Emotet Malware IoCs 01/17/2019

## Emotet Malware Document links/IOCs for 01/17/19 as of 01/18/19 00:30 EST ##
*Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.

#### Epoch 1 Document/Downloader links seen for 01/17/19 ####
```

http://15ih.com/Payment_details/012019/
http://1friend.org/AMAZON/Transactions-details/012019/
http://2benerji.com/Amazon/Transaction_details/012019/
http://2nell.com/Amazon/En/Clients_information/01_19/
http://abscaffold.com/AMAZON/Attachments/2019-01/
http://agentfox.io/Transaktion/201812/
http://aimypie.com/szrblze/Amazon/EN/Clients/012019/
http://airmanship.nl/Amazon/En/Documents/01_19/
http://allopizzanuit.fr/Rechnungs/2018/
http://alovakiil.com/AMAZON/Clients_Messages/2019-01/
http://amberrussia.cn/Amazon/Clients_Messages/01_19/
http://amerigau.com/wp-content/uploads/Rechnungen/01_19/
http://ann141.net/Amazon/En/Transactions-details/2019-01/
http://ann141.net/Clients_transactions/012019/
http://antigua.aguilarnoticias.com/Rechnung/012019/
http://antoine-maubon.fr/Rechnungs/201812/
http://aquasalar.com/Rechnung/122018/
http://aramanfood.com/Rechnungen/01_19/
http://artemvqe.beget.tech/Amazon/EN/Documents/01_19/
http://aserraderoelaleman.com.ar/Amazon/Attachments/01_19/
http://asertiva.cl/Amazon/Payments_details/2019-01/
http://asgardiastore.space/Amazon/EN/Transactions-details/2019-01/
http://audiocart.co.za/Amazon/EN/Clients/01_19/
http://auto-buro.com/Amazon/Orders_details/01_19/
http://ayokerja.org/AMAZON/Clients/012019/
http://azimut-volga.com/Amazon/Payments_details/2019-01/
http://aztel.ca/wp-content/plugins/Rechnung/DEZ2018/
http://batdongsan3b.com/wp-content/uploads/Rechnungs/01_19/
http://batdongsanbamien24h.com/AMAZON/Attachments/2019-01/
http://baza-dekora.ru/Rechnungs/DEZ2018/
http://becommerce.mx/Amazon/En/Orders-details/012019/
http://bellevega.com/Amazon/Clients/012019/
http://binckvertelt.nl/AMAZON/Transaction_details/01_19/
http://blindzestates.co.uk/Amazon/Transaction_details/012019/
http://bluewindservice.com/Amazon/En/Clients_Messages/2019-01/
http://bootaly.com/pjuupfw/Amazon/En/Orders_details/012019/
http://brosstayhype.co.za/Amazon/Orders-details/2019-01/
http://btrsecurity.co.uk/Amazon/En/Clients/2019-01/
http://capitalprivateasset.com/Amazon/En/Clients_transactions/012019/
http://catfish.by/Rechnung/2018/
http://cbsr.com.pk/wordpress/Amazon/En/Orders-details/01_19/
http://ccoweetf.org/Amazon/Payments_details/01_19/
http://cerrajeria-sabbath.holy-animero.com/Amazon/EN/Payments/2019-01/
http://cfood-casa.com/Rechnung/DEZ2018/
http://chalespaubrasil.com/Amazon/Transactions/012019/
http://chenhungmu.com/Amazon/EN/Clients/01_19/
http://childminding.ie/wp-content/Amazon/En/Payments_details/01_19/
http://ciadasluvas.com.br/AMAZON/Orders-details/012019/
http://clubmestre.com/Amazon/Payments/012019/
http://clubmestre.com:8080/Amazon/Payments/012019/
http://comidasdiferentes.com.br/Amazon/Transaction_details/01_19/
http://crm.tigmagrue.com/build/aps/Transaktion/201812/
http://crolanbicycle.com/Amazon/En/Information/012019/
http://czystaswiadomosc-swiatloimilosc.pl/Amazon/EN/Clients_Messages/012019/
http://daliahafez.com/Amazon/Attachments/2019-01/
http://detigsis.nichost.ru/Transaktion/122018/
http://dev.moleq.com/Amazon/En/Attachments/2019-01/
http://dhgl.vn/Rechnungs/01_19/
http://directsnel.nl/Amazon/En/Information/2019-01/
http://distinctiveblog.ir/Amazon/En/Orders-details/01_19/
http://dmoving.co.il/Amazon/Transactions-details/01_19/
http://domswop.worldcupdeals.net/Amazon/En/Transaction_details/012019/
http://dplogistics.com.pl/Amazon/En/Transactions-details/012019/
http://drcarrico.com.br/AMAZON/Clients_information/2019-01/
http://edenbeach.eu/Amazon/En/Clients_Messages/01_19/
http://eetstoelbaby.koffie-bekers.nl/AMAZON/Clients_information/012019/
http://elcodrilling.com/Amazon/Clients/012019/
http://eliteseamless.com/AMAZON/Transactions/2019-01/
http://eminencewomensforum.org/Rechnungen/201812/
http://eriklanger.it/AMAZON/Transaction_details/012019/
http://ero4790k.com/ftwiofrm_ero4460/Amazon/Details/012019/
http://etsybizthai.com/Amazon/EN/Messages/2019-01/
http://everblessmultipurposecooperative.com/Amazon/En/Orders-details/012019/
http://expoluxo.com/Amazon/En/Clients_information/2019-01/
http://fbroz.com/Transaktion/2018/
http://fieldscollege.co.za/Amazon/En/Clients/01_19/
http://find-me-an-english-book.co.uk/Amazon/En/Payments_details/01_19/
http://firstclassedu.com.ng/Payment_details/2019-01/
http://forexpedia.tradewithrobbie.com/Amazon/Transactions/012019/
http://gernetic.ca/wp-content/Amazon/En/Documents/012019/
http://glopart.qoiy.ru/Amazon/Transactions-details/012019/
http://gmelfit.com/Amazon/Payments_details/2019-01/
http://guitare-start.fr/Amazon/Messages/2019-01/
http://histyle-eg.com/AMAZON/Clients/012019/
http://hitechlink.com.vn/tmp/Amazon/EN/Clients_Messages/2019-01/
http://houara.com/Amazon/Transactions/2019-01/
http://i2ml-evenements.fr/Amazon/En/Payments_details/2019-01/
http://id14.good-gid.ru/Amazon/En/Information/2019-01/
http://ikinit.com/Amazon/En/Transactions/012019/
http://improve-it.uy/Transaktion/012019/
http://indumentariastore.com.br/Amazon/EN/Information/012019/
http://irsoradio.nl/Amazon/En/Clients_transactions/012019/
http://isikbahce.com/55pkhuo/Amazon/En/Payments/01_19/
http://isoblogs.ir/Amazon/Orders-details/01_19/
http://ivydental.vn/Amazon/En/Attachments/01_19/
http://jameshunt.org/Rechnung/012019/
http://jeturnbull.com/AMAZON/Clients_transactions/2019-01/
http://jobgetter.org/Amazon/Orders-details/012019/
http://jongewolf.nl/Rechnungs/012019/
http://juniorcollegesprimary.co.za/Amazon/EN/Orders-details/2019-01/
http://kientrucdep.club/Amazon/En/Clients_information/01_19/
http://kiot.coop/Clients_information/01_19/
http://kisfino.com/Rechnungen/012019/
http://ktml.org/wp-snapshots/Amazon/En/Messages/01_19/
http://kuvo.cl/Amazon/Clients_information/2019-01/
http://lanhodiepuytin.com/Amazon/En/Information/2019-01/
http://ldrautovation.co.za/Amazon/EN/Attachments/2019-01/
http://ldztmdy.cf/wp-admin/Amazon/Orders_details/012019/
http://lespetitsloupsmaraichers.fr/AMAZON/Orders-details/01_19/
http://lignumpolska.com/Amazon/Messages/2019-01/
http://liitgroup.co.za/Amazon/En/Payments_details/2019-01/
http://liveloan.eu/Amazon/EN/Clients_Messages/01_19/
http://lms-charity.co.uk/Amazon/En/Orders_details/012019/
http://locksmithhollywoodweb.com/Rechnungs/012019/
http://lombardz.org/wp-snapshots/Amazon/Clients/2019-01/
http://mail.impacttfs.com.au/Amazon/EN/Payments_details/2019-01/
http://mail.learntoberich.vn/Amazon/En/Details/01_19/
http://mail.manzimining.co.za/Amazon/Clients_information/012019/
http://mandselectricalcontractors.co.za/Amazon/Documents/2019-01/
http://mange-gode-blogs.dk/AMAZON/Clients_transactions/012019/
http://manningsschoolja.org/Amazon/Payments/2019-01/
http://maquinadefalaringles.info/Amazon/Attachments/01_19/
http://margatepanelbeaters.co.za/Amazon/EN/Transactions-details/01_19/
http://marshalstar.com.ng/Amazon/En/Clients/2019-01/
http://mdmshipping.org/wp-content/uploads/AMAZON/Clients_Messages/01_19/
http://mdmshipping.org/wp-content/uploads/Clients_transactions/012019/
http://media.wi-fly.net/Amazon/EN/Transaction_details/01_19/
http://mmms.at/Amazon/En/Details/012019/
http://moefelt.dk/Rechnungs/01_19/
http://mskala2.rise-up.nsk.ru/Transaktion/2018/
http://mywebnerd.com/Rechnungen/01_19/
http://naama-jewelry.co.il/Amazon/Orders_details/012019/
http://nbhgroup.in/AMAZON/Clients/2019-01/
http://niteshagrico.com/Amazon/En/Clients_information/012019/
http://nongnghiepgiaphat.com/dreyym/Transaktion/DEZ2018/
http://noplu.de/plesk-stat/Rechnung/01_19/
http://ojoquesecasan.com/wp-admin/Rechnungen/012019/
http://orderout.nl/Amazon/Clients_transactions/012019/
http://phelieuasia.com/Amazon/Clients_Messages/01_19/
http://pmracing.it/Amazon/Transactions/012019/
http://pouya-sazane-parseh.com/AMAZON/Payments/01_19/
http://projektuvaldymosistema.eu/Amazon/En/Payments/2019-01/
http://quahandmade.org/docs/Amazon/En/Information/01_19/
http://qualitybeverages.co.za/Amazon/Clients_transactions/012019/
http://qwerty-client.co.za/AMAZON/Clients_transactions/012019/
http://radintrader.com/Amazon/Transactions-details/2019-01/
http://ragainesvaldos.ekovalstybe.lt/Payments/01_19/
http://raliiletradings.co.za/Amazon/Orders_details/2019-01/
http://ra-services.fr/Amazon/Transactions-details/012019/
http://register.srru.ac.th/Amazon/EN/Transactions-details/2019-01/
http://replorient.fr/Amazon/Transaction_details/012019/
http://rnexpress.ir/Amazon/EN/Clients_Messages/01_19/
http://rosoft.co.uk/Amazon/En/Clients_transactions/01_19/
http://roytransfer.com/Amazon/Clients_information/012019/
http://saboreslibres.asertiva.cl/AMAZON/Orders-details/012019/
http://sarahleighroddis.com/Amazon/Attachments/012019/
http://science-house.ir/Amazon/En/Orders_details/01_19/
http://seitenstreifen.ch/Amazon/Information/01_19/
http://sendgrid2.oicgulf.ae/wf/click?upn=2UXNtEH7zdqmHUvJApE-2B0XcC7dAdTT-2BTOGmnQuwwkazH6dcL36Ly4IPwcXdoQgLpw6VAnSm2fnMh8gZcgZl2zA-3D-3D_5Z3XbQWSN2-2FVMFeM7B17h4FmPP2yaf02NKm49DxQbtSFsrxF75ZYKMIh-2B7rqceyA88LuZvDdnFKedHBFJ4FxXVi6kaPcJ-2B6SIC-2FJs342EK4est3mTeJikt-2Ba2uaHxhqEERhPv84T9tMCY7nk6siNk8wr3IffKtxUHrhnOM9dvOIpQwLiukY9YqbBXgEZyC6ZonkuauRCc26caR6Q6e-2Bs4xyB-2FxlqvGupDRN-2BHOQ-2BPgM-3D/
http://sendgrid2.oicgulf.ae/wf/click?upn=FBXErEQYiWolIv6Nv7udtEz5PdgmXAcVPIrDGpW0OdqAm5B2IXlCoG8BbVldeyc0vgj5Pg09e0rPu3JmQXnpYw-3D-3D_l6HG3FW8n50aQtA4oQ21QaL5Fq-2BZzmKMGTJdvztZDph23Ya5auoshdORU1dhC702A5NcVPgL9ZNydHDAKMoGX6CB-2B1dD6VobR1LyUe81IQz2tTIHDXsecLWtCY1YWx75T4fyzd3S2qgLoo5lfOEfWAWrcJLFBegEnWDqWzZ8SFkVauRuz81YMtYnMdt6OcGD-2Bgc20TxYe3gcu19w5yb3jdSCawIRAWBeIeAAdYb-2Fcs0-3D/
http://sendgrid2.oicgulf.ae/wf/click?upn=Ifs9ztBGmqH-2BjxL9ptnymJmW8tL5NaFhL4oylTdCBkrZxmtMSxR4cI1qzVVTMZw-2Fw7XCRWdTfyUmDfR1VL6isD6keQVWBlDWjTmFbphfCK0-3D_SGa7yjXcUN1UnrlYO8hIBvhGEtlOwmyZnvZEN8hX1KuK3U9ODFc4cildM8S7N6Nn6f7uE-2FKYZi8s0OQDH-2F-2FHzOBcoFE2v-2BnZY2M61W3dt4TmQQF81dqQlXjyWVGCoGapAiHQx5NOeQa5AqxcruCu-2FPd1Ktmf19-2F-2FLhK-2Buv2dU9sCZRgRgG9n-2By64io-2B-2BwmEYfV2ST-2BBkrEdza-2BMFEO7YIPAFSAcqjfd1YxAPV-2Bk4cMM-3D/
http://seogap.com/dbmm0yd/Amazon/En/Attachments/2019-01/
http://servetech.co.za/Amazon/Clients_transactions/012019/
http://sevenempreenda.com.br/Amazon/En/Details/012019/
http://shootinstars.in/Amazon/En/Orders_details/01_19/
http://shopphotographer.co.za/Amazon/EN/Attachments/2019-01/
http://sizzlerexpress.co/Amazon/En/Clients_Messages/012019/
http://slcip.org/Amazon/Clients_Messages/012019/
http://smkn.co.id/Amazon/En/Clients_transactions/01_19/
http://smsold401.smsold.com/Amazon/Orders_details/2019-01/
http://smtp.stepoutforsuccess.ca/Amazon/Attachments/012019/
http://sofathugian.vn/Amazon/EN/Payments/012019/
http://somov-igor.ru/Amazon/Transactions-details/2019-01/
http://squawkcoffeehouse.com/Amazon/EN/Clients_Messages/2019-01/
http://ssmthethwa.co.za/Amazon/Clients_information/01_19/
http://stats.sitelemon.com/Amazon/EN/Transaction_details/012019/
http://statybosteise.lt/Rechnungs/01_19/
http://stionline.com.ve/Amazon/Clients/2019-01/
http://stryvebiltongorders.com/Amazon/Details/2019-01/
http://takeiteasy.live/Amazon/EN/Clients_transactions/012019/
http://tbssmartcenter.tn/Amazon/EN/Clients/2019-01/
http://tenkabito.site/cgi-bin/Amazon/Payments/2019-01/
http://tesla-power.pl/Amazon/EN/Documents/01_19/
http://test.good-gid.ru/Rechnungen/201812/
http://themoonplease.com/Amazon/Clients/2019-01/
http://theschooltoolbox.co.za/Amazon/Clients_information/01_19/
http://toetjesfee.insol.be/templates/Rechnungen/2018/
http://trottmyworld.ch/Amazon/Attachments/01_19/
http://truongland.com/Amazon/Clients_Messages/2019-01/
http://tsg-orbita.ru/Amazon/En/Transactions/01_19/
http://uat.convencionmoctezuma.com.mx/Amazon/Documents/012019/
http://ubocapacitacion.cl/Amazon/Documents/2019-01/
http://universalskadedyr.dk/AMAZON/Orders-details/01_19/
http://viettelbaoloc.com/wp-admin/Rechnungen/122018/
http://vnxpress24h.com/Amazon/EN/Transactions-details/2019-01/
http://web113.s152.goserver.host/Amazon/En/Orders_details/2019-01/
http://web63.s150.goserver.host/Amazon/EN/Attachments/012019/
http://weddingstudio.com.my/Amazon/En/Orders-details/012019/
http://womanhealer.co.za/Amazon/En/Clients_information/01_19/
http://wordpress-147603-423492.cloudwaysapps.com/Amazon/EN/Information/012019/
http://www.2benerji.com/Amazon/Transaction_details/012019/
http://www.3dyazicimarket.com.tr/Amazon/En/Documents/012019/
http://www.aramanfood.com/Rechnungen/01_19/
http://www.asertiva.cl/Amazon/En/Messages/012019/
http://www.capitalprivateasset.com/Amazon/En/Clients_transactions/012019/
http://www.cop-rudnik.pl/Amazon/En/Attachments/012019/
http://www.creationmakessense.com/Amazon/Clients/012019/
http://www.curiouseli.com/Amazon/Transactions-details/2019-01/
http://www.drinkdirect.co.uk/AMAZON/Orders_details/01_19/
http://www.editocom.info/Amazon/EN/Details/012019/
http://www.ema2-medea.com/AMAZON/Payments_details/01_19/
http://www.euk.lt/Transaktion/201812/
http://www.forodigitalpyme.es/AMAZON/Transaction_details/012019/
http://www.gkif.net/AMAZON/Details/012019/
http://www.h2o-wash.co.za/Amazon/Attachments/2019-01/
http://www.id14.good-gid.ru/Amazon/En/Information/2019-01/
http://www.idgnet.nl/Amazon/En/Transaction_details/012019/
http://www.iwsgct18.in/Amazon/Clients_Messages/01_19/
http://www.kamprotect.ru/Rechnung/2018/
http://www.kiber-soft.ru/AMAZON/Transactions-details/012019/
http://www.leg4.ru/Amazon/Clients/012019/
http://www.markerom.ru/Amazon/En/Clients/2019-01/
http://www.mesa.so/Amazon/EN/Orders-details/01_19/
http://www.midts.com/Amazon/Payments_details/01_19/
http://www.motoruitjes.nl/Amazon/EN/Transactions-details/01_19/
http://www.niteshagrico.com/Amazon/En/Clients_information/012019/
http://www.paceforliving.co.uk/xxdap/client/wordpress/Amazon/EN/Orders_details/012019/
http://www.petrina.com.br/Amazon/Details/012019/
http://www.pkmsolutions.com.my/Amazon/En/Details/2019-01/
http://www.pojbez31.ru/Amazon/EN/Messages/012019/
http://www.prolevel.at/Amazon/Transactions/012019/
http://www.reparaties-ipad.nl/Rechnungen/01_19/
http://www.shems.capital/Amazon/En/Payments_details/01_19/
http://www.shot-life.ru/Rechnungs/2018/
http://www.smsfgoldbullion.com.au/AMAZON/Transactions/2019-01/
http://www.srooooiva.ru/Transaktion/DEZ2018/
http://www.tbssmartcenter.tn/Amazon/EN/Clients/2019-01/
http://www.themoonplease.com/Amazon/Clients/2019-01/
http://www.thequoruminitiative.com/Amazon/Payments_details/012019/
http://www.wholehealthcrew.com/Amazon/Documents/01_19/
http://www.xn--d1albnc.xn--p1ai/Rechnung/01_19/
http://xn--90aeb9ae9a.xn--p1ai/Transaktion/DEZ2018/
http://ybbsshdy.cf/Rechnungs/2018/
http://ygiacurcumin.com/Amazon/En/Clients_transactions/2019-01/
http://ytewporgdy.cf/wp-admin/AMAZON/Information/2019-01/
http://yxchczdy.cf/Amazon/En/Transaction_details/012019/
http://yxieludy.cf/wp-admin/Amazon/En/Orders_details/012019/
http://zbancuri.ro/AMAZON/Transaction_details/2019-01/
http://zentera93.de/Transaktion/01_19/
http://zhesa.ir/wp-snapshots/Amazon/Clients_transactions/01_19/
http://zidanmeubel.com/Amazon/EN/Payments_details/012019/
http://zonnestroomtilburg.nl/Amazon/EN/Orders-details/012019/
https://activartcompany.it/Amazon/EN/Information/012019/
https://asmm.ro/Amazon/EN/Orders_details/012019/
https://linkprotect.cudasvc.com/url?a=http://hjsanders.nl/Transactions/2019-01&c=E1CZs0n8uqwSo1BXDYoKRF7k5Q-WOqtsqDfJlPRjzy40PT4lZOf-Xiwr-yG7fNvPk315kNYXZrw_h1U5018BjWwwyKC_Pqc73rBDpB25IB&typo=1/
https://pojbez31.ru/Amazon/EN/Messages/012019/
https://register.srru.ac.th/Amazon/EN/Transactions-details/2019-01/
https://u5184431.ct.sendgrid.net/wf/click?upn=50wzScr979SIyNFTtUR00wJO-2BNHhKeuXdHtYw0edYt4CdqgunuZn0EgxHSdHHpoIxFaEDPtI8jSztS4GYKso5qBK8GjdUbBb2X8d006r2fk-3D_1dGNceYTHC-2BspxQLwOMt9tYDce94VLY6oFybl9hokDSSy0nPa87wY6I6ZeUObeTpCByM9NcQisb2YvWsh35ciwwWZuOlmsfbxO7Nz6Z-2FPjuR0tP3Hfv7-2Bq44nTqneRBY-2Bf3233jIyotz9N5b7p9Il9ht0F7tBjsxt2D6tJUavIDQ1VYQY9mbWx3h5UzbwswXb-2BvGpB-2FfosPpV9uXnKYrTEpZZxtJoZSMHKcdWJ-2B7PcY-3D/
https://u5184431.ct.sendgrid.net/wf/click?upn=ozDR6TI7-2FayTtoOzFXIArK2Xm4-2BFamuvp6owQoUMF4I051DejfoIySD0gnGysyDC7OqF-2B6-2BFXvVImKTe-2FHBq5w-3D-3D_rMjxGqkxyK3CmSCHs2ssFiFPpDO7XF8ec30mLrVM9BzxEavYRbUxbIFT-2FmW8bcCazPclk-2FNpMTdx4-2BO0VClgVxTHshtgpYc7EaOoqV9S-2B2gyB6c8N7vKFndfC1fPgEDd1RWrpXB5Ob-2Fl3XZEMVFM4SuU5MpBjARiJ-2FmOmC-2FG3xQC2BRHZCkAAikZLqvuIK-2FwZ74-2FNARUNjga0Xtxn12rng-3D-3D/
https://u6547982.ct.sendgrid.net/wf/click?upn=bu-2FKl8jwfHHl7vzGLYn8cGnlQRqBBIQjlVLdTGMPwP-2FgXjEiyLDwNc-2BYJI8ITnIb2epwvY3aJRBWhy0Xzc9PVw-3D-3D_T2OQnmBgkig8in2Rk28k1skDgT18t3Wt4cOZymvHqoMkt5RdSECrbVaG0bDn-2FzKGpXzjYHJ3WJDX-2Fb6CEeXByelUm4rGzFUsxpUDAhBIPUNluj0OVqw1MHtZ8hBI5XsX4N8YagvO1NAjEFPoc6-2Fy9k0mr-2BDoiyyB7idlKfh8gUK63Ul0-2BDZRioXM-2FKBAoOnLjeYs8vzCPSFsSCHnV9mLfX7USZFMXVH0rRS9-2FqCWI3w-3D/
https://u7648241.ct.sendgrid.net/wf/click?upn=fx-2FIlfZR6CACYC-2FEzUu5gmVa5pPda6-2F4ypbdkg9Keqxq2fY0WAMpQ5dgITbVop3AFLDGljvc2Q2Y5QAaKfzyaA-2FLh3M-2BsAA1SX5TVC-2Bgeuk=_X6nVGqSMdJTrz-2FI1LxXG5hBUoznKoVUwMysCvJAk64HpEurAqxv67U7VOS-2BeLG3Q-2Fe2xH3xrqwxeEmcsRgmXcsyIJW45vBSezk0og9zDgxqQ1opg32DncTBXbVotGH1d4mCxbzs4eyy0N0LE2xihTUYYFtCWvi8FBoQEmyWeYzUzBoMhVVEssXj8Sbgj4uS5CQ3hjbmQI199b4X8yc4iq89fZtH2c2M5rPBZAIaEEqA=/
https://u7648241.ct.sendgrid.net/wf/click?upn=fx-2FIlfZR6CACYC-2FEzUu5goBFSgo-2FOrRzDmkybKg1z9uwiut4wbIhZi2DMOHWGLaCPgIT4yAKn0TPDAgdLkAgig-3D-3D_sAp2mMIMgdWludllEZL9PBvrjxZIksULq0cN0suEYiBM7CpYcV-2FMils5XnJXGsN6oiBmRpEscnWAJiBgYhvZYu8LjRz8gTfenmMA1s4nB8ovbmKiTxPuRlsZcgGrsZGuibb5yidRVAYyVQ-2BZLOQymb1CW0N84nrwmO9J56MRGf-2BZp8qHwgbJl0PeSzMefko4anVKUqFur0m-2FREvhOJYbPw-3D-3D/
https://u7648241.ct.sendgrid.net/wf/click?upn=fx-2FIlfZR6CACYC-2FEzUu5goBFSgo-2FOrRzDmkybKg1z9uwiut4wbIhZi2DMOHWGLaCPgIT4yAKn0TPDAgdLkAgig-3D-3D_sAp2mMIMgdWludllEZL9PBvrjxZIksULq0cN0suEYiBM7CpYcV-2FMils5XnJXGsN6pr1aXJj4GwuCM3b-2FhOTBS04bJul8eNndgh24VtTJAaJ3Diy32Eiy-2B5tonbW9yNiTFoMqVTDCe-2B49uxP8-2Bb5sA88-2BpJbDx-2BeEEKWK4wwOyDi86NrF08EljmWyQSNCrUhwh1k-2B6U-2BOAo58XqZ3x3DtcQ-3D-3D/
https://url.emailprotection.link/?abXcC0b1oLP-BXgTX0Qjajw42MURvcZK6HFKmlInhI7ZHVx_FYv0hOfNNuM9994JKrN-74FpQ3hIg5Qlr0-8p-A~~/
https://www.activartcompany.it/Amazon/EN/Information/012019/


```
#### Epoch 2 Document/Downloader links seen for 01/17/19 ####
```

http://0qixri.thule.su/noRh-XEy_LRQ-mBy/INV/59453FORPO/557261577316/US_us/New-order/
http://ai-asia.com/de_DE/RPFBUAXAI0474083/Rechnungskorrektur/RECHNUNG/
http://airshot.ir/assets/images/tHDnG-rl7v_kG-mrc/COMET/SIGNS/PAYMENT/NOTIFICATION/01/18/2019/En_us/0-Past-Due-Invoices/
http://ali33vn.com/Jwml-MiMj_ZvSG-vDX/EXT/PaymentStatus/En_us/Paid-Invoice-Credit-Card-Receipt/
http://amimakingmoneyonline.com/pvFsv-gx2WA_hKKnhL-KM/InvoiceCodeChanges/US/Invoice-6117660/
http://armbuddy.co.za/gYHL-DcT9_cK-OB/US_us/Open-invoices/
http://arneck-rescue.com/de_DE/SQAKKAWHL9759904/gescanntes-Dokument/DOC-Dokument/
http://auminhtriet.com/qXQN-tt_wXu-9P/P46/invoicing/En_us/Open-invoices/
http://balancedmindus.org/FCLvq-kk_ybcgT-yl/En/Service-Report-76163/
http://bancanhovinhomes.vn/BHxB-2d_ybk-AlX/invoices/51729/5304/US/Invoice-41020439-January/
http://befounddigitalmarketing.com/TjXfF-J1hc_ZdFMNrXAb-6gj/ACH/PaymentInfo/EN_en/Document-needed/
http://bem.hukum.ub.ac.id/VDTDCC2636944/Scan/Rechnungszahlung/
http://billfritzjr.com/DwrF-WNx8b_SbJm-ec/US_us/Outstanding-Invoices/
http://billfritzjr.com/qPym-LnC3_JbrjwrVOo-11A/PaymentStatus/EN_en/Companies-Invoice-4907735/
http://birdychat.com/cEmu-RnVlM_fyzp-vE/Inv/4353161709/US/Past-Due-Invoices/
http://blogg.postvaxel.se/OwbpM-cZ_Uy-lnA/En_us/6-Past-Due-Invoices/
http://bloggers.swarajyaawards.com/wp-content/DE_de/FBSHMTMM4901809/Rechnungs-Details/RECHNUNG/
http://bmzakochani.pl/zbqY-Ct_XjcdyEqtX-4d/WV689/invoicing/US/Invoice-for-o/f-01/17/2019/
http://brahmakumaris.lt/Januar2019/UHUWLLX5420831/Scan/Hilfestellung/
http://caringrides.com/PRUH-cv4_UCnP-l1/B536/invoicing/US/Need-to-send-the-attachment/
http://carolineredaction.fr/yFAst-RPio_lYsOD-775/Inv/19766194964/EN_en/Need-to-send-the-attachment/
http://cheapavia.ga/cJOJM-3jl19_woVwcuso-HG/invoices/51963/4349/En_us/Paid-Invoice/
http://checkreview.ooo/irCTz-YAk_YElImI-Em5/Southwire/PLD919931638/EN_en/Invoices-Overdue/
http://cindycastellanos.com/rqES-L1_NiptrHy-Zk/INVOICE/US_us/Question/
http://clubdirectors.tv/De_de/IPRXQNXPPM4929999/DE/DOC/
http://coletivogaratuja.com.br/VEHp-I9LHw_NUHKRf-klm/910950/SurveyQuestionsEN_en/Invoice-for-you/
http://conceptrecords.ru/YNyJE-7ly0_PVsoci-uY4/COMET/SIGNS/PAYMENT/NOTIFICATION/01/17/2019/US/Outstanding-Invoices/
http://condosbysmdc.ph/CPly-B0_HVfPMk-zUK/ACH/PaymentInfo/EN_en/Paid-Invoice-Credit-Card-Receipt/
http://condosbysmdc.ph/jiXi-U77g_YZFWm-jdw/ACH/PaymentAdvice/US_us/2-Past-Due-Invoices/
http://coworkingaruja.com.br/Januar2019/PDQBOMHU0179187/Rechnungs/DOC/
http://csrcampaign.com/oSLl-q2Jo_d-8pv/PaymentStatus/US_us/Paid-Invoice-Credit-Card-Receipt/
http://daddyospizzasubs.com/wp-admin/UNTT-Ha_YfHUOyuFH-3lS/ACH/PaymentInfo/US_us/Paid-Invoice-Credit-Card-Receipt/
http://demo.trydaps.com/gzVv-22Omv_aIQZybVK-aJ/En/Question/
http://diederich.lu/Januar2019/NZKYYMM3444875/Scan/RECH/
http://dirc-madagascar.ru/MqvEc-D8trE_R-9RK/Inv/76965924789/En/Inv-277031-PO-5X526676/
http://drdoorbin.com/XGSR-aF_thsRz-o5/QE332/invoicing/US/Question/
http://drolhovaya.at/TojU-AX_pOoA-PKz/INVOICE/02033/OVERPAYMENT/En_us/Need-to-send-the-attachment/
http://escortdubaiexpo.com/LQfZ-vz8_mzvw-MVc/INV/33335FORPO/4842918507/En/Invoice-Corrections-for-37/65/
http://estylos.com.gt/VRYHS-lK_yyGW-yg/InvoiceCodeChanges/US_us/Paid-Invoice/
http://eurolinecars.ru/DE/DCFYDKPT8398668/gescanntes-Dokument/FORM/
http://excellenceconstructiongroup.com/HmmW-wPY_CSEtTDx-GRs/PaymentStatus/En/Companies-Invoice-31133887/
http://fhclinica.com.br/DBhN-lVqao_nErXwPzxA-R4Q/EN_en/Document-needed/
http://firstclassedu.com.ng/zwZFR-he_AZVqIRdXI-jmS/P85/invoicing/US_us/Invoice-for-d/r-01/17/2019/
http://goodtogreat.co.th/De_de/BDPSQMPPH8176923/Bestellungen/DETAILS/
http://gostar.vn/UcIN-Lz_Ccknj-5U5/En/Invoices-attached/
http://growwiththerapy.com/GscWr-Q5_GCGHnsdGf-51p/invoices/22455/56879/EN_en/7-Past-Due-Invoices/
http://hauteloirebio.fr/jvYX-hJYx_IEsfAK-3yL/PaymentStatus/US_us/Invoice/
http://healers.awaken-hda.com/jyJtZ-Gq_PVOGW-Ak/184765/SurveyQuestionsEn/Paid-Invoices/
http://healthtech.tn/DE_de/FWWBXSDY5884914/de/DETAILS/
http://histolabdiagnostico.com.br/ImnU-5p_mGmpFEWr-kq/INVOICE/9046/OVERPAYMENT/EN_en/Scan/
http://homeafrica.co.tz/PVAZYRR9694081/de/DOC/
http://hungryman.vi-bus.com/SASb-6B0_ExpniY-CI/Invoice/888600786/En/0-Past-Due-Invoices/
http://ibk.co.il/De_de/KGHNNUREN6892404/Scan/DOC/
http://immo-en-israel.com/gekYf-6B_vTnVAh-y6X/EXT/PaymentStatus/En/Need-to-send-the-attachment/
http://indigo-office.com/contact/TXBFCQPPIU3525240/GER/DOC/
http://institutodrucker.edu.mx/hOWj-jG55_Uc-aQ/4072397/SurveyQuestionsEN_en/Paid-Invoices/
http://interierykosice.sk/vmam-ux2_rJRpQj-D0/INVOICE/US_us/New-order/
http://ipeople.vn/DE_de/OYAGWVN8100931/Scan/DOC/
http://iplb.ir/whogI-cr2K_swJkC-ix/YT15/invoicing/US/Invoice-Number-57565/
http://iuphilippines.com/de_DE/ERFWNK4331717/Rechnung/RECHNUNG/
http://kadinveyasam.org/LaZEz-l0Qd_ZCglb-YG/Inv/7406599000/US_us/Outstanding-Invoices/
http://kamdhenu.technoexam.com/cPdj-pF53V_MAu-US/INVOICE/9255/OVERPAYMENT/EN_en/Open-Past-Due-Orders/
http://kamdhenu.technoexam.com/VAjLO-ptA9c_OBHskw-Wz/INV/0546376FORPO/0793060258/EN_en/Sales-Invoice/
http://kashholon.co.il/mdzT-My0OG_JnCcOJlN-5KV/EXT/PaymentStatus/US/Companies-Invoice-2556548/
http://khsecurity.sg/pOVdt-5tJ_trqLw-2c/INVOICE/EN_en/Outstanding-Invoices/
http://kiber-soft.net/HBIVS-wLe_bcgq-GN/invoices/0343/79616/EN_en/Invoice-2574066-January/
http://komsima.org/wp-content/DE/YPUIRITS8096504/de/DOC-Dokument/
http://kosarhaber.xyz/De_de/SRRPFEYN0329359/de/Rechnungsanschrift/
http://liarla.com/xoozT-AEUvv_lMHMJuaT-4Sk/ACH/PaymentInfo/US/Invoice-Number-919134/
http://lineageforum.ru/DE_de/PODMLRTCUW7550065/Rechnungs/RECH/
http://logopediaromaeur.it/WgCbZ-0OYKr_TAt-aI/InvoiceCodeChanges/US/Service-Invoice/
http://lokanou.webinview.com/deCxr-jH5_cCmSmiG-xr/INVOICE/US/Service-Report-0658/
http://maf-orleans.fr/XJWI-432_EN-vF/Inv/866847583/US_us/Open-invoices/
http://mail.mtcc858.ca/AUPdJ-2Ed_zvCHEsG-tU7/INV/95995FORPO/81050853735/En_us/Sales-Invoice/
http://malin-kdo.fr/adgBz-zb_GIX-wO/Y558/invoicing/En/Invoices-attached/
http://marisel.com.ua/De/FULYJPW9172244/GER/Zahlungserinnerung/
http://megatramtg.com/site/cache/ajax_login_form/QONy-f1_mYEYk-dVZ/XC09/invoicing/En_us/Outstanding-Invoices/
http://mhnew.enabledware.com/wp-content/upgrade/DE_de/TLCDXBURHX7279875/de/RECHNUNG/
http://michelinlearninginstitute.co.za/VtXAX-FUy_P-8H/CG234/invoicing/EN_en/Paid-Invoices/
http://millennialsberkarya.com/wp-admin/js/widgets/KZyMB-eF_cvZCCE-Hzy/COMET/SIGNS/PAYMENT/NOTIFICATION/01/17/2019/EN_en/New-ord/
http://mingroups.vn/flCY-rOBZV_J-CfH/En/Important-Please-Read/
http://modern-autoparts.com/lIIVo-GN_K-MTW/invoices/83990/9270/EN_en/Past-Due-Invoice/
http://moradikermani.oilyplus.ir/JYEcI-g88ru_dPzCIxK-f5x/InvoiceCodeChanges/US/Invoice-Number-581670/
http://morozan.it/De_de/WTKMMB3205155/Rechnung/Zahlungserinnerung/
http://nanesenie-tatu.granat.nsk.ru/LVUALLN2568843/Rechnungs-Details/Hilfestellung/
http://nannyservices101.com/DoLJ-u7QwQ_tKe-hy/INVOICE/US/Paid-Invoice/
http://newtechpharmaceuticals.com/fBtaA-P8Ng_oYzh-HxS/ACH/PaymentInfo/EN_en/Paid-Invoices/
http://northernmineral.com/de_DE/YORLXCGRT7399568/DE_de/RECHNUNG/
http://oceangate.parkhomes.vn/DE_de/PDYIKWOT9286173/Rechnung/RECHNUNG/
http://oculista.com.br/ukVR-MQCGo_EhieG-Ids/Ref/4814411604En/ACH-form/
http://phase5.tppoffshore.com/Januar2019/THFZEYH8690665/Rechnungs-Details/Rechnungszahlung/
http://phihungmobile.net/Januar2019/MXSVAX4507556/DE/Rechnungsanschrift/
http://photomoura.ir/KwwrI-Kl0S_q-GT/EXT/PaymentStatus/En_us/Service-Invoice/
http://phytosweets101.com/XQZL-Wx4s_ywKmHhkA-Cf/Invoice/08475966/En_us/Inv-67164-PO-0F526809/
http://pnneuroeducacao.pt/Januar2019/QTUBNJMA0319791/Rechnungs-Details/RECHNUNG/
http://pojbez31.ru/De_de/HLZWYP1604214/de/RECHNUNG/
http://polatlimatbaa.com/KYiil-tU_vCgkGLzOE-Bh/ACH/PaymentInfo/US_us/Paid-Invoice/
http://qhoteloldcity.com/VqEOm-VUSE_rBbA-7z/invoices/6784/4291/En_us/Outstanding-Invoices/
http://quentinberra.fr/DsyPv-c4_EFrjaluU-Eu/COMET/SIGNS/PAYMENT/NOTIFICATION/01/17/2019/En_us/Paid-Invoice-Credit-Card-Receipt/
http://rapport-de-stage-tevai-sallaberry.fr/JhJNV-XU1_TLkwwer-W8s/Inv/065743170/US_us/Invoice-receipt/
http://ray-beta.com/aPzSt-9mDHW_cX-ju/invoices/79588/11360/US_us/Document-needed/
http://realaser.com/De_de/NMRVHBT6753348/Rechnungs-Details/RECH/
http://rentalagreement.aartimkarande.in/JYGrs-TT_puc-1X/EXT/PaymentStatus/US/Invoice-for-d/l-01/17/2019/
http://rentalagreement.aartimkarande.in/KqRy-Eeq_C-Ci/ACH/PaymentAdvice/En/Invoices-attached/
http://reseau38.org/KpZKw-gMnAM_mAq-Eg/COMET/SIGNS/PAYMENT/NOTIFICATION/01/17/2019/EN_en/Invoice-Number-85877/
http://rmklogistics.co.za/WyjX-fK_mJuMRkAzx-bbH/INVOICE/49271/OVERPAYMENT/En/Need-to-send-the-attachment/
http://robledodetorio.com/HZlAt-fVcum_x-Fy/US/Invoice-receipt/
http://ronasmarket.ir/ESVD-XXlxF_PocOZiz-3D/Southwire/CZR601587498/US/ACH-form/
http://rvloans.in/De_de/ICRHJRV8928666/Rechnung/DOC-Dokument/
http://saintjohnscba.com.ar/Januar2019/DFTPHAQLL6932712/de/RECH/
http://salam-ngo.ir/yDdmu-GJ_VSwmngXHe-Dp/US/Outstanding-Invoices/
http://salonrocket.com/Januar2019/AXFYTNVC5943928/Rechnungskorrektur/DETAILS/
http://sandau.biz/De/STDADI7333419/Rechnungs/Fakturierung/
http://shantiniketangranthalay.com/anxo-vX_zXbKBTHKo-IB/Southwire/JIJ98549938/En_us/0-Past-Due-Invoices/
http://shlifovka.by/de_DE/VJDCNOIN0671082/Dokumente/RECHNUNG/
http://skylife.vn/MNMOAEJVCR8072449/Rechnungs/DETAILS/
http://slcip.org/MnBrK-8Ae_j-tc/INVOICE/En/Need-to-send-the-attachment/
http://souqaziz.com/nQXXR-yM0C_ehMzsVJUs-Nu/ACH/PaymentAdvice/EN_en/Invoice/
http://southgatetower.cdd.vn/MoVVV-sNhU_AoOvHA-zSG/INV/6740641FORPO/88220644916/EN_en/Open-Past-Due-Orders/
http://sskymedia.com/OTlDq-er_UxiKafT-x1/EXT/PaymentStatus/En_us/Service-Invoice/
http://standart-uk.ru/ZWLxq-Vw_YkYLrI-K6/Ref/3246030544US/Invoice-for-you/
http://starbilisim.net/ZentW-6g_zh-Pwe/En/Overdue-payment/
http://stoutarc.com/De_de/VTVKAUWC3556017/Rechnung/RECH/
http://survey.iniqua.com/WPUGCXUUCD7672455/Rechnungs/Rechnungsanschrift/
http://sutesisatci.biz.tr/pBAih-UHv_HowdfYoAw-vvK/87105/SurveyQuestionsEN_en/Invoice/
http://symbisystems.com/fzCwM-0s_bzzNowj-HL/Inv/02980941852/US/Paid-Invoice-Credit-Card-Receipt/
http://tanineahlebeyt.com/EwuZc-tcONu_hkZn-Eri/RW286/invoicing/EN_en/Paid-Invoice/
http://teacherinnovator.com/wp-includes/GCjhy-W4W_bAtbE-ES2/INV/4964296FORPO/20487666479/US_us/Open-Past-Due-Orders/
http://teamphgermany.org/WAtXg-ELk6b_qxGS-Wx/J36/invoicing/En/Open-invoices/
http://towerchina.com.cn/FfJO-pu_Co-LtH/ACH/PaymentAdvice/US/Service-Invoice/
http://turbineblog.ir/Januar2019/BIXNLLYWVF0213725/gescanntes-Dokument/Zahlung/
http://uborka-snega.spectehnika.novosibirsk.ru/Januar2019/PJJKBNGPL4179974/Rechnungs/RECH/
http://vaytiencaptoc.info/DE/MZKEPJMQUB4331974/DE_de/DETAILS/
http://wb88indo.win/Ajnqt-vB_KgAFxWSfK-ZE/invoices/0106/65482/En/Invoice-6749049-January/
http://webbs.cl/Januar2019/RNYOSEB6954540/Dokumente/DOC/
http://weresolve.ca/EUmkd-4tom_tGUu-r0q/invoices/9777/44617/EN_en/Document-needed/
http://whitekhamovniki.ru/De/CQCUFKTZJ0270182/Rechnung/Zahlung/
http://wikiprojet.fr/ARXFHCFHPJ6673068/Bestellungen/DOC/
http://wiseon.by/de_DE/QSFEOTAYD0755259/DE/RECHNUNG/
http://www.clubdirectors.tv/De_de/IPRXQNXPPM4929999/DE/DOC/
http://www.dplogistics.com.pl/PpCR-rB_QsLs-E4/ACH/PaymentAdvice/En/Past-Due-Invoices/
http://www.droobedu.com/HPyL-cL3ex_dEzh-KnJ/INVOICE/0796/OVERPAYMENT/En_us/Document-needed/
http://www.eurolinecars.ru/DE/DCFYDKPT8398668/gescanntes-Dokument/FORM/
http://www.forma-31.ru/vTCv-VcT0_oU-zjp/803067/SurveyQuestionsUS/Companies-Invoice-09329127/
http://www.gazenap.ru/DE/XLXPDRQBOE9525605/Bestellungen/Rechnungszahlung/
http://www.grupocrecer.org/DE_de/AKSUXY4373739/Rechnungs/RECH/
http://www.hjsanders.nl/rXqy-tOpX_bkl-K1/Invoice/8882088/EN_en/Need-to-send-the-attachment/
http://www.hopeintlschool.org/Januar2019/NHNZYRYQAN0737838/gescanntes-Dokument/DETAILS/
http://www.i-deti.ru/nVjNQ-kkn_UWN-fIq/Ref/9232315245US_us/Paid-Invoice-Credit-Card-Receipt/
http://www.jenfu.net/Januar2019/BZGHGBYN0416596/Rechnung/RECH/
http://www.kiber-soft.net/HBIVS-wLe_bcgq-GN/invoices/0343/79616/EN_en/Invoice-2574066-January/
http://www.kolejskilmentari.edu.my/MEFZY-R2eEc_OnxRMTNO-lNB/En/Outstanding-Invoices/
http://www.lexfort.ru/TXWGZ-RUqsg_oqLiGlZFj-ky/COMET/SIGNS/PAYMENT/NOTIFICATION/01/16/2019/US/Invoice/
http://www.lineageforum.ru/DE_de/PODMLRTCUW7550065/Rechnungs/RECH/
http://www.mandezik.com/ERqy-96Sw_Wh-hEI/PaymentStatus/US_us/Invoices-attached/
http://www.mir-krovli62.ru/DE_de/AUEANKCVDR7541948/Rechnung/Zahlung/
http://www.modelgenesis.com/De/MLAXWYUOMW8123967/de/FORM/
http://www.modelgenesis.com/De/RGVVPQX2802156/gescanntes-Dokument/DOC/
http://www.mother-earth.net/bn/wp-content/KwmW-WSOO_jYDW-B2t/PaymentStatus/EN_en/277-20-468894-239-277-20-468894-861/
http://www.muzikgunlugu.com/De_de/FYCXHTDB3652329/gescanntes-Dokument/DOC-Dokument/
http://www.pivmag02.ru/De_de/YWJLCUYZJ9767423/gescanntes-Dokument/Hilfestellung/
http://www.polatlimatbaa.com/KYiil-tU_vCgkGLzOE-Bh/ACH/PaymentInfo/US_us/Paid-Invoice/
http://www.rokiatraore.net/aNtC-irS_YIjcdb-skN/En/Invoice/
http://www.rosimpex.net/cpHe-bNdyQ_JbjWuhlfr-u5/EN_en/Document-needed/
http://www.salonbellasa.sk/de_DE/QFUXYEMG9304256/Rechnungs-docs/Rechnungsanschrift/
http://www.sp11dzm.ru/PveH-QdVr_GMdW-G8/Southwire/GSO70016397/US/Sales-Invoice/
http://www.standart-uk.ru/ZWLxq-Vw_YkYLrI-K6/Ref/3246030544US/Invoice-for-you/
http://www.translampung.com/ATEZSRMPER2853602/Rechnungs-Details/Hilfestellung/
http://www.webbs.cl/Januar2019/RNYOSEB6954540/Dokumente/DOC/
http://www.zhktonline.ru/QIUE-GjrX_jKqQbZtS-pg/J06/invoicing/US/Invoice-69989281-January/
http://www.zsz-spb.ru/de_DE/XLAQVVE1218218/Rechnungs-Details/DOC-Dokument/
http://yhricjpdy.cf/Januar2019/NVBBHBK9881944/Scan/FORM/
http://ysoredy.cf/Januar2019/VMAJGVUDB5016066/Rechnungs-docs/DOC-Dokument/
https://clicktime.symantec.com/a/1/Z7CVPvkpHpoYpvu6lSY5dX5gA2oWblTXq2X9tGxzPbE=?d=QiKKWZ5Nr3C3U9u7NMHgfhyZFs1qmJ5OQfQlxSMVovNZbTzE5uzGEaEtslVIA5d5P6q9jVkP8LXreHH23biWCfH2fGPyEnKm2ACYj9ay5OBaPiXsj8-xPWtgMB8MnZ_3A7PedG4PXU9AjdK-egrcB_oTTFXMCX-hfr926oY_fOqu_Zss08dDASqSfW0cAwl8LcZtvQdbBs4MBbabxwIxpXBgGSgQYF56-o5PKitGWoF7GPEZxpeL6S4axXgij1T_hfKoqXfm4DZMZQ2f1QpRS7SjFvFY91HQ4_3q8lBILUtuUvierSu-romOQNbo6JZ6Sldy1DwnZ-OhfCerzseZ1sg8SlfYYGZoXp3QjdC-JcwkngEEXZYI2jTNQfOWxrnnvCtfyb9CwslMC4lxlomeYxp0y52HHT9R&u=http://estylos.com.gt/VRYHS-lK_yyGW-yg/InvoiceCodeChanges/US_us/Paid-Invoice/
https://linkprotect.cudasvc.com/url?a=http://institutodrucker.edu.mx/hOWj-jG55_Uc-aQ/4072397/SurveyQuestionsEN_en/Paid-Invoices&c=E1kfTQ-JL8WK9k5PpVmOxAmpug0SkXjr8EJumZWPe6SL_NiGDzymeh5iP1ZUZ-6RyurtWb9ye9Eqcnj3fUC0mH-AaJmmmy7nFPq5FqW57Y_VcVHda_ymANJ3-p&typo=1/
https://linkprotect.cudasvc.com/url?a=http://stats.emalaya.org/KDPfP-vYc_VbAktoyl-2e/476308/SurveyQuestionsUS_us/Open-invoices&c=E15f_ccC6R4GYydM7atvZQhTEB_u9BQDG6RSGa_MctMLzok8EyTd21ZwbL2SPUFv67vcvGC_1pTihZlY0N4t9v9j8IfxDYhTZg6F6A7Fv-i4e7QYi7FGI&typo=1/
https://pojbez31.ru/De_de/HLZWYP1604214/de/RECHNUNG/


```
#### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
```
Creation Time	2019-01-17 17:22:00	(XML Based - ENG - Light Blue/White)
SHA256:
05668fd9ef981bb76d0d65eb3008772586be66450e1f2554f0033c4eb95747ef
86c7851ed4387f1a8e29736315cce8fe24f482052a3dd143d7599be4cac1e4d3
38d42a10c31ae01b71c26d8770a48b6cc7f273d832235876b52e964cb6dfa24d
14b37061552958acec36fe166e3bdb20a33d71e2dc97dbb8a94bbcd4906309a7
b61bdd8510e17b96736563d91dc1a8b02ed452171abbe364cdcfc16b4606985d
ce4c2dcac916f53f377bf1c312c6f8fae0e20143d3140b3cfe29d9862d52c996
f8da360d5e84364c044ffa0acaca6fd58a8fcf021ba4168012d005879e8c527c
7439d7c1de1e0abdf215476dbde8700ad72d68c66b1a3042f7ce160438c11ad7
d6cfa332a469951923d325eee1989263c3175e02fb2f1d590400176ebe3f2268
af02dedfccf3e95891cbeb17acf84866e1b6823ea60f6d0e56c36336d714710f
e01919915e2aa9514b5d13dbba552faf44b604e71bd8d590616a0f6c69964adf
f637838cb07e97a0e48374870dddb413705ae6774055365c1743964d95366363
1aabe77a1ed36a5abbabd3d412bfe9029abd5c6d4ca1ae2c0fa070858a6d258d
074c7010729437f63177fb113e4c763875735c8e9a311488403b3c6ffd223276
d7f23eb5200a4a11a6a544d94af970514644c916fdef171f9ac3f7adbd599dcc
05668fd9ef981bb76d0d65eb3008772586be66450e1f2554f0033c4eb95747ef
1aaa2283463377fc4ee89e6ca56f0d116d5cc1800b0c79601b45259d28d57872
df66d61e06a75c80e95ebd79271bf756406d57aba0f4d75c748b9d0b6cc19cb0
cb4579f25b0754ac63b69c1b082ff403b090a98c857a151c39b04ef10a3df79f
6405511526c1f27161c0ab5b63a989c64ca99d2e3635a2db4565889555a3c7fd
3f3f7321fa949e79e191647868aece83c5cdd572a13963e051e85418ba755daa
6bd86c605e976d7e431296a200ccd99d1fecb43b1ca1e113889c345fa9c9740e
ddd6554bc6da9fb2c3507ea30bef5fe62abd6b8b358304ff779128ec2752e06a
943d1654b57db4a006ff3ce4b02e96b5a7d22ab9ca6112dff8738fd7a23c0cde
ae93d5c0907081db48493fccd6665341b050b1b86f2ba478ef7abababb5df2f9
ac9c4d340e3f8bcf9edc95a29cece15f7053d659f19c0c456c77d1ed22f06446
35c8e21f7b4003f60fc5ef19656230f9b4874b19a7c28875a35162a8df4f970a
906e6087f7f52bbdb53272b4f8abd2316b924e3168b57b777a4de7309863e033
1cc162d86ab78270dc63fb85936688cff6658b3d7af1656234a201348a3968fe
ab009401f35e8c3cc4899d3fc838c13a91d8aa76d401970f588ecaec3fc6660e
cd0eb47314bef3f14a63f39478ad9fc7399f968650e2b2663cab63c834172adf
b7c9e89b65a67eaea3def6095af2a4ea6a3880b5686b39b7b5d74fca1d88686e
36a47193a3f20b2010b2f3e9705dac5f9bdc67aac28837e000cc21e9d6be7181
42c64f140ba3e3d41e321236796f7fbc5d0169f8415843dc248b115021f94e69
4d7631f71b1c41ea7256e4c46942d71647173f1848837e612e45c34159ef4279
716dfc78decb76cdb3e7f889f48d55c57c4304f658145801eedc8b8ffae06966
25e44a973c9800737c6cfe506108d6e24c56a8659cb43c78ca4fef8dd4bcc882
4fa57935fa8ce080dc045e24c397eace6c15dfbdf4001b7ef3f779bb48336dc4
eca11eaf5d408809c208bca01039e0b28e3dbec2c8ba7f8ffed7928c6b3d5585
5ee1743c6454070eeea89df954577f6647f7b855a01bd728ae1cd7f17eb684ea
08f59399eed28f349a17ac07a941d96a275a197cf98fadd653bb059b89cd698e
fc6f29e63f6f3757bcecb7f1aa8daa2c088bd314615b8368b585c5349ca31e5f

http://refinisherstrading.com/0ccRGilOI/
http://www.soloftp.com/EAJTlS0gfg/
http://www.etsybizthai.com/bGiJgZKiUj/
http://curiouseli.com/v601pQKUQ/
http://wp.corelooknung.com/8u7sDim/

Creation Time	2019-01-17 13:50:00	(XML Based - ENG - Light Blue/White)
SHA256:
6ba8c23b809b3c60d50088386cd301932e9e507d61b8cb2fa6be0b5d3b795de2
b016435e5ca9e1da9cd2949d40994298a6b3aae572f3b993f95b45c2b1617c53
8453ac74ad4e0e6cb0c84dd60ee73027e573717ee6e89dd8e85f35d2c67c2c23
bfa6205cb2e56a977557bf71c9e9d2ff240a8ad2ca9285b76c6b2fdbe70cfb09
5c3d4efbc54e68acbca50ddc428d5c999e749b7514b23826365b1aca90ed4b52
6e5e59537b7b0198ebb73f955489d79ddca2a8f75b025ad4a7fd7c0008e622cf
704d083fe2b3081d040adf995c6e0d9d1ff7ae43495010f8f94c91905ccf7184
2161ec333a683d25002bfbc8612f774b7e8708b8b87a87a20b1367a26a8544fb
86c7851ed4387f1a8e29736315cce8fe24f482052a3dd143d7599be4cac1e4d3
c0baaf14efb0a5456efc485c2c231f0648210fcb18ea4d7d0be01c5106b0d11c
684617529f4ad27656b3eb393df138e302cfcea79d7b44cca4a30515f050bdc5
f0673e6479c574f82c1a26f6cc3d862c5b7aaf9b0b764b4ab5e7e398bd16ba4d
48202cbd6b6c37151ee08f9c530d51c79a94db852b8a094489296aeaebab7545
a2c1de9ebcd839379fc5c37b62028607230587faeb92a3f46ff3dd925cd5c0c7
2c837a73db0b565b3bacfebf3d6c355ab8a248521069e86dee6ae540ceaa78e4
80475826250c8af677687a1ff76728dddfb2d84153b1ab67a39f2f3ff7921b9e
6b52ba311b5f8148c5980299d940c525a0067ecad7d9da7a01090b52ffa0ad76

http://kosardoor.com/PbEu786/
http://www.antique-carpets.com/PIpK4IlRd/
http://buyhomecare.net/RyoJj06p/
http://adamallorca.org/Jw3mayRvk/
http://kynangtuhoc.com/WRCk6xGo9s/

Creation Time	2019-01-17 11:49:00	(XML Based - ENG - Light Blue/White)
SHA256:
d43080541e77aa8e159fd03d9db894eb72123a3a90f84628ab23989f5c11022c
42e5506c49476192b20cbcefe9592230a0c94a68883221654fc54cef616f32bb
2d983fb38ca675f00680e15ce24992f364595c17e578d7ab9a662e6c935ae570
06af5f262b2fbfdb5a93d35fb84679f156550aebce5dc1fa6f5916334bc238d7
76f7fdcbd8aaf3bb88d4ee585baaa2ccf795342fd79eb09df76902c9f3c2022a
67d33a219e7b5e30e882e211a5be174921bdf9990ecc569f5b9ab4f61e2557db
98bd25cad923ea847aa409bd29238c55345349dd019699d7da307e5bd341bb26
f0f4bb66bd2f921538f5700b980f5991ef7b6480a85a0591eaeebf230b010757
0213ba138eaf05385155665f8ae567f6ae6c4559ab93e2e11ca0485470880515
8174ac611fb5df9721e11d29dc3a4a49f6fa087f0e497b1f38b3fc3b3818c4c0
4b549bbf3fce0b55006aee9210c6a66a209e54ba764abb2e5f306299b5a26cd0
70bbe0b58b1cd5cf6ae2cc52320ace634278aa93677bb86bbe5c7adcf6fd0315

http://deryaabiye.com/LrBN7ad/
http://staff.pelfberry.com/bNRouz3/
http://mabruuk.ridvxn.site/g5hHLoyE3/
http://leblogdemimi.theophraste.net/ZJRvNHDg/
http://awaken-hda.com/PIKtAm3u/

Creation Time	2019-01-17 09:58:00	(XML Based - ENG - Light Blue/White)
SHA256:
a39b80fd3f2e301d85ff57c07f2f1c98d3aea4ef1d7172f51df2b61b6fe645bb
09df35352774cb287efcfa5032ac6a575ee38d408dfb8e0e5c4e60cd707dc64b
d15c20a4f794f6cb3a1629d80a897275620f5225c909710504cde5b085c6702d
8f95e60d2ea7af46b8f5c5d9cd4860848acf486fd4f0a8d4f0d4c6d54176e9db
eed5a488a527491e24f220ac8a79305c72d345646c2e8b6003c0953a365401ed
41f668197be156e6bc9bd680948b77774cf320c64d13e066fcbaf65c14a44617
b7347f1cec56f6f31c440a2f6e9ddecca914344d65a7fd89dbfac112bfa737f0
b112a3914073a58a739802c63e709033b34beb20fccb6416bb5ab7cce6e13d0d
f7bf74d08305addbec76b79a105110fdd72fc3ce87b30880a9138177bfb2c9cf
bc2befdd690b5faa6dfa314f47d7eed7d1ffdc0fc52a9093cad1f02ea41d1732
6adea22bde713b2ffa11842879ef73914723bf8a629ac5edfa715ae51902e9c6

http://usmlemasters.com/9pOqELA/
http://kleveremart.com/OYQcjeyRp/
http://seedsofhope.wtmserver.com/t9eZ9Ax/
http://fiscaldopovo.online/eh7gVCp01X/
http://www.divametalart.com/BcabYiW/

Creation Time	2019-01-17 05:56:00	(XML Based - ENG - Light Blue/White)
SHA256:
24846d982bd992800dcadc1cb60fccbaf003f187024fbee8410081ec1acb911d
1495db2b5492ad5f0525709c8177b20616293e78f4905f754a325220fd9ecc82
12872164e3482ddedcf5c6943891bb1218b74556704b34ca4ee26428d8a2f830
ce4c22ab85f486117e87678b920d1df41413c9a70b3d259650bd3fb86eb35b7f
527837a5046f10ade13d3fd53e0b67833444068c38794a238d628ab3bb8cc088
23227a8bcdebb2c1f46b4e8337f2ddb9c650d57f651c9492c8a2a1f0ae7181c1
0e1f5a326bf1eab25f697eed59ea06be578915b26e15182ae08a43efa071a4a7
dc0e45e1bded135dfde91af70ce0d1ae644b7789cd96f22a997825d0812e042e
b2a0dcd6dc62b11b34179c30e3dfb4d5153f88cbb4961e7f12f2c66ee0f44f63
dc0b26364a27862c832e85bb30914e80cf788ec3130676ac4214559a4f001885
e1860dd0bd86a0e30d0a9c1d385bc00053a931f76775e34cbd84646535c0eeaa
5238c8d0496a8fe37e91b52886b910e30ddbecab17793843e9c5e063acc5aff9
a195cd4053a6fb832bbfb3ceb028d0ac86048a4aecbdf6bb70cc4da2c29e2994
7535f3eb9f652aecc4db33b2f0392043c6d5ebfba350c20f782ddfd7b2b8c359
dc0bb7c2b453a29a9aceaa095337058977159416145a1451d702790fcd713fe0
1d52be1c497e26cfabc7c82fbafff21694a7648e24cd92536c93ecf3843b1077
891c17c0cbd44446c0b4759f0352abec8e22ba66bbffb99d5f279f1b85958aa6
30bc1c2ffc695ebd2dd61a560b39387fa8c455a2a775026cc1eedeaa35f351d5
33097ec8c715c4e095f78f5fe21766bd3820c4e0c7c31f3a890dd312219afb2f
b97146a8cc03540316cebb6d6df242b7a84d2627447f695d6acde93e81e92fee
f0f099b199fe1916470ff3385f07e2fe5aff748096ea6240b0f1c88dbf0d4d4f
e1cb992fde431fac39d037e34aada6a30e68e8cd76aad7f22633f4c704222cb3

http://ayokerja.org/okQHEmqb/
http://www.estab.org.tr/U3L2aMZnmE/
http://www.teramed.com.co/TWK9BCYzz/
http://xyzfilamenten.nl/v4h00iq9W/
http://tral24.su/YW50qrlHa/

Creation Time	2019-01-16 21:24:00		(ENG - Light Blue/White)
SHA256:
74247f2d29bd281dd201ad42c08284fbce096429a43a8444ee4046ba66830b2d
a1a9c88f42a861e2c4810fa425027823b8b355764a347632e9cb8024b7ab239d
9a83aff8b39abbb87e6299b5c5e2b1f19b00d55dc539bb24b98fa063f88bbe74
a7debaf92fe54d88fd2bb53b08af6a49499e3b4fe632e8369ccfe1e7958e73ae
f96e5257c636d0de03f1a75c655fa8859453ace0172097688e7ff8f0d68a5aee
3e27f70d24ff1a6a40960d180d9daebfe720575d5dde820ef5f6131225b61b7f
1ff917391b92fc5afd793418d08dbf7826fcfe4d737e94885f334edd43d1702a
c2622f1da8a1a3b21d841a5ed26a450914829f171779875ea4a22c36af25bc12
c63b801b73ffc4397fcd7f78b2c3658ef29751e6dc84ff1468dc9068cf237a42
b5bf06fae173a18e200d6f62b55afc01d5719fed8daddedeec10d4a4b64f730b
3a39fb46a23ac953978510542c4ae8e2ad5adacf5fad91c5c0798936afff610e
9e91a755801befbafb21e9cf856ceac1c30efc4f388fa206d27fc5802ee30f18
0c6a36a40072fb7c19dc4bbfc52213683f3e84352ced38913c7c68671d636b3b
c8c377ef7ef9ea6942670a70c1d67036154cae97c744101067098063273fbccd
ee708209dc15f97f290e490bcc1bd29a1c3e5bd8474763e710bf7c32d780495f
81cb2e76a9e8122160afa0b6e7808e8a4027082707d6c748ec3381388af93e20
70ccf66a0e2b6c511f288a5aedb709debfcd5c3284c5985ae97652c80864d1ce
6a40d10ae0de295821136f7b68a3b50b0b0a21549e3c0a4c08105d200855779a
70fa77ffc64959f501bb8222a513294c53be954e854786fc136e38e5c16bd0aa
8f508f76ea66c35d67025c9f47701774cf7636431071f11bbf6ad89773397676
f490c06863cdadb5d2355ca8207b1ce58f04c6e5b537ad365c9f8596702eea1a
351defa63a0cdf2185222d7b909e7d5eb3ee4589a003773fcd1e2be896c46b70
59713b550f8c9dd92f03b83ed65318494064520fbc5b3a8137819b24f665117e
ee1ec78af15b765bd7f51aef2bbd42b4f82f0270fc1eca08f7c7225d30152911
3cfcbd443d75c7462d7a8fe19b98782e7d857991732ba7797233b9c7bf9f2b37
530e71f81673350630319346fe5828f2178bc51c6eafebf1a7c0a4e65016b4cd
058b080d6bebadccd475d28755250ad1eacb76f4cd272d8ca0de32d1fb08e2e0
75833f71ae2bb2a65c298a127cae4825ead3937ea30fccb243083352be678094
9a8300e977e7198fd9ed2679f16420c4d0b1dac2f16d3d74825289a4580757f0
254dfb21f1f3dbfd25545b97ca78aa839027dcb4214a131765c77ab57dcbd285
98b0aa071c0db90f5301c024e69e852ceb959b1739d9df685e254d22317f5b05
1f5e0f8451c56dc7195e78962d0c53bf7f81640118652313cd546a0d7dce2183
8e8e679ca81f4edc61e1389c2c5896ea54e322f4c43c901c961b38297a313e6d
1695f99f49247ad1de56df3b848dfd142ca30c5755a6cd05b799abf5212a665f
356f81da93971113ef694fe45b1cd40bd6c6cb74b2be7a60868a9e305fc57c4e

http://samix-num.com/BcFUhvDr/
http://economiadigital.biz/NKq5eOZ/
http://ftp.dailyignite.club/YNB95t2/
http://migoshen.org/FNE1TVJjI/
http://vanoostrom.org/w8yXb69h5/

```
#### SHA256s for Epoch 1 Payload EXEs seen on 01/17/19 ####
```

09011e747cd8996240a819afab3e376e924797fb792299a5e2a80cbf3e9ff58f
605662e12f72f1454c3719570172948eb0d40bc0af15ae8f3f2f32393ec13a98
548b9aa2c8da7698c2bcd7289db5c1f1562a5c85b4427bd85c063f667fd8d0c5
dea1aefd0b7f0ee52eae7ec1b488149e654903e99059514bbba09d5564717452
ce931690290d8ee7515441fa5775780296866c654ee28dc7b104dfef520e3d9f
3579eb3ce4a7c343e1697c401084a7eb6dc0fa9829fce7141b2d9120649197d7
c95a968aa36ca5a0eb1aa10caa8aced9ae7459788b1397c42bf9270ac4503626
6e8e1045a0039efacd0e7d11ed1d7eca5c5bcbd680f9c9c39943f1397d237a7a
4f431be22b49fef245353a3f2ff07b395a6e264751f9a625ae6e98fb6e025ceb
81b3d89fdfe743155585436e2571b947b4c0e803d8b2b32a7b2d93760643aeff
d93e9701e679d11bd8900e452b27343e0202b5461fb085ca56117f57446673e2
5cb6ceb68e18e21eac233d7675c21447f3cf15134b832678b896695bbcb4afba
19cd139eced8e1c495fbd64e84a0c16009fce6aaa0e5f0448e81167d5aa89ceb
067c610c6e6350b4145c5b1ef69b34096560fa27a59fbcb52dfd0bbf90cb97c6
8811f7e16d115f66b0f2fbc7357d02147b6b04594ce661286217b64a74085a4b
cf7d26cfe2960d5c37f2ee7cf70aefe993b211cf40814bf79bbd4fa0aa824464
2c4feeaba7c7a3a7760ef02be73e0e0b28edc9ac8ae25bc44b5c63a5d866d1cc
693a6fa44cb4cb65b549efaccbce1ee6b93c4b8aad538ddaa726c63ceeda1219
0c516d67a29a48e621675cb943472571e23de620b78c269b59c7c0a9e29262bd
6383dd7c624ae6f922a8d3843c953fef1afa7d87d482a9b064391b1871c13998
0c3a334d03eaef79f98b74e1ae49097c2ad2e1b34cb83abfc945bf59dcaf9a54
6e3b0deac0946b9df74b6019312945bf182c1cf867a890058f22efa4d23e7e0a
c646628a85a448735042245e4eacb7fec02d831d4661701696fc611121bc83e7
0ae1951e5144e1742d6e7023bc6045b5682444fae275cbc3673f63343c76b105
8d07e783d47d440f56081c3ef9b69e54be1b2028359d7c9c59ed738b79af4e6d
9bcb1c16daa987d93679303cac5fd95a079fcbf9fc193a2dcebceb7fe8ebf303
b7e47f336e7be12aff2f7c26ccc9b313dd7cf42982de1d2f04b519601617c97f
a87c5d0b3f1bf1b1f5d5e044f5e94eb8de88922251277a6c084f9d99f3976898
d99a63e6983d106ba3db405c6ef683036893d4bfc336acf0d64c475760cb87ba
2878c84b2005b984722a83b4ecdae53b43e9957bcafb2e2feeac57f1346a2f49

```
#### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
```

Creation Time	2019-01-17 16:24:00		(XML Based - ENG - Light Blue/White)
SHA256:
c12f5729ce82cb4b4ab368a12d8f01010d23a4ece840bd8142dfeb091a14d69f
cd5660bbb34a8fe95e3f897b725fadc50d7549e7788cce8202e673b7190875ce
3a13a72e8e0f965b713c4adb5b492d41826b8db15493fd124c81b0960bae8e63
2f480ebc6225bee38fb9c19a65623725ec002bff2c61e485e9bd2946a88da517
188deb50e3f4462db7aac331446613904c4aef59b9c4d42c01fdb75c7d17e5ff
8e9274bfc8514fbb99edc3671d4daad7f1209310e9eae65b011cb079795b2dba
223bdd78de84aa3e64715925e1364c2a207cd09cfc06d987aaffcd0a9a396de2
8b985f0e1eb226090c2afd5942fb6797ad48b4d5df2a108d9ce970ee17537d51
e8b0baf3f69a3b2f024ae05b10b0593a92b3532e9ca19f1ed8e0081fb5b33da8
69a70287fe49c920df629d642c16d006f753b6ddede0a07c7a6c4eecdc5fa6fc
62d05bea2e6132cc4bcf9c772a4c899c8c432ea3c39463c713efa9c42667d8ea
651420637a01ad7acbea4d5cd08e78da6ec0281cb017b56034489f233d0e9a73
65469b78eead0c83cd13f5764f503f9cd2be6a8f4512596442b3b0da2217163f
f50de71d771f8c0d303c2f63f2a6010436020aa0ab01a6a654df5392f7c453b4
120a52e2ec87bbc18153a15632fc979b6464d7d3abfdf0584708de1feafbee51
a1dfec6b07afd57f16682a802d37b35598f1c82afc90e2f4d30bfedcf8db0509
eb24104819bedf325326d772237ab87123274f0452520c82d67d24f1cd2db800
0c2769eff17252b28f262609e44833d7298acbc72f274a99a25ff81f20c2a808
577ac54f8a779c17bf78da621adfc246fad0e07446cb59ac9db8e33cf4b1dd82
3721550533df77bc451e8eeae2deb221ff35c6b4230644e4d9f64fd8e6fbf281
63571aace117fd04d446dc3fac0a1d3c5e5269218ea63494c8d8bf0e0e09f7e2
c7855a96af944828aad99abdb653d40630ec23598bf7f4f73f5ad763cb669d60
559df7b9597bc48c9f3714eef7f41660ad9d025bf5e44dc9e2666755104c1a45
d03f90260a274ae4717d79721b35bbdbc35679739d1b089270cc72b28bdabbdd
797626d536c770b3e8975f017c3ce07e119575ba10c65d5df72b9c94a2e780b0
d2c9634d8600b4eeabfa247e4380fb1f926be368c55890fa0bad1fed1ddde483
dc568cad9e683e3201d913ce06bda3134e2b811f38bd44f385fcceaa45547c3b

http://fleetstreetstudios.co.za/LcX6_wx2gkPUh/
http://pentick.space/8EVxz_Uvsd_4/
http://www.ipbempreende.com.br/d2gp7Tj_xfPR2/
http://plottermais.com/geYz_l5Du/
http://aplusglass-parebrise-anet.fr/T4V4_LvALup08_FOXAtN/

Creation Time	2019-01-17 13:24:00		(XML Based - ENG - Light Blue/White)
SHA256:
aaaf286e5d5a7cdda590074b203b3b933ff20508d3c3bafb9f7015e8ba121dc0
683fe729d8ca82cb64f0b884292586ca7c6460c41b5fd5678d7d8ca143c4dd16
f73410a5208f7a5fc5cf661626af3f8188641152b19936867ca325a9e03f8e22
f1885c5948141386e130b932b23c543066971a59e3785fc6ba60c06bd0340cf1
dc5dc375b35cbae619cc84d176290064d71d598535154dca7f14c951d718698c
5e4c0ce5a20132df52ea7eb234fae2577af27831fdaa42d81ada334fb33746e8
13f3a6edbc7e5a16f1f4984952b20fb5297e26b6f1086d2755b827b242e12efc
3091e506647e2a17ae06f49b15e986c45a6b8a5682b1e31f03bfca0c1104caa1
c8f5728aeec6d41cf8c50c518d105b8734c8f2288a11aabcaaf4b4203293e38f
8c03b497222977465fe7fcb76f22dd288f6412f39dd636fadd93a33fb5db424b
a1100c2924068c7644213e18725dd9468555abd8c5d4102c4da3537d904a1d46
df326967c029b1e771039c207a038e66939e640a1c96861979e3be4fb29465d5

http://www.klussen-gids.nl/xzMPGNb_wYmswEnQ_ugnZr/
http://otkachka.novosibirsk.ru/iyqDsD_mViujo_JLyB/
http://www.biometricsystems.ru/DfI5jgz_WjwyzgT/
http://www.shengen.ru/sites/default/files/jBkgiodo_Uxnlb4D6_wIX/
http://highclass-store.co/NzDOK_DeMJ9_tU/


Creation Time	2019-01-17 12:50:00		(XML Based - ENG - Light Blue/White)
e14235e1a65021134395b8177252844b1fbfadd5d7ff4ad4a0d3121dc840fac1
b596ba2574e7ffdeee42a68c5984dc026c5fe047ed5aaa6a05b55713b1240aa1

http://www.klussen-gids.nl/xzMPGNb_wYmswEnQ_ugnZr/
http://otkachka.novosibirsk.ru/iyqDsD_mViujo_JLyB/
http://www.biometricsystems.ru/DfI5jgz_WjwyzgT/
http://www.shengen.ru/sites/default/files/jBkgiodo_Uxnlb4D6_wIX/
http://highclass-store.co/NzDOK_DeMJ9_tU/

Creation Time	2019-01-17 06:38:00		(XML Based - ENG - Orange/White)
SHA256:
48f8fbd21177f832ac35aa84dfdbaf29c85750be48f9b4cc62ba6319c0dff2cb
520b6bf741311509081afcf4caa1cab120c6afb0dff6c9324ebe8be3d8b0dfa6
ce1499f8ff66310eefbf92618c53f5584af11bdacf5088818f6edb7c794989e7
fa2a9972975eee1ac59eda3149892beeb2c51949ab3221cdeda6a51908878617
a761c18902e7073d8e79209e4c629c6b9baf49c60a9e9411d988f7c08e9a16ad
0bf5146bd9a780fb8b7d49e98a74264cddbd93fbd4987a78a7cd3f211e235dd6
3041ef357cdae95393756a565e30f921c8a5e8f1c57dc15cf5a33a99627105e6
d22a0418df5b3f9426caa353e24c005d7746b4713ceee32cbbb886041a60d195
b9ab4e7c43dac00ea2c9a9ba1edb5a0bdc88051f5c338219013fae013e703cec
8c27ab6286b9b097166a1717df3186f92ef8c1037e2c2c89b8e7834482109d4b
f9bdbc64944b4ca52477eaf0e11ad7816cac6490e13442be21a592b4585c2161
91b9982b4dca79753b777f715dc8ddc5ff4e8a239b6bc9696ac08a11797165fa
41add585179248d024e692e5f320abbf18309d3e28871d0530d29a4db8f4ba69
34db885f2f34af721ab4e883ed9a6e88189b826bcbdbfc33317047925bf837a5
f206e303c4362a8c1323028dcec49e88e0ff0f92b1f55d5b426a62c1c0a137e0
7e4852c4cf7201cf46af76adc3297244bdc76f8bda1e335289b8968fe0816088
26f72f4268e98baeb5aa994b891bbda551b8499cc16102d8cf6289b4e473cbb5
705956af8decec2d5d00a608f47f8c0b465e3efb822ebf30506eaca3677c0583
02b7b41ed6ac77f1c2738385bcb72c0ab6e4b1cd502575fea7fd753db725b065
03f6ba987a58600a1f10d901e9a05ddfabc99143408fdc50866caef741404648
eda5d75634496c6c55489422d32d0bc3c7ac367ccdcbf34467da8d95bfffb1d9
f57e34bac3ba01449d2eee5026b76a53bf9f7fc23ce14b421d7382866ec3164d
2f742774f4a17e593854bbd608780edcce7cbd943ed01b10cd1728f90f526945
6fc278655d224e41eb0f40d5541490ba78f74c6397665bd024b2c6361f793090

http://highclass-store.co/NzDOK_DeMJ9_tU/
http://baskanligagidenyol.com/1iSd7Z8y_h1Ocq_hmfW4vH7L/
http://xdr1.worldcupdeals.net/lAvLC_PBfsCn2u/
http://copsnailsanddrinks.fr/xvfJWVVk_XU1eI_xgRV5il2e/
http://jauniejizalieji.lt/069P_JsyDbKmkZ_r4UUahza/


Creation Time	2019-01-16 22:56:00		(ENG - Orange/White)
SHA256:
161a1ad458ef0e1d8a9ded08a825ef4566ace8bb10987e12552e0402e3a117d5
af11300d5b2c379e374e85bfd77ad15c96442f200af2125cd5d79b681e22cb54
9374825b08213ea191b3e55bc7c187f565feee130a2eb86a3d1da4cedc5d95b3
6a9eaff95d5cb1b19f2fe175b3bebfd3da84d03afec17dce1ef5dc6a040f887c
967d8dddad0f7e2b2fb84bfb4c49534fae714bfbfc75616b7756f5a67be5e3b3
3cf3812cc56eee4fa5a544af826df716ba1565a33eaa75cd5d5139d1855588ae
374b171a47de4945687318c1a778cf7a3bf851ffc51ed96a255563e33c1f4c61
08d2f41450b5c87d2194cf2f5e663de31020640b1903616fd9f23911c40e5872
5aea4f670711c2c08df3cea6f7076d75eec7fb3c2c12a0e6e71e18e6ac21b042
350d310084f14f6e88a8acb6adbcbd248b89e77c200a03b45db2276ae59fdebc
51b37a4b8922c1129f45567a2164dbd26787bfc99a37bec0423ccdc825ae238a
ebc6c9724653bef31d1f477cfefed711624b82c38565e810f0a0343778ee0724
6be0a309c16ebf5e537128242233e96090d329541b80994a3ec9711286169b32
ebdf5f0225e32c80eb88cf53652a0d92fa855b612fa8044e586d304fc8010bc7
b2c03cb3a03c45030fbf8fd69589f0ccd8ba1f025093432e73b1d7a2a0dd4261
f703b68a03a30b32bff6dbef96665f960871d69ea6c0b9a9fc2f43dde061cbf7
1e6ab5f1a8b354b0f871584f37d679097ce3ee839bc64e534ad8b3508e8abfae
fc43f4587ff09376034aa7a38d17bf49cc9d3238d61463ccd596cac003bcdc5f
ca805254ac49b9c4f36fd9c13ea6f053614c7f7c5227d40e2e7d5ca529873297
7463cfdd3562d9f950c1ff9c7d60f5a1cd87be03b16b7ea120d4a945b1bf147d
ac1799f9b3a672cdbf5d43c8a2d5c83c07069d2404e6a95c6e21a1abce0c3040
4769752d4529fb52228b01b130d8f56e5f2cbd18db9b5a5e3d03856ff58bc3a5
30afdd7bb8e1599ed650397fee21197abb47a871fa4c5dbe58c2ba977ff1cc3c
9e029e7e84abd91bc4045b2e94be71a178b07a91a8ac0745f1b3d520816ca256
141b85270a591157af1369b2729034eb5cec87445b3fb604ac5df6118ad77a2b
5263d5b52ab1270adb432db5bdab2adf613c65c07adc8c71d505f737cd6d61e6
7af0310a3b108e72739535916ef251b916f3cdf56478e460d230f28f6edf59bd
c36d7096ef6b23ad823450baf8544a5a1337363b370ca54c971ff69c2f0629c4
1d5eed4a3aa857613a58fa816a187e18b1a9ca1c2460a3814fd20c6ad220ab30

https://anhle.art/t2ZZ_zOxsnfkSJ_ClUxs/
http://www.binsuloomgroup.com/wp-content/uploads/TyUg_qOsCOz4O_5uPw9YSbO/
http://bonnyprint.com/wp-content/PCT_0H8S_L9zVHlYSF/
http://ftp.spbv.org/worem_2o27v_d/
http://flowersgalleryevents.ayansaha.com/2Z4fO_YmAY_BqDF1wD/


```
#### SHA256s for Epoch 2 Payload EXEs seen on 01/17/19 ####
```

68cb58314a7003da97482a4f0f0d0efdba738baae2fc0f8eb8bf6e2b0af8e10f
9543b8b3e2b8331274a0a17dac75c43e109763d8689c46a77ecbcc15adf493a6
06df7c15530dec0cd1053a78287d46505a730b6b4411d34fa43c96a6d17840e7
7a66f51241cb8e9dabb0243c45fae3c827a789fbc3787fc9c131e79c06f308f3
5f2fb98d4be69f5fa4c053f9278c028fff5d87d26bc75aca7c5b92e6da8b78b9
fd867a5dbc9d3258c8fc88d95fd621e263fddbc9076eccbdc844edc08ca5addf
0ce8ebb8decdaa34593d9d58005c01f7cf33b4c1d4e851f3ff220bb61185a22d
cfddb0d4391054adb4d130a3239ea1a30e1cbc8044810dd89baf31e005916304
aff9e7c30d4d467d02f89bb2afbdda94920ccd824b1cf0bf092ce65de9f96dca
a6119f442c336a2b8dccddf9cc7d75b5119ec8c1bdd66198437bc34ad2eaf0b4
77fe53761fa6ebd6bcc6bedfaa911dd9d041e2371fa2a2532234f1bada05e051
9ce73d0a2fa048516d991dafb7cee01b7da45358ba9df653bbe813aeb281e32a
7134d7bb507c56e18ad7a0d612d59834788bf98df750c7b5b99110eed9a4f4e8
27a34b068d80149de1038603c1873344bee215c15af6d55d980416b0612a9525
bd060661fd76a2c0156d9988d69f033a4a4773f847ed8408f715589427256051
f1afb0a018ea40bf19e242386c135993f92638c5e9c54900d218373aeb6a05ef
e11a346123bf84e55ce564d403bd9da2fa676caa2f8cde871b70ea7089a944b2
80d1cbd2633a8c28d89afefae3a86bd8f4efa0a65af64efcc5cde1bf11c937df
dfae2d75e9fb3bbdc3e446ae434a7bc6f4165bd290a7fa98af53032feb9c539d
ae54e7460fb6cd5d8315590f3c7603a9bc94a7171f998860815b321b8027cac3
ef5b00ed0d619a316a16daee57fc9d9e81f720721771fbe621d90ad93a2acce7
6b7a6f75b3d3999d070cb80aa438b438da9aad7c064baf998363cf532df4e6c6
c46cbb9d94ce13e81537427ff9565f5f8803628d55614ec5f4de0df436ecfdf5
c12cc5ad80ec76c9eb1d4ab2aca0ea7c2eede2b769323cf6360291ea59bb3f98
9b10e45b9f506f14ad4f1ff0390029014bd13b1ff3f9e780803b6e43a856767f
336636f33e83a65d90de58460b62f66b168933f3685680792991fb320d04e583
bf8689bcc2b06d9b5fe5db0658156aa67bea58f021d0cc242318eb13508fee5f
a8b1aef66f6cd121842106e36dc9087c5b5a3accc945f2b8ebed6acae35b5796

```
#### Epoch 1 C2s ####
```

109.104.79.48:8080
116.240.3.27:443
133.242.208.183:8080
138.68.139.199:443
144.76.117.247:8080
159.65.76.245:443
165.227.213.173:8080
178.201.186.245:143
181.167.49.76:80
181.211.11.171:443
181.45.45.132:8443
181.54.202.80:443
185.38.216.84:80
185.86.148.222:8080
186.129.174.150:8080
186.190.192.84:143
186.90.155.228:21
187.137.111.0:21
187.192.133.210:53
189.159.119.242:22
189.163.44.44:143
189.173.4.161:995
189.190.40.163:990
189.208.126.53:143
189.250.100.248:465
190.146.158.142:993
190.190.101.38:443
190.195.169.170:20
190.226.34.8:21
190.245.10.162:143
190.25.255.98:465
190.55.123.250:80
192.155.90.90:7080
200.43.114.10:8080
200.83.21.5:80
200.86.246.50:20
201.103.81.129:80
201.200.3.74:21
201.231.70.72:80
210.19.41.87:50000
210.2.86.72:8080
212.81.22.231:143
216.252.83.23:20
219.94.254.93:8080
23.254.203.51:8080
24.222.22.58:990
31.193.130.187:443
31.53.229.122:8090
45.73.27.218:80
49.212.135.76:443
5.9.128.163:8080
69.158.10.125:50000
69.163.33.82:8080
72.47.248.48:8080
79.98.31.206:443
80.12.84.86:8080
92.48.118.27:8080
95.9.248.89:80


```
#### Spam/Stealer C2s ####
```

181.167.49.76:80
187.147.153.225:990
187.163.213.124:443
45.70.90.134:8443
50.116.63.9:7080
69.163.33.82:8080
79.66.242.43:8080

```
#### Current Epoch 1 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+
0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ
Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB

```
#### Epoch 2 C2s ####
```

105.184.219.102:22
105.225.161.70:990
105.226.195.36:21
115.71.233.127:443
117.197.124.51:143
118.175.93.254:995
173.252.33.186:80
173.255.196.209:8080
175.195.100.9:50000
178.254.31.162:8080
178.62.37.188:443
181.171.28.140:80
186.46.255.217:20
186.67.88.242:465
187.137.111.0:21
187.144.78.190:20
187.247.125.144:990
189.129.160.167:20
189.213.205.70:80
190.138.221.70:53
194.183.83.82:80
194.85.67.180:8080
196.210.47.216:443
197.88.29.182:53
198.74.58.47:443
200.24.248.194:80
200.50.177.218:80
201.251.43.69:443
201.251.43.69:8080
208.78.100.202:8080
211.115.111.19:443
217.13.106.160:7080
217.145.83.44:80
220.123.35.12:8080
24.51.106.145:21
45.123.3.54:443
45.224.52.174:80
45.63.17.206:8080
5.230.147.179:8080
59.102.162.246:995
59.23.248.48:443
62.75.191.231:8080
67.205.149.117:443
69.195.223.154:7080
69.198.17.7:8080
75.99.13.124:7080
78.186.26.189:8090
83.103.164.123:7080
83.222.124.62:8080
85.54.169.141:8080
86.122.149.86:8080
86.98.71.253:50000
87.201.127.70:80
94.63.172.7:465
95.141.175.240:443
96.22.189.104:990
98.142.208.27:443

```
#### Epoch 2 - Spam/Stealer C2s ####
```

187.178.233.96:8443
190.112.228.47:443
216.154.222.52:7080
95.78.115.115:50000

```
#### Current Epoch 2 RSA Public Key ####
```

MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx
S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc
hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB

```
#### Credits and Notes Section ####
```
Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen

NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.

UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!

What is Epoch 1 and Epoch 2?
Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
as far as I have seen.

```
#### Community Lists ####
```

https://pastebin.com/kdBr0ktv - @pollo290987

```
#### Credits ####
```
(OC from @JRoosen and/or combination work of the following)

Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey
C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
@gorimpthon, @Racco42
Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic, @JayTHL,
@Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey
Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt

Special thanks to @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with all of this!

Very special thanks to @capesandbox, @bigmacjpg, @decalage2, @digitalocean, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic,
@abuse_ch/urlhaus.abuse.ch and @Virustotal for providing services/software no charge to this cause!

```
#### Daily Log ####
```

Well the XMLs are back on both epochs today. The first payload set that was issued shortly after I finished last nights report and they both were XML based docs.
I have labeled them all above. They are all the crappy Light Blue White template that is LAF. How people fall for this crap I will never understand.

Worth noting we are up to over 55 C2 IPs on both Epochs, this is abnormal and the normal amount is closer to 40. I am not sure what is going on there but hopefully
they are experiencing a lot of takedowns or cleanups of infections. Now would be a good time to refresh the C2 filters on your perimeter.

Malspam was lighter for me today with only about 50 received but others said it was one of the heaviest days in a long time. I believe they may be experimenting
with a new targeting algorithm or something that is causing this with certain domains getting targeted.

Most of what I saw today was Amazon Order based malspam from E1 and only a few E2 Invoice type ones. E1 seems to be spamming heavily and is using a great deal of URLs.

Till tomorrow.


```
#### Sandbox 01/17/2019 ####
(all with fakenet and MITM unless spam/secondary infection)
```
Epoch 1 C2 run at 23:15 https://cape.contextis.com/analysis/30729/
```

```
Epoch 2 C2 run at 23:10 https://cape.contextis.com/analysis/30727/
```