http://www.sqlite.org/2014/sqlite-dll-win32-x86-3080300.zip
http://www.yildizcammozaik.com/ermr/?RP=maHpXnaM3ES7ass047j+rYe7ywkQ6sIa+zMUHRf6FdnjceShe7iWek1xez75wPPKDxHxa+3GAuZSQYRi3X32tWMQtbJuamcH5T3UeOM=&rVBt5x=S0D0XvJ
http://www.tengxun25.com/ermr/?RP=z5ztsSeI5c8PZUmmOFrlvI6YQk5Ww6vikgBjsK6bd05DG2ipm65gH2Vt1WL+Vdpj8XLS6S0/NWUU9Zvq3tYOh10aKfRPOQwVF4QX6Zs=&rVBt5x=S0D0XvJ
http://www.ifair.ltd/ermr/?RP=/9ZteFs8/UFmHw++OdVafJDrYArXJAudtRtGPwGrOJYhpjVoXCtt1R79ico1t+l9sIsO48u5X6s79atvyvuDYeIqjKi++6JpZ3i1QlQ=&rVBt5x=S0D0XvJ
http://www.lastsummercog.com/ermr/?RP=tJUGbX/494rgI5Ijrw67IWZ/LeVBVZprruRYj1fFsvoRhT+RX4E4fdom/CtjJc/F9+5/3ZADUYV6Dgc94tN1/bYfnw7GmWl79lPiqAk=&rVBt5x=S0D0XvJ
http://www.086ic.net/ermr/?RP=vDZKFu61WEKSdSwECT48CRbOeIERVglNjABU5qZu2aOebBHSuaGwF9Qqa5FIHr/zyoeZ9Du5ySUjURJUSWUe0yjhmgxjNLNdv+PILPw=&rVBt5x=S0D0XvJ
http://www.beautytung.com/ermr/?RP=1ns1t181qN77tTssMapkd67hqOwL8XjGF8TbzlZ9cVD/BWRLjJkrp95DeSkEZZoMVZ/WfuPPYPTfhgozK54iy/+8A8qRCEnDpYsy7PQ=&rVBt5x=S0D0XvJ
http://www.glasslabel.store/ermr/?RP=7hdjePkBfZ4/PwtDFh7BRafOUoROVtFGLs3QugxB4+NjQohR4hDKeJ0gWLUZo9UP7GRyEuSo+zfu2y1JhsAmxHFHmQCRQawgcpRSFKA=&rVBt5x=S0D0XvJ
http://www.qj-gc.com/ermr/?RP=CMigEYZtSkFiXRSybLBs6JP8TbwU6pIMFyEsc1KW0mbFFZo/BVmv0Zuq/IUS+n8nBaadDccBEqbW69vL6cgXwMsM7G6D9RUmZYHPqKM=&rVBt5x=S0D0XvJ
http://www.koreavegancosmetic.com/ermr/?RP=5WnOwryU2Z5saPb0oGGSO0soJdwZ+qZBrMotzPI3zVkuMuhSXcdEeHa6+ajmQncCHRZYZEOsGeG0f4r92F/JhQYx1x7Tnyly5ZZW3q4=&rVBt5x=S0D0XvJ

www.yildizcammozaik.com(107.160.120.122)
www.proteknindo.website(194.233.77.193)
www.cuetechkorea.com()
www.086ic.net(154.203.146.165)
www.lastsummercog.com(162.0.216.69)
www.beautytung.com(154.212.126.12)
www.qj-gc.com(170.130.195.132)
www.glasslabel.store(185.201.8.86)
www.sweetpart-0621.com()
www.tengxun25.com(156.235.210.134)
www.sqlite.org(45.33.6.223)
www.ifair.ltd(216.118.232.50)
www.koreavegancosmetic.com(14.128.132.150)
194.233.77.193
170.130.195.132
156.235.210.134
14.128.132.150
103.135.248.207
107.160.120.122
154.203.146.165
185.201.8.86
154.212.126.12
45.33.6.223
162.0.216.69 - mailcious

ET MALWARE FormBook CnC Checkin (GET)

http://www.seetrol.com/update3/NetScan.exe
http://www.seetrol.com/update3/MirrInst64.exe
http://www.seetrol.com/update3/105/x64/dfmirage.dll
http://www.seetrol.com/update3/105/x86/dfmirage.sys
http://www.seetrol.com/update3/068/dfmirage.sys
http://www.seetrol.com/update3/Install.txt
http://www.seetrol.com/update3/068/dfmirage.dll
http://www.seetrol.com/update3/105/dfmirage.cat
http://www.seetrol.com/update3/MirrInst32.exe
http://www.seetrol.com/update3/105/dfmirage.inf
http://www.seetrol.com/update3/SeetrolCenter.exe
http://www.seetrol.com/update3/105/x86/dfmirage.dll
http://www.seetrol.com/update3/068/dfmirage.inf
http://www.seetrol.com/update3/105/x64/dfmirage.sys
http://www.seetrol.com/update3/Uninstall.txt
http://www.seetrol.com/update3/068/dfmirage.cat

easyon.seetrol.com(1.209.106.212)
www.seetrol.com(45.115.155.209)
1.209.106.212
45.115.155.209

ET MALWARE Potential Dridex.Maldoc Minimal Executable Request
ET POLICY PE EXE or DLL Windows file download HTTP
ET MALWARE Possible Windows executable sent when remote host claims to send a Text File