Emotet Malware IoCs 12/14/18

## Emotet Malware Document links/IOCs for 12/14/18 as of 12/14/18 20:30 EST ##
*Notes and Credits now at the bottom* Follow us on twitter @cryptolaemus1 for more updates.

#### Epoch 1 Document/Downloader links seen for 12/14/18 ####
```

http://13.228.100.132/EN_US/Transaction_details/12_18/
http://144.76.14.182/US/Messages/122018/
http://acqualidade.pt/US/Messages/122018/
http://adacostaapps.com.mx/Telekom/Transaktion/11_18/
http://africamissions.ca/EN_US/Transaction_details/12_18/
http://akili.ro/EN_US/Messages/12_18/
http://amberrussia.cn/Telekom/Rechnung/112018/
http://amedidati.com/En_us/Attachments/122018/
http://anekasambalsambel.com/iUrjj-LUtEhHJFYSX8vo_MXTrakLM-kr3/
http://arctarch.com/EN_US/Transactions-details/12_18/
http://artvilla.pt/En_us/Clients_transactions/122018/
http://asndoors.co.uk/US/Clients_transactions/122018/
http://atpscan.global.hornetsecurity.com/index.php?atp_str=afW-6ROPadYx-4dieFO4DbV3E_xmH3-Ype0mHRlsyEuhwsqoEEbZLBAFyf6_bDLJTeSgdUgEyMXaPYm1fSyHXkyYLPVIFpr0HnjO3w92Mx4BQEA-rhcuJBljF7xs-IE79eIg5O9B_HcFg9yGyzdkrNZCo-SWcS_BoDLiAxLFFlgCcV-hkcqKgjzMXADBPvzglcgSAECd8rV4If7NGCqKrXPrWLYKMZxYJHyncp2kIgW8_RjSDCHhxD9niYyJJb1joVi-Wm8urvrdOP7bVNkrinv2G2ef433YzWETxfWlzGfnEHNQbTdBrST1zV1HNcyRnd3TVjwjjWn-3c5iRkyWIDuG4saguSDuVUDmDSM6OiM1NjA1ODY3MWVlZDYjOjoj2oG-0aPVYmvMJgGU-mi8Gg/
http://aural6.net/En_us/Transaction_details/12_18/
http://bendafamily.com/EN_US/Details/2018-12/
http://blangcut.id/wp-admin/En_us/Documents/2018-12/
http://bluedsteel.com/En_us/Clients_information/122018/
http://booyamedia.com/US/Attachments/12_18/
http://budmet-bis.pl/EN_US/Information/122018/
http://buenavecindad.com/Beyi-dDFJ4Q0oynTmCK_aDOCwNOBO-vPv/
http://bunonartcrafts.com/EN_US/Transaction_details/12_18/
http://buysmart365.net/Iszk-KcJHmF6Gslh1OJ_JjGVIrUGT-rSO/
http://buzznino.com/wp-content/Dxnj-fbu01e9R6pPCCD_GZYSAiEpm-M4/
http://carefreepet.com/US/ACH/12_18/
http://cenim.be/En_us/Transaction_details/12_18/
http://chainboy.com/US/Details/2018-12/
http://chems-chaos.de/Telekom/RechnungOnline/112018/
http://consultor100.es/En_us/ACH/122018/
http://craftww.pl/eCoD-R10XXCMZkZLMXXj_YlxfentIo-O0/
http://cyberholtkamp.com/En_us/ACH/122018/
http://dcaremedicolegal.com/En_us/Clients_transactions/US/ACH/12_18/
http://diclassecc.com/US/Transaction_details/2018-12/
http://diligentcreators.com/US/Information/122018/
http://dogooccho.com.vn/nctCc-hmPKMqJV2SPQwBL_eTlJwUnEZ-ew/
http://download.ipro.de/iban.doc/
http://duansunshinecitys.com/AaVwG-BcmeAw9x3iMnAT_vDPnBLhHJ-aNn/
http://duvaldigital.com/En_us/Clients_Messages/2018-12/
http://edtwodth.dk/Telekom/Rechnung/112018/
http://ehangar.net/EN_US/Attachments/122018/
http://eldruidaylashierbas.com/EN_US/Clients_transactions/2018-12/
http://en.worthfind.com/rMmf-k2whfGSKiAfCje_ItuhENMDF-uIi/
http://estab.org.tr/estab2/EN_US/Information/12_18/
http://flyingmutts.com/US/Information/122018/
http://fotrans.me/yFgE-BStj3QZl770Q1he_NYxpqDbE-Sg/
http://freelancephil.co.uk/Telekom/Transaktion/11_18/
http://game-wars.co.uk/US/Clients_information/12_18/
http://ganeshfestivalusa.org/US/Clients_information/12_18/
http://gapsystem.com.ar/US/Documents/122018/
http://glorialoring.com/EN_US/Transactions/2018-12/
http://greenhell.de/GtXuG-3Hz6L505UHRnIk_lactWOFx-3Cx/
http://greenlandco.kz/En_us/Payments/122018/
http://guidescience.com/US/Messages/12_18/
http://guiler.net/Telekom/Transaktion/112018/
http://haron.co.tz/gNqc-w7o8gjh8tMoErPH_EUzQRNEtO-HBv/
http://healthdept.org/Telekom/Transaktion/112018/
http://heke.net/BvufK-CQYuuxft7rYk3u_LDPLWYJB-rHv/
http://hockeystickz.com/Telekom/RechnungOnline/112018/
http://holosite.com/En_us/Clients_information/122018/
http://hopegrowsohio.org/En_us/Information/122018/
http://horticulteur-lyon.fr/libraries/rZUQ-TkVN5C1ISmok8II_nuEXrecPs-9ZZ/
http://ibnkhaldun.edu.my/iUxw-i5OmJSC3FGaoo1T_WNhxTEPMl-zM/
http://icaninfotech.com/Telekom/Transaktion/11_18/
http://iconwebs.com/Telekom/Rechnungen/112018/
http://identityhomes.com/En_us/Transactions-details/122018/
http://ifab.es/En_us/Clients_Messages/2018-12/
http://iknowseo.co.uk/Telekom/Transaktion/11_18/
http://indocatra.co.id/jFRHd-9JfSR5bP76FFSN3_elrPbTwUR-UpC/
http://inpakpapier.nl/US/Details/12_18/
http://inserthero.com/Telekom/Transaktion/112018/
http://johnscevolaseo.com/tthXj-PDQVBcFiBzMLXI7_eVntgJrT-bs/
http://johnsonlam.com/En_us/Details/122018/
http://kc.vedigitize.com/AOumU-9SSD0Fz34oTQndJ_mEDZEsQEd-Mt7/
http://kdupholstery.com.au/hRBE-UxzDyGn4vQ0PAnt_jcpUKZIi-Xe/
http://kennyandka.com/vNSOT-gbEq3x3Lr2byUYX_kdIFRRlDR-wb/
http://khoangiengquynhanh.com/caPuR-pnFjNduHJdf1Es_IkpLNeWH-ra/
http://kiparis74.ru/En_us/Clients_Messages/122018/
http://kirpichikblok.ru/aHuM-AqO6xyG9mx0YUW8_lJLTXnEJ-fW/
http://kpg.ru/EN_US/Clients_transactions/122018/
http://lakewoods.net/ZrQif-d2Pxuled8CNQHGU_NMeMeldrN-SG/
http://lifesprouts.com/En_us/Payments/122018/
http://ligheh.ir/djQkh-YYnUXWTZCFjt5L0_iyQAYZvj-9n3/
http://lomaent.co.za/US/Information/2018-12/
http://lutgerink.com/US/Information/12_18/
http://maartech.pl/US/Clients_information/122018/
http://madisonmichaels.com/EN_US/Clients/12_18/
http://marisel.com.ua/GSiA-baWrYXyQ03NmZqc_NTQCiTyVA-0ML/
http://megascule.ro/qqSZU-Si6dCJeOusaTyku_QCBtYmUm-Ne/
http://mindymusic.nl/US/Information/122018/
http://minterburn.co.uk/JvGW-iLA2arM5E9QUJ5N_thUqveRU-nC/
http://missvietnamdc.org/En_us/Attachments/2018-12/
http://msuyenenglish.com/US/Clients_information/2018-12/
http://myfreshword.com/KvpOo-MVm2pBGUyTUhDD_jOyPlmeo-q90/
http://net96.it/EN_US/Payments/122018/
http://ngayhoivieclam.uet.vnu.edu.vn/wp-content/tJgs-HhuzPXVeO2GSVx_obQzhuFx-5lV/
http://ngobito.net/UEOqe-AQG70sAnkkh898_ZxOuCFnSi-4bO/
http://oldmemoriescc.com/US/Documents/2018-12/
http://olsonfolding.com/wp-content/uploads/PFGt-MmLqbTTe30Vuya_oQKMMJCgI-9C/
http://palmtipsheet.com/En_us/Clients_information/12_18/
http://pelagiaflowers.gr/US/Details/2018-12/
http://phitemntech.com/US/Clients_transactions/122018/
http://plushshow.com/US/Payments/12_18/
http://pm-obraz.com/EN_US/Clients_information/12_18/
http://precisionmechanical.org/En_us/Messages/122018/
http://remstirmash.kz/fzMo-SisndIMtsIDcZm_ZSHhVbUR-tBi/
http://render.lt/pano/EN_US/Payments/2018-12/
http://reparaties-ipad.nl/US/Clients/12_18/
http://rjm.2marketdemo.com/En_us/Clients_transactions/2018-12/
http://rmdpharm.com/xTvsc-7FJpt3xFbey7px9_WVZBXGxl-TFp/
http://rockcanyonoutfitters.com/giTI-0lKQZUGKdFjc9rz_rZFtOXfr-wpP/
http://sakh-domostroy.ru/gnfR-W2y6H0J850XX6NY_ULkZoaZDP-ra/
http://sandiawood.com/EN_US/Clients_transactions/2018-12/
http://sciww.com.pe/En_us/Transactions/2018-12/
http://secis.com.br/En_us/Information/2018-12/
http://shoppinglife.it/fqAsi-rWLnYldq2pL3AHZ_MMkESAdCn-zH/
http://simple.org.il/En_us/Details/12_18/
http://site.uic.edu.ph/EN_US/Clients_information/2018-12/
http://skytango.io/qkqT-f3Abe4ucV3auWr_HNTSEsmWX-Ck/
http://soyinterieur.com/En_us/Attachments/2018-12/
http://spot10.net/zWYY-c4g6ykTIYUVIMX_AcknPbMSm-d86/
http://staging.net-linking.com/mhUJ-Gq4iFFW4lOAsOA_zanfnuXl-0Dl/
http://strike3productions.com/En_us/Clients_Messages/122018/
http://sugandhachejara.com/En_us/Transactions/122018/
http://sunjsc.vn/raBr-3p645d6Tylf11E_bzFlzJbv-dd/
http://superla.com.mx/nYgWd-Uk7s2DMADzxltI1_FwkdiAnAe-ufS/
http://surmise.cz/En_us/Clients/2018-12/
http://sv-services.net/aIBRR-TjFejhOHfA5tIt_QHaISHJp-0y/
http://tecserv.us/En_us/Transactions/12_18/
http://test.mmsu.edu.ph/wp-content/uploads/eWUUR-aGPpEzzZ2WNvliv_BUkeKyIzh-iOr/
http://theblueberrypatch.org/US/Clients_transactions/122018/
http://thelastgate.com/Nhirv-q14mmye0yPb8qnp_GZNMrAKSA-MU7/
http://theshowzone.com/US/Transactions/2018-12/
http://thieptohong.com/Telekom/RechnungOnline/112018/
http://thinking.co.th/En_us/Clients_information/12_18/
http://toolbeltonline.com/wp-content/uploads/hGTa-FSqOuv0XIxVEZFg_UHMyogsiB-ig/
http://topjewelrymart.com/jRFE-FCUkvUKQBUcFdeY_aIaCXolmO-Pr/
http://topsalesnow.com/wp-admin/En_us/Clients/2018-12/
http://tortugadatacorp.com/En_us/Clients/122018/
http://toshitakahashi.com/US/Clients_Messages/122018/
http://travelsureuk.com/Telekom/RechnungOnline/112018/
http://unitedtechusa.shamiptv.com/uflL-PurSbqRpMaomn9_ZOZpAFHcd-PYW/
http://utorrentpro.com/noAlt-y50uI1iINQFzAc_BiLGLoEy-BwG/
http://vicencmarco.com/En_us/ACH/12_18/
http://vysokepole.eu/En_us/Clients_transactions/2018-12/
http://webeye.me.uk/En_us/Clients_transactions/2018-12/
http://wp.buckheadfarmcommunity.com/US/Transactions/12_18/
http://www.antichisaporishop.it/EN_US/Transactions-details/12_18/
http://www.consultor100.es/EN_US/Transactions/2018-12/
http://www.devadigaunited.org/Telekom/Rechnungen/112018/
http://www.diligentcreators.com/US/Information/122018/
http://www.estab.org.tr/HPPX-heZy9ExKCuJ417_AvoNJeqoe-MA/
http://www.fyrishbikes.com/PpmK-S9B4p4nQLYBIxV_IWnbSWtx-rj/
http://www.haspeel.be/En_us/Messages/122018/
http://www.ldxquimica.com.br/KPHa-5mBs6E89ijjzCB_mBvftWvR-rG/
http://www.libreentreprisemagazine.com/En_us/Transaction_details/2018-12/
http://www.limapuluhkota.ldii.or.id/En_us/Clients_information/12_18/
http://www.maoyue.com/Telekom/Rechnung/112018/
http://www.meblog.ir/Qyon-HAVByxkoXRhsl9d_LerWQCATw-yl/
http://www.mingoy.com/GOlow-oNMQ3JQHVfNcg1P_AluCfGJjf-GF/
http://www.moinetfils.com/EN_US/Payments/2018-12/
http://www.mpaagroup.com/alBH-yTbJfc6VxKO1Xk_ItgOJcHJ-XFy/
http://www.newhome.in.th/Bkwfy-9VXwHee4DVoDkJV_CpVVMnij-Yqg/
http://www.nosy-bleu-peche.com/quuA-seHEGSoUG0cnu2_tzKwUVykM-kVO/
http://www.rnosrati.com/ENYl-f8GN5VOFVNPTat_CDJBKWEDn-vz9/
http://www.sevenkingdoms.net/TqWFs-aGYHavmqlE5Wbx_vcJxTwWza-Iu/
http://www.sial-healthcare.co.uk/GxZp-oczyr74mcUTZg4_KMcFfxVb-sOu/
http://www.soyinterieur.com/En_us/Attachments/2018-12/
http://www.sunjsc.vn/LTmgM-aUzzJadtHREpNY_QUHIKCFcj-5n/
http://www.topsalesnow.com/PrrW-Mz99gx3sWDKeMX_mJCDYUjEQ-KR/
http://www.trinidad-scorpion.cz/yXjD-sTkvFZzDcwBAqN6_hxkGunbvh-BtS/
http://www.vanmook.net/EN_US/Clients_transactions/122018/
http://www.vidrioyaluminiosayj.com/LOojS-DZJSiNN58uqIBZf_hpRpkLoN-K6p/
http://xn--kadn-nza.net/HaOl-LBcKKamKDMJGbB_OelDuKsr-nVa/
http://ygraphx.com/fCUzR-egoEybhdOLnMjK_RoLfxLbB-aO/
https://download.ipro.de/iban.doc/
https://ninetynine.nl/PPisD-DXU4Qkp3Kpf6iA_AFsKekUh-TZ/
https://u9036497.ct.sendgrid.net/wf/click?upn=-2BWcwJ-2BFRS1mIfKaydjpalsCE0N77DNrfweUkfWs45CNJvCvPHsYNEVbC1SQ-2FuhOsKVA1frYzF8QlBer0Ugs5Qg-3D-3D_re3f-2Fy4mtwTilZecV7uN0-2FS4A03Sm-2FnJqxIV-2FaTECq97NmVbBW2cZrjaomZw-2BqXGTWgOLv953LLk8oGeD5E0wlrAWTc3wwkPAU2Fs9XkWit8oQzekgf0Qwuk9jPTIMHuSzH9y7MoAmhH5C-2FehYZ692L0e6MltXbQRlx8oy9n2xBVymhr-2FiQeWuTq5yeZssLjSYWlXh9w8cK2ScVjg9lqw-2F6aB9joyRfZw3hVLzfT4tc-3D/
https://u9036497.ct.sendgrid.net/wf/click?upn=2l6-2Fvs2RAffpoGYgNTsFlkmhekuUT8V3oW8lKXGplEMFp9zu1jJoPGe-2B6qBWZppO_kKLYQ91ZFOe6ryzRU3CXyoEVdnI3-2Bv2dFdQCJMgqGCdF3DYZtvAFwrzUvHqhhG0-2FM64ueDidTxrZHIOLQDA-2BVoh4eOV-2FkiZZQe8BKB48HmVaxFJ4VvwOh03-2FEstf5g5g5z2LWK-2Buf1DAse5SII-2FYTjnorEPrhm0TG-2FGh77Gf-2FzVPBkayck13CNC9uQV1s26xevYiecNRKMEQlhaHJHReYQCSBrYnUI7OcmjjgpZrORA-3D/
https://u9036497.ct.sendgrid.net/wf/click?upn=vM9v-2BhGVJJ-2BEF9KrwxfxXGftCnr20TjHo1dqljGq5KW1Y5Sm8fD7iGbIBU1WGlh9vPdIGsl6p7r3UBGTIN7rIGrMG7g4pIxFoHb7OfyYpYE-3D_YQCVZZpiAmrJQ2VSLoqtVHDWagJLbSBz2J1tvEjnASqfH4CHHzlOEdwaR4hA3ioP6HfLXMreULMgZlH4zy9a6Q-2F732HJRyI3bAOq-2BoHwd0lT-2Fa0Q2BB7Y2VCEMRMcP-2Br1jyRgDLbYOi-2Bynwq3abbZLkSVS0UbF4lphHrdejx00R3SSBUzRa7OPP8kxbs4WtPFwms5a8Dl4xYIMUiqAhIT5t110T0vd0L27SATU6gM4b9CJQ9VHrkCYoDIGQEiX2I/
https://u9036497.ct.sendgrid.net/wf/click?upn=ypLo5JAcHWIunawgkKPjbzShEPZiAV7BH7SJL8gX5DPR-2FDnlGd7fIkEAZZ-2FjIrC3D05bBokWMbttI57orBhE-2BKH13GVpF1C9BK0LMuHYH7U-3D_Dg81ABInDQL2l3NvEQmCJfZ5-2FEYgFawyqFt-2F7ISCl66rZUqN-2BhHg61s6GIiuUzPZYKI2n47nxjL4-2FRw3CW60-2FPi-2Buvm63-2F0qRtyI1UmbS8m-2BlPEB2IvpD2ZXqlgCI6ZgtBGOk57rNPYZfj9TqR-2B4-2BM4LAJUYAeiDn5hnXBvlzzhmP9vYVGguOf1U9hbR63vcOBS6feaqPITEjg2fuKHdb52Ahh-2FTFC8RMvOR-2FeILx1A-3D/
https://url.emailprotection.link/?aKxjvLyoPYXtVGu5Q_D8bZSwDb0hgvnCRiSibN9-CBYq91hpXUmR7ome-mZbzhY1ApieNT8DMH1EdmhS3HItO-A~~/
https://url.emailprotection.link/?atntITzUZKrzlq2yxh4G4S0BQFdZEyF3vmQNnVj37m-zR1c5k8zVdGhrkhC1dorKRElJyG1ggv_ud4UZHQf-AoA~~/
https://url.emailprotection.link/?auN3ZqjjvuBgWjSin2WSxj8NMGM2GFzyvO5cP19V0eXhyemjWr-Oz-t8EPYieXTXUMYM-qZ6Z8xyWJMu9vOwgFGKY1i7rn-1RjxJB_zJseVxzfvEK9dx0BEfUDiQFX-iO/


```
#### Epoch 2 Document/Downloader links seen for 12/14/18 ####
```

http://162.144.25.178/xpRM-ApFfIbrJRrF8YG_YksSDhKc-gP/
http://162.243.7.179/wp-content/themes/alveophase3/msf-files/VQma-IKShnUmUompQd9_OZuwJFmu-MX/
http://2d73.ru/seDRp-BJbMOpte0gl2piJ_LDYnqynC-Um/INV/84676FORPO/23017603960/LLC/En_us/Question/
http://35.242.233.97/InvoiceCodeChanges/scan/US_us/Invoice/
http://35.242.233.97/PhVw-B4imOOgsVwgNuKk_BJfLDKbr-GI/
http://82.196.13.46/iFOSm-AevGWTXvdNM9Kf1_iNrPLOSUb-RvU/
http://abcdcreative.com/8191189/invoicing/Corporation/En/Invoice-86891970-December/
http://acbay.com/bdqAt-aSq3ybEQXsB0nv6_CGnNCyvEi-q6v/PAYMENT/Personal/
http://actron.com.my/NQyIS-X74zWR5Y15WIlmU_NDrWyuRth-M58/PAY/US/
http://addictive.de/VrFk-lCAy3xk5penZ2j_qFLqGzDBv-gHn/ACH/Commercial/
http://adsense-community.info/FPVGEOIJ8239865/Scan/Zahlungserinnerung/
http://adsmith.in/Tquk-aYR4R2BT3nsHWV9_HxsuQtsf-GHJ/oamo/Personal/
http://advantechnologies.com/InvoiceCodeChanges/INFO/US/Invoice-19545115/
http://affordabletech.org/EXT/PaymentStatus/default/En_us/Invoice-for-f/b-12/13/2018/
http://aiwaviagens.com/92995879/SurveyQuestionsDocument/En_us/Outstanding-Invoices/
http://ajosdiegopozo.com/OJhNz-1KuIKUyPnJNp7n_NGyDRsGQM-8d/BIZ/Commercial/
http://alistairmccoy.co.uk/hxoMK-0UaFgeRod5GKKy_SDuySbTe-Ars/PAYMENT/US/
http://ambaan.nl/eLmbg1VFk/de/200-Jahre/
http://amturbonet.com.br/WdPX-B5HgrQSZcBtk5Ph_kmphzXnpk-R7f/BIZ/Business/
http://andreiarocha.com.br/default/US/Outstanding-Invoices/
http://anhtd.webstarterz.com/oPet-gLE2M09d3Gk4iW_TDWGnCKY-XE/
http://anja.nu/LXCJ-Yfkdih3I8qVHGB_LHdzTQBtu-kaR/SWIFT/Business/
http://arina.jsin.ru/Invoice/2443199138016/default/US/Inv-714414-PO-3N854479/
http://art-dshi2.ru/VBTmi-EDBoQjrAN6ZU4A_lJccCOBqA-GSb/
http://article.suipianny.com/LJDNt-3vvPiypGGfV2g2l_sMyhwLtdo-bm/
http://askhenry.co.uk/blog/upload/PaymentStatus/newsletter/EN_en/Sales-Invoice/
http://ayhanceylan.av.tr/chOX-qkt3Ds0ZNyvGRX_trnDihon-Jv/
http://bathontv.co.uk/wcQWO-KRTnhp5Mu1jszyc_uTwHRwYlC-SY/biz/Business/
http://bearinmindstrategies.com/nBGJn-3AaQgSq4yRzcU2D_PdligIKyK-pA/SEP/Business/
http://beldverkom.ru/Dec2018/En/Sales-Invoice/
http://bike-nomad.com/AHhOJ-Ubj7G3Ys09rw3v_UfEzDfCwv-nW/biz/Commercial/
http://billfritzjr.com/1QebEVBvcfE/SEPA/200-Jahre/
http://blog-altan.estrategasdigitales.net/wp-content/uploads/PaymentStatus/FILE/En/Important-Please-Read/
http://blue-auras.com/ImlllOiTqCOBqFXwe/de_DE/PrivateBanking/
http://blue-print.fr/dSKew-Vyol6dGedfeeuC_BUBiMfPP-6P/
http://bmdigital.co.za/EXT/PaymentStatus/FILE/En_us/Important-Please-Read/
http://bongdacloud.com/DE_de/NIVRERAN0831955/Rechnungskorrektur/Zahlung/
http://bosungtw.co.kr/RVDD-261HVVfCH68wjM_PfEltUOQU-9T/BIZ/Smallbusiness/
http://brauwers.com/hdlwF-LLI4jDGRbWmw4G_dCSFzIdSd-KG/oamo/Smallbusiness/
http://bridgeventuresllc.com/aPdUX-SDYJ4fEe3Ex3JPE_nUWQqBMD-fjE/
http://bylau.dk/ysTvd-q4YXX1dweljReV7_kTrzeLdu-tIQ/SWIFT/Commercial/
http://cafepergamino.cl/AMOvE-9hrgplpHddEYZ4l_rXoIIQliz-tPF/
http://caigriffith.com/xpRM-ApFfIbrJRrF8YG_YksSDhKc-gP/
http://careplusone.co.kr/IVNsw-ZkgmcyCf1XAhV4E_rxbkyQNX-Bt/PAYMENT/US/
http://centraldrugs.net/NJyTU-fVH063bHPftIsH_RdLIBVED-XA/
http://changemindbusiness.com/ACH/PaymentAdvice/Download/EN_en/Invoice-Number-392688/
http://chiltern.org/bOPn-y3phMMDtI14rrg_curxabBIl-Cz9/
http://christoforoskotentos.com/LdPlB-12Eo91Ka8NLVPA_jpUrKJsyw-RDj/
http://ciss.mk/sj/wp-includes/bMbt-Pw9oZNghp53S9v_CYLaqbSzK-On/
http://colbydix.com/RbZg-Z4GHm6qTwFqYnr_zUHutehoY-6Y/
http://congtycophan397.com.vn/tlBtI-3Zgwr8h7d6TnEY_ezEbzsyhb-JT/
http://corgett.com.br/xbiU-7zT8dgDmCU7JfK_TMnatCpgl-E1W/SEP/Commercial/
http://cperformancegroup.com/BpQ1L0fNMyuDKbIDdI/BIZ/Service-Center/
http://cuoredigallimascia.com/EXT/PaymentStatus/Document/En/Document-needed/
http://daiichi.com.tr/Inv/500543152/Dec2018/US/Past-Due-Invoices/
http://danceclubsydney.com/wkDg-2djYCB7Uc4Ufzq_DBPlsyuz-Hm/
http://dasjoe.de/INVOICE/scan/US/Service-Report-0730/
http://dayahblang.id/ACH/PaymentInfo/Document/US/Invoice-Number-613259/
http://dayofdisconnect.com/Qhhj-oMBb97Juho6PQ8_BgDUudcOM-VS9/
http://deepindex.com/UqzU-x1EtWxj6dLSsv1R_FscizTrW-uv/
http://delphinum.com/ybIWhnL7FJc3RahOJ/de_DE/IhreSparkasse/
http://designartin.com/Inv/558633510305146626/Document/US_us/Invoice-Corrections-for-13/57/
http://dharmadesk.com/QjVP-nfjcJSn1icJtHJ_thCAjkLO-e1/
http://diamondislandhcmc.com/VpcwD-j79SPpvf2ZRyeT_daSaWufG-fy/
http://diocesedejundiai.org.br/ncrRp-85q01ZZiy0ogAF_fKbHEdhMa-vQ/
http://dirtyd.ch/AbZr-EJuCPqXSAcwszRe_BfJNrekrd-Pl0/
http://dixiemotorsllc.com/bWeox-KjJnkKl2uaqaEXI_hOtzYbMkB-fLA/
http://djeffares.com/FgNMx-ZuGM8zPHFJqqxe2_ZdQyjMWJY-Zfq/
http://doncartel.nl/aAzw-Wc9UZ0KvYSWVoK_kwewZEDk-k0/
http://drezina.hu/GFKb-YtuLNpitEFBVIRn_JCUWLuxO-D5/
http://dwellingplace.tv/LrIM-zdG177rqk094dpp_qAEBepkL-2Y/
http://ebmpapst.online/wGlWf-n3ZFE26AqTtrlyq_VAvDmDbU-yf/PaymentStatus/xerox/US/Past-Due-Invoice/
http://echoz.net/OlFE-6697yHmunric27_PDcqGcPz-6C/
http://eclosion.jp/YSIR-kUVDEYW5PWtXkF_IaHwAtyt-j3/
http://ecvp2009.org/xerox/En_us/Invoices-attached/
http://ellajanelane.com/qOCvw-MxK969UQ2LP4sOR_LeqBWXher-IV/
http://envosis.com/YGbZp-XnDzxR51xqcKsM_dunBxmBaQ-3Z5/
http://escamesseguros.com.br/wvvw/InvoiceCodeChanges/Dec2018/US_us/Invoice/
http://evayork.com/zsyvF-H0B6fqM72TEuq8_JEeSofrg-rrV/
http://eventosolution.com/Dezember2018/PORLYZT7642128/DE/DETAILS/
http://eventoursport.com/XnIB-cJBFgGFH5gkhJk_rDiBbFys-8Zs/
http://everett-white.com/MxoSu-cA8a7UvLDVcElb_ELLxdqfA-Pl/
http://evihdaf.org/JLIfG-983JsUEHHTaEEnU_VgmOkFDLD-eEB/
http://evoqueart.com/Fgnjj-J6Eg4G8plmoI66_gdCYbmSiW-9i/
http://faratein.com/liMyA-vWHkzpIOZ0Sl89F_ALpGToYn-4L/
http://farlinger.com/pJHp-hwXVc2V6GqowVXl_dKtEfeIa-1W/
http://filipesantos.com.br/MGRN-57YVdCBUltWqSlr_CdoSsAXs-EpG/
http://finaltouch.al/14259874608/SurveyQuestionsfiles/US_us/New-order/
http://firemaplegames.com/CKhl-Q60awPKKA17j6mv_GylTFWfTp-rr/
http://flarevm.com/zuzN-TUaRvnvVVZXkSS_VyiogAYwY-O3/
http://fleetceo.com/KFqO-yoPRsq1lbfOVKe_GDUHdonWv-L8/
http://fomh.net/VvuPz-5RzdNJT9ZWNPQC_eHHGFXjn-Kxx/WIRE/US/
http://fon-gsm.pl/NoYAp-mh5uRhPkQj9g1e2_YEMJTqfZU-yP/
http://fotofranan.es/KBTK-7nvCBcU9ujAK4kw_SJgZeOyh-u2/
http://freelancer.rs/rxZMj-1JLOrP9ig1ASzl_OWcccRIuj-zZ/
http://frog.cl/xhaIZ-g5BxV8zdtEG2rk_OYMIWjBt-lMC/
http://fullwiz.com.br/ycOMn-MhEm6lpbicZMqcl_jnxdkTfNi-VeN/
http://gandamediasolutions.com/FrIGL-ODDOAA24NLeMVB_cIxjUBvB-WEW/
http://germafrica.co.za/RNova-FrEWfAgx5PII9I_hrbYCTUUx-X9V/
http://ghassansugar.com/rTc97m9FvSK9/biz/Privatkunden/
http://ghoulash.com/poZHO-h1mmgpuY8aCLSe6_AYQvpOJyb-bw/
http://godfreybranco.com/Invoice/767420472/Download/US/Invoice-receipt/
http://greenhausen.com/QSJL-GBNjGBqX6WDsYYX_GSlnWIVIF-ea/
http://greenhell.de/LIN857hyNQSt7/de_DE/Firmenkunden/
http://greenplastic.com/DE/QVCAASTAA0001265/gescanntes-Dokument/Rechnungsanschrift/
http://greenplastic.com/radZP-QfBLLtAANeFCxr_nEkiwSwz-T1/
http://guiler.net/gFZPj-6hExfppANWpPADl_JyGxilkJ-5P/
http://gwenva.com/XcODZ-ziZD6oqTedyqPw_zTPDNiVK-NU/
http://herbliebermancommunityleadershipaward.org/Inv/0646711201472323/DOC/EN_en/Paid-Invoice-Credit-Card-Receipt/
http://herwork.org/JDIP-x3takXfIgITGC8_DYwTKpPb-xFR/
http://hitechlab.pt/fRhw-cVI7rQaNqNRBml_VZOMvzCLg-AI/
http://hongshen.cl/jQVKf-RSG8YpInQI8P7GS_VpUNSRlJv-6n/
http://hongshen.cl/Xj9CvnQivy3k3/biz/IhreSparkasse/
http://hps-sk.sk/boHj-qwNSBL33lOqC6XH_bFPbwJUxb-5D/
http://icb.ghztecnologia.com.br/de_DE/RLAUGODVU9336094/Rechnungs-Details/Zahlung/
http://ifcingenieria.cl/mDpJlAz4Z/de/IhreSparkasse/
http://ihaveanidea.org/wwvvv/GSmGc-aO9QIk8fxOQuLY_oFdaWXJEf-2I/
http://inday.webs.upv.es/jSqU-ISbOIRAL0Vt8ac_YEBegqcqR-stO/
http://indocatra.co.id/Document/En_us/Service-Report-45093/
http://informlib.com/YYCx-7NWTxbZqf6BPxZ_HpDqCWQU-Qs/
http://iw.com.br/imnna-YkGrx09XxIkUPd_ZHrKVtmhz-O7I/PAY/Commercial/
http://jbtour.co.id/NgNC-puhTMZx2vI0qFs_fCELPuQA-k99/
http://jjtphoto.com/ydQb-ieFeBv72Ueqcqq_fFjqDXBc-30/
http://johnnycrap.com/RTPIP-3k3E0kqrz4oJdA_qWehDMWV-LZ1/EXT/PaymentStatus/DOC/US_us/Invoice-for-w/f-12/14/2018/
http://jongewolf.nl/UBEiC2eok/SEPA/200-Jahre/
http://kadamfootcare.com/INV/9340968888697290FORPO/1162561821/FILE/US_us/Invoice-Number-63965/
http://karmadana.club/EXT/PaymentStatus/Download/EN_en/Invoice/
http://kaws.ru/gkiK-Lb63I0jpGuR8yx_wgQJfxNX-cF/365166/SurveyQuestionsDownload/EN_en/Invoice-for-you/
http://kellydarke.com/Ref/01744705100225485534Download/En/Invoice-95729781-December/
http://kingswheeltech.nl/cfBrv-6ChUqdXGdd6PaV_UcTrPIxgz-yd/
http://kkorner.net/czRv-TPCxHYXPm24aIa2_JgDIDHLg-iO/PAYROLL/Business/
http://kosmosnet.gr/NvWo-qAAfnokp1u08Cx_daTwefcFU-sM9/
http://lacadeau.in/De/KTFUGU8738502/Rechnungskorrektur/RECHNUNG/
http://lariyana.com/Ref/46704734556DOC/En_us/Outstanding-Invoices/
http://lesamisdulyceeamiral.fr/ErNrL-hdVUwA48qZ0LfK_DfndWcaoo-C5r/
http://levellapromotions.com.au/RglK-g52B4wOQLpqIrHS_xZVmERjPg-JG/
http://lifecycleeng.com/WaESv-9aITEqtZRD3SDhy_lzFKrgoZ-N8/
http://limaxbatteries.com/13506260511454138973/SurveyQuestionsDocument/EN_en/Document-needed/
http://limitless.fitness/Hjqzh-QmO7fScXkkzZps_jiCwmIBf-61S/
http://litecorp.vn/Inv/619359966458321174/newsletter/En/Invoice-5437507-December/
http://loneoakmarketing.com/Y9rlh39Za1Z6fIF2NJO/de/IhreSparkasse/
http://lti.com.ng/GwHVy-4dU0NIVDHhlFx5_UdaIQkZCT-vEO/
http://lucdc.be/qc23bRfMDRdaR0neyw/DE/Privatkunden/
http://magic-garden.cz/INVOICE/scan/En_us/Invoice/
http://mahestri.id/ACH/PaymentInfo/doc/EN_en/Invoice/
http://manianarecords.com/INVOICE/Download/US/562-64-458234-692-562-64-458234-386/
http://marthashelleydesign.com/btCcW-BXiynoSLLAF9iSW_tWioyzeZO-YVr/
http://medpatchrx.com/6Fqd47epBFymYjzq/de_DE/Firmenkunden/
http://meunasahbaro.desa.id/ACH/PaymentAdvice/scan/EN_en/Invoice-receipt/
http://miamijouvert.com/LKvX-S6sGWHH8hrVgjG_FdrczpnqO-5h0/
http://miketartworks.com/RUJbl-sFFEHelC11it2U_ypztYckAR-ikh/
http://miniboone.com/Dezember2018/RFIDIDLMG4318849/Rechnungs/Zahlungserinnerung/
http://miniboone.com/VZIxX-FD1mnOuFllPh2F_cRqSaxDne-dj1/
http://mofables.com/beYiE-HWIb1qfIXT339GW_HfiEhCSwm-OIx/
http://mofels.com.ng/uJgrK-0dDIpPuBcYzup2_pJMrrvwOu-yi/
http://movil-sales.ru/jePAx-6mz3uC25K1r5bLW_XzzoCLQxR-Gx/
http://moyapelo.co.za/EXT/PaymentStatus/LLC/US_us/Open-invoices/
http://mr-website.ir/MvLPm-W4QckhCIaWcHhq_frxYKVyLK-1vL/
http://msexata.com.br/tWEE-RsiAaS7uoyPffN_JHlxalLB-bE/WIRE/Commercial/
http://netsigma.cl/PgiA-cQ5U9EBDz5ZmI3T_mgTYJECE-OW6/
http://nierada.net/qZaD-JXl3uSaZOlw3ll_HEzbYOMQ-lk/
http://notarius40.ru/InvoiceCodeChanges/sites/US/Document-needed/
http://oikosredambiental.org/LjYpP-WYyyqGqGvh5WQPp_djtnHEYcY-8LR/
http://okna-remont.moscow/kjzG-uZ7MRJwDTey3iV_ojSjtWSnY-wCV/
http://olyfkloof.co.za/nTTqgFCzKKKsNYQyFB/SWIFT/200-Jahre/
http://omega.az/WRrUv-psko7sNrrXk8Ak_dJJLfueP-ZG/
http://oreliagroup.com.pe/yBHEf-gUuDTZHm7sLRkrK_yFRstgxrU-Zxg/
http://pclite.cl/lpWfH-bklSQf31o9cZZc_NVchGYhaf-HRP/biz/Personal/
http://pitart.gallery/25384524413355816548/SurveyQuestionsfiles/US_us/Document-needed/
http://planb.demowebserver.net/wp-content/ZPkiLjFq472tkwiW3YL2/DE/IhreSparkasse/
http://portaldasolucao.com.br/De_de/UNCMPH0898010/Rechnungs-docs/Hilfestellung/
http://pos.rumen8.com/wp-content/cache/Iuxz-HDQrOedZaOBkq7_lKFSxnHY-541/
http://pravokd.ru/jJQQm-ZodlwTdaDMB2gkN_HYZVAlZEj-TgQ/
http://prosaudefarroupilha.org.br/PaymentStatus/LLC/En_us/Overdue-payment/
http://prostonews.com.ua/ZhLr-hHO7Q6rbeXaGsnz_wvyMGjwH-1us/
http://proxectomascaras.com/InvoiceCodeChanges/DOC/En_us/Invoice-52710000/
http://pruvateknik.com/dJdPU-PPNxpq4VQGin9Y_DwbPHwqRR-BD/
http://psychologylibs.ru/9kodnpedA4F4bjAYry/de/Privatkunden/
http://qinner.luxeone.cn/CIro-Phn7KjFHVPxKXu_AWFpGOtMK-HeF/
http://raiodesolhotel.com.br/ACH/PaymentInfo/INFO/US/Invoice-66828072/
http://raldafriends.com/QNKNw-eDST5sDSmRBlHO8_QMuylddSF-6R/
http://revolutionizeselling.com/okBnD-POojYXB4mxT4Vl5_KSPWSmtpd-KI/Invoice/5153278/INFO/US_us/Invoice-for-w/t-12/14/2018/
http://riaspengantin-azza.id/DE_de/SOLSRRQSAM4156908/Rechnungskorrektur/DETAILS/
http://robwalls.com/TNpjK-7s9ay66zXTjWPx_jhRjwUFXt-JFq/ACH/PaymentInfo/Document/EN_en/Invoice-75343683/
http://routetomarketsolutions.co.uk/tOiSP-34sTJYsGIc11agQ_oZJrAAUQy-OVe/com/US/
http://roxt.com.my/ALor-iqu4v0Wxxb3qFYk_gTzixNwU-zmX/
http://royalparkflchalong.com/zKvuZ-ovRgpo753cYt6j_uYEwauCn-4GY/
http://sakh-domostroy.ru/gnfR-W2y6H0J850XX6NY_ULkZoaZDP-ra/
http://saxy.com.au/JotMX-6fe7yYmJQZlr0E_CfDVbuoGJ-TM/
http://shipus.net/BFEw-9mhkDwKsYDk1xh_uqDuhmzS-bap/
http://sk.news-front.info/quIiD-Rn48S9zj7KZkkl_fUUDQlNz-pg/
http://sneezy.be/ACH/PaymentAdvice/Dec2018/EN_en/Open-invoices/
http://sourceterm.com/FhlUk-XdrPq3aS123ZqIp_bHqfCJhTN-L4/
http://spotlessbyheather.com/xerox/US_us/Service-Invoice/
http://starstonesoftware.com/vwlK-3AHlv2GCuSjDc3M_LlOuinCEF-E1T/
http://steninger.us/CaDrn-FST14AAzSTY2qlW_CmBZVEePJ-Wbc/
http://steveleverson.com/Dzre-ziim4C25INDL2Y_JqqCxPUDZ-lu/
http://sublimemediaworks.com/Gjuro-FHzKfyRggui5kg_EhHcDpHq-CcJ/
http://swag.uz/HqXIu-l01bjNjcrxJzpU_bKdoPlbfd-Ymj/
http://sylvester.ca/TRLNM-hCMtrFKuKsWPUs_YIRmiMMd-g8/
http://symbisystems.com/gXRGM-gWCOI8tfAsVhRET_zZwadvHjw-Ss/
http://tacticalintelligence.org/SjyNK-xQu2D58So7hdewI_BxSYumYfq-yll/PAYMENT/Smallbusiness/
http://talajewellery.com.lb/Fvscu-976Dvu07XA9vdS7_TbCTjYAi-v4/
http://talkingindoor.com.br/THaZ-78esqgdOTpmqVOm_XPEQVJfXt-Jd2/PAYROLL/Business/
http://tasha9503.com/gvTr-MG7qNa3C1zER4d_jqYbmVHqg-NX/
http://tayloredsites.com/PaymentStatus/xerox/En_us/Service-Report-31195/
http://tayloredsites.com/pcisq-R3DdNLMKZ9HIJo_QvUVkHOPF-qx/
http://thecreativeshop.com.au/Ref/95535939768779329scan/US/Invoices-attached/
http://thehalihans.com/xiyh-RotPDKvZmEAVv5e_bPNeJTJup-Sx/biz/US/
http://thescienceroom.org/WEHL-l9bOlMuEIj5P8p_AgUKTTKE-QsD/
http://theshowzone.com/xUwE-xH85xQve1DQsLGB_ywBeVznUu-f5/
http://thestylistonline.com/BmlB-wM6QMa78Onh6475_iGfnVukhH-y0/
http://tinyfarmblog.com/TlwR-qHx2w80w7Hk1h8_fVscreqPR-Ww/
http://tomsnyder.net/sQch-pKactG8z8OkE6gS_zVSPnADt-mdA/
http://tongdaifpt.net/VQDt-yH8SdfYImTlW0rW_UnSoyITp-DJP/
http://toolbeltonline.com/wp-content/uploads/hGTa-FSqOuv0XIxVEZFg_UHMyogsiB-ig/
http://track.wizkidhosting.com/track/click/30927887/www.nextman.dk?p=eyJzIjoiUXVfQWM3U0FUblhkRUgybnJIT05tWHhwQnhFIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvd3d3Lm5leHRtYW4uZGtcXFwvTm1mai1FT2pTNlFMZjlFcmZmR2RfbWJWd3BXUExlLUtoalwiLFwiaWRcIjpcImEyNzA3NjBjMmJiOTQ0MjA4ZDQzMDAxNWFmYTRlMjdiXCIsXCJ1cmxfaWRzXCI6W1wiYzY3N2ViOWU3ODE0NmJhZmE4YTAxNTY0NjY1MzkwY2ZlYTZlNjJjZlwiXX0ifQ/
http://tracychilders.com/qiDIw-Fujss2ev2qZyzQJ_xHgNoLER-eXm/
http://trakyatarhana.com.tr/PaymentStatus/default/US/Need-to-send-the-attachment/
http://triton.fi/MQShz-8XlU5Ld9vMdFYrb_brLuRlOt-vUn/
http://ulushaber.com/jtfY9x3VTBqvYBT/de_DE/Privatkunden/
http://ulushaber.com/vzfCk-1fw668JKg5Wrt7_lHBrSIntg-57/
http://usakisdunyasi.com/TclU-txPBq7VWXsiMqF3_AtPzNUTDU-g3i/
http://vegasantamariaabogados.com/IAsoS-ULBXa3z9jGCISfR_UYqKmwvf-Pc9/
http://velvetpromotions.com/fkMJh-5JDK6MMvt0dAuS_fztaNhXb-UlB/
http://vindi2i.com.br/OVpb-FCmS4MdbNnj7HUp_WqLQGRqzh-C4/
http://wazzah.com.br/8sXLyJa4NZMccI6/de/Service-Center/
http://welovecreative.co.nz/LKpi-6L5uoKMEVzXrv0_aLQzCZsV-bg/
http://weresolve.ca/Dec2018/US/Overdue-payment/
http://www.alishacoils.com/eMFm-neZof0Z2uMZhnt6_XmrnQtDJ-WF/
http://www.armita.com.tr/IktK-1UsDtJ1FiZBttzl_vnURAHqZr-zw/
http://www.avele.org/FSij-VwO1UXAbvAIJci_iAlmSvlm-B4b/INV/0114687FORPO/150428293295/INFO/En/Inv-655722-PO-8M372503/
http://www.chammasoutra.com/uploadify/zIKqM-vdGAmMP0WzCWldc_ZqFGvnWcE-Zo/
http://www.chaudronnerie-2ct.fr/rLVD-6RB8aaRKt1bBmz_vZqrXLKX-7O7/
http://www.cinehomedigital.com/OaxDz-Tct8ujboMfNFSj_fWoeTSHmg-We/
http://www.ecvp2009.org/xerox/En_us/Invoices-attached/
http://www.fortifi.com/fUOvM-7uSJeF2VKT9jM3f_LwTyzsfN-ak/
http://www.hlxmzsyzx.com/ylTD-H9CNznyWRnna7e_xEjlixFz-qnX/6136794/SurveyQuestionsCorporation/EN_en/Invoice-Corrections-for-91/89/
http://www.katajambul.com/SAzbX-Earfc1lOaFslNL9_GfMRbtMr-9q/
http://www.kosses.nl/wgeS-7uPMzOb39dq22E_mNWzCmYJa-orw/
http://www.locationdebateau.re/ahuXv-IWHBd0p9rBLLy5y_wZrmwFtb-jy/
http://www.mfotovideo.ro/yCcmh-QFGA1F2w1bgUeE_IZbiJuEAR-SG/
http://www.michaelkorsoutletstoreptf.com/HDGj-rCSsATTE6GoXKC_RmvPYuuA-OEM/
http://www.moruga-scorpion.cz/gLXhb-7K91X8d7Ta3jNz_jRfYJEaD-oZH/
http://www.mughal-corporation.com/NzLb-0PU4SFdNUh6wluW_aiEdXLbMi-7sc/
http://www.nextman.dk/Nmfj-EOjS6QLf9ErffGd_mbVwpWPLe-Khj/
http://www.pentaworkspace.com/Ueitp-0soMBIhFVeKxSt_dFcgMlExa-QKm/
http://www.perthsolarcleaning.com.au/njpK-nJijnvAH5BGZd7_wBYqyMgQP-cS/
http://www.q-view.nl/SnyN-QaSCZSrt5JYEmUm_RvEYdTZZP-ER/
http://www.refreshyourteam.hu/NUbfM-yZB8OF1jEwpb9E_GEwEwgwlS-rRN/
http://www.rensgeubbels.nl/mIXOb-fWn7lu8K8wY1jeM_ftacUUWaE-GIz/60190/SurveyQuestionsDec2018/EN_en/Invoice-Number-247797/
http://www.reparaties-ipad.nl/vxXg-U9xPLQZ3m2ioweb_nlMNOlgI-JoD/
http://www.rumahsuluh.or.id/bbvSl-fwPfvjKFGqZUWUh_RDzsgMrKH-VSA/
http://www.tdi.com.mx/aVmyl-j2PvdURfk3C9DU_FOyDcthx-PD/
http://www.tintafinarestaurante.com/GGZg-3gG1i6jYjWpWB6f_pJvUskrqu-LpE/
http://www.trakyatarhana.com.tr/PaymentStatus/default/US/Need-to-send-the-attachment/
http://www.vn-share.cf/Southwire/963553843085660518/INFO/En/Invoice-54164011/
http://www.wmdcustoms.com/JUhlx-a5HNVpoEVfbRqgR_qLbSEVAr-h5/
http://xn--80akackgdchp7bcf0au.xn--p1ai/F7v8wBBYPOHq/SWIFT/Privatkunden/
http://xn----etbbfqobtix.xn--p1ai/IsSD-lXzcQ7FPQ9LkmJ2_PzKTjKmG-xx/
http://xyfos.com/PaymentStatus/default/En_us/Paid-Invoice-Credit-Card-Receipt/
http://zoolandia.boo.pl/gooX-AkBzDcjIYWpqjT_OfWIJPJF-zj/Ref/20067287Download/En/Invoice-for-b/v-12/14/2018/
http://zuix.com/NeJm-2AlmfFCmYdc7JXJ_YJkYgQJe-fM/
https://url.emailprotection.link/?aCvATdeSrDotPHoOyDzAUuueQW5HeydzaVDb4G61NRz9TJ4pu3vrdW2gk_UgJJtHJvldoXKokLWlGg2WthfA1I7gDaNtiHGXMiGgKs4uUYb9ZsLTOCUA73Dz_vDgYomoN/

```
#### Epoch 1 Payloads by Document SHA256 - All Times UTC-3 ####
```
Creation Time	2018-12-14 17:27:00
SHA256:
bbc128ef5505582c4532d06b2d09a8306ad1bbebf1b76ab8076d4036383e789e
9e6686e53039796475cfd978c8508b4655d5bff109211d00588e2fb19dde0d21
1935011504e11016ce69200dd37e1d92b3d4bea21d3409de4ef6aa75747b14fd
84f9789998f71a13de2a8ff11726c1909613fad616312c665402e50f40ce5c9d
06d8d454a45bb4fb02672ffe00d39c6c719c26850d7139615206b0a16b7343de
1c7031a108db22b1555b0d9275f31fd51f170a9335e43a083cc1eca9b476b7fd

http://sundownbodrum.com/J335NbN/
http://www.roteirobrasil.com/wp-includes/XEBv3PdHgZ/
http://rdabih.org/m7mnTYaIzL/
http://zavgroup.net/11D6PwFu/
http://stefanobaldini.net/DfSVLfsC6/

Creation Time	2018-12-14 15:02:00		(Eng - Light Blue)
SHA256:
29d0c514e40aee8bb59c88b7181603361986194983a7d07e5a73a6dfdd7927b9
218156efd31328489ccf927b21617aa77ed1a3350f44e24b50cf542068a51658
7876769282f169d618deee99fe99e30c7f81a439b11ff3b9dc852c011eb48ddb
94165d34277030ea8884effb1fad706702637312fdbf86fb0cff841e1ccc91e4
340cb9a9f7ba94093eb9be9e802e71808d0a48c30c17e591054daa3860784972
3b189f89456583bc813f39e92c673e747d51246d4821ab99e5dea77d4d21021e
48930bf49e335884a79e6cad01c39589c7cb56d914b0537e2fe19f09165a83d9
e612694bbd791ce52d570fe931a3b68d0444b50da5d47e717455d27ec8c8ef1e
de1020d2670f7c604424fa5c8a54ada2f5f6171d27d146c38cc0e27eca9de892
46f22a946cfa7a264bae8eac6020f68545779ec77349aed98c0a4bd54cd36979
9580c5869ba665d16edbdffd50d15d731819ca20a00b2b831b3c2f11dc4467b0
9dc729e8f1315c7c215038e8629ed5b0b6b2068d7751550107a7dba966abc2c0
318464bf477fbaa432edd2f94e9fe833f81f702ea3a72f057946f06288f17e13
07a0b1c66fabe2be19366d6562c70e3a0513c31ae8c878d4d630b3847318f814
0a1e32fced945acf1ea7aeae3da3ec3efaf754af5e5e8930077893b5c93645ea
54c350da8956d6575958a26b977d4aeebf1d6e274014721c7db255369a71759c

http://evihdaf.com/syXxoBHdX/
http://pingwersen.com/iZTVle9fY/
http://ibgd.org/v3uTuE3/
http://tevetogluyemek.com.tr/svnkBH2N/
http://inwa.net/rUGhAv6jC/

Creation Time	2018-12-14 09:28:00    	(Eng - Light Blue)
SHA256:
3ad118918283dd4137f06d32c8ab883813751ee28a3d7420904be422b37921e9
412beb5cc0c631abb2ea36ee21a5177816515872df3f76444a92e46696ed8395
01ab7f146b3f89aa83f4af0036d6288f399dd7763f338d560ccf673561f7662f
04915d72ebd2a6bf2dea750c520a116ea8ee5d09495784749c48f615f182f272
462f33e1335eedc23d28d53055349abae9cafa198693a8dcf1a9f02bb99079a3
b7a0f3bd40999296916f40f00df6d262be3143f0cde82732ea485442410a2b39
7fcd196f96a9740e1892b11a5a1b38255151cb273c67a0957866547e1662283f
82fc30ca9a29cf25e437da6c7f09b33de600393cd8138952cf1bb0770d33052c
a63fb48be24256e57df693851ded1b059fec7266db28fd288627fd826587361b
00bb4a90c611483084cb9bc695635332a32fa3cabe4782b7f1251544a5a0607c
571a5a83468e546684aade8a3b187770ae08d676a77ff60a8dc52594580a706b
12e996848e383497251937dbd06367a55ee59bf78afa8a07b44fd9e66b8d5f85
f6357aa6e785924c8cf81f3ce6560f3b85733cc063441de4d7f4b50cd30208d6
05b4ade8f5528da909092e30bbe0aea228f93d1b33fa557352fef2f4efd241e5
875b9ddf34f81f5bfcace0337f04a0258c0ebcfc9784882d1ee414cea58934c4
b1faf9d799122d8d908bec2cfc74d3c27e3c826e6ceee77580dec828010657a1
48028a1b813e4d7d2aad76bd1f4db44432956ec88c7a0050348e486c7f2f049b
bd6629104ef64696a4b2d477fba98631114ce3086570f324f476217ca0efe0c9
b442b5e7f45026871843f2c81d3acf7d278e2ec3b9cff161d45434837c99e260
54be118f983ebeaea06cc165574ed2260d2c0a5f2966e19b7a8c9ccab2ec7904
8223f946c7b5d7b89962e57ba710d5b9939f5ef5e117d4d5648c048157f26210
daf626c41861297d464cdbed1d16c6316ec9819f6cb101bbe966bddb16f5e8c3
6965f0f9fb015c71c2ae234c8928157f566486499282bf5d22e1afad8fc323e6
7eac18cab2205d94e5e5e0c43daf64cbab2e0b43cf841213c25ca34e8124739f
30c2efd3b25d24023c66e10fe5966ddd36fc4b92342677a009038f8f0c54c817
fb9ffbb0131924a9398631bcb99d8d2276abdeb46cd7349a818d7df0f27e18e4
302c48a05dd16441a940d2aef4f0be42ad8c90dfd4cd363286e3314e2eefb812
b22510e171a227e9de5721484ff869d88a03ab6d81131636543eef947bc58b98
2d81c83f83390b33cbc97987f8bfa63703b9149d94f635d21ff4a5b21ed90cb4
9c308963f25854d41fba8e0408f13d6ff6f6dc68d3035494a86d82f153ed242e
2d489d0cced3ead17d88ee7fad06d398c6b82d9b8922d00550c30c374f39c673
279ac06191ab8084dc33176151f2447bf1c58fbc70c3c41e98a1b9aa9478462e

http://intotheharvest.com/uhCNWggJG/
http://cperformancegroup.com/iQVXaS0c7/
http://inmodiin.net/XYif30g30/
http://aspiringfilms.com/ojrr87NY/
http://futuron.net/hcvcG59/

Creation Time	2018-12-14 04:25:00   (Eng - Orange Text)
SHA256:
3a09a6911eba817b75d0e8ca77b4ec38801ed32298abc1aac4bf651876f07da5
fc58a0bcba42ea86759dc87d92edeb315a6bbcdf425dac3873f7edb76ace54cb
121efa8dd8ab2b6b8ccedf86cdf8adc92d4c8fa3a125cb1365baa0689dccbe32
c82ce5f0c87040914d2de61fda28023b305811a871bf97a7aea8f884b168395c
7536dfce3e0c079a63cefd34b223e59b316ed9973d5bfb6ee3c98f87b9c41bfb
8fc7fe3e12b7aa73b40cce188527beed41e50730b4005032991b33845ec28710
ae4f6d22148c0134412911ef46fce2f34161d502bccce54a8cf3a3c04b1e5629
98eccee0c836b4134a4e23588d6023b66b8298db04325d6589b543cd24198de1
4621a7ae36f16d5de3e84745c041ce02391d38d473ca4fab571d7dbd4bb31cc6
d148a2cddf1344ac953d0e9e4f2329778c85fa04689957a759f8da74d74b5b65
b6f1df9851a715354f43a6491cc96024077d2dc260be1d9a4eedc8a90ccbd811
1c1fcce0d4ab00665131552b2ceafeff6ef19fb018266106fff1d96593cc44e9
7d1d4698b9c5cb0e668902bc16f277b68ecf8932d901058bdfda6eaa5ca036c2
a381b0a8312c335ea241abeee0ed8dc43da24efffbc2807d11e27b59902ed415
44d7c346c8996b0859e5e9d44fe1c52aa05ffdd47141a3120689fb984a5e05eb
33a54144962b3ce69a0ee38ab1eb36758204ee2392942b9e138631bdfa52b425
65dfb589f6039f0212286757e1e27b157f86b91e9a18250c1d02cdb8399c873c
7570f9a5b5322c91e2a9c82bbe4418b83389c54b3258244272548b25a4853a59
5d78fcfb2f17beea18c8f596c960487e3f94c31f340f5959fb2cdfe05c633050
726cc76512a2e66ae6fc2fb1c82522703a5290c433cecbe5ac1f6f55714b87e9
cfb0a0b37ad59320ce06fe2b1c2cfe655e7891de1557b09fd9757e891cfc2e09
a7de9bebec13d17c08d2b86a8f7702f89e6e42664cc6c71f664348f192a4a360
6f873e5dfbdc981b78c412e2c9f5d21eec4451542e8f2798867d3c6cb6633c59

http://herbalparade.com/aazSKz4SZu/
http://waus.net/hHRBhSkOkP/
http://celebtravelandevents.co.za/0XvIZxE/
http://ilgcap.net/XV6UqDZAa0/
http://atema.cc/vHffRp0w/

Creation Time	2018-12-14 03:08:00  (GER - Orange Text)
SHA256:
18e00ce44755c3c1568fc3c91cb130962e1e04a4b5b01e0c546d824e2f839f3b
65916dfd8504a45611253a9628858ffe2647d33def6187e2fca8fbae3d49afac
c6eaf731c2497e66cb8c3ef5ef01c8953eddbb05cf34de683404a25a33da4c7e
3b24d76096fdf4ab3485e5e8aa12356bf01f45fc0c9056d671ae10d4b6f845e3
e46604e5064c8c9099abfd234bc596519f408b5ffb393e83f4c71e18803b95a1
5e625f8017ba448cb6adf7bb2385dd707552a7e4a802365f71c56568478abb57
a29a753c4fd913995b9b8af866e5c6efaea97e3553b89d758851e328da951af7
0ee9adbd373664d818af5761e38aac1bf4b840c6dd14e4f635dfaa1e011d373e
706357d42e6415e2987f03bb2e38437637310d3a1acc4f3dc62646a16ad6e801
24e51c388c7865e2f27527a32854288a4183596b6583ea04069d7cb33ec73c8d
03a5b4ce64c50344302238b313893865ac21adf5f5e2030d2bd50f6fee81d7d5
1d33ce26ec1811d9f2583245ddd4050d81b332e739465136e6be2d6ac7eedb5d
8550e59e967d60ca4422b09f0567b1e5ddc5ca5b04ede1ce057b3173454f64d3
9cba7d7a9cadffb9e4d395aa7a084d32ac4b1019961304019eec3fbdd5f36715
d0437fa2de82aa9faa787896e64910380e71b40831a6b56c0067394fdcc5916d
1c5c8bc690cd04dfca81149fe5904934e7dc1bc1618339a09af66ebc6be104a3
4593d31313c8f5d29aecabf1c5e6989c5b358e0770fad2d335ed36cf65523b14
896c6b5ff26302c631a8820277f23509fbd3e05a7f02d2b776ea8c0c9d5ad61f
f97acce820ee97a45401efaffeeab8e09cf2930406d0f9d640f51cac380db593
f81f654a72d8c57122485997647a6028d395939dc375441206f0474535ce6c1f

http://askdanieltan.com/xwwOEGZ/
http://anthonykdesign.com/a7aasoB/
http://andthenbam.com/Fnz5eik/
http://fitchburgchamber.com/qB4CQHpsc/
http://tanjongkrueng.id/NHjjNh7/

Creation Time	2018-12-13 16:38:00  (Eng - Orange Text)
SHA256:
1e9159f34ae36852205e29116681a99a96a5b602c7e39075863946b3195d2ac4
ac8264939e32b9ce905ba5ce826f8c0de2f9c97d3f4386fe0547fc008cfe02f3
9ed4918b3737a81d17e9b2a0198ea3e68ec4eca386320e2cc27d0eb50065a242
9a07f5bb5538c9bff815000d454bd2db0de30380e9b734e577471c1ba5d5edb8
0a72b9250b1bea5bea854681723f1e37ad717e1f906e65af2862a8e0874bccf1
e9746d840999e5afbcc72d869c337c52bbbfe2f3cc9189307710b7aaf8781feb
3a8591e9afcb9ff5f1f0fddeefe7afde78e281f8cf0b2a0b917139105b488268
5bc3a24e2e1857fd541975f994594c2aec951e72ade1c76bdf5888409043e4e8
1db86afc90493fd03e9223a54a23219ddc9eaef88da2cbe5f41e8c7337b97de3
1d37340d371237e74eb0fdb0f972c2dcd6744fd511d06eb5d33afde8a8295528
d2dc8c5c0090b04d779cc027a7e522f237c4d5b785e00ff7ac6930e3af123097
c6355c5fd03ef206cb4cc07fdd80895c0018b3ff4de8bbeec23e3e828d5a5d1a
a4a5451bbf60cc2f016344d65a57d32d39a1796f61e60e13c669723235488ae0
ca5e6fb545910a29e693d99f1bb83fdaf78e21aeb31297f101c7d6ca6adb1b1d
c10b18679be8a63f95633e6b6c982407234f02e11730d039742968b930175f2c
b2dfdad56d47ab7ca74c9a3a3270393ad23e8ef136ac5a58011b646b4a85053e
188de9c5bcc224721e793a1911ededb50f5a784b22e08486a6352242efbc98f7
0474f1188d117fb6275e1634f562db07d764f8e74b160ed6a0bf7f3b2e793ca2
ef3738867469a3467ef046cd16397e2a00145eda1ab9c66e7dc30910dad10509
62910bd4dc39f1b8dced0bd0d393b1c9eef4a34ae727298460d4339fc82b962a
2f83e5e09e185c7635e62a18ed0fd5c4c5a7895ba48343cee9c2000ab2962f8a
c8c6b32ba816568dfd724e59a76e6150ca9410b2c3f958f155486faecc49d731
b99358b4abbcce4c8341416dfa9450cc760ca027d8ea3be5e70854c545dcb917
3d7d4a6045c8b3c0603f290ad3e54a00b561293ce7b7d6d8c11bd61dbe1306ae
1531d67261eb465b2548ca60be969d28590011e6d21d5682ef4a89c3122098db
0ee37456c702b8e1650b5df248a87413c41687eecfdbb4ff540f41b0a88cb888
31b1dfe47811b285e199491f74f04438b52826f3253a80b951b29f402d87ff31
5052248113913256eb15b46681b191471a669bf4e6c52ec9634ac9f8b57117c7
059887456aeaad64973c376c9eccdcd518ca5490c93e7e2751ab90c1d06686fd
d79d2e007a84d1aff0769465f234f6e3185e02628e72bc871747f1ee3393c1fc
8422353babe9a931bb87c984d5158d1ae9d0f222e8936b47735c700330e20f5f
08484205eb780119f2c37ec36751509b9c65d902a288dc81f7d7723eab5ae1e3
c1fa562de8b39a1661c68930fad19349105e2c1f25489a050f2dd4729d5e26bc
7bb1da7696aa432cc5d18fc3fc6cd233524f23148b64c8eb21b042faccaac72d
e2a4ed011d2db1ac43fc3ec0ced1dcc1d2db83b52e58ff75c8807ecb38f787e8
89a2cdc1f27f003a715f5c5a6bc14613921c87d127c4091ba066edc1d760c3db

http://delhifabrics.com/dvPxItY/
http://kaiteelao.com/ZiN8rdvvMj/
http://altayusa.com/wvvccw/IKYMK5Soc/
http://meunasahmesjid.desa.id/NB0K5EE/
http://likaami.com/49GakoBi/

```
#### SHA256s for Epoch 1 Payload EXEs seen on 12/14/18 ####
```
0dc4c3687b307629ca087aebc85546fe74ba37cb2776c514b401d1e2628eabcf
61984ab94f0d4018c53d6b98f12ab2da9bc3a4c1b136962021a86167e57b70ef
9d8105dd07f1242bc2258e3209a0fec82da3c93dccb6ae416da863eed46aabce
44829d124b23faf1f8fe23ca1ab40fd1e7233a9208844abf3949d332f55a4c76
a30ed24d117ab71b256dbe9cb8ee56491e13282f050a3f8b44810da9dced9981
8766fe7e95c1998f5a09306b4c94d2ef82e33e6af9b05694abbd3f970fcb1960
fbff66ff8226c949f42d9ef268fee27278df5a236a0341381afbbc57e1759505
f0f628fd84e94101658a4bd291b8918cc77936a6dbc2dcdca9a019e30fcfa26a
44964fe37d504c13d35f125ece13ea56e89278b88210875514335b63f8d5ccbc
405e6bfec8fa4f8b8983e17a7823d4e0347d5b676946b5510874768ef3c24c7e
6ca8bb0de1d669b2c2eb86af84479e24db962599b23bff5e0b816515d82c7084
d3292cffc1aca8e008435156855d40e6bae1a0c40e7c70929b1f3bf917bab93f
aeef53c0c035dc1f20ab76c3d5b431c791e872b09d832fc913d5b4ba2986ff76

```
#### Epoch 2 Payloads by Document SHA256 - All Times UTC-3 ####
```

Creation Time	2018-12-14 17:17:00   (ENG - Navy Blue)
SHA256:
343c819c4c9cd13c3d1a77a283bf63a3a0e28115ed492ca92d04a4913e50dca1
3856a96d47931329b841ccdcad6d7e118312e68adf6edabf60e39b854d6de444
fa1e81d1bb21436b719260eb8835a0975a46ad9bfadac62a479fc77ee2fa5129
59351b32d196cb654b9bc18c62b82b1f2cf1ca50cf9b2e984756d39c130b0fda
2db88fabf202ffed26480f5acbdfb8016f8a2a22ca8c03b9e4eef5dea974131d
8f6da43bf30db559d097619f49fcab78954b55778126709191ee9b5720eb1b27
997072d1d9cfdf1d0ba91d334d67ed25b8e3c58605ceb32d74cd670f98b6e6d4
d9df70d18ace618d9ed5f4be2e0c39c572e284e3dbdb8d5a663474904d89c98f
be849032d67a24eda952c62593d2c6d991500c0a8e628fd189fa9ca51a221cdb

http://www.serefozata.com/axf/
http://www.livingbranchanimalsciences.com/zVMQFL/
http://www.donghodaian.com/jiPViP/
http://sprayzee.com/iiWYe6z/
http://yasarkemalplatformu.org/s/

Creation Time	2018-12-14 16:32:00  (ENG - Light Blue)
SHA256:
ec38f79ca45db6d44477667807fec0eb8ab8e3ee9e387d768b72e22c0a4fbf82
69d8176ac8cf87bac8b55f7e931e0771e192ed6e5472b68f907fefa6ba579b49

http://www.livingbranchanimalsciences.com/zVMQFL/
http://www.donghodaian.com/jiPViP/
http://sprayzee.com/iiWYe6z/
http://sutechs.in/WSw4Mp/
http://yasarkemalplatformu.org/s/

Creation Time	2018-12-14 13:40:00   (ENG - Navy Blue)
SHA256:
42b59e1bc7dfa97c276aa834a9612ee4607fc6c78baa3b40b65657349553ed8b
70636d684e235ca14c52a67c55e83d301cb19e3a981e23c1298d476deccba538
9aa02baba208ae00e8373febf3a82f8daebf89b1baaa5204d8ad656124bc2a51
79fcf67ea64797b4e83b4bbb45d9864bf4271b1ce0368756908817a48cb8ab85
1953f23e8e148b12b192db5bd3988307d878275adc142c176f21ea00fd73a914
555d2c8d15d1d8018a56c964ae88148ebffcf5a323d9a1a0c04897a208180692
5ed433d1551b4a9f5ea3248cb3f187e59a490038cd08ee7e8999137490e53573
1f9151b18a025b241812957d64e9663f44cbf3439e4b4a05e7f3b90c5697dc08
4baf9481757e76f949d40c804afbede49575c2517a9beb4cee994dd077597cb9
974a0b97f6830eb924df841ae477878a4fcaa966f91917957e3b215137003f06
ea36b0a5b1f17e30c9d91bbbd8aa375912be7478f25820980ff19c07a5234ffd
f19ca14cd7dc0ebd1481c5421cc0e2ade8f169cd47fd1a9f093dcc3b1597eb7c
a6e5d4014fa673aab773e1e92a0377814e802893d143fa5ef148d1fe74aae659
f2741e27680d340023d43f477334050116bb45c0c6df4be539ab811f424254e8
c5062955b084ce13e9c6dcf285f4d664554b3f71de1e35af8238d2f717bb8863
bef7cc9f82dbcff9c909436effb08663bc029679dc80256c0bf8f6ba4975bbda

http://www.ozturcanakkale.com/veh/
http://jalvarshaborewell.com/qKkg/
http://kikakeus.nl/dgc0WYq9/
http://pashkinbar.ru/cWGU/
http://cisteni-studni.com/qb1Y2/

Creation Time	2018-12-14 11:29:00	  (ENG - Navy Blue)
SHA256:
117e0abba619c24a5711f20ae45c123feec29d870e10f6080058740063c54be9
23b78e69ded012de6297325b0c5cf2d85d9dbe99fea70a02b35b70cdd88ffa5d
69b8296544f94b5e8593a08000caafeb1c1fda6e0e474bd78ed2494debce1dc5
80eba19beb85477a23ef554320e504cf62fd093812065ab1e4f5fbf9b5b1d61e
82ade4aef946522b77365087d5600c4fa76fa829b9ee3a79862e2b92de4f7624
1d8a0923f5bcb68d823047f7d12d5d22ffae991208192ef9747803547f32c403
77cfe016f2217b4e5d1664271f048bc62f93d92854f9dd296ddd0fa67c142cdf
a01d02731ed82fc39e02a5550a19fa72fefb714578806bcf417b2c61745701a2
95c206926e1707558d12d1c917a1fc3f089eefce0d17b6720239ccc628f494f1
82b2b4b481149f3145cd77bb5ba321045120306929fb396c907bc7ca81323c40
97d757cc3c528b2d88919f3658bcdab9f72572c80df6a450baf583eddcb42ae6

http://austeenyaar.com/6Amv/
http://memap.co.uk/4Xr/
http://naotraffic.com/7R/
http://www.livehasa.com/6tLzlbr/
http://microtek-rostov.ru/cuEYs/

Creation Time	2018-12-14 08:56:00  (ENG - Navy Blue)
SHA256:
d189bfab79bdac3c0dedd42ac7db19350517e3021f946d649c15c400e292546f
5962465ed1d5dd498e72e1eeaa871f885b038eea2e0c713907b4b8257039df0a
a1239284113534d46c778f4379c862b40cb659cb2d0ce8fa5fc6ebe509f8138e
1cd50ec51df9b1f9bb5a873bc2f46b958238a6dcf5589be377a41b1b33d4a681
943c99968422fbe386574e629a7cf0340067d2be57b80ccdc39fb9075f2068e3
108652f80de7e0bda0f25e0a0a9db649b0b046afc749c1637466464f66a44af3
b1a9302c4b02f30a7a5b314e1f80b69fd76266ba522a0d1840744e8447d09ff2
68d358bc2b12994380c2211be7b700d9ab3bdeb39d782ed78eda61c3a669aca8
efdc9e05b7112cc8449dd9ed955da17924482efde13f19306f73b8e4e1ed812c
b5be2099aae2a52d198294db50dae08189f5cfc752663a8c47a9f3639866ff6b

http://www.dinaelectronics.com/VKJp/
http://icejuk.com/ixw/
http://hunterpublishers.com.au/VzXrv0x/
http://icpn.com/rQVYJpd/
http://iglecia.com/mF6/

Creation Time	2018-12-14 04:03:00  (ENG - Navy Blue)
SHA256:
6a8e91c84b67d3c070019d610402c88db1f6f3d6fa4fb179c676eef6f06e7c9c
003bb09ffd1eef4d2ff23ba90afe6fe55d02960936e1bd03ad4aa75abe816246
582e8e6c805a2fb1a8f75c8b8f7c310b8ffd3572768d1bd84130635c390cefea
b30225895edaa9b3c379b34411d8b236e3a0cb89b4214c6c06ffa5b3855bf41c
9cffb7cf99bd07e0cb762ddc6021862afd77e72fb2887ccb6acfc07a409779f6
7d36dd78fb33048fd3b52c7177420a23a3a1ace5a5e716d37ca27932fb71f51d
771702eb42fbef279f2a82779da6e968e34fad0112841eb2c2c619a100e12ed1
e4c89e124a6295230ffba71e8c4df5a2bee961718b9382be4fb4b2dddedf388b
c64c9681fc869828defc73b861a4c2803c55ce2d27486fef7a1a02bdaa50cf73
66f0d28d611f492e560ba0148942896e1a2385956a7779141826a1a0ebdf7291
647d81efc0ec449a194198aa953aed9a8b315310e3b8a1ef156302c696f9cf7b
1f420d32b806b3c156e1a914bd6c562d5756c51dec2f7ceec51eb4c09e3f4091
ad97a254605f59ab8049ff8810ab20b61bc699ec71df9b430c88a4e515f18595
b3eeec43946b36891a2a205221e746d2980812261475ca1ef0af3f08bd4c956e
549ced32e7fcb3118f0079846fb6ca4d5da17c6667953e0f63a46af4142b9d4d
549803480e0cbacb9b267a3f9935f05551d32a2fa5b647103094c8eaab265294
a826a1c7c0aed4b936504bfa69f6d1a8b806e713e556a16f70c9fb33cbaa6bc8
339611236865617ce1574e45e8ee53d5b5a1be0b3ada9bec9ba1e94213e19589
4f9de97e92cfdc906a3e4c7f72c28ca2dd455988fa993f2161de6e44e4710f24
b6e85424eea59366f514abff4b818d38fa6149bce8fed743ba996c6eecde6c43
083c98febf67f310ab6c42b03e20ff98902cb29df9ff1d8e522fe6f3c473ed78
f4eb36ab5d04021c371d588af61d96a3c9ac69546615991affd2057a3bb2be80
4978f4453b329108e061df8858825c3fe4056c2fdc184a876d014a242d2c7f41
ecc6463cef90ee55b91cc39244f989bae7248b7b7b02e372019926fba8dcd7b5
c3b00d0bd5caba51ae16abe3ea4a34857263bf4da9240731d22803f6397aed1b
f0507a3563b08313db97071e0b183a6c66b90d2e629bb26b7b32ba14d01b8c3e
193a6130a2a2e8d17762f08fbee12d33f7f06d02b22d1e477a293e5255a63a02

http://cipriati.co.uk/w9/
http://angullar.com.br/J5OZJ/
http://cube.joburg/h/
http://gentesanluis.com/nd5Udu3/
http://basicki.com/p4mlXNts/

Creation Time	2018-12-13 17:18:00 (Eng - Light Blue)
SHA256:
1ebd811d02bfbd3495d3090c38be7411955360167ef1cc65c7a435c97c3cc6f3
1a7c12bd7ec7d28bbbed993c9cd2e9d8b047b1ca8c281cbc79c4150740abe099
16032cb919ed10ff105c5d54eae2398922d24341e98081b1a1773a125d0005a1
ac6aeb803f0cdbeab5e7e4c8471559012ab88d57e8337faf872d7c4ed540b2f7
3cbc402d7ef9f7addff1d80496008ed18cdc0be98809619e93e7789b709a5020
fb49bd793ba1c37d7f736266d09dbad7ad8a1b819d3ad1dd9d81a63cb5e59621
689fe5a225ae9f9cca3feb7365220481577ee5c6ba2d78e12086e8354fd03219
1387f039efe1a84cc8ab2652cc6957ea8a4091dab1bbca681dd67edb10847cd4
c1a6949b7b9209213c12b4d392beecf55e43f7f0f3d29f2d9cf772ff174987e1
b9af77df3d49404736b34dd477ba7c92af4f9130374ac6e9293dacd6ee51938c
12cb92203cdafe459dad9e407b833eecac7bb3aa32da2a548ef2ae01484e58bf
1568970ebf30d28522beffa3f522df3ba3840227d370aae7f1209b788405ff62
8553d81375602b6b2769340520e45c89776379fca7eb28b3f1e902aa34a0c188
c0d340d6c05e3230a13d27dee10df0ba6951006ca5ed6b5a18fa37d20a493a44
e05f739ec14c548440b139275a5d400bdf22c2504d14ad0909c9d2768904b8db
369b664c74b17edd994307581633b8a66f5100b7b16fb531a43cf1c79f859f8e
9234763dd69f39246fb71cd409de812a1c31dc384eea689e03ae062dfa92e567
24a7d15919219a25f02cd661b3b4fc7438b27499e78ecc10b63dc5685b524938
fd08070a6be04b2e0b9746415883b0e9f04b78bf0ba224d771c8e84b4b411112
fd32d11dd4a1863903abfdaf3965041dd240a29fcebdda62fcbfa328f82cc6df
c6d3c9af9ceac3ea50f6ec29ae08a6359832bfba6211b254be9a36b954815d5e
1014d5ad4197ae4db182f4618aec8b584c06ca6aa1c51783a2f5d203408ce95e
55c1283f8cbfe25cfae6dffe313c0012ba91e5d2f1d015222a02859db269d8e7
5963de9f481687fc7a7608f6e9821b5bdec829bac3d729ec53ac9f59611da304
5cbe9d347ddd724733aaa2cf28738d7f823eb32f53be0c8b6bf83c9838df631a
8de5e76e6876a9e60af8d20a27346f71974e7b24a66af8c15dece9a62ac26417
0b39aca3a0581d8e5887f6843b0da078f8c703499adfadd4cedfe094ff1c8878
fcecd3afd6ae4022e1fb86a5ab408015f9a2d43d38e192d69329cf0c146fdac8
6750080baffcbc62045acc0172ff6308e62a1ad821db1c287ace144df01540c4
49e596ce04d059744eccf134b7bc96ce6a9231599da97c033ac5bc457cbcbfcf
5061ba75d13cf20294fe35c3c300ddb0b09ffd32957378d6d4e95946441a85c9
5cdeb7708ca3f3f4dd9ae8c9afd43eda1034d660fb4d78cb0ac457a95408a8a7
9cd5cef1d08a940997063ac3d4fe3e747ceccc10ce4982a103ccdec19122e31e
444b3717c1aede6c513c01649ac4f2309d17999996043a9ac2910992278c247a
0e1dd9c025a6423c3a3cb9fdc7fc2cda9623e2b341ff3737cfa4c9d789d8c850
a5f271981df16eeed252c302b2ac9bb299b114be32bbceda650343875838cdef
010bca20203fa7152d0a20e31a27d244b1dcc3f16bbb0bd3939af2271289f8b3
6a31b9e13c2ca143acc95b942fe2420f2a5836af86e9f9678eb062f23949e0d5
fdcc65e85dfe19bd51d68479e25d28d8ac25442a6200cd6b60dc585a4b0344f0
84fb01230a21c1702e5474c9b68ce16396b8addb875e850f5f0b23f1e4ec13a1
a000decc2595e90b937aed427c767f5822a35dd34b0b8a7db1be9d00f85188da
78a95836c1eaeb6d3b93dea470890582c04e0bbe48d9689cbbd5a07dfb5f02fe
892a6d3c4d8e1866a39412ec5f402edeafa252a183c994d7bc9f2db59284622d

http://designcloudinc.com/FllKjEa/
http://igloocwk.com.br/JTe5O/
http://lesamisdemolendosakombi.cd/hL/
http://mett.com.ua/Bb/
http://www.yolcuinsaatkesan.com/QCTq/

```
#### SHA256s for Epoch 2 Payload EXEs seen on 12/14/18 ####
```

7c3f9ab3bad94782779ca841542af0801cf6fdcf0f466f148c7abeb37086353c
fa98e97fa8e54aea8734974bae0cfcfbf265c289c1cf0608f81209e8f3c5089f
bfda212d35cf8e938f04d326b9e36887476a9938db6ed49667f7607c2ba41766
4fe6a6083775900230eab8b7ca97e68e66a174eb854c949708a996aa1e38e3bb
e7af213cb8e2eb7eb83395908d0fd344f08e989287e5edc9d1e780f8fbfa8cfd
d2acdbe1286be90e8f69b3e4fbd472e1617c682d5491fe8d4c03f031bfac58d8
56fb51c35821f6d19b71004c14305fb7ca4b13a46ff1176eef4261b8170a1f4b
df3d446d6d2668e184d08ed4e0d4c27333839af692c6421054e5775a7038e4eb
58629704ffefc7db626fec6691f609b76bafb92e99f99b3f88d3f351ab53bc81
b51085e5fdf8d957acf8751ebc9d5fc4c8e7b94f81675dd86aded46069029522
5321a4f205fe32d28e85c2b74a7fbee80337bbc857404689dee114b47e16008b

```
#### Epoch 1 C2s ####
```
(Port is 80 unless noted)

105.184.191.243
109.104.79.48:8080
109.74.142.74
110.37.219.134:990
133.242.208.183:8080
138.68.139.199:443
144.76.117.247:8080
152.168.60.9
159.65.76.245:443
165.227.213.173:8080
173.178.223.66:8090
181.111.60.39:443
181.29.77.158
185.86.148.222:8080
187.177.155.123:990
187.243.203.67:8090
190.146.201.54
190.152.12.86
190.210.37.122
192.155.90.90:7080
198.199.185.25:443
198.61.196.18:8080
210.2.86.72:8080
217.165.236.108:7080
219.94.254.93:8080
23.254.203.51:8080
24.232.26.157:8080
49.212.135.76:443
5.9.128.163:8080
54.39.180.109
69.198.17.20:8080
78.186.175.54
79.78.139.74:990
81.136.148.196:50000
87.224.1.34
88.250.255.12:8080
92.48.118.27:8080

```
#### Spam/Stealer C2s ####
```

181.15.92.18
190.189.179.140:8080

```
#### Epoch 2 C2s ####
```
(Port is 80 unless noted)

101.187.243.188
115.71.233.127:443
124.100.221.134
165.227.191.145:8080
181.28.109.32:7080
181.31.10.25:443
185.20.104.238:8080
186.136.68.246
186.90.238.36
187.163.205.19
187.199.72.153:443
189.132.43.14:8080
189.145.144.172
189.154.39.153:443
189.180.237.144:7080
189.189.203.152:443
190.104.221.186:8080
190.195.199.97:443
190.224.219.14:443
190.31.132.206:990
190.6.140.136:8080
190.72.55.98
198.74.58.47:443
200.123.110.50:8443
200.126.228.236
200.126.228.236:8080
200.71.148.138:8080
201.111.83.186:8080
201.212.49.159:7080
211.115.111.19:443
216.8.172.167
217.13.106.160:7080
41.76.243.113
45.118.32.204:443
45.123.3.54:443
5.230.147.179:8080
5.35.242.34:7080
54.38.42.189
60.49.37.128:50000
61.79.164.230
67.205.149.117:443
69.198.17.7:8080
81.7.10.106:7080
83.222.124.62:8080
84.200.106.120:8080
86.98.66.88:990
91.236.245.65:8080
94.100.167.7
94.13.70.255
95.141.175.240:443
98.142.208.27:443

```
#### Epoch 2 - Spam/Stealer C2s ####
```

27.106.42.246:8090
80.209.143.171

```
#### Credits and Notes Section ####
```
Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen

NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.

UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!

What is Epoch 1 and Epoch 2?
Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
as far as I have seen.

```
#### Community Lists ####
```
https://pastebin.com/zpuTS5V9 - @pollo290987
https://pastebin.com/ymx9M4gu - @James_inthe_box

```
#### Credits ####
```
(OC from @JRoosen and/or combination work of the following)
Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42
C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop, @gorimpthon,
@Racco42
Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic,
@Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42
Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop

Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!

Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!

```
#### Daily Log ####
```

Today we saw a new URL format come out. @ps66uk commented on it this morning.
https://twitter.com/ps66uk/status/1073582172718665728

At first I thought I only was seeing it on E2 but eventually seen on both epochs. This may be the new format for next week,
so get your regex ready:

[a-zA-Z]{4,5}-[a-zA-Z\d]{14,15}_[a-zA-Z]{8,9}-[a-zA-Z\d]{2,3}

I even saw old and new URL types being smashed together like this:
http://johnnycrap.com/RTPIP-3k3E0kqrz4oJdA_qWehDMWV-LZ1/EXT/PaymentStatus/DOC/US_us/Invoice-for-w/f-12/14/2018/

Also, I received a fair bit of malspam today, for a Friday, that was spoofing banks. Bank of America, Chase, Citibank.
Pretty much saw it all. We clocked in at 170 or so malspams.

Next week may be interesting and we will see if the new pattern is used solely or if some other tricks are employed.

Till then, have a good weekend!

```
#### Sandbox 12/14/18 ####
(all with fakenet and MITM unless spam/secondary infection)
```
Epoch 1 C2 run at 19:55 https://app.any.run/tasks/1988b18e-4155-49a0-951e-59a6ab838442
```

```
Epoch 2 C2 run at 20:10 https://app.any.run/tasks/cb09922e-2d0d-4337-89a8-6755c92ce1d9
```