a3c4706401e51eac7a8c390f
1505d636aa32660d009f5c8d4d84dd3e45b31336a83e125f96e66efd4017a04c
9d4479eaa73256ab83b09741c0d70d1f2c9438c51ec029a6c60e887835ff20ee
c24ed3fa90f260ebf5b756d59481c2c09355a187dccc5497e3e902c508363adb
de60bdbe77a110b2176ee96ab7b9e770b250119d42023a1a86ba14d698c9bd6e
6759db336cc161f2c6b5dc47898a1446af9eee8aba47d6dcba2dc47049500630
c121518afacb81814dc58714c12ad3f306d54623528fe03a789d2b94c03241f1
d6fe77b9fa932475a8a26f1ff2683686a374a07b50b1260e040370f2201174f2
a4314a71a63e1f7d664303c7e7df25b86da9cc94b97451f1be3dcd401a293881
4125e9ff86a4932db1e7470c071dec86d4e9bdee40e693e7da06b7e9cfbd5feb
6763f4f11345627353843cb2635483b637aacf6308b427427c831c9310fb18f6
02013b65f8a5baad15a3eea05af67362fed48b28d67c95dbc3ae00722d5fd104
aa3ca23237b1ecee6e97292fbcabb7b8e16f7b6fcaad673948dd7067a5121116
fe0427407be84f9d6577fdb1ed26615bf3d9059270606ef719e98d3f5f1615cf
b7480235e3e66ff6e8385f97c5f871342cac6cf48179613cd6887008c1811ffb
b4fcf18d523bb565a1d85b7ff25afa79ed0159a8cf365e9537914c5f1226a2b8
4bea6fb74ea7ed8b73d1f7f229941467cc99bc0e15f191375eafb88813e08ed2
603c06c4f00206dbc8ff178d5a251a18bd8c505669dc1d5eef44823d28139403
8815420e29d36306809d84861a6c8906118163fcd3729ec4d12dd748e928152b
8187f5fba883dfd795d43c97fd6ed97610f28bf31a8ab9aa3a185720ae2220a4
6e37555123703621a47264735b409e3d044cd426d36b8c7b19d4b77ad262f1d4
7658bcd9ca95be1334af799e51617b84527e7498eabf2f2c1d302985ded68dd3
e2b16ff24898a908dcf4290d50fa9228c44c5205543b523b9eecdce77f58f154
e4a2a1a74d17ef7c5b0571d1601e3c51d0771b32a3ca61eecbf3d2e3f8b430f7
21195230d30dc24286f05e94f49edbd8e764d4bb62e564ee6cb203e4df3ccd60
703478c4e55e91cca4908de93729766ac4d7749004fa8affe3a73383934a800d
a08f98af429b5685aec6652eb91f45b7c7ffd215492f3b2d11f88c3618657c49
7bd8c818f3540bc2620809431712dd73988fb453e9fd6e0b644fa8991b9edc03
0b10c9254a17348ac2ddaae702655d882533e06b35b40e2d69e751db63f77db8
33a35b72c0d8084184294a679605329bd01e50dd8f793715546bf0535a9262c5
0741bbcdd08be1deb764708d99a1af27c88a2529ba7df8492cd3864ff82ee3e2
3d463ce5c7d88a47f8987a51cc17d50c136be4f29e6f93db895d17f49c3ed60f
8bfd6c915b631481bafef3f4f49ac55d0397cd52a41ebfda91890d5e1a922806
007166c842c585ace7d4503f320d0951eecdb47cbdb9d482e72976a1e0af06de
96673d69da59de2277fcd11cb11250f48e7c65569d3dd8e81e92e00b0db21445
0351450c897a72681e635e159920d23b607770c4166b474c0935e5bf7666fe13
40934f4ff10fd79ca2dd256c03ba2483170ffd6b9e6ca810ca30e86cb26b4bfe
58d06b5729807dca0296b9c67a98bcddba9fbb7a28f08928f48daeb724b1c744
27ba180cd5c7df85a02f49497ff0625c71cde29d78774977d0bc17e2676d299e
9b7d63f1889716a08c3560a76ea42f28101180d1dafc7fc4c86ae10b7f89b5a2
1ef9a6dfe3ee834f10d373e8c1171d6d7fd092d9e66ed95b1e30729cdb0c34b1
36129cd82ba21426c9a84fc3fcf04779320bd0e4b75c74c3c7428a26c5c7dcf1
c7d08c81c83477c8c289c585f5ea123ab4422328aef679a588f547a1400ce209
3e16ba9d9c257e7b9a5d5dc8cecf05c1bfa66878797e312e84eb3aecd5946fce
625b0989216c47498c2188ddd8a9ba92126985608e62fa53a673db3092133c77
29c22f2a30958f51e9532b2eec8c262328c05239872921325f30771432c6507b
6cc626865bc49b3f22c62acb69c841e7009b777357338ab62f9fd4e878c802da
836bb42bffbd2d592cc300149c0116c301c04bbf6b175e959e7cee6645329c24
16beb7427b205a15769d82e51f57c23cac8209ba104d8698fa16f2199dd54270
df84007104853cabc02a3ca8eee9312e2db2a6f025b44fcdaf3bb2a0d6aea280
3913f4c3ef81807c46886926b5e25548fa88697aa69851de96844aa714e368c4
30ff9000985dabe51cbb5a267267168f0ef7ef68a88c38c6ea7a35939727b16c
af16ec8cadc8fcbca8690f8f725c2612103e7e6ac5cd9b448fcf9d4ce77c38e3
44d8049930716c28b71e4dcfcb8528c94abb53365fb705fb579a7feb5d3b9c90
dcbfa91463169f1f91ba3ccdf40e2d6220a5f0696d72f6fc799ee9ea90ecd4b1
cfbc311f366b2294eae190c01a66251edd2aba1ac0a39e2d59709d06988cc19b
87a8aa83b250bb0d47d489c0489ec7407cfc24f51474158a5128e8ac42548492
ea25015a3a8a60b4fbd012ff6e9e0c3923adc63daf41168e5f30fb08a39f9c59
a0fdd324947fb25dc02fda92a6c859ba2c5dbbae2b1e840ffd8f0f5f642ef336
0ee8504c8b3886aa5bf6a41b352d779e05fd963ae8810a35856ec7d72b28b885
49875477ae9244e9b43cf190645db72974455e30a5f0d8dc628e9a3b4c463c55
a0936d4f848f2d694d7ddc94a06cdf37147f21d1c718f6cec29eb01bbdfbc608
b9c98ee33fd64c25fb4d87e46b8fbe80f1c57adda70e72e950e1ad75cbb79867
a7cce0c24085385aa0698caf08bec71070b012ab9e7e67378acd5b8f66a95de4
d0b6487b438a794348c573e4bcc27029a64fba28bda222eab6a15ca2405ef772
6d53a48f30d4363b1f348ef88aac1e016b9510193efd06fa5b98f1f301bbd26e
6d53a48f30d4363b1f348ef88aac1e016b9510193efd06fa5b98f1f301bbd26e
91ccfd88ee442ccb11ab753feaf4ec7e1a9d96e2a1c437b463cd4d6e5d556529
fdb6d3e319c6dc24f1761f572dd2e5e9ee9bb9bcbe5da03ec473e2fe3c9e488f
d831d6126023229a8b1535511e3de4bb1c80a2ffcb50c403ca66d229683f1afa
8e2f6ad35195fa44015e0cfca7b7fedc6959c6303a152c497ef058a1cc68616a
d0df7f23a3e596f8d7572e128bb3197803cfc19e674ba6cb954c497a5e5c9cb5
d2dd5c3334f7198b0763cff611d99b643c785925d8f3619cdd33828923f503b8
91ebbf5c7cce26f86fb23561076b5ac611989c6150efaf8f6f678619e953c92b
3521f9acd6139fb596a07a1292da86eef4ad2c47fca1619903d41bc4fe23e7a7

```
#### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
```

Creation Time	2019-04-12 00:00 (JS Based - Fake Error)
SHA256:
df444d6f7bbf72f606b7abb628ea22bb86c81121c2d8d5f8a0238e0e377dbb33

http://goonlinewebdesign.com.au/css/H_s/
https://www.thermalswitchfactory.com/99jxom2/W_SY/
http://xianbaoge.net/wp-admin/w_e/
http://onlinelab.dk/7mobw-hnwi83-heuixzh.malware/ZK_0K/
http://ngowebsite.developeratfiverr.in/images/0W_E/

Creation Time	2019-04-11 21:05 (JS Based - Fake Error)
SHA256:
4836a7a17364de19191c0dce25ed5ef4aeeb5c93db72b9e6a72f8ab3217c39c8

http://goudappel.org/errors/y_lO/
http://hangharmas.hu/js/R8_k/
http://on3.es/aedv/O_wr/
https://zhaozewei.top/wp-content/4f_an/9_YO/
http://icoms.fib.uns.ac.id/wp-admin/m_DJ/

Creation Time	2019-04-11 17:14:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
9aa61029c94de80d07f6b17068e8977b75840339e2d553f0928ff1ba45e4c593
8637f251b6c1b61aad5aea960d55e955549f45269279b125e0a3128b9af31263
bead72401df1456e15d07a76d9f93e8a0caff84575efed6c7c36567e19b42ee4
74f57302ce146547d209ea14f33ce4dce34026f1906d2a6487055d69100db658
c0757951369d0015da795f30649f2e115affc6ac7c45aaffd1593c68caddd60c
69ac602fcd6bee7f17fc88fa1fe47fa4b98a09e566111fbaa0804242137f34d5
13af9da857f2ae4548f74d6c009109b1f9230c81c3e14669a6716c93bf6fb374
a861215e554fe30e8532be4191e8028865d21fa66279f92f5f58ad18ce7fd2fe
17e687b094595330b664d05109e161b14284b8a056633e4dc3a58c8d80eddcb6
0dbba8ccda2640f86384928ed39b78e098f74fab063e6f01fcc53f41a3b2da20
9152aab8eb5860a922509a8711ef50da087ae1d5357389f5d03613d360aa3eb2
a6593a43a018833467ef9f9e01f9ddf462dd53991ff1d4c6869dd047be6558fc
9cd061986718346b19c1a06298768c018c8a52599582c848583d354567a28f83
01c455c6bee7ae047a5864e3b06780430647c79105988a8bff405732d98eeb47
005193acf210d2377c2aeea52beade0e9bcd7c825874a52ca5feb04e86e031f3
a01df3077d598be21c483cb7cc47b8fe4f8c9e4b65d6b89a4c0ca6aaf53672e5
237be707d46ced206a6021b22498783ef64aa545bc398513959ab730ef527459
d58e175fa049aac7ed8fda25e890233d415d610227381698caff837ee325e3d9
c65f0c7cccfe4c067e47b06059dab20e234076466db609f172b750411f91d3c7
30f0966d32216417b94f6f7c22e738c04b3ebfe81c9720bef0afc49837b9e541
c47918909d86b08604ad92b591e7a430187c6b33da6ffdc25e7e584d41339c04
76f4ec274fb2b6a7633f65e39278a97ce4f77dd57880036c23ac8431f5f6c9a2

https://villasantina.nl/y2nch7d/Rg_XV/
http://ryedalemotorhomes.co.uk/wp-admin/RQ_g/
http://maxmacpc.co.il/js/Yz_7/
http://manioca.es/wp-content/W8_m/
http://sarayaha.com/ad/hf_0/

Creation Time	2019-04-11 12:28:00	(DOC Based - ENG - 365 Blue Box)
SHA256:
a50dc451c14f00f9a61b948b1ea4154e7d1b4786081bdb25184b623c3963d669
ffdc7a16292d11a65c6998018cce0a1ca8e7ee21f2437b0759624f3ebca978b4
c418e3032903c7ab503f4f3decf8808c61602ba9659990209c46e2bbc26dfff6
d663cce4a71d43672242fefae90dbcdc528cb60c37c55e8c3ad76c1888cd1ddd
b209f107dc4bba8c3edc66d6cf692b7dca2e931d8217af084837e1e73d838468
071f247da783056ce906911186748ec8410b69c3b30039065ef576b2bcc6cec3
2f86a4c3c258e1f4071e085b4f8941246f568cdf121b4bc5de0ca12f732ccfa2
3e2b4e68ac973039ab0a3da9e7dae82521db17cb1ace27c230a1d3cb0ae430db
a8cd9d3394a9c765a7eea7dcec2a4b90154ccfd234cc9e1f962581a5345ea664
1ab824500f50a31147e1b67cf1a2da45fb40a82e1a827652efabc92d2a2d7912
991b13525ed868118472f35bf3dadb52f07f682501231747fcd4a86c95239a6b
8cfd8b109933b505013ce3217c76009b71b4b8fdb9681cce24ecbc694a789095
566e0420c14b064a758e68e4e2f76cdd965cca7c6f7ca5374420b0c88d1b0208
e451861938f376c93e3dae47ea64064c5d7678846f9039d163a342ed368009cc
f7c14374246980730264fca014d0a1fcbbbd21f35c3b9b817257b1a752298f03
c4ed4799831af5c9aba8e8f49e684b9778ee5129fbea23a9edc6ebd6b80fbdc1
4ea86fe9517aa55e4198322fb6eadd5e398ef53adc291d1c790d858b8dea5eca
cabfedf2ec07ccde90363279da62138270862a5bc63e4c9a736ae49d704bf964
c4902a7a5058fe9b65d47d59dc62e36f5049146e5f551c1d5622226649da9888
0419ac6c0309f36fd63d5f34038df44de6d89b5a1797084059c3be05ae838b7c
e545d48c26acb8c2fc205a5b2ae00f215d25d074e923000f7d4c546c3c7c795f
b42ee190462d61c63f397a58597133d38e9b28c5fd1cfb974367171d7d2dbd2c
006bb971d4f57de34df93b504c04b97d0820b2e6298eb0968d941cf99f462ac4
bce885c9c3c74716c2698e5052915f0c84e3fe941154e453ec866767bb58f8c9
1e06508e81d7c11cc9a34b19040b730587e6abf5c0b993fa81039ade1309f86a
e296fe858e074b9885b0606e5419537c6d220162e49c5605c9b9d7b843744b8d
1dafe95faab5b4c1091893f66dea98f312fdfae6e9377dcfc73ce8fa5053de2d
5873729a33644ad485c78f19c464eddf0bcede944c0cb70744823b33e822358d
ca500bf2c0437ae2d54530bf3497b2306f6a243edd0c973ba06d6b61adecf2d1

https://ahuratech.com/ei9u4vn/T_8z/
http://mindigroup.com/wp-admin/T_tB/
http://extraspace.uk.com/wp-admin/i_Gl/
http://nuoviclienti.net/hanemdg/Es_wv/
http://eniyionfirma.com/wp-admin/CI_xj/

Creation Time	2019-04-11 08:10 (JS Based - Fake Error)
SHA256:
aa916ff4533ad38717e8af1c9a14ea72ab26ee539b3bca94a4623c642c60b1cb

http://www.stephanscherders.nl/koken/K_qr/
http://ceffyl.co.uk/h_C/
http://cupartner.pl/izabela.gil/h_se/
http://doretoengenharia.com.br/Lw_76/
http://drewmaughan.com/datwheel.com/y_JR/

Creation Time	2019-04-10 23:15 (JS Based - Fake Error)
SHA256:
b3fe76513ecc54e0ed1c1a4bb1f12db47bbbd25b42ee85cb2336187cc85efdf2

http://grupomma.com.br/divina/Y_A/
http://dragonfang.com/russ/j_Y/
http://clickdeal.us/globalink.cl/C_e8/
http://cityplanter.co.uk/site/8Q_q/
http://sanmuabannhadat.vn/nqlnlysz/4_IX/

```
#### SHA256s for Epoch 2 Payload EXEs seen on 04/11/19 ####
```

bccb8dda9eb99c1aabed3c2f778cbd113bc3f08ff9c6e5baaaac952d9cdc5d14
4d489c9ca5492c8d0a227acd068a87d09b5138e15f609790637f90df0b1ae54f
5fee364c3aa9c6d4d484ed75946f08befe96f00d1f2d11d2885d1dd13953c5e2
8574dd9172306021c951dda7fca721df6337d138c53964b04a92554a8095041b
8c614e012dbea9abe2bd661b195e141fb2edfc0249c9cbcdea6c0782b1de5b80
6d56d585c42941aa4d46d108b389c324e76d183b13129500de36ae6ac63a4782
225c36dba434472ed91e71215a661a1ced849f0260818d0bdfd590778f8e65f3
4dd0be546adc42f4e3759c969a478928d939026d7fe75f6af76c623103f6d567
4aa11f6173624c049a711749d53d784de7e074d5d31f8817b44b025979bac7c4
b12a68abb69358e95057d3d0e20e39001e53c762cff7fa9677027b32534837eb
23421587076072584d1bd660cf8d7f01545f139f35d50d03c2a70fd042bc7394
e04ba14197a03f8bd13daa202aea1abebe6919d37d2f262c2be783f648f48d7b
c21e599300f219d42971a9052dd1c44161ffbeffce9913e488484fc7bd94ad08
9aae4f8ced53039132855595f286dfce0c0de836328fd9a54450368c2bf41066
3f6c7dcdacce74068e7b594ea99ba294d0a0b122d59b8d45aaedde1f823bca8e
3ab3d1dd393ff9060f1ba3ff405a73e0371df6cbe1283949f4fa5abcf66dcdff
617199dc689e4306f56d255ccae1fea7d34b6f8b59c189e1e587f09238cf3d9d
c5efa0bad2eb9cd826db665e24ab686396af9ae49c6aa4ffc3cfe80d28c87947
3d58cd46c4c1c0107212182e79d47cc673cb69f4930062a47aed67e8ab569305
6ce6b11337f74156332f0a1cf5450c60a0888c46756cc8eef1b01b89986fabe8
179ac6a40323c17dfce919ab62a0087ebbb45eef72cd6f553e8ac6c7a4c916e7
60cb1f8bb634d2c98719db2c5f1718efa04ad2423d9d98ba92c62bb35f2750c1
82514208c61485b00f195a78eaed29d3b075c850b34ed3bcacd152136bd0ef9a
cbc368283e48f17f1ffadfc032af5754a625f1ef78f7c462ae832305e3eeb712
17b19c2bd1d3a20d96d42c9d844108a2856a50872cf0475aad5e2801996da38e
68bcadd7ba2913e568014fafa099d59da1f4fdaa97600cb5aae66cf17a71f386
7f8d09ada16ad5af40b39d0c5e9b51b3552aea6f454a9ff9123b3bda882f8602
e65b081b8f9c1e5c6fc20ee11de6d651cb0475848f9795b5a20c0a50d2be0b6c
fe21b2b16e98c39c29e849a8be31178c8bf1d3238fb37a4cb0b6d9d17e5e1acb
df92b20e6c7ba24e760b462f5d4347f50ef6ea4a0682a47806dd2474d779f07a
8ba0003bd34c080cc40c80154f4d5b2ac1aad53108cd55a0b8531bd82766b858
8ba91e389f321fc843607fcb6da3407419ec8a0af3438603f70f600ffd37c854
a2d9466c9fb5238b4220cae4f66b5b27980b8898266ddc510fa815a66d73a917
28d31cda066a782e14ddcebd77e15e848dfd2fb48d3f37d8824c6029c07dbc6b
6d8c727d46970e9d8fc85eb71c642faad005c44a986a38e6186e2767af75b75b
22ed4bd0dda5896fe0aa264ad84f26dc1e74982a9284f6d61d21e3a7932e8914
a6136fb7a9dac83c57fc65d1205cbc1259878783f6070216214c5e7945afa33f
f2d7ce05f52b11635607532b977a1e15e37b6808d71fd696eebc0fed4532f99d
0ee3a5df26938818313a3c8ba734fba7a882aa1fe7573f16253f26e9961b9f8a
ef904115d80a722e3a3b0d2cdf1b5bb7872dc0153b200c53b98df6aa94d941c9
4f91f9b80eeb1b8ebc20ca72b65a30e513142eba990cccb720e93cc8cb17c90f
ab856d03c3aa6756553b9f78eaa08c568ecb23dadf7624979aa100dd3c69a98c
59a06208ed952786fda659e2e29ed5e3128fa4920c956ffe817814441a84f256
f3649a0ab0068c11b7d28916039f873fbd082709e46cebc2a20709471f86d0e7
01bd8997b64d5d1a00ff2af084c08793f12c9a6e70f071c411b1c86e6daaca25
0c76d6bfe5d0df425b630f7072a2ea3f0492d2a37db98d5c3164fe52abc79c2a
f10ba835427648c1c73c53841d4d2b4a78f439fb0ede483f88542255e6f113d0
17e3a91e97e4a4ea983199136f11f4c0368eaa929e16fc45751a00bc0b3517e5
08976c4f5ea1f5d704ffbcd862de9f00032a05b3ddc04e13a9fc6de4a78d3a08
e589f89237672cb6a30d8bd7305283c2d1dcd466adac1551eff06c3e5caaa8ff
cbf386871934af26e2f52efd2aa0f8a0b5d86e67cd81044a3f16d8f9d79e4992
a84e12245c10923087a7b0ca0df4b98a80d353d510161daf582485576c29fc64
1febf4ebc138dd01f1a4e9e302ffaeb5207f8a3e7de9e790a8755b5d125d67b8
ba0aa3eda413204ce110bd292af63a939e6d7daa68c0e38d94db26df4f76baa9
f1b32be6a100fd65330cdc542bf2b748974e8a8b006284a6d818406c7bef3b0c
9a06eca48472f70c65c5a92ed2b92ba86b0496beeca01dcccba747325ee87d79
e2373842d19a774f8c844b733982dd88af68f2f4cee5f8fb317071db9783dd9d
e5a3e098a954b9d9142def598f6354bc03a6c40b2dd6ec97e686272f9129b32d
314a2caa357ef54a49e3a92f213a9bbff2768de537772c7210f7ff729500f4df
29746f5d709e39cabbbfb8ec99e64484eac31c67ae5d636e3a6800163a285a11
8fe1b648bb963640509516b6eebabe1b6cc52e501a947969c09f144daa50600a
e34abcf8d819454cde7db9783860c645361745361b0f2055030a141afb2e1bd1
9f49cbfd1829975873daac3ddacfed2ae014ec32951749b94ce2199501145e43
0f5f68fe44e533554031b12424cc1e963073f63953b620d5d556b0bac1c081c3
47d370e9d230aa4c138a24e013c56c4dc4b9b11bc59fb8361ca884ac93b7fc5e
18137d4455b629d8773c6d07063b7e5511fb29d886968426b0a4feaeca884d2e
0eccadffa7341c3cfc3616e606ae6321628d163e01f286f34665136f41f9ae26
2aef44b6a6c4930a800b94ad9bcac822e9f35336f05bcf7f3f674a893f825281
d8ad54eaa47d6b67cd5e12a1f82828220714e722b46ac5d0574f47da47ec6c76
c8853c1dac9968b936b915dea200de3917922f38fac823f21527bc964660d0b0
5f46839ca9bbebc3ed7fedc897bf8a1599816360abeac04e19310a1eae3deca6
933c33f00f2733bec01b04262756adcadd4273972ed2cbb9fb3e4c8840a4d58f
8ba86faea8164cef76893cbd3a2c111f17fb85fef2612510a3b004a8b25c0fd0
c3ad1c3d5ce05a276b3a37d1bf359a165b5f6128468527b52a9f3f9bf8b8fe9e
71c207200ee338ae9e1f1c98d1660a7d9af43b5a27ae36ca9f092f7e36b33d5c
271c28540688faf816eca194f83c821b1ebc1d2d69ce4b94948a3aa2b2f7ca29
1321e25e485ec996017836636c567c051055b3e055562f893ea1e616994590c7
c0967d44dcec2b48487953884387bacefec36cf2c299c4ab997f6feb5018c0d8
f41fa0f4c36dc4339775f88be991ba44167912ffbc4917bc344c9e57655a7a24
9dc825be878e1d2692c896494819883961de3661cfd0bee29487c8e6f9534e18
8548169d30680ccc506b507e6cfe34b7f1a89c213a3f6adb51f668ededa27588
aa7c25775ca13424b41341c76047a22bf25c8964745db28e02dc6ed756f64f13
7a2c91f6656e534cd61abecdc1d6b9a472a7cd82a1ec277384394a6b29957df9
c4e3ec311ed4b5e3fe87e8823dd2cb0177e81faaf302b3d46742d8e1b2d9740a
58eb3bff64eb8036feab274a5de163ec70024fed5d6e17e1db67b74c6c9f1994
132bbb438fecfe86ad156d8770e899d69d5a3ed8593ce4d8337cb237792581d5
caab796da03f89d55fd79fad9470fcd2a525107c6c2493ba8ab39e60e7a11f8c
48b58cf1fc0462360224ff89634ad734551652710643c03460166a04cc1d5741
dd58d8a77d8c6fd0b930385cb5f640593d30653ae88bb8d20a147aa9469a48d5
25d25692674bab04bd7626a3c342203488abda09bceda8e8290dc149b8b37c75
d576f451e8e0103ec835696ebe6ba7e2a8a29af2cb22812d87d4036a0b567d61
6dc802dc925491f5e39b37cf41991d65a4523134effc3c5a2860c7ecba9c1bb4
6cd878c98e8eec69fbf47f22fb4d48a7368016dde8a7a058b6b5fa6344ac7f82
63d01fc17d8cddd13b71ff563382b060524a7674000195a73acc5125e060a135
35834e912d9c747a6e50a0287e2ae0ac0ebe4ca59c30198061776efc98ce6ddd
1cc154ef948f4200a8308bf8887c25136f059666b20983f034aef0356378bb7c
ac1624b7f285d8ca4f0b09d8e47e78787eb99810145dd8d942d5e5d50332923e
e43c60b7ce50df076a72301d06eb863f2bcb35cd5a7b045a56273bb63ca6d7c4
dd803764d9722d766ec91998ef118005087d035762b4d58a629ee6b6652f133e
01034672f6dd779ef2c7a6f26bb815c64666d8036eb5ed7eac52dbbd6afd9771
635cc3637c3f777b9c4a827833a09672b0491a08e59c9fba61be879d32aa8a06
dabbb629e95a95fde13bdc67e07332aa4422a5560fc43cb24534bc07b9029579
7d4e4bce4c6efd54b975527ea561da16098b65ae3bdbf897d4d5a281e74b0d72
9c03137bd6f163162bbe0a005fe448052b5a2b86e7c75aed377452afb2d8e4bd
6a40327ca4c09d0b77fbde371a9d1fe5dda8d3570d06f7b8c652b8673fc65e76
cde66ab5fa78ce30eb2512dbf1de179c831a410f1dfff273c433ca35b96a8466
49322bdf90aee72a6b9f4e6b7e03bfee6b24ddc31d48ed1241688b840becbc99
b5f37fc61e608026ffde9bdd4fe5ca239f096bea8392049d706cb523d0bbdef4
4d0b6236045cbf4950db968d6ed6874623b4086a482a9997cdc2a8be0c60e8d0
aa5165f4fa2318dfeb3418bf9c1641a907c5a5de742c12069e5a32df1780a4fe
5151899e9647ccd975e96312bfaf04c2a71f4dc6139bfbf31d0f3a25ce9a5593
94530d502c2247ce8914d103880f6c4fd948d17795d3ef61b2bd88366b0554cc
30aa1ed6c249f61ecbeaec8e80baf46736184f5c978d5454f0e7226f667a87d8
d2a803d7ea205fdf2c3c353a6607e0e8918e807c279a84b1f7eb8fbd74280ba4
9aff108db362f60fe95c0d60e901dbe8060f0ae56e5a2d41558f43702a77d7d5
4e97f6f19149f5d07576c3fdb54c6bd8fdc58987e0cb90594d07795fb0ac19bc
ea7d527a5243eb78f3592ac48cd1900ae89bfbfa90d1494dc7225d3f80f861aa
6cde9a7c7131d3fbe67c702e347bbf958701ff7950b2ab35f03da31ec7dd4405
23c5feca719555e6a94e72d9cb1c797b6932a1f3674443609c38f994f0f12435
bdf5d2293f4f7f0cc8ea11c15f767d016ffdce51b1fa171559c9eeb75f57249b
83e46a73aee165944034de90ba01c5de62e71ff21219f1ae55c38af28b87850e
8ac9328dbdf71b90d18d21fdf726a4ffc16bfd90af4fbb87dcb73ea8a39da23a
9430311b0db42fdc51130b7cd0f587ff7e5c4f0eb6a14c40c5b08f00519b9147
d7670bb7f6477abae3c017c95218c159cc6c78800bd814f66e960f79be25e2d7
3a9d250d4d1f1ead2627b8569f9c8454f22fcd50890fd02193d3f1338521425c
b1fc5109275b269ff39b9fc362aec6bf90e074c531cdeafc59197d03299299f3
5720b1a89c3f5066da0326e5a6b1cb2305dbaf96460fe827394670e7fa3ee8f6
6a39ffbdc5b9817c87801bfc795e762b0d879a95c651f79d0a123703966111a5
5e0b32488eac395abfefadf981934ed62a0c0599f8424d70689d498ce1139f9f
a64f80305a1ed1ada59be456599c580fe9b046437c2769b57a3398f40877b3f7
7d57d03508faf70b5c1d71111a3663bd4b589aeeab88071fdedb74e12c7f8af2
25d42fdb4c833e79801276182ef1d738d3b0100be8e42a36afe3f673832c797d
3ed5b5a24e257dc84ea17b19315c7249fd0a8533d619d366dd9c5637d916143e
11709aead4fce4a3dca915596130eca63f612fcd0f647f7eb7a6596318d98709
a34d471cde7a3d80f89555b336e7bad456dda86354afdf4f2731610d41dab879
dd184549fa29574c32b198edf8be022259dbd27f3a65287a28c3e3c4acc3743c
b5f5cbe5eb5eba182046e9418c343f627e7335f3d083cab9ea510782302bf84d
f404b8202a5d2d7d8f20f7c238cd93787cd7e0390e3d1971e3c810431c247b3f
21da3ba8076712ac5824dd720d00eecb8b4820c6d3e82c0ff8fedfbeb17ba085
5be0519b0a50f4604003fee7af7f9b1ff8fff44952f17def036ecde8a86e275f
866f818d571554f028726a7cbf6c2089fabea1e0f3bc5c3fabd221aa42cf5125
25ec80c0dfa40b3b1424273880ed0e1b229f418ed00861c5879bd4836b313716
cb0ea6ea6264855b981c65b24f89a156a1ce118f59e354c67b706785f4068595
3943a5328c502e89598b2a2ce344272454310e9a99690a6b87f6934d07794d8c
79bfdeb8e26c990fe2350a1c8fffa07f89f5edf322453449e27af69c1f3b1f0c
885a268b32d9fd560013fbad140a63c330aa39c27ce71f1c266b61ed6984e223
64986e06eb17e3fbc4437c04448d5189beee36a75e1ef0d1c526f7efebf2a587
4978be11e87d8952ff4bd8111ef790cfdf0f3dae550d9d45cf07eb5cbf41be48
c68a8ccf90007fea627ed7f4448839cd56b24a3cc3cab67ff2bfeca5238d9028
57d0b683345fb404c390a27578cc976630892ca32b50822a05f2cd517ee50274
d0901c4576f6a74642f337757c7f46c121b97c360699b2282ec50fe01e451f86
a79d2e68ad15520db76307dd3fcd67eef5775aaffdaafd925f11d6c5ac6b95bf
659945c138049d7f970b6ea4a34601e36ee80d331d07bff02d2913c7a10dccea
ff66096b4ad137d89ecdf00c6964bde21cbdf50ab35c04532642e9c2219b0bda
bffce3b9045c249659d41f68d1228933e4850e285eb9a49cacd684f4b23f2686
ea1a71343913bec97aca98d12f8a6e7a712ad8c6cd31acc80a9630c07dfd0337


```
#### Epoch 1 C2s ####
```

107.159.94.183:8080
109.104.79.48:8080
109.73.52.242:8080
136.49.87.106:80
138.68.139.199:443
139.59.19.157:80
144.76.117.247:8080
154.120.228.126:8080
165.227.213.173:8080
176.58.93.123:8080
181.29.101.13:80
181.29.186.65:80
185.86.148.222:8080
186.139.160.193:8080
187.137.162.145:443
187.188.166.192:80
187.189.210.143:80
189.205.185.71:465
189.225.119.52:990
190.117.206.153:443
190.147.116.32:21
190.192.113.159:21
192.155.90.90:7080
192.163.199.254:8080
196.6.112.70:443
197.248.67.226:8080
200.107.105.16:465
200.114.142.40:8080
200.28.131.215:443
200.90.201.77:80
201.217.108.155:21
210.2.86.72:8080
213.172.88.13:80
219.94.254.93:8080
23.254.203.51:8080
43.229.62.186:8080
45.33.35.103:8080
5.9.128.163:8080
51.255.50.164:8080
62.75.143.100:7080
65.49.60.163:443
66.209.69.165:443
67.241.81.253:8443
69.163.33.82:8080
71.11.157.249:80
72.47.248.48:8080
77.44.16.54:465
82.226.163.9:80
88.215.2.29:80
88.97.26.73:50000
89.211.193.18:80
91.205.215.57:7080
92.48.118.27:8080
99.243.127.236:80

```
#### Epoch 1 - Spam/Stealer C2s ####
```

31.172.86.183:8080
104.236.185.25:8080
50.116.63.9:7080

```
#### Current Epoch 1 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB

```
#### Epoch 2 C2s ####
```

105.184.150.227:80
119.15.153.237:80
133.242.156.30:7080
136.243.117.85:8080
138.201.140.110:8080
147.135.210.39:8080
162.243.125.212:8080
167.114.210.191:8080
173.255.196.209:8080
173.255.250.241:443
174.93.130.148:8443
175.100.138.82:22
177.242.214.30:80
178.62.37.188:443
180.150.87.75:22
181.39.51.243:993
186.4.234.27:443
186.77.56.180:993
187.189.195.208:8443
189.154.67.254:80
189.208.59.61:80
189.213.62.223:20
189.223.228.181:443
190.147.53.122:990
190.186.203.55:80
201.220.152.101:80
203.194.46.115:80
203.210.237.200:993
208.78.100.202:8080
211.63.71.72:8080
217.13.106.160:7080
45.123.3.54:443
45.33.49.124:443
45.79.72.132:443
46.176.2.173:8080
49.248.84.88:80
5.230.147.179:8080
50.31.0.160:8080
60.50.212.17:20
62.75.187.192:8080
64.13.225.150:8080
67.205.149.117:443
69.198.17.7:8080
69.45.19.145:8080
71.78.158.190:80
77.56.253.112:80
78.100.187.118:80
78.186.5.109:443
83.110.148.19:443
83.110.207.126:443
83.222.124.62:8080
85.104.59.244:20
87.106.139.101:8080
87.106.210.123:80
88.240.18.94:7080
94.130.35.140:443
94.76.200.114:8080
95.128.43.213:8080

```
#### Epoch 2 - Spam/Stealer C2s ####
```

198.58.114.91:4143
213.136.86.219:7080
91.205.215.10:7080

```
#### Current Epoch 2 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB

```
#### Credits and Notes Section ####
```
Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen

NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.

```
#### What is Epoch 1 and Epoch 2? ####
```

What is Epoch 1 and Epoch 2? (updated 03/07/2019)

I have been tracking Epoch 1 and Epoch 2 since May of 2018. I called them Epoch 1 and Epoch 2 because they followed a different timescale of
payload updates and history. In short, Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for communications.
Epoch 1 is currently the larger of the two botnets(MAR 2019) and I think it is the main push of Emotet currently. Epoch 1 WAS a smaller more
rapidly changing version of Emotet at one point in the last half of 2018. Now Epoch 2 seems to be the smaller of the two since this time period.
This seems to change back and forth over a 6 month period. Despite having unique unshared C2 infrastructures, these two botnets have been seen
to move bots from one to the other and show similar behaviors seemingly controlled by a single entity/group. E.g. going on breaks at the same
time period.
Here are some observations I have noted since I have been watching these botnets:

- Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an
Epoch 2 document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those
being delivered in maldocs on Epoch 2 at any one time.
- Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
- Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
- On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on
Monday morning/Sunday night.
- Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and
Epoch 2 may have a document hosted on host.tld/B.
- The RSA keys will change every few months so for C2 communications on each Epoch/Botnet.
- Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
*- Binaries used to change hashes every 15 minutes to 2 hours but now (3/6/19) are changing every 5 minutes on distro.
- Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
- C2s are never shared between Epochs/Botnets.
- Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours
via C2 to stay ahead of AV defs.
- Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
- Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
- The easiest way to tell what botnet a sample is from, is to find the payload and then check the C2s/RSA Key. HINT - CAPE Sandbox makes this
easy now, use it! Thanks to Kevin @CapeSandbox and @pollo290987!
- Changes in behavior are often deployed to one botnet and then to the other as if the first was a test. This has been observed for obfuscation,
spam template, word template, document type and even payload.

If I think of anything else to add or if anyone else has any suggestions, I will add them here.

```
#### Community Lists ####
```

https://pastebin.com/thQAg8Ai - @pollo290987


```
#### Credits ####
```
(OC from @JRoosen and/or combination work of the following)

Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic,
@0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey,
@Jan0fficial, @shotgunner101, @HerbieZimmerman, @Outkast_TI, @ps66uk

C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie,
@devnullnoop, @gorimpthon, @Racco42, @Jan0fficial

Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz,
@pollo290987, @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42,
@papa_anniekey, @Jan0fficial, @OguzhanTopgul, @HerbieZimmerman

Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt

Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and
helping out with this!

Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
@digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch,
@urlscanio and @Virustotal for providing services/software no charge to this cause!

```
#### Daily Log 04-09-19 ####
```

Email Template Report:

I saw a couple malspams today. One was the threaded highly customized variety and the other was a generic template type.

The threaded one was actually a response to a message that was a mass mailing and was a bit of fail. I am not sure how
the emotet guys are selecting emails to respond to or if they are just responding to anything. This message was from
a generic account that was sending a very simple newsletter so they need to update their selection process in my opinion.
The response was actually different than what I have seen thus far and was an attachment based threaded message.
It looked like the following:

From: "Spoofed Full Name" <compromised account@brazil>
To: "Generic Sender Name" <generic sender account for newletter@mydomain>
Subject: Re: Mark Your Calendars!

____________________________
<html>
<body>
Attached please find the wire transfer form.<br>
Please let me know if you have any questions.


<br>
<br>
<br>
<br>
<br>
Spoofed full name<br>
Spoofed Email Address
<br>
<br>
<br>
<br>
----Original Message-----<br><br>
<pre>
	 <http://d31hzlhk6di2h5.cloudfront.net/20190117/b4/8c/a5/5b/c7935620dcada0524e1d13b5_1260x662.png>
January Is Full of Activities!
________________________

Attachment was named "7927847272_April_11_2019.doc"

Yup this was an email from January that was sent out of this year. So it seems like there are some updates to
what we know about the threaded templates:(changes are marked with *)

- Emails are sourced from once (or still) compromised users all over the world.
*- Emotet injects a reply into a real email conversation thread between the compromised party and another party that replied
to the compromised party on or before Nov 2018 until at least January 2019. (may be up to present)
- Now on E1 and E2.
- Now seeing German based templates that are essentially the same thing but in German.
*- The injected reply is usually prefaced with the following:
"Attached is your confidential docs."
*"Attached please find the wire transfer form."
- Both attached and link based delivery of the maldocs/ZIP/JS have been observed.
*- Attachments seem to be in the filename format of *_April_DD_YYYY.doc/js so far.
- The link is customized for the display text of the link to show the real domain of the spoofed organization.
- These templates are pretty limited in run and not very numerous.

So when I said "be prepared for changes", I meant it. We could see the above change quickly.

Link Regex Report:

Regex directory patterns - Same as Yesterday.

E1 and E2 - https?:\/\/.+?\/([A-Za-z0-9]{4,5})-([A-Za-z0-9]{14,16})_([A-Za-z0-9]{8,9})-([A-Za-z0-9]{2,3})\/
E2 -https?:\/\/.+?\/([a-z0-9]{4,7})-([a-z0-9]{5,7})-([a-z0-9]{4,7})\/

E1 is still slowly change over to the old favorite of \/([DdeEnN_]{2,5})\/([0-49\-]){6,7}\/ but we had a twist this time.

NEW: The German variants this morning had some additional wording before the date such as:
/vertrauen/2019-04/
/Frage/2019-04/
/vertrauen/201904/
/Nachprufung/2019-04/
/sichern/042019/
/sich/2019-04/

Therefore I upgraded the Regex to:
\/(Frage|Nachprufung|sich|sichern|vertrauen|([DdeEnN_]{2,5}))\/([0-49\-]){6,7}\/

You can of course change the group at the end to ([0-9\-]){6,7} if you wanted to keep this in place for May and beyond.

Payloads Report:
E1 had a normal amount of payload quintets today with 4. We switched from direct JS downloads to DOCs and then back to
JS at the end of the day. Mostly links again for stage 2 downloads.
In distro, E1 binaries are no longer stuck and are now rotating every 5Min again.

E2 once again had an excessive 5 payload quintets today. Just like E1, all stage 2 loaders went from .js to doc and then
back to .js. E2 binaries are still updating every 5-10 minutes in distro directories but did stop midday for some reason.

C2 Report:

C2s DID change for E1 and decreased from 59 to 54 combos in total. - recorded above
C2s DID change for E2 but remained at 58 combos in total. - recorded above

Closing:

If you haven't checked out the article that Catalin Cimpanu wrote about the Emotet threaded emails for ZDNet,
check it out here: https://twitter.com/campuscodi/status/1116389853065895937

Tomorrow is Friday and I am ready for this week to be over.

```
#### Sandbox 04/11/19 ####
(all with fakenet and MITM unless spam/secondary infection)
```

Epoch 1 C2 run on 2019-04-12 at 04:30 UTC - https://cape.contextis.com/analysis/64315/

```

```

Epoch 2 C2 run on 2019-04-12 at 04:30 UTC - https://cape.contextis.com/analysis/64316/

```