API tools faq
paste
Advertisement
jroosen

Emotet Malware IoCs 2019/02/06

jroosen
Feb 6th, 2019
2,933
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 69.41 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 02/06/19 as of 02/06/19 21:00 EST ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 02/06/19 ####
  5. ```
  6.  
  7. http://10xtask.com/SKyW_DIyB-K/MsW/Information/022019/
  8. http://139.199.131.146/MrMIK_JZ-OWJxFYG/dcU/Information/2019-02/
  9. http://184.72.117.84/wordpress/Telekom/Rechnung/01_19/
  10. http://1lorawicz.pl/plan/scripts/piJZF_3Wn4e-IcgUm/Rz/Information/022019/
  11. http://206.189.68.184/xybt_A1sb-SMlX/qFX/Attachments/02_19/
  12. http://365ia.cf/dhsAy_WlDvR-mvxE/Ey/Transactions_details/022019/
  13. http://4drakona.ru/PNUr_DqD-jUtu/pAC/Clients_information/02_19/
  14. http://6306481-0.alojamiento-web.es/UrjP_9Qi-TPFFVN/J5/Attachments/2019-02/
  15. http://72.52.243.16/DdLcm_IsL-VDhQGtO/z0/Attachments/2019-02/
  16. http://9600848340.myjino.ru/myATT/LAF9iSWkxC5_7JYLVYar_RlGc9PZ/
  17. http://admins.lt/Kvta_le6y4-IqmHTUeg/3FF/Details/022019/
  18. http://alexovicsattila.com/pVtWF_PDM-wlLz/vnp/Details/2019-02/
  19. http://allens.youcheckit.ca/Hluc_DZT-bj/y5/Transaction_details/2019-02/
  20. http://allopizzanuit.fr/Telekom/Rechnungen/01_19/
  21. http://ameen-brothers.com/rMzL_jAs-xHC/8b/Clients_information/022019/
  22. http://angullar.com.br/JLLhi_HPn-xtfsSTcZn/Ok/Transactions_details/2019-02/
  23. http://apotheek-vollenhove.nl/ONNuy_vYjLN-cvQPE/YAq/Clients/02_19/
  24. http://aquariumservis.club/GzsR_QezQ-DP/4L/Clients_Messages/2019-02/
  25. http://artesianwater-540.com.ua/VpZc_VjXI-SYtd/Iy/Documents/02_19/
  26. http://artgadgets.it/kCda_72K-sEQvx/xJ/Transactions/02_19/
  27. http://basisonderwijs.sr/pFSIj_GLeb-yaspl/XJh/Clients_transactions/022019/
  28. http://beautyandbrainsmagazine.site/Telekom/Rechnungen/01_19/
  29. http://beelievethemes.com/TXTbd_0P-OEi/Oc/Payment_details/022019/
  30. http://besef.nu/FfdsF_c3-bgNNFLi/yKF/Documents/022019/
  31. http://bezoekbosnie.nl/oxhI_QnU-aObo/Or/Clients_information/2019-02/
  32. http://bindu365.com/wp-content/kvHEE_K7O-REqoyQZr/XjW/Clients_Messages/02_19/
  33. http://bletsko.by/MKCwW_WVIBm-dGEyvEg/Zkm/Details/022019/
  34. http://bletsko.by/ZMCb_PQsX-NaS/bw/Details/02_19/
  35. http://bobin-head.com/Telekom/Transaktion/012019/
  36. http://bookaphy.com/TTvlf_SinM-QUfDtfrl/Zi/Information/2019-02/
  37. http://buonbantenmien.com/vACY_YTA-rjWqoCak/QEF/Messages/022019/
  38. http://bynana.nl/IutH_Vvtq-ndHhlY/vi1/Documents/2019-02/
  39. http://canhogiaresaigon.net/sBUDN_NL1-zCtkG/9R/Payment_details/2019-02/
  40. http://carbotech-tr.com/mFuKF_aV-QCzX/iE/Transactions_details/022019/
  41. http://car-rental-bytes.link/jKbq_cJH-PXSwwKkc/dtd/Payment_details/022019/
  42. http://casinobonusgratis.net/ublwT_boC0x-RSXtBQ/AS/Payments/022019/
  43. http://cassie.magixcreative.io/qFmPi_boyP-uxeqXe/3u0/Transactions_details/02_19/
  44. http://cattuongled.com.vn/vhXE_Il-SEFVj/xrZ/Clients_Messages/02_19/
  45. http://cd06975.tmweb.ru/ATTBusiness/hyQntyI_CHk0tpba_b7TS1JG/
  46. http://cedraflon.es/YQiB_sxGBH-FsMDrUtL/F6/Transactions_details/02_19/
  47. http://centerprintexpress.com.br/vayw_ro-qPuo/0B/Details/02_19/
  48. http://chrysaliseffect.co.nz/eyqav_cXqW-ZMMNZgf/S9V/Attachments/2019-02/
  49. http://clashofclansgems.nl/KdBDK_uem-PCOOcJfU/ejf/Messages/2019-02/
  50. http://colbydix.com/PmiF_XsPvH-BVH/LGA/Clients_Messages/02_19/
  51. http://corkspeechtherapy.ie/QwDOG_iHzp-xeQ/fFZ/Transaction_details/02_19/
  52. http://darktowergaming.com/zadh_4w-QiOkV/mC/Transactions_details/02_19/
  53. http://debesteautoverzekeringenvergelijken.nl/YVbyO_hhYbA-wGs/MxE/Transaction_details/02_19/
  54. http://debestedagdeals.nl/BpvQ_kBb-R/G5Z/Messages/2019-02/
  55. http://decowelder.by/qtWne_X9KS5-mliNGZq/Oor/Documents/022019/
  56. http://dentalradiografias.com/gMRyQ_cEW9-Gbkfsy/u9/Clients_Messages/2019-02/
  57. http://dev.thememove.com/AT_T_Online/Dk2XaDlTd_J0tOIUwn_yPGT08ow/
  58. http://dichvuvesinhquocte.com/Telekom/RechnungOnline/012019/
  59. http://dictionary.me/Telekom/Rechnung/012019/
  60. http://distinctiveblog.ir/GSfa_uds-Jofbovhjq/tT/Payments/02_19/
  61. http://ditec.com.my/CwZtu_OZwd-j/ZS/Attachments/022019/
  62. http://dkeventmarketing.com/Telekom/Rechnungen/01_19/
  63. http://dkstudy.com/hvnVE_gMH7-BA/GOO/Documents/2019-02/
  64. http://docs.web-x.com.my/vyCeM_io-sbFWGK/ZT/Clients_information/022019/
  65. http://document.magixcreative.io/ATT/5kVFcPEe0D_uOpQoBb8_lddcWZV/
  66. http://document.magixcreative.io/NDOc_xGcl7-Yj/4A/Details/2019-02/
  67. http://doordroppers.co.uk/nxSJH_rn-zkDAc/md/Payment_details/02_19/
  68. http://dream-sequence.cc/GmSTZ_W4w3-m/em/Information/2019-02/
  69. http://drezina.hu/YMaFx_16m47-bOzO/RL2/Information/022019/
  70. http://drsaritaoncology.co.za/Telekom/Rechnung/012019/
  71. http://duken.kz/uOQb_LE-hxa/0C/Messages/02_19/
  72. http://dynamit.hu/Telekom/RechnungOnline/012019/
  73. http://ekooluxpersonals.com/Telekom/Transaktion/012019/
  74. http://eldahra.fr/Telekom/Rechnung/01_19/
  75. http://elektro-muckel.de/Turvl_DxQ-MAVuS/NE/Information/022019/
  76. http://emrecengiz.com.tr/ntua_Rt-BD/Sgb/Clients_Messages/022019/
  77. http://eosago99.com/Telekom/Transaktion/01_19/
  78. http://e-pr.ir/wbik_T6S3X-bRXqbPxYk/gQi/Messages/02_19/
  79. http://esmobleman.com/nlgw_bCwB-hNNGODpZX/NaZ/Transactions_details/02_19/
  80. http://etechcomputers.online/Telekom/RechnungOnline/012019/
  81. http://expresstaxiufa.ru/TMLF_u2-ZfoQi/CLF/Clients_information/02_19/
  82. http://extremesolution.com.br/Telekom/RechnungOnline/01_19/
  83. http://fenichka.ru/LPDt_VO-CAIaXPV/bmt/Clients_transactions/2019-02/
  84. http://firuzblog.ir/Telekom/RechnungOnline/012019/
  85. http://fitnessover30.com/wp-content/Telekom/Rechnungen/012019/
  86. http://fm-kantoormeubelen.nl/Telekom/Rechnung/012019/
  87. http://frameaccess.com/DqoYU_z4-vFraiSXs/7Ky/Clients_transactions/02_19/
  88. http://frenesis.net/Telekom/Transaktion/01_19/
  89. http://frispa.usm.md/wp-content/uploads/Telekom/Rechnungen/01_19/
  90. http://frizerskisaloncoka.rs/Telekom/Rechnungen/012019/
  91. http://fundacjakoliber.org.pl/Telekom/Rechnungen/012019/
  92. http://gamarepro.com/qdjP_g699-gIEmpn/qtr/Messages/2019-02/
  93. http://gamingbkk.com.10771880-82-20181018162907.webstarterz.com/Telekom/Rechnungen/012019/
  94. http://geniavo.com/geniavo/Telekom/RechnungOnline/012019/
  95. http://giancarloraso.com/qnXi_6jz-Orm/xCC/Clients_transactions/02_19/
  96. http://hai8080.com/Telekom/RechnungOnline/012019/
  97. http://haine2.webrevolutionfactory.com/gpvFm_lGu-j/il5/Clients_transactions/022019/
  98. http://haru1ban.net/AT_T_Account/nIy1VQkej_IVMGjTe71_1Ty5wsicm/
  99. http://hiriazi.ir/vDWx_YVJ1-rKga/31f/Transaction_details/2019-02/
  100. http://hocviensangtaotomoe.edu.vn/AT_T_Online/Xoj0dHDSD_opEjv4um2_7lMB886/
  101. http://holydayandstyle.eu/DMle_ZYc3d-qkABe/V7/Attachments/2019-02/
  102. http://hostbox.ch/AT_T_Online/sNnk2XX_fx8H9Jai7_yoDtHU/
  103. http://hpclandmark105.vn/Telekom/RechnungOnline/01_19/
  104. http://hrhorizons.co.uk/AT_T_Online/dX2n7245T_wEDtJ7WsX_BCCOsmhP9/
  105. http://hseabyek.ir/ojhh_U05h-CXSxM/IZ8/Information/2019-02/
  106. http://hvanli.com/jmVZu_xXOxU-batTNXU/Nf1/Information/02_19/
  107. http://iantdbrasil.com.br/AT_T/5oy4l_F1D7ecQYS_7TRBJAzgN/
  108. http://iglecia.com/ATT/qPtWlRg2g_6IRgTLr_JA4WGX/
  109. http://igsm.co/hICy_7mqZW-kescUSL/DO/Information/02_19/
  110. http://ilgcap.net/ATT/Qx7KjG_riRXhC6_Dze0ZZxxyq/
  111. http://infinitus.co.uk/AT_T/M8qJKv7U_kwI3Iqv8_1xvNIvlL/
  112. http://infovakantie.nl/Telekom/Rechnungen/01_19/
  113. http://isaci.com.mx/Telekom/Rechnungen/01_19/
  114. http://iurrc.ir/cgi-bin/Telekom/RechnungOnline/01_19/
  115. http://jeagglobaldigitalprint.webedge.com.ng/Telekom/Rechnungen/012019/
  116. http://jianfasp.com/gHkK_m1F-kDEyXtM/W1b/Clients_information/02_19/
  117. http://jks-procestechniek.nl/tzQQr_p34t5-AVpC/w1/Transactions/2019-02/
  118. http://jmbtrading.com.br/I97S4Dae3e_r1p56377t_0C7COWZjeju/
  119. http://jobscenter.it/fOvCD_3m-At/BZD/Transactions/2019-02/
  120. http://joe-cool.jp/ATTBusiness/9PzuAi_2fG5khhwb_cW2lv/
  121. http://journal.tgeeks.co.tz/Mszha_Rw4-a/WhH/Attachments/022019/
  122. http://kalacola.ir/Telekom/RechnungOnline/012019/
  123. http://katkowski.com/AT_T/7s4R_KBN9wAJ_3NuoRR24qG6/
  124. http://kevindemarco.com/ATT/RfKVTa_r4Je1ge5A_1ttT68ALODj/
  125. http://khaledlakmes.com/OiNz_g3E1R-mYBpv/Hw/Payments/2019-02/
  126. http://khbl.com/myATT/AAywZmngD_hrc6LC_sB3USY4e8/
  127. http://kinozall.ru/kexE_4gX-KCKFdSX/NBa/Payments/02_19/
  128. http://kndesign.com.br/ATT/DqPJkyGb_mwGXgWTTK_hwipq/
  129. http://kongmiao-litang-amalutama-bangka.rajaojek.com/Telekom/Rechnungen/012019/
  130. http://kostanay-invest2018.kz/AT_T_Account/KJGmbt_o1IKeA_2ctXi1HS/
  131. http://kostrzewapr.pl/css/ATTBusiness/d3Qd_54Xb3a_RMjSnCx/
  132. http://kotou-online.net/Telekom/Rechnungen/012019/
  133. http://krasnorechie.tv/Telekom/RechnungOnline/01_19/
  134. http://kshitijinfra.com/myATT/qZd2S5pZM_DOFDlXoCy_ASgPCM2/
  135. http://kymviet.vn/eoAo_yH-jAQvXPD/gH5/Clients_information/022019/
  136. http://kynangbanhang.edu.vn/Telekom/Transaktion/012019/
  137. http://kynangdaotao.com/wp-admin/Telekom/Rechnungen/012019/
  138. http://labota.co.uk/Telekom/Rechnung/012019/
  139. http://labroier.com/HJaZG_8Tdz-ixCpRhkrd/zj/Transactions/022019/
  140. http://lanco-flower.ir/RUnKt_UVx-Nn/Bg/Transactions_details/022019/
  141. http://laprima.se/wp-includes/RRaDs_RXqr-CkKM/55/Details/02_19/
  142. http://lc.virainstitute.com/Telekom/RechnungOnline/012019/
  143. http://leoandcatkane.co.uk/Telekom/Rechnungen/012019/
  144. http://likecoin.site/Telekom/Rechnung/012019/
  145. http://limbsupportmc.com/Telekom/Rechnungen/012019/
  146. http://loja.newconcept.pub/FfXLo_OIfG1-aLBpea/A62/Transactions/2019-02/
  147. http://lukejohnhall.co.uk/ATTBusiness/B7Z3EJ_sFqTG8_QCADN/
  148. http://madisonhousethailand.com/Telekom/Rechnungen/01_19/
  149. http://mag-online.ir/WvSXM_v5t-cqEM/Q7/Messages/02_19/
  150. http://majreims.fr/Telekom/Transaktion/012019/
  151. http://maravilhapremoldados.com.br/AT_T_Online/NKLvHw3s5c_HWP6YaD1_No41x/
  152. http://martellcampbell.com/wp-content/upgrade/jDFQj_BCk-CR/ly/Documents/2019-02/
  153. http://masjidsolar.nl/igGWm_bI5-HWDuhUkP/78/Clients/2019-02/
  154. http://mediavest-spark.com/Telekom/Rechnungen/012019/
  155. http://mehraafarin.ir/wp-content/Telekom/Rechnung/01_19/
  156. http://mikanik.zinimedia.dk/sATH_bAxhQ-dIL/uqe/Details/02_19/
  157. http://modernitiveconstruction.palab.info/TGFxM_S6-dtYrS/ot/Documents/022019/
  158. http://monsieur-cactus.com/Telekom/RechnungOnline/012019/
  159. http://mostkuafor.com/NsrUN_fyxj3-oQpNB/Tjx/Clients_Messages/2019-02/
  160. http://motherspeace.com/XhFti_Ji-lgNo/hN7/Clients_Messages/022019/
  161. http://mrm.lt/ATT/WgFki_PaEKWiRZ_A9SnvB0Tp/
  162. http://ms888.sk/KOdqn_ep-JfVtu/bsM/Attachments/2019-02/
  163. http://mutevazisaheserler.com/UVZlc_KpUg-XDfIPJ/dkT/Documents/2019-02/
  164. http://mylocal.dk/kPGs_8af-SGmht/km/Clients_Messages/2019-02/
  165. http://mylocal.no/wp-admin/includes/Telekom/Rechnung/012019/
  166. http://nadlanurbani.co.il/Mywg_9Q-nGA/333/Messages/2019-02/
  167. http://nami.com.uy/AT_T/QSCAQNFoO1_zyv22g_fSP7R/
  168. http://nationaldismantlers.com.au/Telekom/RechnungOnline/012019/
  169. http://naturalbeautyclinic.ir/Telekom/Rechnungen/01_19/
  170. http://navigatorpojizni.ru/Telekom/RechnungOnline/012019/
  171. http://neumaticosutilizados.com/RduC_NGpt-TpgaZokl/CUC/Payment_details/022019/
  172. http://neuronbrand.com/XoEn_PEK-cYwy/IP/Clients_information/2019-02/
  173. http://nkadvocates.com/ATT/DpD_rVMSh90Gk_Rb6jyAy2/
  174. http://noithatshop.vn/bllLp_24X0-FW/1i/Clients_information/02_19/
  175. http://nosomosgenios.com/czjcN_xek-mXsIGayTU/0kj/Attachments/2019-02/
  176. http://olejkowyzawrotglowy.pl/Telekom/Rechnungen/012019/
  177. http://onyx-it.fr/NrcZ_q3b-ZE/Jfb/Clients/022019/
  178. http://opulence-management.co.uk/RwWXF_NVYXM-HuzKTr/QL/Clients/022019/
  179. http://phaplysaigonland.com/TYhaR_cb-EKyVGA/gF/Clients_transactions/2019-02/
  180. http://pirates-mist.ru/BMhrM_wdcxd-BwhKCk/Az3/Transactions/02_19/
  181. http://plusvraiquenature.fr/wp-includes/Telekom/Transaktion/012019/
  182. http://print.abcreative.com/qQOHm_Q2OY-uaLMW/REx/Attachments/02_19/
  183. http://profenusa.com/ATT/PKuYNwuHYrV_fMzQGh2_DjD1zZQiWK/
  184. http://redic.co.uk/AT_T_Online/Fz2K5UTb_ymdSGFFFV_7PrEhAaBklH/
  185. http://rubylux.vn/cgi-bin/ATT/Y3CFhpe_MC7o44_cP1hmR0M/
  186. http://saleswork.nl/HOxiC_uM-sjsGxe/RzI/Clients/022019/
  187. http://sieure.asia/AT_T_Online/t2s0JLpL_79QziIF_vRa1fAvyhpq/
  188. http://sigelcorp.studiosigel.com.br/Telekom/RechnungOnline/012019/
  189. http://smtp.belvitatravel.ru/WmOM_lGX-FGh/35/Details/2019-02/
  190. http://sxyige.com/Vmolq_qiP-R/q6/Transactions_details/2019-02/
  191. http://tapchisuckhoecongdong.com/Ejlzw_PI-FYCNrqcb/Rx/Details/2019-02/
  192. http://tasalee.com/aKBio_Ps-nSTiVJkq/33w/Messages/2019-02/
  193. http://thingsofmyinterest.com/wp-content/upgrade/ATT/kkeXtqfPu_2w9tHM_kkYOzmg/
  194. http://thptngochoi.edu.vn/QCLt_qO-HcsOCKL/vso/Transactions_details/02_19/
  195. http://tocsm.ru/PlRC_ba-vaWbTP/nMV/Transactions_details/2019-02/
  196. http://trehoadatoanthan.net/wbWZi_1OE-zGggvm/XT/Information/022019/
  197. http://udicwestlake-udic.com.vn/SibT_hJ-dmYzvMOY/TP/Attachments/2019-02/
  198. http://up2m.politanisamarinda.ac.id/wp-content/Telekom/RechnungOnline/01_19/
  199. http://valkarm.ru/scripts_index/qEoD_HmUAD-GHAlmhlU/SQ/Information/02_19/
  200. http://vantienphat.com/HjzY_Da5-hEOsqupjf/19K/Transactions/022019/
  201. http://vergnanoshop.ru/Telekom/Rechnung/012019/
  202. http://waaronlineroulettespelen.nl/hQjMK_3Xm7h-IppS/fQ/Details/022019/
  203. http://weiweinote.com/FAyEb_2SwG-PdkMBBBpE/Y0v/Clients/02_19/
  204. http://wiebe-sanitaer.de/SVPMD_RswvB-riIo/qhc/Payments/02_19/
  205. http://wieczniezywechoinki.pl/tymM_W8BE-obST/jx/Transactions_details/022019/
  206. http://www.carellaugustus.com/MbvKW_bqm-IG/L9Z/Clients_Messages/02_19/
  207. http://www.delphi.spb.ru/zHVsf_UlQt-eeU/4F6/Information/2019-02/
  208. http://www.dkstudy.com/hvnVE_gMH7-BA/GOO/Documents/2019-02/
  209. http://www.hopeintlschool.org/Telekom/Transaktion/012019/
  210. http://www.jteng.cn.com/ATTBusiness/ZOb39IhWU_VnT9FMQ_xCBbxGX6/
  211. http://www.panafspace.com/XpyZ_EI-drgtmr/1Sa/Transactions/2019-02/
  212. http://www.rekonstrukciedso.sk/nYSY_sj-OGtagPTh/FoH/Clients_Messages/02_19/
  213. http://xn--80adg3b.net/dwCDX_KrurU-addBuFM/ND/Details/022019/
  214. http://xn-----clcb5aki4ab6afi7g.xn--p1ai/ALRo_O6Ix-yihZlfeT/qea/Payments/2019-02/
  215. http://ylgcelik.site/mKpm_1qL4-tbBthC/jt/Transaction_details/02_19/
  216. http://yogora.com/CNrd_x8QyO-UtIwwWHdv/LR/Attachments/022019/
  217. http://zolotoykluch69.ru/ATT/iYvnjD4z_KC1VUzNuk_4DgPr/
  218. https://dkstudy.com/hvnVE_gMH7-BA/GOO/Documents/2019-02/
  219. https://noithatshop.vn/bllLp_24X0-FW/1i/Clients_information/02_19/
  220. https://profenusa.com/ATT/PKuYNwuHYrV_fMzQGh2_DjD1zZQiWK/
  221. https://www.dkstudy.com/hvnVE_gMH7-BA/GOO/Documents/2019-02/
  222.  
  223. ```
  224. #### Epoch 2 Document/Downloader links seen for 02/06/19 ####
  225. ```
  226.  
  227. http://139.199.131.146/EN_en/file/Invoice_Notice/549735793403/EICcU-v2L_ZLPuIPDv-Jd1/
  228. http://206.189.68.184/EN_en/download/Copy_Invoice/23923089/qGeui-Lmuv_XfrpRd-R6k/
  229. http://2625886-0.web-hosting.es/company/Invoice/8550366/eKaVP-kky_EL-zzu/
  230. http://365ia.cf/ipass/scan/Invoice/fUUF-WrLe_LEW-gWR/
  231. http://4evernails.nl/de_DE/XTKCKFS9484178/de/RECHNUNG/
  232. http://55tupro.com/US/Inv/bqIkl-eY5e_kSbuWOh-ag/
  233. http://72.52.243.16/llc/iyGl-Kfz_utOrWkfg-aOs/
  234. http://a1-boekhouding.nl/scan/BgNa-HkhOc_nlYDsh-QoO/
  235. http://a2neventos2.sigelcorp.com.br/En_us/Invoice/uRAiK-Zou9R_as-GTJ/
  236. http://actron.com.my/En_us/document/663948092204832/hVJo-l73hQ_ZxAX-Te/
  237. http://adwitiyagroup.com/wp-admin/meta/US_us/download/ZPETs-DT3e9_TWIUwMSyO-IS/
  238. http://afshari.yazdvip.ir/En/corporation/Inv/9407434260079/iEVAm-n2NQ_DgMFS-sr/
  239. http://agencjaekipa.pl/EN_en/llc/Invoice_Notice/YFPsZ-YF4s_hJkMN-4P/
  240. http://airbnb.shr.re/EN_en/download/Copy_Invoice/AKRDO-Wh_tymuHvNE-Cj/
  241. http://aisi2000.com.ua/En_us/New_invoice/GYVS-oG_P-qY/
  242. http://aisi2000.com.ua/llc/New_invoice/409992141294489/BpJNv-xgQ_Ffvcwvafr-Me1/
  243. http://aiwaviagens.com/Copy_Invoice/006659523128/rSDdV-XOPf_kZywyQfS-mY/
  244. http://ajosdiegopozo.com/New_invoice/5928154634200/tBWL-d75_WvvX-Nz/
  245. http://alexxrvra.com/En/XBLk-WY_QbIGM-Vw/
  246. http://alirabv.nl/DE/YHWLKN8161591/GER/RECH/
  247. http://allens.youcheckit.ca/perform/JkRW-i6_gbulBU-Myk/
  248. http://allsortschildcare.co.uk/Invoice/PwHr-0Ka_iB-sFK/
  249. http://altuntuval.com/EN_en/llc/Invoice_number/OTbyQ-smm_naWP-Jhq/
  250. http://am-test.krasnorechie.info/FeWH-lThPb_Zv-F48/
  251. http://anapa-2013.ru/US/info/Invoice_Notice/RuXSR-eKGt_SUdi-Mx/
  252. http://anhsangtuthien.com/En/doc/Invoice_Notice/iVYT-t8UNP_Oy-rR/
  253. http://antifurtiivrea.it/US/Invoice/NFjG-8DI_fi-3Rx/
  254. http://antigua.aguilarnoticias.com/En/company/mzwp-un_zCTSuok-uAr/
  255. http://antikafikirler.com/US/Inv/851899174923/kFLdJ-uqh_KVV-3R/
  256. http://ard-drive.co.uk/EN_en/company/Invoice/FKOh-I7j_DKPwkQnHP-4rQ/
  257. http://aspireqa.com/EN_en/corporation/Invoice_number/13719056/IxVH-uyj_mmuS-Gyc/
  258. http://atfalanabeebturkey.com/de_DE/KFZMYMV0656206/Scan/Hilfestellung/
  259. http://autopal.co.za/EN_en/Invoice/481958199794894/gBRG-HO9_VzNQoLVPd-VaZ/
  260. http://autovesty.ru/llc/Inv/gzfVt-fK_CO-Wk/
  261. http://aziendaagricolamazzola.it/US/WnKmL-iHWnz_Z-aL/
  262. http://bazee365.com/En/corporation/30382554661949/Nvvv-hu_vEbCn-T2/
  263. http://beelievethemes.com/company/30575907/kKCoV-RW_Rbi-ZVU/
  264. http://belyaevo-room-nail.club/En_us/file/New_invoice/FxPb-68_VB-PM/
  265. http://bernardlawgroup.com/scan/New_invoice/ofwh-ZAO_J-XSj/
  266. http://betal-urfo.ru/company/84845429721/TUNlQ-qCiF_AEYouey-ae6/
  267. http://bezplatnebadania.com.pl/En/doc/Invoice_Notice/708710479746/vScI-jOrE_NDHEfNT-QA/
  268. http://bgbg.us/En_us/llc/oljbq-RRDG_XL-Maj/
  269. http://blogg.postvaxel.se/file/Invoice/SJXh-e41Wp_MQYJxqWV-qTP/
  270. http://blondenerd.com/download/Invoice_Notice/599910057375/SoYZu-yQV_cYso-mNk/
  271. http://borealisproductions.com/EN_en/xerox/Invoice_number/bbkB-fnU_YBROSm-8bY/
  272. http://bpaper.ir/New_invoice/05313761/jPRN-68Lg_pg-lPI/
  273. http://burlingtonadvertising.com/Invoice_Notice/SSGDh-BW_IdCzmSmS-05/
  274. http://buybywe.com/corporation/New_invoice/qLqdU-OB_BahkszfL-WED/
  275. http://buzzplayz.info/En_us/llc/Invoice_Notice/AmQA-l7d9_C-2z/
  276. http://caveaulechapeau.ch/US_us/corporation/Invoice/YPcd-4Xca8_sPqaa-N7/
  277. http://cdsanit.fr/En/info/Inv/934672737272566/VQSD-1ovkQ_YE-4L/
  278. http://chateaufr.co/En/download/Copy_Invoice/FExpI-5g9uz_lJyfrzh-djl/
  279. http://cild.edu.vn/document/Invoice/HdOzN-Tgk9_nedbTQEb-ra0/
  280. http://cityandsuburbanwaste.co.uk/Invoice_Notice/cadHB-2wUk_nD-AQ/
  281. http://clipestan.com/Februar2019/GBBSQP2993984/DE_de/Hilfestellung/
  282. http://clipingpathassociatebd.com/Copy_Invoice/QOyng-Nd3_Fptra-5KN/
  283. http://cliqcares.cliq.com/download/MtPO-JZVm_KZYAtkzQa-CV/
  284. http://colocol.vn/wp-content/uploads/EN_en/llc/New_invoice/lzse-cDe_vAkD-qFh/
  285. http://comfome.co.mz/llc/Copy_Invoice/vCKTE-fA7RN_soFkC-yVJ/
  286. http://compex-online.ru/80126550482325/nVVk-HY_yNGIpEWFS-mb/
  287. http://com-unique-paris.fr/US_us/llc/Copy_Invoice/hFTs-CxMd_ebAhFP-XA4/
  288. http://cordesafc.com/EN_en/company/VUFU-VIYUH_TcvoV-ex7/
  289. http://cosmoprof.com.gt/US_us/doc/Lrsg-F5K_rbNBsn-jv/
  290. http://creativeworld.in/EN_en/corporation/VxzKA-5I3v_HyzVjpf-zV/
  291. http://daotaokynang.org/En_us/corporation/AVPLf-TQ8P_Y-DKs/
  292. http://dappen-online.de/doc/Invoice/XKEeG-uk_MkNM-SeF/
  293. http://datvangthainguyen.com/llc/Invoice_number/quPoJ-BL_VOuwFFU-8Q/
  294. http://dcmax.com.br/EN_en/xerox/9558962232308/fJoJ-8bTwS_YQ-nf/
  295. http://debestekofferdeals.nl/EN_en/llc/Copy_Invoice/dCfK-HlgT_TbTdz-Gql/
  296. http://debestetassendeals.nl/US_us/scan/New_invoice/AIhUH-Ig_PtaV-SM/
  297. http://debestezorgverzekeringenvergelijken.nl/Februar2019/EYGWDAZZP5390967/Scan/Zahlungserinnerung/
  298. http://debestezorgverzekeringvergelijken.nl/info/Inv/sxGi-Od_cGSkyxNWP-GCR/
  299. http://decowelder.ru/document/Invoice/qWAy-s4l_RUeQAEhKt-LV/
  300. http://denverfs.org/Februar2019/JHDWCO6686533/Rechnungs-docs/Hilfestellung/
  301. http://devicesherpa.com/En_us/581429047995091/LQgjs-Gqxg_i-cC/
  302. http://dierenkliniek-othene.nl/Invoice_number/ywNSo-rO_mdmfsFy-tv/
  303. http://dijitalkalkinma.org/Invoice_number/DFVsg-ocKU_VTKgS-93O/
  304. http://dijitalthink.com/En_us/scan/Invoice/JcNs-WRXZ_qYA-uU2/
  305. http://dizinler.site/wp-admin/US_us/Fprp-AjE_ooNzxW-3HF/
  306. http://docksey.com/scan/062230301/jtvOe-bRQs_bOglXH-cO/
  307. http://drszamitogep.hu/New_invoice/tubu-1m7j_jV-THw/
  308. http://eclosion.jp/file/7240082706/RTPQH-c2X_HwNiW-Ds/
  309. http://ediziondigital.com/llc/Copy_Invoice/AlcG-dEO_Guj-NWO/
  310. http://edmundkingdomoutreach.org/De/DRTDQVE9264728/Rechnungskorrektur/FORM/
  311. http://ejder.com.tr/de_DE/ZYPFJDNX9270147/Rechnungs-Details/DETAILS/
  312. http://electroautomat.com/RFXRCQIE7928423/Scan/DOC-Dokument/
  313. http://epl.tmweb.ru/xerox/Inv/Vjnb-t3Y_WS-LF/
  314. http://erastio.mentono.com/De_de/LNITGWZ7991954/DE/RECH/
  315. http://eroes.nl/US_us/info/Invoice_number/rTjyv-tAF_p-2e/
  316. http://eskilloo.com/DE_de/CBZVRAB5810480/Dokumente/DOC/
  317. http://etechcomputers.prospareparts.com.au/DE/NFHCPD8835957/Rechnungskorrektur/FORM/
  318. http://eurobandusedtires.com/De_de/HQBIJLL8219583/Scan/DETAILS/
  319. http://evilearsa.com/wp-content/company/Jive-GqN_mijQ-hKD/
  320. http://extremeimports.com.br/De_de/NYVQIWL9317398/Rech/Rechnungsanschrift/
  321. http://f9tfans.ir/De/MFYTOJGJ6075348/Rechnung/DETAILS/
  322. http://facetickle.com/En_us/Invoice_Notice/rxYDm-IM_apAi-Xps/
  323. http://figuig.net/company/Copy_Invoice/nOqER-LiEun_FqR-tM6/
  324. http://fikraa.net/De_de/PSEYKZEFRU5605482/GER/FORM/
  325. http://filmosvet.ru/corporation/New_invoice/IrPl-IO_ghihh-h01/
  326. http://findremotelyjobs.com/DE/BSTOXX7955975/de/RECH/
  327. http://flarevm.com/En_us/scan/xCCH-PcQ_WbOQSCA-xH/
  328. http://flashback.cl/US_us/llc/Copy_Invoice/sTadQ-YH_gLhw-D1/
  329. http://foreverir.com/hi/DE/BAGEOV5358271/GER/DETAILS/
  330. http://forum.icsa-life.ru/DE/NZUNVX0357868/Scan/FORM/
  331. http://fotistax.com/Februar2019/IYXYCUJH5252816/Rechnungskorrektur/DOC/
  332. http://fotistax.delosvacations.com/De/CUICPL6744535/Rechnungs/Rechnungszahlung/
  333. http://franklincoveysuriname.com/JEEMXIP6485801/Rechnung/Rechnungsanschrift/
  334. http://frasi.online/DE/EVZWZSOI0612202/Rechnungs-Details/Rechnungszahlung/
  335. http://freelancer.rs/xerox/Invoice_number/zvKkP-xoJIk_pUcMR-HJ/
  336. http://fullwiz.com.br/company/Invoice/OgdZ-SL5_CJusoEP-gl/
  337. http://fungostar.ir/KKRGWRNUYV6667126/Dokumente/DETAILS/
  338. http://further.tv/EN_en/xotK-eo_HSUbH-wG/
  339. http://g7epic.com/company/Invoice_Notice/618918830713307/TDbr-TKVQ_NFO-9b/
  340. http://gamzenindukkani.com/EN_en/doc/Invoice/eWmC-gJ_dgFEUMYm-5PC/
  341. http://geestdriftnu.com/Invoice_number/JDgy-GUy_JttOAlj-jU4/
  342. http://gidroplazma.zone/de_DE/AFONCPV8674834/Rechnungs-Details/RECH/
  343. http://gloriabz.webrevolutionfactory.com/AXBSXZWY1059529/Rechnungs-Details/Zahlungserinnerung/
  344. http://glorialoring.com/US_us/info/2135114265095/zRNw-XJ3ZA_ogzPzQsZ-IRw/
  345. http://gofy-tuinbouw.nl/ACLHLPNI0219285/DE/DETAILS/
  346. http://goldskeleton.com/company/1636729221695/nAncI-N7_evPpVD-DK/
  347. http://grikom.info/de_DE/MKUVXJVW6550509/Rechnungs-Details/RECH/
  348. http://groundswellfilms.org/llc/New_invoice/VaBm-3BO_tcWTBxJZs-iqv/
  349. http://haine1.webrevolutionfactory.com/EN_en/New_invoice/aWkH-ttM2y_NIjQshFAQ-Sh/
  350. http://hamamplus.ru/En_us/doc/Invoice_Notice/Nocv-9CbW_eCx-9XL/
  351. http://hchost.net/En_us/company/Inv/87719081303483/JIPzr-plKtj_DvT-8b/
  352. http://helpeducateachild.com/wp-content/uploads/2015/09/temp_f665ae5af25a438cc65458a1f71cca40/En/KgISi-PHY_IkXPDwu-Xg/
  353. http://help-mijn-partner-heeft-een-depressie.nl/US_us/llc/Invoice_Notice/650570527/JnWD-kn7_cwUfG-n2f/
  354. http://herbeauty.info/7jhzynf/US/doc/HhsBC-Iv_n-tsC/
  355. http://holosite.com/En_us/Invoice_number/037365190005167/pIKP-dSqR4_mIy-XPd/
  356. http://hostelmokotow.pl/DE/LJKGAYYT5820318/Rechnungskorrektur/Fakturierung/
  357. http://hourofcode.cn/EN_en/Inv/92017376/aMQEm-Le5JH_mYvdJWM-VZL/
  358. http://hpconsulting-rdc.com/En/corporation/Inv/nvZIc-p3b_xeSFUy-gK/
  359. http://hungthinhphatcompany.com/Februar2019/NGZKYNRV2542133/Rechnungs/DOC-Dokument/
  360. http://hvanli.com/file/ksVBW-hMZ_ksfNJO-Dd/
  361. http://ieltsgo.ir/de_DE/SNZIXV1441648/Rechnung/DETAILS/
  362. http://indysecurityforce.com/En/document/Invoice_Notice/91473606009360/Ylpv-v8_r-31b/
  363. http://ingramjapan.com/company/CmVJ-JZlMP_VVEpllcgP-4u/
  364. http://instantbonheur.fr/DE_de/NUFPREFCCV9174283/DE/DOC-Dokument/
  365. http://iranfanavar.com/Copy_Invoice/zHkL-zO4_FLnSagoRP-Ke/
  366. http://iranfanavar.com/wp-includes/Inv/vJeC-mw_seSU-Dp/
  367. http://iran-gold.com/BzCYu-9u_ldXkubCA-K4/
  368. http://isoblogs.ir/document/Copy_Invoice/HKSCj-xhwux_DHncDHCV-qwH/
  369. http://itracking.pl/de_DE/OFWVJDKVEU7235154/Rechnung/RECHNUNG/
  370. http://iventurecard.co.uk/EN_en/download/zwND-vy4_vKzgMpQa-C8/
  371. http://ivigilante.live/En_us/xerox/33438049/ZjMa-PjKE_Z-fa/
  372. http://ixmoradadosol.com/De/MELEJHIN2249207/Rechnung/Fakturierung/
  373. http://jahanmajd.com/DE_de/VASEDHGPC5696126/Bestellungen/Hilfestellung/
  374. http://jahanservice.com/scan/03387503/GDwlf-Yo_Q-2t2/
  375. http://jaipurjungle.co.in/de_DE/EUXKLNLOPJ5022080/Rechnungskorrektur/Rechnungsanschrift/
  376. http://jasminblanche.com/De/DEONUJRZV4375083/Rechnungs/Rechnungsanschrift/
  377. http://jenthornton.co.uk/En/Invoice/06693300/oVmL-rdhd8_Qozbbszc-MLG/
  378. http://jifcogroup.com/Februar2019/VGNZYDWV1229628/Rech/RECHNUNG/
  379. http://jinyande.xyz/De/KMPBGY8140832/Rechnungs-docs/DOC-Dokument/
  380. http://jnkdgroup.com/DE/TQSARNYHJL6716826/GER/RECHNUNG/
  381. http://jobbautomlands.com/DE_de/VCMQLFD6123771/gescanntes-Dokument/DOC/
  382. http://jobspatrika.com/EN_en/DGWm-WLFk_pV-ko/
  383. http://jobstrendz.com/de_DE/CRPHJH1371639/Rechnungs-Details/Hilfestellung/
  384. http://johnnycrap.com/EN_en/llc/010560559/xwbK-CLgN_moSgcB-G2k/
  385. http://justclickmedia.com/US_us/file/Copy_Invoice/65656613591818/AmwJS-x5_lfyi-gp/
  386. http://kahi.co.nz/DE/XZGBIYWBO8494878/Rechnungskorrektur/Zahlungserinnerung/
  387. http://kailashpark.com/DE_de/IIURXM7860861/GER/DOC-Dokument/
  388. http://kantoradam.pl/De_de/YBCGQU4185095/Rechnungs-Details/Zahlungserinnerung/
  389. http://kapkap.vn/DE/KYNDNK1848472/GER/RECHNUNG/
  390. http://karditsa.org/En/scan/Invoice/aaIW-Z51_e-hhE/
  391. http://karefori.com/De/WOVVUVDPL1142862/Rech/DETAILS/
  392. http://karenamme.de/xerox/Invoice_Notice/91910910588/GqWm-pkC4s_dO-lK/
  393. http://keelsoft.com/US_us/hOoms-9hgky_kNfwSv-eMB/
  394. http://kelp4less.com/US_us/company/Invoice_Notice/qLIpU-krI5_IryHFYd-A7J/
  395. http://kendavismusic.prospareparts.com.au/DYHTCSGOLJ2804456/gescanntes-Dokument/RECH/
  396. http://khorasandetector.com/De/GSFZLFKKUY0466032/Bestellungen/DOC/
  397. http://kinesiocoach.ae/US/doc/Inv/rYBS-lm_YJrd-2Lk/
  398. http://kineziolog.si/US_us/corporation/Invoice_Notice/FgPHJ-CoRX_I-A6/
  399. http://kirstenborum.com/US/xerox/951253191503/JIOlb-093y_WFKGEWdyK-WY/
  400. http://kirtanbazar.com/SICJUSTXR1592558/Scan/DOC/
  401. http://kitahamakai-miyoshiiin.com/US/file/Invoice_Notice/ccMj-6Md_JeztkKPUa-sMM/
  402. http://kitchenclassic.ir/De/LCPLYIPKS5632753/Rech/Rechnungszahlung/
  403. http://kmi-sistem.com/download/Invoice_number/3187807264578/BoqBi-qL_BISZH-jZ/
  404. http://kolejmontlari.com/scan/Invoice_Notice/McDHi-hGx_bfuga-Osn/
  405. http://kompix-komputery.pl/DE_de/ZPBRJPSNZ6867234/gescanntes-Dokument/DOC/
  406. http://kongmiao-litang-amalutama-bangka.rajaojek.com/US_us/file/Copy_Invoice/Fbgv-Gyi_JUUQER-lD/
  407. http://konzeptprint.com/LJMVECM0000468/Rech/DOC-Dokument/
  408. http://kylerowlandmusic.com/En_us/xerox/Copy_Invoice/jmyL-Zi_dSGsVXjnF-zom/
  409. http://laviago.com/De_de/ASHQTZ2934385/Bestellungen/FORM/
  410. http://laylalanemusic.com/download/Copy_Invoice/37096199/YkLJU-3n_VyQMIbcCD-Wax/
  411. http://leesonphoto.com/US_us/document/Inv/3381399880113/dpWt-Idv_uZV-FcI/
  412. http://lens.youcheckit.ca/perform/JkRW-i6_gbulBU-Myk/
  413. http://leptokurtosis.com/EN_en/Invoice_number/rfDLz-rz_Xzz-ig/
  414. http://liederkranz-kirrlach.de/de_DE/KLZTLZN9404989/Dokumente/RECHNUNG/
  415. http://lienquangiare.vn/corporation/mhfk-d9c_omtR-WTx/
  416. http://lifedreem.com/De_de/ELXHGRG5452894/Rechnungs-docs/Zahlung/
  417. http://likemoon.pt/de_DE/LMVSZY3924915/Rechnungs-Details/DOC-Dokument/
  418. http://link2u.nl/xerox/362148692187650/jfpbi-ahG_UKUMXPqQp-NwG/
  419. http://lion-charger.com/De_de/XMAWKITK0595005/DE/RECH/
  420. http://lkvcello.fi/Februar2019/BLDYNFMIRX4281024/Rechnungs-Details/Rechnungsanschrift/
  421. http://locofitness.prospareparts.com.au/De_de/DJIMGUUJ0561857/Rechnung/DOC-Dokument/
  422. http://lopezgas.com.ar/De/ZFOEOIF4623442/Rechnung/DOC/
  423. http://lucidity8.com/wp-content/de_DE/UFGCYV8832370/Rechnungs/Hilfestellung/
  424. http://lucretia-fitness.be/DE_de/CDIPMZE8932834/Rechnungs-Details/Rechnungszahlung/
  425. http://m.jumarconato.com.br/YUTDTDI2847193/GER/Zahlung/
  426. http://mabagrgv.beget.tech/SUUONHQKZ7947488/Rechnungs-Details/Zahlungserinnerung/
  427. http://mabuhayjobs.com/De/NNMIJCL0636582/DE_de/Rechnungsanschrift/
  428. http://madeireiraecologica.com.br/En_us/llc/New_invoice/Loay-tc_czqE-UIk/
  429. http://madrededios.com.pe/doc/Invoice/56580329/SbdJI-Etc_pO-Hn/
  430. http://maratindustrial.com/Invoice/oayN-Fx_zwyBFxs-Jd/
  431. http://marketingonline.vn/De_de/MLYQETEJSS8420176/Rechnungs/RECH/
  432. http://masiiresabz.com/De_de/HOKDVQR3269569/de/Zahlung/
  433. http://mask.studio/En/company/82861544463767/mACCF-R7u7_UovE-7u3/
  434. http://matongcaocap.vn/xerox/Invoice/ppDmb-z6_RUa-Nmh/
  435. http://mattayom31.go.th/US/llc/WMBlM-eypEj_JNxsmgzsE-Z3P/
  436. http://mcbusaccel.com/info/Inv/386880342120/TpMGn-Fy47_UNQf-Ws/
  437. http://mdrealtor.in/En_us/xerox/Invoice_number/Yxjxp-QGp_rZ-gi/
  438. http://mediarox.com/De/VLZVZAJ2068720/Bestellungen/DOC/
  439. http://medicaid.ir/EN_en/download/XLJbp-CEEh_ipf-xf/
  440. http://meta528.com/De/ORBTVJPDG1536074/GER/RECHNUNG/
  441. http://mobyset-service.ru/En/WxDM-2r2JT_UmiSxVgCK-Cl/
  442. http://molly.thememove.com/US_us/info/188869022/JDyU-4GE_zd-X5O/
  443. http://monicagranitesandmarbles.com/DE/TTBGKG3648298/Rechnungs/RECHNUNG/
  444. http://morin-photo.fr/En_us/doc/Invoice_Notice/8499604480/SJrb-VQ_HbJrj-L82/
  445. http://mpdpro.sk/Invoice_number/zlch-EZ_eQSGZwmr-DU/
  446. http://mtaindia.smartbrains.com/company/New_invoice/SDZL-jB8p_EYuc-zkX/
  447. http://mycomputer.com.hk/US_us/llc/13809743631720/Jnln-nWRZ7_tn-8CH/
  448. http://myfireart.com/En_us/xerox/Invoice_number/YElI-MDV_ojPBpO-1Q5/
  449. http://mywedphoto.ru/En/Invoice_number/KoxiK-tliI_BXjLVVr-oK/
  450. http://napier.eu/scan/Invoice_Notice/gnsiv-uyX_QsQ-Vq5/
  451. http://nathandale.com/download/Invoice_Notice/oFZd-Rug2s_BpugaRtqi-0N3/
  452. http://natureshealthsource.com/En_us/Invoice/0574535/lwhUD-6Y4z_DD-R0/
  453. http://neuronbrand.digitology.info/EN_en/Invoice_number/eaAx-e81X_lw-N07/
  454. http://niersteiner-sommernacht.de/US_us/doc/4878155/yNDt-KfUS_Sp-yh/
  455. http://nikastroi.ru/US/download/659283603/ajiL-yH_aYKJ-zF/
  456. http://noorderijk.demon.nl/joomla/New_invoice/HkRH-3XM9_BTXcWrTH-mnU/
  457. http://novosalud.com.ve/En/document/FuNZB-JtHJ_XtZfrFz-hB/
  458. http://nrnreklam.com/PCzo-LZZ_DfC-8N/
  459. http://nrteam.hu/doc/TWbr-byG1_g-q0/
  460. http://nt-kmv.ru/US/Copy_Invoice/lsnW-jZm_aOUN-aF1/
  461. http://oficionado.com/document/5327942/LiDqK-aXVIq_voqolZxI-cnb/
  462. http://ogar200.y0.pl/corporation/CRoPN-AMa_tJDCtFMPJ-Uj/
  463. http://ohmydelish.com/En/document/Copy_Invoice/QGSW-NNY_bybx-DK1/
  464. http://okna-pvh-deshevo.ru/zICc-rdFJ_Dwq-LpN/
  465. http://one.ltshow.beget.tech/US/Invoice_number/862731131/WDxj-ByiU_XmIQkWkz-uN/
  466. http://onlinetanecni.cz/US_us/info/Invoice_Notice/04742192589/TlPP-L3mt_mDyhK-Fp3/
  467. http://oohbox.pl/Invoice/fmcu-0m_x-rZ/
  468. http://phaplysaigonland.com/Invoice/anhea-QF_PkRnsUVb-AML/
  469. http://polsterreinigung-24.at/EN_en/document/Invoice_Notice/nkDc-8zd_iH-utl/
  470. http://portriverhotel.com/US_us/document/Wzvi-nflt_mbWJh-2y/
  471. http://port-vostochny.ru/En/file/Ennqn-BPIFH_TwspntABc-3bT/
  472. http://prisma.fp.ub.ac.id/wp-content/xerox/MidY-2g_fTBtdf-2yO/
  473. http://purphost.com/US_us/corporation/New_invoice/yvqc-Zz1U4_MXgIf-vAg/
  474. http://pusqik.iainbengkulu.ac.id/wp-content/uploads/2018/Inv/18340444227/DQFwH-l5K_vkAOfJ-o9/
  475. http://quoabogados.com/scan/Copy_Invoice/64693534672/UtKPC-hNrbS_RNhG-zzE/
  476. http://rakitan.online/EN_en/info/Copy_Invoice/010217015/kKpnH-0QCqL_FrnJ-Wb/
  477. http://rccspb.ru/En/1437837/ZYnB-6fet_c-eR7/
  478. http://rehau48.ru/Inv/12981156153/hbPQT-Yue7M_uQJoZX-sN7/
  479. http://rohrreinigung-wiener-neustadt.at/file/kYKhs-W7M_sSGVA-vq/
  480. http://royal-granito.com/doc/Invoice/bqhD-KH24x_xTeMyafbW-Yv/
  481. http://sierrastudios.net/US/scan/Invoice_Notice/sdMf-UJG3_xdIrAXcb-F0/
  482. http://signalcomtwo.studiosigel.com.br/LATXMC7473245/gescanntes-Dokument/Rechnungsanschrift/
  483. http://skolaintellekt.ge/llc/Copy_Invoice/GgiRe-a6_udYcA-6h5/
  484. http://socialinvestmentaustralia.com.au/wp-content/logs/EN_en/scan/New_invoice/VMXT-uLg_RcGzf-cRD/
  485. http://sosh47.citycheb.ru/De_de/JRJHHCFERR0113685/Bestellungen/Hilfestellung/
  486. http://space-camp.net/US_us/corporation/Invoice_Notice/mUctI-YGa_xIg-iyz/
  487. http://sscgroupvietnam.com/En/info/cOiH-ABy_RgT-ZvD/
  488. http://staging.fanthefirecreative.com/mobileforming/public/uploads/En_us/Invoice_Notice/15467877164/MUcS-ln4qy_BVR-HM/
  489. http://staging.fanthefirecreative.com/mobileforming/public/uploads/En_us/tnSR-P69To_mXlRjXetW-Xw/
  490. http://sugarconcentrates.com/En_us/company/Copy_Invoice/8256871/xlpxb-emIkq_sTKd-QEH/
  491. http://superjjed.com/wp-content/uploads/document/Invoice_Notice/GCnmq-p71NQ_kyNc-2u/
  492. http://testcrowd.nl/US_us/doc/Inv/eQBS-vZh_Jg-19G/
  493. http://thales-las.cfdt-fgmm.fr/cgi-bin/llc/Inv/ggatW-AHA8_gmzRxADvQ-xm/
  494. http://thietkewebwp.com/wp-content/uploads/En_us/Invoice_Notice/032228816834/joWRT-7bc_V-ky/
  495. http://update.rehangarbage.com/doc/Invoice_number/sYBo-WLO_PvsdMNLtM-KBd/
  496. http://vantienphat.com/En_us/file/CoBz-gX_mIxI-24/
  497. http://viticomvietnam.com/company/Inv/HbJUr-Df1yi_MQspP-4t/
  498. http://www.fenismuratsitesi.com/De/UHIZKTDIEO4419617/Rechnungs/Rechnungsanschrift/
  499. http://www.fotistax.com/Februar2019/IYXYCUJH5252816/Rechnungskorrektur/DOC/
  500. http://www.mbaxi.com/doc/TfXp-Rtquo_yM-u5/
  501. http://www.qeba.win/corporation/Invoice_number/032181221635422/ieINk-eaafG_DoOpeja-WO/
  502. http://www.seksmag.nl/US_us/llc/Invoice/62465129306109/EzaFI-Byyd2_akCjumhy-KXD/
  503. http://www.vob-middengroningen.nl/US/download/Inv/YuaKM-qFY_OAfss-4T/
  504. http://xethugomrac.com.vn/download/Invoice/WSez-d3fY_pEJ-udj/
  505. http://xn----7sbabegkij8byaeq9c3hpc.xn--p1ai/En/xerox/nGAVt-b9kr_LVGgNfrc-NQ/
  506. http://xn--90aeb9ae9a.xn--p1ai/En_us/Copy_Invoice/5480522999/rQpZ-TTLo1_tOJhWtJ-0gO/
  507. http://xn-----9kccsa1afbhzcgd9a1ay5l.xn--p1ai/wp-snapshots/En_us/download/Inv/BKYO-tKXHk_kkMcbZs-1CQ/
  508. https://abbateylamantia.it/EN_en/company/Inv/HWRCy-GR_fGxNZOvjv-vJA/
  509. https://dasco.kz/US/scan/Invoice/PDLD-WN_BF-pa/
  510. https://ftp.smartcarpool.co.kr/lf_care/user_picture/27000096775/oLNX-to_GpHAYXQAM-I5/
  511. https://kitchenclassic.ir/De/LCPLYIPKS5632753/Rech/Rechnungszahlung/
  512. https://misophoniatreatment.com/En_us/scan/Inv/qLACS-zaCcY_ddzPWE-06x/
  513.  
  514. ```
  515. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  516. ```
  517.  
  518. Creation Time 2019-02-06 23:14:00 (XML Based - ENG - Off-Center Light Blue White)
  519. SHA256:
  520. f44ae0d2bb6cec28020502576defa0dec4d6e41aa2ee25f93843036cf1996f1d
  521. 2e4471908f7484c5fa016d8c4345e4973f6879522fddd43e1519cc015b80f9a1
  522. 724ce45f640444c37e891f239f1b13223655e2e8253f8adfeb88787ffdc0f528
  523. a2d2d05bbc194c0a4b423dd8e3e56a4b0c187294255cb2c043bdf2baa89a1392
  524. aaeadb1daf3157deee1bd7594145c3309507f1b860787afc0f2d6bc7413c2a1d
  525. caefde7582d46e41e65554ca2dc9cdf55d62181a124a5ffbd8003b7f151f1fb0
  526. 26469408219b887df60cd56535a6e379eaf9afcd04be2db1755e5a950f8ce9dc
  527.  
  528. http://purphost.com/Kt1eWvVze/
  529. http://godfreybranco.com/yTX8dwH/
  530. http://psi_test.farseasty.com/TbNnQfP/
  531. http://facetickle.com/BNdtnlPbsh/
  532. http://taoweb3trieu.com/mETrZmz/
  533.  
  534. Creation Time 2019-02-06 19:07:00 (XML Based - ENG - Orange/White)
  535. SHA256:
  536. 43cd3d2029712d7414bbcc2a9b271d27f711a2ff2eb03bfabef0f754edbe9c3c
  537. f5ca5a6cebd4cf6357e10a8641d8808ae7696ebc3c82c7d723e67efb90372999
  538. 2b67c86d483a57bf0f7cf24078c24bf99c6a052201b2df4e727497bde4e42d1f
  539. 9c11a203465898de90ff6d4baa90a6cbcef4124e08d38aa526b8376fe0d61d8a
  540. f11212d2d2dc938b0ceb51f8cfb793915a1d2b4013190a8a803b04c12d415510
  541. e1f5b4290869e45b2f37bdffbca16a8601944cb5c6f555a81fc204403fa019c7
  542. 37137a73da43233c0d9a423846308758ce2762f74c1b49e9abf0151fb1efa742
  543. 35cc89d32e7882a7fb220c22b227d373b4c6a3dc4fc8817ebe3273f9622a0426
  544. 2592be2a10b1e52ef80fb77126745873f03138a30f89f50936c14d5f84cca536
  545. 3e82d9dbd76f905546a20cc91b8fbd76b1c3ea6b2b1f2cab8cfcb9d4b98ef190
  546. 2c4055e02c4a33cb31c044c79773904aed525876008489ae34e0bf3ac877278c
  547. 0eb80f73097dc072841ffb2aa7b6910f52a6d811c11803bcaf7ef2a2137b1f79
  548. a7de265c7a44c11f20cc086788c7af0829c94966ad0b55930f97a63a51e19f95
  549. 8e2d48a299369f7e1b7ab2d5d41e1fe138b773b9ae4b64ed411cc56adf133f06
  550. 7d683fbb6f52f007005d4be144a68a83bd9f61399988885bf7396689f8964a16
  551. 66560ecae1fa34327556f3a3ae7c82915435249b023141c390a3f52c3f460a20
  552. 005b899fabb917a2f805fb12433a77ec0c523d9ec7aeda8ba60f5209bb30ae1d
  553. e695b6839e483104adac05d342ba135fa3a900635ac17e7bf4d663e8808bee83
  554.  
  555. http://miamifloridainvestigator.com/48R8nccw/
  556. http://yusufsevim.com/4aj5f63E/
  557. http://dogmencyapi.com/fzmtCEgz/
  558. http://myvidio.site/zeAtqnKQbF/
  559. http://comeinitiative.org/krh8mzC/
  560.  
  561. Creation Time 2019-02-06 15:49:00 (XML Based - ENG - Unzoomed Indigo/White)
  562. SHA256:
  563. 755fab83a3185360eede17e8ef65433a8ce2dcaec841899dcffd27c31171eae2
  564. 3fc67ce5430d0a17c8f32499caf3bc40899e24bfe6e2791745bf4ad1dd4594cc
  565. 00d1bf4d2a9069672c179ec31a59cdf5cee215578a8166a465d56216068b7a6a
  566. 40320250d76d4d9493805a6640474f7147574b275276949c46169e9536d6daff
  567. 9d35eff01f52c48bf3a9deeb93988ebc7d2955510d2ae712eb176bcb14fa16cf
  568. df3ea2c79cbb75ab943b0c4d9fac11ab24c19cfefa3f5414dbc4b80e61eb454d
  569. 4cd43b126f0e77701b92dfa4dca7f6b34a7e7ff7e60a890cb06b799250792c9f
  570. 4d4075bab2e5298f9bb38688847a504720f2b2532b748353cfb91c20ad6b186b
  571. b393f5925d849baa35bf2f28bf7488e76189b77f83526bcfbe3fa4387ced0de9
  572. 01d636be8ab6a0edcabb723ebbf2b580d4758666e83e6ccf826b532e1071ce71
  573. f6c75595912045c6a1ebdc8da261770c6c568f3aef21616c6a07d42c3aee5fd9
  574. b20abf992e22a73ade4794eca15a32655680b80ca7c13197befea5368918b163
  575. a7fd7b844833997266dc5b9238f2a29a9dd15e6e235e6d89aad42b7939df216a
  576. d752c5a6c4702b80e7a7f4326a008f2a9227c063dfa5079e2e742457b9322446
  577. 607f5da6b719af6bb37df8e8084eb65f6386f4b82733d1dec4b72c091e656769
  578. fa59dde3c32e13214deba0dd6b3ede89224101f43030761f642ebc35c1a53fad
  579.  
  580. http://greentasteapp.com/PLxIr1wE/
  581. http://happy-thinking.com/wnNq10cKo/
  582. http://hcforklift-eg.com/wTUg6SRbpJ/
  583. http://fluffex.com/J5Inrdr4/
  584. http://hashtagvietnam.com/D2uR65mCC/
  585.  
  586. Creation Time 2019-02-06 12:15:00 (XML Based - ENG - Orange/White)
  587. SHA256:
  588. ee0d614b60900081fba05d5711084ff33206ec623cd9db868882bda60dd7d9df
  589. 7c57e07f8e5ee6b5179b12de8cc04d497b0a0ae37e7ff1173649d30293ad492a
  590. 699bf324d2b74b121c0efd3dbb207fc96543630c7146580b6cf381cb9fd817ce
  591. 6765da1dfb72fccc916566168ca123ea3282821f98a1e5dd6329e61f3386d1a4
  592. d97272918dea55053acee8bc0944c116b78997c26cfd8f988f077ee4f90b65df
  593. 2c24265ae50123316250c56bcf001e3656fcecc46509d5ec7b29a8e623801ffa
  594. 52a3c31b6018cb0b241cc11f34124ee896375eda03686af3a7f344069cd39aa9
  595. eb46bc0f9c85604bac05196d65667bec30af5f3d148d9e1f962f49c95d263e81
  596. 7c31e5f123c5a618cbd738f916904cacfb8ef5915e4ce03b8b6656f560a09485
  597. 545d823a042629cbd1fb6b4874c344010f5d94d584dab152a4f3f54b2d83454b
  598. e226ec438943dd2864ad1dfb7e873826f1421691e12c45ce3d8c2be99cd224bb
  599. 3d52da3ae195044655bdb88ebe508aa868756298bd65b268bb0afcc9a7a251d2
  600. bfed35267e826d91fdb9dd77a97a751a2beceee025ddcf5b1183348040f7bba9
  601. 9aea269ae37901f731b44febb49eed857c02530fdacc1dfd18448ed67e7fa352
  602. 766533f5d447ec654ef6d99b9a755f3a45dfa5d20f06ba9adc08a27ece9fe181
  603. 72487fd861c1198d3287cbcc359715c11c4e3b468634cdb20caaba47c3b66075
  604. ab7aa0b611886bb38c3fd66223bbf96939e8942efd888c9cda2a08840eb4607d
  605. 1ef53c3fae6dd606bc275055e59d6b451856a70bbfd2e9704eb6fd293af1099c
  606.  
  607. http://hamrahkar.com/7mYq2Q5/
  608. http://duanhoalac.com/ESNeSYv/
  609. http://envoyagemagazine.com/ZOyd7lN7PO/
  610. http://gandamediasolutions.com/dDYg1QbPhF/
  611. http://www.pabloteixeira.com/Oyr3bbN/
  612.  
  613. Creation Time 2019-02-06 07:31:00 (XML Based - ENG - Off-Center Light Blue White)
  614. SHA256:
  615. 73a7a8f8318d2eb09900d0690158bc0842ce0447b7420e5b2fa44a5459afece4
  616. 5d385c2c68efcc13faac60153b025abf7d907d3812d96a6dbdadfa20dca9f13b
  617. a510179aa038450357328038352a129d7da50d64abd2c80061e563cb828a96fe
  618. 12822560bc1cb1e78dda434e08fb8e0abc15758ca273b2918967e38f666eb087
  619. 7554e569345ef7fc01e95a4d028080749f7a1b7bb5c5fa8e1a5f207b8e3b03b7
  620. af354013dc646ce729d64d0e5c49b65e143ed3ee96cd8ea1804b4c0cc70e4914
  621. 575995949925063888abfffc19dce059f2e6b54d7df9e2b32d61180310a219c7
  622. 6dfe708fd7e557933712c534f0e251e45148076ff0704d31fd03fceaddc949c3
  623. 8484c162269dc2db034f7935441f959999342b2e395466e680936f8b74665c0a
  624. e43a4faead26ff451b636d436d11f7f4c0d5573e8e852f174e3fa2c556dd39e4
  625. 8bbebfb95c93983ef6e396176420ec67ebcee80f31f8a131425f951fdfae81ad
  626. 5aefc816ee11472075c110733df094f8ee8668ec3f57119c4291a5e357e76d4d
  627. f032d357e2af11a252bec19114a86e21ef6016b6de50d7cd23b54b145020e30a
  628. f2667d8ffd157a7d19d913be1f19a6d585061fadde8196782d2b636a73f97e44
  629. b5968b22584500e5cbdcc661c7c6214b0416ea84369deb04b82bf9be9494dfe4
  630. 9417e33dce48d8c422138b8b18b07866673b9316c41e689cc1db9d0f9b23e4e9
  631. f1ee64c36fb96a8b2496915eabc7beb81a61778b82e32ebbab25a22ba34e7c53
  632. 8f3d9b12315a449d35c960e24f83757d7bbfcc696151f5c66ab12c05ce527e8d
  633. 8f4fad8e28ee70765f397cfd239d1f2b3ab078e7e629a3fbeb33b4c1c9b1c284
  634. aca76ed51926cab89416a4ec88bf7011ee6ee401ad3ed85e4d1ddd68efdef324
  635. 0ebec8816388ed19231b4c925780c6a6ca80fbffc04fc35759e5c1e284e830e3
  636. b64aa55d7a84cec25829a46c9a714c8649aaf1966f3e3a30d1890b70e9c3a17b
  637. e490438fad86371a3f7a77ab06e42067cac03d07b68a80edf1276c964030a595
  638.  
  639. http://firemaplegames.com/6QszVr7G/
  640. http://eventoursport.com/Lx6nMWd/
  641. http://eikokomiya.com/eMsz5FoEK/
  642. http://dzyne.net/4H4cM6YLj4/
  643. http://doncartel.nl/DlSi8MT/
  644.  
  645. Creation Time 2019-02-05 21:18:00 (ENG - Zoomed Indigo/White)
  646. SHA256:
  647. d70980330b6a1fd01b8e3b84d13a514af37a66874368f465330f25087f7e3cdf
  648. 4c6551965d5bc0c645bc4c0188a83c69275839cea89cf7a5d6c101bdaab20644
  649. 3407376fea7d02a77cddee5897efa8ecb657ccf0f10b553c1e3171a59f6a94d3
  650. 5d9fe9d97c9b66d3fbb2d7b132ac668c58d6aeb4c74fe3e9ce35d77167fe55e2
  651. b0b56ce901f6106ed9c38a86afbfd4c20b552ee48264f99a3412a3e3983cae67
  652. edc03f0f8b16d26c37c20813f90082adc9437d4625ef40e1ef5a4f8a8552be0b
  653. 1dcae98996667f1bd411e903e5467595886e040c4bc67eab13f16d3cbd05e2ca
  654. 1b97a275b52397fa090056a49c6fb70fded78e6ac8d655bce3945bbb869ab5cb
  655. acf24168fef7b0ad2ee718789c203633901ffee7d40430e377d74b6de108a035
  656. c717fe75fa810ce977bb55726290432908eefd3c019cf20d0aca4be1122f3e86
  657. e399d675c2b9a8d0a96449328d5cccdd0bd68d4125ad4d5dedc29edb22e49a7d
  658. 523d61f770d09d39ffae34a5ce43d4ec96480c693483b43b51e4ef15c0adc834
  659. 446aa30135a6b2fbcc7ec2450d245379476c53a6ca8800a7242d5e61395e5a2d
  660. e74af9bf15c5099a8ad04b715a47f6cd02a5a549a039bfc6f41fd316842214ea
  661. 2d2ab0e9d76ead0b0075b2b657d9694148270082e979e5e9f9653fd1ad06bcfc
  662. 1ea6955552017fafb11399f3165afb22ea03fec3d6a8d621d0adc92574939c6f
  663. 12f418655135e9dc58276da02a60a79da006dd12920d4dfb8a2ec27a39737258
  664. 2d3387aa9321c8b746260e9b923c7bdf4201bc63fc1b75c17eb5fd36310b9290
  665. eeb56c818bd856cf3fbaec6661226a75f656e0988efac634173b664683b0bb74
  666. e2195d4a2a44c7043c3ab218e01128147361b5b848aa113c558c47d310d38177
  667. 2ad266a067ea36f9fb0e5a7f1a45782a8eb81b7ea73b30fb2c8d8ca38b1ec5e6
  668. 4f84eabd05a2b971ddc5eda38beb82238a95f0d8bfb22e8c83748532f3456699
  669. d90ae3ef98e3b7182cc449dc481242a4a15bd07f536ffcc93b59cec15a3179af
  670. 14006259ec87c0c525948e0f8a25033c7a4c41f931034116852419b9bb36a935
  671. 3cc9c1bcf44aa314645dfe156863781956fd37b0aac471123b8866427e5358ad
  672. 2985e6b3df1efe64c1c581b53ef4e2d0183dcb6a685f4464b10b79178f36c895
  673. e23bb8eb13c86c546a9749528a653381ed0d1e2d2facc92802c460f0def873f4
  674. de8ed6e4f1cafd5fbe0dc529a0fcddec17ddbc4f61598672d1c304f0bc19fe88
  675. 81a55cd6c04ba67da325e78c70fa85b390e967fcaf16394a3661a94eb378aea8
  676. e4d224c235d50df0999db39e875147af9a15d44987b765c0361733a41758f69f
  677. 3e55511853b7d5cdee99880a8aeb517b2f49c887b3771348b71ee7c33a409fe9
  678. 157a544c2bc4ebce2537a8d66f1dc25f6c8a3915c1fae76f991748f2eade8960
  679. 598e60462bc61a1f64990cf2639860e85781b0a56f3d1badf9e85c9e4ca7d669
  680. 80d3869f6ea0359e3a9d0b9102e7ff287000449349f2b11ccd215c75ed1f9aca
  681. 4c0a652f2abfa9b8ad4ef88903e96d1743c55ecc935e715a9e9778c169fe535a
  682. e04136afbb4c013d217ee19cc96512c381faaf067e40e9e1f297fa3f1393b3d8
  683. b1e05cc9e4784c7cfda338496816486cb35d79624843e0eaf01c78965a2e96a3
  684. 8f314b59098bd8cfbf4f6ceda569a6472e38b16c23fe4eca6548b19800424ace
  685. b78e2b2b6f8bd56963644e85251052d443ba51d32eb298df84a29a9acccf91c7
  686. 8b41368a8548700d117eed3cbc2ff2ea19bfbb156813f9cb64490c425e273d77
  687. 8f5912d7f605b62e96114e8f8c37df85930a8c85087cf54c6afe7e8cecdb71cc
  688. 611c8f95358a60d965403583c35fd83a89e138ff94c56017bc51b01be33ea009
  689. 02ef9ba79a3664ccc1180177f24660c4dd6742afa69a4dcf88f46110af47120c
  690. d0e9b53fd5fd1a00b19121d3ad7f39d79071a9fa4d24f0980f83a10c46087830
  691. c665af120a4cba4e05e8c7fa16334af92f507a5b68153236e76b9a3b47fe193d
  692. 01803dffa47e587fe0d89f98b9ddf4363438df48838a7e4664777147cb3dd9e6
  693. b7fc95a2bc7a30daf68c9809cba01c8617e876c753bd0261beda9f4eaddac0df
  694. 0abbc41f1cedc2e9202f66d9121d46f008542cddb90c306d4285f83db662783b
  695. f64a382ff99c23250e86c20edf6ea1052ba983df9cbf13d3905353bc80f1a167
  696. f534dfd35d9a361f68be09b596dd207675b1e93b8f0049201cd8c6047e727a23
  697.  
  698. http://conhantaolico.com/34hxFYGbRM/
  699. http://dep123.com/kctF66Z4Ns/
  700. http://debestetelecomdeals.nl/fSERpV1oMK/
  701. http://deleukstesexspeeltjes.nl/mDXN5EUS8/
  702. http://www.tubeian.com/TQjVVcg/
  703.  
  704. ```
  705. #### SHA256s for Epoch 1 Payload EXEs seen on 02/06/19 ####
  706. ```
  707.  
  708. b285bf25377459838077e695d0b7ee83ad0e0f28e40888ce115c9ffab0163edc
  709. c1a3c6d152de93581b64760b6a9a15a9a55baa2f675152ea734259baa1b73d89
  710. 11313b39919955c9223c12a9c81f42d54331363111646a2f9417ccb9f4a2470c
  711. dfedf5dbfe12506638064539970296e23602104762e1f414444bd9d8f204c5c7
  712. 1541264a2cc39b934a8e929b7b3d61912eba77a36a0a2162f3eb0910bd104651
  713. 5692b653292845684745a098ac4c36a18289c07888cce8b44086ce5e321df2f5
  714. a84dda912fe972257b0d5c907f4d194f1bb1ef5ba2fb2ef533be6dc8cbb9571d
  715. f6c686362569fb4a898789548ccacf74e1d8e757ef56ee7b0311b9e2b932b564
  716. ab6eda4751a5dc73b39f6d9695a9553d514f528d988f77843896423f56aec573
  717. 4867e31df5ad54886fe97c52b7b5d5a4f5b6d16f3122ce4a3d468e44d726e9c6
  718. e9842d6be80a6fa2264b401ab178b06d02f74cd24dbf67c3c21e91a190f14c3c
  719. 7bb6b3608527292672f46472f26498c9ec35927956cc8154fdc209278f8955ed
  720. ca8525f47bf764e96d3ba4e2b472f52558ed79091f42ff630f3a75801232ac61
  721. 39503df07f51fc476c60c85671a84deb9c5654b90d484e1e9c8a5c982cd0ea11
  722. 0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c
  723. 6c1b37991639eb24cffe5451ba3c87add975213d2a74d668dac26ac0718c2ff8
  724. b90a149bf6042b0abb578a2cf7dd5033ca8ec3a6f09c4d57880535d41b57c37a
  725. 3e0cc6dd21527702f40aa423339818286ea0d38d3815531ee8e43e3e1455959b
  726. 1473a2ab5144d0736b744d3a601f84962a953600730b71d4ae7d5f230b2842ec
  727. a2eb77a03a054f88b4079a8621b7b26f30b6c4eb5b0c8e86b0859a5edca005eb
  728. 14912d3b4a3490a0c45ccdce4ab23317347d8924b33c21f88c3f5f7b918b547b
  729. e81e29f71c127a648e90d12856d04413b14efd6f39e6ea53f6e50b293fbc6ec8
  730. 0d4177b3616d93464ba2f0a20849e9e79e5e190789ea17a74b9c6d787a92561c
  731. 77b1cf2bd25ba5ecd3a76ccefd06c9ee2483d2f9eb2e2d28154162a3674be5af
  732. 782582b7f1959ee6e85e6892bd830e9fe217ed7a8de26d6bad8f713d9d174111
  733. 5acfb260d51c7169625d731cf651ae08015b67a867cd289b3a90b0adf1bec1fb
  734. 8807fe9d84ebc03c4b32c4d682052eaff5783c7a3aa9591c6d826e197f7f302c
  735. 41999befe893bc63ca6e4ed1d6a43f72fecdc2461e4e27449ad5a91b6c463744
  736. da2e2a373dcdb8e0e0b626f265b4a07b583c78189205465a1019ec8dc5e4ad5b
  737. df013a39cbcf48f7d82387867d18d4db056c63c3d2ebf974eabad94eff120965
  738. e6a91529e343d34012d82575105de897d9e65a5c0e6f8734721029f00a49ece0
  739. 146d44e15d4fe5668625579522228c141e0287ac6b30795604f0e82e39f3ea07
  740. 6039ef4cab544edea4c8922def5aac284851c31cd53123dcfeaaa342e5d027f6
  741. 5f01bf35cfd72c6e7c28a4240b2584ea82cfaf25eca4ce1086b4c7f6c9d39bfa
  742.  
  743. ```
  744. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  745. ```
  746.  
  747. Creation Time 2019-02-06 23:35:00 (XML Based - ENG - Unzoomed Indigo/White)
  748. SHA256:
  749. 1402118fed024feb543b538e9f8f0b789594e358693cf1a2d8d6db95988038da
  750. dfa09743059341cc7c96f76360ca5311243c9f5f362b084b6fed8f4940839fa7
  751. 9dc8ae490a91846bccbb90aa565cc73306f69831f30f9c035201b7786597d2ba
  752. b3aecde983c7ffcd63eb375fe504539e57500c73eee9c490a1f8341105fef3b1
  753. 14942167f8f2bb628b09a9f0d36419754739e0d50fb4fc0cfd476461029ecf0e
  754. e8dbd7c31a861485a148b269cab0d1b3c0374492cd4ce1f3bdc8dd4c08f616bd
  755. 602c6d398ef8a8667f19adcd2f59742b66281df8df24348596c932fdedbfa094
  756.  
  757. http://jeantetfamily.com/tAAXXrV7YR/
  758. http://itscrash.com/i2uzriWY4nLhDb_XoB0A/
  759. http://inwa.net/iKSYWOFF558/
  760. http://iscservicesinc.com/QqV2dSeMow_w/
  761. http://itechsystem.es/OPzP0LTffWadt/
  762.  
  763. Creation Time 2019-02-06 20:04:00 (XML Based - ENG - Unzoomed Indigo/White)
  764. SHA256:
  765. b3aecde983c7ffcd63eb375fe504539e57500c73eee9c490a1f8341105fef3b1
  766. 7a361cb2d07d07a0cca15a3e2b7a0c08affbf5da69493aec81ebb14165cc2ce3
  767. 36803aebc2d4b567b082f3a0e1a8d10526e64e506dc2496905399b336a60021e
  768. bc2c6bdf8661a114e0f46aa1798042b14d58c49eb3d05cb1f13b5875857e9fb5
  769. d14abbde5e902e0446e459c1ba711838569fb1586ff15b115a0096674c1ddbd0
  770. 40478a54ef290aa9f668c12b0be527a24e63eccc48d6fd886063b8943679c3f9
  771. 5ec9d89fffe5a4cf60a255d83fa61760cc963de9a3bee91572e2f35a92e4927a
  772. 6d7b5563c0de8fe520f24fab3bba536e9b34518ddf4f1aced0bde1e0c7c5781b
  773. 5da614728e8ef25dabca76e50ac23e7553467a672ef532d74f46d1e7b74ff308
  774. 391c088caa82d3d1890077d6bd45cd8e7b86b520a7f9bca8d57656b1aaabba9f
  775. ab09920d60a7cd56a76c806f2d9f76033afe1a6c143b5ed3825d843aabd5a615
  776. bb7cb998c9044004d60d49fc02d0eede668138a195c16bbb049190c74d6bf830
  777. 6649db3505d75b81f9c913880c2d1669621991dd1ebf42d2c987394c92224fd0
  778. 6a625adb6aad2d8dad9b78e5b9301828854909521af97d1c97c0df4e9e428dbf
  779. 314408a89b45d0aad51e9cee8a96a994ba1e0f377edec9181ff98a9bf68655a1
  780. 591d7ace0fbc4a5d09f98f3216ee20cc7d6e1e20f43c94f9e77e4c69cd11a127
  781. 0f3f1f900eff4d599576dfb67d4fa9845247ad7e5212ee2f6665834ea938887d
  782. 4b2c30dbb1f56378dfaf25c2771cbab2e0102752d2956599a9011f7f71ab58f9
  783. 5123ca4c4618cf165dc487d86aae73e1d768aa3b7173cf36356d5fda972ef536
  784. 691b77d8dfa8d072414e934a35454c9f39c63a6a1f5039926951e3c63bf52f75
  785. 8a2a03d7a98c7101cbf4277b5478847bbf0ea572f82725c3bfac9b1efb619d31
  786. a6d43df9066fe614c1dc90da0ffa9d31c861c1a901e9118e2f24664c85f9b413
  787. e34ac37b9d6503fee52af6dea797cd5df939d77a91d4e4fdcbeb419d92fcafd3
  788. 180d164ddb8bc6c237b5f5f4b9822e9f1a008352690cfbfa984903b431f36648
  789. c864c3e138f1ed3248bd834fac383510cc2ff60aa75d024eb3eda48f689f2614
  790. 0e1c19575375fb4c77ee57387cf23d26db8efbaebc92bb9e854b1eea33b57568
  791. 638338f4984f769da77c39391fcee7fb6f71c867527a05b276f7dd778563e2c7
  792.  
  793. http://haniamarket.com/rUMkZm30A0I/
  794. http://svai-nkt.ru/AveXsDOENl/
  795. http://jachtdruk.pl/TRqPRrJB1yzVi_7op/8t6GkfChyxpR_A3ec6DGp/
  796. http://livecard.ir/MxXkbfVguftD_A397ZBNe/
  797. http://hirelocalchefs.com/fCQH04UezM/
  798.  
  799. Creation Time 2019-02-06 15:45:00 (XML Based - ENG - Unzoomed Indigo/White)
  800. SHA256:
  801. b920d12d2c2ea8eb406f88ac91cd9bd5d783b78e4091cbf287352ce406a2db34
  802. 027d5484e3563f3eccab449128e1e1d1149f624bd8a8ae76807473d867e41fc7
  803. 0f876da859c6608bccdf229071a737965d4b4f7888cbd8fd76c63e33b64c8490
  804. 4d24ac288cdb2bb367fb91821324e8e8deb1b9b70ea9e48c2c721aa3959699f3
  805. 7115d57d9c338f2909f0b623a3faebd4bd4a34531359356287a88d57ffdd0a87
  806. 885c65efb7c1d088f52f11c678114aad0640427fca5be65f9a4135e7f2453e71
  807. d48ddae3c87f622988e0bc0491e4b049041833b00e77d64be6d044288b744743
  808. 2d191e44676ecdfb0624bf81a29f3ca836f2f7208945e92076fd95d3b4d6ebdb
  809. 56dc46fb935f484b5ae85f511fdeeb91f4e357db4f2066fa41aef5be7570376a
  810. 2c027715f0f084b8710d6023e9cc8008e0be86531a106b3d498aa46af9e5d4ac
  811. 097ccd7ef18fe572e809a2402aff669bdeb1d78c4070455e1e8c1d0de3ff1d98
  812. a6f275184751045d4dd33f1652c55436c3bd1c43cf3a4af130d02527f837c916
  813. 027703d1018e0d21af04ab6a77f9fb06ae92468eaffe7eca706dcedf26efd8e8
  814. c64cd54cbf3d231d43604df5cc509e20445b756be3bf18921069ed13998d2bcf
  815. 8c9426e6d5a137616d167ba33cac052a46b0ac05a27efd7a5967d503f7b76446
  816. 3957c792e497380cc4b7ff6c8fa03f14f0838c510a5c460e0a3a103d9ed3f5d7
  817. 5ba3a9206cead7dc59dec0b1b5d3d9eef246660414edb2c65b68275413ebad83
  818. 1ab4a55612d9a194c84dfb80532ce3c81b2c0daca55dd4df428b41ff10730045
  819. fe71fc0fea2b4c223075a4f0ec806c127e7d383fee6800627a6c7f14482265bb
  820. 52e77b4faae642649ef8b7ecc42972d5792a3da06d10bc0358795a5c775feb8d
  821. 620d149a0f4a6588fad21f22660c3523e5afeca7db5a40b74d28e97573bdd400
  822. 1194bab2c4a8e63e59ef01220ebe8e4d3511b12a16da30e713c2fbee6c2cb520
  823. 256cd019261232957a5b87bdb35328712ff3cf69ef11cf6d930c663b021a391d
  824. d111f0369cdfd80203c79712917c2292fad7528b00f9406ea4896e1eff17d768
  825. b6adc5b444b5380ab336db1d4f12c826468dc6e22799fed5fe7cebad5b4e67ca
  826. bd0f8eb07507a33155a7d45f559a47425434137d1c3aed9977b2101b45ddb8ca
  827. 945f1876255fb340d5795207624ead7ea141e32cdcdaf9a47c0d8baeedd870c1
  828. 8b209f3059052c94a7d162bb52a79b878dee8389f0ba124c877b0dc9cc4e3cc3
  829.  
  830. http://muathangnhom.com/6DOpkmOL9_yfO/
  831. http://gmcvietnam.vn/abMbIaTzHSDkAq/
  832. http://hugoclub.sk/yCq4xkYzeqAJK_v/
  833. http://foreprojects.webedge.com.ng/Lc3UYXyQixr_Dp/
  834. http://evonline.liceoriosdechile.com/NpDgofVhpankbq_I8AaJbzQj/
  835.  
  836. Creation Time 2019-02-06 13:20:00 (XML Based - ENG - Unzoomed Indigo/White)
  837. SHA256:
  838. 2d228c5c7da770da8a9f1ede7e2485145247319ce151a7dbcfc10dc48f8a65e6
  839. b2394890cf140c5c5c9778cb8c4af966ea595633bd6675403b40ce1ed4beaf36
  840. 834c9be154255cdde2bfa1a89e15d889c7934c661822a95d5842ab9c596c511a
  841. dee3aff9b61da4d7d7961119a2b194f65b87ed0a1746325937204b99773d484a
  842. 7d42e2aafa248db4aa8bbe3cc4865c29ee441472a27b265c02a813e9ab5e397d
  843. e2700fd3fc113bd99030b8f770bb3c9c9118fb7afa344156099b99a2352b2386
  844. e67dbe5fabe3517c32e7aa731b159ad78489398ae22844770617e20498a3df48
  845. 436137e36b7d471501f167564120f0eb2db4e529f080568be0906bc736cb2d19
  846. 07218be3e957cbc4fec8c4a1853b296f5c84638bb93105f8b473b19657ee27b0
  847. 74e3e09003508c39e9cbc525064ea8894766d038f7da169a40d87e000e8105a2
  848. f57ca1cb4fd546700bbc33c68df35354cb74be5dd2c57aa7bb029bea954999c6
  849. d8d34c4fa70ece75ee1d2a1a026cb505d8fc0da3942f73dbec624b2f6e6e68f3
  850. db6fa9d464c8e09cc82ea8a01b02cbbfc5bd83ce19b77bd0c87b02989d8c4fd5
  851. 32d69170fe3db3f36abbb290cb5525159252e3b7b182d13fc0b9fbf7526fcc49
  852. fcfe1d4bcd59f93ffb83fc3e187ee4b5520f2913072d51ee12a362d9ccfad1bd
  853.  
  854. http://izavu.com/2YyzYLBTWaDDJHH_p5KGNzJ98/
  855. http://fatemehmahmoudi.com/O7vPVD8QBFU/
  856. http://eaglerenew.com/tNWRPW8aNz9aHrQf/
  857. http://eficiens.cl/SzbEr8mnvogg7w8/
  858. http://eaglerenew.delosvacations.com/imhUox0A/
  859.  
  860. Creation Time 2019-02-06 07:12:00 (XML Based - ENG - Unzoomed Indigo/White)
  861. SHA256:
  862. 6432b9408d6183ef143ed480eb392c5f4972fbbb3d6671ae30ba532f98eb47f4
  863. 540cd762a1b90e47d85035920ae09f53bc001774a0b8e30895782602bb5f9b6a
  864. ef45784359ddb417a9caaa87f51ae140389d6ea992ab5f45ed1d4f908a9871b5
  865. 9aeeaed675d4039b2561d498564d3087e8af8e67eb599e8e06e356e1e6ffb623
  866. 68375c843e19a86a9c0aa62e1ec7476d510249e6b93317f1e7b66b41de15b999
  867. e1f17cf563d584ec6515d91eb15e041dd88da4b0332e87c0b3b8ee00511becd3
  868. e24d1f7f982c802b49c17303284ec236208ae59859938af5dd67990e7a58243c
  869. c94226bd0dcb18ee5ac982dc0f1df0d61cad05f62682e571aa03f1a53fa78dc6
  870. f4bfec8df53ad9590f367fd02cdcbf63ea489915fcc5d3cf0209cf4c70ded144
  871. 4b710e362ea64ae5b636aac27eeebee56b8bfc3b89cc98a2f5fd38a961b6f82f
  872. 8f0879735b79a5e4e5979f4720882806b858950cb233d1b770b79f9b579a34d2
  873. 1cafb6af8bbe32fd470642beb35cf22d9d1402cc4481cb8255077d599af92a1a
  874. 2ce3df33f356a706c368153545a9851d405659fb60a26a56494190a127783ac8
  875. 3dd3fc9127f23ec008f87a10e879067e5b1534afda5d7deb1b5225e351e91149
  876. 3e85217a90729b83499ccca6f56781127fbf81e9b87c55cf66808e114550657d
  877. 91ceb471ad6b195e58035cccce11b212512287144c1b4ac55e319e0d93938cf5
  878. a582f000bd878a544d9ec10f18df9a7d60d5f76900753fd061abb29655db12fe
  879. b071741dadd8aa698ffd2eb557520ffd7ff074c7a5cf3ce7b0bcd0dc030c1bc2
  880. f6cddcb6bc3560b3083ae4342239cba30cda508648c40f5c3839b964f5d10909
  881. ea03632a250197685d711466c2586f9eaa5c5ac9e619a14f42c1f9e3bec515f2
  882. fb86d1a566627a63c46a6566edd8496865699659d160a7fcda7ff5b4b159d5d5
  883. d2805527d03c1863e0d2319547356671495df9b247c3679a7e76778a85550e2d
  884. 080ca72c599dc8a0203bffa6bf1540a0e54aa39546a510d7f659d7d698acbe35
  885. 30a29de4984046073728388d976f5edb53ddc5d98df47a4a964cc5d61ad2f147
  886. 51cd6a59577533a910b0c77c6153d4b0915adfd634432d1299fdfd729ab4341d
  887. d44a1d679509ccf779994a46c11c84af813f7aee9bc4f972078ca3378a94d598
  888. 50a142cd836b51b96cc9e3519769c9229a7ca58b54b02d2f808df01518d920ba
  889. 3eda6efed272805d4b951e2756cb5fa9f5c6f53d93b1456da7f46034592a8001
  890. ca7ed2a751641b3a1fbf2c28a8f7d8bca209838dbc3f6e8da5bc35b44723b281
  891. b23aac3e676587af8a1d6baeb93b1b067c469cc82c5f22582d763a4179537c00
  892. 2e227a6c7c396e553dc2b482d490945eaf33d574aeebafe74970350563d95e58
  893. 428f0fe57f54eb9c89f7f499af836a256ede7bc5508f7ac182086e51f931ac38
  894. 480eb61a6955235d737bc491226c37f174cc90563907f7337870918856767f23
  895. 7696f6655bfaa12d18a2d495630ed342f4b8269f5bd9f7a3fd1d2d16c074fa96
  896. ea9624f79779961029f51ef6e8c88f42f6cc0c61527f34cd25d7632228543eee
  897. 36cd973363cddd7ccf3546f16ce190517a7f46e227280b61198fde44c07f376f
  898. 767af71591e60f9d09316e05631457d6330ae6cd14e9999e1a0d92517849186c
  899. 3b0632a1ebad65b05a47a9904a069a9d6fbcff67ab023def77e2c6965895ae8b
  900. b0420b903561b06218f3d2b26b27bd2f383c8850595c26ff08f572b47506ec8d
  901. b1136f1a2d6da75569883804b77f4640a84ca5c6f5bf86bf3a59ebd2fa528677
  902. 00b3ded84faea54e7ef9605fe7a56560a47779ef2d2e837f950c65147afffbe1
  903.  
  904. http://djjermedia.com/W9Clsb7e30/
  905. http://bureauoranje.nl/lUGRcwZqyiwp/
  906. http://aveiroti.com.br/3alA8aVbmBTnw_p/
  907. http://degree360.net/aYGp8gVjYoGR/
  908. http://dizymizy.com/wp-includes/aCYCzGiK6oYF9e_BsbiJ/
  909.  
  910. Creation Time 2019-02-05 21:06:00 (ENG - Zoomed Indigo/White)
  911. SHA256:
  912. aedb39257cc3ecb5c1c199a4f4005069fcc5ab075fd4772133f4e187288ecfcc
  913. 3a99afbc8bd002e1dce326e8e89525d93b7787e016aeea4ac1e36115286f35e8
  914. c5c7489b617b6eb447c310d93e8ecd3edbb58721dcbb2e6c3c707209c0c08db3
  915. 5b4fed9e2a0a6272e84f9f52dd340df4ac550c4c53919bcd4a502575b44e6e28
  916. 78ded88599c7203003267d3ceba8db2a960919c62f2ca667b7c528b6cb6b1b50
  917. c1e8e6fbee5c216cb4a22bf6feddf5da6b74572c46b947a98d943877460eb50b
  918. b0236b16efbddd856ba2571b54ae8140be57043816ba79a95b571c833a070b5f
  919. c95b00338bf51f48730889bb681391485a256117b2f5f8106515072a9e8da434
  920. 5976d96ff8b9163b8d1b84b1d045f5977364abc615b2f16633af949b7a5393cd
  921. 3b93a3a0457dd61a71b2234429b16cc9dcad1b3602642c368b23d66e6e4fafd8
  922. 0935fcf67e175bee0dcacdcefd79e11fef9fa10c57d86d66c4926db09f76ea8c
  923. da84a09501afc8ec9ac188ce76cf96ba8bfba3cbb2009d45b2112a955565be41
  924. 5d7cbd551a19a90037178f812ea91aaa2ab12a0f11206c95370ea0f3177dddbf
  925. 1a740d8d4a9d05cba539c8a0332507db76cdc91cb9fb8421496301e8cb418c34
  926. b1b32249508512e83533105fb2bdbb2e7f4c55288a1ff0c045417a6761295184
  927. d47aa2a2bb8787dd6ca241d5328d1dfb0642187b4f12c83c416cfa0a6bc3a538
  928. 266da6aeaa68e4552d0ada92075c106fb12feb0c3c775b24b4eaa2055be2dbb6
  929. 911ede8cdc7c1359107e97b535bfa1fbfa3a23c4e320e2ca5e82f19b6a7ee981
  930. 04e4aaa9250ccdff004b0f5f44faaf6461c6bb6e35cde394ef797f48d27cf5fa
  931. ffeb18dea86de1a445b54681c47ea3eb08b9eddcc1989d808202f8497a518435
  932. 131785037035a5f67e721623a77378e92664e51c5b587b492b30c31c04bb2a89
  933. 9465ffc9ab048a1da8a4e28d06d0cfbc206f1063b85ae1aca6855a08b5cf9beb
  934. e47b52622cee32242b7cb0ba73f2e6945527208eab888607f87c16627cdaabf1
  935. 141cf249c587ef27abc645fca581d40e992226dc4f448da5d0a995b8080d5ef3
  936. eb1e57bdbd9ccb30a4758d95749b88bea9ab4460da7649d947e1ed761dad2f87
  937. 60963cae8372f5e5bb2316c7dc8b2e45faf1421e6951f8be04a1f7f1357291af
  938. 70bd496aae815468e2354b6ee66fe606626f5072f42e05651059f60028dc978f
  939. 207b41a5fbd49849f9f422b2227e32914acce3fd7cfdf243eb6acea23468c399
  940. 20c4b74d691e7216888545d3393eca6661998c455b340fcb3a89d045ff2193a4
  941. de4896c8f98a9541773dd85d65df6463d811cddfd597d10e2ffb6b9e467bb87b
  942. df6ce82149a3735023a6d8191f3455fac5af81703623be6136d1ceb89f93d91d
  943. c896ccfa49c88045f45726362e12d0a8ae4ebe467c8a29a693390baaabc96e45
  944. 6038c03c5a2f937de49b0e78c86dd25cc0c2b9677c8b824fa0a71d66b700b881
  945. 08d3af547ffd6450a226906d145a7d2ebefb6980bdba0e1485c7d606225ed852
  946.  
  947. http://doostankhodro.com/fK6qaMppa/
  948. http://dev.worldsofttech.com/TGToBTgXMgJxTL/
  949. http://disticaretpro.tinmedya.com/acmethemes/ifWwmIYow9hVD/
  950. http://debestevakantiedeals.nl/smVjfzShY/
  951. http://tcaircargo.com/fb_personalize/S8cVB2O0FQJxa_IYFMQ5lE/
  952.  
  953. ```
  954. #### SHA256s for Epoch 2 Payload EXEs seen on 02/06/19 ####
  955. ```
  956.  
  957. d6341e6027b60b7bbd17ec540556f882b67b5473b3708f56175240e7bb282fd0
  958. 7ecb275d7bdda39c719d5b721749c4ec6d96669bf3d977914fa4f108e530ae07
  959. 7c5cdc5b738f5d7b40140f2cc0a73db61845b45cbc2a297bee2d950657cab658
  960. bb13720406611c1e80426c066f425d0af0df57a864e158a1058cd40432226a0a
  961. baf27a25a0d066b29cd6e49e895652fbd8f3d3bf44a312783d06fff81cfe9b52
  962. 58d55db2d29b713f60b362d798d84688d844d3b520255bf1bcca97b033909464
  963. 3e201b2b69fc7f5652ab9daee7fbda137280ea54e4a93d62949a2e22646ecc6c
  964. 1445b0cc28e99f2dcd424b1701a6b7e5fa7f040a6a9722949a8e82d314469435
  965. ce1a723d1895777953dd5790ecc4707148add9f881ffa1b904e21627616d80aa
  966. 5f9037fcf773791d1bcc4fb3a62198f6b66266debc435a180862bf7f20c0d66c
  967. 6501143643fb396cb7a2b1fe64a54693b2adca2ac1e6b13ccbb452d29ec6e227
  968. 12d4f0bc9835c6b0f1225895483fb1754355584d2d3f7f0776628b7fb1bfe37c
  969. 2118dbfbbae6c12cd412ada9d49b268931caa6b9fc9375a6a5b89518c046414b
  970. 3ebe67cdc68e90ec784fd47a286f0e417f3b494d77668e06122c291acb7b4404
  971. 685cb3552bd9c31283e5a009b4fd2a67b443f998269359f564c485b685f76c1d
  972. 8cda34dce45260477854ea08a4c858b7fd2e8078b5729afd96ad1abc7803a3ca
  973. d6341e6027b60b7bbd17ec540556f882b67b5473b3708f56175240e7bb282fd0
  974. c9d0d1456ea443ef5883e547cb51fa39c13802345c928571f9829d7b7632008f
  975. 9eea440707c5034315540957c9aea610c17c189da2c6263d5c6205915ed34942
  976. 53bd80bae0a928fd92e62ea8f612ab8fbc22c5ca3639e2701d9c74ccd0dc66ae
  977. c0bd5b630ec8d863d92f6f2770c78289342749b2e2ceb0e8712ed70fa0b91c77
  978. 55c4a980996cb36bafb65e1fc64724ce01fbacee8fc00e4c4c25336e8db38c11
  979. dd4d9984ad521b7d31faf04ab1c2e9dd1a4cff14caa802632ced139854d23e5f
  980. 35d2d0cac507b58b5d1003e9bde32ff91f52e9531530229aaa47e5a9929d452d
  981. a799ad42dba0895c0bbef60f7de27f3c30ebc4c666be140594f6898eb8b6e66b
  982. e6f63a6ffd8b9374e792334af8d70c04198a1453a0aef623d2fa52f7490d562e
  983. f67e0972987ad61b4e57c0dffdd69a0d018520c40c6c12095e5f30e84723b103
  984. b71d743f7448ed490aec62706097cb05a3847f095fbe7f5f2e2de822cfab4aca
  985. 58b98b1a819474963acc796c7328439db605ce01d374f55f2dc3c4cb4deb318f
  986. cc92b35c1a4ae0af39480db7b0e0b0523a3cdbfd4c10d7c0aba226545c94c842
  987. bb5efa2fd26bc4e065b913473ffe558d79f447de38ff1ef7a41233ca2286f9a4
  988. e6f63a6ffd8b9374e792334af8d70c04198a1453a0aef623d2fa52f7490d562e
  989. 4aeaa153ebe9cd1a21c020b06055e1a57bb216a3800060a85743371dc7019538
  990. a287063a8003de15abb565614bdacf9caa629d160cfe5ec7ca1964f0c68ee0cf
  991.  
  992. ```
  993. #### Epoch 1 C2s ####
  994. ```
  995.  
  996. 103.8.112.222:8443
  997. 103.9.226.57:20
  998. 109.104.79.48:8080
  999. 133.242.208.183:8080
  1000. 138.68.139.199:443
  1001. 144.76.117.247:8080
  1002. 158.255.189.202:8090
  1003. 159.65.76.245:443
  1004. 165.227.213.173:8080
  1005. 174.84.250.37:443
  1006. 179.62.226.22:21
  1007. 181.164.188.27:8080
  1008. 185.86.148.222:8080
  1009. 186.176.26.59:8080
  1010. 187.131.137.216:50000
  1011. 187.137.46.18:20
  1012. 187.153.108.92:20
  1013. 187.167.66.31:990
  1014. 187.178.89.60:443
  1015. 187.207.105.37:465
  1016. 187.243.193.143:20
  1017. 189.205.249.209:20
  1018. 189.249.2.181:995
  1019. 190.171.206.194:443
  1020. 190.188.114.60:993
  1021. 190.34.215.74:21
  1022. 190.55.118.192:80
  1023. 192.155.90.90:7080
  1024. 192.163.199.254:8080
  1025. 200.105.111.130:22
  1026. 200.110.85.138:20
  1027. 200.110.85.138:990
  1028. 201.184.41.232:443
  1029. 210.2.86.72:8080
  1030. 219.94.254.93:8080
  1031. 23.254.203.51:8080
  1032. 47.44.193.210:8080
  1033. 5.9.128.163:8080
  1034. 51.77.109.38:50000
  1035. 64.32.70.194:20
  1036. 65.34.46.157:80
  1037. 66.76.135.158:22
  1038. 66.91.156.90:53
  1039. 68.188.125.106:8443
  1040. 69.163.33.82:8080
  1041. 71.174.233.71:20
  1042. 71.83.83.190:20
  1043. 72.181.91.254:21
  1044. 72.203.200.234:995
  1045. 72.47.248.48:8080
  1046. 75.139.212.94:990
  1047. 78.186.71.119:8443
  1048. 78.187.255.242:8090
  1049. 79.98.31.206:443
  1050. 92.48.118.27:8080
  1051.  
  1052. ```
  1053. #### Spam/Stealer C2s ####
  1054. ```
  1055.  
  1056. 104.236.185.25:8080
  1057. 181.169.2.89:8080
  1058. 181.58.30.155
  1059. 198.58.114.91:4143
  1060. 216.98.148.157:8080
  1061. 31.167.70.26:8080
  1062. 64.178.246.207:8080
  1063. 73.83.148.166:443
  1064. 74.57.246.27:8080
  1065.  
  1066. ```
  1067. #### Current Epoch 1 RSA Public Key ####
  1068. ```
  1069.  
  1070. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
  1071.  
  1072. ```
  1073. #### Epoch 2 C2s ####
  1074. ```
  1075.  
  1076. 115.71.233.127:443
  1077. 133.242.164.31:7080
  1078. 134.129.126.86:443
  1079. 153.121.36.202:7080
  1080. 154.72.75.82:20
  1081. 162.250.19.59:80
  1082. 172.114.175.156:8080
  1083. 173.255.196.209:8080
  1084. 173.76.44.152:20
  1085. 175.101.79.120:80
  1086. 175.110.104.150:20
  1087. 175.143.84.108:50000
  1088. 178.254.31.162:8080
  1089. 178.62.37.188:443
  1090. 181.119.30.27:995
  1091. 181.143.53.227:21
  1092. 186.179.243.7:995
  1093. 186.179.80.102:443
  1094. 187.233.136.39:143
  1095. 189.234.165.149:8080
  1096. 190.215.53.85:80
  1097. 198.74.58.47:443
  1098. 200.116.160.31:80
  1099. 208.107.230.235:20
  1100. 208.78.100.202:8080
  1101. 211.115.111.19:443
  1102. 216.49.114.172:443
  1103. 217.13.106.160:7080
  1104. 24.11.67.222:443
  1105. 45.123.3.54:443
  1106. 45.63.17.206:8080
  1107. 47.149.54.132:8080
  1108. 47.44.164.107:993
  1109. 5.107.161.71:993
  1110. 5.107.250.192:995
  1111. 5.230.147.179:8080
  1112. 50.224.156.190:8080
  1113. 50.240.162.242:995
  1114. 50.31.0.160:8080
  1115. 62.75.187.192:8080
  1116. 62.75.191.231:8080
  1117. 67.205.149.117:443
  1118. 69.136.227.134:22
  1119. 69.195.223.154:7080
  1120. 69.198.17.7:8080
  1121. 70.164.196.211:20
  1122. 70.164.196.211:995
  1123. 70.184.83.93:20
  1124. 70.90.183.249:7080
  1125. 71.240.202.13:443
  1126. 71.91.161.118:21
  1127. 72.95.118.97:21
  1128. 73.124.73.90:20
  1129. 74.80.16.10:80
  1130. 75.99.13.124:7080
  1131. 78.187.172.138:7080
  1132. 8.17.46.42:53
  1133. 83.222.124.62:8080
  1134. 94.76.200.114:8080
  1135. 98.142.208.27:443
  1136. 98.157.215.153:80
  1137. 98.186.90.192:443
  1138.  
  1139. ```
  1140. #### Epoch 2 - Spam/Stealer C2s ####
  1141. ```
  1142.  
  1143. 31.167.70.26:8080
  1144. 64.178.246.207:8080
  1145. 73.83.148.166:443
  1146.  
  1147. ```
  1148. #### Current Epoch 2 RSA Public Key ####
  1149. ```
  1150.  
  1151. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
  1152.  
  1153. ```
  1154. #### Credits and Notes Section ####
  1155. ```
  1156. Updated 7/13/18
  1157. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
  1158. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
  1159. https://pastebin.com/u/jroosen
  1160.  
  1161. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
  1162. I am providing them for your benefit in case you want to parse them to be sure.
  1163.  
  1164. ```
  1165. #### What is Epoch 1 and Epoch 2? ####
  1166. ```
  1167.  
  1168. What is Epoch 1 and Epoch 2? (updated 01/29/2019)It has been awhile since I refreshed this section so I wanted to update it and bring it up to date.
  1169.  
  1170. I have been tracking Epoch 1 and Epoch 2 since May of 2018. Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for
  1171. communications. Epoch 2 is currently the larger of the two botnets and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing
  1172. version of Emotet at one point in May/June of 2018. Now Epoch 1 seems to be the smaller of the two since this time period. Despite having unique unshared
  1173. C2 infrastructures, these two botnets have been seen to move bots from one to the other and show similar behavoirs seemingly controlled by a single
  1174. entity/group. Here are some observations I have noted since I have been watching these botnets:
  1175.  
  1176. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an Epoch 2
  1177. document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those being delivered
  1178. in maldocs on Epoch 2 at any time.
  1179. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
  1180. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
  1181. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on Monday morning/Sunday night.
  1182. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and Epoch 2 may
  1183. have a document hosted on host.tld/B.
  1184. - The RSA keys will change every month or so for C2 communications on each Epoch/Botnet.
  1185. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
  1186. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
  1187. - C2s are never shared between Epochs/Botnets.
  1188. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours to stay ahead
  1189. of AV defs.
  1190. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
  1191. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
  1192. - The easiest way to tell what botnet a sample is from is to find the payload and then check the C2s/RSA Key.
  1193.  
  1194. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
  1195.  
  1196. ```
  1197. #### Community Lists ####
  1198. ```
  1199.  
  1200. https://pastebin.com/0YEp26L8 - @papa_anniekey
  1201. https://pastebin.com/57SaqpLw - @James_inthe_box
  1202. https://pastebin.com/zy6ZhSaD - @pollo290987
  1203. https://otx.alienvault.com/pulse/5c5b4925d4d42420755941c9/ - @SecSome
  1204.  
  1205. ```
  1206. #### Credits ####
  1207. ```
  1208. (OC from @JRoosen and/or combination work of the following)
  1209.  
  1210. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
  1211. @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial
  1212. @shotgunner101, @HerbieZimmerman, @Outkast_TI
  1213.  
  1214. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
  1215. @gorimpthon, @Racco42, @Jan0fficial
  1216.  
  1217. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987,
  1218. @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial,
  1219. @OguzhanTopgul, @HerbieZimmerman
  1220.  
  1221. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
  1222.  
  1223. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
  1224.  
  1225. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
  1226. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch
  1227. and @Virustotal for providing services/software no charge to this cause!
  1228.  
  1229. ```
  1230. #### Daily Log ####
  1231. ```
  1232.  
  1233. Still low volumes of spam here today. Only about a dozen. @ps66uk saw some dropbox spoofing today and he tweeted about it.
  1234.  
  1235. https://twitter.com/ps66uk/status/1093090411709677569
  1236.  
  1237. I got some of these too that spoofed google docs and they seemed to be formatted as a response to something the victim sent.
  1238. This is what it looked like:
  1239. _______________________
  1240.  
  1241. From: Spoofed Real User <nabeel@anzpartners.com>
  1242. To: Victim@yourdomain.tld
  1243. Subject: payment
  1244.  
  1245. <html>
  1246. <body>
  1247. <font color='black' size='2' face='Arial, Helvetica, sans-serif'><br>
  1248.  
  1249. Please see attached.<br>
  1250. I will need the ACH form filled out and returned for wire payments.<br><br>
  1251. Thank you for your help.<br><br>
  1252.  
  1253. <a href="http://a2neventos2.sigelcorp.com.br/En_us/Invoice/uRAiK-Zou9R_as-GTJ">http://docs.google.com/Member/JOSa1631?ACH=UMCK1714405387</a>
  1254. <br><br>
  1255. <div style="clear:both">
  1256. <div><font color="black" face="arial" size="2">Best regards,</font></div>
  1257.  
  1258. <div><font color="black" face="arial" size="2"></font>&nbsp;</div>
  1259.  
  1260. <div><font color="black" face="arial" size="2">
  1261. <br>
  1262. Spoofed full name<br>
  1263. spoofedrealuser@yourdomain.tld<br></font></div>
  1264. </div>
  1265. <br>
  1266. <br>
  1267.  
  1268. <div style="font-family:arial,helvetica;font-size:10pt;color:black">________________________________<br><br>
  1269.  
  1270. > *From:* "Victim" <victimusername@yourdomain.tld><br>
  1271. > *Sent:* Wednesday, February 06, 2019 13:00<br>
  1272. > *To:* "spoofedrealuser full name" <spoofedrealuser@yourdomain.tld><br>
  1273. > *Subject:* Re: (Spoofed Full Name) COMET SIGNS PAYMENT NOTIFICATION ...........<br>
  1274.  
  1275. ><br>
  1276. ><br>
  1277. <br>
  1278.  
  1279.  
  1280.  
  1281.  
  1282. <div dir="ltr"><br>
  1283. </div>
  1284. </div>
  1285. </font>
  1286. </body>
  1287. </html>
  1288. _______________________
  1289.  
  1290. C2s changed on E2 but not E1 today. Updated the spam C2s above for both.
  1291. Note that both botnets are connecting to some common servers. This was always suspected but not seen until now.
  1292. Thanks to the Cryptolaemus group for this information. :)
  1293.  
  1294. ```
  1295. #### Sandbox 02/06/19 ####
  1296. (all with fakenet and MITM unless spam/secondary infection)
  1297. ```
  1298.  
  1299. Epoch 1 C2 run on 2019-02-06 at 22:30 UTC - https://cape.contextis.com/analysis/35357/
  1300. Epoch 1 C2 run on 2019-02-07 at 01:15 UTC - https://cape.contextis.com/analysis/35384/
  1301.  
  1302. ```
  1303.  
  1304. ```
  1305.  
  1306. Epoch 2 C2 run on 2019-02-06 at 22:30 UTC - https://cape.contextis.com/analysis/35358/
  1307. Epoch 2 C2 run on 2019-02-07 at 01:15 UTC - https://cape.contextis.com/analysis/35385/
  1308.  
  1309. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!