Emotet Malware IoCs 2019/02/20

1. ## Emotet Malware Document links/IOCs for 02/20/19 as of 02/21/19 00:30 EST ##
2. *Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.
3.  
4. #### Epoch 1 Document/Downloader links seen for 02/20/19 ####
5. ```
6.  
7. http://100.26.203.42/secure/online/thrust/file/tKNTl6AjHTtVxgAjVFl4TCA/
8. http://104.130.211.29/wp-admin/de_DE/BKUJRIV5425410/Rechnungskorrektur/DOC-Dokument/
9. http://104.130.211.29/wp-admin/de_DE/BKUJRIV5425410/Rechnungskorrektur/DOC-Dokument/index.php.suspected/
10. http://104.198.73.104/De_de/BYLZNG4781296/Rechnungs-docs/Fakturierung/
11. http://104.198.73.104/secure.myacc.send.com/
12. http://104.248.143.179/Organization/Business/open/read/0b7KVdIYGzXZJ8FyMopuqR3zv7E/
13. http://107.23.200.84/Company/Online/secur/list/ujiByeGF5RoEEyegzwZoK/
14. http://128.199.207.179/DTNFQWP6109971/Rechnungs-docs/Hilfestellung/
15. http://128.199.68.28/company/online/secur/list/1aLZfrXvaJ5qUvvrM/
16. http://128.199.68.28/DE/GHQQAE4843885/GER/RECHNUNG/
17. http://13.114.230.250/secure/account/secur/file/YyyvBevhpHODt6F/
18. http://13.126.28.98/company/online_billing/billing/sec/list/iyXe3rYZusAeUxl/
19. http://13.127.175.101/secure/online_billing/billing/secur/list/r92jDYjix3ARFoKzzd2P5Ai/
20. http://13.127.49.76/demo/company/accounts/sec/file/WYQaEqhHxdq2uGrp3hEUblmxz2/
21. http://13.229.189.170/organization/online/thrust/file/QePzMhBhBxApaTh/
22. http://13.229.71.182/company/online/sec/file/2PL1fUwQWPQmsevNddb0KdG/
23. http://13.233.173.191/wp-content/BXROAQEY9168432/gescanntes-Dokument/DETAILS/
24. http://13.250.96.71/company/business/thrust/file/LI6HIkWgFvFRY4TzIRm9W0U/
25. http://13.251.187.227/organization/online_billing/billing/secur/list/eAJdMGuCbgxu54lzYQ8vuzHCvl/
26. http://13.52.104.41/organization/accounts/secur/list/UxlDZa81gSq1kH1PC/
27. http://13.56.105.158/organization/online/secur/read/ESzgS7fMwMeFgmIhg4CCZWlVda/
28. http://130.211.205.139/CPCVVB7382198/gescanntes-Dokument/DOC-Dokument/
29. http://132.145.153.89/De_de/QTNKRZLH5339461/Rech/Zahlung/
30. http://138.197.72.9/Februar2019/NSUDJSBMA3141751/GER/Zahlungserinnerung/
31. http://139.59.182.250/DE_de/IRJJOQRL8236206/de/Zahlungserinnerung/
32. http://144.76.14.182/organization/accounts/open/view/Sb0CWvQF2Lra0s98eTtA/
33. http://159.65.142.218/wp-admin/organization/business/sec/read/j897y6FqeNTxGOMJcFaS/
34. http://159.65.147.40/De_de/CUHHAUAPJV7448870/Rechnungs-Details/Fakturierung/
35. http://159.65.65.213/DE/ESHJXCSAEP2094785/de/DETAILS/
36. http://159.65.65.213/Februar2019/LWCXWKUNAK6379960/GER/DOC/
37. http://159.65.83.246/FZGYPXJMA2476395/Rechnungskorrektur/DOC/
38. http://159.89.167.92/De_de/EHRMQNRQUL2815951/Rechnung/Hilfestellung/
39. http://160.16.198.220/company/accounts/sec/file/w99hasGYZCnUEgB2QqQC3Dq/
40. http://162.243.254.239/Addon/company/business/secur/read/eru8ZKnwC3JTM8N/
41. http://167.99.10.129/DE_de/JKDLBRYCK2211402/Rech/Fakturierung/
42. http://178.128.54.239/DE_de/AAIYSM6783073/Rechnungs-Details/RECHNUNG/
43. http://178.62.213.188/De/MTOQIU7473435/Rechnung/DOC/
44. http://178.62.233.192/DE/YDJXIHNUTZ3915693/GER/DOC-Dokument/
45. http://179.191.88.69/secure/accounts/open/view/6NblyCQcV4d8Ncg0lPC/
46. http://18.130.138.223/organization/online_billing/billing/secur/list/C7w9UKnp5b9s43J/
47. http://18.179.166.252/secure/business/sec/read/dSiJQXTERxJurLGrA5dG57/
48. http://18.223.125.61/trust.accounts.docs.com/
49. http://18.233.163.194/company/online_billing/billing/thrust/list/NPPV5oDggedwA7Yu/
50. http://188.131.164.117/company/account/thrust/view/5VWHaO1Osd0FqU6QHr9t4dx3O/
51. http://188.131.164.117/Februar2019/JDNQVNEO7659282/Bestellungen/Rechnungsanschrift/
52. http://204.48.21.209/secure.myacc.resourses.com/
53. http://206.189.154.46/De_de/YOXXXLCT4382765/gescanntes-Dokument/RECH/
54. http://3.16.101.139/secure/accounts/sec/read/cbjIhrbGL3lQHMvsAIv/
55. http://35.184.197.183/Februar2019/XCBJBUPQD4995786/Rechnungs-Details/DETAILS/
56. http://35.190.186.53/De/SKTAPCYQTR6199495/Scan/Rechnungsanschrift/
57. http://35.198.197.47/De/KMFPUXNC0635154/de/Rechnungsanschrift/
58. http://35.200.238.170/DE/QLGNVXWAGD4073361/Rechnungs/Zahlung/
59. http://35.201.228.154/De_de/MJFRJDYVD6578556/DE/FORM/
60. http://35.202.250.4/GMYUJPKR3110509/Rechnungs-Details/Rechnungsanschrift/
61. http://35.226.12.246/company/account/open/read/CpMumEcjz22ZB4h/
62. http://35.228.72.235/wordpress/Organization/Online/secur/file/9cNXeslr6tfxsHvXgArlrqppg/
63. http://35.231.171.23/Secure/Online/secur/read/mKPpefv2ITEfhboE/
64. http://35.232.73.116/HZFHFM8935030/Rechnung/DOC-Dokument/
65. http://35.247.37.148/DE_de/BGIVSWSI9094709/Rech/Rechnungszahlung/
66. http://37.139.27.218/DE/BDMYARSBK2827816/Rechnungs-docs/Hilfestellung/
67. http://37.139.27.218/De_de/CGIBNBZ2927341/Rechnungs/DOC/
68. http://51.77.192.138/sec.myaccount.resourses.com/
69. http://52.66.236.210/de_DE/TAWMOAUYM5676668/Rechnungs/RECH/
70. http://54.236.34.129/Organization/Business/secur/file/F6S3dssWhqdvfItOyF4t8CevO/
71. http://54.242.75.153/Februar2019/HYMWEGZZEV3444736/GER/DOC-Dokument/
72. http://54.83.117.78/organization/online_billing/billing/thrust/list/LjzOrDD148VLWzBOcyCVBv/
73. http://73.114.227.141/organization/account/sec/view/1bB0TYyPY5sqCuI8PiXQ/
74. http://78.207.210.11/@eaDir/Februar2019/XQCNETYKHN1099130/Rechnungs-Details/Zahlungserinnerung/
75. http://81.56.198.200/DE_de/AGWKTL2505139/Dokumente/DOC-Dokument/
76. http://82.196.1.74/company/business/open/view/K1DaR9McM8zVVPE/
77. http://aghigh.yazdvip.ir/secure/account/thrust/list/Vf8CIZ5372MssNTgMY28K78FZY/
78. http://akaneito.com/secure/business/sec/file/xMlC7mWhg1mTLpi/
79. http://alainghazal.com/DE_de/JAIWXFTCV5712097/Rechnung/DETAILS/
80. http://alfacerimonial.com/secure/account/sec/read/QeaTQqiwqjtAAXXrWV7Y/
81. http://allaboutpoolsnbuilder.com/secure/online/secur/view/RSAbw2HCkErl7cWXU/
82. http://allstarsareshiningdreams.com/DE_de/SABIFZJ2282539/Rechnung/Fakturierung/
83. http://almira.pro/company/business/open/read/uSRgfCdkX33nAPkK9FkRYX1i/
84. http://amare-spa.ru/secure/business/open/view/f4t5ZkzoSOQ83rUaf/
85. http://ameen-brothers.com/secure/online_billing/billing/open/list/l2WGRE7IXUCA4Qgvms7T6/
86. http://anadolu.tv.tr/de_DE/GNEATBIS5707045/Rechnungs-Details/DOC/
87. http://apartamentyeuropa.pl/company/online/sec/view/BtLRIjX59vLoYlIaup7YYwMx/
88. http://aquilastudios.se/DE_de/XBDMYK1531187/Rechnung/Hilfestellung/
89. http://arcpine.com/NNMLGU6236452/Rechnung/RECHNUNG/
90. http://aressecurity.com.co/secure/accounts/open/view/EyABhpDUbLpVOB95mQ/
91. http://arkist.ist/YLJHWSWE7481329/DE/Zahlungserinnerung/
92. http://asabme.ir/TKLBQBIA5526478/Rechnungskorrektur/Hilfestellung/
93. http://atlasfanavaran.com/De/UHTZMI5082317/Rechnungs-docs/RECH/
94. http://audicof.com/secure/online/sec/file/1pHa21DjX6goiOFAFCH4A/
95. http://authenticity.id/DE_de/ZCPKJRL1373298/Rechnungs-Details/DOC/
96. http://awcq60100.com/company/online/sec/file/Fajq2at44D9LxeZ0WmKGkOnYf1XY/
97. http://bagimsizarabuluculukmerkezi.com/OXBTNEU1938646/Rechnung/Zahlung/
98. http://bbdangar.com/KLTBZWF4069006/Rechnungs-Details/Fakturierung/
99. http://beepme.eu/DE_de/BGGWVOKOW7997274/Dokumente/Rechnungsanschrift/
100. http://bizresilience.com/Februar2019/HQVVQHGW8580256/Rechnungs-Details/DOC/
101. http://bksecurity.sk/organization/account/thrust/file/Me7hdLUQIb5laC4e5tddRWRL/
102. http://blog.elefantuldodo.ro/Februar2019/FNJBTKZF9902001/Rechnungs-docs/Zahlungserinnerung/
103. http://bluesw2014.synology.me/@eaDir/Februar2019/KGBHAQ3523488/Rechnung/DETAILS/
104. http://bobvr.com/secure/online/open/read/kvXVf97Yc8my5UbQYTdVJpp9L/
105. http://boilerplate-elementor.mdamasceno.com/Februar2019/ODLDUL5291394/Rechnungs-Details/RECHNUNG/
106. http://bolumutluturizm.com/secure/online/thrust/read/WCXjBTC0O349NomU0bu/
107. http://burodetuin.nl/cgi-bin/company/account/thrust/view/DTE7sKc37irpDMeqW2hCRd/
108. http://bvs-sas.com/company/accounts/open/view/X5UBTomGuy7uuwOE/
109. http://canhocaocap24h.info/De_de/YUDRRGURJ0624244/GER/Zahlung/
110. http://canhogiaresaigon.net/secure/online/sec/view/Z1XWizZaERPdX4A0YWBmI7/
111. http://carlpalmer.readeranswer.com/sec.accs.send.net/
112. http://carolechabrand.it/De/SQJJQXZ6176899/Rechnungs-Details/Zahlung/
113. http://carolechabrand.it/De/SQJJQXZ6176899/Rechnungs-Details/Zahlung>/
114. http://cashcow.ai/getMitraApp/Organization/Accounts/open/list/d5wDMtzOMTudYLOG/
115. http://cedricvuarnoz.ch/secure/online/thrust/list/kofTptN1vaClVfxB/
116. http://chiltern.org/secure/online_billing/billing/sec/view/UxpYYrvnx8VoHYJn/
117. http://cild.edu.vn/De_de/NATLJPVGX8112407/DE/Zahlung/
118. http://classina.tokyo/De_de/TCQCXX4611584/Rech/Hilfestellung/
119. http://claudiandelarosa.com/secure/accounts/secur/read/FGIgbpuqQhdfg45oe/
120. http://clientes.jamesdecastro.com.br/DE/PAPMBAGXW4483987/Rechnungs-docs/Zahlungserinnerung/
121. http://clinicacorporea.com/DE_de/WADUEER6903157/DE/DETAILS/
122. http://cncprocess.fr/secure/account/sec/view/AqB3VzOOEpg0vKnwdQzzOa/
123. http://cngda.tw/company/online/secur/read/WZIARwRNzO2JxU5Li4j4/
124. http://contabilidadecontacerta.com.br/secure/online_billing/billing/open/list/udINp9Y0HlpSePtu3CLMMIQgxKx/
125. http://crmz.su/De/QZUXVJYFP0221950/DE/RECH/
126. http://ctl24.pt/organization/business/open/read/RTfXUAWipgglNeTdnqm/
127. http://danytacreaciones.cl/Organization/Business/secur/file/h5P8ihhf44cyzzbzKqmJ6Hqu/
128. http://depixed.com/wp-content/De/HBDVSNMI9967008/Rechnungs/Rechnungsanschrift/
129. http://detsad-kr.ru/DE/WJKDVRPDX2185849/GER/Fakturierung/
130. http://dev.style-cost.com.ua/wp-content/cache/Februar2019/CUSHDNM6671014/Rechnung/Fakturierung/
131. http://dialloaliou.fr/organization/online_billing/billing/thrust/read/C80nFrXys7VplGSTg/
132. http://distro.attaqwapreneur.com/company/online_billing/billing/sec/read/P7jaJ8zg2TNXNyaOP3iIyWg9YTD/
133. http://distro.attaqwapreneur.com/Februar2019/MAHFTTWU4194090/Scan/Rechnungsanschrift/
134. http://dmachina.cn/DE/TDTNKK1712878/Rechnung/Rechnungszahlung/
135. http://doctor-vaskov.ru/company/accounts/open/list/mt2LjZv3SqAIw3LKAadR/
136. http://domainnamefinder.org/LEQWJSLZG0178044/Rechnungs/DETAILS/
137. http://domanieccy.pl/De_de/AATQLBXHT5976414/gescanntes-Dokument/DETAILS/
138. http://dorsapanel.com/secure/online/open/read/tp299ND2Vi4JJX2xkplo/
139. http://drbothaina.com/secure/accounts/thrust/file/FMlNo2RtHIXb58As/
140. http://drbothaina.com/trust.myacc.send.net/
141. http://dverliga.ru/De/AICQOQUE6714139/Rechnungskorrektur/Zahlung/
142. http://ecohome.ua/organization/accounts/secur/read/xICjmtG8IaGYUTX9Lycp3ZVB/
143. http://ecuadorminingnews.com/KIBYUYVH2385409/Rechnungs-Details/Zahlungserinnerung/
144. http://ejder.com.tr/DE/ZQNHKR1331264/Dokumente/RECHNUNG/
145. http://ejder.com.tr/secure/business/sec/view/JKCBAZFjdtIsVtTUI/
146. http://ejder.com.tr/verif.accounts.send.com/
147. http://envi1.com/DE_de/XQASSZ4467969/Rech/FORM/
148. http://esagarautomobiles.com/De_de/YLMRUB2478477/de/Zahlungserinnerung/
149. http://et-education.ru/organization/online/open/view/JZS32xdKtySzfRvbrYz/
150. http://expatnations.org/organization/online_billing/billing/thrust/view/obwtcf6YXxrT53WN0LR0Y26E2trA/
151. http://ff52.ru/secure/account/secur/list/mdTBDCmgmxtE9hAcLPW/
152. http://fiat-fullback.ru/DE/BBTYHM4047363/Rechnung/Zahlungserinnerung/
153. http://flapcon.com/verif.accs.resourses.com/
154. http://forum.reshalka.com/verif.accounts.docs.net/
155. http://franchising.cnm.com.pt/DE_de/VGUDDKC6411605/Rechnungs/DOC-Dokument/
156. http://frispa.usm.md/wp-content/uploads/organization/business/sec/file/zHhVAoVYE7iDTcQyHQrf/
157. http://frisurideen2019.club/QAXVDA4427700/Rechnungskorrektur/Fakturierung/
158. http://frisurideenneue.club/DE_de/AMHPTRILK2331220/DE/Rechnungszahlung/
159. http://frog.cl/DE/TKOQRFP7767529/Rechnungskorrektur/RECHNUNG/
160. http://frog.cl/organization/accounts/thrust/list/jc481ssWZagkOOaps5cZqptoi67x/
161. http://gameskout.com/YJWHLL5677272/de/Rechnungszahlung/
162. http://gapkiandalasforum.com/organization/online_billing/billing/thrust/list/nj46IrJ7fbLLhJ3T/
163. http://gfe.co.th/company/account/thrust/read/DxAr3aKzcwRQBvIN1/
164. http://greatkenyatours.com/secure/business/secur/list/0QjhMgaj0oZkLd6QNVKBUWY/
165. http://greeksoft.gr/QSDWMJ9494414/Rechnungs/Zahlung/
166. http://grupoouroplan.com.br/company/online/thrust/read/RwGsZtFd5Y4AR6QYcN0lAv2kfYvL/
167. http://hangphimtheky21.com/DE_de/SLJDNYRIDA1336747/Rechnungs-Details/Rechnungsanschrift/
168. http://hardworkingmarketing.com/wp-content/cache/organization/account/secur/read/tYyqu7t3isXPZTGUr/
169. http://haryaniambarwati.xyz/De/SQYRPVEMC4563576/Bestellungen/Rechnungsanschrift/
170. http://hillmann.ru/company/online_billing/billing/open/view/ptcE7DoGkS0HzazvR/
171. http://hipecard.yazdvip.ir/organization/online_billing/billing/secur/list/btad9PryMrEKipfFUJVXL/
172. http://hourofcode.cn/company/business/secur/list/9OZfHHmfMByr3aF1oHfI23VqkDwP/
173. http://ibakery.tungwahcsd.org/media/secure/online_billing/billing/thrust/read/KSWTGFK7KORsaxyNMYHZ0rtE33/
174. http://idecor.ge/organization/online_billing/billing/thrust/list/m2PcEcdPQCYdOdXUL/
175. http://ihsan152.ru/organization/online_billing/billing/sec/read/O3swsypBJA9Zz33nw/
176. http://iltopdeltop.com/De_de/UISNZHLXNH4502632/Rechnungs/Fakturierung/
177. http://intranet.neointelligence.com.br/De_de/GWFZGZBLS1093970/Rechnung/Zahlungserinnerung/
178. http://jonaspavao.com/De_de/TIMSZYQ1954112/Rechnungs-Details/DOC/
179. http://justbikebcn.com/organization/online/open/file/BpRLzzy131FgFdWxOHDAGxatRcHo/
180. http://kebunrayabaturraden.id/organization/online_billing/billing/secur/list/oUWTB6zLPm3L1kMTvKKKIS/
181. http://keshtafzoon.com/secure/online/thrust/file/B370nV9rJKUvIBryUCl/
182. http://khoangsanbg.com.vn/MBKBPWMOLU6535334/Rechnungs/FORM/
183. http://khobep.com/company/accounts/sec/read/E9IStvFItXpJvdZ05WZP/
184. http://kienthucphukhoa.net/de_DE/XADRPNAPRS0327152/gescanntes-Dokument/FORM/
185. http://kienthuctrimun.com/organization/accounts/sec/read/SL92iANsxS4yRmmsff6caqcfz/
186. http://kimchatham.com/company/account/open/file/D68pEpTz334PLKtsd/
187. http://kingcoffeetni.com/company/account/secur/view/n8cLmmlNgppoWt3Cg/
188. http://kinhbacchemical.com/De/IPPZWP0089632/Rechnungs-Details/Rechnungszahlung/
189. http://korfezendustriyel.com/organization/online/thrust/read/1bCX1mzY5vnulmaaYq7GywWDBz/
190. http://kostrzewapr.pl/css/organization/online_billing/billing/secur/view/hKWKk56SJmIoylKQn1KT7/
191. http://kynangbanhang.edu.vn/De/XSGZJXSA2044874/DE_de/DETAILS/
192. http://kynanggiaotiepungxu.edu.vn/de_DE/BUSGNCMNM5925190/Bestellungen/Zahlungserinnerung/
193. http://kynanggiaotiepungxu.edu.vn/secure/business/secur/list/sj4saG6UwhuqdOPZmJyj4d8H/
194. http://kyxnispb.ru/company/account/sec/view/vTSyEL3QYFvFCie44qcfaUWue2b/
195. http://labourmonitor.org/wp-content/secure/business/open/file/YY4tK8LUHD04pi9yHBkR5aZ7xNqV/
196. http://labtalk.ir/secure/account/sec/list/HBTQNbegYIOHZ7AtiaiLqtz4/
197. http://lanco-flower.ir/company/online/secur/list/Z14Nm8eQcfj3UIqeFD0/
198. http://lanco-flower.ir/De/HEJIYI5444191/Rechnungs/FORM/
199. http://latinos-latins.online/organization/online/secur/view/BaFJAhSshde9WokVem9m9FhyD0q/
200. http://lazell.pl/wp-includes/DE_de/MCQRSXA6896107/DE_de/DOC-Dokument/
201. http://lenkinabasta.com/company/accounts/sec/read/9E5TXdEgPeSnZDqBRbFmsX7OyHc/
202. http://lesastucesdemilie.fr/secure/accounts/open/read/26Ist02B2khvTix/
203. http://lesprivatzenith.com/company/business/sec/list/iB5r2ZewBbKf1V0zkVBcWTS6/
204. http://libdcorp.com/secure/account/sec/read/ZEyOfTsBBRurXI7zS0X1n/
205. http://lienquangiare.vn/verif.accounts.docs.com/
206. http://liketop.tk/company/online/secur/read/MXVUpt1SRKX6jzuMs6fhMRpF2w/
207. http://link-4.eu/secure/business/secur/file/DV7iwHgXFA8i6dsYQKDLZ/
208. http://lionestateturkey.com/DE_de/ASRECT5933419/Rechnungs-Details/Zahlungserinnerung/
209. http://londonmarathon2019.kevinmiller66.co.uk/secure/account/secur/view/YiqdMv6kdEvuuimCClYjEUPhp/
210. http://lsaca-nigeria.org/company/online_billing/billing/sec/file/On8nXkPknBuFTv0vVnPwW2ro/
211. http://lun.otrweb.ru/organization/account/sec/view/1A81e7zIVINlNCMBLu54y/
212. http://luxeradiator.com/company/account/secur/list/NLkjEPZryNW2VxI/
213. http://marinavinhomes.vn/company/accounts/thrust/list/Whw5cheiwqbyMVoPieiaH/
214. http://matongcaocap.vn/De/CXERFI6111988/Rechnung/DETAILS/
215. http://mersin-organizasyon.com/secure/online/open/file/9PaxbsJqGhA1NtAA9AB3TcYvjjN/
216. http://miennamoto.com/de_DE/URYEJS7618765/Rechnungs/RECHNUNG/
217. http://mrm.lt/De_de/YLOAYY5488013/Rechnung/Rechnungszahlung/
218. http://mrm.lt/organization/account/open/view/tXZ4wRdBRDn7cFYjScnoaDsi34Z1/
219. http://muonneohanhtrinh.muongthanh.com/company/online/secur/list/WCwlf7WvvlrfBqvI0iH4BY0PnCZp/
220. http://mustbihar.in/secure/online_billing/billing/sec/read/Dd5knyRfXShP5PK5lz1ig2G/
221. http://naturescapescostabrava.com/Februar2019/KKEGZAZ2920787/DE_de/FORM/
222. http://navigatorpojizni.ru/organization/online_billing/billing/sec/list/4z8XhZAO6ytWCsdrYcC/
223. http://nesbit.xyz/UMCQKYINZI9113913/Rechnungs/FORM/
224. http://newsmediainvestigasi.com/DE_de/MAXFHCKAR7348726/Rech/DETAILS/
225. http://nonton.myvidio.site/DE/KZYJVKAKK9205612/Rechnungskorrektur/Zahlungserinnerung/
226. http://noscan.us/company/business/thrust/list/Sj7uEchUEiPJdolOEU/
227. http://omidsalamat.ir/news1/DE/IECQEBD9453814/de/RECH/
228. http://onenesschina.net/secure/accounts/sec/read/OlPIJsgZ21eDp17b/
229. http://onisadieta.ru/company/account/secur/view/lSeqiIU8xUbRMp5gCwg0ljx6wq/
230. http://otlm.pharmso.ru/Februar2019/EJGMRFJS8962743/Rech/Zahlung/
231. http://palmer-llc.kz/secure/account/secur/view/EXtilFk5tmb5wPNnV/
232. http://patient7.com/secure/accounts/open/view/oa3ZgdPGtrJFpHPhRKJMR8X48pVT/
233. http://peru2011.cba.pl/secure/account/thrust/list/l0LGgKVwXaSvMDcuXrFKo3ib/
234. http://pmvc.pt/secure/business/secur/read/7rK5jo1fduP2t0uwUsg/
235. http://powervalves.com.ar/DE_de/NCJZTR3766628/Rechnungs/RECH/
236. http://print.abcreative.com/DE_de/PHSJEQZOCL0899069/Bestellungen/DOC/
237. http://proffessia.ru/de_DE/KESXLI6319185/Rechnungs-Details/Zahlungserinnerung/
238. http://pronews.vn/company/accounts/open/list/rw2DI8dd1FwQ3GUv0UMb/
239. http://protecaoportal.com.br/secure/online_billing/billing/sec/list/tVaHgKyB5hoq5S9/
240. http://quoteshub.in/secure.myacc.docs.net/
241. http://romantis.penghasilan.website/organization/business/secur/view/8driChEn8bOs5y5zz2/
242. http://rupbasanbandung.com/trust.accounts.docs.biz/
243. http://sanajob.ir/organization/business/thrust/view/1GVdyD4sUdDUxwwTC4Ek3gvJpOiH/
244. http://satellit-group.ru/company/business/thrust/read/zFWu8wcftNp4oRXcggHhm/
245. http://school6.chernyahovsk.ru/De_de/RFVTKTI2685196/Scan/Zahlung/
246. http://sealonbd.com/De/XOTJGYZH3053108/Rechnungskorrektur/Zahlungserinnerung/
247. http://sem-ingegneria.com/company/account/thrust/view/oin57gS8YhBkbyU2Bla/
248. http://shentiya.com/Organization/Accounts/secur/read/rip7YQ1YI3LFL08dDRZZG0AcEEk/
249. http://simawa.stikessarimulia.ac.id/company/accounts/sec/read/ewupS6Vz0jPn6gl7B/
250. http://smeshniyeceni.ru/Company/Account/secur/read/lnysvLJzfoIOcOXL5dvqLMe1/
251. http://spb0969.ru/secure/account/secur/read/vpyyqAH0Rwy0WTyc6/
252. http://spbllc.yelpix.work/company/accounts/secur/read/M6Gm5Wvt0bWGiAbJSL7Vz2bHRT9R/
253. http://stage.abichama.bm.vinil.co/wp-content/uploads/secure/online_billing/billing/thrust/list/Y4Gv905SwY8v4NtKjIM8/
254. http://stickweld.cl/organization/online/thrust/file/ClTtOdLLllxMRpzvAbyK8vwGYPw/
255. http://stihiproigrushki.ru/AURTFK8163337/Bestellungen/DOC/
256. http://sundesigns.xp3.biz/blog/wp-content/secure/online_billing/billing/open/view/TlbZw9RrSLxnZgg0TBhqx/
257. http://tcl-japan.ru/organization/business/thrust/file/X2Xs3s9e0dSv3QbXjfEzz/
258. http://technew24.info/wp-content/Secure/Accounts/sec/view/jD5zSBuTUgzqzFUOk6/
259. http://techviet24.info/wp-content/Company/Online/open/file/AHwDZ9f54HXGJmb8vlv1WTyVUb/
260. http://thaithiennam.vn/De_de/GOWKKAIQ4938925/Bestellungen/Zahlungserinnerung/
261. http://theemergeteam.org/company/online/sec/file/qN2Gsdt8LHVBCnGpsw/
262. http://threemenandamovie.com/secure/business/open/view/6B855GVLki5xY8G6/
263. http://thuyletv.com/organization/account/thrust/file/eYe4XsevaoOU3P8hEjuEZ/
264. http://tmmaf.org/wp-content/company/accounts/sec/file/sNVMhwIUxfxi1EAXPYgGOzc/
265. http://tomiremonty.pl/wp-content/themes/customify/organization/accounts/sec/view/qHTNSFzDjEpL4YYdBY6/
266. http://trandinhtuan.edu.vn/company/online_billing/billing/sec/view/6qPv4nsl7PZMfguYI7Nmkw/
267. http://trandinhtuan.vn/secure/online/sec/file/IiyCkishsUYILCeJS7aOnYMcfk/
268. http://tricountydentalsociety.com/organization/accounts/sec/read/dOSuotyDkWxEgNHZK77UUGb/
269. http://ulrikhtm.ru/DE/MKXOERS0349141/Bestellungen/DOC/
270. http://vastuanalyst.com/company/online_billing/billing/sec/file/6a63plBirzitOOFkbu/
271. http://vcpesaas.com/secure/business/open/read/6eJW2YLNjOS64gujbzYd/
272. http://venta72.ru/SGRKGTJD9577207/Rechnungskorrektur/RECH/
273. http://voz2018.com.br/wp-content/uploads/organization/business/sec/read/KiBIJG9ooUrNrBPahGcuzEoY2Ss/
274. http://webnuskin.com/company/online_billing/billing/sec/list/ktDvIMUewAl2QdY/
275. http://weiweinote.com/LTBKFA0017321/DE/DOC/
276. http://www.51-iblog.com/wp-content/uploads/secure/accounts/sec/view/6mZFjl9C3pqp3RAeNStjBLNQtFC/
277. http://www.annual.fph.tu.ac.th/wp-content/uploads/De/ILFUWJCY5333684/Rechnungs-Details/Zahlung/
278. http://www.armand-productions.com/company/online_billing/billing/secur/list/O8Ts2KN379UgRHCvamwys/
279. http://www.cbmagency.com/organization/online_billing/billing/open/view/7UncFGI41YNsvk9vzCnLfiqqr/
280. http://www.coolpedals.co.uk/secure/accounts/thrust/view/ECSvRvXxwRBrr0yNvqSXQajyU/
281. http://www.ermapictures.com/wp-content/De/IJYEBKWF5648107/Scan/DOC-Dokument/
282. http://www.gapkiandalasforum.com/organization/online_billing/billing/thrust/list/nj46IrJ7fbLLhJ3T/
283. http://www.giochinox.com.br/organization/online/thrust/list/oBPixDnEwaNeCuCR/
284. http://www.javabike.net/company/account/secur/read/a1JAnsbvHhcCLrUk4aEn/
285. http://www.latuagrottaferrata.it/secure/account/open/list/lNuqanRNSK8VV9Ujb7oF5zHl/
286. http://www.pattani.mcu.ac.th/wp-content/uploads/secure/online/thrust/file/LwV24zPKaLQnRHsiI/
287. http://www.posicionamientowebcadiz.es/secure/online_billing/billing/thrust/list/fottmahfLHrDyX6IEoDNcDBapOPn/
288. http://xn--21-dlc6asabnik.xn--p1ai/company/business/sec/view/gKhtseAWVxNfWbTtOczzVHnC6zI/
289. http://xn----7sbb4abj9beddh.xn--p1ai/QWSBMD0109629/Dokumente/Fakturierung/
290. http://xn----7sbbdfeovrgh2b6al.xn--p1ai/organization/business/open/view/l4RvYgM1pcGB2UU/
291. http://xn----7sbhaobqpf0albbckrilel.xn--p1ai/De/RQGZYSL9880814/Rechnungs-docs/RECHNUNG/
292. http://xn--b3cfud2a8bbhes3dcy9ig0ce4k2g.com/organization/online/secur/file/LzgeP9wCmxgkGPRpfpnyj/
293. http://yduoclongan.info/secure/account/secur/list/eKSp9f7jyQhjQmyFtZufUBwAu/
294. http://yeniportakalcicegi.com/company/business/open/file/jkmMXG840vF21a1P/
295. http://yushifandb.co.th/company/online/sec/view/agJzJZZM4QIg1DknBpKfGEnJvcPF/
296. http://yushifandb.co.th/De_de/TMJSLPUHS2572234/Rechnung/RECH/
297. http://zolotoykluch69.ru/WTWXML8536793/Bestellungen/Rechnungsanschrift/
298. http://zprb.ru/organization/accounts/sec/read/vmMtuX8KM9rw9CUO3Y9xDO5VL8/
299. https://agilife.pl/Februar2019/OTFLSOJ5769126/Rechnungskorrektur/Rechnungsanschrift/
300. https://carolechabrand.it/De/SQJJQXZ6176899/Rechnungs-Details/Zahlung/
301. https://forum.reshalka.com/verif.accounts.docs.net/
302. https://lun.otrweb.ru/organization/account/sec/view/1A81e7zIVINlNCMBLu54y/
303. https://www.cashcow.ai/getMitraApp/Organization/Accounts/open/list/d5wDMtzOMTudYLOG/
304.  
305.  
306. ```
307. #### Epoch 2 Document/Downloader links seen for 02/20/19 ####
308. ```
309.  
310. http://103.11.22.51/wp-content/uploads/EN_en/info/Invoice_Notice/KgpkN-KH_jUtzCA-HiC/
311. http://104.155.134.95/En/WwovG-58A_KSOQHnUxj-QMq/
312. http://104.198.73.104/corporation/Invoice_Notice/UyKVp-c9d_fFOAmV-Z5/
313. http://118.25.176.38/New_invoice/6899245/Ptdeu-frCPH_trcwBO-QwZ/
314. http://128.199.172.4/de_DE/JUZVXAOSFC7139869/Dokumente/DOC/
315. http://128.199.172.4/DE_de/SBWMHZD3362582/DE/RECHNUNG/
316. http://13.127.154.242/US_us/doc/dnXyq-sF_uandwfXN-HR/
317. http://13.209.88.110/wordpress/En/document/Invoice/XUjZ-Jh9_AY-FN/
318. http://13.229.153.169/doc/Invoice_Notice/IHqZ-6Dy_QU-0W/
319. http://13.231.169.127/US_us/scan/75269047/gVeJK-XXGbK_yJhvpqB-r44/
320. http://13.231.226.136/EN_en/doc/78637475607/UfaU-O7_nL-zuE/
321. http://13.232.226.208/corporation/New_invoice/gzFB-Gxkj_hHxE-uP/
322. http://13.233.173.191/wp-content/DE/GXZYHHJHF4115902/DE/DETAILS/
323. http://13.233.31.203/llc/Invoice/OvZN-kyyq_JV-bB/
324. http://13.250.191.134/En_us/document/Copy_Invoice/iABJE-qVg_ANOiAUOi-SCy/
325. http://13.251.184.56/corporation/Copy_Invoice/hQDNa-re_NgrM-mXb/
326. http://13.57.175.119/document/228535969033/fffeM-DMo_uaDUk-rS/
327. http://13.57.29.183/doc/Invoice_number/nNovH-2li_FlkxCNrjt-8e/
328. http://13.58.149.51/wp-content/US/llc/gOGuD-dW_WT-1I/
329. http://13.58.150.48/info/New_invoice/78057217891820/KZiM-CDa9_e-XEx/
330. http://13.58.169.48/__MACOSX/US_us/file/Copy_Invoice/PNyD-QDEDv_oBIkdge-3g/
331. http://13.59.241.74/EN_en/corporation/Invoice_number/gYVIw-8MsrS_JhWSAGqXg-dM/
332. http://139.59.130.73/De/MOKFDLDK6166341/gescanntes-Dokument/RECHNUNG/
333. http://139.59.182.250/DE_de/YEMZQWL7122420/DE_de/DETAILS/
334. http://139.59.64.173/US_us/scan/Invoice/FLUxi-tOKFC_fKTRi-FwZ/
335. http://159.203.101.9/XGUSNYM6927233/Rechnungs-Details/RECH/
336. http://159.65.142.218/wp-admin/De_de/LBYFVB4427436/Bestellungen/DOC-Dokument/
337. http://159.65.146.232/de_DE/XQHLYZB9953698/Rechnungs/RECH/
338. http://159.65.147.40/ARLPXQNOQI2008400/Scan/RECH/
339. http://159.65.83.246/Februar2019/AENRLSUE0288658/Rechnungskorrektur/DOC-Dokument/
340. http://159.89.167.92/de_DE/HHBWOJ1262645/Scan/FORM/
341. http://160.16.198.220/De/AQUUZPMII3442933/Rechnungs/Fakturierung/
342. http://178.236.210.22/De_de/DYLNWFHXW8366104/Rechnungs-Details/Hilfestellung/
343. http://18.130.198.164/En_us/info/grrW-nn_oOOSf-90/
344. http://18.136.103.27/EN_en/download/MwCAn-EsmkO_LxlaPO-tQF/
345. http://18.179.213.128/wp_sat/wp-content/En_us/company/Copy_Invoice/WcoO-OM_nzCOJYNM-zW/
346. http://18.184.158.108/xerox/aXJh-1ai_j-KSK/
347. http://18.207.246.88/EN_en/info/Invoice_Notice/84824778/kONax-v9s_wJjef-gA/
348. http://18.209.86.90/US/Copy_Invoice/cRGX-88IQs_tLmuKGeRs-3Y/
349. http://18.215.39.47/VWJJCACZWQ3540752/Rechnungs-Details/Fakturierung/
350. http://193.77.216.20/De_de/EKXNHOUOB9032443/Rechnungs/RECHNUNG/
351. http://198.136.63.27/Threads/wp-content/uploads/EN_en/xerox/Invoice_Notice/kOuJg-G05ZA_UErbzw-ZBP/
352. http://1lorawicz.pl/plan/DE/IGICREHGO8589279/Rechnung/DETAILS/
353. http://204.48.21.209/DE_de/AYWMUWRYA8677459/Dokumente/DOC/
354. http://206.189.154.46/De_de/IOYGXFOS4586915/Rechnungs-Details/RECHNUNG/
355. http://206.189.189.239/Invoice_Notice/NFLRt-xz_n-8a/
356. http://28kdigital.com/wp-content/En/file/HcbvI-q8_BI-CNw/
357. http://3.122.143.225/Invoice/RojyQ-leD_eTPpIjiJe-xYK/
358. http://3.16.25.162/document/New_invoice/04648757567/UYHnN-sD_AvPTJUgG-wV8/
359. http://3.16.30.213/En/download/Invoice_number/cyNX-tRv_hpzT-Gp/
360. http://3.17.143.166/US/scan/Inv/JiWqX-CjVV_h-BmB/
361. http://3.8.39.112/US/company/rjyBX-8Y_JgxuBZ-gbP/
362. http://3.8.8.24/wp-content/uploads/EN_en/info/Copy_Invoice/02453766/uLqom-BmP8_pwQJBRrPu-LHz/
363. http://3.92.174.100/De/MCEYAR6293515/Rechnungs-docs/Rechnungszahlung/
364. http://34.235.143.17/DE_de/ISKZAIR8117910/Bestellungen/Rechnungsanschrift/
365. http://35.190.186.53/DE_de/YSIVAMT2243026/gescanntes-Dokument/FORM/
366. http://35.204.88.6/De/CYGXBSEJ4369423/de/DETAILS/
367. http://35.225.141.54/de_DE/KKAFOV6048310/Rechnungs-Details/Rechnungszahlung/
368. http://35.225.4.108/US_us/download/Copy_Invoice/RRQT-HAmyC_FsKQXkSI-Nw7/
369. http://35.233.127.71/document/Invoice_number/255781038464/HUja-89kU_lVwiwlMdw-6R/
370. http://35.247.37.148/GCCNTMVXUV9631051/GER/Zahlung/
371. http://52.203.11.219/llc/Invoice_number/jNZn-HW_a-1sw/
372. http://54.250.159.171/DE/IZAXDEQEJ0217606/Rechnungs-docs/DOC-Dokument/
373. http://66.55.80.140/US/document/8646081883974/Auds-RZcqu_hChQDwKaA-sjD/
374. http://8.29.139.221/llc/New_invoice/JJeFF-1u_GjlYOVJKW-5Eg/
375. http://82.253.156.136/wordpress/Februar2019/RXZOTII4866226/GER/Rechnungszahlung/
376. http://acdhon.com/DE/XEJQLUEERE0488131/DE/Zahlung/
377. http://achauseed.com/En_us/492834478594/MFGXV-7sd_t-fxs/
378. http://acmemetal.com.hk/En/llc/Invoice_number/6993952/bBWI-yT7_UrAeDYI-dXs/
379. http://aghigh.yazdvip.ir/Februar2019/JOPLIPVY9456492/Bestellungen/DOC-Dokument/
380. http://agilife.pl/En_us/Inv/ZcdZ-F81E_AiSEQrVi-dv/
381. http://alabarderomadrid.es/Februar2019/NSWKHW6075602/gescanntes-Dokument/FORM/
382. http://alainghazal.com/Februar2019/PYORQFTPOS2153499/Rechnung/RECHNUNG/
383. http://allens.youcheckit.ca/US/llc/Invoice_Notice/Bhaz-1LPbd_aqlUAKe-bCY/
384. http://allstarsareshiningdreams.com/DE_de/SABIFZJ2282539/Rechnung/Fakturierung/
385. http://andrees.com.es/En/scan/ovPr-tq_hRZaIcP-At/
386. http://aqualand-chalets.com/info/Copy_Invoice/SKGQF-c0jS_WqICNh-hOX/
387. http://auligo.com/Februar2019/XGYKJVWM1424930/Dokumente/Hilfestellung/
388. http://barabooseniorhigh.com/DE_de/LUECCPG5866963/Rechnungskorrektur/Hilfestellung/
389. http://barabooseniorhigh.com/EN_en/Invoice_Notice/wrEW-a7sDO_ltcEVxb-xz/
390. http://bazee365.com/DE_de/XZRPNMWK6827724/Rechnungs/RECHNUNG/
391. http://bezambici.com/US_us/xerox/MlHcP-hCn_DRtk-zn/
392. http://bkm-adwokaci.pl/res/EN_en/llc/New_invoice/Yypxo-mu_wq-ubK/
393. http://bluesw2014.synology.me/@eaDir/Februar2019/KGBHAQ3523488/Rechnung/DETAILS/
394. http://bonex.it/En_us/file/Invoice/xMafx-l3q_XvQGG-FqA/
395. http://brisson-taxidermiste.fr/XCCFSRQ9473513/gescanntes-Dokument/RECHNUNG/
396. http://buonbantenmien.com/3/JWRWSGF6549672/Scan/RECH/
397. http://buonbantenmien.com/DE/OMYWJIITPX2609624/Rechnungskorrektur/Rechnungszahlung/
398. http://captipic.com/Invoice_number/zDyWf-TXK_hMsKz-sd/
399. http://carolechabrand.it/de_DE/GSEPXGJ2403092/Rechnungs-Details/DOC/
400. http://caroulepourtoit.com/DE_de/VPFVDNJKXE1252294/gescanntes-Dokument/Fakturierung/
401. http://cash-lovers.com/Februar2019/VUHECD3698305/Dokumente/Rechnungsanschrift/
402. http://cbmagency.com/de_DE/QBSGHSS9028403/Rechnung/DETAILS/
403. http://chenhaitian.com/EN_en/llc/Invoice_Notice/BlCU-S3_MSDKDpUQ-qq/
404. http://cild.edu.vn/De/KHJTVCIZWI8168573/GER/RECH/
405. http://cityofpossibilities.org/US/Invoice_Notice/KrvpZ-IJ_YozYPjRiI-DpX/
406. http://classina.tokyo/De_de/TCQCXX4611584/Rech/Hilfestellung/
407. http://construccionesrm.com.ar/EN_en/frIUN-DtIK_REx-xbW/
408. http://crestailiaca.com/DE_de/MDWNLCGEB2511352/de/Rechnungsanschrift/
409. http://csvina.vn/DE_de/UTPBGOOVCR8220419/Scan/Rechnungsanschrift/
410. http://cygnus.su/Februar2019/RYHZBJIY6105374/GER/Hilfestellung/
411. http://dafia.org/dafia/wp-content/uploads/document/Invoice_Notice/zDzek-TW_Awh-X9E/
412. http://dctrcdd.davaocity.gov.ph/wp-content/DE/TUTPXZSGXW4275167/Rechnungs-Details/RECH/
413. http://dekorant.com.tr/EN_en/doc/Inv/ELmY-DUrCU_vsdR-JaN/
414. http://demeidenchocolaensnoep.nl/En/doc/WRfS-GIVg_mJNyemHnP-pHY/
415. http://demo.liuzhixiong.top/US/lfjP-5nJfJ_JVLGfa-tXM/
416. http://dentistaoliveriblog.it/DE/VNXRWGZMYW4277681/Scan/Fakturierung/
417. http://dentistmomma.com/US/scan/Copy_Invoice/polmH-Jhr3A_TgR-EL/
418. http://designenergy24.ru/US/download/Inv/szDXD-YZbW_tYtDRwaeh-b6u/
419. http://detsad-kr.ru/download/6179417/iRlyT-yY_hltAXhs-YK/
420. http://dev.familyhospital.vn/Februar2019/EOLESPTW4462255/Rechnungs-Details/Rechnungsanschrift/
421. http://dev.style-cost.com.ua/wp-content/cache/Februar2019/CUSHDNM6671014/Rechnung/Fakturierung/
422. http://dichvuit.tk/corporation/Invoice/vCQN-O8_y-6r3/
423. http://dockrover.com/Februar2019/VTHDYM7453619/Rechnungs-Details/Rechnungsanschrift/
424. http://dotactive.com.au/De/PVEHTFMKI1177003/Bestellungen/DETAILS/
425. http://drberrinkarakuy.com/DE_de/BRWXXXMWP1424162/Dokumente/Hilfestellung/
426. http://drivespa.ru/company/Copy_Invoice/iwyyt-sH_ZhfN-Csv/
427. http://ducasco.gr/En_us/Copy_Invoice/VcjdI-Ua_ch-GTB/
428. http://dverliga.ru/US_us/scan/Inv/477272093/BPStw-BEF_vR-xR5/
429. http://ecuadorminingnews.com/KIBYUYVH2385409/Rechnungs-Details/Zahlungserinnerung/
430. http://edsonramalho.com.br/Februar2019/XMQIJHBMA8466731/gescanntes-Dokument/FORM/
431. http://ellsworth.diagency.co.uk/EN_en/Invoice_number/YrsRY-WOhx_snonDYSS-oUq/
432. http://emergencyacrepair.org/de_DE/ABNJJMBLE8860780/Rechnung/Fakturierung/
433. http://emregunaydin.com.tr/US/file/Invoice/CoxEu-SQRFC_sfFjt-sV/
434. http://en.sun-sen.com/wp-content/fhkO-dzTk_UGZuZ-Cg/
435. http://energy63.ru/llc/PYMn-4tz_muL-R1/
436. http://enviedepices.fr/de_DE/BXATPZW0542549/Rechnungs/FORM/
437. http://ewan-eg.com/En/680066718286/OsXQU-yv_dcDiKyrBx-Ro8/
438. http://ex-bestgroup.com/scan/mefN-KJ_mKBshDXz-RV/
439. http://expertsufa.ru/EN_en/doc/TLpO-5e2w_EkqwmH-Nuc/
440. http://eyestopper.ru/doc/HLCe-m0CB1_bot-2b/
441. http://fantasyforeigner.com/corporation/Invoice_Notice/vwhUM-SX_c-1P7/
442. http://farmsys.in/US/xerox/Invoice_Notice/WNUat-PQ_SaPVP-Txz/
443. http://fashion-world.ga/download/JTpY-UArPK_ZLtP-srr/
444. http://fatinyaroma.com/En_us/Invoice_Notice/3513663040254/FoOI-ywZm_heDaedACD-ML/
445. http://fb.saltermitchell.com/Februar2019/FVSCUWBHMY3334648/Bestellungen/FORM/
446. http://fenichka.ru/En_us/info/Invoice/FvMz-1fS_y-e0/
447. http://fhdesigen.com/De/INZIJY8575423/Rechnungs/DETAILS/
448. http://fivestarsalonbd.com/De/SKKLLSSSLN3271926/de/Hilfestellung/
449. http://fonopar.com.br/wp-admin/ZGqL-Oa_DxSunp-2qG/
450. http://frisurideenneue.club/DE_de/AMHPTRILK2331220/DE/Rechnungszahlung/
451. http://further.tv/download/hDJwz-09_ZUUeTiI-NIC/
452. http://galinakulesh.ru/EN_en/file/Invoice_number/1516686/Ungd-FKpi_MgV-vom/
453. http://gbconnection.vn/7kgp8jqp7M5_SiF/En_us/Inv/CGPk-cNXp4_Ir-1KO/
454. http://ghazalconcert.com/scan/Invoice_number/OzATE-luN5H_MTykzmSt-32/
455. http://ghidmamaia.ro/EN_en/xerox/Copy_Invoice/VqXno-4hVh_IW-wuB/
456. http://giancarloraso.com/En_us/ETVc-RuzBL_ar-1Ze/
457. http://glenndarnell.com/Februar2019/EJFKYYYPH3381456/Scan/Fakturierung/
458. http://grani-uspeha.ru/Februar2019/IKLPVQDX3736928/gescanntes-Dokument/Zahlung/
459. http://groundswellfilms.org/DE/IRWIOMG1185760/Rechnungskorrektur/DETAILS/
460. http://groundswellfilms.org/DE_de/MTBVKYPIBS2189566/Dokumente/RECHNUNG/
461. http://gvmadvogados.com.br/US/corporation/Inv/TAyZj-6v13c_icdziU-0kT/
462. http://halotravel.org/EN_en/xerox/399528119/ZPRnc-Es42_lNAbkDMp-L9P/
463. http://hangkhogiavi.com/EN_en/New_invoice/Ejox-dhwi_fNdTnoA-k4y/
464. http://hashtagvietnam.com/En/company/Copy_Invoice/43657578281/njAr-PNXG_sX-Jr/
465. http://haunnhyundaibacninh.com/DE_de/SBUOGDTO9022293/gescanntes-Dokument/RECH/
466. http://haustechnology.com.br/xerox/Invoice_number/fPXLC-09_gzNxGZ-Nf/
467. http://healthyenergydaily.party/EN_en/Invoice_number/urMCd-87Vby_dwYESii-II/
468. http://helpdesk.lesitedemamsp.fr/DE_de/PCYRNUCW3882267/de/Rechnungszahlung/
469. http://helpdesk.lesitedemamsp.fr/de_DE/WQBBQPHN1301557/Rechnung/DOC/
470. http://hoanganhvunguyen.com/US/Invoice_number/wXbDp-6J4o_Xa-XY/
471. http://hongcheng.org.hk/US/download/MEHB-Juibl_ygk-sz/
472. http://huongnghiep.ictu.edu.vn/doc/Invoice_number/pbwEC-5XI2y_TqASK-lsY/
473. http://huyushop.com/doc/Invoice/ppQlC-1hzuX_OXIpKCI-gJi/
474. http://icpnt.org/wp-content/uploads/DE/JZFQRDEM8153455/Scan/Zahlungserinnerung/
475. http://ihatehimsomuch.com/de_DE/HIHGFYCBMO1373082/Rechnung/RECHNUNG/
476. http://initiative-hpc-pme.org/EN_en/corporation/UCsUv-PUO_UHh-XZA/
477. http://iqhomeyapi.com/Februar2019/VDENGPAAT6768906/DE_de/Zahlung/
478. http://istratrans.ru/corporation/Invoice_number/351917407428730/FizH-5Bnoj_RdcpQHiVU-AOF/
479. http://istratrans.ru/De_de/NLYWTFWPQI5623799/DE_de/RECH/
480. http://iventurecard.co.uk/EN_en/corporation/Copy_Invoice/Scfbx-olSD4_ZWOix-y7E/
481. http://karkw.org/de_DE/QMICAF5230385/Dokumente/Rechnungsanschrift/
482. http://karkw.org/Invoice_Notice/09096076783983/hjDvn-6ptt_qCEx-2gr/
483. http://keytosupply.ru/De/IOGOQFP5881476/DE/RECH/
484. http://knapsacks.info/file/Invoice/woKI-cv2_KyFtjOFAK-Z9/
485. http://komandor.by/DE/FURWQHD9760345/DE_de/FORM/
486. http://kostrzewapr.pl/css/de_DE/TDXIKZH6760304/Rechnungskorrektur/Rechnungsanschrift/
487. http://koszulenawymiar.pl/En/company/NhGY-fGQpc_BZmSyQiOp-cC/
488. http://kriziachiesa.it/US/xerox/Invoice_number/08345135522/AtyIj-hORf_AWcEv-85/
489. http://kubud.pl/de_DE/XHZZIRIBL4571056/Rechnungs/RECH/
490. http://kultur-im-oberland.de/En_us/corporation/yzoO-9Ro_VKDKQY-ts/
491. http://kursiuklinika.lt/language/US_us/download/rwkFB-XM_vUjnFSn-LB0/
492. http://kussow.net/EN_en/download/KNxl-RkpX_Xsa-vC/
493. http://kymviet.vn/US_us/xerox/Invoice_Notice/xgAU-VAPeY_XWS-Kxi/
494. http://kynangthuyettrinh.edu.vn/de_DE/FGLBXCAG9942671/Rechnung/FORM/
495. http://labterpadu.ulm.ac.id/Invoice/592658297670775/hNXOG-POtZR_sGhNuen-i5/
496. http://laresperanca.com/En_us/xerox/Inv/OFOcG-hh_HuJZ-nH/
497. http://laylalanemusic.com/Februar2019/HYBBPW0603269/Scan/Fakturierung/
498. http://ldiprojects.com/En_us/Invoice/ohsJ-UICyu_zScMJeLP-kHq/
499. http://lehavregenealogie2017.fr/En/3018543/fgXQ-Dd0g_bltnrtgNJ-vHT/
500. http://letrassoltas.pt/download/Invoice_number/rGCOx-tO51_spRlsIR-c3/
501. http://library.uib.ac.id/En/Invoice/985592504/QyKt-sC_NXzHM-eAJ/
502. http://mantoerika.yazdvip.ir/xerox/Copy_Invoice/BLvZd-boDwE_vmYCwE-kP8/
503. http://marasopel.com/administrator/US_us/download/New_invoice/oaQy-9p_tcrMIFe-7M/
504. http://marisel.com.ua/US_us/download/Inv/qmLdJ-gqYcX_ARWRNC-vYk/
505. http://matongcaocap.vn/FUFGICJN7853536/DE_de/DETAILS/
506. http://mehmoodtrust.com/US/llc/Copy_Invoice/dLWS-i9_apV-GM1/
507. http://mhills.fr/En_us/llc/Invoice/kSnU-Mid_bQPY-OW/
508. http://mir-perevozok.com.ua/company/Inv/JdaNK-E0IW_urnLFmwhE-uB/
509. http://missionautosalesinc.com/document/Invoice_number/3251088/OGod-ayjn_KZvovLhU-0F1/
510. http://mohinhgohandmadedtoys.com/BPXDIHONR6937382/DE/Zahlung/
511. http://moldremoval.site/download/ghvs-Yf_iskPeJF-PBi/
512. http://mos-advokat.msk.ru/US_us/Invoice/dLAYy-8d8Ja_LL-uXQ/
513. http://motor-service.by/EN_en/corporation/Invoice_Notice/eWtGq-x0HMC_LTSiGjpK-JUv/
514. http://mtrans-rf.net/KJUEWAWWU8301868/DE_de/RECHNUNG/
515. http://multishop.ga/MQMWGGO6503348/Rechnungs-Details/DOC-Dokument/
516. http://noithatchungcudep.info/wp-content/doc/hpyFR-gY_NQ-xv/
517. http://noithatshop.vn/Copy_Invoice/HpqFe-fT_poRQRHyZP-DRM/
518. http://okna-csm.ru/corporation/wBZEO-O5_kYPva-fGY/
519. http://old.braylland.com/En_us/Invoice_number/6362231/kNsz-AxStI_NTYZYqEYB-Sq5/
520. http://pby.com.tr/EN_en/file/1447413675216/oRRFB-Q7f_Q-BQJ/
521. http://phamthudesigner.com/US_us/doc/Copy_Invoice/wNHb-YzG_YbSbGu-Zj/
522. http://posicionamientowebcadiz.es/En_us/Copy_Invoice/XOQbI-OGKB_aIx-2JJ/
523. http://pravprihod.ru/US_us/corporation/New_invoice/AldCH-P7_Nyq-MO/
524. http://prostranstvorosta.ru/De_de/SECTBU5779123/Rechnungs-docs/DOC-Dokument/
525. http://prostranstvorosta.ru/download/Invoice_Notice/6009410/hbCL-rjeU_gFGH-COO/
526. http://restaurantejorgedopeixe.com/info/IUwk-QofN_pVBP-Nr/
527. http://rewitek.nl/De/RGMMICHDXI5739335/DE_de/Rechnungsanschrift/
528. http://rohrreinigung-klosterneuburg.at/UQHCGSRR9409584/Rechnungs-Details/Hilfestellung/
529. http://romanvolk.ru/En/company/tXZVB-TroJw_CsryMdsJ-DVZ/
530. http://saigonthinhvuong.net/download/Invoice_number/sSzf-pQWm_qV-KMT/
531. http://salahealthy.ir/file/Invoice_Notice/DDKGV-C0_Hfa-8EG/
532. http://sgl.kz/EN_en/info/New_invoice/XIkh-Qcrt_NkKIbOBV-Cp/
533. http://shovot27-m.uz/US/scan/New_invoice/bGmAK-rbvfu_gTdafih-soY/
534. http://sieure.asia/AT_T_Online/US/llc/pjil-jeGv_tjPGFx-jx/
535. http://soyuzhandpan.com/EN_en/scan/Invoice_number/IEwUe-RsKy3_IfBO-lG/
536. http://stemcoderacademy.com/EN_en/download/kXWd-xPDT7_mLWr-g1V/
537. http://sts-hk.com/edjf-jUsEj_le-FD/
538. http://sweethusky.com/De/QOEYOC7374386/Rechnungs/DOC/
539. http://talk-academy.vn/En/Invoice_Notice/ygaB-bQF3_BLMQjp-2S/
540. http://techboy.vn/En_us/Copy_Invoice/LUFS-yg_dbUUibF-Je1/
541. http://test.bhavishyagyan.com/Februar2019/UQYWSZY0506729/Rech/DOC-Dokument/
542. http://thammydiemquynh.com/DE/SRVVFCTS3984940/Rechnungs-Details/Zahlung/
543. http://thinhphatstore.com/xerox/KjsEB-f4T_uTWKfAO-Zr/
544. http://tischer.ro/En_us/company/Invoice_Notice/fqNB-r9n_XkDb-Z8/
545. http://tisoft.vn/public/US/Inv/IORP-mY_ZeuMiOMxN-QL/
546. http://tolstyakitut.ru/En_us/corporation/HWnKG-HU3L_qyyex-aB/
547. http://toprecipe.co.uk/EN_en/aBzBO-kkSQ_kBUc-Iqp/
548. http://tradecomunicaciones.com/TDRGDYBFST6641425/Rechnung/Zahlung/
549. http://tranhoangvn.com/wp-includes/js/tinymce/US_us/scan/New_invoice/nxFT-3JFRz_EBuGYa-jj/
550. http://trialgrouparquitectos.com/wp-content/uploads/Invoice_number/CNqU-501_BvSKJ-n3c/
551. http://ulco.tv/US/document/YhrA-tCKR8_jfPi-DMh/
552. http://vaws.nl/US/346743887801/VNQR-V3N3Z_y-6G5/
553. http://venta72.ru/En/document/New_invoice/955679680/SaSBw-7bAE_QDpiP-OgV/
554. http://vienquanly.edu.vn/DE/FXJNZLWKVN4867450/Bestellungen/Zahlung/
555. http://viticomvietnam.com/file/KznQ-08qJw_LhSfktv-MH/
556. http://webnuskin.com/de_DE/LVUAKDIXT4378740/Rechnungskorrektur/Zahlung/
557. http://weiweinote.com/En_us/llc/UqauL-EI_v-gz/
558. http://weresolve.ca/de_DE/QPTCOWC0822892/Rechnung/RECH/
559. http://weresolve.ca/file/Invoice/vKVR-lro_frym-X62/
560. http://wordpress-219768-716732.cloudwaysapps.com/DE/JVLSBULU8619030/Scan/FORM/
561. http://wp.berbahku.id.or.id/EN_en/doc/Invoice_number/uTNRo-EjIQ_zZMriw-1H/
562. http://wpdemo.wctravel.com.au/En/file/wJZbG-k2I_Cw-am/
563. http://wpdemo.wctravel.com.au/En/file/wJZbG-k2I_Cw-am\/
564. http://www.aerdtc.gov.mm/wp-content/uploads/En_us/scan/Inv/QPkH-xYMz0_rf-gU/
565. http://www.birminghampcc.com/scan/Invoice/BEaz-hnqXV_wU-9t/
566. http://www.drberrinkarakuy.com/DE_de/BRWXXXMWP1424162/Dokumente/Hilfestellung/
567. http://www.glamox.pl/De/ZJKHUYHY6386616/Rechnungs-Details/Zahlungserinnerung/
568. http://www.instagramboosting.com/document/cgiV-pY2_siSBYe-UW/
569. http://www.lizmoneyweb.com/US_us/file/Invoice_Notice/zziF-EX_qIgTmX-zK/
570. http://www.mhills.fr/En_us/llc/Invoice/kSnU-Mid_bQPY-OW/
571. http://www.play4fitness.co.uk/US_us/corporation/Copy_Invoice/ECCp-M72g_lIUDwz-Y1H/
572. http://www.porteous.ch/llc/Invoice_number/pyVl-y6_Z-kJ/
573. http://www.sweethusky.com/De/QOEYOC7374386/Rechnungs/DOC/
574. http://www.topreach.com.br/En_us/document/Copy_Invoice/udylZ-kaWO_uHAlfUBM-KN/
575. http://www.verykool.net/vk_wp/wp-includes/de_DE/FBNUBDLC0797768/Rechnungs-Details/Rechnungszahlung/
576. http://xn--116-eddot8cge.xn--p1ai/Invoice_Notice/YOah-tWq_jHcimfLi-iCK/
577. http://xn----7sbbdfeovrgh2b6al.xn--p1ai/De/WOWWYTKJYI3771730/Rech/RECHNUNG/
578. http://xn----7sbhaobqpf0albbckrilel.xn--p1ai/download/Invoice_Notice/656470013/FpUho-FHHWV_ErrbLqos-Ur/
579. http://yduoclaocai.info/US/download/Invoice_number/SoDgn-ky_uHWnL-z6X/
580. http://yduocsonla.info/En_us/Invoice_Notice/XHvns-XgHwE_uva-co/
581. http://yduocthanhoa.info/En/Invoice/PhhUW-q93_PwlmSH-o5O/
582. http://yfani.com/US_us/info/New_invoice/wlwS-KQ_IPUBOl-rRT/
583. http://zebra9100.com/De/EDYYJRJ3904167/Rechnung/RECH/
584. https://agilife.pl/En_us/Inv/ZcdZ-F81E_AiSEQrVi-dv/
585. https://captipic.com/Invoice_number/zDyWf-TXK_hMsKz-sd/
586. https://celbelhabiben66.com/US_us/Inv/smKM-XdKw_KmwynzQ-BcC/
587. https://crestailiaca.com/DE_de/MDWNLCGEB2511352/de/Rechnungsanschrift/
588. https://ftp.smartcarpool.co.kr/lf_care/user_picture/download/Tjcvo-DyeDk_bfrd-lw/
589. https://noithatshop.vn/Copy_Invoice/HpqFe-fT_poRQRHyZP-DRM/
590. https://tischer.ro/En_us/company/Invoice_Notice/fqNB-r9n_XkDb-Z8/
591. https://www.verykool.net/vk_wp/wp-includes/de_DE/FBNUBDLC0797768/Rechnungs-Details/Rechnungszahlung/
592.  
593. ```
594. #### Epoch 1 Payloads by Document SHA256 - All Times UTC ####
595. ```
596.  
597. Creation Time 2019-02-20 19:52:00 (DOC Based - ENG - Unzoomed Indigo/White)
598. SHA256:
599. f3e0613f8fff58cec7f7f845d16727720377c243bccf5f5c4c03d33cb6b24de0
600. 7e46fc20ab6b868fc8882baa711a8a13627b6534d007b57d49836fede5980a3a
601. 35bf063e6dd8b8206f4e9addd0d2b414f4af0219eb7be21fb177d9595dbd99e2
602. 8f6bb521278717300a6540dae7aad647849ca1afdb473fc0c8948a6b076e6db0
603. 466526f17bde4e439bd8d58a8699f0bdfdb74a4b432e05c328e831edfc28e3ab
604. c80595119d5f4167df2556e02b2b398b85d68550f6e57ee290cc06b6e43c9338
605. 72e2a2f62db74486dee49185e7d4ff4503d2e57fc6fdb38ca8c0283b102ac16e
606. d7e4a682d070aa64b9e80e538be931a107ae0f09d8fe1f6cdd15399559dacdd4
607. b54971d5b4972bf4b715a6824aa3dfe52c98d786976dd262797e6e1dad3d9cda
608. 6336caf69c312beeb5c0990e869a216d9b5be107b7f95c451e1c4bcadefd27b7
609. 44e4b3b3c3dbad182ca8337408a5328a9e931b82c53c536aaf36eab8b65c8e2c
610. 5f3cc9185d40d87005f8ec69e0c3a6abe9383c472d208da942f9e0b4e519b43b
611. d32e65963524e9358a3a923daf56c6297b37495e3c37c36503765caedb930e2e
612. a60a1a8a7a3bbde83c23a92839052f017f3549e909f64e2fc24d70367418b836
613. 321b254efa18e7ac7ec89ae066e3a7787523e5d8a9b1a0fdc3cf8c3d3d18cfe2
614. 33aca259484d507602eb2ba31a1e82f329c2e22ca47ea42a7e1c2d55ec37d5c5
615. aca0c9da888459f045866e8ad9b945c3ea194f727095673c156e7460a5a6b37b
616. 9fbbd50581f7889d4b7558f23c2beb041884f1d94a448502b8d2fc4bf7195e1a
617. 80a0f8f8f094769f13b070e3cb2ff774c4ee0e19fa3dcf6f520eed6e58b3bbce
618. 4cf2b3c4a505e546eb8f8a2b6798507395ca7d19dc96c3209b09a28a2c17d04f
619. 2c8c6c852a36878b83bad6b36b2f37d6defd31aa2cc56be765203a8b240eaaf9
620. cf044e317b3b2a8e39d738da75adfc28f0fd0fffb3ebf5ac4ce21763e7c28f05
621. e25d157a32adb2e424cfd00d6377821fc78af48904d0fcd1aa7bd77593bcc495
622. 11e37fea71e99b05d6635f11db4e1b87bfb37952dc920a8a0e3197b68461968d
623. a7b66e5010cde5cba839634299acd7cc7ccd750864bc6a64dbeff307dceddc79
624. f033dbdf64cc673bb42c279aa5453f5f1685558d1299f824b5751c9b8774d428
625. e4b42a06fdba7617cca99bf5d1c47bcb7369a35c5ba4d7de8aedd7047c7c6734
626. c2a6ed736920ee11a237ef8dd9ff09172664a1a6860da660349b8ae5995f25c8
627. 68a5b66ede664ab79755dc81a9dc1a2ad77af09051cdca4f343b3aa9f5451604
628. 15a950da0a13747c19411db98f2008d357bee36309aec1a59526f03f76c36beb
629. 1bde50567bdceed4b1eb98f395573b723c90894dc32178d4f92c8db7a927ebbf
630.  
631. http://portriverhotel.com/wlaSpzROD/
632. http://developerparrot.com/od58PWJHeK/
633. http://bk-brandstory.mdscreative.com/aEPEdU126g/
634. http://view52.com/xWR3nltYA/
635. http://bvxk.vatphamtamlinh.net/IVcDxFb/
636.  
637. Creation Time 2019-02-20 13:07:00 (DOC Based - ENG - Unzoomed Indigo/White)
638. SHA256:
639. 5d427376d11aa5db6bef73e965a9ed8608fc35ace8c914cbb655477f0e7046b9
640. e3e6cc3618ca34c084f4d45027ed647504f3d935b953065347ba6a1b083164dc
641. 9a7955baa3ffb2c9008ef4ca6e1c102521524f795b061e9447b70974756b5b10
642. 35e77124ac2b372492224e22ec5daed12670071fa8cff13ae3ad05278c73d4ab
643. bf414107d3359b7717427da1372a16aab0c341573e692156184ed2222b714a0e
644. 4c6e0406955eb2d9137d66e00a19f631997d625f81251e2106733f421949bf90
645. e78c7a37e7dc109dd2e2450c1477b3bb416a15f7a8e9a57ad6493141c7d0bf83
646. cf8c5053b962200f94f599fac14692a078f435a7b794f0fe3ea66174ec2bae3e
647. 6bcfd8d4f1a8b8bb85793312cb8bc7c8a9cf918f8f4bf4d67a10bfbc7426dda3
648. f9b9346dbce0f06baec5a6d69741c964f46167f278edf29b4a3a216853ddd06a
649. a5377212061c5e9246e4abc8814e3868b24cd26e604cec6369659f11a1f9ecf7
650. 26a944ce6120c81d10849288edc2b271085b8eb6a2a3e7bbd1e23fcb7c7c5ef5
651. 8143c349718d18715ba3210b6c369f63d197fdfac9c38ca2d37b36004423630f
652. 5d02503e70b8eb53910fb958084195c147b6e8e7c4acb5290d4be8c8aa3892fc
653. 671502770828b5ee907ea3d1783b3d6890ebc9d71ccd5619755907b39a431960
654. b7f9262bb66c033bc879351f7116c715f9ae61f22509efe0412f70fe10601571
655. eaeed2c816d673a906b75220958e7ab50b34f2fdc6f0e7c392a1e2fbed32adfd
656. 5cb12008bd0b94fe7b18465806c28539a2c11d0a891d51748ab84aa137ab7d43
657. 2552e75121ba4c5c9cd7bc9be398b578a8a794bc420b47f9452769e642e2a4a7
658. 58bff5082c2a1bdf4a1e7d7c5b65d71cfc4bca9a8d47e08ae7f2a87ecfd068fc
659. f042ec25aef43a1b9c57039cfbe92e07522acb1a8af993eda4660f149bc0c320
660. 048c57fc430bc49a1e9e18e1f19eaeed6abe23a0699d273577139b99734e5b4e
661. 3cf7c1be90dc2d877afba2e8273a8f8a712d9da94109c7e80abfeb1498ca0f88
662. fd6d3fed5485d19798b1169fdf5e5e5101c8a0042301dd10785d1645230b6062
663. f71878b759b8a933b4dcd08b5fc2f7f331bc3691951115fc0e434ca0cac50403
664. 416ca865f9cb6c94625da7b5e1beb440b3f5ab4433afad6373ff022606bc3e56
665. 98cb68d8f3ca568f23723b459d01eaacca4ecc3f9fa668c5d511f8a32a7842bc
666. 8f3ddf68f4acc9b52954618128ef17bf64041b83737ad37ab907a130b1764cd4
667. c26717fdfa9b05d76aba3055b3a01a56ee3e8805e7f48c51dac0072870c5f462
668. 825863cfa1bea491f0e114aae14840adce8f9be2b965609191e2f62e85a271a7
669. 92aeb3ee641a866609227e2617b20a3be65655f18eeb77ae4006cc7c062630b3
670.  
671. http://128.199.187.124/ibtfjA1/
672. http://104.223.40.40/Sn0vcAys/
673. http://178.62.102.110/arpEV6rChy/
674. http://115.66.127.67/3ioVsDXkX/
675. http://207.154.223.104/1UcvZyZsF/
676.  
677. Creation Time 2019-02-20 10:31:00 (DOC Based - ENG - Unzoomed Indigo/White)
678. SHA256:
679. 8f3d11ee0a6f59a0a86ea7bb4989e22cf4463d729f8aabb931457556aaf87797
680. fc1e48f9cbf5ca9f6bc166c8a1fc12b2370ce6004c7130068cb89ddf13f61a1b
681. 92a7f979fddf9a3f8dcf292fc74cc560af4d435f0289c367ccad8d182f051da8
682. 36806c6de71d8f3236e205305bebf15a8799a25a91c3c19e6643995e34cfc83c
683. 6fa79e3fba0e78bd7f451db16b1ac469781248f84cbdd2e4ee2122dae448d037
684. cd16f53bf3581c2d36f2c29de83ab3279982963e42687ac3e5cc098962e66d7d
685. 107ae87f8c006ee004ab99ea0071b43f1bd618f9cb3d65065cdec6f42a218830
686. d321279da8d480749e6b0c3e9c05ed525c809c9f026cb3ae30b086060178d9b9
687. c6f779b4c94473711d2fbc3ac7f00e098d0a532773bf907a370401b886a9da4d
688. 79d6f989a020c8fa396faa3e72f1aef8902e43191ccc6b42316fc356ca4a4261
689.  
690. http://katleyafloreria.com/n0vpOjlS/
691. http://ingramjapan.com/h9XwHYQu/
692. http://farmsys.scketon.com/GKGY9e4v/
693. http://truenorthtimber.com/CSncj8f/
694. http://karditsa.org/ohCJotRf8F/
695.  
696. Creation Time 2019-02-20 06:47:00 (DOC Based - ENG - Unzoomed Indigo/White)
697. SHA256:
698. 5fb69694ac7d191050325be4a2e9be801d783025ddf3506303b7b4710f6cd0bc
699. b0b6f0fa867a5503ca7ca5027628b7ff213606dfe7aebdb5711fb6f7abd88c0d
700. a568921aff10b63ed0fad5f5a906106d34b7fa13a4d20705d700781a78b5c5df
701. 73e715e2bf2fa8ff339c337795647d22ff47035ea158a08d3cd669b83b52ea15
702. 9a6588e51437a10cb74490bd568d73e83a3d5d3d3bd6aff434e1d120da9f9a89
703. 78f965a4d37d2e6e4f2129dcdd2073d4bd1d2ee2b2cc16caa3186aae61bb6fcd
704. 364a007aafa8a2efd22b272a3fe0e600248f27b51a9587da84a067519860e8d2
705. 4c827a669289ae4558f2a6bc8a11791665d6cfa118950364ac21915f72ed7c68
706. b88cba7d828787131169d8d75bb3b12c3971e86467c2d176f32535779ddbd72a
707. c0cb0be2724c74cd667ed5ec965cd28eb9347cd132d8e520eda6c9639d28e281
708. e01582cfbe5363c54007af723c58f69bec5a51131e9175c9720e3619348d3973
709. 939cee8c75e7f01e2a965db51cd79a22013a894d4e1c8b0eed87e1da47e017ee
710. bb232224e5729bbc4bc7d2c76c8ed12efbf9733501d7d3868208db5c758d692d
711. 9f281bf6a92f24bcbafcc8a3f3cc699e4f801cf4ed481334f454ee964a107614
712. 3b5b2fdc94c5c4f9e6bebdce21235d6dcb7125a934ec16ed9a90f39a268ad2e2
713. 404d940c486add94460c5ecd058247c34a4f55a6039b091a43fec17c9697c1c7
714. 46bd97db02c349e79d6f92f05f050f92c25f03f2486dd1d4bc1f6de641f34811
715.  
716. http://blog.garage-nation.com/wp-content/uploads/jvcfPmvh/
717. http://ataklartesisat.com/eBlRJjQ8UO/
718. http://54.169.241.32/47LAQmL/
719. http://35.229.144.219/XgWZkROu/
720. http://54.169.141.30/live/M8TejkIf/
721.  
722. Creation Time 2019-02-19 20:29:00 (DOC Based - ENG - Unzoomed Indigo/White)
723. SHA256:
724. 9ea97cb306db1b140fb02f612344e9953817eb85046410b66481efc61e32a7c3
725. 60dfb73643f97b78237e513aab7ddee06d8a7f40c34882358132e607d2ebfe63
726. 0c5c4a87c5b5f68f58dc6570bf498d9e050cdfa5252e9dbd1595d2820e90557c
727. 627af16749033883fc3ac9dce74110f2278d20dcd40f8c3a21354fa04bbb0b70
728. 77cc5e12f8ad88fafc6d3d1d2180377c2498a458904a95b88ba422021d7905b2
729. e0d6ca74ff50043d8febeeebdedd1c98a8845306960647554810f397d32f0a68
730. dee1887b9fe00e4361ee46ef1323fe4d32285afda0d3a386afd53362a44d3329
731. 2028a5b8c4fae1e0ecb14bc1d6ca5573f2614682e50d1af4f38de56f286cc5cd
732. 1ba39884c2c40f319e1c392288103550a96a44ff3913f70d15d0dc4f298f82b6
733. ad2955cfd0297278e48a60b24154598dbd1bd8149a02c93607189772dcc19e44
734. 840146cee2508d248580aa59d5aa8b713985449aeb7549b6e7827ce2598a2438
735. b49b275925cfaf6d1b45f6714a79e29b3d895412a7719b7ca185619b5a4b3f52
736. 95d1dab11494fd71ebddf9ed0b0e44582a0991bc5a0cac1e12c4dc13bb074a19
737. 55009c9b2d453a587665b661e2947a7020fa5845b961a28a27cb886b6251e2f0
738. c415cc1ff2163971e30a506d0eebe05e91edc220c2221226242713540e7344d3
739. fef267742f342dea0561b21d9c28a85ac835f81e3187c58458d11839044452be
740. 14710f9fde07c93627f4b848f35701ff1ebf61e6c859f08fd7affd0ce5d5c7ce
741. 1616655078824e36335da372f05727445b6eae95efc867738079aad66c00c884
742. 70d292fe8bd4ce0485febe925a8eaf83f30b8f05f4a8988e420d78183422b709
743. 17ad9dd8903d6f682fd38dadfe61a5abc3cfaea2ae263ad9886c0703a6266cb8
744. 9675db15d6969d8540660058953cd6888452ca80ebd27ff3950d27c27c93f6f9
745. c13da2240bd93c0b7fa5523337ef335fc1a03241f6807968584b51374c831691
746. 343bb671bfda7c99a8ee46f7af970a1bac92639a54ccd5780ae1334baf1823a8
747. 7e038d1a23f0cb8f9c65281512c64d8cee44730c6975a8ce91339695ddb67fc0
748. 6acc91a75fce11c3e48e455dfdef5de29e78be45485e4004108cc56696c2a8f2
749. 073badc60797a7da9de60ce4780aaf1df2c0a02fec72d606756ff53415b3be89
750. 31473d7408a11a1ce63f3c1764f4e9f3d9af5201cb6762c15dc24110a58612e8
751. d3671d0d04a8114cddd9cbb0679a12ba628c9829ee22d979043f089ef3620545
752. eb754e672966729d6fde7e41f1844f6858894fd82572c1548644f994eb6fc74f
753. e902ae5f5e6c37b339926cc0f59c7337b768c4f35c174288d77553bc406798b7
754. 868e8b6fe938e2103f78905ca8a44c1640032cd0ac04018621833e88e63dd8a3
755. 627af16749033883fc3ac9dce74110f2278d20dcd40f8c3a21354fa04bbb0b70
756. 15ea29d0e483c01df72c126e1a0b599f94bdc29dfb38a77306633c45d1851325
757. f1a362916d8b6d3c5d19e6eb94dda06ba1095cd354e794a1242a633d7dd79636
758. 5f8a6c1572e8eeae0b013f85d038c77b9a8f3e3f3a99d2627d80824389a4a797
759. 4a1eef1c18a7bf4c3b86c05513b1bd2ed18ce3e9cf63929fcea564583660d28b
760. 08c5934e1f7644372d8962c57641fc1e209f0c56697352b91efab698d135edef
761. c3450f94972ed4d0f40cbbebd99a60c4708e1c7e0966b83e3277d0782c7334d8
762. 8620fce126119d45b18863f84a7093b6bd25915efadac6813169f1d659494eb5
763. 503d0da25217f1affdf9e7ba4cac3c76c8126c022378e36025abdae8c3e1db92
764.  
765. http://51.15.113.220/2sT3beRO4/
766. http://167.99.85.165/XyBY4Kl/
767. http://18.205.117.241/wp-content/uploads/P7KgkINX/
768. http://23.23.29.10/DAINhWrv/
769. http://18.213.62.169/wp-content/uploads/oEk4aUu/
770.  
771. ```
772. #### SHA256s for Epoch 1 Payload EXEs seen on 02/20/19 ####
773. ```
774.  
775. 938d362c5f46c6db7ca7d10eafbfa2e08c66feb216ed53a5c7bf2637425faae6
776. 315e62e87bc1c56b4944b9c14fcef8f496ad4ca9e07a8fa6ed9e43caaae6ad9b
777. 9bbc84e502e7d8f6b6eb1f19ee27fc57590bb3d46b7b6f9f299fdc5ff80b66f1
778. 9a654a2afb5fc20bc93f02464060822b2c37ba2a3095fbff5a9ea2e12a2d315d
779. cdab65c218de1fbf77c813241b0525fc16da2078a8f62f3eba1bae4aebbd0c9b
780. 00b8d306a8328ed3bb0693ef756ea4d494af85c7af19be0d8d5306f32d20282c
781. 54ee6f3d7057e63f4e4adc8fd1d625f7959e513bc103a45d6eb41ecba1a0900c
782. eae37fb02b18b024e88de0571e990ffc65e706b0c8dd6275127f9af3f46a54ef
783. cf61ac96de77a14d18b86a01b0a2ce22048d2e97286724d105c285d5acc87a45
784. 5f6c0de02c6ed5ea3fd30bfac63ab3f1850472b345c07db2a5d4aa9e5e869576
785. 44ae99f68b9ee17beef11c41f2eee337b5497aaee8409d8fe7880e9c8f55ea25
786. f662dfd4131f4d40b29f9dece49c0edbc4a61daf749ef5ddb5b93071b282bf53
787. aa683c77dc627af1a2f3a727f85d7938ac630f94f9cb1b51ec7e28ed340e6eb4
788. b62bce341a6e90fa889c6a40c1f874d59a9f59910f46ca44a9d994834c846c18
789. f5a99b37aa5294480b65646135cd1671c5a4e4ceb4fd3b83cc78e269d0ca53fa
790. 92bb0fc5fa5b461f018f420d390d41efb2527a2e9161aa03b7796b478baf2c7b
791. 613890281f3c6a6b73272c6428dbc612c4d5608b599ce8535a841f38c3a901c5
792. 3b3da65e11a93db3713b37212bf4ec968a1e1bf02908185cbdd26f53264c2f20
793. 6c967a9c90fa83650db4fdb55e134e2ae42506c68e69572d0548977d7a5dbb72
794. 264aa98f62b297b550b2d44596253440483a54607f2f190f198ab18960a99bac
795. f5058071a7c472a56b5f6df1e990cf8ed016090d178ba6189f4bea527b67820f
796. 0dc2e8374a89367f9ba7c15035ee744d4651790925fc8db26b6d2f32471e56fd
797. 10a1351db738ca52d1c1c94edbec5ff84c62b211e2804dff7ff859fbce6c8a5c
798. 4e4ae10ef10ea6943f1b7365f42526036aa00f4bb349479ff18d781829829380
799. d79ccc7a00d8735cc9dde783aa6735a867e1841accdaa7fafa9d9149400136e8
800. d878ad2e94b49b30c4659d55783e4d58ccbd1a5a53ab7081967d85fd0ded1867
801. cdc418c2b7485d3651461a60868ce108bd3a9c14949797e7e04c2bf174fb9622
802. fec2294c8926e1ec8738ce8608f774639432636568107f48969bfadcfa7f620f
803. 049f871d4b72fa730293982c8c210ff87ddeda1de8016758cd9de31018a528c2
804. 7efd7824a069d391ab83a2ad8baa1e59a64665b14a8e463f3acfde338dcff067
805.  
806. ```
807. #### Epoch 2 Payloads by Document SHA256 - All Times UTC ####
808. ```
809.  
810. Creation Time 2019-02-20 22:40:00 (DOC Based - ENG - Unzoomed Indigo/White)
811. SHA256:
812. 5fef45c36a230351dcd174107f3f6a541e2bcc2717fcc9206cca0f50b9dcade9
813. c7043a2969bb736fd7f871719de057b9e9a1e6fee382c926c33027c0bb662544
814. e66c9d3fb5cce953ae8a670782d051077b3df858bd699ebb84dc719798da78dd
815. 4684961b11df9664b74b84843f2d7b0b32568fa9c45e4ea92bc14a16c057fdeb
816. 8c16f59af76fa8f09cdde9aeb65bfb6edc8791eac5154165e897e72ef04c9896
817. 86256076aab53e597029235e4bce3a3efe9f71bbb7df11c59a65543279c1245f
818. 06c8637ad271aea1fa4cbd270ce643c8d630d3908df88398f06cad9b0813989d
819. b5b376647a8bff48124a071a71fbb081f78361695a6920b2e3d95f37c0f4151d
820. b22448c34f26a1e1cc0f2e608a6c1717b5e42ac5790d15be0ec8e5c4fede0e07
821. 11913692bdb0a4f07a8ae0d313687af38c25ee945ab223705d8e15a080c945af
822. 26f461da7b14255ac600d7a069a35e19f14f416721869ade8a2a9d690c67c699
823. 7bca9566cc5217da968b100c78b615851dec6c9d5a62f52414d8cf4a55ada654
824. c4d2d9e19df870795daacabb84ca9d8e5f400c30c0d92a64c3bfbfd933f07c86
825. 541d9778452f1406109122db15161ef577331da8f89cb38174e61d6cc7118f5f
826. 8aba440a8492331ec71a1570e3e2f63b8533aba5a22c6cb4be677987e5bf24c9
827. 2e7730080fb9693bad0ef805a4b380225ea5ab79b755eba621354fff1f57be88
828. 8c18249cbdbe4d709965db788358e9ec053fc2f4309c53a11e11c85c6ab86722
829. 65f06f1e554842c9137a397ab1035c7dd7f198b8b7f89dccf6d73e648b26d195
830. e88dd0545b70d9e2ab35edeb91b67fc9e8fd82e80716809697ac3d176b5ee018
831. 6c765fd57790d538cb5e1660946ddc30171395f22eea66a4c836cb28ae2632bf
832. 01d4d0fc3c4025fb1f570a677a834a5d337398d512c532d660d8fc9d053081f1
833. 8b94da4008ee7e958c9d6c5dba49ba6b9c7a7ddb61e85559e2ede128bb7f22d7
834. 92ef2b031335cf854f2652f244d988771fd32fca2192ee425a673791cf475711
835. 0ffa66af30c25de60b1235bfc329ceab6ffd038fef0873d0c2137befed58ed13
836. 6a3cc4922e3fd31458be04853a71293b1203538be2cf0b470aba5500069cba54
837. 04698d71fe7ba0bcb637c967064b6dbd4f58b726bd2e0f3f4f1d0ec2d07932ca
838. 42c4ae91d99e20371a32377a6a054ffbe13f5e589b0abc06edb62c88e6e2ef17
839. c60c0239798e85578c1a5a4bf91f5d03ce3e1d6e7df053be1a451756ee6110e8
840. e1556d5bcaa1b322442536aa8d8c7ec7f348d1412c42243c7f081855b2e8b183
841. dd8fc292e4a744bf2a649f653c8eb1443375de733234f72e0331c0843a155a82
842. 82fc4d3c376ced491b4a8331488900aa9e6cb262d3e68a1db9fea3bca314a6b0
843. c35dc68437a3fc08776276f1ac12e51f07c35a43b2820f10eca7081bdb3d9ef7
844. f08150bdc02648f4f70c6188a490590374a138c9eeb3df5f099cb449f51a6bba
845. 1e75c40c1a432f5751f395fafd6698443037f69432534a0ada185adb4b159580
846. f4484b82d0496ea55e89be8487b11828d6c2d30c92711a775f3dbb5963e61047
847. 62d371690a5ed65b7fe35c8193a82d5c406a3ab56eef4d1a3307aa4b180d9682
848. 59d867ae18e7749253e76deb4bb97a0e360126fa5b4b98eb3d574805b6b61a41
849. ddec9ee05008ace4b9c7a7689394b98feeda9f3ab7bacce101116184ad2f3f1f
850. 591ec51ca5a509f3bf8a7e3cc4dd66a6caceca8ca9bc9f7ef19a1ceafc9edb39
851.  
852. http://3.8.150.35/N1Beht0JmWT_60/
853. http://ifpc.ru/eKKi6q5YUC_WyPjVNX/
854. http://apkelectrical.com.au/wp-content/3MdEhYTTHULOUo/
855. http://mausha.ru/PQt3QofoXj/
856. http://aktivstroi-dv.ru/sIs2eNw5Woa0_fc/
857.  
858. Creation Time 2019-02-20 15:50:00 (DOC Based - ENG - Unzoomed Indigo/White)
859. SHA256:
860. 8b1eb699d4fc07774672c38b6ce5668a249a7cd5801f8a99095b1a5c554ab752
861. 0faba614ba5d2c3ff204f7871d0eb28c4ffe997c9c1edf0376027ae7f7332adc
862. 24c3c69bd397d37ab81e5b6913bf9f977e7fc455c7eb0e81bd1e0fc48fc2ea79
863. cc8b6115f4f8ed16158d22d4f0f4ec2e4a7cd8c6a95d6b08dcf807d411bcbc17
864. d649ab0d6a44bd5eb0d5f9022f188eb8893570a8bd2588937aa1834e2d9e62dd
865. 8d7f965cb53ca2bf760e952126ee815b0feadd2164bf08f6a284a2bd8e9406d3
866. 581ed1e88f493fa0922f20131f3fc4953e388dd2bf88aad73a286a79f75898d1
867. 9c8d7acf2b3065a0ce936cb4d2bda9bf31216a6cec1f1e151e8760ffbb032925
868. 34bf6dc32489e18ccf4d98e1a2486828b18b89f41501a1e92ffd7078f5ccf032
869. 2568fb8de4f6b147c3770e9837a2625239b413307d89e46950de29f75ffdf7fb
870. 53a1a123944d77a0cadbeadfb2a5d6fc7771d7b1f324d17d1ed8e8cd5028806f
871. cff54c40de100f440e53827e156171ee0d7cf1af63b2f144a643efe3ac7c0223
872. 0f747903b596b90ade299aadaf245375f0b90dd47d6b553f291ac4f68b5606ea
873. c09d72e4e48fd8ddabc13152c895bc48638b8df50b8a510728bf6ec50782e3de
874. 8546ef5f0fd9cbb256d01631d9ddb0458a5a1e7a6f6a4f2b170c7ffd63ff3fbb
875. b5e63d30f7c7fb394bda84c9c34d77a54016f43d660e1a91e1adfb838cb34b8f
876. f80a4119408c04edf27f58f6256ffe44f196a7731932d8ce8953e35de38c0d68
877. 9bf424cffd1b737f26df2566b76831ffe880a1db227b659a6163b878170b4a8c
878. 2ff8a5669e9ee2204dde08b789b33c7257370700d1f38134f9487204ff880142
879. fd8c5c79801c97d405c218d0a13b73f8acb6bdeb795233743217ab1cea7f7d8d
880. 8f536d0768966c84df4ce8bdc4e1da05e770c414896108100407fbb746b80748
881. 08c51161e5e600880ce71d61b8f9f61317d1c8c8c5403ba709634247537f9323
882. 2bbc6256f916f20330ec5a53cc38ead3a4eae6cc4dfa5ab45ddd37452668b9a1
883. d69ad28978101566f7730e3a17d8835e346cb24a37a1f8d4147130be103d9cb2
884. 5d12e0b6fd3401e70e111bb42f81da99ca1c4199acb159f02300d206f3892b83
885. 5979a488e23edc5d977c0c42e358fde8f94fd8471fafd7bee2a89b5df9e24b20
886. 7151293b8660dff9f00e4c4868fa74419e95a62bbf13010c5e73ed09f861f411
887. fbf090099a3fce0119cd46f3dd8fca585436d1ed7d9d0844e3fa277ad8cbeb7b
888. 4a8162c45f4b627ef1eea987d93f6605d79af7a652c0f0f2ed2cd4d396afff8a
889.  
890. http://augsburg-auto.com/BV5eh1IerP/
891. http://rkfplumbing.co.uk/8pgqFhWo_noNLch/
892. http://viento.pro/JggAt4n_6jVK6/
893. http://sadyba.trade/WSndFC7G_5tGH/
894. http://35.200.146.198/9lnhtAATPAA9Zu5F5_cFLuQlT/
895.  
896. Creation Time 2019-02-20 12:53:00 (DOC Based - ENG - Unzoomed Indigo/White)
897. SHA256:
898. 018a26bf1a63a6ab3c01cdd237af421b4f69673f0dfa5efa518ae200185804de
899. c6f1277b0484041ffff4e2a826a725a38aedcb7bfb55e2bc3c2b7ab47d0b29fd
900. c42ca8120e9b028cc2901cabdb61af67d5ec86b63b065f91f788adcecbf3442a
901. c91d38aec97638c63e5e1a5dce8266c3cd0f663f02e9fff81005e4df1bf94c94
902. d951b0d147dc9093ceed5235207fc7fd5c1224cc4bbf7e7bdbdfb9235eda9280
903. 564739893ba7b43940b1b7e1fb00ceb7cbcea43e136a7486c94deb63a2c75462
904. 79ae01c03b90d68f9559d4136ee8993c2fed2055a1cd026eb0f3cef73a0d28e3
905. 80cc2f1b9b07cca41ed1c84ba6e6fc914118f4d60186c1c8e089cbe1cc10f55f
906. 330f82d319869777d337066359b358f02918053cf2b760a25893c3cbfe2762ad
907. 50fe0aefc65055f3fe102a7c5bd6c2365f21fb3276160887290ed85ee2b1bb34
908. 73f3d1224a0c48bfe13764d16bf5af06b1d49453bded309054a3d425babdb3ad
909. 36bf8bee6817f4228b3ee98fae97467b68917b4b3c7339804631afedc1745807
910. 2515c50950e7fe968128253e1c0380176121a1c66123fd405a49182cb983b05b
911. 812dc1523562ba50c2ae0e3ac4cdd1a3a667a14659a0b792d24999e8a73341b8
912. c148c9ee9cff7759798acc1dad4f876fd3d7e61b2e21373337ea8e25431897e8
913. 8b8bef1520412f6f52246c3e81d25497c3ed3a888bdc6542f91bc6261992d2e1
914. 1627ebc6f0f03549d4ec97bee0e07222144588fea351f625fe62d0e601c77f89
915. f0ee174cf7fa3bf648ec3cd2bd654df13a965498a571f34231a7bc331015ac6b
916.  
917. http://159.89.153.180/jbgdP2PAlac/
918. http://ketanggungan.desabrebes.id/PYDKI4f4dEx/
919. http://gando24.com/akACCpMfqwHCN/
920. http://laylalanemusic.com/ZYn33EV8HB3mN_I8xn/
921. http://35.244.2.82/1sqwnVupMcFHi/
922.  
923. Creation Time 2019-02-20 07:25:00 (DOC Based - ENG - Unzoomed Indigo/White)
924. SHA256:
925. b45fbef589e247c11410c2b8472d21a19ec0ea0a0793a6923068ded66c51c70e
926. 5a526a7490b1595a2d944d4776c8aa7143981b7c1d958793e9bb4f9c3fd86e94
927. 4a472b424d70b489f2e2bcf4e3e6b6fc205f1dcd7c3e7414290530002bad0612
928. c7f2435124ad779cfc5bc7b62a738f33db83429629dabb14e6515ff9bc45d8c9
929. bfa0b09ebd1e2478f2458429e6a089df534a22b5d54cb2f78d3ad3a44a90cd22
930. 8239b0830e39e2b4102205415045c816b0f9cfd88ff804c9c270f63e4dc678a4
931. e3f625469956fbb87c2eec4ac203708a048e0efa57dfd260cf779331888f315f
932. 4832482cde4b55dc82663fa1acf8c6e2db1160b02c2996bae697be8fd2ce99a4
933. 438895e866661cfcfb92a604573f003536d9bfaa703a5a4f8dd741e78d7a0d8c
934. 1464c6b1fe66023dfe7edcd4ae1aa88267be17bbf27212f86df27ab4913436b7
935. 78539a42ad8dc842da42bba7d5d0f809c6a6eac5acda1cd82fc5b2f81c3d2aa2
936. 05ed2dd638d71a8d1ea4ae8326a663533337fb54ebc89f6dee5d6b97cd43274f
937. 4b08744d3e0d988c16161a7785996a547509c7f294230e8551836f3581882aa0
938. 21f2c2c3a8c91781184282774d42afe1fa62cd611d41c422e22e9f9389179193
939. 4b51d328aa5d4ebf37fb1d61c784bde49669863e5b1aa6b79505e3565fc5bbee
940. 2aa47ff6d0144ff1154748d8cd557bbd225c2b0028c99912b5dc641bc5c3a23c
941. a78a1559251e7c4b6f2cc2b13e76d03aba27b5cdfc8a8f3153852d50ef922222
942. ad735ce4b881b3efb78e0ea5ba064202d243d55f7c35ef7300fc46326a16ae87
943. 02e687ff35baee6defbf43e7c6f41a8be06fb65d0b65ad722a948d712c3d5cbd
944. c3e991852da9c8d8f3f45b862e92bb02996961794a208acd7f05bd0f7117f670
945. 2b8c050fad24c9bf4f96ae7bea41677e5feae5fbddc7b382587cc025465760f9
946. 0aada19eeaf6492d1d28a44bfd4933969dd6da3cdc53de40a795e6eca0b209f9
947. 2ff08a0ed2d3c6bff2fcaa56446ed3f10f985be91b2b6f61ad0969deea30d671
948. 075dd87eb4035d642a0f20a0626b0c7d7546a605daa0fa069f8ac0cebba0c269
949. b30e6ed7905bf4f5a98c87905475b441777cdc7ca035eca7e4e79ef4075e6d58
950. d38e1f8c2a2cfaf8d12159be7ecb9efbf42d285a8bcb0d20b99ce2ef33d259a2
951. 805cb6a567b584fe852805905ec1eac4121942732e4c7e0f58559b015316f400
952. 89ef67aeeee6bc14a4bf3c0f4c8ce9e91cd87d83e5080e70e16c4ef41421840f
953. 1764a4e34590ac9ef400b270f10dd2a72dcee5e76c3065ee081524472d0374c2
954. 776c7c309c1e46ac46ee46009d954482ab8e3686d8a43d2a7f7dec10138fd442
955. 2840874e8d65dcbd6e7765e2b7618e99490b3fbf5c17d7a9f37c2f28456ed95c
956. a0ad1527b7714763a46f68add81cfed3a7ecaac2b9b2de623779c2880bfb50c1
957. a8cda07d93d3a83491330ac514f4c7afff52daf8af23361e79223700183e4e1c
958. 29c50ead00582888c411d01ffa9a686c6fcdb682a0879a507764a6179d70567d
959. f87f5154db4abd03ef5a7cc8fa19e199c365f436fbbd72388b95988fd8bb9799
960. b9704032a4fd1393f9d41f90bdb63c6a5c55d59dfc8f92b33c228010a699173b
961. e81e2f99275719bf522af1c2236a01b056cdc299d02a5be006a569a23de4ef21
962. 69a489ee3e5c34841b4a464f414f90d1b89829032d54e0c2b112b418b6d18cf6
963. 7cd0438637c2e0cc6c55cf59dcde3392662e31ab6beea0b9a49b335dcfc3a310
964.  
965. http://35.234.5.71/dke8rJ1zYK9d2CDr/
966. http://conando.vn/9PceFpg6P/
967. http://www.edvanta.com/wp-content/rVUyl6cvjXvhj/
968. http://www.pinquji.com/X8zw7c0hMYN7v3DD_L/
969. http://beautyhealthcareclub.com/pjaF9k7/
970.  
971. Creation Time 2019-02-19 20:40:00 (DOC Based - ENG - Unzoomed Indigo/White)
972. SHA256:
973. e3736a5ffc43e66cf76cbb8b7587b16609447fdca70ff6356767d7bdd6ab7c66
974. bb6c89aa00f79d2e1df07bb4349181466e6a9c4bc7af02875860fa304b5229fc
975. 684d754348fe4516c22e8c64f13b7610e9494770941b5d2d8b1fb6e08f3733fd
976. a8873180c77ace5f35fbc502ed6e07e015f2bcb7b97e32d4d6cd93b5e4305e0b
977. 30bee18ef9b5167e66146a51742afaf887fd991a8da6b170f6e310e20aaa0899
978. 4b82c70bc40309a9eacd0d39b939d7cfd4f9e89c343957bdc9ca2ec48f39b8aa
979. a709c3fc81f9ab01b49227bdfd5aa93c3141c7615d9717f93343300f81edf71f
980. d26cb323e542115649aae35d5a1a53f14ab1ecc7bdb775327ab01eae63a19c09
981. 5d60ff40f922e9d528ac267a9751891267e6d2bdee390e9f48fb2126fd5f01a8
982. e699620d331516b7f74db80701de8bbfcff55f1ad20920310b972a7d99ff302d
983. a7ef0475fae9d5b4480987867ea65efa7082cb2da48dba2b4d5b672475a2f07c
984. a163f9b7811e8575a5dd2e72606b26dd663c369541e318987da80e236d6d40db
985. 3dbcf6c14de1fe120ee9f0a8ec42d647f6ed40afe55ab9e15f2fe2fba192d707
986. 38f80293ab84f4fe5c5b07926bb4415931e03ea1a2611e1efdea4868d2240eef
987. 62846ca5c6123d1eb7c7163cf2bbea910a3870550534ca912ec69d837c8f6c32
988. 7ea1916702fed47c67f6dc3a3c5f28115726604d1579a9adaf2b0332f5fca4b6
989. cdc7f02561b77a996a7203284bbd0ec61dd95d9f23fadce92d1b929edc983d52
990. db921e7c8f95891edee57d713697a9ee9c1002ae8667614c55d4b81449d3e4d2
991. 60b1ac82fc1a14c441bf501d86cd430bb67baf7664e03b76c5fe5f4bb734c9c6
992. e5c11c248c8fe7e204e2b86e9401bf3c146a68b349f0787a7d7e780141254d91
993. bf2049aa4345cd1536adc02af61fc2f7a2f8f2b0375328c1c74e0ee4e0a4a849
994. d7c9f9604bf0d1a97b55f17d1541f94167a003a512f60cf1d153c3cd3ce48461
995. b835312e9a9049663fd4dca5b868f102a2337c00cdc9775e6cb4ad25b8851174
996. 4e1b60fced4f17607994e0ef95d71962f9b55642204d135900953308e56813b1
997. 2fc632f767f23aa3050202fde26d609aead629f950aadc0e0f67e29991085596
998. e3965083b6566d9e55141d8268fc238311eb43669319d5e8baffb69a4f131b29
999. 8b88fe38b1ea16f9da55e53336e8e0e92109a87d8db65ed91a1b40070fbbebb1
1000. 8c8ace33f32cf120c556247717d2f8d92a5c70c57a3dad4af801207135b76bc5
1001. 1d2a3bb03a392ee3dffd9e3562b3298ca6fe2bdceafa6118ae22a1591fb80766
1002. 25cff2eb058c4682cb09785490e674271a765d97386bc250e62a661fb2bcba82
1003. 4367d6993c74b3622d855ba3518adb4f9c926ccdc5dbb5465ca8533eb5b8e881
1004. 08194cb8c9ad91567e141110b0bea92a15148b8910b9a7b2b602bdbcc2dd7db1
1005. 5be43bc27bab69b6f3bc9685bb7d053520f55fec3f586b335d08d3dd7a85d2db
1006. a20ba30297427ba30d56bc4066a40c6b00804a86c9cf62c367e39bf2d45d9a89
1007. 565a8c16499c34d3b433059f9a93b49d80d9b2a19af8d7f67aa961a2533eaaa5
1008. 34fc3e3ba35c4c5a98d3ae4f8dcf2765c03e9c1f190798202fcb34b38024760a
1009. cc6db044fb72a9f17f726293709b52b0ce9849f87a26dd2f86c02b0f3b4267c4
1010. 466dc8058a490ee5b2474b224dad87fe3afac1914f0cd4b3af6eea06d68af396
1011. dd7eea79ce5a6414f3b9c10b4b3a082de86ee88fd516acbb890231032805810d
1012. bf42448ef30e101668207b9666f593cc2b7655c2cbf4aa033628b5a19974ce72
1013.  
1014. http://balooteabi.com/11FwasoQDp6Byb/
1015. http://bignorthbarbell.com/75AixBQLQ8_DbrdTc/
1016. http://ortotomsk.ru/XmaxodB/
1017. http://bietthunghiduong24h.info/fxTYTjQ4B_X5/
1018. http://91.239.233.236/eRR8zYJVDDEXiR/
1019.  
1020. ```
1021. #### SHA256s for Epoch 2 Payload EXEs seen on 02/20/19 ####
1022. ```
1023.  
1024. 8162be8570ea994767a874eaac114e022fa6d84e7189b2ae7e09638b75f985c5
1025. 942a93fe3b81398f5ad3b010760cd3cb7f1883118034755f4308be9f0aa119e8
1026. 66072f32b2745a5899d1f62d451251e9225848f86fae3960a32fc43b1275f819
1027. 212bce0dc4b9a5eacd346ff31c1a1cb5d6c388cf413ff9c26fefe2841987b2a0
1028. 1b85e72f0ca5c6f368f7f6ba67f3fae7abf3cbc7e3792440934ea66aac8ad1f9
1029. 9979ccfe4df6612470160a06218e6b4417dfba279585175bfc2377f0cd1d7ea2
1030. 2bc8a2cf799bf69c279a7a53f93ec9758068aea4eaffb9e08aa7c95f99671b5a
1031. 1be19ee0bb481b039d688c6700f2fb0a147c45e9d6930cf55fa6b7caae815cef
1032. c90fa244f12100dc138ce0d5ea74bdaaa957b346ab7f3da7edbc7347cc117859
1033. 916b933f6f75de731419eec36125bae6df00f04146a2a5f166cdc65f791159ae
1034. 3af908540018e0280d10dfd032313eda8503fe5645b819b681eef3b8142383de
1035. 25f60e5eccdab5e8b6621515207c31431c31d222d9c97d37b4970202b39e6c2c
1036. 460eabedf895f7a2e13b6ee4fed9ecc59d6687772ed087a65cb6ffc83a8cf932
1037. 26bdbb37eb46ec352bacf3aa2b216f495b07353d9fe1b2d985b9429e6420ff92
1038. 75c3bf4304d184883f258a0ca922291683aa71fa9d4e4a6fe146c80f17a008bb
1039. 2d94a15613bc4129baa938befb1f2caaae78054960aed055329e021998dc0e6b
1040. ff9cc07d09bcaccc7b0f471238a6398e751f8093e446b494fe6883416bf6e142
1041. e1dae77dbddd3816ab477c98f91917d1750a3f0e070a27df4923f852d5a28a15
1042. 89269d2d2265d79dcb7c1eeed6fbff393dd3ed1af83e6df8d52bc264908a9a05
1043. 4a761b7bccbb514241e5d847a95fd12fab077e76358cfb4a09a89d0fd7eb72af
1044. e02bad3a8d2756c55d1c42b15c9e10f44ee553779a4341e8c30cdfa60714529f
1045. a2d9fbdb28385af55fdccc270d002c91844882af29046067bdeda0fe372bf228
1046. 6608c2e1d6959a77c53eb710ca17bafc1518d110cc31c1e82cc7c09d7ef005e8
1047. e0164b2114590e5ba50790d67257fceb482e45418bb4c52c8e8a9b657021db76
1048. 7a4a7420a2d9abc38c9a4f8480990425417ebc9de8a0c32795fd4c99e420b795
1049. 399e8e89a05a03d0dc68d88691b968de2ce77075df766f7a34f8facff7722026
1050. 6afe2d0a3e96b57446f112ef44c0eca2a8e468cc4695ecc0e03502525bed6371
1051. ec21265038bee81e52440199fee3eda2dd3e489283eb6a50061ec9c685751c3b
1052.  
1053.  
1054. ```
1055. #### Epoch 1 C2s ####
1056. ```
1057.  
1058. 109.104.79.48:8080
1059. 109.226.196.123:53
1060. 12.6.183.21:8080
1061. 123.168.4.66:465
1062. 138.68.139.199:443
1063. 144.76.117.247:8080
1064. 159.65.76.245:443
1065. 162.247.42.61:80
1066. 165.227.213.173:8080
1067. 168.226.35.218:80
1068. 173.68.169.16:80
1069. 174.96.202.70:443
1070. 181.168.123.241:443
1071. 181.56.165.97:53
1072. 185.86.148.222:8080
1073. 186.10.243.34:21
1074. 186.68.100.2:20
1075. 187.148.77.84:143
1076. 189.147.12.211:995
1077. 189.173.176.115:443
1078. 190.117.226.104:8080
1079. 190.154.155.34:465
1080. 190.191.218.44:80
1081. 190.85.8.155:8080
1082. 190.92.58.150:443
1083. 192.155.90.90:7080
1084. 192.163.199.254:8080
1085. 201.122.94.84:8080
1086. 201.212.113.14:50000
1087. 208.180.246.147:80
1088. 209.159.244.240:443
1089. 210.2.86.72:8080
1090. 219.94.254.93:8080
1091. 23.233.240.77:8443
1092. 23.254.203.51:8080
1093. 5.9.128.163:8080
1094. 51.255.50.164:8080
1095. 66.209.69.165:443
1096. 69.163.33.82:8080
1097. 70.118.28.174:143
1098. 71.40.213.82:8080
1099. 72.47.248.48:8080
1100. 74.45.170.110:80
1101. 82.218.163.254:995
1102. 90.63.245.70:8080
1103. 92.48.118.27:8080
1104. 94.155.113.12:465
1105. 98.189.192.183:8080
1106.  
1107. ```
1108. #### Spam/Stealer C2s ####
1109. ```
1110.  
1111. 104.236.185.25:8080
1112. 187.134.63.166:8080
1113. 189.180.186.235:8080
1114. 189.244.82.217:143
1115. 212.112.113.235:80
1116. 24.191.37.42:443
1117. 50.116.63.9:7080
1118. 73.185.42.52:8080
1119. 75.166.252.40:80
1120.  
1121. ```
1122. #### Current Epoch 1 RSA Public Key ####
1123. ```
1124.  
1125. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB
1126.  
1127. ```
1128. #### Epoch 2 C2s ####
1129. ```
1130.  
1131. 104.228.227.210:80
1132. 129.24.37.8:443
1133. 133.242.164.31:7080
1134. 137.27.168.194:8080
1135. 138.201.140.110:8080
1136. 153.121.36.202:7080
1137. 159.118.77.61:993
1138. 172.248.21.6:8080
1139. 173.21.116.239:80
1140. 173.255.196.209:8080
1141. 173.255.250.241:443
1142. 173.63.66.10:20
1143. 178.62.37.188:443
1144. 184.176.38.146:21
1145. 184.54.110.31:990
1146. 187.137.179.93:143
1147. 187.198.33.171:7080
1148. 192.92.6.125:8080
1149. 208.78.100.202:8080
1150. 211.115.111.19:443
1151. 217.13.106.160:7080
1152. 24.123.39.18:80
1153. 24.153.169.62:443
1154. 24.185.185.187:443
1155. 24.227.158.234:21
1156. 24.243.123.25:443
1157. 45.123.3.54:443
1158. 45.63.17.206:8080
1159. 47.23.77.70:22
1160. 5.230.147.179:8080
1161. 50.198.42.246:995
1162. 50.31.0.160:8080
1163. 58.252.57.205:8080
1164. 62.75.187.192:8080
1165. 62.75.191.231:8080
1166. 67.20.236.21:8080
1167. 67.205.149.117:443
1168. 69.198.17.7:8080
1169. 70.123.237.77:8080
1170. 70.64.76.71:8080
1171. 73.186.92.178:22
1172. 73.194.61.246:20
1173. 75.99.7.18:8443
1174. 76.94.226.173:20
1175. 79.75.233.224:21
1176. 82.14.53.90:22
1177. 83.222.124.62:8080
1178. 86.98.45.135:7080
1179. 87.106.210.123:80
1180. 94.76.200.114:8080
1181. 99.242.223.226:21
1182.  
1183. ```
1184. #### Epoch 2 - Spam/Stealer C2s ####
1185. ```
1186.  
1187. 198.58.114.91:4143
1188. 213.136.86.219:7080
1189. 24.164.79.147:80
1190. 47.50.128.85:443
1191. 58.108.251.65:443
1192. 66.38.64.143:80
1193. 71.95.197.230:143
1194. 71.95.197.230:993
1195. 96.42.13.162:80
1196.  
1197. ```
1198. #### Current Epoch 2 RSA Public Key ####
1199. ```
1200.  
1201. MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB
1202.  
1203. ```
1204. #### Credits and Notes Section ####
1205. ```
1206. Updated 7/13/18
1207. WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
1208. is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
1209. https://pastebin.com/u/jroosen
1210.  
1211. NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
1212. I am providing them for your benefit in case you want to parse them to be sure.
1213.  
1214. ```
1215. #### What is Epoch 1 and Epoch 2? ####
1216. ```
1217.  
1218. What is Epoch 1 and Epoch 2? (updated 01/29/2019)It has been awhile since I refreshed this section so I wanted to update it and bring it up to date.
1219.  
1220. I have been tracking Epoch 1 and Epoch 2 since May of 2018. Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for
1221. communications. Epoch 2 is currently the larger of the two botnets and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing
1222. version of Emotet at one point in May/June of 2018. Now Epoch 1 seems to be the smaller of the two since this time period. Despite having unique unshared
1223. C2 infrastructures, these two botnets have been seen to move bots from one to the other and show similar behavoirs seemingly controlled by a single
1224. entity/group. Here are some observations I have noted since I have been watching these botnets:
1225.  
1226. - Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an Epoch 2
1227. document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those being delivered
1228. in maldocs on Epoch 2 at any time.
1229. - Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
1230. - Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
1231. - On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on Monday morning/Sunday night.
1232. - Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and Epoch 2 may
1233. have a document hosted on host.tld/B.
1234. - The RSA keys will change every month or so for C2 communications on each Epoch/Botnet.
1235. - Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
1236. - Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
1237. - C2s are never shared between Epochs/Botnets.
1238. - Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours to stay ahead
1239. of AV defs.
1240. - Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
1241. - Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
1242. - The easiest way to tell what botnet a sample is from is to find the payload and then check the C2s/RSA Key.
1243.  
1244. If I think of anything else to add or if anyone else has any suggestions, I will add them here.
1245.  
1246. ```
1247. #### Community Lists ####
1248. ```
1249. https://www.malware-traffic-analysis.net/2019/02/20/index.html - @malware_traffic
1250. https://pastebin.com/XphvkZDD - @pollo290987
1251. https://pastebin.com/eDuL3zkF - @pollo290987
1252. https://otx.alienvault.com/pulse/5c6d9baa58206b09d5e4e852/ - @SecSome
1253.  
1254. ```
1255. #### Credits ####
1256. ```
1257. (OC from @JRoosen and/or combination work of the following)
1258.  
1259. Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
1260. @Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial
1261. @shotgunner101, @HerbieZimmerman, @Outkast_TI
1262.  
1263. C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
1264. @gorimpthon, @Racco42, @Jan0fficial
1265.  
1266. Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987,
1267. @malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial,
1268. @OguzhanTopgul, @HerbieZimmerman
1269.  
1270. Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt
1271.  
1272. Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with this!
1273.  
1274. Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey ,
1275. @digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch
1276. and @Virustotal for providing services/software no charge to this cause!
1277.  
1278. ```
1279. #### Daily Log ####
1280. ```
1281.  
1282. Well, today was a heavy day and I got pummelled with malspam from E1. I received over 350 with the majority of those being link type malspam.
1283. Spamming stopped at about 19:00EST for both botnets. Most of the malspam I received was during the intervals of 03:00-04:30 EST and during
1284. 13:00-14:00 EST.
1285.  
1286. From 03:00-04:30 it was entirely German based malspam for invoices and document copies.
1287.  
1288. A good example of this was shared by @tagnullde here:
1289. https://twitter.com/tagnullde/status/1098181544219414529
1290.  
1291. From 13:00-14:00 I saw a small amount of spanish based malspam (5%) and the rest of it was the Freshbook template for invoicing from yesterday.
1292.  
1293. E1 C2s changed and went back up to 48 combos - Recorded above.
1294. E2 C2s changed but remained at 51 total combos - Recorded above.
1295.  
1296. Notice: the @cryptolaemus1 posts may be a little chatty this week with C2s both saying they are from E1 when they are really are either E1 or E2
1297. in disguise. The bot thinks everything is E1 right now but the posts are accurate and complete. For confirmation check these daily posts.
1298.  
1299. TT for more invoices and nonsense from Emotet...
1300.  
1301. ```
1302. #### Sandbox 02/20/19 ####
1303. (all with fakenet and MITM unless spam/secondary infection)
1304. ```
1305.  
1306. Epoch 1 C2 run on 2019-02-21 at 04:00 UTC - https://cape.contextis.com/analysis/38824/
1307.  
1308. ```
1309.  
1310. ```
1311.  
1312. Epoch 2 C2 run on 2019-02-20 at 04:00 UTC - https://cape.contextis.com/analysis/38825/
1313.  
1314. ```