API tools faq
paste
Advertisement
jroosen

Emotet Malware IoCs 11/26/18

jroosen
Nov 26th, 2018
2,281
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 44.76 KB | None | 0 0
raw download clone embed print report
  1. ## Emotet Malware Document links/IOCs for 11/26/18 as of 11/26/18 20:00 EST ##
  2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
  3.  
  4. #### Epoch 1 Document/Downloader links seen for 11/26/18 ####
  5. ```
  6.  
  7. http://2015.howtoweb.co/EN/Clients_CyberMonday_Coupons/
  8. http://2077707.ru/US/BF2018-COUPONS/
  9. http://9.mmedium.z8.ru/US/BF2018/
  10. http://alphasecurity.mobi/En/CM2018/
  11. http://ampersandindia.com/EN/Clients_Coupons/
  12. http://andishwaran.ir/EN/Clients_Coupons/
  13. http://andishwaran.ir/EN_US/BlackFriday2018/
  14. http://audlearn.com/EN_US/BF2018-COUPONS/
  15. http://auladebajavision.com/US/Black-Friday/
  16. http://az-serwer1817112.online.pro/En/Clients_Coupons/
  17. http://chalets4saisonsauquebec.ca/EN/Coupons/
  18. http://chang.be/En_us/Coupons/
  19. http://citizens.prettygoodwebhost.com/EN/Clients_CyberMonday_Coupons/
  20. http://clock.noixun.com/EN_US/BlackFriday2018/
  21. http://conceptsacademy.co.in/wp-content/uploads/gppune/2018/En/CyberMonday/
  22. http://congtyherbalife.com/wp-admin/images/EN/CyberMonday/
  23. http://cooprodusw.cluster005.ovh.net/EN/Coupons/
  24. http://corporate.landlautomotive.co.uk/En_us/Black-Friday/
  25. http://dannypodeus.de/En/CM2018/
  26. http://ddbuilding.com/En/CyberMonday/
  27. http://delaimmobilier.com/En/CM2018/
  28. http://djlilmic.com/En_us/BF2018-COUPONS/
  29. http://draalexania.com.br/EN/CyberMonday2018/
  30. http://drcarrico.com.br/US/BF2018-COUPONS/
  31. http://eap.vn/En/Clients_CyberMonday_Coupons/
  32. http://ebayaffiliatewoocommerce.templategaga.com/En/Coupons/
  33. http://ebayaffiliatewoocommerce.templategaga.com/EN_US/Black-Friday/
  34. http://edgesys.com/En/CyberMonday/
  35. http://ericleventhal.com/EN/CyberMonday2018/
  36. http://event.suzukimoto.my/EN_US/BF2018-COUPONS/
  37. http://e-video.billioncart.in/EN_US/Clients_BF_Coupons/
  38. http://faeztrading.com/wp-admin/images/EN/Clients_Coupons/
  39. http://format-ekb.ru/En/Clients_Coupons/
  40. http://fractaldreams.com/US/BF2018/
  41. http://fullstacks.cn/EN/Clients_Coupons/
  42. http://gueben.es/EN/CM2018/
  43. http://hdc.co.nz/EN/CyberMonday2018/
  44. http://hubgeorgia.com/EN/CyberMonday2018/
  45. http://hydrotc.ru/US/Clients_BlackFriday2018_Coupons/
  46. http://iconpartners.com/EN/Clients_CM_Coupons/
  47. http://iteorico.com/En/CM2018/
  48. http://kientrucviet24h.com/wp-admin/EN/Clients_CM_Coupons/
  49. http://kova.com.tw/En_us/Coupons/
  50. http://krazy-tech.com/wp-content/US/Coupons/
  51. http://lifestyle.peopleviewpoint.com/EN/Clients_CyberMonday_Coupons/
  52. http://loei.drr.go.th/wp-content/EN/Clients_CM_Coupons/
  53. http://maquettes.site/EN/Clients_CM_Coupons/
  54. http://mediniskarkasas.lt/En/Clients_CM_Coupons/
  55. http://miamijouvert.com/En/CyberMonday2018/
  56. http://microjobengine.info/EN/Coupons/
  57. http://munyonyowomenchidrensfoundation.org/EN/CM2018-COUPONS/
  58. http://myabisib.ru/En/CyberMonday2018/
  59. http://nagoya-travellers-hostel.com/EN/CM2018-COUPONS/
  60. http://namastepirineos.com/EN/Clients_Coupons/
  61. http://neilscatering.com/En/CyberMonday/
  62. http://nesstrike.com.ve/EN/CM2018-COUPONS/
  63. http://netsupmali.com/En/Clients_CM_Coupons/
  64. http://netsupmali.com/En_us/Coupons/
  65. http://nikbox.ru/EN_US/Clients_BF_Coupons/
  66. http://nowley-rus.ru/administrator/cache/En_us/Black-Friday/
  67. http://onetouchbusiness.cl/En/Clients_CM_Coupons/
  68. http://onetouchbusiness.cl/En_us/Black-Friday/
  69. http://pacosupply.com/En/Clients_CyberMonday_Coupons/
  70. http://paraisokids.com.mx/En/CM2018/
  71. http://parallel.university/wp-includes/En/Clients_CM_Coupons/
  72. http://pegas56.ru/EN_US/BlackFriday2018/
  73. http://perfectionautomotivebexley.flywheelsites.com/US/BlackFriday2018/
  74. http://playcam.ndmradiochile.cl/EN_US/Clients_BlackFriday2018_Coupons/
  75. http://popixar.zaan.eu/US/BF2018-COUPONS/
  76. http://ppghealthcare.com/En_us/BF_Coupons/
  77. http://prakritibandhu.org/EN/CyberMonday/
  78. http://proiect.edumagazin.ro/EN_US/BlackFriday2018/
  79. http://radio312.com/En/CyberMonday/
  80. http://raf-dv.ru/EN_US/Clients_BF_Coupons/
  81. http://refugeeair.org/EN_US/BF2018/
  82. http://ru-m90.ru/En/CM2018/
  83. http://sekretarispro.com/EN/CyberMonday2018/
  84. http://semasevin.com/EN/CM2018/
  85. http://shockandaweentertainment.com/EN/CyberMonday2018/
  86. http://simeon163.ru/En_us/Coupons/
  87. http://site1.cybertechpp.com/En/Coupons/
  88. http://sotaynhadat.com.vn/En/CyberMonday/
  89. http://spectrapolis.com/En/CyberMonday/
  90. http://stonestruestory.org/EN/Clients_CM_Coupons/
  91. http://studio-jezykowe.pl/En_us/Coupons/
  92. http://superpositionbooks.com/EN/Clients_Coupons/
  93. http://support.jbrueggemann.com/En/Clients_CM_Coupons/
  94. http://tabungansiswa.tk/wp-admin/css/En_us/BF_Coupons/
  95. http://test.besta-s.com/wordpress/EN_US/BF2018/
  96. http://testlanguage.360designscubix.com/En/Clients_CM_Coupons/
  97. http://thanhsarah.com/US/BlackFriday2018/
  98. http://thetruepro.com/En_us/BlackFriday2018/
  99. http://tracking.cmicgto.com.mx/tracking/click?d=jsav9ObTz7kIKy3GxX3DYeksv_Udcz-Cdj_I8x8mrA7THwKt0306zjglLq2GJ3gHOxq9h2q9f0zlCmnuHLpyISrCQJKmnFiBAGx5jPTzkQrMv5QmRQwAPVS6UULF6_n5xg2/
  100. http://travelcentreny.com/US/BlackFriday2018/
  101. http://tutora-z.com/En_us/Coupons/
  102. http://villacitronella.com/En/CyberMonday/
  103. http://westnilepress.org/En/Clients_CM_Coupons/
  104. http://www.bomberospuertovaras.cl/En/CyberMonday/
  105. http://www.btmdistribution.co.za/EN/CM2018/
  106. http://www.cincillandia.it/En/Coupons/
  107. http://www.conceptsacademy.co.in/wp-content/uploads/gppune/2018/En/CyberMonday/
  108. http://www.fullstacks.cn/EN/Clients_Coupons/
  109. http://www.hashaszade.com/EN/CyberMonday2018/
  110. http://www.ithubainternships.co.za/En/CyberMonday/
  111. http://www.jamesoutland.net/US/Coupons/
  112. http://www.jiuge168.com/wp-content/EN_US/BF_Coupons/
  113. http://www.livebeingfit.com/wp-content/cache/EN/CyberMonday/
  114. http://www.ludylegal.ru/EN/CyberMonday2018/
  115. http://www.nowley-rus.ru/administrator/cache/En_us/Black-Friday/
  116. http://www.peoplesfoundation.org.uk/EN/CM2018-COUPONS/
  117. http://www.prezident-prof.ru/EN_US/Black-Friday/
  118. http://www.project-831.co.uk/US/Black-Friday/
  119. http://www.rolosports.pt/En/Clients_Coupons/
  120. http://www.sorigaming.com/site/cache/EN/CM2018-COUPONS/
  121. http://www.spa-mikser.ru/En_us/Clients_BlackFriday2018_Coupons/
  122. http://www.thietkewebwp.com/wp-content/uploads/EN/Coupons/
  123. http://www.travelcentreny.com/US/BlackFriday2018/
  124. http://www.vaheracouncil.com/EN/Clients_Coupons/
  125. http://www.vociseguros.com.br/En/CyberMonday/
  126. http://www.weloveanimals.net/En/Clients_CM_Coupons/
  127. http://www.xn----8sbabrd9ajz.xn--p1ai/En/CyberMonday2018/
  128. http://xn--28-vlc2ak.xn--p1ai/En/CM2018-COUPONS/
  129. http://zenatravelindo.com/En/Clients_Coupons/
  130. https://productsup.zendesk.com/attachments/token/o0ZKw8DeL89qr1oAkP6ZzfOxg/
  131. https://u8137488.ct.sendgrid.net/wf/click?upn=DL2ALwobpQrCp8O0h3WWqmZWEpst4OtSUFe5hYw2PfqZ8tmvNqxaFxzX0DGVkaerHxS8Im4tNK0pbehdorOpkQ-3D-3D_HvOKSqJFA55zs9Q8-2B7p4-2FI66OmnFjbC5IEHQ-2FvdMzDuXuJsLeXXHl-2B12PSg-2BGyJbBQEa-2F0mIr401FxkLcw26V-2BxiFdcqpIXIrKNnWWNf5JFW0YLol8RCTTX1ZLS-2FaXOhsjaAaB3TMlYr1bE20bZgbgw4zUWFQQ5s2wmpCaeWrysOOQaalf93aNi186J9K2oWiYERB2xFNd5wg7YqTUkevdJZYXWk0n7SI2jLjr5UYko-3D/
  132. https://xa.yimg.com/kq/groups/8138622/1792571317/name/INVOICE_O6631_FILE.doc/
  133.  
  134. ```
  135. #### Epoch 2 Document/Downloader links seen for 11/26/18 ####
  136. ```
  137.  
  138. http://2d73.ru/wZfhpVBOos/SWIFT/IhreSparkasse/
  139. http://abby.opt7dev.com/files/Rechnungs-docs/Rechnungsanschrift/Rechnungszahlung-GYM-92-34893/
  140. http://abeautifulyouskincare.com/280QPV/WIRE/Smallbusiness/
  141. http://abiaudio.ie/8422YVHOTAL/biz/US/
  142. http://adap.davaocity.gov.ph/wp-content/194255IZ/biz/US/
  143. http://agenciadpromo.com.br/XaOyncLA/BIZ/Firmenkunden/
  144. http://agoralbe.com/ULbBajzzvxj/de_DE/Privatkunden/
  145. http://alliedglobetech.com/MeK7w72WWiD/SEP/Service-Center/
  146. http://amenajari-gradini-iazuri.ro/7668367HGSWCJ/ACH/US/
  147. http://anandcontractors.com.au/8718XBTS/SWIFT/Smallbusiness/
  148. http://aol.thewirawan.com/sites/Dokumente/FORM/Details-VKH-41-39728/
  149. http://arbenin.tk-studio.ru/815329IQQVJT/biz/Smallbusiness/
  150. http://arbey.com.tr/Nov2018/Rechnungs/RECHNUNG/in-Rechnung-gestellt-OFM-76-00968/
  151. http://arkapub.com/cziIKej6J9r5iSy/SWIFT/Privatkunden/
  152. http://aroopgroup.com/O0o1FAoY9UPY/de/Firmenkunden/
  153. http://auburnhomeinspectionohio.com/3734YEHMKLK/PAY/Business/
  154. http://automotive.bg/wp-content/43YRDI/oamo/Personal/
  155. http://azanias.com/0ZMGqy/SEP/Firmenkunden/
  156. http://behcosanat.com/wp-content/59012GWZPHT/WIRE/US/
  157. http://birbillingbarot.com/Nov2018/Rechnung/RECHNUNG/Details-HH-32-64539/
  158. http://blog.sefaireaider.com/882RSDHFOTP/identity/Personal/
  159. http://blog.sefaireaider.com/rEYWh2qQ/SWIFT/Firmenkunden/
  160. http://blueboxxinterior.com/75JT/identity/Commercial/
  161. http://boxofgiggles.com/files/Scan/Zahlung/Rechnung-ZD-23-38364/
  162. http://bridgeventuresllc.com/2917951CTTNREP/BIZ/Personal/
  163. http://business.hcmiu.edu.vn/Nov2018/Scan/Zahlungserinnerung/Zahlung-bequem-per-Rechnung-GTQ-14-33658/
  164. http://cantorhotels.com/SgSXRZZXlOjvllJ673HZ/DE/200-Jahre/
  165. http://casaboiao.com.br/uss1Gw7G8VfPB3kv/biz/Firmenkunden/
  166. http://cbrbrokerage.com/UarfMuz/biz/Service-Center/
  167. http://cismichigan.com/1518MBCNZI/oamo/Commercial/
  168. http://clarkkluver.com/mtH88LVV/DE/Privatkunden/
  169. http://crest.savestoo.com/8V/WIRE/Business/
  170. http://djwesz.nl/wp-admin/2560389FLWVMM/SEP/US/
  171. http://dorians-geo.ru/files/Rechnungskorrektur/DOC-Dokument/Rechnungs-Details-NV-57-58407/
  172. http://eskrimadecampo.ru/Gnz5X9IojDj/SEPA/PrivateBanking/
  173. http://expertessaywriting.co.uk/default/GER/DOC/Rechnung-MWQ-61-64013/
  174. http://f96098rt.beget.tech/41LEXY/PAYMENT/Personal/
  175. http://fikes.almaata.ac.id/files/Rechnungs/DETAILS/Rechnungskorrektur-IVK-24-00994/
  176. http://firstclassflooring.ca/8253TM/com/Business/
  177. http://ftk-toys.ru/2946FUICYO/WIRE/US/
  178. http://gama-consulting.pl/72999GF/PAYMENT/Business/
  179. http://garrystutz.top/BfCJT1SBSZE0lYw/SEPA/200-Jahre/
  180. http://gatewaynews.co.za/Nov2018/DE/RECH/Rechnung-LQ-34-96125/
  181. http://hellodocumentary.com/hellosouthamerica.com/3HTMCKX/biz/Business/
  182. http://herbliebermancommunityleadershipaward.org/9OQ/oamo/Business/
  183. http://himachaldream.com/files/Rechnungskorrektur/FORM/Fakturierung-SD-32-93193/
  184. http://hugosson.org/doc/Rechnungs-Details/Rechnungsanschrift/Rech-BIK-59-38429/
  185. http://iforgiveyouanitabryant.com/tQuuM98QsFV5tABzA/biz/Privatkunden/
  186. http://imetrade.com/Icd8V3p9fLvw3g9vrLuI/SWIFT/IhreSparkasse/
  187. http://ismandanismanlik.com/administrator/75UFGCV/BIZ/Commercial/
  188. http://istanbulstayandservices.com/0d7Plh5KZd4h0X/SEPA/Firmenkunden/
  189. http://ivanaamaral.com.br/853121FNSY/ACH/Commercial/
  190. http://j9050082.bget.ru/qAiUjuPnU1ov4B4Fco2w/de/Firmenkunden/
  191. http://jwpeng.xin/4BFL/com/US/
  192. http://kijijibeach.com/25BGGGNUN/SEP/US/
  193. http://kvadrat-s.ru/4TFAWR/BIZ/Personal/
  194. http://laparomag.ru/IITxXN7USJq99M4rxAuE/DE/Firmenkunden/
  195. http://leonart.lviv.ua/mV9hTeBpkJGxn97Jz/SEPA/Firmenkunden/
  196. http://litsey4.ru/8uJ80e/SEP/Service-Center/
  197. http://magic-networking.ru/6979920JSNC/SEP/US/
  198. http://makki-h.com/nS359Aax2SA4BFF278/SEP/PrivateBanking/
  199. http://malupieng.com.br/73321ALNWYY/PAYROLL/Business/
  200. http://marijuanareferral.com/files/Rechnungs/Fakturierung/Hilfestellung-zu-Ihrer-Rechnung-JP-39-35410/
  201. http://marinecommunityclubltd.com/6wlalHu/SWIFT/PrivateBanking/
  202. http://micronems.com/cHNalGL3/SWIFT/Privatkunden/
  203. http://montegrappa.com.pa/201I/SWIFT/Commercial/
  204. http://mrlockoutlocksmithllc.com/files/Rechnungs-Details/FORM/Rechnungsanschrift-korrigiert-HHL-30-77395/
  205. http://multilinkspk.com/59FUOQY/biz/Business/
  206. http://music-lingua.ru/VnKP53bitx/DE/IhreSparkasse/
  207. http://musthomes.com/5746ITHIPIM/com/Personal/
  208. http://naimalsadi.com/7uOR1R1s7kMi7Bf/SEP/Firmenkunden/
  209. http://naimalsadi.com/OOfWrXgcvsDGyfQ/DE/IhreSparkasse/
  210. http://natural-dog-instinct.com/0qlVT1Rx47SZjPyQu/SEP/PrivateBanking/
  211. http://nfbio.com/img/upload_Image/edm/pic_2/2DOQRI/SEP/US/
  212. http://nhakinh.net/11WME/oamo/Personal/
  213. http://northeastpiperestoration.com/Nov2018/DE/DOC/in-Rechnung-gestellt-WTC-95-98130/
  214. http://nowley-rus.ru/administrator/cache/13943BSUXTCBF/com/US/
  215. http://obd.cvts.ng/CzzWvx/SWIFT/Service-Center/
  216. http://ogneuporzti.ru/759NA/PAY/Personal/
  217. http://opendatacities.com/4065FPAWY/ACH/US/
  218. http://paulomoreira.pt/907GP/PAY/US/
  219. http://pkptstkipnu.com/cpT8pC7U038Y4o/SWIFT/Service-Center/
  220. http://portcdm.com/814610LEYAN/SWIFT/Smallbusiness/
  221. http://precisionmechanical.org/TxvUgBC3LySY3t3wn/de/200-Jahre/
  222. http://proffice.com.pl/04UMSKW/PAYROLL/Smallbusiness/
  223. http://progettopersianas.com.br/4891173RASHZ/SWIFT/US/
  224. http://progettopersianas.com.br/7UTLgfQjQNdJKRj/biz/Service-Center/
  225. http://qwaneen.org/FEappmAh2ZZ01aI6fTs/SEP/Service-Center/
  226. http://rashakassir.com/87348EQMQ/identity/US/
  227. http://resonance.coop/Eh6z11IngXsV/de/Firmenkunden/
  228. http://rudoy.com.ua/OYDRyovMKanRyjIM2q/de_DE/Service-Center/
  229. http://salvibroker.it/files/gescanntes-Dokument/Zahlung/Rechnung-QY-84-75815/
  230. http://sandbox.leadseven.com/default/Rechnungs/Rechnungszahlung/Zahlungserinnerung-vom-November-EL-72-66767/
  231. http://semra.com/9342OP/BIZ/US/
  232. http://sharjahas.com/administrator/15RYDT/PAY/Commercial/
  233. http://shinomontazh-domodedovskaya.ru/8QNXEV/PAY/US/
  234. http://shreeconstructions.co.in/737ZDAS/SEP/Smallbusiness/
  235. http://shrinkfilm.com/X40hrC/de_DE/200-Jahre/
  236. http://sindia.co.in/63c7Pol/SEP/PrivateBanking/
  237. http://societe-ui.com/67HNDXENE/com/Smallbusiness/
  238. http://sorigaming.com/site/cache/3rpGrdy/SEPA/200-Jahre/
  239. http://spnartkala.ru/562RJDAZSRZ/BIZ/Business/
  240. http://srdm.in/5340479YWPIRWOY/oamo/Personal/
  241. http://standart-uk.ru/0670606K/com/Smallbusiness/
  242. http://stefanobaldini.net/NZ992MaaG2M8B3/de/Service-Center/
  243. http://student.spsbv.cz/giricova.el15b/wordpress/4766ABTDB/PAYMENT/Personal/
  244. http://studio2080.org/xTTXapGXGqX31WqCm/SEP/Service-Center/
  245. http://the-anchor-group.com/default/Rechnung/DOC-Dokument/RechnungScan-MXH-29-05546/
  246. http://thonburielectric.com/230675IXLPBY/biz/Personal/
  247. http://totalcommunicationinc.com/wp-content/uploads/2016/A5yFOuW/biz/PrivateBanking/
  248. http://trattoriatoscana.com.br/nztTCphn9xjX4MGLVh/DE/Firmenkunden/
  249. http://tyronestorm.com/default/GER/Rechnungszahlung/Erinnerung-an-die-Rechnungszahlung-LIL-27-42572/
  250. http://uls.com.ua/Nov2018/Dokumente/Hilfestellung/Rechnung-vom-26/11/2018-VT-63-65005/
  251. http://unionartgallery.ru/5338341RR/oamo/US/
  252. http://uxconfbb.labbs.com.br/doc/de/Rechnungszahlung/Rechnung-BOT-64-44242/
  253. http://vegasports.in/V2hplLVC9IwUpc/DE/Firmenkunden/
  254. http://verairazum.ru/RCOOvg/de/200-Jahre/
  255. http://vinaaxis.vn/doc/Scan/Zahlungserinnerung/Rech-MCD-22-88515/
  256. http://visiontecph.com/WASXWQk/SEPA/Service-Center/
  257. http://vistoegarantito.it/089QVU/SWIFT/Smallbusiness/
  258. http://www.acusticod3.com.br/7OIERKFW/ACH/Commercial/
  259. http://www.aigavicenza.it/8716923NSSJAZWK/WIRE/Commercial/
  260. http://www.anvd.ne/wp-content/50NQAGCV/PAY/Personal/
  261. http://www.beluy-veter.ru/files/Scan/DOC-Dokument/Erinnerung-an-die-Rechnungszahlung-OFP-59-26498/
  262. http://www.bodymeals.ru/default/DE_de/RECHNUNG/Rech-CBZ-86-81471/
  263. http://www.brgsabz.com/doc/Rechnung/DETAILS/Erinnerung-an-die-Rechnungszahlung-GH-85-47560/
  264. http://www.dreamsfurnishers.com/ezJiLVAVxMGt84T/SEP/Service-Center/
  265. http://www.ematne.com.br/sites/Rech/DETAILS/Rechnung-scan-OB-54-50541/
  266. http://www.ftulegco.org.hk/tUsBhcWNYgzkG1O/de_DE/Firmenkunden/
  267. http://www.iraflatow.com/files/DE/DETAILS/Fakturierung-PW-21-56018/
  268. http://www.klikcargo.com/8705GT/PAYMENT/Business/
  269. http://www.leylison.ru/MyJwhTHQcJ0gcGgcEQhN/SEPA/200-Jahre/
  270. http://www.naimalsadi.com/OOfWrXgcvsDGyfQ/DE/IhreSparkasse/
  271. http://www.potens.ru/Cz8bWvoRWt/SWIFT/PrivateBanking/
  272. http://www.progettopersianas.com.br/7UTLgfQjQNdJKRj/biz/Service-Center/
  273. http://www.roadmap-itconsulting.com/398HEKCJK/PAYMENT/Business/
  274. http://www.rushdirect.net/0800FFF/biz/US/
  275. http://www.societe-ui.com/67HNDXENE/com/Smallbusiness/
  276. http://www.soton-avocat.com/13873ATTG/biz/Business/
  277. http://www.soverial.fr/SZOVILU/de/Firmenkunden/
  278. http://www.standart-uk.ru/0670606K/com/Smallbusiness/
  279. http://www.tntnation.com/8bFErgf/SWIFT/PrivateBanking/
  280. http://www.vakaz.ru/07PNHRB/oamo/Personal/
  281. http://www.w-p-test.ru/3TJPP/BIZ/Personal/
  282. http://www.xn--174-mdd9c4b.xn--p1ai/MRCWbXl1T0/de_DE/Service-Center/
  283. http://www.xn-----3lcf5b.xn--p1ai/840SN/com/Personal/
  284. http://www.xn----7sbaf1c6al9bxd.xn--p1ai/StzLkuD/DE/Firmenkunden/
  285. http://www.xn--90adqa2asi.xn--p1ai/fuCIKJG/de_DE/PrivateBanking/
  286. http://xn--32-6kct4bgplfz.xn--p1ai/8wz9Ia1ucx4lFXLYZ15/de/IhreSparkasse/
  287. http://xn--80akackgdchp7bcf0au.xn--p1ai/1JjUme7T9ZRSblTjbI8/SEP/200-Jahre/
  288. http://xn--j1acicidh1e0b.xn--p1ai/94INPGWGIB/SWIFT/Smallbusiness/
  289.  
  290. ```
  291. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
  292. ```
  293.  
  294. Creation Time 2018-11-26 19:28:00
  295. SHA256:
  296. 8e4010b829160deae7b2d1e92f19bf88ae1922f422de6a5c2fbf014e1b8f74b6
  297. 7a31fd6b9a2630c3397216fc20a74c21688bd159675b2648f782983bff8a22f9
  298. 0e72fa81d6bb20c557bb8c66d766a61d8c2ed10ba9a203223d00525321c51b78
  299. 547326fac93c3f94418b6b96a124ef35dfd58a3314ef7fc7a84047970ab2f30e
  300. 8bb8553a4d00fb609cc30bc1a8240d714e391fe1229e4cbb1e3887fbc1a099d8
  301. 13d326b36b1abde4400ccf7512333625139a4908ad180399290b18f928a62540
  302. 840cf46c664e06aa2fed80739269b8c0218a462ab981d71288c747670e5220ce
  303. db8c7b734216e3e20447a477896629487edd88c0ff2382d3d3abd264848ad5ff
  304. 2033b001b6dde1d53086c3f1f439625a0e6a8294434fd79bc1e570c5272c1bf0
  305. 9cbb8f9f069f5929944cf747e9f818659b4595230cb163c8968ca8cf17f8923c
  306. 96de6141a9c82a882360e47d5c6ef6b807d26fc45113229afea63cbd034e904d
  307. 99dff1bb04e77cc8480333fe43c64778817146043d3689245d53804a2a330c77
  308. c4a5b49953db7ea6ecea40fd8b9b274132c9a84837c27220d0305325bbf60236
  309. 676da3b2c5c1793c247c03d9af8fef41fb3e3f9a4fd6b3c434ff67a6b13f1a64
  310. 24ac352167bf496d5150bda1f38c24dca57caeb06840def6520a116518065c6f
  311. 15c30651671f5592ac0a3cef8556530094c9c7216d84aa72a12d915253936e6d
  312. b35e53479e43c1ff6059ea201a35bca80a327cce160c7d56da5ab8f48af6ccab
  313. cf0b19c0ff39058b6e8328ec5495258228feb654e5862636ad088699c7c16dfe
  314. 677cb9576c6e6e5b286ae5727a7afdd7518a79530eb44c9f757a1771545e7f3b
  315. 9ba785aed200e5be8ddc01cd7490cf77836dd3404e4804a510224f21e3345cbc
  316. 4fce0193f8c7fc25d57ea960a5471a3f35dbca44507b8f8d93020fb14ff94df9
  317. c2a4b9ab0fad962a150c940c03cc7ead290afb866cfcb25b86d011e52a3ef7ab
  318. 6c114f1e1a6dfe20b000396d704bfc01d56b22817274eefca4fdafce149c0ccc
  319. c0c7ce70fcacde9aaea7daa9cef72361c3c648c766ae65da3b4a480e26d4b339
  320.  
  321. http://borje.com/wordpress/LqrWxW6S
  322. http://www.meer.com.pk/BNcHza7
  323. http://forestbooks.cn/YanSDST0x
  324. http://www.topcleanservice.ch/32H29R14
  325. http://www.uwrouwdrukwerk.frl/kt9jsOBdj
  326.  
  327. Creation Time 2018-11-26 16:13:00
  328. SHA256:
  329. aac219dff293ccaf9f8ec70575185c6579f723691cfc901c17f5095af439483f
  330. 6bfcac31e57bf405cb50f4c77afecea907969a94cc1d447d63cea7aa235a6794
  331. dd1bbc03591ba65ac54078b3ab980b9f09a92bf23c430a7cc6b135bfd01c404d
  332. d15446cfca49b85e422df3579ccdd79dfd324cf02829ff2254e382d10e7e0b93
  333. 65fcceb4ff18ecbdd8f13e977c856145d14c366be0629302e74658440437adfd
  334. dd914598c1fdbf672c56c58eea29389d3c79959f0c331eb53cb11a5367ef0fcc
  335. c7de15dd40266e26c91e1291d398628be4c70837f8205b2c3ff5af069530745b
  336. 8738062826ac25353282824cce86c545d8bb0337ef1bcff72d3073113eed845b
  337. 61270d45f26f526979f912ca51ec5fdc09f68e7d50a413ace244be2ceda54c64
  338. f125fb44854c91c58c39299856cdce2eca14442513886e4498711e5a708d759b
  339. a3ef49c289529ac58f0b2816c9b3a4d0bd270368777fce370f89d777816c8c02
  340. 04bc7df5599cf70471610c8095a9e24f17184eceaea1e7f72c94d485ccc738b7
  341. 988cda353803ff5b20a024b0d23d31a9c63a45bd93e043db8d78762398d5635c
  342. 2661daa7013dc619b3601bbf6cc169b2946718d04ca13d20ec54f78b485e7198
  343. c2e4011db89088719d1aa832e56c5b4cae76154ae112a1bc044e29b630f57d0e
  344. aab1e86f0563c1da2e40f39f3cb1dcff0c8a608aa251b8750a871282d5c00774
  345. 923f2426912f7da11dca948e3f8aac9c6f5b220acde9bd85a714eb7b4a6959a8
  346.  
  347. http://gosonoma.org/fK6ez6uhzH
  348. http://qualigifts.com/mLoLVcw
  349. http://destinysbeautydestination.com/efeRuyrd
  350. http://infoinnovative.com/85UGLLH4pp
  351. http://livedrumtracks.com/rYucipclqQ
  352.  
  353.  
  354. Creation Time 2018-11-26 12:33:00
  355. SHA256:
  356. 8d87e0f7fe47e3ef413ce8a992496325dae526cd59d50eeb061d36e520b0fc2b
  357. a1f83e2e809cb6ea82a9a0b6f6f054a126c0a5882c5994e9184527780dd1fc42
  358. 19c79146a8c9c539195c15544d8eaa46a785c7d44acb13d2f39b81ddd8fe6b55
  359. f78e120cd2e4b96855eb0256b799f763bc91ac8ab901291ebbe8501966d2c73c
  360. 1cb00817e01b9b69a462e8ea3a689919c22e179f205bd15f1cd5255d82643282
  361. ec2e56a4a6d545e338cc557a42a61d13f05f0e7d84b18771ca7ad6c9e810b308
  362. a4fee58c2a0f198207b7388c899e73d03965c5d74f8e5e166a87767e8654ca34
  363. cab4fdcf4651cd47428fed68566b121de0d4d7d184c756ef8116b740f674d1c0
  364. 4982f5001466f90453d859423ba22618b6f25f140e81f490a61ea850c2141621
  365. 77818cfdc7529ebeb8050e7849299bd086d9400b452d94b45dc7b9a5a85cb118
  366. 00ee369d335fa36cbd92a982874b641b9c114b649bcde5dafe82d1545dbcd8dc
  367. c7c752905ac519eccba27f1b9408bf43f5e666d710376bf325a021e2d2a8aa5b
  368. 8fdf5dc81cc1ed1474a12f0cc7b53c1544d243d2b07f57e5fe7fdeb408b1e5a4
  369. 80caee2f945ff355a4a784398b504e70e32470bc21d19587c3f911777fd0827d
  370. d4b0d870809e6d685f0941e441e45f3bf3a58c0ab5b8b95e5a51618072b0b116
  371. 609aa5c8a3ecabfcb40fe7d67e958537db56c759294e3795d8115243c3cb3c99
  372.  
  373. http://greatvacationgiveaways.com/i0Qwfwrn
  374. http://ulukantasarim.com/MuRtWv3lI
  375. http://cwbsa.org/POdR1eiw
  376. http://www.bellaechicc.com/HbuY5jle
  377. http://pibuilding.com/2pjNZddK
  378.  
  379. Creation Time 2018-11-26 05:54:00
  380. SHA256:
  381. ec4d1a09ab75b93635e62809aed08d05ac1b22c8a7be1f7d968d68cdcfa0c842
  382. 06df478a651bff74b98b7e8527be6ca7be291b5698afaccaf8a699476abe43eb
  383. e2b63112230821e33ef37639ef2d0ba46faae328903d492a1e3ecda8aa5831bd
  384. 1a4added5265969d2164864f876e89079076b2438411762993b2d844386a4007
  385. e546fabeae3ad5d4a792fc1b53463f7bf7b739da2bf0129f4408b664c5789d94
  386. da3e53f1e47f382d8b3ea9319265a5e33a9be31ede47beb659b7f65417f7cb6b
  387. 2890cf53eafd23754f40a5e1c1a0da866749b97f6e6dff5f75910d4bd29e97ff
  388. 06d7eab89bc5b6b6d1b17599ab6ef94d20f3c17e5415ba23113b42daa710d348
  389. f26b6e4179c9ac3afdff32a991a839018bdf3334979e879b86a269cff5724b11
  390. b9c6d4664829393945b13cfdedcd9f7b21bc9e81ec8bb69454d6c26ba93ba8f4
  391. 2be29e5e94cb3f84b0b0bbaa9c5718a32789eaf0a1b4b018433cbaa81e8dc301
  392. 97c692c26ed8c0b79b4748a8e27c3451a6ff97f141798fd004ecc02629424ba4
  393. 65306cbcf7c33d28a3c0efde4cb6dd377ef892afa88290ce9571e75156eecb75
  394. d2603ef025573af909987a909ba5441140608f42e086657377f20766c84985c7
  395. 1938069b91508d3181b1c6f3c7431435fc719641eeaeae461553bb2e443ebd97
  396. a6b10314e483855c1bc895a024dd87376e1c6a97fe4dacaa04265797f36e2173
  397. 4c10ebf2339186ba1432a006b9062f41992017fb2578820fd08d29c5bdc9f8a6
  398. 053e840dcd2bebb2e39bc6599ad9ef93eae9d244d9f8cceab0ab989eedbeb76c
  399. d8759f75193b8c5ceed77b3e2353420c6a59f243d87b7114d968d80da699b0cb
  400. 3af8e0deb76b3ee53831ce544b6bf3c196d2037f2d81c50d7cbfafaae905b04c
  401. 8de07a31ba357cdbfe048e31b52232092b6eeb45ac7ac9f4f79419caecde1b58
  402. 27692745c3c34e9e0a7c6e3680b87ca4f0089037bb5fe723a3fc77aab86a5706
  403. 52d869345e411babe151ba15b8e8d92e7132ac54781a27eb1369cce2db7aa081
  404. 4e031441b84b740166322a5afdca2aebca919b3de64540cd3dc48832324309f1
  405. b477525964c686d4ccf5e6f20c9a227a585c0cb711f0a08f7da9225a984e02ce
  406. 7accaa32d00e265742f6fcd44ba04df5d78f4398329dff56ab0ca832d20d0dcd
  407. 257aee13fe6a11e1c6db19b8f145d77b7ea090489675b8bf26cb52ae62a0aa8a
  408. 6e61f00dbe7551932b9be10f2e6d5a54ea5a57057fc7bbec5797508b7ec24c7c
  409. bf16646b37942beeb42987f867f550d5d03c91a0d22ac55d03c537b3900ccb60
  410. f09a163e75f2ddc7319193faab1e2db4c96099d8877c33cd8631ea1ccbf89f4d
  411. c478d182eb17cf3bfcec5ea1cbce0edc09ce0feb9b9d0ce054e9102177b86ada
  412.  
  413. http://www.lionwon.com/8vkOTIP
  414. http://eissaalfahim.com/V8zjSXkk
  415. http://volathailand.com/Yh1xviOUJA
  416. http://new.invisiblecreations.nl/bjOS0VQQyU
  417. http://blogbbw.net/NXA03DC4
  418.  
  419. Creation Time 2018-11-23 20:00:00
  420. SHA256:
  421. 0483c57f6a5a0624cde770582ef22969afbb5b21dc0b008dd66a8bd4919b0bff
  422. 7ad5714142bc64be25a6c3f6d6a88634f4a6769e6168751627f564a1c9cf76af
  423. ba03581bc8312aa8987a133b3f004eec6809bb77c5b38b5becf9cc233ffec52e
  424. a358cc203db3816cbbbe223c29dc364b21514a096b3766f04f41441ff67a7a3c
  425. b8a2e8c519e6532b24158214ef408fd510fdf801cdaba17ddcaa2b66897a9dbb
  426. 83d7cabfb048784a4147439b8e980ff7b294e9642c6ad82394686d928936d5a8
  427. 7345ae907dd5909c6f6b63c144f70b1b0957cecb58d5ed3b4313e83d35c36217
  428. 589e67f30c5ce4889138dbac1c7a0d7f76c38a089e237ec5143e77fb8e8ea566
  429. 4d09fd4e26855136e9d8528e442812cfeccc330b44b8c8e001d83597129c91a0
  430. 430d1b44ef9ad4a316968f47e0201c0f3ea15031db4d816e0d787454b046256c
  431. 0dacd0d95f1d361c2201d6f76eb5650f361baed728d172a7fe5feac4966f36fc
  432. 78788060b2c177bad920046fd5930be8fba83320580d6eed4c187dafdf3c042f
  433. 15d926525f66ed024f0b66dda3b89b124bdd344217881d9287509eeaa9cf7135
  434. e20cbebac9a1d999c7b01d869e31e78af88ddc49f9010c2d633370857be896a6
  435. fe3ea79de973e8ddc99381e8bf0e284113d9be19b6f9a95bfe75461db4546594
  436. 9b385f3bba659431924f548464af1031af70ce151be0a0f8970f2ab2a1e406c4
  437. 710f49bdbe8930615dfdc04c43674e020c80da58ac8d6087fba8738c5608bfd4
  438. 514f4cdfe6196ead7a37a3e4d1ff3da141827974c8f0916ba61f5539ddd23ffd
  439. 012e41e968a5056df77408968409696a93e5e7e6c639bc2d77f3f1b053b35e4d
  440. 4e6dcb78fdcefc56afd1c60206fc4b125a73e93f64d50ce55b6cfaadfd5cbb4c
  441. 3bf5ff1eb3fbe576b2af8f2c541125e0446ed48fc0b6ad1b237232510edd248a
  442. f12433121d03d51b2e95b513918c2202224b9d7aab8d456347674fd72a003ce9
  443. 64391439842a486050766f7337a51eac9577f29cf82c2fe1ad0631eafbe59e09
  444. 7fcc26e466a301cbbbba8b9545e3c39b314bad40dba7ab1d9cead36ddbdb8c2a
  445. 7fdac6106d67fa5df8ed3cefb3ca7ce48b93edb18cf0b4feb1ff4716559347bd
  446. 0dabd756a91022d6bcd223b46604819d620482031fa44773b370ebae9fba68f4
  447. 0547a6fd4c2b5c362f9798bd6a7f1f88be715c64551cd1128b4bcf51082e9154
  448. 54ad4e4ed9ea35ef7c7ee4c945ad062751ea6001e6905bd80eec779c1201d575
  449. 6dd9d1ae591aa1c238d27b7d29b4d16775e02350637efc7659a7de6b062aa9d7
  450. a8d45826be7f2f359a30c92ee38f685f72ffd29fcc4a77174ef61995e896f5dd
  451. 67fa251fc8ff5b5dbac02994fc529aeef08bd434ca3f49511a25b478979837f5
  452. 5265fd613d71842661e9d996b547e456d8c8a73402ae4584bd1ab3574fe7340b
  453. 368d2c8f895bea456b65caaca470cffe3cdb28355993462970421b0ea47b3e41
  454. 0b09d68b95788ea1440bc7591130f7dc4fce58457ed592e165673dd718a97af6
  455. 84333554d4454a30f387273aafdc13344ca7cb2e2617af82c99373b2990391f0
  456. 80a6887dc91bf7a8953f54efb0cf953c008f59ec127e34e6889dd2c9f48cbb5f
  457. 68a050ca8d0acefe8fc7c6604c2c79a0c002e72e8abb064c32077f08a09f7fa2
  458. 63ae2293c9679400a7c0113e7516fea1538b5994118699d0b1ae041cecf36a9c
  459.  
  460. http://lifewithdogmovie.com/0K3jRwA
  461. http://mimhoff.com/FvfyvHFBzf
  462. http://tourdezsokolat.hu/zuyhGc7sq8
  463. http://salon-gabriela.pl/HeF32DnjQl
  464. http://uutiset.helppokoti.fi/86YAZjQ
  465.  
  466. ```
  467. #### SHA256s for Epoch 1 Payload EXEs seen on 11/26/18 ####
  468. ```
  469.  
  470. 9ead6c65681fc08d36019dc3f0564b0125695bfae66457381c708e1485ad53d4
  471. 72beaafa00b3dbd308396c5f1aa8180ff71fc5222e10c8d45d6fbc3564c2ee1f
  472. a43832bbdebecb9755f8708981800275a5a94e34f1590fe09de619616dbcc1b8
  473. 7fbf1357537e6c069d83f8f91def4ef6852ab97590c5d55c91a0610fc0a71d81
  474. 210e5bdace62cbb2ffc47cde38bdf17ea0709557616772b05a5d13c646487314
  475. 0ef8dade7a1832cab1864a27854e94be8c05ca5a78b5941ea25fb1b133fd622b
  476. 6342bd2c13c94febc45c04260736668035d4cd31621ed0e42aa8fe2e36d069ee
  477. 5f1032665271c1fdf50e36a10afca8f2413e297b73d5114a2ed3d0022008c649
  478. b20da47916d7489240b8ab61335cf8d5e9855fe12caa7a8835cbb11622227027
  479. 8e325f558625424d3126acd4278e401286f0725eecc9c506848f7839d8ff672e
  480. c84ae08d46639c7960df63677d52d67de609806cf9486386c6e1db48e76c0e16
  481. 5034d0ef9059527d524f3c46e27975c9d1ae42169cf597684f62a22c9f6d9f71
  482. 368b23aa3642b028377d13f2b679fdd7e22e0e00aa4b28b0643aa96f49c25b9f
  483. ffff450d574e5e5706fb82a65cf515a9fa01346b3a72b2e259a7be091c727fd6
  484. e1c1ae192cadef4edf6ac8f6ba1bb363c603da9b9f0fb6231dcabf3d66ef916e
  485. 457d8a700f5161c523c62d846d0bd809c1a995bd417e5671513cd80d985fd4f2
  486. cc7cfb784098ea01ebbd04c70e5f5a247a951398a8c7489156c2ca459429cb6b
  487. 4616c750b2b97b8bc521bf6933412b54e3f22623fd7bac108e765ebc4071eeb1
  488. 7d949562846fa633341e53b24dcdc41f7df3dc06bf200ddeed3dfa2d637f9a87
  489. 9a84d00359f98e356638cb9ca5a0ae4aaf85633da9409cb6e1b87e3b77e12847
  490. f78ac23ce0d260d7b7e8c4be970c0177acb1db2a0b8c663fdb6b3349308f30db
  491. f5f8c8434245a9d34f26eda3b69d59b6c2296d2b5439c10e6993d3528ae38f86
  492. e80a184c5d86f5843e69e66717a5a42f0eedc9b78a543e46cd699a46cfff40b4
  493. cf7fbb74f6d753ea97d8929e8a4857ec3118d6c464f5a4d94b7ef720af26179f
  494. 6b111be3c180de78849b4f1c2d39ee0045695e22d339b50879a769351b1e6b31
  495. 22f8af3dd74f6f680cfe50f0cc3c9d0658385ad2ea86d8116bbaf98c3da6fb4f
  496. f0cf99e92327dfd2c7d2d5577e090bad6018fca007228c57c7223c5665c90434
  497. 0103c3e30104bbc41c6f9a8dedc5cc99712f71da3e141765bbf781b5761d1ca7
  498. 8682e9ea22d9ed5d449d748f1b52ea9a6dcb72ea994ddab768c5135ae41eda2d
  499. c49e9affc6d1e26d6a7ac544a6e714cd9331457f77048ec05e8564af58c59d57
  500. 63184d45dd2090337664f52e206bb2be247f8c859bfb3535b101ce8d4a35c14e
  501. 3a8100546c24dff27c566506015565142d51ef25d39cde49d368a4a5a6a79278
  502. e4e72af200b1560f5f0513bebaf6d682d2cb0be6c738bc208c6aa09920405a8d
  503. 55240518287e60fd23376df2467a03f240149b227ac63777c47d172704fe7b2b
  504. 42cc1c4a32529e0641f065eee34d183459a2d8554f8f4cc1949a6fc151e610cd
  505. 7b7d55fcbf08e1f1a7e6b2bbea37d3a486898c5387b72d14799757528a0be47d
  506. 91a0f78f68430164e2890c4d244f9fd04ecd278e44fbfe01e75fd319a65c4251
  507. df564c28cb299ad84eed062654ca8d6e6fd32407a361d05c2a77dbe649248cb9
  508.  
  509. ```
  510. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
  511. ```
  512.  
  513. Creation Time 2018-11-26 19:43:00
  514. SHA256:
  515. 214f897a9272b18ddb925bac627d6b217d140fb0b031da16acd26c727494de4e
  516. 8bcba8b8e5af18a2aa6d6fa436d52128fcc2125eba0ee77d46cc567bfb206946
  517. b8b52733a51505fddc891f2d6381377ce2496791863a7b060ad3b8f00a2d858e
  518. f251b52cf19bdac1fdb9b5b8bdd7854104be02ea4e9c045dddf189bfc8208a06
  519. 7f2cf9738f7f4c22d7696af6b86f128ff89275ca948d1abde22c6ab9bf084752
  520. b33fe412dd45369f564a7c5535088cfe99fc37013f4f46eb857d61e2d9300c1e
  521. 7207030b6936e652ceb139f68bddc5ad76ae3cab73c91913f57ef51c7f19c541
  522. 8069b06d8dfad3fa6842f1d78c66831d2a1c37a2504b053c0ce0e89e834741bd
  523. 580e0d170a4579cdad91890053268a1a8c30ab1a9cad4bdcf3fb76a18a1d2b86
  524. 5a536798d68e92e2d9ce610583754d3c226f3a4ec0f1b15393080c987f889962
  525. 4759d93c1b7823881c1763a5ebdea8109e4945ab39f97576dcaed17196b079e4
  526. 8d44a4c2e926b790771f3979d0069848db3011ada4c89137b1fba5679c2f1fb4
  527. 4bddbceaa3ad55d3a7b3a990c4ddcfa4023f00c9dc657e350656dd3c9f9febbb
  528. 78e8789edd9aaf1b1ffa3e00f40849aca6f4da74ddc9fb919fe047f2415c3da2
  529. 362033f8360566b9b8ef93657abf4ec71d5123ed60103b34f59c8392ba4aad30
  530. 86ad49f1bdb744ab70c1819be939becf35f7334f6e7292f4894f33a9f5060489
  531. 9c9480fe5ac5c96ac2df4f7618340da5db14f9bceb487887d041ccd9360a57bc
  532. 59df4f10740804a089011e76c9d5d4badd0630a59163f946d3c2f1102ff7288c
  533. 82bc0ccf1568336d04705477395f6b19f4bf63b0c4cd74519eca2f1fab684faf
  534. 95aa54ae28d03dfd5aa471cbe5c71ef493a8c30cd7dbd287b595bafaf316417c
  535. 583cf14ba4ee3538e698812390fe567a4937542565326a1eceae1b272e36b062
  536. 3ee95d264ce1a145420f4f8f8e2f9a740dcc87a9dae802ed3ebda21c7aad218b
  537. 4d0fe2de4ece4a02c97727f1140547666d74a2ba9e374a0a59596d0eb1c3adf6
  538. 8edda94eb613f08998dd7bd88a1a5347355467c56c330b2fbd5d2cb650c58224
  539. b6bb3c6d9f7611dda1a0a73af205965c867bf97ab9806760227c110b1c10db39
  540.  
  541. http://rodtimberproducts.co.za/1To
  542. http://kaks.enko.ee/B
  543. http://ecampus.mk/Mjq4JATm
  544. http://142.ip-164-132-197.eu/P
  545. http://okna-43.ru/dmoidUy
  546.  
  547. Creation Time 2018-11-26 17:20:00
  548. SHA256:
  549. e934609b37415deb58a044672bbf8fc17b6a1f970aae0f88476294953c333393
  550. ec23b8f898e6b53b113880f3a1923503750bd1d86db30dcce13a481bf1fd1e05
  551. 6be37d5c9a49ec912bc76cb219e7a97c0451e8598fcb2aacf5f61300191886d6
  552. 5dec64636c74e636291400737897dba7e8ef952a377b5382f87de117d0ef9c35
  553. 99bd1296b2e82c8f04314d6e3864e842623ba875784da532e8e1ff1d546beeb6
  554. 103e506a624dd2beeada2f3640128e2d5caf08d95dde124e6f1976034c6475de
  555. fd0ea0d30e29cdad42d6eeac177801327db2187c2cdba5ca943908735d7fc802
  556. 79c072a5b13962def3c4ac71920778b0eebe58f0bfd23ee2fa2a10b874762bb3
  557. 3ee50fa57f54cee0200bf24c0bb0d3bd0df938caaefb91bc5fe56d315fabfc56
  558. 20ad3cd96e837f7fbd2835f1473116dbe4278f47dde82740092f4c98fe14225a
  559. 6007e6c3de3dade995044f661cd8d53a9245ed12c1c56d427bdd3aa267398921
  560. 0da3104bfc37f64817dbbb0f5fd699c19db913b2a2f5c6f883b0813f1669638a
  561. 08ad2babaa45ec1a0aaa210d8a98756cf38a4c50337070c07e8c38413e1f1795
  562.  
  563. http://ecampus.mk/Mjq4JATm
  564. http://ejercitodemaquinas.com/Q1
  565. http://9.mmedium.z8.ru/AxZT
  566. http://chstarkeco.com/DL
  567. http://g-steel.ru/y38N
  568.  
  569. Creation Time 2018-11-26 15:55:00
  570. SHA256:
  571.  
  572. 9248345ccc78b67a968c1f2082916ee58d0ce5642698a7a6e2f830f65937bc8d
  573. 1ca11cdd2bafbcd28491f6e46e1a2dfd9c435effb2ac941c7d164114d82d2aec
  574. 46c708f3468052469785a18c61440521d05eeeb48625122b2f0879924fcf19a2
  575. 21694e71a6d384e5080e422ca98dd16a52c39e430bfdec1732b3706c480914e9
  576. 434a1520a7608017e839ecd8804d04ef5d53d0b1dfaae1e8865383510cb314ca
  577. 4e03038cd03633b18f289487b717e6f9b75315c382794c73943092f6a90d170b
  578.  
  579. http://ejercitodemaquinas.com/Q1
  580. http://chstarkeco.com/DL
  581. http://g-steel.ru/y38N
  582. http://gvmadvogados.com.br/bV
  583. http://jsplivenews.com/0OcPNLEV
  584.  
  585. Creation Time 2018-11-26 14:15:00
  586. SHA256:
  587. 436a7bda2468d62082d57da495124d92fdafefb5fd6fc74567de0e00de2e1877
  588. 750571c92724559337e7b3a294cb9398372007272fc39662fe2d28b958810b84
  589. b765f06492608ae3357a19d8f21178d4cf1ee8662d3084b7502a4ecb1f46f38b
  590. 1df4f0f7ca0e487922aa35f1531ad118b9f80cda79face5684cf1e2d6a35cd76
  591. 947ffd4d3886b2d7e8a4ec464ce500f6dc56864120c107cfe86efa3e87988c93
  592. d1664c64ec9b5e30534bf46cd69e86898209d921b967c303c869a1939e3b289b
  593. 8552eafbb7a7bd10e050edd152a6bcf3f9c003992ef69d9a1328490f07b05447
  594. e59dac24bd00afb00ac45053e5c91a3aa9c9b912fb41d79026286ef404ae3cab
  595. b01eab7af860eda15effbfa13f65d43b41ad6729d0e21bc3638d209bcc462203
  596.  
  597. http://jsplivenews.com/0OcPNLEV
  598. http://chstarkeco.com/DL
  599. http://gvmadvogados.com.br/bV
  600. http://cach.2d73.ru/VKD1Idvq
  601. http://mindspeak.co/n8
  602.  
  603. Creation Time 2018-11-26 13:43:00
  604. SHA256:
  605. 8f737b55098ee7b575d3601057d75b81dfd7f82958a7ad0a4f21ca0a5554f7b8
  606. 8fc8f311d4d10c3ef4680d0f23f5f7d4e794b1dacca6dee447e997be025a6cb4
  607. e39603c14b2114d732653da619d4d96ca4e7132d487274ba40915d3173f9a733
  608.  
  609. http://hvh-mpl.dk/xLm
  610. http://gvmadvogados.com.br/bV
  611. http://yonli.com.tw/k
  612. http://www.knofoto.ru/bzC
  613. http://kiramarch.com/HFDL
  614.  
  615. Creation Time 2018-11-26 12:28:00
  616. SHA256:
  617. 7c388dca3279e17bee0e82fb6f086f8471298792879f7f88885ce0355af4a2bd
  618. b66c2d2648e3a3736b78f0a76a9b7a6c873e0b2650618dc24e197cb4a0b94507
  619. 69e7474f2697c43c0a18aa76f8d024a46967a2a3ebe77721e75a68c588e86718
  620. 32a721c6277d3aaf3a6765a6579272003656b64d7649f30dbbc1af70bad42386
  621. 4d53e74fd273f2aff9d01ab680114edb16700195fc84b960564921f268ec2490
  622. 1a45f7876fd4fa2046716739ca8c1e445a9eba8833f817300a0ca034c227e62f
  623. 9c4e29d3e68c6aa4871ac35fd68a4adeff88661961258f4e7b8e381f791cf5c5
  624.  
  625. http://420productnews.com/w
  626. http://jsplivenews.com/0OcPNLEV
  627. http://cach.2d73.ru/VKD1Idvq
  628. http://maximinilife.com/Qppyh
  629. http://artpowerlist.com/z9RY
  630.  
  631. Creation Time 2018-11-26 06:24:00
  632. SHA256:
  633. 2ce7330a70040737397b483674680e27bcbdc67390dc64df11319539f15d4c79
  634. 4acbd8ebac5a1cfcb72aad7e5f1ff3b21d2541a931964a07de2a50bcb9325121
  635. f1aa79aec4d5de86cd0fc1a6ee8f2fe92cd88f6e20850ceda20b9c432f44c66d
  636. 8d10a6a99658759428cc5ab65baf57aee16ab607c23e2fb779e60450883aceb3
  637. c1d96a67fe7ef5167ed20032a3cfb29e72e451293a38a208f4c33ac23a2ef031
  638. 7bb379b42a8c970753eb37ecfd9e33fc758a9e24cd72594e1463b967552884d7
  639. 95329196e424d530c8d1871241a630b2bebaf7d7c2ceeda21e1d5634f6fdd721
  640. 219520e560a9eb432aba9d319c3c959ff9fe3f4a3ed9eb7f34ff13d1f8fdeaa1
  641. e9ac4df60f1d93149af474b6a26a29fb35ce98f834c23795488d501c6cd5d44f
  642. f50da10873273002acff6937efa273fff54fdd971eb12b2842d0e219f81923d4
  643. f3c0263167708bbce2f451776ce0c2c79b3fb11b7113f7958f5edbad4622bfe4
  644. 20d9a0f8fe27a43d9d99fd593c8d8af9b9799172c5b7179aa5a8cd2219de3b28
  645. c3216b2eccb30c178ea9b2760e8a3425c4cba06b2ca91a68aa94d58196996289
  646. 3382c6cad4e8edd4f9423bfb6a7c0b2404386274280b9dbc09da6b40c3a976c0
  647. 3ca90d5bcf6aa92241dbfd3974542febbf325d25458643f2705fa71233445213
  648. 934acd0d0bb2e9dd8c533594fc5b883a5542a7cbfc967a64243810124ae1193d
  649. 4aa3fa1ef3642be02826ef9466eaf90427857dcdaaca6b7086b842527376f6fa
  650. 58972ab31449176f9d62c6b35bcd63843cbeeb099b374e56b2c1cda373fb880b
  651. 807a8434cc34fb0b2875b8a8edbad637e29225288e8400c58317d6e50a93a2c7
  652. f0d8e56e95b43a3575bbb53701e95881ddf0c6b2246138dfad3e355a379bb9e7
  653. 58503078fa335ae31c9c405e1ae21f9784a8b1fa397481289fbd387549d1d857
  654. d82ecdf13473ba7a21b9249396186a1834834ba3e33c8bd59e77247d765898bd
  655. 4b122ed996a80e03a2056abfc84a875b6c3cf2f02081f8546fe62ba9308a8e58
  656. 184ccc288232c76b5589ec0c6aeb280c934a5ad35c0c7155146d71030a040b40
  657. 9dae1c9ef8a1bad9c6d708cef1e3f156eb634f406af397c55fca0fd3763311c2
  658. 2ad4db5a367762fcde6ddaffc4159f16f82c15d0af81b17d445327acfdc896ed
  659. a50bbe414048cadb53c22770c78fdae9ac730249693ca7d46df239732938b3f1
  660. 57b90075a2a9821278a1ce760e5fd36f35f5ff5e768bef60f04aa4ac3741bc9d
  661.  
  662. http://carminewarren.com/1NH
  663. http://chefshots.com/ehYRY
  664. http://madisonda.com/8Qa
  665. http://ezpullonline.com/nTB0KW
  666. http://carriedavenport.com/rc/NOg0opv
  667.  
  668. Creation Time 2018-11-23 16:07:00
  669. SHA256:
  670.  
  671. 60ad983b51261a891c48ab573b7fe8de53f760edf6822819c4c6f5d677a4f71e
  672. 21505d9d791d9f082b188e27b4e0940716e7db715720ee365a2f6a573b2fc4f3
  673. 2bc2493a7772297c30ac8f2e70ec1ca654e476c7d33bb89e198c7659541aac65
  674. 25870d1a1c4fdffd215d71ae1100a9f32fe001f6c4179c7b2e0f73c55d09e60f
  675. 11cc0a87d8d0563f4daeb65abfbcae2098f5efeb14d0abd30636408800c011de
  676. aafc2b406225953f1997831b6270adfc3624d08b4cba70d4cdce2f485c7c2108
  677. c2600d83af5ca348dfb499ed42869fc4f8fd23125f84cf1f8c75d94b522cda8f
  678. fbeb5966a9766a954328659bb89e4648695dd4755620085d1d7231b660554e16
  679. 97ea4093009fb781114c73bc293ef8241c3d8d566f2aa9fc82d790170ac0f720
  680. 7db4116c89254b389e4e0a39f882626ee7343f958f1308c28a80c900d7dcf8a3
  681. f2dd3205712012ca95f46d28c261d22b9e25f6811c8e84f1dbab44bdad5d9317
  682. 6811c7cc2fec17b1d8cad7d3a81c9f35081f174fe42251820e4c9d52f398b832
  683. f3b492feeb1ae729968db51438e44393e442f897dfb79d9fa16af07fff660bdc
  684. e0af4e554a7d7803baa4f01a52c4f902e94385a522f5bb82193c05949cd4e7f6
  685. 3aede15f93806a226e9cf525dffe52a64c95e292462022287401517ca8ff965f
  686. a282b4b2f450f43d5098a8d23597ef168db0c5964822208b62aa2cc6ddad4616
  687. 96cc7f3d2d4ce46d68c6dfea8303b082fefbdf5b0e6028ca2d5927bb2419e9ee
  688. 4d750e5d335305f2d8cec0763a719cf35de19e1a3b362506fda743815184a745
  689. 49ecee37c17dd412845cf6ca9158b9e86aa9986b1b101793f5345bbeca103c9a
  690. 79d4db85f1a55b42eeb056bab252057776f67c57bc97ffb4d042505918e9a0e8
  691. 4b05265b52e7d6b3822441e181f9f5ab6d313dc32da5a3abbcb6d4aff6348b6e
  692. 9477426478ccc69161066705e50c59c8bb3e78874b2e20d9871fac445c60c828
  693. 07d83977ab8bbb36ad0bcf25bc43539d170d253e091ebebd76a677b2f287446c
  694. bf8530bbdecc5b5bba66cb73bd467d2f8345e6a9b9a00b1d981e7b300899001a
  695. 7c7e033dcc1293bed586ead0cb3d7a2680b6785e3f527c3dc44912bc89015bbd
  696. a9a692b13637ebb6814d009696abbaefd7d800fb8030d73a9b88c2a65bef8faa
  697. 0a2fed1a8a2084f991cefed315dc4b512097f06184ed9bbdaaf7dce947e0297a
  698. 42b5a574e31cb05d15e101b59f0510a79363cb8415467bd166f8ff6d309f590c
  699. ddc005599e972756c6e6ea643df166f26e7b0507c957bf51bab067d3805ea9ea
  700. dafac545aed1a732bb2d121217e8256e20a827731f30185400633b48546c4ca9
  701. d3ffd8e8281be32266b9634e305b8653c18b27fd001920e9a8e211d59e2de088
  702. 4c0086e6c07155b82db0cea0b52f2e7355044ac3bac1a6b8e720a09d8d1111da
  703. 8cb0f07d6949e66822a80de18b3bfa60d05f545313aeda07a0f0d9439fabff9f
  704. c51d9940c0c8bb57d171b72eb69b753b055ce29fdf4860d840d9044e87e9bb0c
  705. 61dab830b1062e8a99d2c88745bc18289de1c6af77bfc7bdac57049b7d3b5ef0
  706. 260aa6a4291819ca28373cb2cbf9298382d721aeb6e267edc3ec5bca89b360a3
  707.  
  708. http://remajaminangbatam.org/QxMrgAM3
  709. http://romodin.com/9dyHIxA
  710. http://cnudst.progresstn.com/9Nf8JiB1
  711. http://eddietravel.marigoldcatba.com/wp-content/plugins/NP
  712. http://montrosecounselingcenter.org/lHw
  713.  
  714. ```
  715. #### SHA256s for Epoch 2 Payload EXEs seen on 11/26/18 ####
  716. ```
  717.  
  718. 2b410f529970f826b63a1253c8770d259e25c35279abc10b0a1229ea75bb292b
  719. 786fdcc14a56e03247f9002051b890eca7155c422e9b1b7c3afcaea306a00e07
  720. 959bee576b6a0f1635c56a6db0b0daaaeb3396253a899eced5c96112186b299d
  721. fe5ee06479a70a2d462cadef7bb0580adbeb54f6aba056b52cb3543fdb9be741
  722. da1734ab08daca55156f837ee6a639856fb4bcac5434f179554dbef59d0ac9ac
  723. eb886851615c2fe43220090a8f065026ef6f9ed474f703d4dd32e76c8adaa39d
  724. bdcdc17b0695c9e40334c407d363e5e5205fa393fff6571ce340cc6244df41ba
  725. 1f2a764d973e4c64600d0a79ffbc8fdc72d5062b7bbc100cbc253b833f069174
  726. aba51ec0fab10b7499ff40b692bbdf122f9842f23b899a5fe0985c51c768e99c
  727. a88d8031014957d8f2bbc3d09cf48583cbcbe701b17d714d746dc3d85a8464cf
  728. 74687e0ec472945c37733b4662f9b36498ca9ebd2a1ee9df85ab2cf7e07453d9
  729. 569069e7f0c4df6d52965c4169c37bde22581d2cade10e0f21e449d4f9b91e85
  730. cfc6b687f49f9164603711e5bf4cac07b1f4577b619b57da1056d5acfbf429bc
  731. 16119f7a168ddd9fa048f847b733d305cd8f0c7019f1cab98f22e9336f360386
  732. 0b1f5acd70fe4b6f45c65e981adadc8460fb729ca5b5286f36e6239f7dc1adb1
  733. b64c9c897553655a66c215ed0bdaef37c6a8e974a005587b25bb4ee990276966
  734. 1ae35f097b4dfec8cb9256b2f18523013bc19b4a6d6821c4d9360b9ab66237d3
  735. e7971deafc5ce5acc84b72fe179ed20a11decbeb912747ae211ecd51f12e2d14
  736. a39250b627ec3f3f5067361d7042a4bed017f7ce23aed9c91d41e91ae2a6837b
  737. 18d1b48c3071da08a592328d6fedd34c486610a59d152225da799b4aec03c3ab
  738. 8e069d5554410901bd96c6028fe495fad4d14f8f4d13efbd90218817f0abf11b
  739. f0f8671c10812fcc9430b69acb6f8731b4daaf83ef67b0ac44ca49554d837712
  740. 3aa18c98b6236a67fa8502010f5414d87faeab5236ba358f64980127cf76059d
  741. 6f8a5ae6b9197973944f9b41912f04877b73d541ce7dad4e25c07d1b7d753a24
  742. ffa7dec74247eb09b77912d7ef2660c315e02553947eb764a50e0788cbcc18d1
  743. ea44ff9f5e8b56533ddfc943aad1874a0b4d224526c918266d47a11bbaaa8d70
  744. cfaa252022c6f64832de47294e13ec595c6734b5c759d0387e1c3ee0945a9ddf
  745. e5c5dc91b15eb6cf488edebafe6474c8b3a244bda4857a05df0e41cfd4577fcc
  746. 77414e4537faa8a8356a6358653830fc5361bf15cc246f6d86a5912e4220b706
  747. 8b63ccb254d6794c4153266446ba56b77c0d700c6ba08ba2a6c845b1d08b1d4c
  748. cb3f8c9a2ede9a5b8c23fad77f9b113e42544915f5460a0b8dd8cbfe58cf5b8b
  749. 0d82c2bd4261996da8ec5a898cdf1ab9773d6b1477687f05ac0d49b9d197471e
  750.  
  751. ```
  752. #### Epoch 1 C2s ####
  753. ```
  754. (Port is 80 unless noted)
  755.  
  756. 107.11.23.236
  757. 128.92.54.20
  758. 133.242.208.183:8080
  759. 144.76.117.247:8080
  760. 159.65.76.245:443
  761. 165.227.213.173:8080
  762. 177.224.87.110:443
  763. 181.129.130.82:8080
  764. 181.193.115.50
  765. 181.60.228.203:8080
  766. 184.6.79.105:8443
  767. 186.20.225.65:8080
  768. 187.163.127.20
  769. 187.218.236.242
  770. 190.191.88.126
  771. 190.2.43.237:443
  772. 192.155.90.90:7080
  773. 198.199.185.25:443
  774. 200.58.78.77
  775. 201.145.151.91:8080
  776. 202.53.94.4
  777. 209.182.216.177:443
  778. 210.2.86.72:8080
  779. 210.2.86.94:8080
  780. 219.94.254.93:8080
  781. 23.254.203.51:8080
  782. 23.94.123.231:443
  783. 49.212.135.76:443
  784. 5.9.128.163:8080
  785. 50.74.56.147:8080
  786. 69.198.17.20:8080
  787. 75.161.71.124:990
  788. 79.129.42.122:990
  789. 81.18.134.18:8080
  790.  
  791.  
  792. ```
  793. #### Spam/Stealer C2s ####
  794. ```
  795.  
  796. Pending
  797.  
  798. ```
  799. #### Epoch 2 C2s ####
  800. ```
  801. (Port is 80 unless noted)
  802.  
  803. 101.187.14.253
  804. 105.186.226.64:50000
  805. 108.31.30.251:443
  806. 115.71.233.127:443
  807. 120.150.236.64
  808. 129.89.34.249
  809. 153.122.38.158:443
  810. 162.223.49.226
  811. 165.227.191.145:8080
  812. 174.106.138.248:443
  813. 175.140.190.9:8080
  814. 178.134.123.218
  815. 184.186.219.249:8090
  816. 185.20.104.238:8080
  817. 187.172.8.56:50000
  818. 197.211.225.149:50000
  819. 198.74.58.47:443
  820. 211.115.111.19:443
  821. 217.13.106.160:7080
  822. 222.154.224.251:50000
  823. 222.214.218.192:4143
  824. 45.123.3.54:443
  825. 46.163.76.187:8080
  826. 5.230.147.179:8080
  827. 5.35.242.34:7080
  828. 50.253.215.97:443
  829. 67.205.149.117:443
  830. 69.198.17.7:8080
  831. 71.255.224.174:443
  832. 73.202.198.23:8080
  833. 74.99.65.165
  834. 75.139.212.33:443
  835. 81.7.10.106:7080
  836. 83.222.124.62:8080
  837. 84.200.106.120:8080
  838. 95.141.175.240:443
  839. 97.68.7.204:8090
  840. 98.142.208.27:443
  841. 99.88.232.81:8443
  842.  
  843. ```
  844. #### Epoch 2 - Spam/Stealer C2s ####
  845. ```
  846.  
  847. pending
  848.  
  849. ```
  850. #### Credits and Notes Section ####
  851. ```
  852. Updated 7/13/18
  853. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture: https://pastebin.com/u/jroosen
  854.  
  855. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list. I am providing them for your benefit in case you want to parse them to be sure.
  856.  
  857. UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!
  858.  
  859. What is Epoch 1 and Epoch 2?
  860. Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now. Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change payloads every 3-6 hours now and hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100% sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch as far as I have seen.
  861.  
  862. ```
  863. #### Community Lists ####
  864. ```
  865.  
  866. https://pastebin.com/qt5JA5f8 - @James_inthe_box
  867. - @pollo290987
  868. https://pastebin.com/um1Gcw5z - @ps66uk
  869. - @executemalware
  870.  
  871. ```
  872. #### Credits ####
  873. ```
  874. (OC and combination work)
  875. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie, @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2
  876. C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop
  877. Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic, @Bitterman59, @devnullnoop, @executemalware, @Bauldini
  878. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop
  879.  
  880. Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
  881.  
  882. Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!
  883.  
  884. ```
  885. #### Daily Log ####
  886. ```
  887.  
  888. Last week it was Black Friday on E1 and this week it is Cyber Monday. Clearly E1 is currently targeting the USA.
  889.  
  890. E2 is still on a banking kick and we saw a few PDFs this morning with links and a few other invoice type ones. Nothing really new here other than the frequency seemed to increase for updates to 1-1.5 hours for the next quintet of payload URLs versus a normal 4-6 hours. Maybe they were in a rush to finish?
  891.  
  892. Till tomorrow.
  893.  
  894.  
  895. ```
  896. #### Sandbox 11/26/18 ####
  897. (all with fakenet and MITM unless spam/secondary infection)
  898. ```
  899. Epoch 1 C2 run at 08:44 11/26/18 https://app.any.run/tasks/9e64b79f-30fb-4437-8807-dd21fa35cf1b
  900. ```
  901.  
  902. ```
  903. Epoch 2 C2 run at 08:55 11/26/18 https://app.any.run/tasks/78323a13-aa3c-4121-a82b-ce7ec8ffc7dc
  904. ```
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!