API tools faq
paste
jroosen

Emotet Malware IoCs 11/14/18

jroosen
Nov 14th, 2018
1,941
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 45.16 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 11/14/18 as of 11/14/18 19:30 EST ##
  2. *Notes and Credits now at the bottom* Follow me on twitter @jroosen for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 11/14/18 ####
  5. ```
  6.  
  7. http://162.243.23.45/En_us/ACH/2018-11/
  8. http://a-19.ru/En_us/Attachments/112018/
  9. http://aaag-maroc.com/EN_US/Messages/2018-11/
  10. http://aartinc.net/EN_US/Details/2018-11/
  11. http://aavasolution.com/En_us/Documents/2018-11/
  12. http://actiononclimate.today/US/Documents/112018/
  13. http://adap.davaocity.gov.ph/wp-content/En_us/Clients_transactions/2018-11/
  14. http://alkazan.ru/US/Transactions/112018/
  15. http://antiquemapsofisrael.com/US/Clients_transactions/2018-11/
  16. http://appointmentbookingsoftware.net/En_us/Documents/112018/
  17. http://arbaniwisata.com/EN_US/Transactions-details/11_18/
  18. http://ariacommunications.in/EN_US/Attachments/2018-11/
  19. http://baglung.net/US/Payments/112018/
  20. http://bandashcb.com/sessions/EN_US/Transactions/112018/
  21. http://batdongsanhuyphat68.com/EN_US/Details/11_18/
  22. http://bepdepvn.com/blog/cache/En_us/Information/11_18/
  23. http://bizi-ss.com/EN_US/Clients_Messages/112018/
  24. http://bukatokoku.com/wp-content/En_us/Payments/2018-11/
  25. http://bysound.com.tr/En_us/Documents/11_18/
  26. http://caferoes.nl/En_us/Information/2018-11/
  27. http://ccv.com.uy/US/Clients_information/112018/
  28. http://cof.philanthropyroundtable.org/En_us/Clients_transactions/11_18/
  29. http://cosmet-log.com/US/Documents/112018/
  30. http://cuoichutchoi.net/wp-content/uploads/En_us/Documents/2018-11/
  31. http://dairyinputcentre.com/US/Clients/112018/
  32. http://ddaynew.5demo.xyz/En_us/ACH/11_18/
  33. http://demo.wearemedia.us/camlicaetiket/US/Payments/11_18/
  34. http://directkitchen.co.nz/wp-content/uploads/EN_US/Details/11_18/
  35. http://dkv.fikom.budiluhur.ac.id/EN_US/Clients_Messages/2018-11/
  36. http://drmugisha.com/wp-includes/EN_US/Attachments/112018/
  37. http://dzunnuroin.org/EN_US/Transactions/2018-11/
  38. http://eascoll.edu.np/EN_US/Transaction_details/112018/
  39. http://easterbrookhauling.com/EN_US/ACH/2018-11/
  40. http://empleohoy.mx/EN_US/Transactions/11_18/
  41. http://etcnbusiness.com/En_us/Information/2018-11/
  42. http://evrosvjaz.ru/En_us/Payments/112018/
  43. http://ezpullonline.com/US/Information/2018-11/
  44. http://f1bolidcom.410.com1.ru/En_us/Transaction_details/112018/
  45. http://figawi.com/US/Information/11_18/
  46. http://fitzsimonsinnovation.com/EN_US/Details/112018/
  47. http://fmlatina.net/EN_US/Clients/112018/
  48. http://foxyco.pinkjacketclients.com/wp-content/uploads/US/Transactions/11_18/
  49. http://foxycopinkjacketclients.com/wp-content/uploads/US/Transactions/11_18/
  50. http://fullstacks.cn/En_us/Clients_information/2018-11/
  51. http://gaardhaverne.dk/EN_US/Clients/2018-11/
  52. http://gomus.com.br/US/ACH/11_18/
  53. http://goodwillhospital.org/En_us/Information/11_18/
  54. http://gundemhaber.org/EN_US/Details/112018/
  55. http://hksc.edu.bd/US/Clients_transactions/112018/
  56. http://homesystems.com.ua/US/Clients_Messages/2018-11/
  57. http://hoookmoney.com/EN_US/Clients_information/2018-11/
  58. http://iepedacitodecielo.edu.co/EN_US/Documents/2018-11/
  59. http://iuyouth.hcmiu.edu.vn/EN_US/Information/112018/
  60. http://java-gold.com/EN_US/Transaction_details/2018-11/
  61. http://kabelinieseti.ru/En_us/Transaction_details/112018/
  62. http://karaoke-flat.com/US/Documents/2018-11/
  63. http://kavoshgaranmould.ir/wp-includes/En_us/Clients/112018/
  64. http://kunstraum.fh-mainz.de/US/ACH/11_18/
  65. http://labmobilei.com.mx/En_us/ACH/112018/
  66. http://m3produtora.com/US/Messages/112018/
  67. http://mamnontohienthanh.com/EN_US/Clients_information/2018-11/
  68. http://mickpomortsev.ru/En_us/Information/112018/
  69. http://mideacapitalholdings.com/EN_US/Details/2018-11/
  70. http://moscow.bulgakovmuseum.ru/En_us/Information/112018/
  71. http://motorock.eu/EN_US/ACH/11_18/
  72. http://nigelec.net/EN_US/Documents/11_18/
  73. http://palade.ru/En_us/Transactions/11_18/
  74. http://pararesponde.pa.gov.br/wp-content/uploads/En_us/Transactions-details/2018-11/
  75. http://phamfruits.com/EN_US/Attachments/112018/
  76. http://pirilax.su/US/Messages/112018/
  77. http://plco.my/v1/wp-content/uploads/2015/US/Transactions/11_18/
  78. http://pleaseyoursoul.com/US/ACH/2018-11/
  79. http://priori-group.com/En_us/Information/11_18/
  80. http://priscawrites.com/EN_US/Payments/11_18/
  81. http://privatiziruem-i-prodadim-kvartiru.moscow/En_us/Details/11_18/
  82. http://rainysahra.com/En_us/Clients_information/112018/
  83. http://roadmap-itconsulting.com/EN_US/Payments/2018-11/
  84. http://sagestls.com/wp-content/En_us/Clients_Messages/2018-11/
  85. http://salon-semeynaya.ru/EN_US/Clients/112018/
  86. http://santoshdiesel.com/En_us/Transaction_details/11_18/
  87. http://satkartar.in/En_us/Transactions/112018/
  88. http://sendgrid.fortierauto.com/wf/click?upn=GnfiUIDsiobBMrdb8BVa1UdmVTk9CJOSwDefBQ6vQldZy7UxO2-2BVT33dI9ETNWctU5POKDojmS5vxevdWmOiKg-3D-3D_AdkfTiApI80cNEyortTzHUbvfJD-2B8gJCmyljKOAyFVufAiT8d0M2odAsty5gTzyLmb37p-2BHWr6XFh908OO6Ze5dDyIHrLvfGdgy1R6VZRajFTlIoxh94Henmk-2FaGR-2Bdi1LN-2Bb-2FbXfsdF0Grr0p9PFgFb47iCNUF7e9uG8AAk1UOOUyDzSYm6KEqRKWcaZxYMd-2FDMFkqb-2BbU75B6thaWSVUztg3Lon3Pr3ulVNBmiUJw-3D/
  89. http://shahi-raj.com/En_us/Clients/112018/
  90. http://shahiraj.com/US/Clients_Messages/11_18/
  91. http://shahiraj.online/EN_US/Documents/112018/
  92. http://snb.pinkjacketclients.com/wp-content/uploads/EN_US/Documents/2018-11/
  93. http://sudactionsmedias.com/En_us/Payments/11_18/
  94. http://sunshineandrain.org/EN_US/ACH/112018/
  95. http://talk-academy.vn/US/Transaction_details/112018/
  96. http://testing.nudev.net/US/Clients_Messages/2018-11/
  97. http://tidevalet.com/En_us/ACH/11_18/
  98. http://topcleanservice.ch/US/ACH/11_18/
  99. http://vinastone.com/EN_US/Clients_transactions/112018/
  100. http://witnesslive.in/En_us/Clients_information/2018-11/
  101. http://woocb.ru/En_us/Clients_information/112018/
  102. http://www.anyes.com.cn/En_us/Clients/11_18/
  103. http://www.athena-finance.com/EN_US/Clients_Messages/11_18/
  104. http://www.etcnbusiness.com/En_us/Information/2018-11/
  105. http://www.fmlatina.net/EN_US/Clients/112018/
  106. http://www.interieurbouwburgum.nl/EN_US/Clients_transactions/11_18/
  107. http://www.joatbom.com/En_us/Information/112018/
  108. http://www.powerandlighting.com.au/US/Transactions-details/2018-11/
  109. http://www.teamincubation.org/En_us/Attachments/11_18/
  110. http://xn----7sbbae3bn0bphij.xn--80adxhks/US/Transactions/2018-11/
  111. http://yck.co.za/EN_US/Attachments/2018-11/
  112. https://mandrillapp.com/track/click/30970997/bizi-ss.com?p=eyJzIjoiQWwxUE1DVTRCdzlCc1FJVm02c1FoeGNTR2ZNIiwidiI6MSwicCI6IntcInVcIjozMDk3MDk5NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvYml6aS1zcy5jb21cXFwvRU5fVVNcXFwvQ2xpZW50c19NZXNzYWdlc1xcXC8xMTIwMThcIixcImlkXCI6XCI0YTM0MWU2ZDcxY2I0NjVkODNlMDgwYTJkYTMzOTIyN1wiLFwidXJsX2lkc1wiOltcIjg3NTY0M2JkNGI5NDlkYzBmYzcyNjdjZjk3ZDBjOTVlMGViMzc3ZjNcIl19In0/
  113. https://mandrillapp.com/track/click/30970997/sunshineandrain.org?p=eyJzIjoidF9LMkphcEdPYm5sZ1Y2eFgyRFZIMFA1MWlBIiwidiI6MSwicCI6IntcInVcIjozMDk3MDk5NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvc3Vuc2hpbmVhbmRyYWluLm9yZ1xcXC9FTl9VU1xcXC9BQ0hcXFwvMTEyMDE4XCIsXCJpZFwiOlwiMThlNDNmN2E0N2ZhNDQxMGJhZWZhNDJjMWQ5NGZkNDNcIixcInVybF9pZHNcIjpbXCJjM2Q1NTI4NDQ4ZGY1YzViNWZmYzZhMGI0NDJhNDM5MDQxNDEwNWYxXCJdfSJ9/
  114. https://u2285184.ct.sendgrid.net/wf/click?upn=dHdwvn9fFbixMNGSgJCWb6uN7t8BUMCZiJ9gFhZBF3xTW3ItKaLilcH6hSR5EKXz7gh6oGV-2FxVxF-2BNgr-2FAyc6g-3D-3D_HDu-2BON2WuckNVJ2U1s3AlHXBiauXJHjDMFt3skTlj4V5e5D6jVDqyofTeYExzuH3pcZM3TWsSTsw-2FFrm5pPFKh8y4wjIOUHMny9ve-2B-2FyYhIJ0BudPwx0whmxR38qAtxe7NACKgPDHDKqrkoHB5eX9xIi2vwfZly59w4GkJUgV7208AF9CTsXqyBh-2Bh7GtZkJo6LsEEi8kYl-2FjxgnBUwO6whtTYzAtvqQfYlTBONUKyQ-3D/
  115.  
  116. ```
  117. #### Epoch 2 Document/Downloader links seen for 11/14/18 ####
  118. ```
  119.  
  120. http://149.56.100.86/4WTO/ACH/US/
  121. http://153.126.197.101/WltxzbAkLT/de/Service-Center/
  122. http://1stniag.com/i8IGzz/SWIFT/PrivateBanking/
  123. http://1stniag.com/RoKx9kBL/BIZ/Service-Center/
  124. http://35.170.41.231/Document/EN_en/Service-Invoice/
  125. http://4169074233.com/__MACOSX/9ECGFDCBU/oamo/Personal/
  126. http://52.xn--80aadkum9bf.xn--p1ai/5VTZFANZ/PAYMENT/Commercial/
  127. http://aipkema.unimus.ac.id/wp-content/gV211P8ilcHoGteEo9/BIZ/Service-Center/
  128. http://alindco.com/tBlDZUZlChjVq/SEP/Privatkunden/
  129. http://almadeeschool.com/701POBJEK/PAYROLL/Commercial/
  130. http://altitudpublicidad.com/JIcOoRlQV6sd12qdysBV/DE/IhreSparkasse/
  131. http://anonymouz.biz/052070DJOVH/SWIFT/US/
  132. http://arbaniwisata.com/wp-admin/DKKBEUPW/de/IhreSparkasse/
  133. http://argosbrindes.com.br/multimedia/Download/US_us/Invoice/
  134. http://armorek.ru/xerox/EN_en/Summit-Companies-Invoice-3080861/
  135. http://auto-dani.at/907984C/SWIFT/US/
  136. http://bahiacreativa.com/466U/com/Smallbusiness/
  137. http://bakewithaleks.academy/LLC/En_us/Open-Past-Due-Orders/
  138. http://bandarschool.com/0JQWYATN/BIZ/Business/
  139. http://befame.eu/5TVNVY/identity/Personal/
  140. http://blackdesign.com.sg/uQ5rguYN2BRT4nSs/de_DE/Privatkunden/
  141. http://blogbbw.net/0474121EZMKUDJO/com/US/
  142. http://bnsgroupbd.com/files/US/Paid-Invoices/
  143. http://bo2.co.id/qIWAwHyATEm/SEPA/200-Jahre/
  144. http://bo2.co.id/rU4Ri56QYW6qq0d/de/IhreSparkasse/
  145. http://boxofgiggles.com/Ts73IIRJEm7CRlN9/de_DE/PrivateBanking/
  146. http://budweiseradvert.com/0FS/PAYROLL/Business/
  147. http://buyitright.in/52185PJPPR/identity/Business/
  148. http://bzdvip.com/xuGOzWi/BIZ/Privatkunden/
  149. http://cambodia-constructionexpo.com/4CUZO/WIRE/Business/
  150. http://cameracity.vn/wp-includes/17N/oamo/Commercial/
  151. http://canetafixa.com.br/7602642IW/BIZ/US/
  152. http://casellamoving.com/587FUIZR/PAY/US/
  153. http://c-dole.com/7IY/BIZ/US/
  154. http://cevahirogludoner.com/CeEp7LezhyRVyJSP1m/SWIFT/Service-Center/
  155. http://chemclass.ru/newsletter/En_us/Overdue-payment/
  156. http://chstarkeco.com/OlmZsTYuaCRpNKXl/de_DE/PrivateBanking/
  157. http://cine80.co.kr/wvw/22PSKBWS/oamo/Personal/
  158. http://cipherme.pl/data/7brmbUYshupk76j77yxu/biz/Privatkunden/
  159. http://clickdeal.us/0bfubJVeEEEn6vOdLA/SEPA/200-Jahre/
  160. http://clock.noixun.com/3sSnQZuzXGQtlC0VBs/SEP/PrivateBanking/
  161. http://clubcoras.com/gO0Cr3dRY4LjLDSFAOO/de/Privatkunden/
  162. http://conci.pt/2752LRESK/PAYROLL/US/
  163. http://coozca.com.ve/files/En/Question/
  164. http://cosmetologderugina.ru/dSbsA6oIpvU/SEPA/PrivateBanking/
  165. http://creativebrickpaving.net.au/LLC/En_us/Invoices-Overdue/
  166. http://ctghoteles.com/Corporation/US/592-78-003774-682-592-78-003774-075/
  167. http://cuoichutchoi.net/wp-content/uploads/Wj22J2Jc/DE/IhreSparkasse/
  168. http://davidjarnstrom.com/I2XUphxVvDb2xe9ai1x/de/Privatkunden/
  169. http://discountdeals.pk/files/US_us/Invoice-8409896/
  170. http://dispopar.enrekangkab.go.id/files/En_us/Need-to-send-the-attachment/
  171. http://dive-cr.com/Corporation/En/Paid-Invoice/
  172. http://djeffries.com/nanawlotfy0QauuHFd/biz/Service-Center/
  173. http://djwesz.nl/wp-admin/NSenVPsoSHGhpoX/BIZ/Privatkunden/
  174. http://dongybavi.com/75553EEAJ/62KYX/PAYMENT/Smallbusiness/
  175. http://dorsetcateringservices.co.uk/8wIxtQ3k8lRj6x/SEP/Privatkunden/
  176. http://drjosephcohen.com/DOC/En_us/Scan/
  177. http://duwon.net/wpp-app/8132YPEEW/identity/Business/
  178. http://ecoteplex.ru/Document/En_us/Paid-Invoice/
  179. http://emilyxu.com/cxDjtxJd/DE/Privatkunden/
  180. http://emrsesp.com/46ZTADK/identity/Personal/
  181. http://enginesofmischief.com/2442LKD/ACH/Smallbusiness/
  182. http://estelleappiah.com/oldsite-06-08-2015/files/MLgFnnx4jSdVtsQYU/biz/IhreSparkasse/
  183. http://ethiccert.com/kLoOxGyVq2q9PcPP9Qih/de/200-Jahre/
  184. http://farmasi.uin-malang.ac.id/wp-content/Corporation/59790ET/SWIFT/Smallbusiness/
  185. http://fenlabenergy.com/cBhoO/
  186. http://fepestalozzies.com.br/QrIQTbQ6sXDw/biz/PrivateBanking/
  187. http://fert.es/HPwPiWzc2nVxnMoN2E/SEPA/IhreSparkasse/
  188. http://finacore.com/finuzs/zKtmyxlI5il/de/Privatkunden/
  189. http://fitingym.nl/596245E/PAYMENT/Commercial/
  190. http://ftk-toys.ru/Download/En/Paid-Invoice-Credit-Card-Receipt/
  191. http://fundeppr.com.br/2455N/com/Commercial/
  192. http://futbolamericanoenlinea.com/Nov2018/US_us/Invoices-attached/
  193. http://futuregarage.com.br/PnD1PFPBpHVQcTof/SWIFT/IhreSparkasse/
  194. http://fyzika.unipo.sk/site/9YDvpp4U7/SWIFT/Service-Center/
  195. http://grandmetropolitan.co.id/wp-content/Document/EN_en/ACH-form/
  196. http://gsverwelius.nl/a2MQZOldbt/SWIFT/PrivateBanking/
  197. http://gueben.es/pr7RRYlowjIMG/de_DE/Service-Center/
  198. http://hamarfoundation.org/086416BY/SWIFT/US/
  199. http://harbayurveda.com/sites/EN_en/Invoice-Number-052614/
  200. http://hayvancilikhaber.com/wp-content/8P/WIRE/Personal/
  201. http://hciot.net/kPSX2Hd1gDpMKjdAa2Ya/219744KTN/BIZ/Commercial/
  202. http://hectorcordova.com/1Kf6T6n/DE/PrivateBanking/
  203. http://hellodocumentary.com/lF0TC8S7s4MiW/de_DE/IhreSparkasse/
  204. http://hipkerstpakket.nl/newsletter/US_us/Invoice-for-you/
  205. http://homestuffs.com.my/5NC/oamo/Commercial/
  206. http://hvh-mpl.dk/files/EN_en/ACH-form/
  207. http://iam.ru.net/041572GFNAM/oamo/Business/
  208. http://idico-idi.com.vn/OWJkmGGl4LAksi/de_DE/PrivateBanking/
  209. http://ifcingenieria.cl/QpX8It/BIZ/Firmenkunden/
  210. http://ihaveanidea.org/wwvvv/6lnQfZWB/biz/Service-Center/
  211. http://informasi.smapluspgri.sch.id/hG1fieym2C/de_DE/IhreSparkasse/
  212. http://inhoanchinh.com/962341Z/SWIFT/US/
  213. http://intelligentdm.co.za/2803PIMP/com/Smallbusiness/
  214. http://inter-tractor.fi/023UTD/BIZ/Commercial/
  215. http://intranet2.providencia.cl/76720RANB/oamo/Business/
  216. http://iphonelock.ir/image/756o59An8/SWIFT/Firmenkunden/
  217. http://jfogal.com/50682RUWTQCJG/BIZ/Business/
  218. http://jfogal.com/Nq2XVe/SEPA/200-Jahre/
  219. http://juegosaleo.com/va2sYCtNM0SFogKwpYa/SEP/IhreSparkasse/
  220. http://kebun.net/023LN/SEP/US/
  221. http://kemahasiswaan.um.ac.id/wp-content/uploads/544XIWAQEOZ/PAYMENT/Smallbusiness/
  222. http://ketoanbaotam.com/2DSv1nbIzoNerOuiiD0V/SEP/Privatkunden/
  223. http://keymailuk.com/212DJSPVTCX/ACH/Personal/
  224. http://komandor.by/scan/En/Invoice-Number-507239/
  225. http://korczak.wielun.pl/57GACIZE/PAYMENT/Commercial/
  226. http://lead.vision/mobile/iIxAKt7/SWIFT/Firmenkunden/
  227. http://le-blog-qui-assure.com/7273PG/ACH/Smallbusiness/
  228. http://leonart.lviv.ua/4LUAT/PAYMENT/Personal/
  229. http://lightforthezulunation.org/KY6A14X/SWIFT/Service-Center/
  230. http://linkalternatifsbobet.review/Download/US/Invoice/
  231. http://listyourhomes.ca/F8AsP7UFtXKbGqk/biz/Service-Center/
  232. http://littlepeonyphotos.ru/1838138ZTB/identity/Business/
  233. http://loei.drr.go.th/wp-content/0052962DKCBVSK/identity/Commercial/
  234. http://loei.drr.go.th/wp-content/6590845YZB/PAYROLL/Commercial/
  235. http://luomcambotech.com/74OBPTY/SWIFT/Commercial/
  236. http://madrasa.in/04028RBZKI/PAYROLL/Commercial/
  237. http://magazine.dtac.co.th/78VMOC/PAYMENT/Personal/
  238. http://makki-h.com/DOC/US/Open-Past-Due-Orders/
  239. http://malchiki-po-vyzovu-moskva.company/oeL7bdGqhK4F/de/200-Jahre/
  240. http://mannatelevision.tv/files/EN_en/Paid-Invoice-Credit-Card-Receipt/
  241. http://maxairhvacs.com/DOC/EN_en/Sales-Invoice/
  242. http://meico.com.co/wp-content/plugins/wp-mail-smtp/33NGYR/identity/Smallbusiness/
  243. http://memoire-vive.fr/DOC/En/Invoices-attached/
  244. http://mentoryourmind.org/41LFOSUFZ/SEP/US/
  245. http://micheleverdi.com/323155EIM/biz/Personal/
  246. http://mininghotel.biz/9N/SEP/Commercial/
  247. http://miqdad.net/81257BBSBI/biz/US/
  248. http://moratomengineering.com/1628920LHZHNATG/identity/Personal/
  249. http://mrquick.co.il/wp-content/29E/WIRE/Commercial/
  250. http://muzhskojblog.com/Nov2018/US_us/ACH-form/
  251. http://mydatawise.com/wp-content/uploads/2016/12/BAeCW5sUgN2TkwrNA/DE/200-Jahre/
  252. http://netin.vn/wp-content/uploads/bLnwySdsQbniXed6/SEP/Service-Center/
  253. http://netsupmali.com/ts4U36P1CPqqu2TFF/de/IhreSparkasse/
  254. http://nilsguzellik.com/wordpress/5486UHBAHJG/PAY/Personal/
  255. http://noakhaliit.com/wp-content/23N/WIRE/Commercial/
  256. http://northernnavajonationfair.org/35304WDXWVOPC/BIZ/Personal/
  257. http://oaktree.katehuntwebdesign.com/FILE/En/Past-Due-Invoices/
  258. http://omnigroupcapital.com/ZqyiwpaR9UsGMJPryK/de/Privatkunden/
  259. http://otumfuocharityfoundation.org/LLC/En/Overdue-payment/
  260. http://pdgijember.org/vdxV1tm8Sxw7/SEPA/IhreSparkasse/
  261. http://plco.my/v1/wp-content/uploads/2015/5i4ny1v/SWIFT/IhreSparkasse/
  262. http://prevlimp.com.br/kaualqc/
  263. http://proffice.com.pl/2091826KVVFRYBA/SWIFT/Commercial/
  264. http://raidking.com/sites/En/Sales-Invoice/
  265. http://ralfschumann.com/DOC/En/Invoice-for-t/o-11/13/2018/
  266. http://repmas.com/wp-admin/983268NAOU/PAYROLL/Personal/
  267. http://ridgelineroofing.org/mIRDYt7DgnxfMpQg9/DE/200-Jahre/
  268. http://robotics138.org/sites/EN_en/Paid-Invoices/
  269. http://rohani7.com/file/qicWMv/Document/US_us/New-order/
  270. http://royalsegoro.com/0499199LMMNG/ACH/Business/
  271. http://ruhelp.info/839363ZGLGF/biz/Personal/
  272. http://sagestls.com/wp-content/Hylk90bY/SEP/IhreSparkasse/
  273. http://sahinhurdageridonusum.net/TgG4eSEmkXVUzmdpwXs/de/IhreSparkasse/
  274. http://saisagarfoundation.com/xerox/EN_en/Invoice-for-l/u-11/14/2018/
  275. http://salheshthemovie.com/29131Z/PAYROLL/Commercial/
  276. http://samdog.ru/uuqFH8yY7L4S/biz/Privatkunden/
  277. http://sapphireroadweddings.com/wp-content/uploads/2016/62706BIKRJCJS/SEP/US/
  278. http://seegeesolutions.com/DOC/En_us/Invoices-attached/
  279. http://sekhmet.priestesssekhmet.com/73739DXXA/ACH/Commercial/
  280. http://semra.com/LLC/US_us/Sales-Invoice/
  281. http://servicios-marlens.com/JLjrMR35bxEBuSFxrC/SEPA/Privatkunden/
  282. http://setblok.com/doc/En_us/Outstanding-Invoices/
  283. http://sightspansecurity.com/Az8bhPsa0/BIZ/PrivateBanking/
  284. http://sightspansecurity.com/iGpKASJxRnXI5S/SEP/Firmenkunden/
  285. http://simplemakemoneyonline.com/43504QXB/PAYMENT/Smallbusiness/
  286. http://sknfaker.com/newsletter/En_us/3-Past-Due-Invoices/
  287. http://smartretail.co.za/Download/US_us/Scan/
  288. http://smartroofs.com.sa/DOC/EN_en/Service-Report-9549/
  289. http://smkinsancendekiajogja.sch.id/FILE/En_us/Need-to-send-the-attachment/
  290. http://solvit.services/083997ANSXZZ/PAY/Business/
  291. http://sparklecreations.net/psUblOaGWD9K80mRY2/biz/Privatkunden/
  292. http://speed.cushqui.org/792443NELA/PAY/US/
  293. http://speedautomart.com/7KR/BIZ/Business/
  294. http://stalea.kuz.ru/FILE/US_us/Past-Due-Invoices/
  295. http://starbrightautodetail.com/RPsmsYBsBI/SWIFT/Firmenkunden/
  296. http://stefanobaldini.net/components/aXRS9vpVjI3v/de/PrivateBanking/
  297. http://stxaviersgonda.in/224QZLDDQOK/biz/US/
  298. http://sunnybay.co.nz/DOC/US/Paid-Invoice/
  299. http://takaraphotography.com/files/US/Invoices-Overdue/
  300. http://tbnsa.org/6548WZRGFB/ACH/Commercial/
  301. http://testspeed.sfeer-decoratie.be/EdORQGfu/
  302. http://themanorcentralpark.org/wp-includes/67LBB/WIRE/US/
  303. http://thenewerabeauty.com/0SNHZ/PAY/US/
  304. http://thepageantguy.com/005395MJGMSZF/oamo/Smallbusiness/
  305. http://thespars.com/51XHW/identity/Business/
  306. http://thienuyscit.com/outoc8b/74317DNYQGWG/WIRE/Business/
  307. http://thuocdietcontrung.info/Download/US/Open-Past-Due-Orders/
  308. http://toramanlar.com.tr/in1GL1p17oohyWIs9A6c/SWIFT/200-Jahre/
  309. http://turkaline.com/wp-admin/7JWTVYEL/BIZ/Personal/
  310. http://ulukantasarim.com/FILE/EN_en/Service-Report-3936/
  311. http://ursulinen.at/LLC/En/Invoice-Corrections-for-97/56/
  312. http://vascomedicsinternational.com/scan/En_us/Outstanding-Invoices/
  313. http://vinaaxis.vn/0IQKGLUSE/BIZ/Commercial/
  314. http://visionforconstruction.com/doc/US_us/Scan/
  315. http://web.smakristen1sltg.sch.id/newsletter/En/Invoices-attached/
  316. http://welldressedfood.com/default/US/0-Past-Due-Invoices/
  317. http://windowcleaningfortlauderdale.com/0NO0rJ/de_DE/200-Jahre/
  318. http://wire-products.co.za/845XO/PAYROLL/Commercial/
  319. http://wtbirkalla.com.au/INFO/EN_en/4-Past-Due-Invoices/
  320. http://www.altitudpublicidad.com/JIcOoRlQV6sd12qdysBV/DE/IhreSparkasse/
  321. http://www.appsbizsol.com/075VCDQQRRF/identity/US/
  322. http://www.bzdvip.com/xuGOzWi/BIZ/Privatkunden/
  323. http://www.civciv.com.tr/BSLX30hCPA/SEP/IhreSparkasse/
  324. http://www.coronatec.com.br/wp-content/yQlSVG6STaHQK/BIZ/Privatkunden/
  325. http://www.dmaldimed.com/97499DNXQOMIN/identity/Commercial/
  326. http://www.edcampwateachlead.org/default/En/Invoice-for-you/
  327. http://www.emilyxu.com/cxDjtxJd/DE/Privatkunden/
  328. http://www.emilyxu.com/sNIROv3ip2ia7Rw/de/Service-Center/
  329. http://www.estelleappiah.com/oldsite-06-08-2015/files/3199FOWZ/SWIFT/Business/
  330. http://www.estelleappiah.com/oldsite-06-08-2015/files/MLgFnnx4jSdVtsQYU/biz/IhreSparkasse/
  331. http://www.fieradellamusica.it/481DRDIB/BIZ/Personal/
  332. http://www.finacore.com/finuzs/njRmXU/SWIFT/PrivateBanking/
  333. http://www.finacore.com/finuzs/zKtmyxlI5il/de/Privatkunden/
  334. http://www.findiphone.vip/87CVWIB/PAYROLL/Personal/
  335. http://www.iclikoftesiparisalinir.com/AiF52tK6sNenhTpK/SEP/PrivateBanking/
  336. http://www.klausnerlaw.com/yIYomrxPHIlXsJQalkiQ/SEPA/200-Jahre/
  337. http://www.maxairhvacs.com/DOC/EN_en/Sales-Invoice/
  338. http://www.residenciabrisadelmar.es/euHecJxJt2zclhAGje/SWIFT/Privatkunden/
  339. http://www.sahinhurdageridonusum.net/TgG4eSEmkXVUzmdpwXs/de/IhreSparkasse/
  340. http://www.semra.com/LLC/US_us/Sales-Invoice/
  341. http://www.servicios-marlens.com/JLjrMR35bxEBuSFxrC/SEPA/Privatkunden/
  342. http://www.vilniusmodels.lt/4VEFGLCQF/identity/US/
  343. http://www.xianjiaopi.com/6kYDYzhpWoYLQ67g/BIZ/IhreSparkasse/
  344. http://xn-----100----1yhubg5b1bjabvb9ccphpccbcikolbgo4aeqmecfk6mwa3qd.xn--80adxhks/18500QBI/PAYMENT/Personal/
  345. http://xn--28-vlc2ak.xn--p1ai/454337ESYOSMTZ/PAYMENT/Smallbusiness/
  346. http://xn------5cdblckbqa2addxix5aoepgkb2ciu.xn--p1ai/3864WTFFDMPU/PAYROLL/Business/
  347. http://xn--------5vemb9cdabihb4bclaglcbccigolbem0aeqofk4mwa6ldq.xn--80adxhks/5984JQJNIO/PAYROLL/US/
  348. http://xn-----flcvgicgmjqfm9a6c9cdhr.xn--p1ai/8027718B/SEP/Business/
  349. http://xyhfountainlights.com/4846RXA/PAY/Personal/
  350. http://zennasteel.com/libraries/FILE/En/Paid-Invoices/
  351. https://argosbrindes.com.br/multimedia/Download/US_us/Invoice/
  352. https://cbea.com.hk/wp-content/uploads/4641133NDA/ACH/US/
  353. https://pathbio.med.upenn.edu/crispr/site/8545488W/PAY/Business/
  354. https://sightspansecurity.com/Az8bhPsa0/BIZ/PrivateBanking/
  355. https://sightspansecurity.com/iGpKASJxRnXI5S/SEP/Firmenkunden/
  356.  
  357. ```
  358. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  359. ```
  360.  
  361. Creation Time 2018-11-14 21:16:00
  362. SHA256:
  363.  
  364. 576e0a6ed02651d2e06a7face89a78f9f5b5ec24c7dc2c2fecc0bb676747888e
  365. 4d12b8d73d68c14c5c765906aaa07aea20839a74c9cd0f00f926d7c5bfda9edf
  366. d680f1be2b30831a85ad95f1e1223e95a7f87b34e0b49936f6c24a57c9e40793
  367. 9084c9dd8a147452f0e85e2594cc585c8f9c57a991060cd0b7983fa414c0c81f
  368. 16290c6384d9ecc50823e172c49013a69f998065969264c31cc944fd64996aae
  369. ff1ee29db382d2d9593547d8491ae306f5ca937ff1cf166e003ee413086080f9
  370. cc9be1f8aba44691556518978cce3e81feaf7173f7f7f9d6f07433de8e3a9777
  371. 1bdceed695b607284105a4de3dbd6dcdae2599120663678e4db0731bdd825c83
  372. abc0c53d29c69a7af927679c6bdb3750b33724f9af78b33785d949fd1c75c1cd
  373. e84c91dc8fa48dcd70602eaca31b9ae40a707a071f7decbfd63e3d5843cb53b5
  374.  
  375. http://obasalon.com/3GLGQqd
  376. http://assistivehealthsystems.com/EIEg9GrICd
  377. http://smmv.ru/2zlwZI7
  378. http://imsmakine.com/g05bnc2fVE
  379. http://afrorelationships.com/RbVvITZSS
  380.  
  381. Creation Time 2018-11-14 18:30:00
  382. SHA256:
  383.  
  384. 06e64d3436a129bade0c5552973d8f5c95b5c53d03d90254be595cf3bc4185d6
  385. b963cc53776df57e87d84f05415a3ee7db7ab9711d144c4fd6d4f4c0ddff642c
  386. cac15e51b84eb740930d51d2fb4cca22d75c86bb977a14074a0427d6d209c69f
  387. e68125b87c26994e9356cc2bc7e31ae6e3a16a8ec86975307efb481e1e927391
  388. 5aa9284845297dce908885cd9cc98648f4f562d88c7f19c3c4cd6743c62c78c1
  389. dd9037632ad26ba2ce464f83ae137f77fb094ef388c24856ad6ab54cd3fdac47
  390. 2d0814d2242d86d34b86dcc8d4f75929af50661c50d90527d0faed102be54fa9
  391. ffa467a34f3281b9cd160d571e4d707acf2d10065b9eff4759ce2181530dd049
  392. 538085e8cdf6b15b372d535df1dedf9a52cf4243d7df75b4badcc6072041e145
  393. f0036c469df2531b0c6e963fd38831d3db7329985e3468822b7de9b883320270
  394.  
  395. f2555b78492a44cab86e65102aaf15b6e530af851b565b5cca3d0aa12ebf3c18
  396. a0773e189869f9fcfe22a06847a2d1aaa4a91d8ae1a95b1076c5d6de2b3e5095
  397. 0a2b8ac9ada001237cd1da169c85020aada37f6d34bd09a0338c49fa73779db7
  398. c54bf80d78ec1d11bb29d2bd5519cb5fa2cbe4813156a734688b3079671208a7
  399.  
  400. http://vovsigorta.com/JSG351p
  401. http://www.greenboxmedia.center/WJ7Mzdv7
  402. http://ghisep.org/img/jKX2btFw
  403. http://hgfitness.info/DozxE5V2QZ
  404. http://juegosaleo.com/TX9YrE9bp
  405.  
  406. Creation Time 2018-11-14 12:45:00
  407. SHA256:
  408. 007afb6797203e525c3facbe4de7dba73b31007e58059cfc09bad8e317581249
  409. 707539d4c37078c936250a42e901fb5db3a9575db176edc5a3d4889b6f1ab649
  410. 7ece6b353421561ebb06b374497b668d84a13506ad8c6fa552b04dc3dfd4878b
  411. 6b80eeb2b9d7e86b14e12ee8858daaf12f92c0ac0340cd6b95e5691ff373591c
  412. 43099c7f72b6aff08e3ddb1566e32735c66b1751500fff124af6e1a761c1ccbc
  413. 6a34569bf87487070e6ddd5896b403b7dffb7d9a29341fda5813151a3511aaf6
  414. afc45e7266a43b6608f6052166a07c75fdff5990d201af85ab06fc63a5e5d3d9
  415. 34cebe5a052d2d3a5c23059350443b4e6a133983029f9f8c3d275bb8a342402d
  416. 7671e803b42ec6425d5f12f3a88d5fa442474e6d7ecae05e75619c9bd57359d1
  417. ba154a65b97dd287b4b85191759be5cae2bfb1b663bd5f6269dea7cb5e80f3a2
  418. 9f8f9470663bb4c1dca15733e1cff0e882c931ed0ca6e9eeefa0f535df501229
  419. 90c07f7976127dc85f002710eb67930cd277cefb91d4da09ab42c7de58242f09
  420. def2b3241d79b377518a5b1a39506ebd3018c8c8e8d611e43916cfdacc377a8a
  421. 2d5caba6f7f04cd29245bd72faa63f47964c98ce9c4b995bb7d4a8a134555d0a
  422. 207fbe9c72f12bd67b3febaf2653ae9230000a7f8e1850a0933060df72983084
  423. 0bd927dbaad1932ff73d5abacb13abed7947ad6834fd2481a5cc5ada7bab76d9
  424.  
  425. http://c-t.com.au/PspAMbuSd2
  426. http://shajishalom.com/FOH636qV
  427. http://pteacademicvoucher.in/8lVruWa
  428. http://866appliance.com/Y6TApcX8A
  429. http://planetefaune.com/yuaijLUGlN
  430.  
  431. Creation Time 2018-11-14 06:38:00
  432. SHA256:
  433. bbbf83a914fd9544b55d01626d4a23d61fa81e36f95ae0fc6420023eb4811584
  434. 0cfa39bca60bdfd3ffecee480c40d021f30fb7455938ba402031d5c598f3e28d
  435. 7d136e76dd34241da72ee490eb37ac8ebd8fe0c53ed04bea9daccc2866ea2fa2
  436. 1b18aa88be2b355f216739ea4c69fa59d2417f8da455e777c32cb62cade4664d
  437. fafb8f9cdfc1a2bd826c0b5b8977f854aa19623137b0f5008dd25ddff729460d
  438. c5505d9fee8553453d14785b79be2f49549b5b46e2692da5b9e6d814c5822703
  439. 83c8d56134d1328ca8c9467d6a2847a35c4eab63a1bd7c7657561a7eb8b8c5ec
  440. 16a6ba70df7464e1a66c83e77bbf911163810d236327461756df4c1f0a6dd425
  441. 6b905b8fdd0bb668c89a604d012f026234d554a0406a42b07a0aa5471391fbc0
  442. fa5d06cca229a716d2636917e67a9dbcebd30091c3305930c503ade023d9989a
  443. 5668fd4130f6fe1a426eb9061234f962bb4133d4381e8324f84abd3bbd290181
  444. 6303030e70a54c5f0126940477bb154c9c556f7d25ee1b65242f7fdcbcd26f30
  445. 8d717469c478e8f945f706ab15a4079a9c48b996de3f1568ee415cc3db785534
  446. 0ade8b9efc590dab1b40d3adcf78748dd62abb698faa4873e55c0ac25cd54280
  447. 0672a7057ef39a0e5560f36fc558e8446ebea5f1a36b220534caf20a700b1cd3
  448. 7cbfcaa0b0d8b2ad82448f715cde90eadecb5cf1e74765c4fe4f2526799b8da9
  449. eb89128d22ec1cc8f4c18eb976fda86f925f631d07fd62442d4ea7c0a45a2170
  450. ac8aae8f789fac37a88f9a2642721833a68ddb5f47154807ef249fdaab96e899
  451. cb89d42e26f6108ab83b19c8d91c1a611de298e05d9cee7837037c432b53a972
  452. 5cff6c849548213302a98d3725fda7049a2ece9072460dd4b0de1c0af9b9dd75
  453. e27c9d662032951034941ccb6b26ec4315d83f2c43d220d27e0f1c19529e0efc
  454. 62e1d13bb7fbc26630c42da2b40d0ef60f4a48d6eda4065165ea0e413dbfaca4
  455. e612644d500544e8f5045c7a3df8d4227c40da9cb9e0b0b940576af18dca6238
  456. c56f9b8bb8ad52742140412f269a7b5fd57243ee992f9a0a8f2a7f4a8b85f75b
  457. af87876d0a6a3159de9c75912925c9d6e557ad75077e4b62c17ff6f5c769923a
  458.  
  459. http://anayacontracting.ggbro.club/W61Td2h
  460. http://mentor1st.com/GPjQt2Pxe
  461. http://vpentimex.com/Dd1OSOO
  462. http://braithwaiterestoration.com/dgFKEvC
  463. http://beepro-propolis.com/xfMloEkt6
  464.  
  465. Creation Time 2018-11-14 05:31:00
  466. SHA256:
  467. 75c5359e2478b45a7526cf7ecefbea5c15d3c3bcddba32a40ef07d0cc0ac368d
  468. 041551dac5de325ecccc252a0d6fd49c3ed9c85eb9ecb8dd91ecc85de2961454
  469. 0d7e9edec0fd631dbb725c95eb89b4cf3aa14b624cb65db5fe66a02bf22bec88
  470.  
  471. http://sanlimuaythai.com/JyqB8LsI
  472. http://kingdomrestoration.co.za/CYzuphdS
  473. http://erhaba.org/2Mg2x4ixjv
  474. http://vagler.ru/UrzfhrBBg
  475. http://danzarspiritandtruth.com/dP2ORoS9P
  476.  
  477. Creation Time 2018-11-13 21:39:00
  478. SHA256:
  479. d8d4b5ea78b2db59271a090150ed9b9664541e3d0264ebb554db887ecbeb4c23
  480. 188873663307c1893db3a130d4806291607a56c683e2c6a602fde8419bcf5c27
  481. 124313eafce4114857786cb95452688b634b9e2a401e56c9e2bb0e7c5530156c
  482. 7926bfc0d12d85e2a36ccd9a545c93f043afd4cbea1f8fc32160ee41ec697d0b
  483. 98f88ed33c928d30eba1bfd763d47edbca091a24a73fd78651cc7457ebf47206
  484. 0436654757058822a1432389dd1affa7ff96f4acc7f32c30b7c53e4b87196ab1
  485. 73986cc2e3b0cec179f346fef3234f92d9468a5e1ff05c0378cdc2b51914632f
  486. 921d9780574e1883b287560f93095614cb1a27a77438b92b2836cf3c4438a6ed
  487. a30a4ff2ddf595741b7410bc15f79ef02907bc372c6eb121c303aac977268051
  488. cf35ed6a0a5c2e236e1b99ea3c5a1f05a079a9d53f776ffed1976952e81630e3
  489. b8c28056208b4e534521d31c6e579d7d91da8cf8996eb7a23881817568e930ef
  490. 2bd17c2ef70b599dfb5b97e3609fb1861c315fdcbbf1809723b8185070ae20d2
  491. 53c1abfe0e7d4a96fa84cc5d41aff2fc51e1bafb1567b8e1d67b42ada1777dd5
  492. 81009b191802ba12cd6a90c85ad80a1fa1d65db88fb3a9c8a5fe27054d952902
  493. 300388b942f47a19f60a42454eab019005a2c4bb1df28d221586e2b326d812b9
  494. b2110c06c15726636fbaa24569b7dc0c7c4e38099f8ce6328ff568d172c73970
  495. b211602974dbd9f6967288147f9e9599ed5696614c32065fff69b94ed6095ae7
  496. 603f9d733df9ef338c2afa807b2c1ddcbd50f2ec30fa4e3d4b9ce742d5be2cc8
  497. 9ebd763da881a6397ca589908c0664cb728aee15990f911ee2f83bb6325f2609
  498. 62fdc83c620fda52ad3500a6abb547a4884b61cf1e310325e637bdae8f81623b
  499. 72a85880fe96b7c8fe236d4c6cb288a34d48d5b64996905cbed56b2f647c49e6
  500. 6150c6d1c94dcf5f64614216f2299433060bbb93a5621880389289cc696268c0
  501. d184ebe9aebb0325714043355361d6ace0c304e15df1cd73ae59fa068dec54f2
  502. 558a904381b193dc9e4421ca1ebfeeb948fd098ed9659eb8bde11b130af33237
  503. 885d369660b4f9d110aefc5e6f4f0633d60ed6ffa2715fcb9386a064acf82543
  504. dac0733d8734aff890a5f00f197c6537894d14faadf6cbc478c88056cf3589b0
  505. 6aa4c4fa8568f60b18fd7050c650d2f5240d5e8d2ec58a27ce48096a036b53fa
  506. 0412e605d7b016f3fe1c22834530b783229752bb73aa887244cd03f656968f3f
  507. 92790e4826f5f1433bc70a3439d815023cb9bde16c73e7f3b75a7d01aedb8ecf
  508. cfe5b2f3b0dc14ab42e7ce88b115c057b71761eeddb5e9f0dd6c6a38ef3b19b7
  509. bb7ec910906b1eb8665e5deeb6b65d0ecc4c97a671d5cf160b0fbc6b86ae7227
  510. d8b7f3213403e7f03e25b996fe7866395bd61973e58ba84b362cff20293f5807
  511. 71cd20c2e40523d462fbdb3bfddb7047bb824bd26e7001fd1c83b8f8f6e5deed
  512. 20772d295f794df456c1ea8bbbe10008b5f627da507d99bbb0a961a4943017c3
  513.  
  514. http://sanlimuaythai.com/JyqB8LsI
  515. http://kingdomrestoration.co.za/CYzuphdS
  516. http://erhaba.org/2Mg2x4ixjv
  517. http://vagler.ru/UrzfhrBBg
  518. http://danzarspiritandtruth.com/dP2ORoS9P
  519.  
  520. ```
  521. #### SHA256s for Epoch 1 Payload EXEs seen on 11/14/18 ####
  522. ```
  523.  
  524. ce1940b70b4ee4e2b29dd0363b0bd10524139353d71d94c0c6d73239732cdc7e
  525. dec275d4f2bec67052882fc7afc81d8a89b95293b91307f82c14eef699aa8481
  526. 3d1eaa71e346f8e24924ea665f3586586b8d5f5cb9c93ab38fc55d189c17210d
  527. bfda09b992b70a6f072827061c7e2481bc3c56a6981b12a3e9560d0e77c048c1
  528. 5cfd134c67b2ea0ddd16a2b7f1e639f4b71301efe22775ce5639a2338ff8576f
  529. 42d1d8cd25db430abe8c665e361fc249ecf773b63721dd52c2db8e12be509562
  530. 2b641d37a926b7050f9fa179e6cb3439d0eea4e66b9ce4cd84d4ee3c60446c4f
  531. 1108e6fddca86000092941ee246d190d0c6b89f3ce7788535cccd022d40e125e
  532. a149821063817e9473392d7b3e330db8e4bfbba989bd8ad5f0ad31a1e0629ecc
  533. 8f3f1ddad7c13b3757ca200fa93d2afd33c52b1c7dc2f27caa8ecd989291f748
  534. 951f1946669138459a5185ea594d13fa358486cf05daab305d4174c1a1cf0579
  535. 10339b0cc22729340f8e538735d29b8839fe325bb8d4f70a33026765dd7f71b2
  536. a25625f7d1e3bcd30477059562cfa0d0ec618fc076d73b3ca02beabde7a5a601
  537.  
  538. ```
  539. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  540. ```
  541.  
  542.  
  543. Creation Time 2018-11-14 17:27:00
  544. SHA256:
  545. 96f3a8387c9c4936296188d48452767b49b9630763e0bd113186fdab70ba78fa
  546. 1ca07b9bf918d1f3f516bde586c068aa182a606fb3bc968d73d64fc97e4de5e1
  547. abf9171722f10133cb9e36083bc0d0d166414cf9deb6fe15ceb612fc4200e64a
  548. aca1da7bd9ff4a712c5d1fa9ba7e31f0542d9900f2ba63b8b79ca9cdf2ec3b37
  549. a33f028da4fff60c187e544697e5a0650a161870c1d2a3557228f4a3639a2d6d
  550. 4e0d37fe576048d38c21e8fd8e9355273482a44d4121e2f93419228b9c200fa0
  551. cfa1e6d786e60d64a69df07b25c70adfef1adbc90b46633abcff544ec7a4c173
  552. d8aa3d39d1c72a16afe3e4ff148e8a35432b302b67bb768f05c72cfa1e935e98
  553. 854383b402783244595f15c7bcbe6b67baeed440c2dd8b85dabcc74b19a0867e
  554. 19d401bfa15553ea6f6183f151d6a89a8e21a56cd88e251345eb6bd2fe007bdf
  555. 1cb6f3f4edd36469152b213900aa334974e4860fcf031b8c196dc18aa71ff70e
  556. 4e9a822b721e81d2ccfd9fa7a0c1615432741635158e6d5dbf36ad82d4dd1bb2
  557. bf2bd8e2e086db64ef9a94a6801a20465313ad389c0a14fda117f1487f18e779
  558. 371853dc307cd27ee81ea978478cbe1f06232864e0285ff9df8a9efa6bb1ac64
  559. 83dee1f1990891ea38420eec26c693d0d03ac4ce81a0f55961f873f24453db1f
  560. a4f49195578ffa5a9e0bee84d7a0564a1decf33c26f36a3318e2d555a0af6cce
  561. d53a36237b3fee0ac177055ad31bbad0ace8d7645ee50b50ec0cb64501420454
  562. e7eae16a7a10ae1e9da30c27e010d9b99354e15f1d002af610b6acc145c8fdc1
  563. 459d9369d690f03e50a894f833ee4b9d2afb2dbf5715571f22f569ba81ef10fe
  564. 2d660365b1357481c997aa4f1e47f6a4582449a093d818f7bbef855f8ec5a07b
  565. 1763c756fa42124ebc72852c73de683846e95dac77e4c4e44302eeb0e2eb23ce
  566. e2a405d3777a63e854992ab52ebf523dd36fba4dc54faeab4eb24b3a8abd5eeb
  567. 668b25ab1054ba1e1058cdb9d13b417d8c210d5715d8aa1c5c2980b7f3b24be8
  568.  
  569. http://zhangjiabirdnest.co/PUxAY
  570. http://panelapreta.com.br/b0kQ7Q8
  571. http://sitrantor.es/LdLr6F8A
  572. http://aionmanagementservices.com/wp-content/uploads/m
  573. http://kemalerkol.net/nYpjxu
  574.  
  575. Creation Time 2018-11-14 11:53:00
  576. SHA256:
  577. 424d7086b30347760e53468501dec26260ae101171ab49243bf7b9f68d6aa58c
  578. ace36b16e83780808d995518072dc6488d1fbf2ddc468f51646699121de2e421
  579. ecc1b2ac9fedd79b855b70060c55c0eec6b1cbc338df9fe47b27c4d75ac7de73
  580. b2166ed809be94a773da298737847c1ecbbedad4f83d3a992c91c2689cc54a18
  581. 7a16773aab3ab26a41378ec9b9b2e830c0ec7d363a29a715c7c9110c61a37db8
  582. 5aa99483244d0cab155231d593110bf0b49f79e0b927638608fa021cb3c94bea
  583. ada8ed92940331ddf38a701a0d6af1d49832cda0646d5634a1f811a6b9b6f6c0
  584. 4da0bc98e68cb4c6209131ca583ccdf2d0a3ed8620bc5801f888e008fc0a63b9
  585. cb7ac164a09ad600e22de28372e873049afcb0f776c434643a4854b65ef7dfba
  586. 70eb8eda87e3e076ffad318c0f732e43004b741538f9ccdfc1829c0445279252
  587. 0ea75b335ddcdbad9eaa608915ee5ba534f1dd74db880e61dbf923b53aaf3fd7
  588. 88c51aa497b50a9e17625af94975b8908833fef64b163d4f6d8a6f68319ee750
  589. d8a0fd2c820c6e5f5696ee95a0182adb6e0d0d1e07c27618e299e9a4849f0ef7
  590. 4e106b0156013a383d87c2978b5d318db6c110b38f32e8ea3b050525a10dbd3e
  591. 90e2205826d42d33a8159d0b8cfb4e11039c8f665717888b565c46d37fb1f21f
  592. 1b7fd0c069712713d0480a9e41ba2f10a1fc9c4650357fd25127796e12d74994
  593. 39e842f9ec3af2e69a85758d8b9ff76db2e80a06feb212bac859635ff440390b
  594. 0596aed5666ba8978f764e9b05e267d7fdc2d5542e6e6bc655f86e92f60e15c1
  595. 5258ef7c847d8b63a616458eb2f435f1e6cf31eaf541bf268036eec96bf6e74b
  596. f9e7240a79f5a5e4bf56bcfff09bb09084ce6fd37d1af9d7e79183e59dadca15
  597. a13263898a2d869eacdf025d82592a0433646da268743b93e137a79addaffba2
  598. 6ec423bfde278ac48ad4dd6e82c3ee5d25e8e1750ed067e56d736febe36981cb
  599. 3c58c8075080049bf56f0d7c309b7d2fe6a6fbd195d5e37eb9b8839dd4f88a2b
  600. 2e6bf35f188e90eefa92b947780c835abae466e8d01cc8f9f627e818b87481cc
  601. d416995ff59bb109b5527146f344e9740c58c836b6dd40382d6bf47b35f601fd
  602. 7813984cba3d7ed748ae1024158bb31a8c4b310d96e83e730b069b63ea276100
  603. 1771a1ace8c8ee6896af0b4ed0ca6b0f4539c9b095e55b223c7d5795fe768ce2
  604. 8003acb828c91f5957a8ae38c97c8e3a37077aa3414b60c58274f2f583ba4903
  605. 3c87bebe9bff0755c9641b9fc87c932e8cf585088b70d705d2977d535dd48880
  606. 6ebb160e2c5bd0589935252cc1f11165fcc972d2b0ea679fa87d1387b95c0888
  607. 582ec7582032c6ba1ef7bef4837af4f09568fcab823ec3342ea3fad7bd1f9c62
  608. 7cc32605321e4761ffa277ce73d40dbbce952ed04d343990e253e2e738b7c45e
  609.  
  610. http://trabanatours.com/u
  611. http://pizzeriarondo.si/z8cG
  612. http://diahmarsidi.com/MPCTKG
  613. http://ogrodyusmiechu.pl/iubv8v
  614. http://assurance-charente.fr/sfh
  615.  
  616. Creation Time 2018-11-14 06:29:00
  617. SHA256:
  618. 4427fb09ef65226b546c09045af2131832b4dc942e3213ed146fb07ea78edc8d
  619. 68e67a96adbfb790f56ed18e253f253a97f2bb4d831edca2905fed997ef42366
  620. 9ce735eb71b5fb615c9b00d40068e8c0345661307a0b7823533688059d2c7671
  621. d38fa2555674a5382ef61e0e70aea16ef60458db45874c6194af846ba211fa07
  622. 62c6d50c33bb9d5a44fa931358ae77d3beed701adaec6598aee887489091e300
  623. e0cf3f7c97fa78a43bd0eafe498fbb4e3cd6e984ce3404818c74efb3a00bfbc2
  624. eb1416b3d372bfaae2226f39b20198424fd8bcde197f2af1681be512be0e2650
  625. 9d7e5a882dbea3ef9542450ced3b6a43573a8d2f1cd7079a0c148ffab7fe088a
  626. f94a2cce5d6a5a7c1ab3bf6088dea50f2e1bb25005966d9e8be5b226f30343fe
  627. 85c42384311ebcbd7441820d8c6b043520827469b8b9b0e922c69483159949ec
  628. c42ef67b4f4ff60cc785a361b1b826b99de461a3f1493d2a35500f666900d8f5
  629. e36e15e023173787380eb234ab65bdf5b64efccee717ea5d7493388b6c60b042
  630. 375c40c33adbd1ddb234c2c66604d484918b3952fc534c5ba1ec10d4a5b33caf
  631. e988e56002da181e084c31e2dacae8dd2c33f7afc512632bb3a36203190b0dcb
  632. 9939b33af4f5e167653636fb280ff8c2f8e12db91a5911e611768eb3874450e6
  633. 029e21f9819e6697d81fb5fd18667bf3730bde1c1a9692439514f6f837bdc71a
  634. e4c94995dcc9c3c5b44b1b325ac18e8cc1fd806662042cb383b173408f25c2fc
  635. 0328fc5fda1d9e1ba30e93e6820488c1aa1d709474f235c4bf956383bd3ebd7b
  636. 1e5e47a67b8b468bd0a8e6bf3aac6799d8a94afd2b04278ca1559d396e0772b7
  637. 8e8ebf7d58020b1ebf580361f24fe0928dcb923bc46b244ee9bdd3312d713552
  638. 7ab984982b1b020d54e198116505ab1aafee30323c6fa41d6e71d53b8796b802
  639. 587355f4290976335fe791299929d44e7714464bee425078f392357fc6ad8917
  640. a04f4de848a5b5ef49f1bd832d1075a1ec4ef79c1e4d4bb6bf09440ab35cc409
  641. 6dc235b67ec03448dd547ba027bb18ebb7131429138a85b9aaf9dc74933e1683
  642. 6817838bf95dda894484c14ed20c538493e96325e7430385f8925e973eb0ff91
  643. 0eb211bb0782f88d78828ad86af5588c7b7fb5398c73ff771efc3010173c0052
  644. 1a439c742f94f9d26249d179e00e31a9b47ad433c759b6f29b2c9a132a8b5441
  645. 86bbfb898231a9106d3a96548f8d497da63daa1e6fb14be45c163db7cc166362
  646.  
  647. http://duhocgtc.com/lqtp
  648. http://besttravels.live/5pU
  649. http://saisiddh.com/YoWZd4
  650. http://insumex.com.mx/zTMd2
  651. http://giangnguyenreal.com/T
  652.  
  653. Creation Time 2018-11-13 20:04:00
  654. SHA256:
  655. 4e8c259c2bcb30d7befa57362ed453a3590e078c96e76a6ca363107e624b0225
  656. 620ef5b8501ce156aa57bec864061c992e42c61c3eaf5c567e0002ba4e2162e8
  657. b0a7bbb57eab0e80fedfa62a103370ce03f3c4305bb7573df2ca06091984ef82
  658. a8d41c74807199a20b0acf02245998da966747695f10091f40571ade26405b84
  659. c387e1e35c7ff86526a7d66399f12017806fabb4faa111ba2b27c8b936ffecfa
  660. 9010d662857d169de5384af78985e25b14410244b04da5dcf5300c1ecd28c00a
  661. 72bb04e8f82c63c3d571f3f9012b29f5bb2205d6c5e0daa62cc9ccff1905a8d0
  662. 90614d3da32d107339702cf14724fd43ab039fbf8d0c0cb0d6a68d28eb015cd0
  663. 7fd9c66627122571d0553708b5d6a914744142da39c17892011d2371f2577e10
  664. 9098752cbbfbb8099362ac188870c6c478f0dd8869f5215253e667b18555b199
  665. 8caa54397d78b09b4c2553ae804c91155d3a3adc9743409bf5991246458010a7
  666. 208e7e3e7345666f7fd0cf907f7becabd5bac717ef7b93505147ec8c55e61edd
  667. 9c0e5f94114c04c85c371da0aaf14c9133ea9422068e1749275229ce9bf9b246
  668. 23e1c6797d94bd21ab78243b6dce416e324dceee237e992f6415a3b319a66119
  669. c9f15bdf45c76ccdc730b207dcf923ef3f693256f857f6e13451e8ddcd63ac0c
  670. b679621146dfa7ac24749f85a45f77d61fa250b7dbaba5be3f4435756314fd3c
  671. 31ffded5360755d13f745b2e55aaf2057287e24e036fe4dec67b4cd2d8092ae0
  672. cfdfa3cbd4b0b21e2c97d2601e301811ac9789ba96168ea914c6f8e573eea613
  673. 1b4d3463ca684ef36734e2b985cf820f4052bae4d6e0192975014d66d0e5d030
  674. 3b870679f96129496ddf74b48ba55aeea663c2516ce84d330f114e515f8ecbfb
  675. 401d503bcd4929012c90fb19e86354b36d54c20b794366e13077b78b5793a338
  676. 11a59ef847e28e196f0b415d6aa5a25319f341420004a6fc560084afa4a99a96
  677. 00978b70a8b9cdcc1e160e075174c541697678e04ac120a82287234b6f02331d
  678. 411f548cf47f8aad3d543efadb861aff3e8002086f2aca7ea9ff7bad7abfe9ab
  679. 9132d9aaff0da8d518c25a43f4e689a9d984761f1463f2869986302f8a6b4393
  680. 8d54dbecac5b5de6b80bcbe6771285af41b257c2504a957b677eb18f186670f8
  681. d95311720ed12c7e3be657ff086e9b7781b89103be988ad10c7ecd60acee8512
  682. 9e1f14d1cd3ad8e440348e7e978988f568ac5e6efba821be4ef59137dae2c237
  683. bc58c43093f08e6714e0ffc32478b5ea717871b229e8604a64e006428421ea65
  684. 8502a5e8bf9cc18e0c6c2cabe98a35cd68330b6136592d777cc4481501798dd8
  685. e70c5a47725db4a5829fc82014b05998999c8383a8678bd5db21b452229987ba
  686. af0a769f202088ed042626ccb8ca2f89b922ceaa638ebe1feab8a95468f6b981
  687. 2dee37e0b2eb3a0c8eb0866ceaa6fcc8fea4eccf7ce0e26f367ebd999ff31e8d
  688. 1f2b775d0847cc25e9b7d8ba653c25c5584afa2c725d4d6414b0c03a7c7eab21
  689. 769ab7ebfc199dab18fe6d8aa3504bb81def8abb95314b0d83cf1acc8e9b1ff8
  690. 07cbd6f2845dd592170ae62600f6599d234e3bd710bbdc8b869cc8938aec346d
  691. 452b6ec48ba4df4e59c1a72b7a810cef0efa1d6538aec3d838cfabdb25ad5415
  692. 273241182e581400c07fcfc16a8e24552e0b78c78f0e79eb97aeb56dfeb51167
  693. e1b7154fad1606f317e61db6607e4e6b3d0c5467f905bc5ea50a988131a52a58
  694. 80030eba410e5b62ba0a68fd678ba9ea7c6cb80cd0287f3542af57fc2b76b216
  695. 3776917e868f0bc93860afa61faa0f31ae0889c52fab09bf8d8f7e5ebe962ffc
  696. 6aa43fdce6ff514a9467ffaee5b6fdc1a0231b282cef1b1e9cfc2c4cc4a76a41
  697. b1b6799c8e78883e87a72b3d861c19ea1a1d8c9833a7c9855a53075ebd28356a
  698. 703a7b33caa1505ef32ad2a5569084f9afb3a023d27b08a5bce7ef08d8f5d08a
  699. 040e4101f137c670f9fa54d03e7c665ded7751f17a78e97a630a793bbbb560fc
  700. eee7b032279786794d254209563470521214bdf6e6426e50e6e628bfae7ac94d
  701. 215b09eb78a63a76c0bcbbcf4267b8b8e2facdbc78aea6a6c1b27b538e9bfa49
  702. fcc182c98b35c111f4b0e16e9c2e1db625070080b374343f63390c1f4b1b45f0
  703.  
  704. http://klempegaarden.dk/nZ
  705. http://tastamar.com/hZEikxCA
  706. http://avele.org/Fg
  707. http://elsoler.cat/7JxzZW
  708. http://ntslab.pl/IRIhtk
  709.  
  710. ```
  711. #### SHA256s for Epoch 2 Payload EXEs seen on 11/14/18 ####
  712. ```
  713.  
  714. 19c337140d5fea8bdbe48ca2df8f0d10df1afa9b9855362649200d2ef62871ea
  715. 8bc16f6633c8286a50a59139fb2d27ee75eb58317412f719ecdce87a25045d05
  716. e94c261bd4731e862ba1cf6435a45d39dc20511254763c901dfa798494361620
  717. 96650fb7488f2d2b7c6c88f5b02428cdc5b54a61f513a28b290450d10b24ff08
  718. 1ac4ea3234156dc1764b8bde752bd199522548ef4422452fe23dd0174271130a
  719. 412d5f1887c34fe7ee92a3fa9328c6003edfd345ad9020f1aed42a4a81341e37
  720. da07fc26a9dded88ef3c27f0cd5145f68620fb599f2d56ce1675a801bfa878ec
  721. 9155a2f84c7a36f27deaa0a3f63bbcb426ace329e10edcbe7d9a8aa8a20cb133
  722. 582e0912fee577fb52ea5f06ec43a8b241f4baa431ef1ed3a575f7ec0a11a51e
  723. b453e2189c74d790d64c349169dae27113263db74233f05f327b642637e442bf
  724. 2b9084bebcb7655879818bf44c15571ce3161e8dd9b3ef5c8387e9c598c0234d
  725. b2c5e2ce8d94d854f39b418afdbb373e1cf9e40d273046255350366e177156b9
  726. e6c95255a8926b0f99d7b83bd00b7062bea8e815838e7e8cda471edc32253ffb
  727.  
  728. ```
  729. #### Epoch 1 C2s ####
  730. ```
  731. (Port is 80 unless noted)
  732.  
  733. 109.170.209.165:8080
  734. 12.222.134.10:7080
  735. 133.242.208.183:8080
  736. 138.207.150.46:443
  737. 139.59.242.76:8080
  738. 159.65.76.245:443
  739. 160.36.66.221:990
  740. 165.227.213.173:8080
  741. 173.11.47.169:8080
  742. 173.160.205.161:990
  743. 173.160.205.162:443
  744. 173.19.73.104:443
  745. 177.242.156.119
  746. 186.18.236.83:8080
  747. 189.134.18.141:443
  748. 189.244.86.184:990
  749. 192.155.90.90:7080
  750. 198.199.185.25:443
  751. 200.127.55.5
  752. 205.185.187.190
  753. 210.2.86.72:8080
  754. 210.2.86.94:8080
  755. 23.254.203.51:8080
  756. 24.201.79.34:8080
  757. 37.120.175.15
  758. 49.212.135.76:443
  759. 5.9.128.163:8080
  760. 50.78.167.65:7080
  761. 69.198.17.20:8080
  762. 71.163.171.106
  763. 76.65.158.121:50000
  764. 81.86.197.52:8443
  765. 86.12.247.149
  766.  
  767. ```
  768. #### Spam/Stealer C2s ####
  769. ```
  770.  
  771. Pending
  772.  
  773. ```
  774. #### Epoch 2 C2s ####
  775. ```
  776. (Port is 80 unless noted)
  777.  
  778. 104.229.109.97:443
  779. 111.125.87.100
  780. 115.71.233.127:443
  781. 125.63.116.242
  782. 139.162.151.141:8080
  783. 153.122.38.158:443
  784. 178.21.66.250:8090
  785. 184.149.17.62:8080
  786. 211.115.111.19:443
  787. 217.13.106.160:7080
  788. 217.174.206.181:443
  789. 222.214.218.192:4143
  790. 24.166.75.5:443
  791. 24.220.80.37
  792. 24.234.221.236:7080
  793. 24.76.123.171:443
  794. 31.148.221.34
  795. 45.123.3.54:443
  796. 46.163.76.187:8080
  797. 5.230.147.179:8080
  798. 5.35.242.34:7080
  799. 58.65.180.67:443
  800. 64.19.32.70:443
  801. 67.205.149.117:443
  802. 67.254.71.72:8443
  803. 68.102.169.43:8080
  804. 69.198.17.7:8080
  805. 71.71.126.201:8080
  806. 75.110.190.86
  807. 78.47.182.42:8080
  808. 81.149.110.194:8443
  809. 81.7.10.106:7080
  810. 82.117.238.3:8080
  811. 83.110.100.209:443
  812. 83.222.124.62:8080
  813. 84.200.106.120:8080
  814. 85.105.250.128:443
  815. 95.141.175.240:443
  816. 98.142.208.27:443
  817.  
  818.  
  819. ```
  820. #### Epoch 2 - Spam/Stealer C2s ####
  821. ```
  822.  
  823. Pending
  824.  
  825. ```
  826. #### Credits and Notes Section ####
  827. ```
  828. Updated 7/13/18
  829. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture: https://pastebin.com/u/jroosen
  830.  
  831. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list. I am providing them for your benefit in case you want to parse them to be sure.
  832.  
  833. UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!
  834.  
  835. What is Epoch 1 and Epoch 2?
  836. Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now. Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change payloads every 3-6 hours now and hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100% sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch as far as I have seen.
  837.  
  838. ```
  839. #### Community Lists ####
  840. ```
  841.  
  842. https://pastebin.com/cnJReksL - @James_inthe_box
  843. - @pollo290987
  844. https://pastebin.com/84dJBL5U - @ps66uk
  845. https://pastebin.com/6h4Kua2 - @executemalware
  846.  
  847. https://github.com/saurabhsha/Emotet/tree/master/templates - @SaurabhSha15 Epoch 1 Spam Templates
  848. https://pastebin.com/8PYBZivQ - @SaurabhSha15 Epoch 1 Spam Templates
  849. https://pastebin.com/DTpGjtW2 - @SaurabhSha15 Epoch 1 Spam Templates
  850. https://pastebin.com/jSnsMFdF - @SaurabhSha15 Epoch 1 Spam Templates
  851. https://pastebin.com/TfmskNCp - @SaurabhSha15 Epoch 1 Spam Templates
  852.  
  853. ```
  854. #### Credits ####
  855. ```
  856. (OC and combination work)
  857. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie, @Bitterman59, @devnullnoop
  858. C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop
  859. Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic, @Bitterman59, @devnullnoop, @executemalware
  860. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop
  861.  
  862. Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
  863.  
  864. Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!
  865.  
  866. ```
  867. #### Daily Log ####
  868. ```
  869.  
  870. They keep changing the macro to try to stop automation as of late but @pollo290987 as well as others are deobfuscating it each time. https://twitter.com/pollo290987/status/1062712227348787200
  871.  
  872. @ps66uk noticed we were getting the UPS templates again, it is that time of year for packages after all.
  873.  
  874.  
  875. ```
  876. #### Sandbox 11/14/18 ####
  877. (all with fakenet and MITM unless spam/secondary infection)
  878. ```
  879.  
  880. ```
  881.  
  882. Epoch 1 C2 run at 10:48EST https://app.any.run/tasks/6562d8b6-f018-48a2-8e7a-d0367475a546
  883. Epoch 1 C2 run at 16:40EST https://app.any.run/tasks/36ac2ea1-b780-4c89-bfc6-2cfb034eadb2
  884. Epoch 2 C2 run at 14:00EST https://app.any.run/tasks/88337493-f070-43ed-902b-faa0b57f8b77
  885.  
  886.  
  887. ```
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!