API tools faq
paste
Advertisement
jroosen

Emotet Malware IoCs 12/03/18

jroosen
Dec 4th, 2018
2,121
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 29.98 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 12/03/18 as of 12/04/18 03:00 EST ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 12/03/18 ####
  5. ```
  6.  
  7. Seen only in attachments
  8.  
  9. ```
  10. #### Epoch 2 Document/Downloader links seen for 12/03/18 ####
  11. ```
  12.  
  13. http://6.u0141023.z8.ru/default/gescanntes-Dokument/Zahlungserinnerung/Rechnung-RDT-30-77665/
  14. http://715715.ru/sites/Bestellungen/DOC-Dokument/Rechnung-MN-64-04853/
  15. http://8.u0141023.z8.ru/qf9ra64OI927/SEPA/PrivateBanking/
  16. http://aapnnihotel.in/Dec2018/EN_en/Past-Due-Invoices/
  17. http://acumenpackaging.com/o4iAUG/SWIFT/IhreSparkasse/
  18. http://aist-it.com/y6zORQh2aXC85gQr7sl/SEP/Firmenkunden/
  19. http://akdforum.com/default/Rechnungs-Details/DOC-Dokument/Rechnungsanschrift-korrigiert-UOV-96-77699/
  20. http://alexandrepaiva.com/sites/US_us/4-Past-Due-Invoices/
  21. http://alexzstroy.ru/bg8vrj7Qd0QDeh2djj/SEPA/200-Jahre/
  22. http://amerpoint.nichost.ru/Dec2018/Rechnungs-docs/Zahlungserinnerung/RechnungScan-GC-89-62429/
  23. http://ardan.net/Document/US_us/Past-Due-Invoices/
  24. http://article.suipianny.com/sites/Rech/Zahlungserinnerung/Ihre-Rechnung-vom-03.12.2018-FUF-29-01455/
  25. http://auladebajavision.com/TxbhlTlxU9R/de_DE/IhreSparkasse/
  26. http://barbararinella.com/RwbrDmKbSE/de/IhreSparkasse/
  27. http://bemnyc.com/default/DE_de/Fakturierung/Fakturierung-PM-30-73789/
  28. http://berensen.nl/INFO/EN_en/Invoice-receipt/
  29. http://brandsecret.net/sites/Rechnung/DETAILS/Unsere-Rechnung-vom-03-Dezember-GBG-29-52306/
  30. http://bygbaby.com/Dec2018/Rechnung/FORM/Zahlung-bequem-per-Rechnung-EW-33-86356/
  31. http://bzztcommunicatie.nl/files/Rechnung/DOC-Dokument/in-Rechnung-gestellt-ATK-15-20482/
  32. http://canetafixa.com.br/xerox/US_us/Past-Due-Invoice/
  33. http://car.gamereview.co/DOC/En_us/Invoice-58457792-December/
  34. http://casadeigarei.com/Corporation/EN_en/Invoice-receipt/
  35. http://catairdrones.com/default/EN_en/Sales-Invoice/
  36. http://chang.be/xerox/US_us/Past-Due-Invoices/
  37. http://coreykeith.com/fancyladcakes/DOC/US/Outstanding-Invoices/
  38. http://cosmoservicios.cl/FILE/En_us/Invoice-for-f/b-12/01/2018/
  39. http://cremantwine.dk/LLC/En_us/ACH-form/
  40. http://denisewyatt.com/CXSDSXV2476722/DE_de/Zahlungserinnerung/
  41. http://eqmcultura.com/Document/En/ACH-form/
  42. http://film2frame.com/sites/En/Invoice-receipt/
  43. http://freemindphotography.com/Document/EN_en/ACH-form/
  44. http://fusionlimited.com/FCOWALDBJA3052297/Scan/DOC/
  45. http://gd-consultants.com/sites/Rechnungs-Details/Rechnungszahlung/Unsere-Rechnung-vom-03-Dezember-AT-17-84116/
  46. http://germafrica.co.za/Dec2018/En/Invoice-Corrections-for-56/85/
  47. http://ghassansugar.com/doc/Rechnung/DETAILS/Hilfestellung-zu-Ihrer-Rechnung-MHZ-56-61023/
  48. http://ghoulash.com/RWNTFUJNZ4562177/gescanntes-Dokument/RECHNUNG/
  49. http://greenplastic.com/COUMDPOY6611872/Rechnung/DOC-Dokument/
  50. http://gulfcoastcurbappeal.net/INFO/En_us/Invoice-for-i/l-12/03/2018/
  51. http://iantdbrasil.com.br/ASHMID5300975/DE/Zahlung/
  52. http://ipaw.ca/KHRVXCE7907808/gescanntes-Dokument/DOC/
  53. http://itelligent.nl/HVCDDCWSCY6948898/DE_de/RECHNUNG/
  54. http://kitsuneconsulting.com.au/DOC/En/Past-Due-Invoices/
  55. http://laparomag.ru/LLC/EN_en/Need-to-send-the-attachment/
  56. http://link2u.nl/aEyTXITYb/DE/IhreSparkasse/
  57. http://lotusevents.nl/CXDBUIFJQR4250849/Rechnungs/RECHNUNG/
  58. http://miracle-house.ru/SlXHLuE2fF8pz5L/SWIFT/Firmenkunden/
  59. http://myunlock.net/doc/Rechnungs/Hilfestellung/Details-EW-95-00421/
  60. http://nesstrike.com.ve/5MQxX115CFjIlNmVi/DE/Firmenkunden/
  61. http://ngayhoivieclam.uet.vnu.edu.vn/wp-content/newsletter/US_us/New-order/
  62. http://nklj.com/Download/US_us/Open-Past-Due-Orders/
  63. http://paiian.com/web/site/sites/EN_en/Invoices-attached/
  64. http://pnnpartner.com/scan/En_us/Question/
  65. http://popmedia.es/DOC/US_us/Invoices-Overdue/
  66. http://psychologylibs.ru/Document/EN_en/Past-Due-Invoices/
  67. http://radiotaxilaguna.com/Corporation/En_us/Invoices-Overdue/
  68. http://real-websolutions.nl/FILE/US_us/Invoice/
  69. http://rectificadoscarrion.com/files/En/417-85-154162-851-417-85-154162-264/
  70. http://resonator.ca/newsletter/EN_en/Past-Due-Invoices/
  71. http://robwalls.com/Download/US/157-77-230948-569-157-77-230948-159/
  72. http://shreeconstructions.co.in/Download/En_us/Overdue-payment/
  73. http://standart-uk.ru/GKHSlFLfymNBHFExf/SWIFT/IhreSparkasse/
  74. http://stars-castle.ir/D9eJIDLdIfWz46y/de_DE/IhreSparkasse/
  75. http://starstonesoftware.com/LLC/US_us/Scan/
  76. http://strike3productions.com/Dec2018/US/Invoice-receipt/
  77. http://stuartmeharg.ie/DOC/En_us/Invoice-for-c/e-12/03/2018/
  78. http://symbisystems.com/Dec2018/En_us/Invoice/
  79. http://telovox.com/newsletter/EN_en/Paid-Invoices/
  80. http://thepcgeek.co.uk/Dec2018/US/Document-needed/
  81. http://theshowzone.com/doc/EN_en/ACH-form/
  82. http://thoribella.com/newsletter/EN_en/Invoice/
  83. http://tomiauto.com/INFO/EN_en/Summit-Companies-Invoice-9352872/
  84. http://tom-steed.com/pYP5mhsWm/SEP/PrivateBanking/
  85. http://tornelements.com/default/En/Invoice/
  86. http://tracychilders.com/sites/EN_en/Invoice-73731254/
  87. http://triton.fi/files/En_us/Past-Due-Invoice/
  88. http://turulawfirm.com/INFO/US_us/471-83-650909-830-471-83-650909-334/
  89. http://twilm.com/doc/En_us/311-04-066942-345-311-04-066942-793/
  90. http://typtotaal.nl/Download/US_us/Open-invoices/
  91. http://ulushaber.com/Dec2018/En/Outstanding-Invoices/
  92. http://usjack.com/LLC/EN_en/Invoice/
  93. http://van-stratum.co.uk/FILE/US_us/Important-Please-Read/
  94. http://vdstruik.nl/Download/En_us/Invoice-for-you/
  95. http://venturemeets.com/DOC/En_us/Inv-962955-PO-3P838417/
  96. http://venusnevele.be/LLC/En/Outstanding-Invoices/
  97. http://vitalacessorios.com.br/INFO/US_us/Summit-Companies-Invoice-03344259/
  98. http://vitaliberatatraining.com/files/DE/DOC-Dokument/Zahlungserinnerung-vom-Dezember-QJD-60-56842/
  99. http://viveteria.com/Dec2018/EN_en/Important-Please-Read/
  100. http://weisbergweb.com/newsletter/US_us/Outstanding-Invoices/
  101. http://welovecreative.co.nz/files/En/Invoice-11126369/
  102. http://weresolve.ca/xerox/En/Open-invoices/
  103. http://wpthemes.com/Corporation/En/Need-to-send-the-attachment/
  104. http://wrapmotors.com/Dec2018/En/Invoice-receipt/
  105. http://wssports.msolsales3.com/mWAne5A/BIZ/Firmenkunden/
  106. http://www.eogurgaon.com/wp-content/uploads/2018/suCm0BRFlDQXEh/DE/IhreSparkasse/
  107. http://www.flod.it/R20BWuS6uusvKQiMyg/de_DE/Firmenkunden/
  108. http://www.floramatic.com/MOyfn6l/BIZ/200-Jahre/
  109. http://www.lotusevents.nl/CXDBUIFJQR4250849/Rechnungs/RECHNUNG/
  110. http://www.standart-uk.ru/GKHSlFLfymNBHFExf/SWIFT/IhreSparkasse/
  111. http://zuix.com/sites/EN_en/Document-needed/
  112. https://www.vdvlugt.org/UJXLQT2997047/Rechnungs-docs/FORM/
  113.  
  114. ```
  115. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  116. ```
  117.  
  118. Creation Time 2018-12-03 20:34:00
  119. SHA256:
  120. d65a223cb68f95c6811eaa77fb2e3b374b69423b6b3942ec5e390b905b2429fb
  121. b9780d2951bba0e871622b66193763b9de4d9d3c5f5bab87b653c34bba2d9ce3
  122.  
  123. http://holhaug.com/YeIyfdUcBo
  124. http://brkini.net/o8MS8X4
  125. http://adsmith.in/9zPcEumvy1
  126. http://ipekasansor.com/74SanEK0OG
  127. http://gapsystem.com.ar/7qNiy0g
  128.  
  129. Creation Time 2018-12-03 16:09:00
  130. SHA256:
  131. 5ff19cfd98e7ff6f49e59a2a39b07abb41e52dbba1725b97753ca51c7aff3cc5
  132. 20898134bfaca8601563c4ae5b82e80eeb4137f7b0b745cfd90efb671999bad0
  133. e4e9151b0b9602f2c9baabfdbcfadbe064b5e3c933a79f5b6bf5e9cb2a6f50c3
  134. 5516d7f96d60cf55cbce745760b3c4115a920fed0d60ccba22ce69ce1ac21585
  135. ffa5d6dff0b63a1c3cbd29e8049e92cc6b50f59c970e99ca7726dbb42ba7142f
  136. 817ea8dc6a96d71f0dace6025d5d15f8023d2824acf318d620dd5e3147ddf02a
  137. bec37da3ae6c7ed140c8bfe4268429fbf3eda08e6f85d3487dd5c4e60aca141f
  138. f097943dd4b32c6375eff56f7487ad866ab2e07cf700108af3945d593dcf68b1
  139. 4f5115771e259b0f6b4a3a6016c87cb59f88027b7eabbd4a8e558f5171197902
  140. 3f774427a9890ff973d29330a6dfac05fdeb1fe6b1c417cc2bacc103a6b710a5
  141.  
  142. http://santafetimes.com/GFSKwTCH7M
  143. http://sevensites.es/mXMLalP7uj
  144. http://splendor.es/iz8KQa7
  145. http://sylwiaurban.pl/images/MLWmsiyDOs
  146. http://startgrid.be/DNh31Rt
  147.  
  148.  
  149. Creation Time 2018-12-03 12:42:00
  150. SHA256:
  151. f7425db140ecd7e632fc3f4aae5a9733d1bd654990d9b007a0fc4f4977fae26f
  152. bed6c21ad717687f866695cfe848708af93ccf8383556f20bb6f458fff4a9db2
  153. 3a2b840ce93fbd018b84414b04deaba53f9d561e869843263eccc0b3bb399977
  154. b1d408ee504fdaef1d6888f1761966397f18cacde4857bf86f9d893aab8048fb
  155. 29830620bdfba5b54a1b8d6e3669832f8f36b0e1f33d1cbc37d49d8595a748f7
  156. 79f678fb09915312fb33921efd11c16207adef6d5b1da06de82bc398fdd98490
  157. 612274ba2c44c39eda25c52a9274e67637e899a31ee88e658b2f704a13e3871c
  158. 4a10e863c6311de50cf129630054857c38870af862a8089e1bd58cb1d4ca165f
  159. d413a21d2bffd6183d5a58337794193a41938b42c2fb8bb84c1adc09b8f14766
  160. 445d644e77e9f1d08146dec1fb6fc93b11042abb2ce022bd4950e3bf9f77272c
  161. e2a015da1e831ea10b776a6808c7de077f714849897d596f138e03088652eb30
  162. f4683ddcc49a864d0848362302d32cc48f633407ba14674f85b74e8f15984d65
  163. acb76c78e9785ebbb0c4d821228b383a5e7ce5f9ecf947d28e83098333fe0fbd
  164. 090305944b7468de0b5c890f14b305c0f7e1d30262d470859e5ffee55431a276
  165. ab80a3aacb61a85bd2c75e89ea6ac2f8e53852d01862cc560f32fe02e1c2d1c6
  166. d66a2c3cebd75faac9c8fde1ab9d07fe60a9e9d530302f2f2d2efb7cc55678f9
  167. 13281488deb5dd200475c9b6b015ddbb3ab98510c09c59863eb9b8d280466127
  168. 38991c19f77be672cdd95fb346ad0277e287ac6a60cf78deb63288f4f03f9886
  169. 97c8e73656022b009f4218e858d127da66529a9443c6d15cad3bb21b5a259006
  170. 0dc3e9267e0996f0d5c05bfefb664aab41c3c7279793afd0fbc021eba7b98084
  171. 1ce1049b2c713881ec3d57d4d86dcbb9cb3a3212e9a4afe862e4c0b372d4d5c8
  172.  
  173. http://ericleventhal.com/LbHALp0
  174. http://sandbox.leadseven.com/4aecrd1m
  175. http://www.kosses.nl/s7U7gvF
  176. http://2feet4paws.ae/zlDRRqIln
  177. http://carpinventosa.pt/Anv6ZJ3O
  178.  
  179. Creation Time 2018-12-03 07:37:00
  180. SHA256:
  181. aa36c10c2598e5e67d92f38034f4cf6193a90754e546d9de8053324f0dd6013b
  182. 3c8a8d687d22030b032d32e504fc4a42e395b035e71fd56f05c4d935281c032c
  183. a642874cddc02343397e307b0dabc77211e0e24b5fd1a48a69632d12fd752699
  184. b2f15121f916f55a39d5ea5b7f6103f6adec9e60f8e33adfde9c4c77371939be
  185. 65516f274c09ae9590b9398793798adab5bc8419298f44174023c2a46d47c7db
  186. 02cafe50fa75cb238352348ebedcb8e0118ac7a356417ad86e996a35ad78fa6f
  187. 1f00fffbb57088e9fc4e099c48d2396f33a118a01648db0c8445504fad562dc6
  188. 4794119f64f9bb2c3db79435b7741f862c64c1404df1f059f89fa485c125dfee
  189. bc43c589d439010f473ee92f4aa246079353709adb2528b5ddde56258798c235
  190. ac6c2a2cbf78d72e2de0d6e1d42dda88f53e1543541cefd267c3bb7b6f22e123
  191.  
  192. http://jsplivenews.com/1MN9mSb
  193. http://blackmarketantiques.com/rc46Z4bPh
  194. http://egger.nl/gIiVLZHzoe
  195. http://evaxinh.edu.vn/IMvL7kW
  196. http://montegrappa.com.pa/d6N0m9UR
  197.  
  198. Creation Time 2018-11-30 20:25:00
  199. SHA256:
  200. 4e594cc1ec6a34d5c73472f364b68204e4ffc6c1469ee860131982656752a443
  201. 86ddeac93263f0410b5219905c9f63602b1fededcdd5f073fd32b3e0844fbc28
  202. a200c8a17f60a2b73fa0fa5416d03b881953958577a95758de7734753aae9dad
  203. 8c4431dd6a7846be62ae44f485be5f9fd386784221ac44f0e66e36da29ee2c54
  204. 8f08843b0b5acb6994bd41c325c7673242a628d753d2e987bc7ee66e3c82bbaf
  205. 2633ea2ddab94c6b4ca0a1297ccf235ee7713ca639b56335938df599343e5624
  206. 28df62c68e31e95f342d6631ed6fd219131bd87c10d34b6f88f1d8bc75572172
  207. a052d62dc5f1557cd24728caa964d53c7c3fa64de7c8bbbdfd6f00f119f4c1f2
  208. d100eba43abe173bebaea66ba0e7eade109d5c77d7c4d3aa210e4b5b45be61c4
  209. 438658aeb9b3200b7a18855577739a570b5982bb107511efe7057a27ae761d62
  210. 984cfc6589d4a13928ce9991998ae44c148c84ab51263038be36ce58174b771f
  211. afe30c4847162f41cd024ba86a00447ec707f025d33665275d1da16c457f9346
  212. ea58bca06b1128c246a3c4ea00b04b61570e659980c6671ab0748031de6ca987
  213. 76adc1c1a71f0ad980118756166acb211e116686083d1056e8e8180824cd3685
  214. db355f995fdf8844c01f57bc026dd9de52184d5d344d6c9191651c9f0688c5f2
  215. 50f105dbbbbf649bac0fd63064eefce491be19c1838d7b21a7da86c62868de49
  216. 1427f5e1bab9e36d2f6d26e9dc431cca6c32e5a0264ca44bb95a79984582f462
  217. a361cd67fede95777b31fe1ab7b1b4527f17604b1f66beba0213f6aac635dc4c
  218. 6a16d72fb32b7f14345118aeaf2b9fb8d05b7b5eb48fde88b5aa1e79e58eea80
  219. 586f50e6510ae7e08537a772bc2d2e0a012aed247c85852396e0845e28ee2562
  220. 7451da8a39e6a416cacc03f974b396b8007c8b7564709106c92b108f6bffdc37
  221. b44f1b756b4e873c50517af1305cf536093e3d2bffb70b6fa2bfb76cf1f7a452
  222. f9c18e87273080f98f076307f184f3f5dbb57e78aa4029e0c4a23938ca37a53f
  223. ca07363cfc4002d1e05cdd49f3a514a698f24a8dcb89536b1c19bf62ead78120
  224. 9f4b4313a9bc8c70f469036648da7f8f7d70722c7f5a196af69bedd83bd451b5
  225. c7fd19b1bb30a260f76d95a9d06ae4d0441e83ab69fffd59f1a6d26dde7a4564
  226. 5d0d4bac6e01515ba2b23f53b5ffa6b2db05f81e8b59bb358b745bcfae84ef59
  227. fece35dbf773fe012560ca2b58e8c3d3893483fbdd5fdda74d483525ff52d48c
  228. 4e594cc1ec6a34d5c73472f364b68204e4ffc6c1469ee860131982656752a443
  229. 8cd9f1668fde789f33e55a00b0b7fdd76e0beb8c845e6096437c4032402bfda0
  230. c4278b39cbdab502fbfc483173a0d67637a131da4296c77568f180bf93f0f585
  231. d8e6e5039383339ad0c82035a91722916ba3435a003761e642296e7f2424ace7
  232.  
  233. http://imagelinetechnologies.com/IkFYsUsc
  234. http://jomjomstudio.com/aQfv0kOkac
  235. http://gulfcoastcurbappeal.net/NbFX739W
  236. http://btsstation.com/kdp7xNXOu
  237. http://casadeigarei.com/wwYoQ1isV
  238.  
  239.  
  240. ```
  241. #### SHA256s for Epoch 1 Payload EXEs seen on 12/01-03/18 ####
  242. ```
  243.  
  244. a6492280560d012bf18891908b905f993b231cde63a1311ede6d59a61371a34f
  245. 94b75ac0ada92dfd54b153c770d9c09d0d1e11e808d6d3849e311402f320e21d
  246. 3256cd37d383dcf22d9385e61adfba9d89fbfb42201afa48bbe762c6bde2e9f3
  247. 1c8104fbebb611ad226ca7ba2f4b99ea94128f351cca87c27781267efb4cd742
  248. ce241ff738b7e9dbafd0e84ffd77f58cad8d56b90832babe68d7908ae3d876c9
  249. 57afebd3c04d38e531ec8fb159e1243e09facd37a2bcaefbf5e46145f3f1237f
  250. 313442b705c61b387d817bfacf0198af66e6a0f8e80ac5a54d0b3f1b33b9fb49
  251. 8c1daa3b27e6d5fb9d7e476937507953f97dac1eb25b8a12a042fc947b094c6f
  252. 57e0b8959ac3d3bb971e87570b7657abf95bea319f5c795926c3171cf44db10b
  253. ba16f5c47524912786d43bc44d522aa40ec2d196e5d8f2ba6a71eaaf4ae7c4e5
  254. 8b55db1cd1a5e7dd38027210d81689c20b31b28d934e5e6abced2e2a8c317feb
  255. 466a3cc5744aab7839d375a59360ff64dfb675bd94f356eeef68abab01e5a70b
  256. 844260aa715b852f395cd419baf88a743be7296c25c0bdf8debc4c3bef2f68c1
  257. 92dc19966fa7deae909ccc9ca323e6ef85598471d3451fcec811e033643acf67
  258. 144acb1c0cd515d37c64a87b51276bcd1a3ade1f5dca79ee586222a4c6023945
  259. 4f86de0fb3104fc066fd881aa10d4d2b780033109c99ab5218356be0d8e59bb7
  260. 054e8c2e3683b4462f8b207204d5ea17d13420559fdd5fd1023c7ca5b3f5713b
  261.  
  262.  
  263. ```
  264. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  265. ```
  266.  
  267. Creation Time 2018-12-03 19:53:00
  268. SHA256:
  269. 64f1a84680f2f3b499a152b479b7f69bcdc81a7b9fd709fd21a39188d9f3a707
  270. 7c1a7415b4c4122bfbed5417a31b0f2eaec57dcb8f091006e04ed14e03271252
  271. 2220c137e8708af16c8d37f60c0be7bfb4517e5b8dd4f55a1fc1d2bf0cef58ce
  272. 67cb109e92cae47b1f38bf3706ef9a5adf6edc9c23d153cf0941fa5ca34e4818
  273. adfb710c592110317732a8b3acd0dcbca244d3c4f3c785a8172b561c972edbb1
  274. 0c54828759801c0e2aec283e257511cc2c5aea7252773d2550c7f2eadcbe03d8
  275. bdb02db6a3d1419f1fc0fc72ff00ba23ed08a0e822a50c4f8aad978c9d2e2f18
  276. b37b02b2c5854fcf1670b09c12706362c968a8341784cb494796721366387675
  277. 351d53bb48c90d80ef48b6b7ca66f74c64c0ea73185fffc511359f5a157bc27c
  278. c7e09c947e908544f58f65330c5511697d169fbe5dcb3354ac62373f4d66819e
  279. 08c334538c1d8483fc0fc37f9a81c67c837e6b327557ced37152a0c5d7fb33cc
  280. 722c2ae97884b8c82859ce8a90acd658a5ae8c73906a8ce26946fdf1cd49ba68
  281. 6589101edb9273b5526c1642e745f25d393f0d9614ac17ae12dc5e60104300a2
  282. d1d2fcd7a9436eac527244ef1f961ae833e27ea681cf14ca44ad16da882363cb
  283. 9577732e1477f1e784cebe7be44b82a2ab511a4ce815117c7b2ebdd9b4c722fb
  284. d2e2ecb3ebd48406b09a9b22913ac2c20bc89a6ad31eb17784aa827536ebc45a
  285. 158d254575b4677c4405b109f51678a5a9a5d811f9610a04970a7f00bd2a7d68
  286. f460fb68790333081cb9ebdced7ca1f36144abfeb359d5fdd9205f5a861c4536
  287. f57e60b6bc7fec5b08e3e1be80dfa44c0004e0e06b65fd2ce1b90b3f632ae499
  288. a8aa42bf1b4ba50a0c7cf41eb35627dcf82c701e4d6f873d14ae6ae66ec6b640
  289. ae86e74807fbe60a0b39c73e66d1f617e1c39a93132d74137c815bc242bf5f20
  290. f1b1ad7d1c02d1e8e174f27503e49498e8bb9a384db51a3da448828988902474
  291. f6cdf4424893c95b6a7ff751b3ced66fde51570a4a5ce991fed991e72d7e101b
  292. 0de9c66debee0562a2f663ed240125f16b24476488c8cb23bfc390f86925d70f
  293. f25bab93a7f34ac3dc013a3b68cca17f1f8dfd0471debc891f6849c96e2b48c7
  294. e71b0afd6f5ce7b8f1900cfa8053b24dbce937379364c9317f869cce6526243e
  295. a8e15069dd0ac4f71f5c7eae7e08eaacadaf097ec5c612d887977b27c34a7279
  296. 7ce84fd6881827aaa34eee91fd53503be38aea8c912acef8c3eb2033a9e45a79
  297. 7fc3a3593f075abe63a5b022dfeea43d470064eb957dc395d848f12186f1eae0
  298. acac3528bf78c29f1b34c6a0ed3e7594605ec7be9df139b51d1fa7530410b86a
  299. 37a70884e8a8edd506b31eddf63a48a92861fcd94a6437a059529d9d74fa205b
  300. d121229a4845d13e38bc0005746eec99e76214fd35e2410d7a50bfe6fb656d16
  301. 089620edf95f01432f8aacc372c5b5ae54629e6361e9a254cbd7552106728374
  302. bce15065d15bcbd2fb71fc0a977f53a0286429798315fdd7fab157cbdd09c3de
  303. 417dd98735f3e7a07e2611899c8aa00f0b53c55759caceb2d9f975ac1c6445cb
  304. d6ae81c694620c5510e723ff0bda8fbec8dda57f4c1e0e3d5532d12fabe8354b
  305. 9493af6bf8e24480e655ef90207a2a262eef9695af701af246dc8cb6e1dfbf13
  306. 9531fcec943eca9182b83bec54ed6cacb631f050d273689d5cf27be1519a9620
  307. 36d48ea2a03af8dbeb06e11ed6db3961dd1b11a2c9bf04cc889a91966e353b68
  308. 0a76a73d2fd1c99feefd8b257166a7c4aced0367e4b86c0176381a7f7a3f8117
  309.  
  310. http://gmsmed.com/p
  311. http://hoardingsuk.com/Kv
  312. http://echoz.net/WSS
  313. http://eibtech.com/kNLSCHYq
  314. http://aquatroarquitetura.com.br/pqFhOq
  315.  
  316.  
  317.  
  318. Creation Time 2018-12-03 16:05:00
  319. SHA256:
  320. 6a58525d2aeff70980e0e855e23caab8d6f15eb046501feeeddf8fe58febf55e
  321. f16607f1240f1b5693ce31f8dbf234e39ebca319138d34b54d39b7e716d439e1
  322. 155373ca20bcffeb006aaa9fa04e6502c59e268bf2820f1c2aa369c5e25cadee
  323. faca51d156e6e3777294a27c2a8dd16609b510d66518abdf282df1f8474f117f
  324. e6266beed9e8c76697e68d20a713702aa62ef5e9d3f0a789df941d110baba44f
  325. 958879e4e711be049819b20d7cbd30087c5384d5e3338e36bf3591353694762c
  326. f59d4a0df11968cd797cd2e1521c4a1705a736b871bb103e34933e0443181b7f
  327. 43b5ff7b2aed7bf90ba7ae2a2daa056476761445521a13ebc078c6a9973b49ab
  328. dab4713eec396d4535f65df6b77529a5ef2be9e642739acf23466553a6826293
  329. 54ae0644d97971b24213294dc458b4f250c74d0a38f8bc3b50c7db642b4f5d35
  330. 8e527f4f1667a2e39d0a1aa7dd40808870c27b329aaf59da919fd1da39e87af1
  331. e6d4125d7a0b9807bde06fae2215afb163d6a0c6a7a7707905dc31b23c782546
  332. 45473a6eeb0b136c3d15830c7d8f5d2f8b2a078a39e9519054ca4b006c98e60e
  333. a2f7b826f72bb7ea1eecd9d5cfa9611924034deee1c1f783f026ed8e4a1f3d9c
  334. e6979d06a62ea15fb90e3de0a2677ee0fbde9bfc360c3b249a05dc1cced2b29b
  335. 118529468be57f92cd1554865924142b844c835cd31482c4194f76ff980f3e51
  336. 1fcbdccaf73f3876e25c9649e20dd75ad3973004127f20c584121a8840201817
  337. 33acbc76a02ed0cb5a6d468bcfd1d960a172c864eef1cd1e34ec152c31c35254
  338. 1d01a9fdb48bd08ed453639e70aed1e143f6f4e10eb6ed71e4d8cefc7d13782b
  339. dfca067a3b129bf7f3df62451f26cb21dd0e7565636a5e0254591b782465d4f4
  340. b5ec574aeabcd6502e7effe93ed11ef10d61f2d5e6097dd394c06c6f4e267d94
  341. eb1857608c15539384b36ac85f7909c58c4f870a379df3d5ff1287b9c6078c40
  342. d165bd04699a447eac1c0b9689271a5d84ccc1d8180d184417e7b6f571fe0c1e
  343. 09cae589af91914079f8bc1ed56ad04952bee0495f5c4be22afe0b4edd040c5c
  344.  
  345. http://demirhb.com/QQRWq
  346. http://altarfx.com/l
  347. http://aphn.org/zTADPIb
  348. http://akdavis.com/c
  349. http://align.pt/4f
  350.  
  351. Creation Time 2018-12-03 13:09:00
  352. SHA256:
  353. 4700d2aaaa3a285dc2a9d77dbef11e48b49cf2bb96642290dea52e65d51e673c
  354. 019010c0f347760f76635cb8c4aa95652cbbc3c51aab56b863a76a6abaf4d114
  355. 0ae88028d5d2d02c75358cbcc7adabac3827e9deaaac8f0ccdf7a871340ae0d3
  356. 89d72b28523de29cb626bb7c09c87dbbd0ad0770018f9d4292b8d7c689ed7160
  357. 7d13d68a5f9c80117b16b29fcbf84cfd630363d29a5a9488a0c729168900e70a
  358. e8c5e6e596847fe72d38f269a87d6323b6e5287ddf198c2e23912a0ff5759e1e
  359. d36261c935b7140570f7cdf872516117d091a12a8bdbefd514345f509aefa4bc
  360. f4394c889a9daee51f8f1f18759f2e9e3e37e84a4109cb1f9ce9cc55ac3842d2
  361. 97b4aa65e178c9d9b6e804281bb1fd4065744edb2287996f6d5d5a8f23669f15
  362. cbfe4030a12aaf4927abe5c0f930f68b6af2f055ef95e65d0fd49308661a696e
  363. 05e1566f9b4fdef7dde3ba6d352a33f4662cf2e87284f3509f52844a79398d90
  364. f21de4d043336562c8ee343abff3fb52cbafc4068ebcf8e922d28538e8d8f4fe
  365. 908cd81de7c866219e33780e54b1e37b6c961ac1f8c2f85b160eea7be878d4e8
  366. 82734ce82af03d2423d226963e94ccee70fcb7cad338f700a28a94ec55118737
  367.  
  368. http://omegagoodwin.com/Dj
  369. http://niteccorp.com/z0wtfl4V
  370. http://futuron.net/ajkR
  371. http://consumars.com/g8T
  372. http://christmasatredeemer.org/0LC
  373.  
  374. Creation Time 2018-12-03 11:55:00
  375. SHA256:
  376. 9074c2ff75e375291fc44c25420282ce592001ca5fac32cf0c6311660a067606
  377. 8d9af9d0d7418f0d68f1e02fd4acc886d4d523b7bd310ca2294fff317fbb5d80
  378. 44c025e4ac1f4e2c935ac71c918fc9ca947ec6712c7bc0f43d5456e9d455f606
  379. 49231c70dfa0388ed750e7de916e2b9fc73633fbc734c810378141c9a168f7d3
  380. b4ea942c07c17ffaa6e1db1483da84b95ca8b04106857b21a2b17f888f67703b
  381. 62946b9fcc0870b236188bc026b17284eecc2110588df66f109a363fa0abd61d
  382. 3924ac67c792e51142573b47df1371c51486f10552fe8a89a0e2b19efce15667
  383. e2ec406f907597e7f89ecd5c26aaa84347a7f0525301c8a44fc87e87ae8fabd1
  384.  
  385. http://fitchburgchamber.com/18KS
  386. http://c-on.dk/hCUEO8n
  387. http://childcaretrinity.org/jfBcGK
  388. http://boxofgiggles.com/tEw36Z
  389. http://loei.drr.go.th/wp-content/AHfk9S
  390.  
  391.  
  392. Creation Time 2018-12-03 06:57:00
  393. SHA256:
  394. ba1f1f77dbb4d28f102ef966fa1fc975ea0fd6b472c98705d77700068a633d7c
  395. 0130d5079790fcdaf2769c383e8df67e3d1810cea40a8ba471ede8b7aa0043d7
  396. 6c5c930a9136cd8421b95b33ecae6464b70e4fd569ee80a8d2fb9b0faf5b00a5
  397. 5c1a660ed5dbb486788e1cef216d7ad0ba0d5e0fa90d4e46f98f1307608f9e23
  398. b397b7f618bd3d35c6c34f1ac2ed0790e306f269b973be1cfdd7af279eb03db6
  399.  
  400. http://tvaradze.com/r
  401. http://bahiacreativa.com/HM9JxHU
  402. http://pibuilding.com/cWQ5Ks
  403. http://hellodocumentary.com/hellosouthamerica.com/ci9
  404. http://fenlabenergy.com/mO
  405.  
  406. Creation Time 2018-11-30 20:11:00
  407. SHA256:
  408. 3aef8fe9e30464ca07b07532539621349266340965fdd90c49011930f7960d17
  409. 885199c5834fa00100c19f70ac358102b930eb5f76afcb1f2bd833fc06faf6d2
  410. 40c221a7cbb55a8f51354611c5e965818fb2427cb0b2f3c56712457295de1aff
  411. 9e18657758769845e428fbb28b35ca3bf6eafd2816586fe1651398d616cdd894
  412. 777cc667e541586aca48cbad9ed30d81d483150370cb8388bde1537a015fd37f
  413. 39bdd3d8e5cc6e92301e111f3eb671dfa937c1caf8de14436dfad655041edc43
  414. cfcc8946da143fa25ac30c8f5bbeb43e1fb067aae6e4ca8fc08ec41f3adc5b62
  415. 5c79b69e252cfc34e1544312956b9b37437b3d2424d3857414b621d63c175778
  416. 30a3337bb29462b4e9b3533991415cbe47bd707ada5f4ee672d27552c8d722cf
  417. bfcba2c201690364b70d138a20f3c19f80bd7bb270be928565a534e23de2e49d
  418. 0ea9918c7b8fea29c01ffeec5387dd697024b7ab98a138ee87ff64053cb988f0
  419. 5f7619ea427f3f1c58ff079447b1d9ec42c44843838f124a9ba2f4f5e2f7c15c
  420. 25b8f77c8d88db986beafd79197057a55aeb32e85a07907d509dbac7422332e8
  421. e9dc3dcb5ca11b59267ff672675c7542e0440bcb4c349574c56d9703c3464a2a
  422. afbe35f4b39a1d3812396618ce7daa633f46bea97ea9a86e8539c87f621d5132
  423. 226ecd4532c3770c6a157f926d6fe3ec385786ada13c3d0ab43737c31201e7af
  424. b851916601411df4ab60c58447eb5f59fa64c9e3f0ce22f237650edd92842420
  425. 966eddee211f58994b59a207d01299e2c5637c645cf7d51368e33d8ddf9d5965
  426. a3319cc971b441f8f595e99111673a264fbeb81b84c5dcb6eecbb5ecc63ad018
  427. 81f21cd0e821c9c1f74c8ae8bfd1b391ed0b5eca1425c62aeedf85a9db3ebe6f
  428. 2dad75bfad3c4857e234c76c681388df38b0c8949d87c71c92a7f7d291f28f72
  429. de9642271a70d9c704638cc51232f6e6f568e192e82e17123b7d5b19d77000f2
  430. 7e837c533ecf654ff14f225a7b5d05ca17fdde05ba5bc339aea6bf3e123bfc27
  431. 8c4854e0d430b55ff269eaf1e2ef7042431ccd1f8a34ebb778da5feed59555d5
  432. a424d2bab60a355183ab9e9534d41f40e02124f3fce2e00dd9b76ef1f00d0f08
  433. 3863774f6108f7d977774809adc4f53b5e4c5d16c3f83cc2a8a5d036e15955dc
  434. b8da517912d2ea5a7956514a4665dfb1f407b7e69663b697ee4278a76a1e6ed6
  435. 9f2713abb8b29391fd46087c699aacc398ce02cfd647721ae0c4cee2694f37f7
  436. 44e484d400a3fe07110e9f49f3048bb1b183ad091289fdfaa98dff237bee0803
  437. 7ec1d18fb5e9f96b93f004560a7a09c4b006755216be9ec9194c7dadd77f6d73
  438.  
  439. http://delphinum.com/X1CNO2
  440. http://krood.pt/w
  441. http://jenniemayphoto.com/KDUMz4c
  442. http://echtlerenbridgen.nl/oRVU
  443. http://sandbox.leadseven.com/HAb
  444.  
  445. ```
  446. #### SHA256s for Epoch 2 Payload EXEs seen on 12/01-03/18 ####
  447. ```
  448.  
  449. 4b413ada5421ee20a80fcfba005dd64d01a91c1a1aaf6148f9486a8304045851
  450. c9792c4a52e05c1983272e3103f1bd710c6dfd7f70cb97720fa57c0effb21e45
  451. bbee8e67a34a03f32cb60ce8c635f478c24aa6a6fccff1a37af905e2dfaeb8f9
  452. a6c51d0705f4503b987b94faac136992bf6b33949905685771733546d594bca2
  453. fa3580b6699097ac10d090bdc8e19ad2422ea9fe2fad6c5a399a5acdab571a12
  454. 8b4f6c49302114b34b940785508672c39ff0b2b0461d1449638e9690522c2921
  455. 18f0214510789894ce3202802ab1f6944c133427bc25ac75fbc2638c4089b996
  456. e6d4d9955d7df39dc7240119ed125f478c2bfa7a5fea5f2db92a11c16cb11947
  457. d32619c617add074801b7e4013bdd28d8160945bfa4dc17c593eceddfe5efc1f
  458. 194040e0c7f86cc7e761bfdcb10c2d42abc15b1f789091d61fdb885cd62e4cfc
  459. 4abe7e3010cc7576ff99fdeb400c8df1a33b1bf95de324cf37b78c1f5dc545a6
  460. e177c813a01c1d6bdeede2438c61e643cc1a690ed6ddad028044eff7ba0546f3
  461. 70aba4174a23c9b0729f6bf60e0ff8014b35a3fa0a6827a5049524ce348b51b3
  462. 66495dd7c23775d81854926dec1329004e58c935f4c8235d34561cf43b35521b
  463. 74b9b0b6a3926e534936f0372eed77d6f5582b83d436a79ef463de0dbeba0e09
  464. d5ebfa615ff3d7444cc71237a01a341ebc5af301c4b89fe5cc307c0cb1846555
  465. 7a193445506edfba002de1305d534512aa052417ebedff3829bf830b5289b528
  466. 2b17520c335cab50f989753f133e431f237d22cb026abd65f9811366d519e81a
  467. beec66b5326e2556d32efe285dd89c8f9e4fd777d113a3f8c2f41f6b0a7e3891
  468. 757b7972d0c39b06722025097e00366ebbdc184a3b71e3b5ef746b58ae7aa89e
  469. 2ed804b62a00797d5451138a2f0c88fc48c4cbc7da4da7a73414c9ba4e6a12ec
  470. bda931a913ab444ffacd6def207f65d33fdf356752bcdb9acab808006a0e1131
  471. 9f1202e881a7ea742144268905635d0244ac38292e24dfebb2d771cad7c500a6
  472. e8600f01c991ba91c41a98a34791bb92bd81a528707101000eb47a9366f00407
  473. 42e67b3940772c95ec85d54bdcf03e3b9a146a118432e83f8f1498313e1ed7d1
  474. 6857aac193b23e9f8c3c135abc4e6988f9d7c9a9cea66c4412163b3ccb7510f3
  475. e0a28ce86b828aaeedbad2f4cfc6d6cb38c6e8b9630bb27f00e3d5710ffa6d2d
  476. 4413a1e230c528341d012876d90494e76e52e1a67b52f401a491dafb94c4d875
  477. 2f90b172fcba56fa3c9246273808330ce64c94638c930eaa6bfca1bf559feb71
  478. 086d1998340af13b3362ae0e1d285a42cac9a51a87b36854221c1d138b496b8d
  479. 561d36466c3f643700b5912dc93b79e3e27269dcc318b73589ce49cf12850250
  480.  
  481.  
  482. ```
  483. #### Epoch 1 C2s ####
  484. ```
  485. (Port is 80 unless noted)
  486.  
  487. 109.104.79.48:8080
  488. 109.170.203.154
  489. 115.88.75.245
  490. 119.196.94.222:8080
  491. 133.242.208.183:8080
  492. 138.68.139.199:443
  493. 142.129.161.136
  494. 144.76.117.247:8080
  495. 159.65.76.245:443
  496. 165.227.213.173:8080
  497. 170.84.133.72:7080
  498. 181.118.206.6:443
  499. 181.165.31.120:443
  500. 186.109.81.97:8080
  501. 186.136.75.37
  502. 186.66.12.10:7080
  503. 190.220.69.69:990
  504. 190.92.123.178:443
  505. 192.155.90.90:7080
  506. 192.237.251.185:8080
  507. 198.199.185.25:443
  508. 210.2.86.72:8080
  509. 210.2.86.94:8080
  510. 213.159.215.1:7080
  511. 213.16.213.197:443
  512. 216.146.254.225:8443
  513. 219.94.254.93:8080
  514. 23.254.203.51:8080
  515. 24.85.236.47
  516. 37.187.150.39:443
  517. 47.180.65.61
  518. 49.212.135.76:443
  519. 5.9.128.163:8080
  520. 69.198.17.20:8080
  521. 79.77.53.46:7080
  522. 80.249.176.206
  523. 92.48.118.27:8080
  524. 96.240.18.23
  525.  
  526.  
  527. ```
  528. #### Spam/Stealer C2s ####
  529. ```
  530.  
  531. 181.225.227.251
  532. 192.237.251.185
  533. 206.81.7.25
  534. 71.58.165.119
  535.  
  536. ```
  537. #### Epoch 2 C2s ####
  538. ```
  539. (Port is 80 unless noted)
  540.  
  541. 100.7.75.236
  542. 114.55.106.210:443
  543. 115.71.233.127:443
  544. 128.234.190.116:8090
  545. 165.227.191.145:8080
  546. 173.17.134.231:8080
  547. 185.20.104.238:8080
  548. 186.149.243.238:50000
  549. 186.68.82.19
  550. 187.220.233.135:7080
  551. 189.180.51.94:990
  552. 189.253.110.230:443
  553. 190.108.228.43:990
  554. 190.171.208.218:8080
  555. 190.18.217.94:8080
  556. 198.74.58.47:443
  557. 211.115.111.19:443
  558. 217.13.106.160:7080
  559. 217.165.2.133:8443
  560. 45.123.3.54:443
  561. 46.163.76.187:8080
  562. 47.147.11.21
  563. 5.230.147.179:8080
  564. 5.35.242.34:7080
  565. 50.79.146.13:50000
  566. 54.39.179.152
  567. 67.205.149.117:443
  568. 69.198.17.7:8080
  569. 81.7.10.106:7080
  570. 83.222.124.62:8080
  571. 84.200.106.120:8080
  572. 84.9.29.111
  573. 91.236.245.65:8080
  574. 95.141.175.240:443
  575. 95.9.136.134:990
  576. 98.142.208.27:443
  577. 98.6.40.86:7080
  578. 98.6.40.86:8080
  579.  
  580.  
  581.  
  582. ```
  583. #### Epoch 2 - Spam/Stealer C2s ####
  584. ```
  585.  
  586. 104.174.150.202
  587. 139.162.157.8
  588. 24.35.180.220
  589.  
  590. ```
  591. #### Credits and Notes Section ####
  592. ```
  593. Updated 7/13/18
  594. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture: https://pastebin.com/u/jroosen
  595.  
  596. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list. I am providing them for your benefit in case you want to parse them to be sure.
  597.  
  598. UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!
  599.  
  600. What is Epoch 1 and Epoch 2?
  601. Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now. Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change payloads every 3-6 hours now and hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100% sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch as far as I have seen.
  602.  
  603. ```
  604. #### Community Lists ####
  605. ```
  606.  
  607. https://pastebin.com/HezSUHvA - @James_inthe_box
  608. https://pastebin.com/NQ5tRE1Y - @pollo290987
  609.  
  610. ```
  611. #### Credits ####
  612. ```
  613. (OC and combination work)
  614. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt
  615. C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop
  616. Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt
  617. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop
  618.  
  619. Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
  620.  
  621. Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!
  622.  
  623. ```
  624. #### Daily Log ####
  625. ```
  626.  
  627. One major change noted today was the white and orange template is now in German during the morning EST(daytime in the EU). This is something I have not seen them do before and tweeted about it when I saw it. https://twitter.com/JRoosen/status/1069584515486674945
  628.  
  629. Today we saw epoch 1 only in attachments and epoch 2 had a bunch of reused sites for URLs being sent with an odd flurry of attachment only IRS message emails around 1309UTC. Still got just about everything and here it is for you to block.
  630.  
  631.  
  632. ```
  633. #### Sandbox 12/03/18 ####
  634. (all with fakenet and MITM unless spam/secondary infection)
  635. ```
  636. Epoch 1 C2 run at 02:40 on 12/04/18 https://app.any.run/tasks/7b552122-78fe-46ea-a908-059e8a5f3d18
  637. ```
  638.  
  639. ```
  640. Epoch 2 C2 run at 02:49 on 12/04/18
  641. https://app.any.run/tasks/1e070459-5ce4-4e40-b159-5ef0f36f04e4
  642. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!