Daily Emotet IoCs and Notes for 12/13/18

http://13.114.25.231/US/Transaction_details/12_18/
http://13.127.126.242/US/Clients_transactions/2018-12/
http://13.228.100.132/EN_US/Transaction_details/12_18/
http://142.93.201.106/US/Messages/12_18/
http://144.76.14.182/US/Messages/122018/
http://30-by-30.com/En_us/Transaction_details/122018/
http://3lectromode.com/En_us/Clients_information/12_18/
http://aae.co.th/US/ACH/122018/
http://acqualidade.pt/US/Messages/122018/
http://advocaciadescomplicada.com.br/Telekom/Rechnungen/11_18/
http://aeabydesign.com/Telekom/Rechnung/112018/
http://agentsdirect.com/EN_US/Transaction_details/2018-12/
http://agroconsultancy.ge/US/Clients_transactions/122018/
http://almansoordarulilaj.com/En_us/Transaction_details/2018-12/
http://alphasecurity.mobi/US/Transaction_details/2018-12/
http://altarfx.com/peewee/US/Clients_transactions/12_18/
http://amedidati.com/En_us/Attachments/122018/
http://andooi.com/EN_US/Information/2018-12/
http://aranez.com/En_us/Information/122018/
http://arctarch.com/EN_US/Transactions-details/12_18/
http://asndoors.co.uk/US/Clients_transactions/122018/
http://aspiringfilms.com/Telekom/Rechnungen/112018/
http://atostrategies.com/US/Transactions/12_18/
http://baljee.nl/En_us/ACH/2018-12/
http://bavnhoej.dk/En_us/Payments/2018-12/
http://bendafamily.com/EN_US/Details/2018-12/
http://bey12.com/En_us/Transactions/2018-12/
http://biodieseldelplata.com/EN_US/Documents/12_18/
http://blangcut.id/wp-admin/En_us/Documents/2018-12/
http://blog.realizaimoveis.com.br/wp-content/US/Transactions/12_18/
http://bloodybits.com/US/Clients_Messages/12_18/
http://bluedsteel.com/En_us/Clients_information/122018/
http://booyamedia.com/US/Attachments/12_18/
http://borealisproductions.com/EN_US/Messages/2018-12/
http://budmet-bis.pl/EN_US/Information/122018/
http://canhokhangdien.net/En_us/Transactions-details/2018-12/
http://carefreepet.com/US/ACH/12_18/
http://cathrinekarlsson.dk/US/Transactions-details/12_18/
http://ccv.com.uy/US/Information/122018/
http://cenim.be/En_us/Transaction_details/12_18/
http://chainboy.com/US/Details/2018-12/
http://chedea.eu/Telekom/Rechnungen/112018/
http://cityrj.com.br/Telekom/RechnungOnline/112018/
http://ciudadajedrez.com/En_us/Documents/122018/
http://ckd.org.uk/En_us/ACH/122018/
http://construccionesrm.com.ar/EN_US/Clients/122018/
http://consultingro.com/En_us/Payments/122018/
http://consultor100.es/En_us/ACH/122018/
http://corrieskitchen.com/En_us/ACH/12_18/
http://creditocelular.com/Telekom/Rechnungen/112018/
http://cvetisbazi.ru/EN_US/Documents/12_18/
http://cyberholtkamp.com/En_us/ACH/122018/
http://dataserver.c0.pl/En_us/Attachments/122018/
http://degnanfleck2019.com/EN_US/Clients_transactions/2018-12/
http://demo.madadaw.com/wp-content/tmp/En_us/Details/12_18/
http://derryplayhouse.co.uk/US/Clients_information/2018-12/
http://dewide.com.br/EN_US/Clients_transactions/12_18/
http://diclassecc.com/US/Transaction_details/2018-12/
http://diligentcreators.com/US/Information/122018/
http://ditec.com.my/EN_US/Clients_transactions/122018/
http://doordroppers.co.uk/En_us/Payments/122018/
http://draanaalice.com.br/US/Clients_transactions/12_18/
http://duvaldigital.com/En_us/Clients_Messages/2018-12/
http://ehangar.net/EN_US/Attachments/122018/
http://eipye.com/En_us/Payments/2018-12/
http://eldruidaylashierbas.com/EN_US/Clients_transactions/2018-12/
http://ellallc.org/US/Clients_transactions/122018/
http://emfsys.gr/EN_US/Transactions-details/12_18/
http://erremedia.com/En_us/ACH/12_18/
http://estab.org.tr/estab2/EN_US/Information/12_18/
http://eugroup.dk/EN_US/Documents/2018-12/
http://eurofutura.com/US/Transaction_details/2018-12/
http://evercolor.com.tw/@eaDir/En_us/Clients_transactions/2018-12/
http://everydaycoder.com/En_us/Messages/12_18/
http://fijispark.com/En_us/Messages/12_18/
http://fixxo.nl/En_us/Clients/2018-12/
http://flintsdeals.com/EN_US/Details/122018/
http://frenesis.net/EN_US/Attachments/122018/
http://galaxydigitel.com/EN_US/Clients_information/122018/
http://game-wars.co.uk/US/Clients_information/12_18/
http://gda-eksplorasi.co.id/En_us/ACH/122018/
http://german.com.br/En_us/Documents/12_18/
http://gggocambodia.com/En_us/Details/12_18/
http://gilhb.com/US/Transaction_details/122018/
http://glorialoring.com/EN_US/Transactions/2018-12/
http://grich-systems.co.jp/EN_US/Clients_transactions/12_18/
http://groundswellfilms.org/6008ITMKQ/EN_US/Documents/12_18/
http://guiler.net/Telekom/Transaktion/112018/
http://hanaadmins.com/s29dza4a/EN_US/Details/122018/
http://harlemrenaissancecentennial.org/En_us/Details/122018/
http://ilya-reshaet.ru/Telekom/Transaktion/112018/
http://indianlegalwork.com/En_us/Clients/2018-12/
http://indoredigitalinstitute.com/US/Clients_Messages/2018-12/
http://industrias-je.com/US/Transactions/122018/
http://inetonline.com/En_us/Clients_transactions/2018-12/
http://inpakpapier.nl/US/Details/12_18/
http://inspirefit.net/En_us/Transactions/2018-12/
http://instill.band/US/Information/2018-12/
http://interciencia.es/En_us/Details/2018-12/
http://jaiminishikshansansthan.org/US/Attachments/2018-12/
http://j-cab.se/EN_US/Attachments/2018-12/
http://k2films.com/US/Clients/122018/
http://kalango.net/En_us/Payments/2018-12/
http://kdecoventures.com/Telekom/Rechnungen/11_18/
http://kientrucviet24h.com/bz3jy0q/US/Details/122018/
http://kosmosnet.gr/EN_US/Transactions-details/2018-12/
http://lada-priora-remont.ru/EN_US/Clients_information/12_18/
http://ladouillettesarl.com/EN_US/Documents/12_18/
http://lamians.com/wp-includes/EN_US/Clients/122018/
http://lavenderhillcivic.org.za/EN_US/Clients_transactions/2018-12/
http://lightfromheaven.org/En_us/Clients_information/12_18/
http://liliandiniz.com.br/EN_US/Transaction_details/12_18/
http://livincol.com.ar/EN_US/Clients_transactions/2018-12/
http://localfuneraldirectors.co.uk/EN_US/Clients/2018-12/
http://lugamebel.ru/En_us/Clients_Messages/12_18/
http://maartech.pl/US/Clients_information/122018/
http://madadrooyan.com/En_us/Payments/2018-12/
http://magdailha.com.br/Telekom/RechnungOnline/11_18/
http://maitreyadesign.com.my/EN_US/Payments/122018/
http://marcelaborin.com/EN_US/Information/2018-12/
http://miketec.com.hk/US/Clients_Messages/122018/
http://musclecar.adr.com.ua/Telekom/RechnungOnline/11_18/
http://nami.com.uy/En_us/Clients_Messages/2018-12/
http://nhatnampaints.com/Telekom/RechnungOnline/11_18/
http://octavioflores.cl/Telekom/Transaktion/11_18/
http://osart.com.tr/En_us/Clients_information/12_18/
http://panditpurshotamgaur.in/US/Payments/12_18/
http://panditpurshotamgaur.in/US/Payments/12_18/index.php.suspected/
http://pusqik.iainbengkulu.ac.id/wp-content/uploads/Telekom/Transaktion/112018/
http://qsoft.com.uy/Telekom/Rechnungen/11_18/
http://radarjitu.radarbanten.co.id/wp-content/uploads/2018/En_us/Payments/12_18/
http://reparaties-ipad.nl/US/Clients/12_18/
http://sanky.es/US/Clients_transactions/12_18/
http://sct.org.uk/En_us/Documents/12_18/index.php.suspected/
http://secis.com.br/US/Clients_Messages/2018-12/
http://shootsir.com/En_us/Transaction_details/12_18/
http://site.uic.edu.ph/EN_US/Clients_information/2018-12/
http://steigein.berlin/wp-content/EN_US/Transactions-details/2018-12/
http://sv-services.net/EN_US/ACH/12_18/
http://technologicznie.pl/EN_US/Clients_information/122018/
http://theblueberrypatch.org/En_us/Clients_information/12_18/
http://theshowzone.com/US/Transactions/2018-12/
http://tom-steed.com/EN_US/Clients_transactions/122018/
http://topsalesnow.com/wp-admin/En_us/Clients/2018-12/
http://ttsalonspa.ca/En_us/Transactions/12_18/
http://ulco.tv/US/Transaction_details/122018/
http://vysokepole.eu/En_us/Clients_transactions/2018-12/
http://wolmedia.net/En_us/Transaction_details/2018-12/
http://wp.buckheadfarmcommunity.com/EN_US/Clients/12_18/
http://www.actld.org.tw/wp-content/upload/EN_US/Transaction_details/2018-12/
http://www.consultor100.es/En_us/ACH/122018/
http://www.diligentcreators.com/US/Information/122018/
http://www.estab.org.tr/estab2/EN_US/Information/12_18/
http://www.harlemrenaissancecentennial.org/En_us/Details/122018/
http://www.maoyue.com/Telekom/Rechnung/112018/
http://www.nosy-bleu-peche.com/US/Clients_information/2018-12/
http://www.reparaties-ipad.nl/US/Clients/12_18/
http://www.thenff.com/En_us/Clients/12_18/
http://www.topsalesnow.com/wp-admin/En_us/Clients/2018-12/
http://www.vysokepole.eu/En_us/Clients_transactions/2018-12/
http://xn--czstochowadlazwierzt-mkc63b.pl/Telekom/RechnungOnline/11_18/
https://u8349684.ct.sendgrid.net/wf/click?upn=FJP88OcRxurphbe9BS1tP-2BT7NcWJjwvbS1tKeWgJ-2Bn7BlZmfxVGiGR6yXrzc1iezxFnc2d-2BHoHxrQ1GBJg7zpA-3D-3D_mPf2pBmswZ06cqxDcv-2FeBeTiPtsnADuKHp4vg7IHhk9ijeJZC2eBCY3sYNty4dbtwVBSUodAgD5pnzKvAVIDUcQTvpQvwi6tm-2F7jgi3gRRYLq0ooX4BT981kK-2BhOuvZkmKTnohBA565b9-2F39w1j8R2QNYuGiAsnONjLm2W92TwruEfYnP6sAgVR1uaRXjaRMW1S3FTY6PzmoZNMXzqEIBw-3D-3D/

http://13.232.88.81/83262715726115/SurveyQuestionsfiles/EN_en/Service-Invoice/
http://159.65.107.159/983394575983735002/invoicing/scan/En_us/Paid-Invoice/
http://2d73.ru/INVOICE/2244626248/OVERPAYMENT/Document/En_us/Open-invoices/
http://35.227.184.106/Invoice/32130886/Download/US_us/Paid-Invoice-Credit-Card-Receipt/
http://35.242.233.97/InvoiceCodeChanges/scan/US_us/Invoice/
http://4theweb.co.uk/familytree/media/TRMPT-z2VmkRnfFXlCZh5_UHSbvaMW-h3z/com/Commercial/
http://51.68.57.147/COMET/SIGNS/PAYMENT/NOTIFICATION/12/13/2018/scan/En_us/Important-Please-Read/
http://58hukou.com/925188474/SurveyQuestionsFILE/US_us/Invoice-for-s/r-12/13/2018/
http://abcdcreative.com/8191189/invoicing/Corporation/En/Invoice-86891970-December/
http://acbay.com/bdqAt-aSq3ybEQXsB0nv6_CGnNCyvEi-q6v/PAYMENT/Personal/
http://actron.com.my/NQyIS-X74zWR5Y15WIlmU_NDrWyuRth-M58/PAY/US/
http://adap.davaocity.gov.ph/wp-content/INVOICE/052990551/OVERPAYMENT/newsletter/EN_en/Past-Due-Invoices/
http://addictive.de/VrFk-lCAy3xk5penZ2j_qFLqGzDBv-gHn/ACH/Commercial/
http://adsense-community.info/FPVGEOIJ8239865/Scan/Zahlungserinnerung/
http://adsmith.in/Tquk-aYR4R2BT3nsHWV9_HxsuQtsf-GHJ/oamo/Personal/
http://adt-biotech.com/COMET/SIGNS/PAYMENT/NOTIFICATION/12/13/2018/Corporation/US_us/Invoices-attached/
http://advantechnologies.com/InvoiceCodeChanges/INFO/US/Invoice-19545115/
http://aeabydesign.com/ACH/PaymentAdvice/Dec2018/En_us/Overdue-payment/
http://aeabydesign.com/ACH/PaymentAdvice/Dec2018/En_us/Overdue-payment\/
http://affordabletech.org/EXT/PaymentStatus/default/En_us/Invoice-for-f/b-12/13/2018/
http://afifa-skincare.tk/wp-content/themes/vertikal/67426178847/SurveyQuestionsfiles/US_us/ACH-form/
http://afmaldives.org/bbLtS-dJQ7cluYsrSded2_IsSpEdimC-5r/SWIFT/Personal/
http://agrinstyle.com/82533483958997457/invoicing/Download/US_us/Document-needed/
http://aisis.co.uk/zlje-8YPk4rDVVjtizW_JjNEgZFTJ-aWw/PAYROLL/Personal/
http://aiwaviagens.com/92995879/SurveyQuestionsDocument/En_us/Outstanding-Invoices/
http://ajmcarter.com/YCfu-2xT9APyxUYCtVc_mLlqWNdIY-Lz/identity/Personal/
http://alanhkatz.on-rev.com/Invoice/03422356092392892749/LLC/En/400-28-786677-333-400-28-786677-257/
http://alexzstroy.ru/Southwire/344357641628742/default/EN_en/Summit-Companies-Invoice-5015713/
http://alistairmccoy.co.uk/hxoMK-0UaFgeRod5GKKy_SDuySbTe-Ars/PAYMENT/US/
http://allsortschildcare.co.uk/kMpLI-yImDa6GKzlvjIyw_WzcSpncFS-qM/PAYMENT/US/
http://ambaan.nl/eLmbg1VFk/de/200-Jahre/
http://ameinc.cc/InvoiceCodeChanges/FILE/US_us/Invoice/
http://amturbonet.com.br/WdPX-B5HgrQSZcBtk5Ph_kmphzXnpk-R7f/BIZ/Business/
http://andreiarocha.com.br/default/US/Outstanding-Invoices/
http://anewcreed.com/INVOICE/INFO/En/Open-invoices/
http://anja.nu/LXCJ-Yfkdih3I8qVHGB_LHdzTQBtu-kaR/SWIFT/Business/
http://anmao.panor.fr/DE/SAJNEWGXD4736692/Rechnungskorrektur/Fakturierung/
http://annaulrikke.dk/jvAWt-7MEEnduNa5jk432_DDWftVXPn-kkU/PAYMENT/Business/
http://annis.com.br/lZpRX-ZsvkEqnrZTraaK8_MOHpdnoL-tnq/ACH/Business/
http://aronkutabaro.desa.id/EXT/PaymentStatus/Download/US/ACH-form/
http://asb.ltd/INV/39349057FORPO/9251804121/INFO/EN_en/Invoice-for-you/
http://askhenry.co.uk/blog/upload/PaymentStatus/newsletter/EN_en/Sales-Invoice/
http://asvim.ru/De/AZLNYEEPSG0539409/Rechnung/Fakturierung/
http://avrasyalazer.com.tr/ACH/PaymentInfo/doc/En/Invoice-for-you/
http://avresume.com/mkzh-EeVWYTs2GjYIAS_udIztuZb-fV/PAYROLL/Commercial/
http://aycrevista.com.ar/INVOICE/667355206898358/OVERPAYMENT/doc/EN_en/Invoice-for-a/v-12/13/2018/
http://aydanauto.com/InvoiceCodeChanges/Download/EN_en/Outstanding-Invoices/
http://banja.com.br/hYINi-ckuyHOqEAysXFOk_wLExDxKy-JG/WIRE/Smallbusiness/
http://bathontv.co.uk/wcQWO-KRTnhp5Mu1jszyc_uTwHRwYlC-SY/biz/Business/
http://becicka.com/Southwire/758033425885309626/xerox/US_us/Sales-Invoice/
http://beldverkom.ru/Dec2018/En/Sales-Invoice/
http://bendershub.com/LkHNE-qcS2zmmZRzGwCP_yngwsXic-Hp/biz/US/
http://bike-nomad.com/AHhOJ-Ubj7G3Ys09rw3v_UfEzDfCwv-nW/biz/Commercial/
http://bimaco.id/De/QHWYXOMVK1143081/de/DOC-Dokument/
http://bingge168.com/InvoiceCodeChanges/DOC/US/Outstanding-Invoices/
http://biodieseldelplata.com/PaymentStatus/default/En_us/Invoices-Overdue/
http://blog-altan.estrategasdigitales.net/wp-content/uploads/PaymentStatus/FILE/En/Important-Please-Read/
http://blogs.dentalface.ru/COMET/SIGNS/PAYMENT/NOTIFICATION/12/12/2018/xerox/EN_en/Open-Past-Due-Orders/
http://bmdigital.co.za/EXT/PaymentStatus/FILE/En_us/Important-Please-Read/
http://bongdacloud.com/DE_de/NIVRERAN0831955/Rechnungskorrektur/Zahlung/
http://bosungtw.co.kr/RVDD-261HVVfCH68wjM_PfEltUOQU-9T/BIZ/Smallbusiness/
http://brauwers.com/hdlwF-LLI4jDGRbWmw4G_dCSFzIdSd-KG/oamo/Smallbusiness/
http://builtbyk2.com/Invoice/836618423631369/xerox/US_us/Invoice-for-you/
http://bus-way.ru/Dezember2018/BMUOMOHYE5109589/Rech/Rechnungszahlung/
http://bylau.dk/ysTvd-q4YXX1dweljReV7_kTrzeLdu-tIQ/SWIFT/Commercial/
http://caixasacusticasparizotto.com.br/XySV-6af6FJZAMFUadr_bTNTbMoze-CFO/com/Personal/
http://careplusone.co.kr/IVNsw-ZkgmcyCf1XAhV4E_rxbkyQNX-Bt/PAYMENT/US/
http://cashback7.ru/De_de/OJZFGCCQ4215123/Rech/Hilfestellung/
http://ccilogistica.com.br/Southwire/910459143107617649/LLC/US/Summit-Companies-Invoice-33396595/
http://centralparkconveniencia.com.br/COMET/SIGNS/PAYMENT/NOTIFICATION/12/13/2018/default/US_us/Open-Past-Due-Orders/
http://cgraspublishers.com/PaymentStatus/default/EN_en/Scan/
http://chicagocustomremodeling.com/ACH/PaymentInfo/LLC/US/026-00-744208-660-026-00-744208-829/
http://chicagofrozenfreight.com/lMdL-ZfDMrim0wycDN1_YZnoDmqG-Fd/SEP/Personal/
http://cididlawfirm.com/Inv/0861898/default/US_us/Invoice-for-q/d-12/13/2018/
http://cididlawfirm.com/IRS.GOV/IRS/Record-of-Account-Transcript/
http://clix.teamextreme.jp/INV/146768584222877530FORPO/397327853202/newsletter/US/Sales-Invoice/
http://comidasbebidasenoticias.tk/PaymentStatus/xerox/US_us/Paid-Invoices/
http://coneymedia.com/hJEX-1bABplMRoYe6V25_vADFplCXy-lQM/SEP/Smallbusiness/
http://consultesistemas.com.br/INVOICE/68704433607083875/OVERPAYMENT/sites/En_us/Invoice/
http://cooltennis.nl/ExCw-8vKK79gqfuE4wr_QGrSVvxaX-rJB/PAY/Smallbusiness/
http://corgett.com.br/xbiU-7zT8dgDmCU7JfK_TMnatCpgl-E1W/SEP/Commercial/
http://cperformancegroup.com/BpQ1L0fNMyuDKbIDdI/BIZ/Service-Center/
http://crab.dc.ufc.br/ACH/PaymentAdvice/Corporation/US_us/Past-Due-Invoice/
http://craftww.pl/Dezember2018/WNOGMTYTY4018924/DE_de/DOC/
http://cristianopin.com/Dezember2018/WOFBBLCMND6096179/Rechnungs-Details/FORM/
http://cssoft.jp/Inv/86387882401466734026/DOC/En/Invoices-Overdue/
http://cuoredigallimascia.com/EXT/PaymentStatus/Document/En/Document-needed/
http://cybernicity.com/ZIGE-Iqz0OoZt7mCV2Ec_BSqkmmtJ-6dF/
http://daiichi.com.tr/Inv/500543152/Dec2018/US/Past-Due-Invoices/
http://datthocuphuquoc.xyz/78867940534/SurveyQuestionsFILE/En_us/Invoice/
http://dayahblang.id/ACH/PaymentInfo/Document/US/Invoice-Number-613259/
http://dayofdisconnect.com/De_de/YBSZKLRBK8044477/Dokumente/DETAILS/
http://dbwsweb.com/launchers/Invoice/51114036606128/Download/US_us/Need-to-send-the-attachment/
http://deliciosapasion.com/Dezember2018/XIWXDDFX3202587/Rech/Rechnungszahlung/
http://deliciosapasion.com/InvoiceCodeChanges/Corporation/EN_en/Open-invoices/
http://demo.letuscode.com/INVOICE/85648790701/OVERPAYMENT/newsletter/US/Important-Please-Read/
http://demo.sciarchitecture.com/EXT/PaymentStatus/sites/EN_en/Invoice/
http://demo.sciarchitecture.com/IRS/IRS-Online/Tax-Return-Transcript/12112018/
http://devikaskyperpark.website/Invoice/87269881169328708413/newsletter/En_us/New-order/
http://dexado.com/InvoiceCodeChanges/files/EN_en/Service-Report-5103/
http://dexado.com/IRS.GOV/Internal-Revenue-Service-Online/Tax-Account-Transcript/12112018/
http://dfafreezeclan.com/Southwire/1509881820512019/xerox/En/Past-Due-Invoices/
http://dharmadesk.com/QjVP-nfjcJSn1icJtHJ_thCAjkLO-e1/
http://dieutuyetvoigiandon.com/Inv/214668218/newsletter/US_us/Paid-Invoice-Credit-Card-Receipt/
http://dimax.kz/invoices/2666629859221/LLC/EN_en/Past-Due-Invoices/
http://diocesedejundiai.org.br/ncrRp-85q01ZZiy0ogAF_fKbHEdhMa-vQ/
http://dirtyd.ch/AbZr-EJuCPqXSAcwszRe_BfJNrekrd-Pl0/
http://djeffares.com/FgNMx-ZuGM8zPHFJqqxe2_ZdQyjMWJY-Zfq/
http://doncartel.nl/aAzw-Wc9UZ0KvYSWVoK_kwewZEDk-k0/
http://dontlitigate.com/PaymentStatus/sites/En_us/Invoice/
http://dparmm1.wci.com.ph/INVOICE/4139/OVERPAYMENT/sites/En/Invoice-Number-088395/
http://drezina.hu/GFKb-YtuLNpitEFBVIRn_JCUWLuxO-D5/
http://ecav.cl/116062369634116/SurveyQuestionsCorporation/En_us/Past-Due-Invoice/
http://echoz.net/OlFE-6697yHmunric27_PDcqGcPz-6C/
http://eikokomiya.com/waIfU-uJVBbau3kwrOouu_KMofejhh-cj/
http://ellajanelane.com/qOCvw-MxK969UQ2LP4sOR_LeqBWXher-IV/
http://ellenharpist.com/Dezember2018/PACUAB2210352/GER/RECH/
http://enthos.net/7821219549604884352/invoicing/Dec2018/EN_en/Scan/
http://envosis.com/YGbZp-XnDzxR51xqcKsM_dunBxmBaQ-3Z5/
http://eqmcultura.com/PpIXT-aKgCiHrQuUWMz17_AQMnOOTJl-st/
http://eroes.nl/InvoiceCodeChanges/Dec2018/US_us/Paid-Invoices/
http://esanjobs.org/Southwire/6300088160294267754/newsletter/US/Invoices-attached/
http://esselsoft.com/de_DE/IMZXOE6039776/Rechnungs/DETAILS/
http://etebofoundation.org/De/ZUJPSXWKL7999413/Rechnungskorrektur/DOC/
http://etherealms.com/ACH/PaymentInfo/DOC/EN_en/New-order/
http://eugenebackyardfarmer.com/soBdh-1x7qvTek5IcXSKu_lyJdfaqKP-hau/
http://evaxinh.edu.vn/invoices/061125368554967/doc/En_us/Invoice-for-you/
http://evayork.com/zsyvF-H0B6fqM72TEuq8_JEeSofrg-rrV/
http://eventoursport.com/XnIB-cJBFgGFH5gkhJk_rDiBbFys-8Zs/
http://everett-white.com/MxoSu-cA8a7UvLDVcElb_ELLxdqfA-Pl/
http://evolvecaribbean.org/jwjf-URWh6sxrEizHyJ_kzAmqAqF-Xy6/
http://evoqueart.com/Fgnjj-J6Eg4G8plmoI66_gdCYbmSiW-9i/
http://farlinger.com/pJHp-hwXVc2V6GqowVXl_dKtEfeIa-1W/
http://fcbramois.ch/hWgM-ak24VYGRGaPDuV_LHHdIZfWZ-ma/
http://filipesantos.com.br/MGRN-57YVdCBUltWqSlr_CdoSsAXs-EpG/
http://finaltouch.al/14259874608/SurveyQuestionsfiles/US_us/New-order/
http://firemaplegames.com/CKhl-Q60awPKKA17j6mv_GylTFWfTp-rr/
http://flarevm.com/zuzN-TUaRvnvVVZXkSS_VyiogAYwY-O3/
http://flexoempregos.com/De_de/LKHNNSA4024946/Rechnungs-Details/Rechnungsanschrift/
http://fomh.net/VvuPz-5RzdNJT9ZWNPQC_eHHGFXjn-Kxx/WIRE/US/
http://fordauto.com.vn/ACH/PaymentAdvice/sites/US/Invoice-receipt/
http://freelancer.rs/rxZMj-1JLOrP9ig1ASzl_OWcccRIuj-zZ/
http://freemindphotography.com/gpsLl-cnZ0vsQMQbIIzUE_fGVlLKAb-yg/
http://friisweb.dk/NQOw-7dw1DU09p5WcR5_RzJBiDCD-RBk/
http://frog.cl/xhaIZ-g5BxV8zdtEG2rk_OYMIWjBt-lMC/
http://fupfa.org/EXT/PaymentStatus/Document/US_us/Invoices-attached/
http://gabmonkey.com/MmAF-a8BItBUJm7OT4C_VpUUBfhq-Ta/
http://gandamediasolutions.com/FrIGL-ODDOAA24NLeMVB_cIxjUBvB-WEW/
http://gazeta-lady.uz/INVOICE/Corporation/EN_en/Invoice-receipt/
http://gemasr.com/WbQEe-xBQ21DQ5BsYLab_qItKVGvnH-hQ/
http://goldskeleton.com/HLefY-NOssE2vvXkOwRj_RZLFnXVaE-QKT/
http://greenhausen.com/QSJL-GBNjGBqX6WDsYYX_GSlnWIVIF-ea/
http://greenhell.de/LIN857hyNQSt7/de_DE/Firmenkunden/
http://grupolaplace.com.br/INV/50468225084751FORPO/02786231763/LLC/US_us/Invoice-Corrections-for-92/49/
http://guangchuanmachine.com/newsletter/En/Paid-Invoice-Credit-Card-Receipt/
http://guidosalaets.be/aIdYF-CMCMOI8u1W8wubW_BqZXnooNX-6T/
http://hagtex.no/newsletter/EN_en/Inv-20340-PO-5N766285/
http://hayahost.com/SNIP-rvvUYrgNcjBxNm_xRPFWRhO-Im8/
http://herbliebermancommunityleadershipaward.org/Inv/0646711201472323/DOC/EN_en/Paid-Invoice-Credit-Card-Receipt/
http://holgerobenaus.com/rPbS-JGwxrsv2tlVFUN_hkuJysnXq-6w/PAYROLL/Smallbusiness/
http://hongshen.cl/Xj9CvnQivy3k3/biz/IhreSparkasse/
http://huiledoliveduroussillon.fr/INVOICE/newsletter/US_us/Sales-Invoice/
http://iberias.ge/De_de/RSTZOTKDU5242293/de/RECHNUNG/
http://inverglen.com/IUHiL-6WQESPDqOJrD1ef_PXNKInzM-Yia/ACH/US/
http://isbellindustries.com/5168016165002801002/invoicing/xerox/En/Invoice-Number-321262/
http://issencial.net/Invoice/16352075/scan/En_us/1-Past-Due-Invoices/
http://itsmunchtime.com/VSBq-ZErhIGsU1i8HdA_zppVZOGk-5hs/identity/Business/
http://iw.com.br/imnna-YkGrx09XxIkUPd_ZHrKVtmhz-O7I/PAY/Commercial/
http://jaspinformatica.com/uaSp-CQGqJDVVYhkMaD_DYpblYBOH-iCL/biz/Business/
http://jivandeep.co.in/mtKPl-CfPWlaa2bZ9c1ny_SAEXbJGZE-7k/SWIFT/Personal/
http://joynt.net/Southwire/26104633708625/doc/En_us/Summit-Companies-Invoice-5838374/
http://kadamfootcare.com/INV/9340968888697290FORPO/1162561821/FILE/US_us/Invoice-Number-63965/
http://karasiweb.ir/invoices/8584892246186683750/scan/US/Paid-Invoice-Credit-Card-Receipt/
http://karmadana.club/EXT/PaymentStatus/Download/EN_en/Invoice/
http://kkorner.net/czRv-TPCxHYXPm24aIa2_JgDIDHLg-iO/PAYROLL/Business/
http://kollymedia.in/Dezember2018/ZDWJNJNX9200474/GER/DOC/index.php.suspected/
http://komazawa.org/INVOICE/36750240/OVERPAYMENT/Dec2018/US_us/Open-invoices/
http://kosmas.me/YZrPN-o1EPjDwra36L6E_PXsUrltn-hGy/oamo/US/
http://kosmetshop.uz/COMET/SIGNS/PAYMENT/NOTIFICATION/12/13/2018/FILE/En_us/Paid-Invoice-Credit-Card-Receipt/
http://kremlin-school.info/CUGUNUVG4826454/Rechnungs-docs/Zahlung/
http://krtsanisi.com.ge/ACH/PaymentInfo/LLC/EN_en/Question/
http://lacadeau.in/De/KTFUGU8738502/Rechnungskorrektur/RECHNUNG/
http://lancang.desa.id/Southwire/36527843/scan/US_us/Invoice-2292135/
http://lariyana.com/Ref/46704734556DOC/En_us/Outstanding-Invoices/
http://lebanonturismo.com.br/Inv/64996742/FILE/En/Sales-Invoice/
http://library.cifor.org/tmp-delete/lib/__MACOSX/Southwire/11129346223841689/FILE/US/Outstanding-Invoices/
http://limaxbatteries.com/13506260511454138973/SurveyQuestionsDocument/EN_en/Document-needed/
http://lisisart.com/DE/IMOGAH6149851/Rech/Zahlungserinnerung/
http://litecoinearn.co.uk/Inv/8068148259/doc/US_us/Past-Due-Invoice/
http://litecoinearn.xyz/Dezember2018/NMJWEO0391200/Dokumente/FORM/
http://litecorp.vn/Inv/619359966458321174/newsletter/En/Invoice-5437507-December/
http://llevagafas.es/INV/99045423271703FORPO/145751934684/doc/En_us/Important-Please-Read/
http://lutgerink.com/INFO/En_us/Question/
http://madisonmichaels.com/yitRVrC0/SEPA/IhreSparkasse/
http://magic-garden.cz/INVOICE/scan/En_us/Invoice/
http://mahestri.id/ACH/PaymentInfo/doc/EN_en/Invoice/
http://mailrelay.diyarqataria.com/wf/click?upn=XOy2yKRmkrd9skQWjUPMkDo5ifJ2-2BsNPM5-2Bjf6tKVhI9Hby21xIzJZAgrz-2BUBA7-2FGIxa7YsQ8B2f4WnaAGgqkM95wbGeJnt-2B64JcTrf8BnU-3D_cthq0z3adJO3eRdfaqambtXS9Gp6gTt8E148oDqMWADY1Ts18pErDQAcnJ1I7B5AF5DFEIAPDsYpZjrINzdRhaP8viCfiP4twUibRXB7Y5kVcdoWI-2BNT4NX9BwkUkUIgdx8zXiYzF8z9KbdC5VnimCBgrUw6UndZl7LM4SrzpjQJz5CX9wn-2Bc3k4uXfdItPZPrzwEO2EtwbBORp3dyfRw-2BpKJXVI3RPbNb26d1ePc3s-3D/
http://malangtravelguide.co.id/INV/1579240FORPO/469374955932/Document/En_us/Sales-Invoice/
http://mariabonitaarts.com/EXT/PaymentStatus/Download/En_us/Invoice/
http://mattayom31.go.th/PaymentStatus/FILE/En_us/Open-invoices/
http://mayurika.co.in/445276481706212/invoicing/xerox/US_us/399-66-969551-430-399-66-969551-089/
http://megascule.ro/GWCBZRAM8509844/Rechnungs-docs/RECH/
http://meiks.dk/Dezember2018/QOITFEVD2719687/Rechnungs-docs/Rechnungsanschrift/
http://meunasahbaro.desa.id/ACH/PaymentAdvice/scan/EN_en/Invoice-receipt/
http://meunasahgantung.id/xerox/US_us/Invoice-for-you/
http://meunasahkrueng.id/Southwire/00785282115370/xerox/En_us/Invoice-Number-64344/
http://mgupta.me/EXT/PaymentStatus/Corporation/US_us/Service-Invoice/
http://miketartworks.com/De/APTOATQHEI5187219/Rechnungs/RECHNUNG/
http://miniaturapty.com/DE/SJXGIBBY2190847/Bestellungen/FORM/
http://miniboone.com/Dezember2018/RFIDIDLMG4318849/Rechnungs/Zahlungserinnerung/
http://mofables.com/De_de/TJZIRHYUA3781669/Scan/DETAILS/
http://movil-sales.ru/InvoiceCodeChanges/files/EN_en/Invoice-Corrections-for-52/89/
http://msexata.com.br/tWEE-RsiAaS7uoyPffN_JHlxalLB-bE/WIRE/Commercial/
http://muggy.co.tz/ACH/PaymentInfo/FILE/EN_en/Invoices-attached/
http://mvweb.nl/BSXc-oiVKdiaSUENWH0G_LtCUjUqT-8i/PAY/Smallbusiness/
http://myacademjourneys.com/Invoice/3365360325/doc/US_us/425-19-922821-821-425-19-922821-025/
http://net96.it/Ref/701282716Download/En_us/Service-Invoice/
http://newstoday24bd.com/COMET/SIGNS/PAYMENT/NOTIFICATION/12/13/2018/Corporation/US/Outstanding-Invoices/
http://nextman.dk/EXT/PaymentStatus/default/En_us/Question/
http://ngayhoivieclam.uet.vnu.edu.vn/wp-content/Southwire/378845439/Corporation/US_us/Document-needed/
http://nhathep.xyz/Inv/46152529508870660/INFO/US/Invoice-receipt/
http://nierada.net/invoices/589665763560/FILE/En_us/Scan/
http://nolife.antonov.ooo/InvoiceCodeChanges/scan/En_us/Inv-912546-PO-0K151819/
http://novito.com.ua/INV/718874872921FORPO/59409321645/scan/US/New-order/
http://nuancecrusaders.com/LLC/En/Overdue-payment/
http://oldmemoriescc.com/INVOICE/doc/En_us/Outstanding-Invoices/
http://omega.az/doc/US/Need-to-send-the-attachment/
http://onelive.lk/De/JFOVKY5270403/Rechnungs-Details/Zahlung/
http://pclite.cl/lpWfH-bklSQf31o9cZZc_NVchGYhaf-HRP/biz/Personal/
http://pingwersen.com/InvoiceCodeChanges/xerox/En_us/7-Past-Due-Invoices/
http://pitart.gallery/25384524413355816548/SurveyQuestionsfiles/US_us/Document-needed/
http://portaldasolucao.com.br/De_de/UNCMPH0898010/Rechnungs-docs/Hilfestellung/
http://progettopersianas.com.br/INVOICE/sites/EN_en/Invoice-9290167/
http://pro-prokat.ru/InvoiceCodeChanges/newsletter/En/Past-Due-Invoices/
http://prosaudefarroupilha.org.br/PaymentStatus/LLC/En_us/Overdue-payment/
http://puerta.hu/MOYOCALGVW3918959/Scan/Zahlung/
http://raiodesolhotel.com.br/ACH/PaymentInfo/INFO/US/Invoice-66828072/
http://realistickeportrety.sk/Inv/87547218524040/scan/En/Invoice-receipt/
http://realitycomputers.nl/MQWk-Yz8DXc1v6LkJa7k_deQmclqEJ-zVV/com/Personal/
http://renessanss.ru/INVOICE/default/US_us/New-order/
http://retorika.co.id/ACH/PaymentAdvice/Download/EN_en/Important-Please-Read/
http://riaspengantin-azza.id/DE_de/SOLSRRQSAM4156908/Rechnungskorrektur/DETAILS/
http://robwalls.com/EXT/PaymentStatus/Download/US_us/Invoice-0196664/
http://roffers.com/kpRw-HDMdJyod3rnDmOd_aHSReoktw-Hkc/biz/Personal/
http://romeoz.com/jweOY-sx2RK42Nq8QZMD_zAcjgpgB-nr/PAY/Personal/
http://salazars.me/Invoice/3735612190630646/INFO/US/Outstanding-Invoices/
http://sandau.biz/InvoiceCodeChanges/Download/En_us/Question/
http://sandiawood.com/Ref/8083206239INFO/US_us/Past-Due-Invoices/
http://sato7.com.br/873150038392/invoicing/INFO/US/Paid-Invoice-Credit-Card-Receipt/
http://sciww.com.pe/Inv/6945970686367087667/Document/US_us/Paid-Invoice/
http://seraqueetea.org/Ref/246252169837980273default/En_us/Past-Due-Invoice/
http://servkorea.com/ACH/PaymentInfo/sites/EN_en/Document-needed/
http://sigi.com.au/ACH/PaymentInfo/doc/US/Paid-Invoices/
http://simplesites.ws/De_de/DYKJEWRO9212040/DE_de/DETAILS/
http://smallbizmall.biz/uJSZ-u78CF6kWwHmgUK_ITTuWNjHV-zZL/PAY/Commercial/
http://sneezy.be/ACH/PaymentAdvice/Dec2018/EN_en/Open-invoices/
http://sprayzee.com/ACH/PaymentInfo/Document/US/Invoice-receipt/
http://standart-uk.ru/InvoiceCodeChanges/Corporation/US_us/Outstanding-Invoices/
http://stourside.co.uk/glUby-DJSvAlFixtjYx2a_nxzFmBts-ldG/PAYROLL/Commercial/
http://stuffedhippo.co.uk/vQYT-mzihM8NNEgZpEJ3_BNxKoYll-5G/PAYROLL/US/
http://swag.uz/08781215816/invoicing/Download/En_us/9-Past-Due-Invoices/
http://symbisystems.com/DE_de/KAGLNC7783064/Rechnungs-Details/Rechnungsanschrift/
http://tacticalintelligence.org/SjyNK-xQu2D58So7hdewI_BxSYumYfq-yll/PAYMENT/Smallbusiness/
http://talkingindoor.com.br/THaZ-78esqgdOTpmqVOm_XPEQVJfXt-Jd2/PAYROLL/Business/
http://tamer.gq/INVOICE/3544098191194/OVERPAYMENT/Dec2018/EN_en/Invoice-for-e/c-12/12/2018/
http://tayloredsites.com/PaymentStatus/xerox/En_us/Service-Report-31195/
http://tcbrs.com/Marb-R42pAlaO6uxGxrN_yXGVOodk-3s/ACH/Smallbusiness/
http://teambored.co.uk/PaymentStatus/Document/EN_en/204-49-829399-151-204-49-829399-650/
http://techniartist.com/Inv/2900076884964/doc/En_us/Overdue-payment/
http://teumpeun.id/EXT/PaymentStatus/doc/En_us/038-11-266344-135-038-11-266344-323/
http://teumpeun.id/INVOICE/0548/OVERPAYMENT/files/En_us/Past-Due-Invoices/
http://thecreativeshop.com.au/Ref/95535939768779329scan/US/Invoices-attached/
http://thedcfc.com/INVOICE/Download/US/Summit-Companies-Invoice-19724953/
http://thelastgate.com/48010190/SurveyQuestionsDOC/En/Past-Due-Invoice/
http://thestylistonline.com/INFO/En/Outstanding-Invoices/
http://trakyatarhana.com.tr/PaymentStatus/default/US/Need-to-send-the-attachment/
http://travelcentreny.com/Inv/5547289622/Corporation/En_us/Invoices-attached/
http://tresguerras.alumnostrazos.com/EXT/PaymentStatus/Corporation/US_us/Important-Please-Read/
http://ulukantasarim.com/INV/270845180943612FORPO/58540569780/Corporation/EN_en/Paid-Invoices/
http://ulushaber.com/jtfY9x3VTBqvYBT/de_DE/Privatkunden/
http://uplanding.seo38.com/PaymentStatus/newsletter/En_us/Past-Due-Invoices/
http://utorrentpro.com/Dec2018/EN_en/Overdue-payment/
http://vafotografia.com.br/InvoiceCodeChanges/Corporation/En/Service-Report-4012/
http://vanmook.net/ACH/PaymentAdvice/default/EN_en/Invoices-attached/
http://vario-reducer.com/INVOICE/807930563/OVERPAYMENT/Download/US_us/Paid-Invoice/
http://vindi2i.com.br/OVpb-FCmS4MdbNnj7HUp_WqLQGRqzh-C4/
http://vision4it.nl/UgxJL-j2mKAtyjQNoVI4i_eUCkdhdd-hi/PAYMENT/US/
http://vn-share.cf/Southwire/963553843085660518/INFO/En/Invoice-54164011/
http://wasza.com/qehc-YSw966KXQyrrXe_REmkFWYI-ah/WIRE/US/
http://webeye.me.uk/ACH/PaymentInfo/default/US_us/Paid-Invoice-Credit-Card-Receipt/
http://wedjoyet.com/INV/687379885658FORPO/67247958864/Download/En/Open-Past-Due-Orders/
http://welikeinc.com/Ref/98376118951516515sites/US/Important-Please-Read/
http://wellmanorfarm.co.uk/COMET/SIGNS/PAYMENT/NOTIFICATION/12/12/2018/newsletter/EN_en/Paid-Invoices/
http://weresolve.ca/ACH/PaymentAdvice/files/En/Scan/
http://whsstutums.com/5905318884560448/SurveyQuestionsnewsletter/En_us/Outstanding-Invoices/
http://www.anewcreed.com/INVOICE/INFO/En/Open-invoices/
http://www.builtbyk2.com/Invoice/836618423631369/xerox/US_us/Invoice-for-you/
http://www.cbmilton.com/Dezember2018/ROTNVE6418406/Bestellungen/DOC/
http://www.cus-vpstest.info/InvoiceCodeChanges/xerox/US_us/778-89-722984-845-778-89-722984-908/
http://www.denysberezhnoy.com/COMET/SIGNS/PAYMENT/NOTIFICATION/12/13/2018/FILE/EN_en/Invoice/
http://www.finepropertyuk.co.uk/003637892/invoicing/doc/En_us/Open-invoices/
http://www.mayurika.co.in/445276481706212/invoicing/xerox/US_us/399-66-969551-430-399-66-969551-089/
http://www.mteiedu.com/059776410/SurveyQuestionsLLC/EN_en/Question/
http://www.mteiedu.com/EXT/PaymentStatus/xerox/En_us/Inv-77466-PO-1E815385/
http://www.progettopersianas.com.br/INVOICE/sites/EN_en/Invoice-9290167/
http://www.standart-uk.ru/InvoiceCodeChanges/Corporation/US_us/Outstanding-Invoices/
http://www.trakyatarhana.com.tr/PaymentStatus/default/US/Need-to-send-the-attachment/
http://www.vanmook.net/ACH/PaymentAdvice/default/EN_en/Invoices-attached/
http://www.vario-reducer.com/INVOICE/807930563/OVERPAYMENT/Download/US_us/Paid-Invoice/
http://www.vn-share.cf/Southwire/963553843085660518/INFO/En/Invoice-54164011/
http://www.zengqs.com/Inv/23623457/default/EN_en/Paid-Invoice/
http://www2.gamingsupport.com/90988189803400/invoicing/INFO/US/Invoice-for-you/
http://xn--e1aceh5b.xn--p1acf/Ref/0109743539503340LLC/En_us/Invoice/
http://xyfos.com/PaymentStatus/default/En_us/Paid-Invoice-Credit-Card-Receipt/
http://ygraphx.com/ACH/PaymentInfo/Download/EN_en/Invoice-1047876-December/
http://zoeticbuildingandsupply.com/INVOICE/8899719039506/OVERPAYMENT/files/US_us/Outstanding-Invoices/
http://zoox.com.br/INVOICE/xerox/En/Invoices-attached/
https://cssoft.jp/Inv/86387882401466734026/DOC/En/Invoices-Overdue/
https://dank.ne.jp/HoHv-qnp1ONYYbwDd3w_FmAKTRaW-WlM/
https://fredrikhoyer.no/invoices/22714/5927/FILE/US/Paid-Invoices/
https://misophoniatreatment.com/UXIh-DHbnGRYXQRqFsi_UdZKkRrqM-ttH/ACH/US/
https://u8225288.ct.sendgrid.net/wf/click?upn=umN9mMspXzjEfB7VXXNq9B-2FzZrXFlkmn0GZx43iOIcm4pGy-2BuMPJ83jY7yGAoJ8YJhbNt7KoZtznlyF-2FNGcP9Q-3D-3D_lMNERjmtflUziQ1SZtxyYm0JqO7xNbc9As9GKBzqRm5OH4ac-2FRLL0jVaqiF9lYFSL0kvTpgka05ooloPQH3tPt0I1ALU32TYKpHxRhLhjK3mVGUtcqO0fXMVbfPUdratThYOH0ETl1tFWpMtb4rR-2FDh3yOCmOjQUhUlbeT2qUZDJ1v1C37pKm7J-2FhtVlXfm7xaZ-2FihftsJNYiO1lsjrPCKpF4ou0YCY1dMBUhvYZpA0-3D/
https://u8225288.ct.sendgrid.net/wf/click?upn=umN9mMspXzjEfB7VXXNq9FX6nLwma1zrIPODGLhVAknlgnUFO2e6TO5iFIHA9htEzXgsdJ-2BWEfjOw9WWFT-2FirYx2QAFbOQOeJ772e8U-2BLTE-3D_5ZVnRR-2Fbx-2BRDJG1hw-2BgdRmoqHKGfHafTU3FcOKHSw-2F2wB-2FqsUnkr7Sirut5HHkJ2R6AsG3BLjA8Jt2IIvdj5cbtx2jzyNkJ3IjJ759959QnMfA-2FH257pl6e-2BoEkmaIr8t1Oa-2B7WkXZak4nlyQbkX2tsn12EYN9P2kGXXADwlF-2FH-2F20euB41f1ORaNeCUt5RxNkUxeQXj1BtG-2FrkNzQ-2B050eDHo3IZzSAAjVVZcyfCcE-3D/

Creation Time	2018-12-13 16:38:00  (Eng - Orange Text)
SHA256:
1e9159f34ae36852205e29116681a99a96a5b602c7e39075863946b3195d2ac4
ac8264939e32b9ce905ba5ce826f8c0de2f9c97d3f4386fe0547fc008cfe02f3
9ed4918b3737a81d17e9b2a0198ea3e68ec4eca386320e2cc27d0eb50065a242
9a07f5bb5538c9bff815000d454bd2db0de30380e9b734e577471c1ba5d5edb8
0a72b9250b1bea5bea854681723f1e37ad717e1f906e65af2862a8e0874bccf1
e9746d840999e5afbcc72d869c337c52bbbfe2f3cc9189307710b7aaf8781feb
3a8591e9afcb9ff5f1f0fddeefe7afde78e281f8cf0b2a0b917139105b488268
5bc3a24e2e1857fd541975f994594c2aec951e72ade1c76bdf5888409043e4e8
1db86afc90493fd03e9223a54a23219ddc9eaef88da2cbe5f41e8c7337b97de3
1d37340d371237e74eb0fdb0f972c2dcd6744fd511d06eb5d33afde8a8295528
d2dc8c5c0090b04d779cc027a7e522f237c4d5b785e00ff7ac6930e3af123097
c6355c5fd03ef206cb4cc07fdd80895c0018b3ff4de8bbeec23e3e828d5a5d1a
a4a5451bbf60cc2f016344d65a57d32d39a1796f61e60e13c669723235488ae0
ca5e6fb545910a29e693d99f1bb83fdaf78e21aeb31297f101c7d6ca6adb1b1d
c10b18679be8a63f95633e6b6c982407234f02e11730d039742968b930175f2c
b2dfdad56d47ab7ca74c9a3a3270393ad23e8ef136ac5a58011b646b4a85053e
188de9c5bcc224721e793a1911ededb50f5a784b22e08486a6352242efbc98f7
0474f1188d117fb6275e1634f562db07d764f8e74b160ed6a0bf7f3b2e793ca2
ef3738867469a3467ef046cd16397e2a00145eda1ab9c66e7dc30910dad10509
62910bd4dc39f1b8dced0bd0d393b1c9eef4a34ae727298460d4339fc82b962a
2f83e5e09e185c7635e62a18ed0fd5c4c5a7895ba48343cee9c2000ab2962f8a
c8c6b32ba816568dfd724e59a76e6150ca9410b2c3f958f155486faecc49d731
b99358b4abbcce4c8341416dfa9450cc760ca027d8ea3be5e70854c545dcb917
3d7d4a6045c8b3c0603f290ad3e54a00b561293ce7b7d6d8c11bd61dbe1306ae
1531d67261eb465b2548ca60be969d28590011e6d21d5682ef4a89c3122098db
0ee37456c702b8e1650b5df248a87413c41687eecfdbb4ff540f41b0a88cb888
31b1dfe47811b285e199491f74f04438b52826f3253a80b951b29f402d87ff31
5052248113913256eb15b46681b191471a669bf4e6c52ec9634ac9f8b57117c7
059887456aeaad64973c376c9eccdcd518ca5490c93e7e2751ab90c1d06686fd
d79d2e007a84d1aff0769465f234f6e3185e02628e72bc871747f1ee3393c1fc
8422353babe9a931bb87c984d5158d1ae9d0f222e8936b47735c700330e20f5f
08484205eb780119f2c37ec36751509b9c65d902a288dc81f7d7723eab5ae1e3
c1fa562de8b39a1661c68930fad19349105e2c1f25489a050f2dd4729d5e26bc
7bb1da7696aa432cc5d18fc3fc6cd233524f23148b64c8eb21b042faccaac72d
e2a4ed011d2db1ac43fc3ec0ced1dcc1d2db83b52e58ff75c8807ecb38f787e8
89a2cdc1f27f003a715f5c5a6bc14613921c87d127c4091ba066edc1d760c3db

http://delhifabrics.com/dvPxItY/
http://kaiteelao.com/ZiN8rdvvMj/
http://altayusa.com/wvvccw/IKYMK5Soc/
http://meunasahmesjid.desa.id/NB0K5EE/
http://likaami.com/49GakoBi/

Creation Time	2018-12-13 12:53:00 (Eng - Orange Text)
SHA256:
5e60a0cd2165c0d4d61b627f2816f57f737f6f45a230529f2eb90127a7f2677c
3b01d4fcbb0f81bcbd847058bca122f96a25c7fc30a4b4774d9eb62fe9ace4ba
05d698916d1c31d378c1e1fa8615f98a97c801f0106190eaa76f6dd83fcb09bc
cb26e507710fca7e611e9efc6fb741d405d680b37fb3a591ebbfaaf0cd53d276
6ae3b1275b347cdab3cd2655a9a9d9f188aa5212b43f2b05d4cecd97362a2419
c135d195f6bf98e8120b276b5c9109c5628de4abd448ba16e64e6b56f9ed6771
ce1c0f5f5abd6ea153c0ac49b79a000328581ca3335f32b73c551df8a81ed427
4d20cff1990bffe64b6ded89a9d388af2690593e390ee1a5e2be59b6eb3ff5ba
f686f3a888bacc95720a644fc755514690b4934c35124c78f7655881465984ba
480650445d591402475a9c3e51602cae3d969c7ec883a225b8f2765e6b52d5dc
990a095527a78022c8a2a6aa925489c2af6417776bbd39994528d1849e227b39
4e8471f745f86dc15b5355d2a316f640f46cdda3e1da21085c9d2ad116cdad90
705a3d7a0df5a354e9b8a4ab05eb1e1fa1784c5c18fea76eeeacae5ee04f4a60
8feb0da37fed081b9fa81c3c72bf12c6d25de0291b7c389fd89ad96442bc9a9d
a147bc1a8db03640f30da89ec2002f7ef4771e77a1f7a27c52130ccf84eb899a
fe78b25b91d166935e2763f6742425a926ed480e4ad1f936a982e2ef72b001c6
60dfa820c8a6e5dc039647170659f35cea18dee16b38b9e5661c23509a8151e3
9b0b449eaad720538182fae0ca340a2f8ae1e51b3a40a9c68a52e5afcb774f82
f07d8064c9c02c28b6d0cc03b6927e997bd8a0679c40613fff307646b204061d
41cd78b1d9632cd16dd25bdb21f4e2581bd82bc9f00962fd0fc99ffd4e4761e7
abf591321ee9666a3119ed05190ce39ce1e41e4a198da0534c27b1419c601339
c5ede631a135f5d58cde89531addeb2a0cd6b0331789c96cf6b85b568db3f3f9
aa4d9458d3efddbc60b4d544d18a0a950dc13aefc6398631f9de1d3714efcc6d
9134b23fa38d96c12a283a0b82d3baed117763c62e73a6e13baac98d4c7f326a

http://canhovincity-daimo.com/wp-content/uploads/YImNUM5e/
http://jamieatkins.org/vL65i9J3ev/
http://ahsan.buyiaas.com/ob46Bkrx4/
http://chbw.accudesignhost.com/wp-content/themes/auto-repair/cache/p9n9oz2c1/
http://exordiumsolutions.com/HmoJW2W/

Creation Time	2018-12-13 09:54:00 (Eng - Light Blue with White Text)
SHA256:
3f9d7dd6a02266223f179347270e665c7e6109571739976e64de4e0cf9648552
c04af4bdbe317feea3b7f668ced37cb1478c0f9a5fde400012c2420dd66f1a92
9db4a0892d75870d05dcaf7ff38fc01a1d810a62176527dbd8cb83038c2bd9c5
7621111ceb66934cdc9397af16680ac2bb1ca7ff5cc68945021e88de380f7173
cd93ee4981055710ef72d5dab3a0f5fede6449093d4115fae7c78d70f9a648ff
72a7c8daeee57fdd2065746eafe3c7a7f86c78fb82f3868572bc939f649336c5
c0ebf3c4ffdb37a5d7b758841244c7a28249ca6b12216ac8302f83560b37ec13
53f842bf465e34974627cc0dcec21446dd156c133ce7bcfe286e5b61162f3dd4
049b79dbaebc327aaa16695f590efb893f6339cab2feb5069387656553f48b05
23009f4757f68624d9fd2e5cb43c139cbd78414fbd3fa402ad400728b2bf05cb
60cb250cac9bacddb8a27a619462e9234632bf23545d9558abefeeadbf895825
0074ea8036ccd9e27fb2f1f98ffee2b50293c7a7c9447f4cb30db36704a2307d
b343c1a13897913f6aa42086ae71db86188361435d8b2a4a418166aa2f731f89
7c725096c142b2f7c200131eb4afe7b2ae634a66133c23e38f6e40404003eb20
11487652c9b837fe984110d3fee7536db6686cca67d1d1dfeca6b3f7381247c2
88dd7c1d1303e9d31bb7927f686aa0ee744ba5ccdc4d04ead0fd38c7644560c4
bea2285be0232ccc6ff21d158f58391fafebba4db6ce6c5d711c4b5954cd45e4
61c5221a7e364b7bf0468aeeb5843bd0864d791ea52230a575ffd49e294562e1
8349e7db43b2dfd5e963b843784e0852263aae6ede7e8c9135679b32b8dd868d
7261006f6c82b21e3eae680f433fb22f519f761c88b9c32d91ee385ed94f530f
69847632d38d300a0c156d8275f058a86c60c9b14d021c010e6e476ad49228ad
1dd1be6a1d233707da9e17b3115416cf7cf17c91873689c67f32d8fe27568e0c
5b124e8c1bcf94fa65d2d8677f9f032611e7c490028d3269a9d8bc21ceda25c9

http://honnhan365.com/vveewrK/
http://bio-rost.com/WePqBp3q3Z/
http://www.58hukou.com/dE5R864Uk/
http://mossworldwide.com/eGPgHevr/
http://fizra.pp.ua/WdTK5Z2g/

Creation Time	2018-12-13 08:38:00 (Eng - Light Blue)
SHA256:
f73805f33e356f603413bdf591e947f418ff4c5a2a4f466e49978233385d135c
4dd10f9550b5b66fabf7ef0e285a8b0abec781915116054885c77b7a743b149c
3d9fbda45ba09ee4133f50947564e9104bab5fec48c6a69361f6151758c15458
f95b8c3df9cabe9694072ed77ace4f75141ae8b059264df36ef34fa5ef49e08e
c0804dd7608fad13de8fda5c890311f5f049f6894069820bd8447bb8d79b7b95
718a5dde8a3f88876e81e21bfae2d095e21d33cf5eea16c1f6c66a7c06c7691b
38ab2381d1b297a9abfdc11123676b0c8113c17b599dd70a091bfa2f56c12600
a1fd1ed942f32863d191dbecbe74b26ef20a3e329fec25863ee1ce67add842e9

http://kids-education-support.com/5eTcwCB2/
http://ahsan.buyiaas.com/Ch4PWTa/
http://lhelp.pl/mQG7nzYTFX/
http://krizasrednjihgodina.in.rs/CpzQN1Nt/
http://lariyana.com/xEVzUal5k/

Creation Time	2018-12-13 05:47:00 (Ger Language- Orange text)
SHA256:
484e4f08d86dceaa6b9e865bbe668f5f4866ff0be9f7b07a311e10f878f53323
ec4fe7078848260aee4fa0cc68a38e5b99c285c1ba21b912a3a185524e61af44
f251751e4ba8f30f10322347143d2506d8799e2a3c3845599d2c562ec2af3e8f
dbc00665a8f9036492218e8fc7778c07104a73fb81071dfea860cab08e691728
ac09f502c5c64fc9d73e72b58689007a3a35d6db13d057226152a87ccb3f1011
423e678f591aa029ba338d8d76c9bdced507b2865d942751416d79997677cece
03bf741e6375d567edb0a47bd3f14bfec36059f84e875c96a067acff82988baf
85d50a223deb714c741331bc9cae5b613f6a00221006f7dfa15a2bca8add5bda
2a0628c4419abfb29c1f683ba7a2fde9bf736d835e98746449e2b4b6bc725109
266d10f136184eab4360ef0af2102787c3f403649bc09802d44b761e1f18877e
d098e31401f8fdb11477cea1f8259566b046e0082274a9946d9938c578f44b03
677aa367cd9e796e75b3a75f698afd8fca56e94cab34246edf02f1d9c7537935
e4b24511cc917ade7426299c2cee9c3dd93fd2c90e2c30a5915e95e529160b9f
ae515a5b3884b7e5b9905f0a7aad16e3a965a3f72541953c851844feabbad910
05d136bf4009fa6fe0cfaa756e26cd7f8bee560a561e1396dd16d3cdb37cac59
96d32f55441adfa5f5766d157cc7f79e770db6d41ee4bb7e87e156669e402162
2d9af47bdfaad60fbb8ef0a172a35cfa53e7aacd2be8b97baa40974b0e3aa307
3f5f082e6d5d107314fc35db7baa78b4a10463c270926af9c1e646e70f45e5fd
b9a169c94696cd1499fad1285ace781057e7001586cb0c775fbfc0c279a5ec56
675dc71f5f7a483b191dea97c8e114ed9f3124d33d62afcc8d6e22de3da5cb23
63403dde76035135def6b7d490ed53a01bd2139e4aa830e7ac3e2f2558a9fcd1
db527bad9194f5fabea07a8c43feebd21516d898699dc1100560867d587362ba
ece8a2d5c751d99376de4f62d85b978038d2ab92c9db6694583eb1f4264fe393
f365b545039c24acfc669d4ee12abe17de6173dc32af33664c9cc2afc187de0a
91dd4be6abe4cf914d86fc33764a13d63342933bae146b368b9d5c441162191c
b301df0446b44c9cffc05ac2b7b0d73b64de003355a4301a1ad38c2e6397663b
f46b7b5d33cf825b1fa2eaf6f6442fc7eeae41cdf3ff575be9ca226496baa978
c472e9d526226fc4c9eaede772ab452dabe3c31446fbd67bc2ae546246bc9d03
0424926fd484b6c0c7c545567ec406850279dc8ecab71e1d4ddb69212028c1eb
920f0ba4994c8d9a3fef463d0cad517d828f8f4097eb3510b20ec868838e4f9e
be83bdfee22763c67c1bf842415a3cdc52139385708be0d9c5938aa401c98b9b
db37ad102162222df58bf0bff85724dbc9f226716f99313b8cb65e69e2efcfa6
4b94d1b629d0d8916d46155b09eae75e2fe0dfab71da0cbdf9f278b27032f3d6

http://kevindcarr.com/2LX7brs/
http://drcarrico.com.br/x84QYtM/
http://laktevit.ru/SDc8QJK4yY/
http://vinhomess.vn/YYzvWTZP5L/
http://staida.ac.id/iPK7Qy3i/

Creation Time	2018-12-13 03:50:00 (Eng - Light Blue)	
SHA256:
149bf544ba2941b9bb71c9b00784328ab1854b8eb4f6a146cf4d7c3d3b0ac409
a244daeb0426fd380c58234724705194e4fef3b196687d1caaee8323ee793306
ec7e20e0e2ca3418e8b43c6e11aee58172ebed0948fc47f232d536b7f09e286a
e054ec7c6b7a6689ca9d46ff8983fbbc458c2df54f74898feaea3a421158363c
bebead29ee76ab485e6a6397de02397ebc10ae8c575169459a034f25b96f3c0f
8db30323556df9a4ab602ec8ee108f675000334680f45a5eefe16f605435da3d
ee6e161447a287b9128a41c3fb09efe48d749c4e45cf12ccd71233ff756df4a8
02d27ee336205b63bdba08a8d75b2274b6c816bb5dc9d253e434888e2569c22a
9e559af5445cf47ba83a855b18678db42785644dd16dcd953842f13c02ec2e60
ac77be0f808ff6e961a7c39ddd15ada52aaab51939cadbcceb518a84bfbd823f
781289b182a159a7b221a906baa693f6db144e411dd7bddd17314329cd1db1b0
c31595182c8643e271f6b73db74eaea77211b3a633d6c7a45ed3ed1fccc9ff96
65537d2741cc2b302f066a969a9b715d532daeb714e26abec0520e79dbceb9c0
cb7e637f539402048e30e3e4f2d60fb29a5f6e3141729f4320fb8fe643996e86
7000e2c985aa33762a07098806c87a0ece3d8a18a04c4df0bead60452c9623f0
d4a2825bd9cfb80b2c0fd29477103ac562c0c6dfb3db4c7732d841ec35e87e6b
e93dd861353e882a0f8818fbbb1eb493a1f5a3861ef80e9883be983dacffe633
2eddcd8f4fc89e9cf741945543a39cf5cd46157ca1d51bfa7d02291dc2a6136b
c78c8eb870618dfc2da7c077942bc47e8ad4b235b0cb2259b8d0c49c26e3b520
d181082369f96fd62470f13755b8b388b1c7f26b775808326287852f39ecbd74
69525cd72d6eaf60802f35616ac60fd96847d2aa09c96bf7858c674e545cd1ad
205cabae96f3d29449069698d3e0ae8658e064de0c88ba42f86a916cb9ad321b
b2f01cea0e17be4d633abf708a887e372f71e646f4d36bea37b52c072e6435e4
05fe1848161b90ad78aacdf5edeca9a40e5126d6d17670c86d655c8d1f5b8e48
5287feb27244d2fa5835a1730b9b49ecf1434d780c916ceecdb562158e7639af
36d036089a4445da00df30f72533cb7a6e00a80f9155d964fb1d5ff66f0f0110
73f7e0f35e85e30c9ce0b299da2901060efe0d516386ce86be5c968b9f7e4275
305db3188800149cf22fb8197a3bc92387d82bba6007f1e332aa830758160d75
73a344e9341eb922eb06329e7937d8981d7e9b86829ee373b371bd4c12fa613d

http://www.nurserylk.com/4TWENjw8/
http://www.afubiagroup.com/XQoB5mT/
http://www.mijnlening.nl/0TVfImnA/
http://www.iddesign.com.ve/lityBOHwY/
http://www.surewaytoheaven.org/jjmegtILZ/

Creation Time	2018-12-12 16:35:00
SHA256:
6bd210ae2f0a2c1b6886bab67713e42936d687b9a14db8b2826d7c1cc88f941a
79afdcd26505eae486e0ede5204f5d83bd9bd2005ae2a953fc2a6b6217c311bd
b461f3496174f4b671beb2aaecb1d7fac4ce6df4a73f92d6d76b781e78d3b53c
394ba39f9c144555d7d413098cf523aa65f7927c8f3379735dfa0732496f7ac0
38685942b47e58990dc620ef197910464398fd45716d7322c47e72a4b7d1e52b
f8c36cec2767f46bd58e3ef2edeeef8d4a078d2ac3728537f42869f224aeccc8
0890b4e1c771314ccda93daf08c09421237c800e526ecb6e53be5cf4b3558d7e
9c96d7ba1c3041d262ed888c4c789420a162a81bc7b3b811ffd240b11a0d7c94
28c78eea36d79227244861fd226cf21ccfb849026c6157f3e46b71f2b748b308
9b082f678d9a5d2d96ab3b2c39ef83a0bb9c96f2fe56c410f5e73b74fe651f84
45dd4db884c48ae1bdd66b923a1aa3dfbfff9289a82f2dfd799173631b268675
6ae17b7526c8feb9b665c32ddfe5da813631bb354e632c4742b141d64d85dfce
dee55a9915ba38f791232d65870f33f487bdc7b2b3d9f1ff2092f835d75e4d2b
246b1803bbd1d0106a274022c5fc52d3c739ce83a7ca38fddc5dc4a2e82287cc
181c3ebe7f8c9dc8ae1841e9329ceea8fe4e1ac360fc00c53893a891364879a4
b57238d246bb1589d3d380e2cee1d76c6b6061d7f888736082edd52dd7eb36ba
dddef4d9f1ef46d004a1d4805cc71a80c40efc2aff81705a0eb4997905fd7c5c
5059ac7dab8daa7afa9447c7a67e73746d03bbb3a679208855f4c99f79901289
7b3b6bd02ce13e57dad9d4bd2570251b1d003a94d241b711928fb3e7eff32067
d1ec83bc7b6a56ef3766a77ddfb1c9f545f92dcefcd946c43d1fc89e9e616d45
6cf6845d371f197812e959ea33e0d333bcbd4eb9235e3ffe31ff41204c686b6c
444829d73678d11a129dc899c432ea0b9a98de6d33624bfec130beef41e54b27
f52bffbbb1463d2dfbd5fcdb0b4079a5968bc616bb29e0b178ce8de00ba1722a
99f856147693cb4820aca1685c999581e81ae41fc87951ef3f0b3d5841e2a5cb
4f51bef3d98f24b0ab216ca1bfefb570d27c85912c1254072750314107bf35e3
de38a2bfa5c7b25b2fa7753709cecca4e9009fa7201c27289aa30b8f399f24a0
ad2841849e5d2e4f1f4289ff3e21cdca259c8aab0e2fbd973b6905c904bfc673
b43008cd5380c0b668d11fe9193fcb0d052b79558ab6479193c219fb251936d6
c5935db6a62f8f748198fc2fef10fec7444ae4c7ddc20d3448422a41a5d91764
392a9add9c56725ae711643e7b3595186777f48ccdf5181b0b0e7b89e1fb3e89
df15ec550e90377179f4483e05d10c7e874faa20ff5347aaa6cca77e86001133
3e0014709362067da201bc54cdee063722e5a554555e2c8b0e96c120dbcb1c03
181c3ebe7f8c9dc8ae1841e9329ceea8fe4e1ac360fc00c53893a891364879a4
489243762401e9ec841a4df7025d4c5a46688d7b7fc2a8cf88f67bfce2fa61e2
317994330385b96d1addaf7be4e513f89cf2e27b51c223679797de3b8b19a8aa
33d04158631cd781effbe52582f8ebfa2bf1410313bb16a5a3a17cdbb0c929df
efe9babd6aa28950a5d6e591e4b5b1b8830abf7f60467c78aa02282bd9083c07

http://stogt.com/gI2OUUdFum/
http://www.fastcj.com/YxRWWtGs6/
http://www.conceitoitinerante.net/LALY8KuJDi/
http://www.masajesrelajantesguadalajara.com/Xarpv3E3/
http://vote4amit.com/ll7GebJ7Xi/

aeef53c0c035dc1f20ab76c3d5b431c791e872b09d832fc913d5b4ba2986ff76
392b1e9b1d943bf15c0668b0494fdb1a23eb57f44e0afae26ebcf9ed356528e4
b5575c456dcdf0ad5aa911f72efafa176063612b4ede00a47f58ea16b0eb79a5
764347a55242c76fe4d6a92cb04dbc2e5fbc13db94d6843335f8a66ff1905bf9
4585d1bef9084e6d2c9dc252f123ee17927e6dec0612c85736f538e1d4755209
92fb2c17b94fb9b0c7819c5242dc0502a39d3c4f2e1b69dfc8a2ba47a5d1c998
dc826bc3b94c750080e33975b26652ef5e59b0655c1340bb8a946917074476d1
8373feb921e9fb91f2c8ea5742c1948139f994f22e8cbde255551d1ecb77bfee
67f0bd0c6b5dd5f0474ef877c0f5b16928c7e01bb2ee4678dbc02d9a1a7dbc7e
671b3c57f8a60a44c1a5221225afb8dc3a312c55a27e78f5ca185cda6af534a9
c7bb84f7d41100242561cad42c26cd2fe7279408c825a639db9d7c20e02164dc
0be15234abec40eff5aa203c062cc76f7d120a70adf2359889daa0ae69eb2dad
943f30849daac55c79ddedc86520c8eee3fef58b065e4fe9d4367cb3b88c82bc
0a05b153fba825174e967e9bdc01e9dd84088183ecb5a992bb060c7af3f6a2f9

Creation Time	2018-12-13 17:18:00 (Eng - Light Blue)
SHA256:
689fe5a225ae9f9cca3feb7365220481577ee5c6ba2d78e12086e8354fd03219
1387f039efe1a84cc8ab2652cc6957ea8a4091dab1bbca681dd67edb10847cd4
c1a6949b7b9209213c12b4d392beecf55e43f7f0f3d29f2d9cf772ff174987e1
b9af77df3d49404736b34dd477ba7c92af4f9130374ac6e9293dacd6ee51938c
12cb92203cdafe459dad9e407b833eecac7bb3aa32da2a548ef2ae01484e58bf
1568970ebf30d28522beffa3f522df3ba3840227d370aae7f1209b788405ff62
8553d81375602b6b2769340520e45c89776379fca7eb28b3f1e902aa34a0c188
c0d340d6c05e3230a13d27dee10df0ba6951006ca5ed6b5a18fa37d20a493a44
e05f739ec14c548440b139275a5d400bdf22c2504d14ad0909c9d2768904b8db
369b664c74b17edd994307581633b8a66f5100b7b16fb531a43cf1c79f859f8e
9234763dd69f39246fb71cd409de812a1c31dc384eea689e03ae062dfa92e567
24a7d15919219a25f02cd661b3b4fc7438b27499e78ecc10b63dc5685b524938
fd08070a6be04b2e0b9746415883b0e9f04b78bf0ba224d771c8e84b4b411112
fd32d11dd4a1863903abfdaf3965041dd240a29fcebdda62fcbfa328f82cc6df
c6d3c9af9ceac3ea50f6ec29ae08a6359832bfba6211b254be9a36b954815d5e
1014d5ad4197ae4db182f4618aec8b584c06ca6aa1c51783a2f5d203408ce95e
55c1283f8cbfe25cfae6dffe313c0012ba91e5d2f1d015222a02859db269d8e7
5963de9f481687fc7a7608f6e9821b5bdec829bac3d729ec53ac9f59611da304
5cbe9d347ddd724733aaa2cf28738d7f823eb32f53be0c8b6bf83c9838df631a
8de5e76e6876a9e60af8d20a27346f71974e7b24a66af8c15dece9a62ac26417
0b39aca3a0581d8e5887f6843b0da078f8c703499adfadd4cedfe094ff1c8878
fcecd3afd6ae4022e1fb86a5ab408015f9a2d43d38e192d69329cf0c146fdac8
6750080baffcbc62045acc0172ff6308e62a1ad821db1c287ace144df01540c4
49e596ce04d059744eccf134b7bc96ce6a9231599da97c033ac5bc457cbcbfcf
5061ba75d13cf20294fe35c3c300ddb0b09ffd32957378d6d4e95946441a85c9
5cdeb7708ca3f3f4dd9ae8c9afd43eda1034d660fb4d78cb0ac457a95408a8a7
9cd5cef1d08a940997063ac3d4fe3e747ceccc10ce4982a103ccdec19122e31e
444b3717c1aede6c513c01649ac4f2309d17999996043a9ac2910992278c247a
0e1dd9c025a6423c3a3cb9fdc7fc2cda9623e2b341ff3737cfa4c9d789d8c850
a5f271981df16eeed252c302b2ac9bb299b114be32bbceda650343875838cdef
010bca20203fa7152d0a20e31a27d244b1dcc3f16bbb0bd3939af2271289f8b3
6a31b9e13c2ca143acc95b942fe2420f2a5836af86e9f9678eb062f23949e0d5
fdcc65e85dfe19bd51d68479e25d28d8ac25442a6200cd6b60dc585a4b0344f0
84fb01230a21c1702e5474c9b68ce16396b8addb875e850f5f0b23f1e4ec13a1
a000decc2595e90b937aed427c767f5822a35dd34b0b8a7db1be9d00f85188da
78a95836c1eaeb6d3b93dea470890582c04e0bbe48d9689cbbd5a07dfb5f02fe
892a6d3c4d8e1866a39412ec5f402edeafa252a183c994d7bc9f2db59284622d

http://designcloudinc.com/FllKjEa/
http://igloocwk.com.br/JTe5O/
http://lesamisdemolendosakombi.cd/hL/
http://mett.com.ua/Bb/
http://www.yolcuinsaatkesan.com/QCTq/

Creation Time	2018-12-13 13:30:00 (Eng - Light Blue)
SHA256:
3e8bddb35881cf51d27a9749260bbe73fb940eedf0b37ef1468eb3e85bf9e945
4f3c9e3fda0777d4f7594576a18058d90ddb5c4fed02c70742c4a424924c1213
b74ee754e28cc899a9c94eab32b261491a9633a8c034cc723a549383ae36d1d5
7ee1724e1a10b74a5a178924fd922ff83ca7006c8e86eeabcbd0f0bedb3d8268
a4dd2a447fad29b801883ca12b7960c0776db02c55f0237bf7c9f7a3f75b18ff
ebf895e3f0c1a920a75daa158ad7c5feda65d601c23a48f6eac2d669c7590a8d
74a9f8606400f0d18aad414946d37b557da243c3e25f9b2877c1ab621e4c7e9c
3358806885ff82fbf519cd691dafc5519e720b7e0f24f64dd75ba14884a613cf
0bbb2219cde6354dde81021cb4be216ca0c22077bb295260f16eed0ab5ad8214
66d1919ce278dbc6544baf5882e541e481013122fe5453b847693a45a69e9af0
585121ec9d0a20f084f39f50149a4fb55ddaac72fab0592e30eb446252b6a7b2
7327cc9e0c5c5412d769919c2231c1e98aee09dadfa0384536633bedd3026939
3c5c83ef6f1f7e732b5808b131dbfc1d659c5426b1689fad57084765a4887925
d2802fb0fae29653cbb573c12bae58e642b8a6438c2f818690f46d031ef1dc29
b6641646a0caacf60a4406148c8afdb28210ce909f2c87ad585447961e5d16c4
a67649d19130850124893da4cbfd85dca0fdbde18daedac3e8454fdda0e7ae9b
001bef3fa40d854bcc4807ba251355c67aa4977dc71bf40b17cd4df26918ce49
59284d332066720a1c20a3a25b96de5c6ef57de0c70cd348cde1338b0e349472
633130f68ac707ac9db80c43aad0730dac489d1e3cbee856db5db4025c33ccc1

http://garmanlogistic.com/ju/
http://167.114.255.50/m/
http://pilkom.ulm.ac.id/o/
http://basicki.com/p4mlXNts/
http://blistus.tps.lt/dYyoX/

Creation Time	2018-12-13 09:08:00
SHA256:
d6286535b5d5cd01d78654ee0f0c809f1a1ee5087cece91eb27711d987447fa2
57937f48b8dc98952d0f74e91e72cdc9fd81b0b3a9bedc6365173e9e8e2dfe31
0f9411f906c9b28e943fef1b90dae117a89b58002ddf37e8bcbd58c3ad6b3e72
d38f76341effff0ff4bb29a18b745c31193ec189297778696308a9679c2b6e70
bf260ae901be7705bc55255ec893ee475923364e2bc533bfde8b54379dc440c5
f6bb883814ee3590920cb01eca580e5006760403f4de997603f5833af7846dab
52c40303b4d6c02b8c152482a1129043679b7670bd94017fc548db8135681961
e8e8f5238a3abcf9df422b01b1d6c8d5f0dbe86f2974acbd8c00d0a65e3b6097
d4c5775c39eba944de4a06c54826b9e27363340450861c68751b05ad494d91c1
0131fb18a7b738fc34f3e62f802f1ac37b6a4bf4fb95e55e0ce5e5db2b46b993
b9e70de15b193d711b12947566a71fb06b4044f53ec6455fcffe1c3a811b7ac1
1d9650c852a9d81382da7f9af063bc5b9587f1fee2c1851065dd4df38a00570b
ee8dda50ee1722c305a90f9c632ce3dbe0e82d4eedd3109e36ac6845dd31a7c0
e8b5f32e367a02915451ff656059176ac21f681fb5da93f7a05d236e184c5628
98bc25fc1f5b5798ac02ed99341a029e2578e808d5db1c60d6a8b80c08aa0847
abe5636e49a0d25db56b116a9a7fbb32dbb1a79660190df1cf3ff105da86dee7
fed8e7e8a8c20bf9055cd8e165cf6c1636ee3a4dbf7ba364b2d8660b010acaff
383531a20f9485b249481da8d99214b0d6f46f4cd2d5ae18a3a9afcc5278340f
da8f4a6be1f4115dc0d1f77e3e3c95a5b5ed8c1152ebbe0c81bf50291413a201
a8093c2097abd5277793d462d505b860a68b4b09fb76ba71983fdf12c96f0dea
5b450be03065dde62ae128bbfa4d9b27dd4be71d7782aa2f7accbe7dc741831f
2b571e224adca34e19fed9d5e6c490752b32747d6876f3c1fccc33511cb5445a

http://gtvtuning.com//M6X7JF0/
http://kodi.org.pl//Fv7Cz/
http://kernkwadrant.nl/r9ktom/
http://flaviofortes.com.br/gAelg4/
http://guinathon.ysu.edu/MJns/

Creation Time	2018-12-13 04:49:00
SHA256:
f6ba03418cc5927ff3ecc43d06c50811fb6e9a1502394f99e01d71f7201f033c
26a4cb1e088009b2a66e79fb1ee43db281da9ef7f8a35d4f10ff75cc51e84c7a
2773e112a49649cd7295aac9a98c8ac80c4c90508fc521b657652c86af91ad86
625ad2ef0468b2117b0b2cb1d31ee98cf044e731d5332bb2ca1723bf093fbc2e
bc85b3dbefee937609d1a02353ac0b147379364f0a744d930d0c6842bba36a4a
0a1a2a1962b0016227dcb5b36a8db00891f1b34d6a500213109c99f87b39973b
dee3ed64bc2b0e0654235217ce34810a5ac96bea7ac21b0c4d3370dce3416158
7e759fc8d4c81839e4d97766e919ec5479b0c36cdd84c79febc3c5ec5a86f377
af4477cfc23297dcb9c22535d198a1837e77111bea5297975b5e40e1e63ead57
5ec1f5d4877581434140e8130ea43eb9deeac659d3d5259822f38e497a7611b4
db0756ddb7e91fcaed4adfef7a81abeefcbe640337383cc82fb0e524c2f3622b
2f906c4ddc7e579bf1008c298a0d4737b5f531033461e3653036b58bfa178dcf
8a740f8abc12f493332265345dd9ceac565059710bdc3659aeab6e4b18776782
c731ebba7c100f6ed1e0724fe024a5aa0362e4ba84ecfedcf43f0e14b7b53771
8e2679dfbc2a4aa68c71346de4ca2e81e39f20adb7de6010fbd052d63cac68d3
fe55d90c07238cba0b74b86c62afa4cc9e2df60335d41bf2efd3dd99ab28fdbe
5fe2eccef44c6c02c49038c732e6d950b8f5a39c1fe9e23a056393fb4df9081d
d01717aac95579441c1ce1079f387da78c05d6e4d00d81e5dbb4bafff1fc8fec
52378e5b432c7a009c3c7596518c09f8dbea81f56c52cbf3d167f3112dc16aba
51048512168bae07852e54702d407f822665d472699043ec60c8ef3bfe5af685
91503aec88d04e9078e59b9ea0aa34e0bfc742c87dc9766a0507462206250f75

http://www.craftwormcreations.com/ReXf/
http://plintakids.com/weFT/
http://srimanindustries.com/JOYWncSG/
http://plagading.edufa.id/7kFDa/
http://www.scglobal.co.th/XLx/

Creation Time	2018-12-12 19:06:00
SHA256:
2768da186d03f5bfe5a8887fb02c6320ae4648dfc37dd9a7dbaeccf0c668ad79
2edb56cc2e04920473f86eea6f7325ae284cd987269487163f862433529a3db9
4d7775ef71f1c02cf1703bd561deda1ea0c802346aa6c671b99c94cbed8d4474
4d9ce88847b2f27fe79af5ca98330e594cd409cf9a163aa5d56824e1ddf6bdda
9dfbca9264e38aa563259a92aabbc6336e2d2183b0a73430eb54d176cc11f3d3
7c01cef32ad3a8135bac775659d02979f13052e04f519266e665b10c4dcd27a7
6d8312e63e47783be49d5a2a351b98214694ca225369197bcbe8674b92148395
6ae7bd65a5aaa674ad9749eced0105b1d71b5809fce6f1f8fe28c4ba50623b21
09d9d435cebebdaa98786f0b733a7ecf0604b941d31bfc5f9f0af37c04191335
b840f4376bc73960e7b676a7ce2e94726061e7af66497f7d1bd61a3cdb79909f
7fe751b8dd4da9c84873462ecd2cf659ae51e3dbc448f5f4564212d7bf20c3b4
14af8efe0a29f2bd0cdb736808f8d66ca4199ac6b379cde98d0ed4872dfa73fa
b7cf35b0519ee65c034097599b137b560c308671bcda32f0c30c78d04ef6d7f7
8ebb110fe67db197a2794d897a222416bbc78790af77d56ea343422c1569d3e3
35bfca25b81d81bfa6b6a511db7aaac6014d6c6845fec5fa2032c1ffdfa2abe8
dafa8d5ebe92cbcf0c0960965ea49968c8ce88c18d192f2e1c2487a118ea3717
975abc9038b85af941eba0ca4567ad35de8184e67d925d4a91360fe93c0aa9bd
f0652a265da0a80ffb80458cd026b42ad7f06bf618959aca3ce380a38cb0d619
7958cf5325a5c078792f55f707fdf03fd6886a0b6b893bd1d62e274bd0fac985
a38ed94b430e0e29657924d19afdd77e4d46c4b8d87ae7ef32f0319699d6df03
9514b95ffd118376b62a1f294399f8ee3c373c82244342ffdfe0aeb8acc7cdd0
4624a761425cb634b8eb200d8cde053968459a1cb8ecc240f49a4b729af83e26
dc95b57a90dae0bf69af365532d9233084d4fd3b0240ff01adcce341d558130b
f632eecb99a81d7115d4fb9a0cf01ea237bca7c237d53e74e6332a2beb076b57
58efe3702a652e05c8573ea8bd279becab2af4be92d51c97a4c1ef5dfb7874fb
b9c13813ba416d938e6b3d55294097725a3abbe29305a6b84a291c3755e63605
6d539b8fe8c2bcf18144459ea8f0643a170fcfa221973edae475be4f4fbb0282
0b78bf052713e6d29d0a24255a31c7f1cba134503663f90387ddacd2fe80a374
891aa99359debcde6b51593adf55b6ada0eae55e73aec1bf3b9222057a650b45
99c01fbd5fd046935e5b4db0d58df14de477598ebe0cb8581230c18f81a27fb8
c429888db1da7a7572781aeed1b03749c7185c41514c2b92b31dd22226afe64e
659cd14921eff83f1b1e1ce562e8d9cd3fd04614b1e809a00752257a5cb7fed7
1817388db1f51aa7681e52aa6b13c0ac7d7414a520e4c3646f2810d2da93dbde
f2b0421e7e5391c3ba1fe8f6665aded18288410ee02bd34507f9adfd4ab87675
a1e301c20901ad3281e6bde6328720c8519691c15515594f0b81c2e2f4b15112
5a22e7840271ce2b1a893a400c356c111b6b08243151a2e309377ce7e8f92c3c
2768da186d03f5bfe5a8887fb02c6320ae4648dfc37dd9a7dbaeccf0c668ad79
034745877473053b7596a3985c7a0554eecf71832da3cbdcde2095382489a100
dac90e304e3d16d4eec48c2069258389414d01ed80d5dbaf318fd5e4ea7eae13
c6759d94f4e18f74605f0080bf59650bb6eb2e08498de609821971b43a6da9b4
10fa7602548f43a62a6eb118be41b8d028a51c613399777c43d71897da4cb82d
2edb56cc2e04920473f86eea6f7325ae284cd987269487163f862433529a3db9
5a953a5ab932d9630209af1850e240c0b59d3e6da39077af4a12cc9846aad49e

http://yaralviscrap.com/Kn/
http://yemektarifivar.com/Ct8rkFG/
http://www.scglobal.co.th/XLx/
http://stocklab.id/Vxh5/
http://shop.kartov.pro/lUmlV/

5321a4f205fe32d28e85c2b74a7fbee80337bbc857404689dee114b47e16008b
af6bc849490cf739a92f8f489019a5829b601a639c2a45531fa10cf11e56edb5
6476739fb169087b297ef4f2e97cdef8fc50de188edcd5e011e4e8a08b155956
e3a7ea814ac11d52d0636cf94dd503dd9281973f63fe50e58b708cc44e37ba3b
a4143eb2467645156fae5098f38417a1cf7abe57141f93ff7d0a837e993c9609
0182419f53825c88c27d26cef8e98b7d3fff18d39a3d1a4bca214a825f5822bb
61d9ff4865e0a478127c0def77164c492da9479f7bda6e7eb2f6bb166e4e247e
280749f6c8813bd21a4f7f2f3d3ebe95cccbf49c0b56ce743f554030dbc6bc12
1d9371e19e6a6809a24513157521416d1d4864a3b0d0d8c7af4c9aface4f7f94
79aa712046e64269c4d8e3beb7d5364a41c3507c43cde83c0396bbfa6a44e91c
acc7cd9e774bed9c436ca9423d8269d974db77093c1bbe6868dbb1b127340281
ea1ddc500fe3f1b6fb5220b9b156ac5cefbe69876a1c1149fd0ef46077b8e819
ae927f1033b4f4da7b446619f4996708095a49a62d140ee70859ba9fd80d6f03
95157122e232b303458cdf04cbea3264b1b0d7f80f54f249b044adc24e502cae
f7241617e0a7dd47ecc525213b91db6bdaad69f64790b273c06221261e9c4cbb
510d15f0ef422bc3702311abde7c69e57864f2c4afc7c6b7e97394d663d5ce8c

(Port is 80 unless noted)

105.184.191.243	
109.104.79.48:8080	
109.74.142.74	
110.37.219.134:990	
133.242.208.183:8080	
138.68.139.199:443	
144.76.117.247:8080	
152.168.60.9	
159.65.76.245:443	
165.227.213.173:8080	
173.178.223.66:8090	
181.111.60.39:443	
181.29.77.158	
185.86.148.222:8080	
187.177.155.123:990	
187.243.203.67:8090	
190.146.201.54	
190.152.12.86	
190.210.37.122	
192.155.90.90:7080	
198.199.185.25:443	
198.61.196.18:8080	
210.2.86.72:8080	
217.165.236.108:7080	
219.94.254.93:8080	
23.254.203.51:8080	
24.232.26.157:8080	
49.212.135.76:443	
5.9.128.163:8080	
54.39.180.109	
69.198.17.20:8080	
78.186.175.54	
79.78.139.74:990	
81.136.148.196:50000	
87.224.1.34	
88.250.255.12:8080	
92.48.118.27:8080	

181.15.92.18
190.189.179.140:8080

(Port is 80 unless noted)

115.71.233.127:443
165.227.191.145:8080
181.28.109.32:7080
181.31.10.25:443
185.20.104.238:8080
186.136.68.246
186.90.238.36
189.154.39.153:443
189.180.237.144:7080
190.104.221.186:8080
190.195.199.97:443
190.224.219.14:443
190.31.132.206:990
190.6.140.136:8080
190.72.55.98
198.74.58.47:443
200.123.110.50:8443
201.111.83.186:8080
201.212.49.159:7080
211.115.111.19:443
216.8.172.167
217.13.106.160:7080
41.76.243.113
45.123.3.54:443
5.230.147.179:8080
5.35.242.34:7080
67.205.149.117:443
69.198.17.7:8080
81.7.10.106:7080
83.222.124.62:8080
84.200.106.120:8080
86.98.66.88:990
91.236.245.65:8080
94.100.167.7
94.13.70.255
95.141.175.240:443
98.142.208.27:443

27.106.42.246:8090
80.209.143.171

Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen
 
NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.
 
UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!

What is Epoch 1 and Epoch 2?
Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
as far as I have seen.

https://gist.github.com/silence-is-best/f243a0646a79e10c792225c97134f017 - @James_inthe_box

 

(OC from @JRoosen and/or combination work of the following)
Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42
C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop, @gorimpthon, 
@Racco42
Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic,
@Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42
Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop 

Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!

Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!

Was slow in the morning but then picked up quite a bit towards the end of the day. Ended up with 250 or so malspams. 


@Unixronin and I have been noticing that E1 distro seems to be somewhat messed up either by design or by accident. It is releasing putting documents with different time stamps out on sites at the same time. This is likely an attempt to thwart efforts to report the URLs/Payloads. There was also a lot more payload sets today from E1. E2 seems to be doing a 4 release cycle.

Malspam itself was pretty varied again with attachments and links being sent out for the docs. In most cases it was all invoice related with various templates. Some with just simple text and a URL. A few were Bank of America or "Comet"/ACH related but very little were anything else. There was German based malspam in the morning and about 07:00 EST the English based started.

Epoch 1 C2 run at 23:50 https://app.any.run/tasks/831b01cb-4da4-467b-9c9e-f1ecf3b271e8

Epoch 2 C2 run at 23:59 https://app.any.run/tasks/f69d5ff5-93de-4e84-a747-0882584b6e6e