Emotet Malware Document links/IOCs for 12/17/18 as of 12/17/18 23:59 EST
Notes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.
Epoch 1 Document/Downloader links seen for 12/17/18
http://159.65.107.159/Amazon/Details/2018-12/
http://35.242.233.97/AMAZON/Clients_transactions/12_18/
http://82.196.13.46/sTUH-kmtbAtWLZr9yVn_ymcdWEsX-Jp/
http://adegas.co.za/AMAZON/Transactions-details/122018/
http://ajmcarter.com/TFTN-ThRBeAwyi55NNf_OHgmdfdhm-MQ/
http://alexzstroy.ru/ersdd-mKTWNesEuoacuCh_AMhDqYzo-jO/
http://allabouthealth.co.za/Amazon/EN_US/Clients/2018-12/
http://ayhanceylan.av.tr/AMAZON/Clients_Messages/12_18/
http://bike-nomad.com/TDOe-hKRTWtYycN3kWT_MHHTuFeEB-z2/
http://bloodybits.com/Amazon/Payments_details/122018/
http://bunonartcrafts.com/FvkrI-dGaPIsJQqwSbW7_EptgWqnB-ZEX/
http://buydirectonline247.com/XkGHn-U1Prtt3lIGdGWj_XgGVLAEU-244/
http://chbw.accudesignhost.com/wp-content/themes/auto-repair/cache/jGZan-7LhBEEVZyUu9LTc_PlDVLInMv-v1P/
http://chillazz.co.za/AMAZON/Orders_details/12_18/
http://clix.teamextreme.jp/Amazon/En_us/Payments_details/12_18/
http://construcaoclinicas.pt/AMAZON/Orders-details/2018-12/
http://construccionesrm.com.ar/bkbFk-CYgSutK522PPkk_FynAZHPES-F1B/
http://dev.umasterov.org/Amazon/En_us/Orders-details/2018-12/
http://diclassecc.com/AMAZON/Clients_transactions/122018/
http://doncartel.nl/SREuG-JJH3NQkCa4BQUL_KMqPqlBvg-XJw/
http://en.worthfind.com/rMmf-k2whfGSKiAfCje_ItuhENMDF-uIi/
http://envosis.com/cgi-bin/MBwGn-kFC4CCyFqH9FSub_TcexyjPu-A0/
http://eroes.nl/Seuly-nxbBkkrGeU1lV0r_imkWyUAjY-MjT/
http://espaytakht.com/CcuFU-SmIeUXw8VTa3wGb_FfCDcBVfZ-We/
http://esselsoft.com/wp-admin/AMAZON/Details/122018/
http://etherealms.com/ptFZ-SgtMp3V9tdsrrt_WihXMYeHe-WE/
http://etmerc.com/Amazon/En_us/Transactions-details/122018/
http://eugroup.dk/Amazon/EN_US/Clients_Messages/122018/
http://febre.cl/Amazon/Payments/12_18/
http://firemaplegames.com/wgFB-1ZS1bnoz0Wtv4h_LqsfTtEQX-y3Z/
http://fotofranan.es/Amazon/En_us/Clients_Messages/12_18/
http://fotrans.me/AMAZON/Transactions-details/2018-12/
http://fotrans.me/yFgE-BStj3QZl770Q1he_NYxpqDbE-Sg/
http://franceslin.com/AMAZON/Clients/122018/
http://frog.cl/ckEJ-GRGtr5ll8vSmYa_kQegxClC-Ws/
http://ghassansugar.com/Amazon/En_us/Clients_transactions/2018-12/
http://glorialoring.com/Amazon/En_us/Clients_transactions/122018/
http://gracebear.co.uk/HaOuF-hn7KjFHVPxKXuGM_JJyrVxsD-2py/
http://greenlandco.kz/AMAZON/Documents/122018/
http://heke.net/oQPJ-CouhRpqsGHmysfH_xcPUhmHzL-zFz/
http://hockeystickz.com/Telekom/RechnungOnline/112018/
http://hps-sk.sk/Amazon/Information/2018-12/
http://iberias.ge/AMAZON/Messages/122018/
http://ibnkhaldun.edu.my/Amazon/Documents/122018/
http://identityhomes.com/Amazon/En_us/Orders_details/122018/
http://inetonline.com/FALEn-aWRsYVA6Fgqgx4_ZpuzblQFo-ReW/
http://inspirefit.net/jxrNz-gsXHX69MOxKnCa_soguqnPZ-nKa/
http://isbellindustries.com/Amazon/EN_US/Clients/2018-12/
http://ismandanismanlik.com.tr/Amazon/EN_US/Transactions-details/12_18/
http://jalvarshaborewell.com/Amazon/Transaction_details/122018/
http://jamieatkins.org/AMAZON/Information/2018-12/
http://jaspinformatica.com/Amazon/Attachments/122018/
http://kc.vedigitize.com/res/Amazon/Payments/122018/
http://kellydarke.com/Amazon/En_us/Information/122018/
http://kids-education-support.com/whxn-hFx8Vd5dgoNaqCn_wYLldTck-pp/
http://landingdesigns.com/Amazon/EN_US/Orders-details/2018-12/
http://leodruker.com/AMAZON/Information/122018/
http://lesamisdulyceeamiral.fr/Amazon/En_us/Clients_information/2018-12/
http://loneoakmarketing.com/yuIz-EpMvwzzi5Th77yB_LGZyWmXVA-DzC/
http://lucdc.be/Amazon/En_us/Transactions/122018/
http://magdailha.com.br/Amazon/En_us/Transaction_details/12_18/
http://mahestri.id/Amazon/En_us/Transactions-details/12_18/
http://maquisagdl.com/AMAZON/Transaction_details/122018/
http://megascule.ro/AMAZON/Orders-details/122018/
http://meiks.dk/Amazon/Transaction_details/122018/
http://meunasahkrueng.id/VZRpZ-WCPbU96KzqX55w_EBpKeODn-vX/
http://mgupta.me/huFqo-myA3g3Y8ADFD6R_VIwsazLd-Ha/
http://minhphatstone.com/KAtiN-kc5UFaJzr908n18_pWnAllGP-eL/
http://mofables.com/Amazon/EN_US/Orders_details/2018-12/
http://mofels.com.ng/Amazon/Clients_information/12_18/
http://nami.com.uy/AMAZON/Attachments/2018-12/
http://net96.it/Amazon/Transactions/2018-12/
http://neurologicalcorrelates.com/OXTO-3ohAr0cKnhMduYu_hhCDYLpV-119/
http://new.family-kitchen-secrets.com/KOkbz-2w1dK8OnOzIpNM6_gWoCOkyUW-0b/
http://ngayhoivieclam.uet.vnu.edu.vn/wp-content/AMAZON/Transaction_details/122018/
http://nhathep.xyz/fzFXa-5YQnFiy0UvwB1y_sviiMedP-CBH/
http://nhatnampaints.com/wp-admin/Amazon/Documents/12_18/
http://oikosredambiental.org/AMAZON/Documents/12_18/
http://ooohanks.ru/AMAZON/Clients_transactions/12_18/
http://pashkinbar.ru/Amazon/En_us/Payments_details/2018-12/
http://pos.rumen8.com/wp-content/cache/AMAZON/Clients_information/2018-12/
http://pos.vedigitize.com/MhYA-k0ddqYvzlWtMeY_nsEKycTk-Bz/
http://pravokd.ru/Brjq-E1yIeBDz8usrbI_SpVHLWWn-VR/
http://psychologylibs.ru/layouts/AMAZON/Information/12_18/
http://quicktryk.dk/CdlAs-Wej75ZUjTuCAKa_WjBhMpBt-dk/
http://remstirmash.kz/Amazon/En_us/Attachments/2018-12/
http://rosznakproject.ru/LaCH-IAAlqmhPNqig0Qj_wwuwkJFeo-pL/
http://sakh-domostroy.ru/Amazon/Information/12_18/
http://salazars.me/Amazon/EN_US/Payments_details/2018-12/
http://salazars.me/Amazon/En_us/Transaction_details/2018-12/
http://salazars.me/eoUVB-QPQnncsuofRRhVG_uxBOpPhEy-6oj/
http://sandau.biz/Amazon/Information/2018-12/
http://sciww.com.pe/En_us/Transactions/2018-12/
http://shootsir.com/Amazon/EN_US/Payments/12_18/
http://sneezy.be/ZcJLu-Gioap0zmmnv3PT_xrOemSMat-qiZ/
http://spot10.net/Amazon/En_us/Attachments/2018-12/
http://sprayzee.com/chadholmescopywriting.com/AMAZON/Transactions/2018-12/
http://stefanobaldini.net/qrqi-KTcsIuajPS1of4_LevrWsddC-ZO/
http://tayloredsites.com/HmKm-jAfqAAeSWJhOEgo_pJjRZmPbd-Lu/
http://tecserv.us/Amazon/En_us/Information/12_18/
http://test.mmsu.edu.ph/wp-content/uploads/hUSLM-dtm0KJf1GFYmdVY_GmLlwhqr-v1S/
http://theblueberrypatch.org/Amazon/EN_US/Transactions/2018-12/
http://thehalihans.com/Amazon/Transactions/2018-12/
http://thelastgate.com/VdBl-OIs23ePiY8yR67_ORLRbuZc-Ja/
http://therundoctor.co.uk/Amazon/Orders_details/122018/
http://tinyfarmblog.com/Amazon/Documents/122018/
http://tomsnyder.net/ElxQF-3ZDT73iDXMrof4h_XsFfqhnE-xZ/
http://tom-steed.com/Amazon/Clients_transactions/2018-12/
http://topjewelrymart.com/jRFE-FCUkvUKQBUcFdeY_aIaCXolmO-Pr/
http://tortugadatacorp.com/Amazon/En_us/Clients_transactions/12_18/
http://toshitakahashi.com/Amazon/EN_US/Clients_transactions/12_18/
http://ulco.tv/nhGc-iUMklrMsXNWO19S_SiVYRLrVY-Vw/
http://ulukantasarim.com/wp-admin/Amazon/Information/122018/
http://utorrentpro.com/Amazon/En_us/Transaction_details/2018-12/
http://vafotografia.com.br/Amazon/En_us/Transactions-details/2018-12/
http://vicencmarco.com/Amazon/En_us/Attachments/122018/
http://welikeinc.com/Amazon/En_us/Orders_details/122018/
http://wolmedia.net/Amazon/Clients/2018-12/
http://wssports.msolsales3.com/Amazon/EN_US/Orders-details/12_18/
http://www.1024.com.uy/Amazon/Payments/12_18/
http://www.ahnnr.com/Amazon/EN_US/Orders_details/122018/
http://www.avele.org/AMAZON/Transactions-details/12_18/
http://www.blackgers.com/CPHm-tXjl0RF1CIxsoa_HCmPrfUA-Y1l/
http://www.blueorangegroup.pl/tmp/Amazon/EN_US/Details/2018-12/
http://www.canadatechnical.com/Amazon/EN_US/Payments/122018/
http://www.casademaria.org.br/KZTx-4JO5lER35M7omw_euJXbdszR-Sj/
http://www.celtes.com.br/Amazon/En_us/Attachments/12_18/
http://www.chaudronnerie-2ct.fr/Amazon/En_us/Transactions/12_18/
http://www.construcaoclinicas.pt/AMAZON/Orders-details/2018-12/
http://www.coronadoplumbingemergency.com/pIwrW-T0kdoC2Q0DsJJOL_cIKmFuQQW-SEh/
http://www.cosmeticdermatology.net/Amazon/Attachments/2018-12/
http://www.craft-master.ru/Amazon/EN_US/Documents/12_18/
http://www.cubitek.com/language/Amazon/En_us/Payments_details/2018-12/
http://www.dianayoung.com/Amazon/EN_US/Clients_Messages/2018-12/
http://www.dosabrazos.com/Amazon/Transactions-details/122018/
http://www.dynamicpublishing.co.nz/BDCjt-Vq6wbQL7ghdouAN_LvOikrAQ-iaj/
http://www.ebpa.com.br/Amazon/Clients_information/122018/
http://www.edeydoors.com/UNmX-y2rd9jw0hfSsfAU_SGFyZmKOx-i9/
http://www.egreenhomesusa.com/AMAZON/Details/122018/
http://www.fyrishbikes.com/PpmK-S9B4p4nQLYBIxV_IWnbSWtx-rj/
http://www.gordyssensors.com/Amazon/En_us/Clients_Messages/12_18/
http://www.gozdekins.com/Amazon/EN_US/Orders-details/122018/
http://www.helen-davies.de/Amazon/En_us/Orders_details/2018-12/
http://www.hizmar.com/UVOb-JqH2DvYf7LeyOc_sBmjsVXm-oP/
http://www.humpty-dumpty.ru/Amazon/EN_US/Clients_information/122018/
http://www.jconventioncenterandresorts.com/Amazon/Information/122018/
http://www.kahkow.com/Amazon/En_us/Transactions/2018-12/
http://www.kinderdiscovery.com.mx/nHXTZ-mxwbsvrfo800Djl_zJOeFhcv-YT/
http://www.laborsteel.com/Amazon/Payments_details/2018-12/
http://www.landingdesigns.com/Amazon/EN_US/Orders-details/2018-12/
http://www.latabledemaxime.com/mhArZ-GkkEp1VvNOiGkh_LDDALFrS-eE/
http://www.linkzoo.net/AMAZON/Documents/12_18/
http://www.lmssupportcenter.com/dyDM-COYVBoHy3MjZTvi_myEKCfKXV-zcY/
http://www.localfuneraldirectors.co.uk/kViwF-uZPMObHf3UkFr7_fQzXakFSN-GIm/
http://www.maquisagdl.com/AMAZON/Transaction_details/122018/
http://www.milagro.com.co/AMAZON/Transaction_details/2018-12/
http://www.myklecks.com/Amazon/En_us/Clients_transactions/12_18/
http://www.naturesharvest.com.hk/Amazon/En_us/Clients/2018-12/
http://www.noblewarriorenterprises.com/Amazon/EN_US/Clients/2018-12/
http://www.odesagroup.com/Amazon/En_us/Payments_details/12_18/
http://www.optimumisp.com/wWrgQ-XyX7DRrG3TDJGN_fIlfGnkR-PBh/
http://www.orlandomohorovic.com/Amazon/Transactions/2018-12/
http://www.paiju800.com/Amazon/Payments_details/122018/
http://www.physio-bo.de/Amazon/Clients_information/2018-12/
http://www.portcdm.com/0xsymlink/root/dev/shm/Amazon/Attachments/122018/
http://www.prmw.nl/Amazon/EN_US/Transaction_details/12_18/
http://www.ptgdata.com/Amazon/Clients_Messages/12_18/
http://www.quicktryk.dk/CdlAs-Wej75ZUjTuCAKa_WjBhMpBt-dk/
http://www.ragamjayakonveksi.com/LVOI-ciiP2TrcvEri2zr_NkaRtevhO-Lx/
http://www.rennstall-vovcenko.de/kiuvv-bydQx89N3FsPvl_HdvVsWRwQ-v0d/
http://www.reparaties-ipad.nl/AMAZON/Transactions-details/12_18/
http://www.rocazul.com/Amazon/En_us/Information/12_18/
http://www.ropergulf.net.au/iNfSo-Ldxt6osBdfylsH_MhKbdguR-qoK/
http://www.rosznakproject.ru/LaCH-IAAlqmhPNqig0Qj_wwuwkJFeo-pL/
http://www.scglobal.co.th/ZRprd-K1LlTZ1naYDsTP_FwJZPJLk-rEm/
http://www.schlossmichel.de/OCDzf-nM8Zd1c5jhuVZp_dhwXyvDY-pw/
http://www.servicesaiguablava.com/Amazon/Details/122018/
http://www.standart-uk.ru/Amazon/EN_US/Transactions-details/12_18/
http://www.stroyted.ru/wp-content/ngg/Amazon/En_us/Payments_details/12_18/
http://www.sumbertechnetic.com/Amazon/Clients_Messages/2018-12/
http://www.sunjsc.vn/LTmgM-aUzzJadtHREpNY_QUHIKCFcj-5n/
http://www.thequeencooks.com/Amazon/Orders_details/2018-12/
http://www.ukstechno.in/AMAZON/Transactions/12_18/
http://www.vidrioyaluminiosayj.com/LOojS-DZJSiNN58uqIBZf_hpRpkLoN-K6p/
http://www.wegirls.be/Amazon/EN_US/Messages/12_18/
http://www.weservehosting.net/cVOCN-W77dqLNU1Loi2IJ_DWWeMTGxk-Fbc/
http://www.yolcuinsaatkesan.com/PqFKD-YfS2COvoO3tsRNB_jAyMJjSu-gov/
http://www.zeltransauto.ru/Amazon/EN_US/Transactions/12_18/
http://www.zengqs.com/pGOrS-vhZO53jkG7z9j9H_dGtZkMCW-CEo/
http://xn--80akackgdchp7bcf0au.xn--p1ai/Amazon/EN_US/Transactions-details/2018-12/
http://xn--e1aceh5b.xn--p1acf/Amazon/En_us/Clients_information/12_18/
Epoch 2 Document/Downloader links seen for 12/17/18
http://159.65.107.159/WMMGw-oWoGaz8F0jeLPw_PmtjCYkmg-sb6/
http://162.243.7.179/wp-content/themes/alveophase3/msf-files/myATT/u8Y_dDmcoer_1BhI9/
http://2d73.ru/seDRp-BJbMOpte0gl2piJ_LDYnqynC-Um/INV/84676FORPO/23017603960/LLC/En_us/Question/
http://31.207.35.116/wordpress/PEOrj-edbBTfpvqGWoA8_JcClxswn-Ph/
http://58hukou.com/EKuJf-zw3nbVewd0XXzT_atkXuQRBb-BGk/
http://58hukou.com/whEaV-35NTA2NDaB8rUZq_qKEIvzRt-zV3/
http://82.196.13.46/iFOSm-AevGWTXvdNM9Kf1_iNrPLOSUb-RvU/
http://agentsdirect.com/AT_T_Online/AbwtfwGT_FDgfEh_VGw6V6/
http://agile.org.il/myATT/GC5TnyU2GgO_Y8rCk5J6_gO3ugnsJBU/
http://aiwaviagens.com/YsEg-gfOmfrmlz5cIdX_rPhWhNmX-3r/
http://altarfx.com/LNtTZ-CN4cV1Fih6eYit_dVkfyDLau-iv/
http://amberrussia.cn/JqeOU-4KpRn854hGTw0i_aqtGKXWEu-Eeq/
http://ara.desa.id/AT_T_Online/KMFENEK22c_xJBgYv_Eu6I6s4NP/
http://arina.jsin.ru/AT_T_Account/VyHcE19_uuiuS9z_ga3VrH/
http://arnela.nl/cL3YgwCLs7_b88UgfssW_JWmB3E/
http://art-dshi2.ru/VBTmi-EDBoQjrAN6ZU4A_lJccCOBqA-GSb/
http://aspiringfilms.com/TGVi-LXF7vpUJNI5adN_PlNfOWUSz-60/
http://aulist.com/GvHr-MMJ5U8ZN2kc5aoq_NkxhpRvvh-t9/
http://aural6.net/ATT/ehULRT_N4ixiH_ThZucMG8VB/
http://billfritzjr.com/1QebEVBvcfE/SEPA/200-Jahre/
http://bio-rost.com/AT_T_Online/eVoNECn_ttzwwcXqb_dx7WxMv/
http://blue-print.fr/dSKew-Vyol6dGedfeeuC_BUBiMfPP-6P/
http://blue-print.fr/mROLT-BnTu88nEoq33cJ_FmQQMNJa-nT/
http://bmdigital.co.za/EXT/PaymentStatus/FILE/En_us/Important-Please-Read/
http://bridgeventuresllc.com/jGIF-NlJNiRjwOak8Tv_FLKaeyyL-Wa/
http://buydirectonline247.com/DmVQt-5VnHz1gO7b7dG0y_jyFTAptyq-Lnf/
http://centraldrugs.net/NJyTU-fVH063bHPftIsH_RdLIBVED-XA/
http://chaudronnerie-2ct.fr/rLVD-6RB8aaRKt1bBmz_vZqrXLKX-7O7/
http://ciss.mk/sj/wp-includes/efUz-ysEsRh9S6OhJYB_nSyCDAwE-xs/
http://cisteni-studni.com/myATT/A8477Nu_3PS7MdGHH_I7nWGv/
http://congtycophan397.com.vn/tlBtI-3Zgwr8h7d6TnEY_ezEbzsyhb-JT/
http://consultesistemas.com.br/INVOICE/68704433607083875/OVERPAYMENT/sites/En_us/Invoice/
http://consultesistemas.com.br/WeXc-6PAjgaIxtKmaAY6_dnnJTlqiG-mH3/
http://consultor100.es/nnZPf-KDgJK8Ht7XadKqe_KojPPsMi-fu/
http://cotafric.net/wp-content/uploads/mDfC-xUdiy8cZDHeNAN_iNDfpiPBU-cd/
http://countrystudy.ru/ZBnf-PxzXxyyuwdeXPt_ieFGuohCj-Zie/
http://craftww.pl/crNs-j5Ei2TVZn5loWx2_WnIhLydap-viF/
http://cvetisbazi.ru/bZuj-kYyDZ3AO2vifRN_sGjsWtYCw-Ktj/
http://datthocuphuquoc.xyz/YJOiC-qMOD4pCpnSgbPr_QRcxkAmjh-dhT/
http://devadigaunited.org/AT_T_Account/pig_S97z1V_h6KxO4x/
http://dimax.kz/myATT/9nT_JfrNL5lp_epL0xOxi4/
http://ditec.com.my/SOzLT-UsBhcWNYgzkG1Ot_KIezIRfC-DKm/
http://dogooccho.com.vn/ATTBusiness/H0KrTe0e5_ayVE2UEM_dbGn9WQR4/
http://doncartel.nl/aAzw-Wc9UZ0KvYSWVoK_kwewZEDk-k0/
http://dpn-school.ru/ATTBusiness/a89Xd2WBy_eD8InR_NWZemrG/
http://drcarrico.com.br/5n0_FxfeSekn_8Zaetr2/
http://ellajanelane.com/myATT/ZC4IntR_GzQ4RF8hp_QXIc7ubOFDy/
http://enthos.net/zJKM_EQzzaSmc_AWRvqJa/
http://eroes.nl/InvoiceCodeChanges/Dec2018/US_us/Paid-Invoices/
http://escamesseguros.com.br/wvvw/ATTBusiness/mqmz_ooaM4tXB8_fTQMqZL/
http://estomedic.com/Dlt_gE5pEMSy_qdvlZ3/
http://evihdaf.com/AT_T_Account/upkC1Xpt69_ri2A3P_Jt8fn/
http://evoqueart.com/Fgnjj-J6Eg4G8plmoI66_gdCYbmSiW-9i/
http://evoqueart.com/myATT/NBFtzzzq_ooezAkh_9QbSA/
http://feaservice.com/ATTBusiness/hM117e_0PdocYSvY_Qr6v9P/
http://firemaplegames.com/CKhl-Q60awPKKA17j6mv_GylTFWfTp-rr/
http://fotofranan.es/KBTK-7nvCBcU9ujAK4kw_SJgZeOyh-u2/
http://ganeshfestivalusa.org/oDbjZ-lSw49e14mz9Pq1R_EBWkaWgoR-CL/
http://gentesanluis.com/AT_T/hX1G_jQwS8BIhL_uofZPVD/
http://germafrica.co.za/AT_T/jug0jGq_WXyD3sbs1_qudMnnuOV/
http://germafrica.co.za/RNova-FrEWfAgx5PII9I_hrbYCTUUx-X9V/
http://ghoulash.com/ATT/5TkiNGyyqlY_fTJqfKy_sL2f5X26/
http://gracebear.co.uk/KeRX-mcCohyg8UTfMx3N_WegzEvVi-pau/
http://greenplastic.com/FWPJ-etsB6VVkzBwndK_JBGeXFalk-crE/
http://gtvtuning.com/cWTt-0jpGuR8yx9piji_ZcekvokVQ-imh/
http://hbk-phonet.eu/XliS-LkQhcxtpOgetcaf_jgsjhFsaw-RCQ/
http://hockeystickz.com/SAIPo-tEMOwWRhSoh22T7_ziGVsheFy-zKC/
http://holidayhotels.top/axjMf-cmHWeKOieSWUtMo_rSeDtuYN-APf/
http://holidayhotels.top/mQdG-JUGdLEJAEDKaEjQ_OksIBtuqS-Dl/
http://huiledoliveduroussillon.fr/hdru-lHcaVizunMRd89P_TdQoLGKYu-qEy/
http://hunterpublishers.com.au/AT_T_Online/QHEu6VwUO_fI6Zg57_ddXZ4C/
http://ideieno.com/kcPw-14gPXZpTl5L2Ur_TvmmgwyUN-ptB/
http://ido.nejanet.hu/zxtrU-hE8z0MK4yGOvpKK_fQNGAiAA-fH/
http://ifab.es/AT_T_Account/yjq2kmdOl_jkEaYAT3_oRFCJLm9/
http://ifcingenieria.cl/ATTBusiness/oU02Op_uVWlOT943_53wwKJL/
http://ifcingenieria.cl/mDpJlAz4Z/de/IhreSparkasse/
http://indocatra.co.id/ATTBusiness/3P0focm_SdHBHAsle_rrdJReV8UFH/
http://inetonline.com/FALEn-aWRsYVA6Fgqgx4_ZpuzblQFo-ReW/
http://informlib.com/YYCx-7NWTxbZqf6BPxZ_HpDqCWQU-Qs/
http://j-cab.se/wKm_s4ycJ87i_aY0Us/
http://j-d-i.co.jp/Cfbv-rYaMVa0rPPfZhV_IZsYIdOsY-Ao/
http://jjtphoto.com/ydQb-ieFeBv72Ueqcqq_fFjqDXBc-30/
http://johnnycrap.com/myATT/Qg9HIc_m1eI5z_Jay6PRSHzt/
http://johnscevolaseo.com/HezS-3umZKZe0JPtWkn_oMVVbLJn-bP/
http://johnsonlam.com/mYHMa-ag8tKx2e2UOI73_BtAOpqQqV-21/
http://journalingtruth.com/MiaIS-GbntlJumdduH0T_DfWgoYbW-WJG/
http://kdecoventures.com/SqEY-rWdXLHgX4yA57D_JnquQvquU-7u/
http://kientrucviet24h.com/RDcg-h09AC5JBpI5C3S_BNSUQFVY-NX/
http://kkorner.net/AT_T_Online/JQLcAXDv6Qn_3YeZeywWN_bUX2h/
http://kniedzielska.pl/KZuwV-FcNTjxoKvrpTVPs_IxXlroBv-5O/
http://kosses.nl/EjhIY-op9grSuKwLl8vS_rLkUQzta-2R/
http://lakewoods.net/izAER-mFwi4rB5O3TPLWF_dmStPVBE-rv/
http://leodruker.com/jHQI-9uzaYEJkWLznFD_wXtJyTAk-vz/
http://lesamisdulyceeamiral.fr/ErNrL-hdVUwA48qZ0LfK_DfndWcaoo-C5r/
http://liliandiniz.com.br/2dUC_F1HDlXair_dDydT1SVGn/
http://litecoinearn.xyz/ATT/RL4jalCAy3_k5penZ2_8cHYPzz/
http://marisel.com.ua/myATT/sEg6zP_QnuzUqhf4_Xmelj8CdG/
http://marthashelleydesign.com/olpsX-LwsPukFpTsNzDi5_HKDVOrDN-ad/
http://mattayom31.go.th/UKhvk-vy8JQkLCJgaGHt5_bRsjRlOMy-rr/
http://mayurika.co.in/myATT/4xbzoi9_UYRLXiy6_NCbX6qEKN8/
http://medpatchrx.com/6Fqd47epBFymYjzq/de_DE/Firmenkunden/
http://mindymusic.nl/YkGJ-hW83CFhXYEoNx7l_TeYWLxBO-ov7/
http://miniaturapty.com/OlbmS-00Sg55g34GnirwV_GusTYxJAN-U55/
http://minterburn.co.uk/AT_T_Account/F7qD8WPT_WXMZNzKt_wlQ4Drdop/
http://mofables.com/beYiE-HWIb1qfIXT339GW_HfiEhCSwm-OIx/
http://move-kh.net/ATTBusiness/T4Wg0Ne50wf_BnTjtAA_OLygur8Mu/
http://move-kh.net/bYVK-xFW5YOJnn7ZGCBE_gsxChVHs-fS/
http://msexata.com.br/tWEE-RsiAaS7uoyPffN_JHlxalLB-bE/WIRE/Commercial/
http://ngobito.net/SPKSA-4FF8nJ56dd0pyf_wxADDIPGS-GGG/
http://notarius40.ru/QCuF-mSzhzfwQ5tUAkL_YHnfyKou-BnN/
http://oikosredambiental.org/LjYpP-WYyyqGqGvh5WQPp_djtnHEYcY-8LR/
http://olacabattachment.com/faYAf-ssnS4hfCJshUxvE_VzmEkzKm-uL/
http://oldmemoriescc.com/AT_T_Online/XeLZhRG0Mxb_PSWBv8qn_1Sue0/
http://olyfkloof.co.za/aWVC-3IHqqLvmLyeU2bV_LrAIAjXP-K5/
http://olyfkloof.co.za/nTTqgFCzKKKsNYQyFB/SWIFT/200-Jahre/
http://omega.az/ATT/u1On_scqpZl_Tsbv0tL/
http://omega.az/WRrUv-psko7sNrrXk8Ak_dJJLfueP-ZG/
http://paiian.com/web/site/AT_T_Online/YYAFSrDY_ZV2Umy_7wj0vad/
http://pclite.cl/lpWfH-bklSQf31o9cZZc_NVchGYhaf-HRP/biz/Personal/
http://pclite.cl/myATT/3eStk6bQWc6_QUm6OlDp_KnAJ2SM0so8/
http://plagading.edufa.id/wJqE-tOspIfR9BCrRuY_KZNYwjSPK-9Q/
http://proxectomascaras.com/bXpu-KUBybPoLvZLkpa_douCBhim-Nxl/
http://qinner.luxeone.cn/CIro-Phn7KjFHVPxKXu_AWFpGOtMK-HeF/
http://raldafriends.com/QNKNw-eDST5sDSmRBlHO8_QMuylddSF-6R/
http://realitycomputers.nl/gadne-mJqRXki6OpFP2GJ_xZfGthaR-Si/
http://realitycomputers.nl/MQWk-Yz8DXc1v6LkJa7k_deQmclqEJ-zVV/com/Personal/
http://robwalls.com/AT_T/TFh1oy2EDA_cbchtx5K_qqmEXCDuDv/
http://robwalls.com/TNpjK-7s9ay66zXTjWPx_jhRjwUFXt-JFq/ACH/PaymentInfo/Document/EN_en/Invoice-75343683/
http://rockcanyonoutfitters.com/RFQy-P5zZBU1LjnEdXB_SoYTSONT-ztB/
http://romeoz.com/ATTBusiness/Aj5I1_6YmHylRk8_IGSq4/
http://rumaharmasta.com/AT_T_Online/QWx_3Gk4QQliU_Qa2rjY6oOGy/
http://simple.org.il/oVuR-9LQoCJDvyJPADM_nmGlDore-f0J/
http://site.uic.edu.ph/myATT/WTTt61QgNn_PUXWGgasB_hbT1V/
http://skycentral-176dinhcong.vn/xXMt-n0WgxUWhn5wXQZy_gVUtTdJc-ZqU/
http://skytechretail.co.uk/xmbgD-1jOJRX5BPnmPCWJ_RmeYkhMTl-l2o/5366937/SurveyQuestionsfiles/En/Service-Invoice/
http://skytechretail.co.uk/xPadl-fjHv5sDHaTYmrt3_BUsglannx-oXm/
http://slittlefield.com/myATT/RagdE_NBa0YgjaC_AnvCqT/
http://smallbizmall.biz/PsEjF-PTkmHaTg2l7Nt1K_ELxqBIOH-Fh/
http://smallbizmall.biz/uJSZ-u78CF6kWwHmgUK_ITTuWNjHV-zZL/PAY/Commercial/
http://snits.com/YVUHr-0UZVufXZ1krN7N_pqOdSlWc-wq/
http://starstonesoftware.com/vwlK-3AHlv2GCuSjDc3M_LlOuinCEF-E1T/
http://steveleverson.com/YBQlx-oKkPL2AOWk99Qz_cEZOmkck-jIz/
http://surmise.cz/jZtr-jTHjqhknSsfMKwV_eEjeKwBH-ppV/
http://sylvester.ca/TRLNM-hCMtrFKuKsWPUs_YIRmiMMd-g8/
http://sylvester.ca/yQvE-hU9MDI0hU42gbS_yJTAUlSlI-oJy/
http://symbisystems.com/AT_T_Online/Qulh_UkYRFw_gGjfoLhm7p3/
http://symbisystems.com/gXRGM-gWCOI8tfAsVhRET_zZwadvHjw-Ss/
http://tacticalintelligence.org/QKyh-fnmGK63cuWCR9Zd_vNdFVlkWZ-9y/
http://tacticalintelligence.org/SjyNK-xQu2D58So7hdewI_BxSYumYfq-yll/PAYMENT/Smallbusiness/
http://talajewellery.com.lb/9Y3ep9fF_m5Tocelj_tH09DUt/
http://talajewellery.com.lb/Fvscu-976Dvu07XA9vdS7_TbCTjYAi-v4/
http://tasha9503.com/ATTBusiness/ECshzhHcu_1gYr0Gob_GWx2YqFHkY/
http://tasha9503.com/gvTr-MG7qNa3C1zER4d_jqYbmVHqg-NX/
http://teambored.co.uk/AhrD-nbY1frhaxi07PAQ_uTzYtfxF-2mO/
http://thecreativeshop.com.au/tTZr-QssvPZ08tIa98X_JuofCGxh-WH/
http://therundoctor.co.uk/kVbV-gOjERAEVy9aru1_WLcBLEQWX-YA0/
http://theshowzone.com/xUwE-xH85xQve1DQsLGB_ywBeVznUu-f5/
http://thinking.co.th/MFzB-TlShWtOzRk1m4D_inaFsiIht-Kd/
http://thungcartonvinatc.com/MxZhe-bBdwsbFVz36TAJH_YObpULtA-II/
http://tokomebelan.com/xSAKU-MPVhi0LCLLE9lGj_ybsOKrnt-nr6/
http://tomsnyder.net/sQch-pKactG8z8OkE6gS_zVSPnADt-mdA/
http://topsalesnow.com/nEdH-y1BBshbNXAKrUJ_lYuKCVPj-6V/
http://track.wizkidhosting.com/track/click/30927887/johnsonlam.com?p=eyJzIjoibUhTTmF3SGdobEd1V1U0OHE2NmdOY2YxTW1RIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvam9obnNvbmxhbS5jb21cXFwvbVlITWEtYWc4dEt4MmUyVU9JNzNfQnRBT3BxUXFWLTIxXCIsXCJpZFwiOlwiMGUyYzEyYzExNmVmNDdhZWJmNDVhNzM4YzFlNDZlODlcIixcInVybF9pZHNcIjpbXCI1M2FiZmY4YTFiMjVjNzJhYWIwOGE4OWMzMTM4ODU0YmIwNThmYjViXCJdfSJ9/
http://track.wizkidhosting.com/track/click/30927887/simple.org.il?p=eyJzIjoiUXl2UmRFMnNMQXJ5bGRQeG1qRGVBRDh6OWxJIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvc2ltcGxlLm9yZy5pbFxcXC9vVnVSLTlMUW9DSkR2eUpQQURNX25tR2xEb3JlLWYwSlwiLFwiaWRcIjpcIjY1M2ZlYmE4MGI2NTQ2ZDU4YjAxOWMyODQ4NjhhZjVhXCIsXCJ1cmxfaWRzXCI6W1wiMzNjMzZjZTkxOTE3ODNlMDZjNWU2NDdkNTMyMmVkYjk3MzcyZWRkZlwiXX0ifQ/
http://track.wizkidhosting.com/track/click/30927887/www.zengqs.com?p=eyJzIjoiVE1tYmJSd3VWVm5LdnN5NTNGeGk5bjVqaWNjIiwidiI6MSwicCI6IntcInVcIjozMDkyNzg4NyxcInZcIjoxLFwidXJsXCI6XCJodHRwOlxcXC9cXFwvd3d3Lnplbmdxcy5jb21cXFwvVlZEZi1Fem5EeVF0cnhvR3BQb25fckFjUUVZVVItdGtDXCIsXCJpZFwiOlwiM2RhNGUyMDEzNzZmNDhmOWE1NDc5ZDBhYTVmMDE5MDFcIixcInVybF9pZHNcIjpbXCIxMDIxZTFhMGQ1MmVmM2YyNzg1ZTc4NWY2ZjRkYmU5Y2FjNjIwODI1XCJdfSJ9/
http://tracychilders.com/fNTes-9JVtazAtJKhaQRD_iaPssyLlx-nwD/
http://tracychilders.com/qiDIw-Fujss2ev2qZyzQJ_xHgNoLER-eXm/
http://trakyatarhana.com.tr/ertfa-OKBqeb3xQHGRXUF_GTTeogQyv-fkv/
http://triton.fi/KRkU-qE3YGYMR7zDYVv_phxwzxDe-hg/
http://turkexportline.com/ATT/RJoZT_Jf6b8DCJ_ludqf/
http://ulushaber.com/vzfCk-1fw668JKg5Wrt7_lHBrSIntg-57/
http://ungvar.com.ua/9K1aDS_2DHAQa_W5Nsatk0/
http://velvetpromotions.com/ATTBusiness/cfv2W_IoBqT0_IiO9CG/
http://velvetpromotions.com/fkMJh-5JDK6MMvt0dAuS_fztaNhXb-UlB/
http://viaex.com.br/PagOo-0kV5En6qTpdO9Vw_dQVOeHLCD-Vz/
http://wasza.com/EIOhD-wUTfE2FiSSp2FYn_GUbtImUGB-kK8/
http://wasza.com/qehc-YSw966KXQyrrXe_REmkFWYI-ah/WIRE/US/
http://webeye.me.uk/ATTBusiness/AWx3ToCova_5dUSHY_RZkgSrk8y/
http://wellmanorfarm.co.uk/TFLX-V2JlCelVeQaIta_sZQTGLFzQ-rvv/
http://welovecreative.co.nz/myATT/QPBR2gmh_MUMQZDZfy_XWC5QC/
http://weresolve.ca/sLyI-BpEuAKdH0tMpNJQ_vVZzJGHW-zti/
http://wholehealthrevolution.co.uk/GqSR-WSRYXVMeueqG67_YaPJiHgs-MH3/
http://wholehealthrevolution.co.uk/myATT/4JQSehw9O3I_MlyVnZVfE_sDlNsIVM/
http://wine-love.ru/wp-admin/DpVj-LJtI24kZvooyep_usjrZXEj-36/
http://www.actld.org.tw/wp-content/upload/ATTBusiness/WQkuqwZoFU_7ZIS95J_7aLQp/
http://www.agroturystykadrzewce.pl/administrator/language/StoI-tEvzZMigcPjZYc3_FwLxIDAAA-C5/
http://www.alize-flor.fr/lBkOP-lffy6nJ8bKfMeWX_NMvLthEL-1G8/
http://www.ardguisser.com/IUIA-qgkdtq2rfbXD7Z_LjIAENgVq-4CY/
http://www.arisun.com/PjLYo-78KitaAOqgZBkV_WeBsuRmWc-8F/
http://www.azimed.nl/BNGj-likKFCNbmgzcGd_XeKZxNTxx-Te/
http://www.baodong.vn/myATT/HwtTm2qi6r_Athpd0dD_ZSjrf/
http://www.barjudo.com/AT_T_Account/4PioI5_NAXwca_qKGtX12m/
http://www.chaudronnerie-2ct.fr/rLVD-6RB8aaRKt1bBmz_vZqrXLKX-7O7/
http://www.cinehomedigital.com/OaxDz-Tct8ujboMfNFSj_fWoeTSHmg-We/
http://www.cinergie-shop.ch/kfRl-xWKq1RK6nd26YK_RXjBUMMq-mWr/
http://www.congtydulichtrongnuoc.com/FGaOE-PDhboPsvlGjM8wm_tABwhpkm-2Dz/
http://www.consultor100.es/nnZPf-KDgJK8Ht7XadKqe_KojPPsMi-fu/
http://www.critzia.com/Wpyqd-DDe0TCEjHnEe1j_zUKuyfhH-wI/
http://www.devadigaunited.org/AT_T_Account/pig_S97z1V_h6KxO4x/
http://www.erhansarac.com/rywr-mVV7OeMmPTPnde_tHrBDLJW-x5J/
http://www.falzberger-shop.at/DnoPC-a6aiTyXGApvyhc_KwswCAVJ-M8/
http://www.grupotintemusical.com/YuwT-EvLcUomWylLGn7_AqvvUeVw-NAy/
http://www.hlxmzsyzx.com/AT_T_Online/PzkzwPYd5C1_L0W2ab_a6M88f5o/
http://www.journalingtruth.com/MiaIS-GbntlJumdduH0T_DfWgoYbW-WJG/
http://www.karakushafriyat.com/Afrbv-RCNWwn5YuZL6O4n_RvzcZVPPc-BP/
http://www.kinderdiscovery.com.mx/bBWAN-rKJ8xMU6RztR6hS_EDkgpRlev-Pb/
http://www.klubpesonadepok.com/ATT/ttE0Yz8Eq_HMGV59E1_TA9gD7fnW/
http://www.kosses.nl/EjhIY-op9grSuKwLl8vS_rLkUQzta-2R/
http://www.krasnobrodsky.ru/AT_T_Online/7eFxSb_is2z3F25h_ce6fUcO/
http://www.locationdebateau.re/ahuXv-IWHBd0p9rBLLy5y_wZrmwFtb-jy/
http://www.makeupbysinead.com/0k616V5M6_EizHJSFZX_lZODrcn/
http://www.manoratha.org/Lgao-uFJMCp4HYAvNssk_YjNwBIsbM-QA/
http://www.marcovic.fr/AT_T_Online/BzLuG_1eRR34kej_1LR3R/
http://www.mayurika.co.in/myATT/4xbzoi9_UYRLXiy6_NCbX6qEKN8/
http://www.moodachainzgear.com/EdhPs-LMkBnS752smuCUT_xXxGukKEV-rK/
http://www.moruga-scorpion.cz/gLXhb-7K91X8d7Ta3jNz_jRfYJEaD-oZH/
http://www.neteclair.ch/6g0QttQ_wCiPnEiBE_NRcrNs4/
http://www.oceanicresort.com.gh/wp-content/ehqy-P6pby0AoDCTBc0_xGnlYDshY-OFX/
http://www.omegaserbia.com/Ycdx-yl4xHiF7HTtNhj_KvQoZTLS-vEj/
http://www.ourteamsolutions.com/wBqz-RNQh8GlIdOTxzkg_vZSzjYdi-xLG/
http://www.penderec.com/IIqm-RU0NDaPcvd35IdH_ltzOrkZam-vcd/
http://www.preguntajacobemrani.com/OZcrs-SqYfcWNmD6tnG3f_wrWVEggYO-Y6/
http://www.realestatesdakota.com/cYkZW-y6ujkXDfwMMox2U_HOLeAWKIO-Got/
http://www.realitycomputers.nl/gadne-mJqRXki6OpFP2GJ_xZfGthaR-Si/
http://www.regenag.co.uk/ATT/QiHCQrjr_Zotq53Crb_AkY2F6/
http://www.rensgeubbels.nl/mIXOb-fWn7lu8K8wY1jeM_ftacUUWaE-GIz/60190/SurveyQuestionsDec2018/EN_en/Invoice-Number-247797/
http://www.reparaties-ipad.nl/vxXg-U9xPLQZ3m2ioweb_nlMNOlgI-JoD/
http://www.rozii-chaos.com/jYFTf-NeFoaBkf01R7EX_eMBtoJQbX-y76/
http://www.rumahsuluh.or.id/bbvSl-fwPfvjKFGqZUWUh_RDzsgMrKH-VSA/
http://www.rumahsuluh.or.id/qtXOj-Nrpzfh5fIp5yiX_rpRUqqaVB-E8/
http://www.salamouna.cz/cache/DrmA-BznczbBsR8oE5yy_tZuDehWUP-u9E/
http://www.sambasoccertraining.com/PRYwC-kLd6QNVKBUWY9Cn_EyfVxBUR-47/
http://www.seracojp.com/AT_T_Account/s7GHAuxLpjy_SXEQVL_v1KXEwbzA/
http://www.solaranlage-onlineshop.de/myATT/XcrDgwp5c_Ihh72ulT_XzhhNpz/
http://www.sorigaming.com/myATT/Mw7_wcULcElak_u9m8OLT5Aj/
http://www.studypalette.com/Ijqt-N2aG76ksCJAXtj_gsctHCRlG-AP/
http://www.surmise.cz/jZtr-jTHjqhknSsfMKwV_eEjeKwBH-ppV/
http://www.tdi.com.mx/ATTBusiness/gZiVFCYl7b_oVgGCjpL_AbPoQtN0Wx/
http://www.topsalesnow.com/nEdH-y1BBshbNXAKrUJ_lYuKCVPj-6V/
http://www.trakyatarhana.com.tr/ertfa-OKBqeb3xQHGRXUF_GTTeogQyv-fkv/
http://www.turadioestereo.com/AUxH-FlOXs9XgIgxG8Cu_ZwihDijmg-PpU/
http://www.uocmonho.com/oHno-Dc1orvj3ZxXXjd_cdOssUFx-VPM/
http://www.voc.com.au/nXNV-aNmwBk4pKKY6zp_fggdolrC-XGU/
http://www.widitec.com/heeEx-K0CJSqJW2LAcqI_oGtrxVdJS-DB/
http://www.xn--yoconsumoproductosespaoles-2rc.com/YYty-GgR17mxAcaxm6G_jphcRWLuh-9fy/
http://www.ykmkq.com/GUrh-f1L75KRQScF8sH_LjXOtIJf-Pf/
http://www.yourlocalfocus.com/mDsf-ybuSQC7vZb0D8jb_WsglBuOWX-PLU/
http://www.zengqs.com/VVDf-EznDyQtrxoGpPon_rAcQEYUR-tkC/
http://www.zingbangboom.com/myATT/HHtYKK_ZtwMPiOm0_26QOxx/
http://zoolandia.boo.pl/gooX-AkBzDcjIYWpqjT_OfWIJPJF-zj/Ref/20067287Download/En/Invoice-for-b/v-12/14/2018/
https://ido.nejanet.hu/zxtrU-hE8z0MK4yGOvpKK_fQNGAiAA-fH/
https://u7188081.ct.sendgrid.net/wf/click?upn=da49dPi25G9RkThIR2yu6V2-2B0UrHKy3sejIc1BpWz6-2FLgi6ZiHojJvEkZREPVe-2FY2DGNdeAfsRcO-2BRDFUbPjp27R5GxFIYO9lU5OTFNPq1M-3D_oEUkigULEm9qDXZ6e-2FeLN48tNnAG-2FFGxEd6P5PSlSW5Wlgcz00Ux71G9J5qQKl-2Bl26cllPJwhtru0X-2FKUPGzU9c-2BZMI46I6tZIaROLEvMHgzQtz-2B16ZTwGuyAcs4NCVylkewi4cER40BJmXapmjUazQ8-2FFG6-2BhbAlbXPttWv7tuQLVUCl-2BotIj6-2Be4r0lGt7ho-2FndRz3NN07CNiQt6xGuNDBabwHoSdBAuHvVbLZAdc-3D/
Epoch 1 Payloads by Document SHA256 - All Times UTC
Creation Time 2018-12-17 21:25:00 (ENG - Orange Text)
SHA256:
9bc017958890fd2e59a44c33e3a3d39775e6657b5a329d57f5e5399023846a64
9a11b58b4abf98c2a344000507c70bf8d64789e942a3b9f305f9ea6b9c169f04
ac9e0312a3a4a8d65ec5b0b42d42123417950cffe463e065e8f56df05f5391b8
bc58f10a3238d4d88c93c92a784f6ec5e692bb5b9ea99bb9536cf88149d2f1ed
80ad49dff7cd837b5b4be79fde0cd9674ff582a6cd2ce1c55e8ff6b32960ce33
0c9951d3ab42f1e00facdd5a38983fa0f5dde2fbe6f78d190fc6bcf0b3764212
84c6407990e191856823f420c95c0f910ad2efdfcbd2ab6b00aef8700cc12609
ee8dc553fe41e08233199d807e2a17d661aa5a35746ae1b9d656645ef6a0b4f9
1b05e4717247eec26d2a908dc8b931184c4fd2f6d8e6a82d49f0411f7c62534f
6d4e4b034d87b7385b156ef731b43ccbd3708d6fe5bcd0a0c4aec5f5652c56e5
3e06993367963bd22d22ad38eed88bc1da0221977130052f9ff249035b53cc3a
933aeadba3464a27badfe55d8bafacbd07d2fe06a0047a8dd0b2e46d1bd1a647
ff0a3099b2b6e2f22d9b70ecbfd564beada6b15fac601422ed3ef587d12baac5
834dae8da38455d0d375991bc0129579331bb78ce49795571ce88bab8e57cf94
603c87a9f65188547ac93f927a1c1b05cf3dfabf328ce580cc49a0a570dd55c4
189530852d4d852242d5214e38e2caec8b39d9cd126beda86c299df3176373cf
1ee1edbddce8fca3bb334417974f7168d36918509338aa86d4fee64ca3d9c97a
20c9ff6027b5b9412aa34ad73dd13df7c4bf5c8e305a79056ae6e84ba156c17d
3b34e6a5f52846a7a080fa504f68cf04e6755da23ebf32bd81549dc36583fba2
257608c1a0d6814ba892870b4ddc696c43aea835e059b4147cc5a67e88aebf9a
b00703a72e4f946c0acd60dd8f5b9a89083cbc8b277a8f2674c20f06721c5c8a
30c56de0ef715b1cc99c56d1fe5c5e91162b6c2757cedac47118063c762a112e
9c6185f61bc55bd5713fed99d2982c8d4353d0018461f950bb896bfe8a5aa304
1c11dd77fbec62acf960facbb86b74c5e83811ab2e59c9403b75258348539958
http://www.funtelo.com/58S1xJ09/
http://www.shout4music.com/Kkt4CUPvX2/
http://advustech.com/l5EcamTDy/
http://www.ceeetwh.org/UZwh7EIWD6/
http://www.gmlsoftware.com/itTZIne5M/
Creation Time 2018-12-17 19:03:00 (ENG - Navy Blue)
SHA256:
07d589388448d9e760ad5a491e7b6111d7ca6c9d692e2a5e85ee5f4731a4630b
d19148ce1eca0f37a7e1c4e7f637b6c740f7f05af5fcda7372917abdfa733788
b52dee08ca8eadf14798887efcd8359ed58d036c13ad797dd09cb94e3b70f8a3
17c7de70562a3cfbd00d2d96f30984a1768a6d4577936e0ef3f99418c55fc2fd
797e7d043032a9320473e52721d09ac18aa8cdf57a70394b71e8003a11e28595
d8d2963a3d1e4ce35a58ab107804af51266164e96a0fb2c7ae0e118226b5b385
c28eabedfa27dfa715a7093cbf0ba1532a74cf03936575cb668da8e3fc19879d
d4c04b211d8b43f3bd9a7bac94d9ed22d7895ec83033804e832f2ecc9d1f6216
0379044b2d0cb693797c8adb5a5ff0991df7b767d5df6268536288214bb05377
a8068602b148d3dd318f613e132c244dae44ad03a47cffc076f0ad8b42c505e1
81f1052a4d972b33990acd682b38182ac89ae812bd2c3a0e195ba0384aa53753
http://www.wmdcustoms.com/SoYuALGOUR/
http://innio.biz/FQNvmdqgyi/
http://fomh.net/09NzQWlsLW/
http://www.bellitate.com.br/Za2OnSuDju/
http://pure-in.ru/EqaCUDSuU/
Creation Time 2018-12-17 14:27:00 (ENG - Navy Blue)
SHA256:
50db407755a40929b5b6b5dc19cab0fff94b855d471797f5b7246d2fa6c3a280
216c7c9300632a99d808ac6c2ba26a53402ac584504bb7eac3cbe35b56994d93
aeb831420f4784da6d463131d145f004e69e04042279afe3b14bc4f2df5cbefd
af8a59bc575309e2dddb45dec73f0c37b82c72752b6627b235ecc88302238a46
2563d86bb358d86d06856a5becdcad5b6461d88fdd49e362691d5dfae43c4625
1246ba64abfdec50f3e566a2291b3fc0e96a7b3969fc97ed57d01236c5084259
e4664f50cf487dc05e782a2a9672286731b27f1e17f8621f4de732adf23d7a8b
4a6bd78488989e57f837c67e0439a4e4a276b8bf339aef5dfb177a4d03e89f33
a62f9b138b9ef335233e2f25c1682a516632671334a969fdc15c32558cb6fd5c
f868310f0bf5c2ea2e7468b1130609370c2c2a6922b227d7110f1e3b35ebd4c4
314ab01e7aa217197f6617128254b70aa7cc918e6f417ea5d2dda5997340e51f
13c67927db7b0612d9e205bc5d0f03dc07eb5cb546e3d0eaf0d6411d11bab2f1
71fea3f621101d1f058d7b145225a38e7e138df3cab318f1969056ada28bafba
9b70d180a54addc52460c7c5936521bde8dfb6b5e276a43de87c264d9232eded
69caceab49fdcf349e2862d18ed39ed586d4e1a973f2ffda9904808871f6bce1
4030d19135210c191d7761a432b295314588519a0d3497bea401f6488c7de445
693c1534f3b4acca1651ca0ed79b537e6c5f3fd63956bff58e78c33d47d0e885
3efe254d06d8c8635d2c6858ccdf23d13dcb79c7382cc5b446a59a3cf24412e0
923a35d4341f901b180f9df76092e5586610a71cbc45801c51a472a7bedb4f16
f4d9c1e45849b189548f2fcb45126b008cfa6254cfe2fabb789ec0f096672eca
653f234baee70f8280e05720d0335b5dc898e6b0aa2dc6a04b6a278f51326441
dbe1a87b8a5b3b2e5bf279fb920fe88525d2548f461415cc28476b6e0911e6a0
496d0777c7954af7bff66209fc768a23a129e313b19c3ff509149a74963c9470
2b73175122d0b0ca5b496fddc02d17032f5984ff4281501e62972e11784f8f0c
f868310f0bf5c2ea2e7468b1130609370c2c2a6922b227d7110f1e3b35ebd4c4
e6f1e9b300678f18f5a2ad8fae808527f0042e8e798b9664422c5a587908262d
6f3b1f16e245a99d0796aea7772482338055226d88d59ab9cb06ce426c8f64b5
2e423e4f85a0fe78910156d80a5c79adef94c12515b79357d973299ae9b6aca5
d5ddec793e3060dc03c609b9e37fe687728677667093e627df617baaab4b47da
http://www.countdown2chaos.com/RteZ6CxTl3/
http://www.mtyfurnishing.com/uV0Z7WiM/
http://www.fortifi.com/IQmS1zuNj/
http://limaxbatteries.com/yc8jyNd/
http://guiler.net/n3QV4jHc/
Creation Time 2018-12-17 10:58:00 (ENG - Navy Blue)
SHA256:
5c7b5cd5d22efed9027b8b14ef196796a5fbba4b290409214f844a5b0f73d158
01e3049c2339cc896ab3aeea1bdc36a9fbd2c0553ee14f19c2c371d2ff2788af
cd52db5b0315179d6ae072dd17e07117db05edac616386b3201cad753c7ccc8a
644364d20e7888590ff7241d49197204aaeb731900fafb12c68dc823d620e80e
859c0871dec9be9405a8c0df1af51b01fd561a0a3c8a5ba67bb6acc5775f1e03
9a85aa53f0e351eb155f924056a339793b01999c199c8cea58aacfb68804f6fe
532e8ffa7c85c71f9f80c5c4fd100b00f36add0562e2ff39afc9966a623842b2
5f3acad4198baeaef23ab971632a229d7316c29e7cf188be96aa0f82932495e9
5f777684b8da45736bcd35828a63e826970edd3307af2f2b150e33779f563374
4cf44cc2aa328d6860ed2f98b860aacbf4dc6270c85c3c0eba4ed8e98a303924
4962b11ab76f9e76ed18875f62341d4bf30b3169fcda51704d7ab91c72bcbaa4
17c10a4e711984777049d3aea951494d14aaf5d6efd5269d324bbf8ae96885aa
378f7b5825b5cdecb2916800c17f7012967a0cd1f6258c80ca803e7d4794eca7
85a080bebe65f0f1b0ab42629cf8a49fadc9e1ac0b7559cb5a2e6bf74c70b2a5
d1a6784d0318bc92859a33ae5c4ea6f593deb148de4599d1dd14cfe807589e55
34da9a239942f84b860aa05f34ce7fcb7ae47c837bb7cceaea489c2dd8f7fa9d
d97fd77f52628a1094c41e44e3781e81da279039de436cf313dbade61fa1cd24
f127f6bd2f9cb6cfb2212aea7c8075b232e153e26b9402525374234a8f35b729
ddab96b4fa0b2db7f94cb63c5fdfbc164706f7bb074234c7393948f67ea3bdd9
84d24a628ce79f2fcf7686824f741d8a05077b213a4bbd59f34b93e21633d75a
bb4a2ee42b3d2bad07b889c21d37bfd3c9dcd5ccf3ed9e0c5c9457683edcaebd
9a6b39df5cde6336cd8be5148310bc920d9070f7ce925c9fd5724e0490fd62a8
http://strike3productions.com/fHXdHseo0/
http://jomjomstudio.com/DtxVlSu/
http://ulushaber.com/0YYQkxuY1/
http://drapart.org/myCmxSG9/
http://billfritzjr.com/zZAX9a790J/
Creation Time 2018-12-14 17:27:00 (ENG - Light Blue/White)
SHA256:
a292a8125fb76f54bac2d685425d7e0d073ac3f6024d329c6e2af36a4b52f530
1dfe90808be136a5cac62660566244a87ff334b58df22f413d7731f7e270c17a
4d790bb6998c7d9ac607e207fc1fd22c7f928f572d0cff00c167cfac1658a960
a08cd28749945a9709810a2ff673dcbf33b6ae24d53ee80d8efa306c2025671c
bb64d6d8d21319771caf1ee33304cad02db9d3a150fb06ad2f1ebd82e2d858c3
a9572b5e03e9d40fd1da942879e647f86ea150d008677b2559bfec0e379370b2
965702f3b56e481527c283470f9ca8707684849a54689f0972638b6f6f7a090e
c7be685170e3c94ca04a17041b08cabb7382f63b3bf11118ba151948d710ca8c
0cd893f50ae7d919520aa2393c588d1f23e73c6730d94733df24f6c7c9918f2f
ec5da20c06eee8f769bb10cab81eab099a88d08518d21a60bb708c0d5bc15e45
5547e783f9cd9d8334df12b58bbd73c05bb60e26380c99e72e408cb6279525f7
fc2dfdb1cb7b0b66f034b11c6ba3bb205f4710f33b61a210cff17ab454a597ee
b7eb2b59ef91e20e0435c5066a5e351f8aca6bb77b2423c0179d8e47eb2175d0
518fcde19ef7826d10566b2a58a8c0885296273934d29ba530553ca6890bf216
86bc87512f5919b4defd288924d0438d62cad08ec40f16f1fc581a82d1c858ef
bbc128ef5505582c4532d06b2d09a8306ad1bbebf1b76ab8076d4036383e789e
9e6686e53039796475cfd978c8508b4655d5bff109211d00588e2fb19dde0d21
1935011504e11016ce69200dd37e1d92b3d4bea21d3409de4ef6aa75747b14fd
84f9789998f71a13de2a8ff11726c1909613fad616312c665402e50f40ce5c9d
06d8d454a45bb4fb02672ffe00d39c6c719c26850d7139615206b0a16b7343de
1c7031a108db22b1555b0d9275f31fd51f170a9335e43a083cc1eca9b476b7fd
http://sundownbodrum.com/J335NbN/
http://www.roteirobrasil.com/wp-includes/XEBv3PdHgZ/
http://rdabih.org/m7mnTYaIzL/
http://zavgroup.net/11D6PwFu/
http://stefanobaldini.net/DfSVLfsC6/
SHA256s for Epoch 1 Payload EXEs seen on 12/14-17/18
ef17ba94ca016e111d1aaff149513fa4fc4df7f6d1f3f03b3eb491644ae24df4
e9b7d8ac373674cfd789ac2cb9681a5a2abc4d34a8e1eeeae1ae2a799d2ba01a
928cc4aed8f8abf2863f49142dcf4ee4bee558e21161ed0296a32216eaa256d1
60afe0e8502f9df14b8200efbe2bc007cc483571a1d8210fe5843972f0f9a510
25cfdf2c13b086a375ab38c9a3df5259551dbc60f9b463489445643b310ba35a
7addcf66ed2376c8f9b2adaeff04fc01c92881b2990d460eefd60324209bd62c
ff27cb0a4046b7d4e23f007d65cdc52b06f41ee2df99ab1133ed8a36862e4a21
14348645a287ee61829575dd2e683ba7be08a73752ae34a0bc693be3558026ab
82e615c4d0db14708e32beb3e94a23c45f588d8b97bed9a68ac0098e1dbd7ecb
5a150e3d23cc7f9fee0617c89ed45c66ca4b3ec340bae0f9f6b15fb689fc1570
9848953c6b79c8fbce1f7ef43e07002bcbd84bc9ce0f9c439c90b59e00b85534
58d601b6135402798e02049eb8da69e5c849c7b3bff3422a8ca35f2a43f7ac80
46a181446e77c311820df9998b075577dd3ce7e63e7fd5f94cc34a64194bf75b
839847979c3ce97658bda23a7aff57496c57bc2f29876248bc6507ff9af5473f
b19329658072ac42e0fce683de956de366cc9bc5cc2a289a614df24d5300e9ec
7e72a231a5e4c7a2a8dbd5e9520d7fd630b53401a13648ce7781093ceb175a0c
57681d82d708e91d820def30fe0a5df97fc6b1da434b7ecc5be22fcb5f5810c0
081eb233f6ff99f1feb554786b4f64ec3c246405147c6b8854a94f5c351f368d
f0136025ecbb3e6e5a7c2fb88c7b8e6f00df46450e4115c6c56ecb715b1f4e96
6c8891c753174ab0f22cee17598dd31f9950ce1826f1eced240e174deb98bc9d
ad6cc298096cadb4df43c48243f04278f472087c562a90fb3c4b28e1881f7935
0dd4955b0a6080e00c5ec8a66b286f8fb491ff08c2b3cae21a31f20ea0f22dd9
7d1617b283b0726dcb34bda4cab8c95b90b49452cf0d215ec9677ff326cbb448
ece6089c51ce77f4a1462ec9ddb7cfa0c84eb54e53261b317ac2486807cfb3d2
991b11d9e2880af89474dd23ad26b7606e11a4aca5480960c2bd2caa1c300f86
46bb5fe3455a3ef1aea583012c83cbf3bdd020a496f37428bb4be2879a6b2c12
0b1624e0767e738d52998bf04a4acf44a029919c5c08eb65a209ae7fa64dd09d
181e5e7ebd7145e94df2c33c0ec5752c09c990d130733a39eae42b203ae867b5
51e557e584a766ee56d14ac66aeb42f393d70267326c0a18b2a35409deb4213d
bb42f3a247793e689628e2bb5c1e70cf4192d0370803eb345f5a9d5750d762a2
5594446f857ca90d7464039471bc086bd6a9ebfd5d5690c9147471dc01e133bc
5a5421d0d4957029cc22f6e5fd7039e27d6fee6493b5f9aa7e3cbdcb7729a04b
8603a0a28e2b61d9870c37630983b8e90236f6033786479d3d93682718e18d26
9f4a23fba9e85e323da7a8751a1bc0a2e837153f8ab63f8511a5cc848eeb66cc
4a76c2e52c615bcd4affbdc705e1ad57d3c5b2cdaaa5154db2401d1cf33b81da
c7a53b22c8514b81423aeb0a920e0fa20df08a956d6144764148f984c82042f5
3aa53457ec55fe3888fb198c40fec1804c59b22df84e8944136d009c54c1be2f
1201321c8641769c6f0c7a88b8d327e6815badeb2dea09690f3daf1d64608d0a
547b053398eb9a3263154eb918f4b3dbb7528fe738848505ba767ea45e366a36
13f7534f74fbba13f1b1980b773abcac4ff7549cbc6c66fa46776739b7611aa5
0dc4c3687b307629ca087aebc85546fe74ba37cb2776c514b401d1e2628eabcf
Epoch 2 Payloads by Document SHA256 - All Times
Creation Time 2018-12-17 22:23:00 (ENG - Navy Blue)
SHA256:
04ed22881589b6c77d01cdda5e35a736db215978e813aaf058da725c1bb48fb1
67e20396aa806209ca4d38be7958d42cb28700eda1f511dfef542c27b1e1a886
4a6e7c6c0c046e59ed726173ad7136f10862e76c6321bb76924a899bc6b93a91
50fd133b606006eb3d0085028fcf5b4a2460132cda32b2e6a25a5d32f54718c3
4562ef8d9a1300f122fc08d2b87f136891fbfea41433a59dc760ac7794a0702f
749c2da7a49e60064ee30ad7579a5ac41d2f2bdc9c968ee8b2db96a0a2031839
d55d45497bd44a64fe4d1256f098ce2a3a4b4221e437f69796b34abd17eada87
8e6633e1c89c3d845a356cf17cf2405b4b000dce533199fee84128c0d9313e75
6bd106b90b7e4cc39d90c250e17fb23a0bb255c14e4cdf34d6a80d346f38ba59
6dc700725032aded54ee5814fbd2ef976f28c8f6f3b5feb64f7e6484e367824b
dda4cb335e20098a220191c90e9c0a195392b90d8e4c76ec0750e1a3584e77d5
08b4bdcfe55e4182c23c7988e3670060e761a629e50992ddaa015ac28d8a2267
93239b5ea551061f1ca4166c69075d62e7541a35964b9fba4604a9677432fe44
5a36447adb2dd4d1c72e36a8468abf8e54674148945685e9291da657587df38e
a778166c771520a979b0209d421e3c6ba8eac09371d88fc2459b37d7e8d6fa0e
1748a20e532b71d9991edc4ce5ccc43b4691316a1d5b9e7b9099e05919dc2763
3b8a04257b758ea4e4789ef652b1dde59edb89ba2b9ffa983abe29b9d12a8ed7
5f21d0a57e14be9302ccff0b7e67f4e3861978045b8e0577eac8a05e3e2ce24a
8e997e7435d884a63cc0f9cdb91425fc8a86d32ecbb2b228b4f340f9c590193e
79464da07d3e6e84b1471b5a82669fa0b6e7123e1d28197cce5970a9933a7d56
ca8613f8865172f382218bd38d8692cb64a8d324e7a7797d327fa469e0c829b2
b4f854826aa183d47b302480ad7c0a20ac6d2f4bc0dfedfda15f0ca054fda83a
d0377f68e9799fb777673b2e6f195dd5227b2fdcdcdfd8dd0f3edefa15525e62
a6544b0d78709d60a9651276c50762ddb957eef4a8f33065455a75d7cf4623eb
42f72d4b4d95a46450081cbfbb4fe046b1a556955a476242a3dd4a1a512bbc92
b370717eac41b25da9e8fefc279c0e952a15e996a5fbc2983f306166c0169688
37cfad166cdd649fe76a657b06f786b0a6e200c711801835fa97210b4dbcedb5
http://www.flagamerica.org/XOnD/
http://www.espace-douche.com/SLmTL9/
http://www.jnetworks.at/content/utB8h1/
http://www.provalia-capital.com/g/
http://www.grajhi.org.sa/yKE7BN6y/
Creation Time 2018-12-17 21:30:00 (ENG - Navy Blue)
SHA256:
52a546d5015586fdc17ba1520d00bea831eb057982aa5cabc3b202cf9aaa49b6
2badcda3cd25e822ac313a5cfc22afb268b012322259df1efbaa80c2eb75f659
7ad65beaa9602a5e004fd7cc5807cb967f5b4c80deb7526e4033fe1d63dd6d15
c042a0b97a58e96e5c9ba6fb20bebdfe76caa54ae1c769c80c64f6edc8ab10d0
844f55f6a4bc27b0c927918d78013e4196cf4baa6ba6ac75a51aebbe0bca8352
http://www.latranchefile.com/KS/
http://www.designinnovationforhealthcare.org/di/
http://www.nouvelles-images.com/klw/
http://www.ea-360.com/Ii9WyF2O/
http://surmise.cz/th7q/
Creation Time 2018-12-17 19:35:00 (ENG - Light Blue/White)
SHA256:
fe8cf799c2eb432183f5ae3a4a23ca6f0a3a075e98f9963a747f7a97e6cf768c
0e112d17bd8b05cb684445b6b4091a923dd0300a194ff5f0209ae5474b7b2e06
e8c24fd3597cb804f78aaacf01960743f514002f3d761db49a6a5fbf32b4f6f9
45f9dac959237d833f6e4e4a9887f61614ee1f0aa666c87db01779d79c56c585
b8678e574a1ea9b25601b8fdfb46ce7061b35f43cad9a7688de8f12c9657e2e9
1427da3ca8f0daa57d17681f357ebf21bab118218054cd6051fbacaee996b2d7
http://www.antistress-vl.com/JV6/
http://adap.davaocity.gov.ph/wp-content/6/
http://portaldasolucao.com.br/oEH2G8/
http://kodi.org.pl//Ntze5A/
http://blogdovarejo.campanhamartins.com.br/wp-content/uploads/J66WOCm5/
Creation Time 2018-12-17 18:43:00 (ENG - Navy Blue)
SHA256:
884781beac926c7f0d2fafd86d7c2e9adcb975c6f0dc95590e9a9053cd6e66d0
http://www.seelinger.net/jBlG/
http://www.racquetballedmonton.ca/HYvDtu04/
http://anmao.panor.fr/Gps4eJnj/
http://advocaciadescomplicada.com.br/gS2fdTvk/
http://sourceterm.com/eapV/
Creation Time 2018-12-17 14:02:00 (ENG - Navy Blue)
SHA256:
cd58ef6b3f85a12a56aee211aaa32ea7b6bc2b9ee09a1e0f5eaf80bfa83bd67f
a8589e4dcb4952fa35ec630b76c680d23f6d1e45f40687b1ca3525291ee3b7d9
775978de13e272c01bc6653652beb2b454971666d5bf108edbc68a2d6a69fe93
934d6a8eb376e794caf96898d254f86ce3a6ba5e09942f9c588e7ad5f36efa11
5fc837cec1abb150354341cfd7c63d4207320bf62164728c435cab8d8c953bcd
5ce4fd3ecf32508f2dffe88e497585a3dc2429d8c9d1fbe419286fea269292a2
18f6761ab3a7b442614493f558f7ce701093a8dc4cadef6edd6a7841f7ef8ac1
ce772424bba56339b0458dbf50837b90fc09b2e16d25ac4c3e58031d20247bdf
66f7989caf9748bb12cbb34fd895e871423f9987b801f0265706956305275824
c2553933ecf33835cec271ac5812c1ab61e4119f224cffe4b8636ad0824c9a47
0c9adad412eab08871875a0025e301ff81a5c79fdafa2690aabf56f62f9e8613
8a6ccf70ab04e2d958db7783554a05f351ebf825907f5afc8797a7023805c464
780794d981eb926f0c4578aaf69c6b93312b7090ae17804913edc71a7e559372
61a3b62749eaf9bc59c0c38cd7df197e826d310433177e80d94ac39387485193
199ae934b9952ea79f20f094c7ee8c5d6ae558f5a456f621a04645f0cd38ea38
a7fc4292a2199a88ccc065039d3c0aedc498363934ab5b44667aa40bc0c7a0d1
38ac9500adb04054f1e43ee386d33f007ef23ea1304a5196675e39cc1446e103
87407297a301376a2a50724de25af9ef6f336bd19166b43832fb062245e7e8fb
f7e1390eb780df28e8df64cecf87f72464aa5e2627fac7c73e0c6c3d7d204b8a
71ce0dde99deb387a22f2260d05da9e019d560f1dfd74272404e83aca1e6a241
780794d981eb926f0c4578aaf69c6b93312b7090ae17804913edc71a7e559372
8effa8d24257d3cf6a49fa740d57b953d30a5eb7eafcf6b6aa6032fa3b3fe412
4ec862b2d6b4985ab48562a173d7f73fe13ca7191fb2a548b58bfcc30f758bd8
1494e0e1b3d206505f792badd5b63ec6965f130cdaf95aa426a18dec1de69d36
87407297a301376a2a50724de25af9ef6f336bd19166b43832fb062245e7e8fb
aef1faff92f2b985df9b91a8e70c1effab6fb8d48ab7c45210925c87d819b59b
d40cad0d21d73654d638cbd486e56da6781465fbb047309b9c3e53dbc1547b4b
http://www.letthepageturn.com/xHUK/
http://www.racquetballedmonton.ca/HYvDtu04/
http://www.sanrockcapital.com/e8Eaa/
http://www.cineskatepark.it/GrIy/
http://www.frilvam.eu/7/
Creation Time 2018-12-17 12:02:00 (ENG - Navy Blue)
SHA256:
267ef241b1ec606c4e8943c79cd65dc9e340f1b40569bd5b819bab3df0125d93
2629aa779bac71d259e2fea522920dfe36e5973cc98151ce8eaecf58234a7f37
d13387b0ad8031d4254766ccd303bd45538c746e4ac5d73f2f00648b4f3707da
b214b0d42e5fc10d8971e492e2713bcf319affdbb4067aa87307c8ef922c8f3a
b0d6f8fac8b23f1f3e38bc6529a020967a919f631540b870c8c452f1c561e437
c4506414f33f164144d25255f94a325c75859cd2a74d694534bbd5f6a1a5ce29
d923f4f11da04686d55cc8e80e6fd1113ef2adf6b734c504b4a1c5fcb4c44c64
ffd4202691ac073cda2ccd827a2a0389a444d4eeebea00f6f435ea67ad5d6c22
9284548d5cda4b050bbc7bdb102c30021c2d2dcab86434875e9838330e329616
cfb77622e6f3ee23803641c02c74072bae9832c3e358c1a5fb308ac3adbe4493
3a5c99e85aa6a440b7f56b34d68137b05e140a61fbde5c60e60f20a6dc23c777
24a0f142f9093847c17ca5f04545eccb713dfa563a95e099d8b7b03fa47b5140
094763d1c5f57d66e1da4bbdcf9cb6307e61f720edb967675a7a5cc8f86cfd53
http://www.venusindexsystems.com/9zCkyw/
http://www.qbicsinteriors.com/nWnBsMI/
http://www.goodsong.ru/SrKs3/
http://www.kengolflessons.com/SqLt/
http://www.firstchicago.net/BIW6l/
Creation Time 2018-12-14 17:17:00 (ENG - Navy Blue)
SHA256:
0dded430c1958ae0ec60c2d50ab99f562269ad1ee09db17606661bd55cd29c66
0a9cff4501537c619624c0f13a02183aae6f077e3bd44d57bc5aedce3a39be6b
ef0dc3edb8340cf0103706830ca902c714f5bde45feece5e148b137a8c15820e
d0b670c53d9dd3846aba8d5883154ac6f13bcec166df3b87cfd44ca4fc8d8625
41d9e3bb2d0e6a22f6ae4fd7860244c0bcb8dc1ef67542d7f274fa60e252f37c
27333d8e3079c0211f765f78831e2413ce50351248dfce2a3a8521b243f732db
2ff34ee487aa8eab2df5be9b69e263a5a24c90c938f72d5df7232a6fb2fb350a
53aa433c946e58d0c08d093eaa2e73f4e08991884f3a972e714af18a944eb53f
a54d77aedf5aa3109420fd4415b22d7f82d293206d431dfa1740e25ae3491191
fbff12abf849f5e8cdd69ad3138ae675bcca493682552f16f45b34daed6c991f
a3ef97226ebed6342459c69d562f48dd6619aaaac9989709a8ddb533dbab52f0
1feb9716b60057598e90a4d94fd8156d2b113f2ec7b4972fa65d90e79bd856b3
4ee3e7905a8bdd8f6b53844f1a758b41e8db40009e04f1cd53418558ad9806f4
592ce7de71bfe682b196a02bd1a8cd0880053e15a13ae5bfa7a7c2ee01be4474
592247ff870494ffe2132d96dc4adb5a0e927d5acf9a8ca55dbd260395b70d58
24e15f79c89f7faba99ddeaad817ef9b3deeff1782d43d1d2403d22d4f57d6de
83cb7bba95779dd6443ae9c7b928b9d45c9cc56e1a7dc6d6846fd1379094d893
e802c5e017bfc84ef734efc2018e722c84e5f66b0609d10a008004c6f6e6c1e4
706118edfcaa1099b1945b06baffb1915f771ba86642a0cd034f2f3fb651439a
2fd64d6d32147411b247ed7f83fe69d4555b581786cc331ade0b524990da4d7a
343c819c4c9cd13c3d1a77a283bf63a3a0e28115ed492ca92d04a4913e50dca1
3856a96d47931329b841ccdcad6d7e118312e68adf6edabf60e39b854d6de444
fa1e81d1bb21436b719260eb8835a0975a46ad9bfadac62a479fc77ee2fa5129
59351b32d196cb654b9bc18c62b82b1f2cf1ca50cf9b2e984756d39c130b0fda
2db88fabf202ffed26480f5acbdfb8016f8a2a22ca8c03b9e4eef5dea974131d
8f6da43bf30db559d097619f49fcab78954b55778126709191ee9b5720eb1b27
997072d1d9cfdf1d0ba91d334d67ed25b8e3c58605ceb32d74cd670f98b6e6d4
d9df70d18ace618d9ed5f4be2e0c39c572e284e3dbdb8d5a663474904d89c98f
be849032d67a24eda952c62593d2c6d991500c0a8e628fd189fa9ca51a221cdb
http://www.serefozata.com/axf/
http://www.livingbranchanimalsciences.com/zVMQFL/
http://www.donghodaian.com/jiPViP/
http://sprayzee.com/iiWYe6z/
http://yasarkemalplatformu.org/s/
SHA256s for Epoch 2 Payload EXEs seen on 12/14-17/18
b8f1f36e565da2b13fb129d414355fbf5dfb0253a7b74e3759c649d8c93b5250
c9efde9117ef652f7091b448b1667aea97704cd1818eaacffa97a0e1c6702897
79fcd9c18067d6399deb8b515e28937ea7b8448036edf6d1d86e2e0f18d8ff4a
0e5731849a5274705251a772b9cfc527d4646e5af1d0d8a9c0dc536d3a60ef73
7c3209a18acada1e305387ca1cd5ffc3e1e7c97d053d4b61b64184cd5c9397df
516120ef9bf8392fd70722248c2dec103ce8694204636c2b8f1e309f1c13dfa8
fc62d76945faed86fc11454c8ae1ecc3e8cbb449b8466c7f5aaa9bf45af9730c
1ed5d00c5e54701fc4dee6986da86868454d9aabfcf70fad8d25ec7b2a871734
4b53a0d0169ca83796203f1bdbfa59d1d88f09333cac8d768f912765c1e03708
edddc5fe467a5fcb708d7abc3400779dfda7e4a69190eaaed9068348358d853b
1469d097b9fd57059c35a7c4c4563150d4a547cdb14b3fa8ea84f1baf5023818
19d03ba95535efacb0208945c2bc67037d7f44caa236469adfb61815d18c8564
a79d0eafcd458afd200ab9769461270c669cfb52af0f8a86f005f42bd16507e1
cca007bc5c562569692218b3534b6a96e9ff77904dae6c2bad4f5a538b77a1b5
52202bba22c972dd55f6fcc0bde536d2060c80c1a11b42dcbf149d230f7851f9
48408659ec30137fde7cde0ea1fe95133bdb85c51ada8a30db9c8c4b9cf14290
e069bfed1932b93f46f3fe5342141040d052a092a74adb14601df63b49b0564c
00d1dadcb5a456fa5cca6e1ab75968109db547d05c335c78d0a8424c1dfdd8c2
c2ca358f3b5979e3520f2735d2bf4f0bfbe2155591cf5240421296b01dab3a02
24c97bb069dd53a7a210269122647ef9f1d3422de75918eddc102a8c9c34a4eb
4251155ecb76b483a36302541e7fb74cc066aa9daa72274cf00f3ae59b638f3e
cc77760e06833f8dd28232e6250d5db9c0307fd22d97725952088d8221ff33b5
70202727a89c0f8058cd64c07bf347006d85a4c5cd0e494f66bee78b30272536
6ba9663a7aab3362608ff90747883a13cf3589415c1a309e837881c86d4f79d3
a89f9dee1b8be51d7d666e913752f9f3000a851102b5bee9b3c856e49589c98e
c8d2423c54e3012b42fa60cd55c2edc465eb3ab88bb31bf76c7ffbc57713637b
d45cce704e0a90bf99f7ad59f0ef59a5e193631011c70e751e25fe90899f6887
55a33efa809faf55a2f5972cf1318fa8b701ad939baebd05c5f00e4f5f2742d8
b7dd63081fc1be89cb8f70f944155945506e7051db789daab098d060b76f910a
1ca1dd616026d66bac9a8ae62813663f36cad2a7b8908f7a0ede3279c9dcd628
5a528705787357c24ed16b74dfc56f1aa917539e8b7c57cde5a29a8766c84fa7
df93c2e0781aea121c27ef41dd28c26212403d9a5ce69b6f0527c916666aa162
74eb1fb74684055b9dc910d3bfcf26c72957f0c30ac8d57c42e9a27f9c495d38
5f35e901c8ea0c2cac011eb1b8b76f90785e40af8feabd88d8e4287638610e46
7c3f9ab3bad94782779ca841542af0801cf6fdcf0f466f148c7abeb37086353c
Epoch 1 C2s
(Port is 80 unless noted)
103.9.226.57:443
109.104.79.48:8080
115.160.160.134
130.241.16.154
133.242.208.183:8080
138.68.139.199:443
144.76.117.247:8080
159.65.76.245:443
165.227.213.173:8080
179.60.24.164:50000
181.168.130.219:8090
181.197.253.133:8080
185.86.148.222:8080
187.137.178.62:443
187.140.90.91:8080
190.13.222.120:8080
190.147.19.32:443
190.73.133.66:8080
192.155.90.90:7080
198.199.185.25:443
198.61.196.18:8080
201.190.150.60:443
210.2.86.72:8080
213.120.119.231:8443
219.94.254.93:8080
23.254.203.51:8080
49.212.135.76:443
5.9.128.163:8080
60.48.92.229
69.198.17.20:8080
70.28.2.171:8080
70.55.69.202:7080
78.189.21.131
81.150.17.158:50000
81.150.17.158:8443
86.43.100.19:443
92.48.118.27:8080
Spam/Stealer C2s
pending
Epoch 2 C2s
(Port is 80 unless noted)
115.71.233.127:443
178.254.31.162:8080
181.211.102.138:465
181.48.61.138:20
181.60.244.166:8080
185.20.104.238:8080
186.114.143.12:990
186.170.25.122:20
186.33.185.229:8080
186.85.86.220:8080
186.87.134.176
190.100.239.58
190.104.213.38:443
190.11.22.92:443
190.142.80.8:53
190.146.0.108:995
190.202.173.244:465
190.219.129.131
198.74.58.47:443
201.211.77.71
201.220.68.11:7080
211.115.111.19:443
217.13.106.160:7080
217.173.64.242:443
45.123.3.54:443
5.230.147.179:8080
5.35.242.34:7080
67.205.149.117:443
69.198.17.7:8080
83.169.36.58:8080
83.222.124.62:8080
84.200.106.120:8080
87.103.114.98
91.236.245.65:8080
95.141.175.240:443
98.142.208.27:443
Epoch 2 - Spam/Stealer C2s
Pending
Credits and Notes Section
Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen
NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.
UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!
What is Epoch 1 and Epoch 2?
Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
as far as I have seen.
Community Lists
https://pastebin.com/j4s6CpEr - @James_inthe_box
Credits
(OC from @JRoosen and/or combination work of the following)
Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42
C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @Techhelplistcom, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop, @gorimpthon,
@Racco42
Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic,
@Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42
Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop
Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!
Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!
Daily Log
Today was a rather heavy day for E1 and E2. I received nearly 500 malspams in total. I have a feeling Tuesday is going to be even worse.
As predicted, the silly URL scheme was kept on both epochs but E1 was only doing the URL scheme that @ps66uk identified of
[a-zA-Z]{4,5}-[a-zA-Z\d]{14,15}_[a-zA-Z]{8,9}-[a-zA-Z\d]{2,3}
E2 seemed to follow a slightly different pattern with inserting a directory with ATT or AT_T or AT_T_Account or ATTBusiness or ATT_WHATEVER into the URL.
I did not see much in the way of German malspam but @devnullnoop saw some Spanish Christmas themes E1. Here are some of his notes:
Spanish christmas subjects
/dev/null ‹‹ 0x90
Feliz navidad tarjeta navideña de <NAME>
Tarjeta de felicitación de navidad de <NAME>
Tarjeta de navidad de <NAME>
/dev/null ‹‹ 0x90
12h 12 hours ago
All christmas themed doc names i have
Christmas Card.doc
Christmas Congratulation Card.doc
Christmas Greeting Card.doc
Christmas eCard.doc
Christmas ecard.doc
Christmas greeting card.doc
Christmas wishes.doc
Christmas-Card.doc
Christmas-Congratulation.doc
Christmas-Greeting-Card.doc
Christmas-eCard.doc
Christmas-ecard.doc
Christmas-greeting-card.doc
Christmas-wishes.doc
ChristmasCard.doc
ChristmaseCard.doc
Greeting Card Christmas.doc
and in spanish
/dev/null ‹‹ 0x90
Felicidades por navidad.doc
Feliz navidad tarjeta navide?a.doc
Tarjeta de felicitaci?n de navidad.doc
Tarjeta de navidad.doc
E1 seemed to be primarily Amazon based malspam with some of the Christmas Cards(noted by @ps66uk/@James_inthe_box) mixed in with some
Spanish Holiday cards as previously mentioned.
https://twitter.com/ps66uk/status/1074700389470101510
https://twitter.com/James_inthe_box/status/1074737252721250310
The Amazon malspam was reasonably convincing and I will Tweet a picture of it with this release.
E2 seemed to be primarily AT&T billing malspam with some banking Invoices/Debt/ACH from Chase/Citibank/Bank of America mixed in and
a few UPS Delivery malspams too.
Till Tomorrow for more FU-N from Emotet!
Sandbox 12/17/18
(all with fakenet and MITM unless spam/secondary infection)
Epoch 1 C2 run at 23:59 https://app.any.run/tasks/0fb1606c-91e8-410a-92a4-98300b55a2d2
Epoch 2 C2 run at 00:20 https://app.any.run/tasks/56295fdd-dd34-4466-860d-16b5c6d2a125