Daily Emotet IoCs and Notes for 01/14/19

http://beardelect.com/Documents/2019-01/
http://carbontech.biz/Transactions/2019-01/
http://chepa.nl/Transactions/2019-01/
http://cqibt.com/Clients_information/2019-01/
http://cvetolenta.ru/Transaction_details/012019/
http://deathbat-jp.com/Clients/012019/
http://dianaverbeek.com/Details/012019/
http://domaingiarenhat.com/Information/01_19/
http://donggiaytheoyeucau.com/Information/01_19/
http://dsltech.co.uk/Transactions/012019/
http://dumc.lt/Payment_details/01_19/
http://emmanuelboos.info/Documents/01_19/
http://es.lv/Documents/012019/
http://europel.org/Clients/012019/
http://hederefloareasoarelui.com/Documents/01_19/
http://imunnologiya.ru/Clients_information/012019/
http://incarcatoarefrontale.com/Details/012019/
http://jourssa.ru/Attachments/012019/
http://landschaftsservice-seibold.de/Transactions/01_19/
http://lanhodiepuytin.com/Information/2019-01/
http://lasikeskuskainuu.fi/Clients_information/01_19/
http://maslianit.ru/Messages/012019/
http://masswheyshop.com/Documents/01_19/
http://ppzip.ru/Attachments/2019-01/
http://prakashdiwan.in/Clients_Messages/01_19/
http://pro-ind.ru/assets/Transaction_details/01_19/
http://prom-engineering.com/Clients_information/01_19/
http://rahkarinoo.com/Clients_Messages/012019/
http://reklamasvet.ru/Messages/01_19/
http://silvies.com/Information/01_19/
http://sp-interior.ru/Clients/012019/
http://step-up-web.ru/Transactions/01_19/
http://terstotem.com/31c03/sotpie/Transactions/01_19/
http://thedopplershift.co.uk/Payment_details/01_19/
http://thequeencooks.com/Transaction_details/2019-01/
http://thinkcircle.com/Information/012019/
http://toddlerpops.com/Transactions/01_19/
http://ugra-aquatics.ru/Transaction_details/012019/
http://wangzhankong.com/Transactions/012019/
http://www.beardelect.com/Documents/2019-01/
http://www.bst-mebel.ru/Clients_information/2019-01/
http://www.carbontech.biz/Transactions/2019-01/
http://www.chepa.nl/Transactions/2019-01/
http://www.cqibt.com/Clients_information/2019-01/
http://www.cvetolenta.ru/Transaction_details/012019/
http://www.dsltech.co.uk/Transactions/012019/
http://www.dumc.lt/Payment_details/01_19/
http://www.dveri-imperial.ru/Documents/01_19/
http://www.emmanuelboos.info/Documents/01_19/
http://www.es.lv/Documents/012019/
http://www.faskas.com/Payment_details/01_19/
http://www.gerasimiordan.com/cgi-bin/Messages/012019/
http://www.gessb.com/Attachments/012019/
http://www.iain-padangsidimpuan.ac.id/Payment_details/2019-01/
http://www.imunnologiya.ru/Clients_information/012019/
http://www.jourssa.ru/Attachments/012019/
http://www.ksk-shkola.ru/Details/012019/
http://www.landschaftsservice-seibold.de/Transactions/01_19/
http://www.lasikeskuskainuu.fi/Clients_information/01_19/
http://www.maslianit.ru/Messages/012019/
http://www.master-01.ru/Transaction_details/012019/
http://www.musthavecats.com/Clients/012019/
http://www.officeslave.ru/Details/012019/
http://www.palosycuerdas.com/Transactions/2019-01/
http://www.ppzip.ru/Attachments/2019-01/
http://www.prakashdiwan.in/Clients_Messages/01_19/
http://www.pro-ind.ru/assets/Transaction_details/01_19/
http://www.prom-engineering.com/Clients_information/01_19/
http://www.radiomusics.com/_tmp/Transactions/012019/
http://www.reklamasvet.ru/Messages/01_19/
http://www.silvies.com/Information/01_19/
http://www.sp-interior.ru/Clients/012019/
http://www.step-up-web.ru/Transactions/01_19/
http://www.sv-piterstroy.ru/Messages/012019/
http://www.thequeencooks.com/Transaction_details/2019-01/
http://www.thinkcircle.com/Information/012019/
http://www.toddlerpops.com/Transactions/01_19/
http://www.xn----7sbabof2ac4chjkhgcg5e1i.xn--p1ai/Documents/01_19/
http://www.x-tel.com/Clients_transactions/2019-01/
http://www.z-prava.ru/Transaction_details/2019-01/
http://xn----7sbabof2ac4chjkhgcg5e1i.xn--p1ai/Documents/01_19/
https://url.emailprotection.link/?aU8L17KIg4R_bPu2ckIjag4eSemQMzF4mDnfj1xnpoKcl30Qr9eaHMzXs-9ezyoPnhA4Rnqbh0Dql_5m5MNVkYg~~/

http://247csc.com/de_DE/CGMXVYPYY6124460/Rechnung/RECH/
http://affinity7.com/DE_de/TUXLGBT7617156/gescanntes-Dokument/Hilfestellung/
http://amerigau.com/wp-content/uploads/Januar2019/RDTHKY2810094/DE_de/RECH/
http://antigua.aguilarnoticias.com/DE/PCKSOOCQFO7277909/Rechnung/Rechnungszahlung/
http://apexsme.com/Januar2019/CABGNF2298883/Bestellungen/DOC-Dokument/
http://askhenry.co.uk/blog/upload/fvXS-7iSveW2h7WpT4p_IXPUmtGN-JxC/
http://atelier-serrurier.com/DE/IHVCBMLX5828165/Scan/Rechnungszahlung/
http://atomicbettys.com/uknQp-MJDvw_th-mAk/INVOICE/En_us/Outstanding-Invoices/
http://auto-buro.com/OvVJg-o6_RnPlacIbT-D4/Ref/319275518US_us/Outstanding-Invoices/
http://barbudabier.com/ijJip-0G9j_TwEgpcjg-kU/INVOICE/US_us/Inv-327813-PO-7J433604/
http://bfchristmascommittee.com/De_de/FHWRQMSITS5965939/DE/Rechnungsanschrift/
http://black-belt-boss.com/sbDcZ-DgsnV_BGgJBZe-Bq/Ref/437251501US_us/Important-Please-Read/
http://cbc-platform.org/wp-admin/DE_de/JKSATVDPG5935051/Rechnungs-docs/DOC-Dokument/
http://centroquebracho.org/DE/NNMSHDWGOY8827610/Scan/Fakturierung/
http://chocotrans.com/wp-content/plugins/really-simple-ssl/testssl/serverport443/JgvFn-9h_Eyyp-qdx/INVOICE/3444/OVERPAYMENT/EN_e/
http://csrcampaign.com/ZYzfq-qZ3_SlgKaU-uj3/En_us/Question/
http://cultivatoare.com/WWke-6pco0_yQfXrEca-wRD/Invoice/106665194/En_us/Inv-703420-PO-6T490284/
http://dev.umasterov.org/De/ALDPTIWZ0162577/Rechnungs/Zahlung/
http://diffenfabrics.com/SFuhk-J4Z3l_Io-SV/PaymentStatus/En/Past-Due-Invoice/
http://djeffares.com/Januar2019/TIEOBPUVLE8758156/Scan/RECH/
http://drapart.org/hMDfj-LLpLTa5HSTdT0ao_GNyuGUWJk-xx6/
http://drcarrico.com.br/De_de/TBKYRLOL5427013/Rechnungs-Details/RECH/
http://eatcryptolove.com/DE_de/STZYZX7528958/Rechnung/Zahlungserinnerung/
http://elcodrilling.com/VkRgA-jbtC_KMiKgDHZ-xO/Invoice/1376138/EN_en/Invoices-Overdue/
http://erolciftci.com/DE/ODEUBWY5883962/Rechnungs-docs/FORM/
http://estebanithu.com/De/CRJFRQRLTP4348383/gescanntes-Dokument/Rechnungszahlung/
http://etarih.com/KVyi-U2y_oKCQKe-oI/PaymentStatus/US/Invoices-attached/
http://etihadinnovation.com/noLlp-FfjZn_T-8Is/QV14/invoicing/US_us/Outstanding-Invoices/
http://etihadinnovationkit.com/Januar2019/OPPZMDQ7295655/Bestellungen/RECHNUNG/
http://eupowersports.com/erwQa-hcpsl_B-9RQ/INV/204049FORPO/9007870675/EN_en/Paid-Invoice/
http://evoqueart.com/De_de/ZCWRRRD4296457/DE_de/Zahlungserinnerung/
http://firlesusa.com/ELUM-mc_AIjmYZ-lG/InvoiceCodeChanges/US_us/New-order/
http://fitnessupbeat.com/dxaaK-eeYl_yveCEawPw-vMi/PaymentStatus/En_us/Paid-Invoice-Credit-Card-Receipt/
http://forex4pips.com/wp-content/de_DE/TFFLTZGK8940558/DE_de/Rechnungszahlung/
http://geolocstar.com/ZVELCXV2067893/Rechnungs-docs/Rechnungszahlung/
http://gullizaralagoz.com/VAYUZDWP3297930/Rechnungskorrektur/DOC-Dokument/
http://hadimkoykirtasiye.com/fpHH-tqjH_CFESp-2kp/InvoiceCodeChanges/En_us/Invoices-attached/
http://hashkorea.com/opQKO-AJ_wuTK-hD/InvoiceCodeChanges/En/Invoices-attached/
http://hawthorneinstituteofmartialarts.com/PUKA-FxJbK_lpoqcq-Ns/COMET/SIGNS/PAYMENT/NOTIFICATION/01/14/2019/EN_en/ACH-form/
http://hostinggiarenhat.com/rzcZ-L2N_qgahpTzf-UX5/Southwire/XQQ7134989214/En/Past-Due-Invoice/
http://intraelectronics.com/AeZS-eqK5_ftwYfjqR-VD/COMET/SIGNS/PAYMENT/NOTIFICATION/01/14/2019/US/Service-Invoice/
http://iw.com.br/qkWyI-Rx_GzQ-9jS/Inv/8383206837/US/Invoice-99515667/
http://jongewolf.nl/Januar2019/COUIEJPW2489807/Scan/Zahlung/
http://kiber-soft.net/FDDYT-jK_iPcQ-5dm/Ref/67158889En/Scan/
http://kingsridgemedia.com/BNdd-lWNvrHBD9hiyI7_kboJrueQ-Vt/
http://komsima.org/wp-content/DE/QJXPSRDBND8542414/Rechnungs-Details/FORM/
http://kondombutikken.com/eUNH-Qiv_z-ntp/COMET/SIGNS/PAYMENT/NOTIFICATION/01/15/2019/US/Invoice-Corrections-for-87/45/
http://ladanivabelgium.be/De/GGXIFEF7936220/Bestellungen/DOC-Dokument/
http://ladies-videochat.com/De/HPAMQNMRWP2661939/Rechnungs-Details/Zahlungserinnerung/
http://lakewoods.net/UlgED-reA3GPGJbsEJpl_anLMvsZyb-WE/
http://lcdcorgdy.cf/BqzDJ-AvDNL0tIqquUUNX_hHkHHUuS-I79/
http://leodruker.com/De_de/KWXDBIKAE6729036/DE/Rechnungszahlung/
http://leonardokubrick.com/PNGNSNUZT2205433/Rechnungs-docs/Rechnungszahlung/
http://leptokurtosis.com/DE/YIZWLHJRV4713076/Rechnung/Zahlung/
http://linkingphase.com/xLzlQ-qiaEy_qKimkI-aoc/INV/9260181FORPO/2378484552/En_us/Sales-Invoice/
http://maracuja.ru/lsnB-iD7n_Y-HHd/En/Past-Due-Invoices/
http://marsandbarzini.com/qIUR-D3Q_QlgVSLo-h2/Ref/7302068504EN_en/Invoice-Number-184260/
http://matadorlovol.com/lfdE-bO_brnzYW-ws/RA687/invoicing/En_us/Past-Due-Invoices/
http://medicallycleared.com/vhFC-VDu3T_AzQCoUih-Jt/INVOICE/US/New-order/
http://melkabzar.com/TSQSRBEV2549295/GER/FORM/
http://mervenurkaya.com/EZDPQBME2910489/Rechnungskorrektur/Zahlungserinnerung/
http://miketec.com.hk/de_DE/TFXPBUA0548303/Rechnungs-Details/Rechnungszahlung/
http://mkbayhan.com/Januar2019/DXRMZUP2762371/Rechnungskorrektur/DOC/
http://mmatalkshow.com/PhnWD-gpZ_s-mQ/COMET/SIGNS/PAYMENT/NOTIFICATION/01/14/2019/US_us/Invoices-Overdue/
http://moefelt.dk/wMxi-toAPOlcz5mmryw7_RlcRHnJyu-R0/
http://mufakkir.com/jWBD-ApUoA_yoi-RH/275192/SurveyQuestionsUS_us/Invoice-36845701-January/
http://mywebnerd.com/de_DE/PXSLQELA4861845/Rechnungs-docs/DOC/
http://newcanadianmedia.ca/templates/beez_20/YZUmV-w88oembtbhdcsu_NRNGArHY-Fl/
http://nisasakinc.com/de_DE/HBDIGJMXT5686058/Dokumente/DOC-Dokument/
http://noplu.de/plesk-stat/De_de/UVAKHZDVS0295125/DE/FORM/
http://nuagelab.com/YviK-B0_OHjAguy-8W/PaymentStatus/EN_en/Open-Past-Due-Orders/
http://odina-logistic.com/De/EIIWBHN9119478/de/RECH/
http://offertak.com/De_de/MDLLHNREM4869730/GER/Zahlung/
http://optima.easiere.com/DE_de/FQNITIXHYN9153897/gescanntes-Dokument/DETAILS/
http://penfocus.com/Januar2019/OCDBARCWXS2263672/Rech/RECHNUNG/
http://pixeyestudio.com/De_de/PZCYZHDETQ1648451/DE/Zahlungserinnerung/
http://polytechunitedstates.com/De_de/VMSMAJLS5358319/gescanntes-Dokument/Fakturierung/
http://pos.rumen8.com/wp-content/cache/fJdDO-gPUyuHR3SrsKED_SpjTmXaqe-Bls/
http://ppengenharia.com.br/WNaIC-DLd2YkhMYHql50v_qNAZxoME-gh/
http://pusong.id/DE/DPEHYNZA3981886/Rechnungs-Details/Fakturierung/
http://rashil.com/de_DE/YMDQJBNVB6027729/Bestellungen/DETAILS/
http://rccgregion15juniorchurch.org/de_DE/ALSVBSF3947732/GER/RECHNUNG/
http://realistickeportrety.sk/De_de/LJOYHQTS3501602/Rechnung/DOC/
http://refineryproductions.com/aJqX-HgD5DzF30jLlZK_UMlXHcsA-Qea/
http://regenerationcongo.com/De/NFURUG5423625/Rech/FORM/
http://reparaties-ipad.nl/PJmI-oEdsDWe5yNF8fa7_qbcGesGSO-BWj/
http://robbedinbarcelona.com/bHWh-nceNk_A-HQa/Inv/29518631470/US_us/Overdue-payment/
http://scarificatoare.com/agYab-T1S_UH-bnR/Invoice/625767864/US_us/Invoice-5864005-January/
http://sci3e.com/de_DE/WOQYRBDR5653474/gescanntes-Dokument/DETAILS/
http://semanatoripaioase.com/mZWv-m7_dAqZ-0i/INV/9547398FORPO/2790161432/En_us/Invoice-for-m/a-01/15/2019/
http://sevensites.es/YuuQ-bhLv2OSWXUc9Sl_urcTiang-ixB/
http://sosh47.citycheb.ru/Januar2019/RUADGSHZP1644912/Dokumente/Fakturierung/
http://steelbuildingsplus.com/CRDZSR2023090/Rechnungs-docs/Zahlungserinnerung/
http://stoutarc.com/DMUHGXKWZ8963686/Rech/DETAILS/
http://symbisystems.com/DE/RNEITWJ3387844/Rechnungs-Details/FORM/
http://tajiner.com/jwaQA-IX_mpPY-n2/PaymentStatus/En_us/Invoices-attached/
http://tenmiengiarenhat.com/zuJe-uKuh_kfcPsgQ-OU/ACH/PaymentInfo/US_us/Invoice-receipt/
http://thebitcoinengine.com/de_DE/UCKRFNUFSR4761723/Rechnung/DOC/
http://thelittleknows.com/Januar2019/GIICLLMQ0570834/Rechnung/Hilfestellung/
http://therxreview.com/MHDT-ctWB8useQaLBgY_Jujiputr-5D5/
http://tradeindealer.com/De/GGWZVNDBBW8293587/DE_de/Rechnungsanschrift/
http://trakyatarhana.com.tr/De_de/NNLHOLTLJP2165818/GER/Zahlung/
http://treasure-wall.com/Januar2019/BIZRUQVZO9225456/Rechnungs-Details/Rechnungszahlung/
http://vivianagomezleites.com/MECWFXCPOQ8002294/Rechnungskorrektur/DETAILS/
http://wangzhankong.com/LHWuA-26_uSD-wK/ACH/PaymentInfo/US/Paid-Invoices/
http://web.pa-cirebon.go.id/mBAh-LmFuJXk2QFZdFSb_DGboxvqg-JMq/
http://webfeatinternet.com/BnfuH-wV0cB8AlxakhApQ_TVksjKfmx-FZ/
http://worshipwarriorsmovement.com/LflY-B3_uhU-XE0/Invoice/318011809/US_us/Scan/
http://www.abmtrust.org/wyCV-G1kf6_pObLTZ-n6V/US/507-40-808833-674-507-40-808833-003/
http://www.aframebarnhill.com/Gbpj-A68ZO_YPQ-Rb/Inv/48255833054/EN_en/Invoices-Overdue/
http://www.array.com.ua/FRoNw-kdNa_IxRxGQo-ywP/ACH/PaymentAdvice/US/Overdue-payment/
http://www.arscoco.com/NUVRLTVDC1200787/Bestellungen/DOC-Dokument/
http://www.avtotest-taxi.ru/jwVb-CjdWn_pxlEC-Ku/Inv/453102149/US/Companies-Invoice-74122684/
http://www.bauburo.ru/uKtbg-qjP_nEtjfC-BGk/En/Service-Report-90017/
http://www.cncoutfitting.com/wANhk-UwK_lxpDR-N6/INVOICE/EN_en/Companies-Invoice-89656224/
http://www.commercewisely.com/ahQdn-ckUI_xJg-90/COMET/SIGNS/PAYMENT/NOTIFICATION/01/14/2019/En/Invoices-Overdue/
http://www.digivoter.com/UUSS-IG_yiJ-DNc/US_us/Paid-Invoice-Credit-Card-Receipt/
http://www.elcodrilling.com/Januar2019/WAMQGNZBD4812521/DE/Hilfestellung/
http://www.fitnessupbeat.com/dxaaK-eeYl_yveCEawPw-vMi/PaymentStatus/En_us/Paid-Invoice-Credit-Card-Receipt/
http://www.fortifi.com/Januar2019/SPEOHSBTVO1776945/Dokumente/Fakturierung/
http://www.ghmhotels.com/PiJvz-AWvO_rIPiWDDvb-9k/PaymentStatus/En_us/Outstanding-Invoices/
http://www.intraelectronics.com/AeZS-eqK5_ftwYfjqR-VD/COMET/SIGNS/PAYMENT/NOTIFICATION/01/14/2019/US/Service-Invoice/
http://www.itfortas.lt/xHIc-fz_hRRkDzT-3T/EXT/PaymentStatus/US_us/Past-Due-Invoices/
http://www.jardinsdakazoul.fr/UFcy-X0vZ_TGtnoTU-FS/invoices/2370/2807/EN_en/Invoice/
http://www.kiber-soft.net/FDDYT-jK_iPcQ-5dm/Ref/67158889En/Scan/
http://www.kuhniviva.ru/SDVn-8B_M-Mjo/282349/SurveyQuestionsEN_en/Service-Invoice/
http://www.leg4.ru/sRQAC-4Nj_Jzr-6N/ACH/PaymentInfo/EN_en/New-order/
http://www.lexfort.ru/EWPv-CU_FEhPTR-oWz/INV/33097FORPO/197151984090/US_us/Past-Due-Invoices/
http://www.maracuja.ru/lsnB-iD7n_Y-HHd/En/Past-Due-Invoices/
http://www.matadorlovol.com/lfdE-bO_brnzYW-ws/RA687/invoicing/En_us/Past-Due-Invoices/
http://www.mufakkir.com/jWBD-ApUoA_yoi-RH/275192/SurveyQuestionsUS_us/Invoice-36845701-January/
http://www.muzikgunlugu.com/LMSAFY6927761/Rechnungs-Details/RECHNUNG/
http://www.ng-tech.ru/xVhG-gt7a_LB-E8/Invoice/619377086/US/Question/
http://www.niman.ru/earD-Ncxsu_AzUmQINO-nSN/ACH/PaymentAdvice/En/Past-Due-Invoices/
http://www.odesagroup.com/de_DE/KQSYUV9675540/Rechnungs/FORM/
http://www.renchen.org/DangerouseDragonsAndNinjasLiveHere/1.doc/
http://www.reparaties-ipad.nl/PJmI-oEdsDWe5yNF8fa7_qbcGesGSO-BWj/
http://www.r-graver.ru/ZJFC-yu_hPMxz-p1F/EN_en/ACH-form/
http://www.rome-apartments-it.com/JFyM-8G_q-Rg/PaymentStatus/US/Open-Past-Due-Orders/
http://www.rossiodontologia.com.br/fJaR-zFFpoSItWDqtueL_DUQUyDEv-sF1/
http://www.sportschuetzen-havixbeck.de/Januar2019/UKPNKGSXOO7365453/Rechnungs-Details/Zahlung/
http://www.standart-uk.ru/rRNb-SmEXz_c-b0F/40041/SurveyQuestionsUS_us/Scan/
http://www.topsource-usa.com/Gmvve-2qQ_eveG-K7/Inv/6724760599/EN_en/Invoice-1239077/
http://www.torfsgebroeders.eu/jxvcW-5j7_FfHbDoyE-Zb/INVOICE/En/Document-needed/
http://www.trakyatarhana.com.tr/De_de/NNLHOLTLJP2165818/GER/Zahlung/
http://www.transformemos.com/JqyA-lwffq_sgaMmrULP-4j/invoices/60284/3360/US/New-order/
http://www.tubeprocesstech.com/CJVQ-gcDf_QIOsbWEA-R2/Southwire/EDS4575723326/EN_en/Invoices-Overdue/
http://www.ul-print.ru/LdKu-0J8Av_fDnDtF-rF/Southwire/OZV3903792992/En_us/Outstanding-Invoices/
http://www.wangzhankong.com/LHWuA-26_uSD-wK/ACH/PaymentInfo/US/Paid-Invoices/
http://www.winecorkartist.com/prWoa-WG4_rGjE-k5u/InvoiceCodeChanges/En_us/Invoice/
http://www.xn--ordetrfritt-p8a.com/sYOiP-vdmu_BRAu-au/COMET/SIGNS/PAYMENT/NOTIFICATION/01/14/2019/US_us/Overdue-payment/
http://xn--80aedtzecqnd.xn--p1ai/de_DE/QIMLZKZHM1355362/Rechnungs-Details/DETAILS/
http://yandexalfa.ru/de_DE/PTKQHV3499361/Rechnung/FORM/
http://zentera93.de/QpYt-oOUNAPoyGvAv3M_bqIIVlhN-xTC/
https://itp25.com/De_de/SNUFJFIRK4282360/Scan/RECH/

Creation Time	2019-01-14 22:59:00		(ENG - Light Blue White)
SHA256:
3356b99748cd869b64a8be09de12dc8af1f417acd040e6ca4d80344ad58eb62c
38e53d78bb20c1475bb99e81348df948a7a2a7c54e553f7a07297e53de59ea15
33bc3b2d5e4464eb9a12fcbdd7a4dc0a6e7c02f3e2149325f473e1d59c019022
b5d324893085f52a6b7d750b41d3039462d0e66e2e07f36d7aa07ab53f694790
28cf4ee192bfbf24ef0bc9a8eff889501ddaf08031c4c369035ddeec949e2879
ce9398e95ba8d9f99bfbab5e1a817b44462c49beb863a991123a7b6bfae65630
388fe279f421985cb9e147aaf8231a98c832874952c396a13df08894c3a9714d
8c2bd29b1fc6bb1e3187ba8cf8329847e419fe62b6ed3f2e054991dcade63dda
aa800f12bc65cd7580d5f75a3b19de5333ccba6b81a4d7df58556c7878a4d82a
13b940875b40ce85284e6bd50ebe307a08e074fabfb5045280270f1a109db37e
581e775919ebf602a88369287a40c6b746ebf0a6e4f631c627091527690ab6c3
c7cb43c0854e5691b41f80496be003f9c1741e2921e5ee039645e220190162a2

http://www.dawsonvillepropertymanagement.com/Q1YYA7U/
http://www.rjsen.com/ZQp4CXn07z/
http://wp2.shopcoach.net/HqNiHSbZcx/
http://motorworldwest.com/CLatMZDCz/
http://www.gerasimiordan.com/XvL4wMk0U/

Creation Time	2019-01-14 17:54:00		(ENG - Light Blue White)
SHA256:
25f53886f074f429f1ce61542251c780d56e10b4e81bdc482619440c95e0c415
c87add10da860aba68280b51ae0d639b8e66087110270cd87c0dcde435a601d1
d12df0f950192e29664454bd50614f7cb2647235746b45ec640ff20dae53f870
4cea979e184be810766bd5aeebb77c49d656ffe078b29151c0e50b5c28d9ac2e
41533bbef29c5e17dc64f3fe7b9858a1c6471383f7803761f28fac63277a47f0
dc8fd580540d103873f23fb8962bfa9f795712fa4703425f46eccc24b1efe765
b35df06371399d568a3a7daa06c7135658797196a0967f311224a2ef09fbef17
0240a440f5d4c21b5131f0cc116a2c90867737a12dc8435c8f875ae067454a5b
830ed06173f798fd52a283fcf5b4e3d17fdb5b0e45ee6b499ad0da5696480966
66d7585956521bb5be7c16e47eb3a0903b3cfebe8e65d048b16b3a82aec7a3a3
b58c19096f3d202aeea7ba4ae6dc53d542a91ed152fa44e14f5f8c6a3c257ea8
e2cedce0e69c319c63c13ae84709e108ca9fb696d47e3ce71c85f4e04dcedca9
5bba79c905e930fe886c5189e84a9337b8ad78b55d5f273101a448fc898d87d2
b7fedfe0b7559bad9b313077c39139edbe268a6bfcdbf185b539afece7a74fd6
42fdaaa439b18055df218d158506c285c8b0de7cd41867219a8fd9ad07ffd04d
501e55a567c909adadb2ec17007d3749587f43865fe1436e0b5cf0abb71bc601
601d84e32b537c2c267d72eac4bdb1e32c027d192241de1d1b36b7c5175f0387
7e212ed3198f8e0e43d96afb80609a33ff08dabd18cc7864cc10307b1658a597
bdc3d4e5b2d8e7b32b58e60c755e6ae488d48b39177371e0f920a58efb269942
ff93015d79559f7f54f8874500355f986f73fb3650f01bac6dbec586812ee0a4
19598bf352a6242b254543adf1ac7cfc4d6649d7acf059d3963ff60e199c7024
6585fba01275234665fe6878138c45cc92160b008f0b2b534f6e85e2a60f13e4
522ad83dc118f666c63b0dbd779eab4d7758ceeb2bf0c77d8ae5cbec4420dcde
e6591f8c66504d8761de0cd48fc8259284c6902775962314502979670b84ba76
cb08a3466854fbc3603eb2b8008c92789b748e75a3596debfe6ce505cbf50450
6559cf2a883682474ec7ff54ec443b688b6be484c31e95bf690dddd461b6d7da
80b58a1c3693373040d28944ca207b2ae7b63df10a9c1b8b12fd2e9be0fc9a47

http://ray-beta.com/1bVzEjoTlj/
http://madhuraarts.com/WWm39mGm/
http://www.fifajournal.com/D1o40Dmemk/
http://lignumpolska.com/lCGQPqXMY/
http://waliwalo.com/urHKt1ds/

Creation Time	2019-01-14 15:22:00		(ENG - Light Blue White)
SHA256:
7097f2d189d44cad014ecff39001f130701a2491c60f795b2f188e26c2a2608b
d0281998eb189132d62dcc9483ffd154dd5dc692f87de1f1579054f7409a8f8e
2618b4d1cfdf9290c1df934b0658fa889cfefe4b7d8b6f6e3a37c0c4bd2ad02a
42c8ab4746076d0158ef33134a22396575d968627a0f295794185254e4aed2e7
a9d77bdaab91b7a2de1afe4ab640de0c6f9208dacdfbbc2acf5a874e9b0560af
96a626bf5d8d049661eda2291d6638385ff1ca5cda2a53a3698b4c6201e8d295
1678cb8666ad83b8802dbe96fcb540d392146107cddcb0cf6d3fabf78abe3baf
4a5e09179389d0c5d1a8d3d13255aff93ec4f64b6aa1aa5c6e8bb6222172f698
44652f7cd182ac871333bb27ef7a807b33f81a437814d09f47840dd2c9486c35

http://liarla.com/RqAjQLJlx/
http://espasat.com/1YbH45y/
http://latuconference.com/wp-content/uploads/vvl9XHG/
http://dirtyactionsports.com/vVgr4dva/
http://demign.com/PGT53cb/

Creation Time	2019-01-14 12:49:00		(ENG - Light Blue White)
SHA256:
4910aa13740d7f8f94b013a2f8f9e3944f40393a1dd45c9bb71a610feb883b83
206212a7fb31756a67618597830122c4ffa6c5c7e6ed191f774898e4dd863d11
45048fb3932f0dc97250f656bd5bc26edc13edc082849d2c3b12ff6bdb3a8b9c
550afcdd98889cac736586ec3b5cc6dc11fd3e4224c3a6f55f48ce002e4870bd
df4792e7180d4d395de99a95628f1da57e3ae96552628b86e61bdf27b57667a7
af9fa8c41a815c2739365364fd86a33bfe0f79b98d9bf566febba9a474930b08
bcd4c35329919de09f918539b9f70ae5b218e1b2006d3e37da36f05187bf3214
01cc9e6b03e2f33e6c0d6c91e2482b3ba34589d5f10eebb05db90c623d90373d
aef0e69d3fdff410c33a7b1c6ef968997de3488c673c4457eebee8c9fb8fde44
c0da71ee44177e043c05060c71b6db286f7d265137ef1f2f8a938fe768f7d8ef

http://advantechnologies.com/4OE4EbH/
http://chat-pal.com/46L3tNj/
http://pariadkomindo.com/2WAA4C5FBz/
http://www.espasat.com/yEd0RmBfMt/
http://modern-autoparts.com/5RsGlKa9z/

Creation Time	2019-01-14 07:02:00		(ENG - Light Blue White)
SHA256:
df3eb43974aa2266b462be0ad3a5b4ec11baee4399d6785bc130533bdc6c6c7f
1a7d9adfcdcbff73067a01cdf93720fbb886ee65798119eda42fb29d3ebe7d6b
322cb3d8d69da1d2329e46446f64f5918ec6400d24cd80980c8eb993448dba62
fc01a00342bb7ac214351d756bc645953350c321524bb06308224f5502995ebc
83d54f405e7b4c9f5c56a178cc285ea11fc91f1887698443953ab632d906e87a
20d1100c2496dea16e657af6049a64c548794eb1892c750f56877deab34d73ce
644ed53abf8a62a8530f7623c03f01fa858ffe370111c489a2747b4784ec2618
cebc291b9cd5d4a6c061d5afca7f5ed8f31ad927d7688ad7d630d1e9d165e982
a00af14d91ab6a3d99f2ec208ebf4c0bae9de71d191cc413f24346f1359bbee9
097111fb7b72ec65bab58400a7708395e6d336fe9e537ab1673a8882e6ce1f8f
4476dc9fc37a3c11cb7089afa3bdaecf92ac76514529befdfa77da86881b653a
60b9fe34688abbcb15cf26d9334c764d2b19be2eb3613698f063c41629016054
b87fd5cc4e1067cec0f83c4e280e9cfff82a69e503efbbc42f04974ddca94e49
15a50a9e70f29825211244d3b6f487ca131f0d0f4e54bd521ac960f994555d52

http://www.pnhcenter.com/8MbrO1aKx/
http://www.beard-companies.com/qYzoAAzm/
http://realitycomputers.nl/P6ftGVj2Tn/
http://agentsdirect.com/0vPcT8H/
http://inspek.com/wh01Z9eenD/

Creation Time	2019-01-13 22:02:00		(ENG - Light Blue White)
SHA256:
42dae246a3b9062b6bc689c26b57721d36ea965debfcbb78ee4b2fc0a2bbda1d
2c1043d486f2782e1260b0c2af3d9245770cc17062ae163074dbd60f1b7b1f68
1cb13e18f812880eff496e66d3eab123720c72198ffbb827529ddd0d95d6e0aa
436449053c2f806292812574f8bcc4f58517f450744c111940c01581728276ef
0bada2c19196b2d21de400dfa2cc8deccf4fb2ff5952450b09d2f99dc5f9bb9c
0ec06b651663fe3def38b53c026abe73490e97093ecac8f548e38c247ba4b4cd
3407534fadcfd0087752e3f96cdad8f656b576d7c5b2df235eb01ed6df65ed55
a7c9d6c5b2e39ebaabb4cf3799558fd8e62dde124e4b18da020d81d4b72e9592

http://agentsdirect.com/0vPcT8H/
http://toshitakahashi.com/e0ZmqZLLui/
http://tacticalintelligence.org/kuS5BpOn/
http://innio.biz/QKCP05G48/
http://jaspinformatica.com/IZqdjd211/

9f29b0a25f561d88ef445d6443b057888bc0d57f3a19ef634bbb9439d15ed16c
71019bfff9446c7260e90300c7f2192232ec0dd3a13078587e69d927861ff74b
7e5ea13fa9483567ccfc964f2b81ceef37a6e25bc72145595d1b210ffff7592a
2b9278f08544327a17740022286878835f952b3e419f6eb591d266af5fe9d95e
6cdfe05c8c1d55be1d935fa4a202aa0d1117e6081a6c2f74ac78d323b96216d7
c2e393ff568f4a87ce48011f10664138e569710f56ddc0462aa7f36bdad5ecad
42997feb454e2920d1ca5a535f7351cf0f4787399dd777589ea0ffd5f8c6f7a9
7b93e193eb695feec2402935a4d7d5103791556245c9828e23e21c096565a7b1
a0536f7eb759331684f01d876a8f4015b87b2cb72907eb95f1a5e53bd4411ab9
5506b5dcea80aed5bb2c8378612d811e99784737d64fef27569895ca9f7fc5f1
7eaea939bd32085ae6b0dfd0d1a47c1751737442ee97906b6d37aff0660139e0
39f7b6d423a1281ae081a613be75fcb2844faa3cf80aac59617554d72f216320
b55e65946c2dbcb42c589a6e4db7b687058a28fa8cdcfd213715a5accc2ea02d
21000ff41fda8081102d8be37a36bf2ce3c56435dbef42ac377c90b4276044e6
cd3fa296d4edba903fc4887a80eb42ab3a7165c8967b46db6c1aa754d339a2b7
6644890c4fac390e89f2b4a4137994371a08e5c3ad99105181e08eccdfe69d7c
9dec686303eef4785b0653d61b8a2f987f4f56bd09298b6f7787d9b6160c6ebe
7b427a5d7cb28116f84cc2f5b850426275ad5a302f690dcf0b9eb74fd1700291
eee0e0e3be71c4ad4e65e7f8a2f8a17dec0e7c68cd299297259b3fbb9f064b34
4f99ff28aa0864e4cee9e07cdafd03343ee929645b53260033c80d9c95cb41a0
6dd5c7e4bc5f286d5ec772a667c02eb8fd76c1fff39d51f2c0739c0f3b03adb0
47a826f725df012bef5f8357d131800bade01234a0b63e4c979b294d23edf458
7543419ad2c47a6fc8765597d43ef56be77598b9073f8a7d1007f43dbdcf5cdc
3c090e7cc9507d048af4843af612fac9ef80a8b6f98e52f2fc1aa343788d41a2
010ff3ddc9998f86a7da0bda8afc8efd39ad12c701f1c3810f64865c8e9428fe
59df1757c601148f8df9daa8a4a5ec6c75f62a0f6a9f7d4467f61e30e1794e82
3388ba07c6f77b926395f7638848aae558ea5804e09c82e441e03530e7c69d63
e9e9cfeb13735b031d6011eabecbc21e1423eb639070f231468778bda7752cb6
e1fa1c7d8bb15cbd30ec50bc055630dc2a227a1cdd26c4a3c58657b8db23480f
54efb1013f89d06196e354d43c14935b0647c2058aa6cf6f62050210e9f83616
decde8dce5e71432c74d44350610011ad3944b37a254d526a7a3d7c9a8df60c7
8775d014150cf21e0d0d1485a8113ee26b4fbbc0b520365dcc873940033d22b1
04b58ddb80178998c0318ace2b9f06519206511e95881acf63e41c2eff24f7ff
7a5f98f14172b15e79c2081d6344fb6a5103f7f262cfc4174d95b6d47b02ee95
ddbf72530aee7305bc99ae9d64a8cb8264b0ee0500abe07fecd76a1322565a1e
99636b4774dd87729209d2d31223dcd06143221d0c3a1d3f236a1b17da196c56
e619ae78833eaba075035ad8ea8e2d3b4a8861e6bce5d2d0c909cbb89db7a4b0
7834ddcdab0552e6313e26b7a733b37b152af81fbbef832629036ad5a52e5c99
60d2a8382bd41e37dc319bbd093c04d0dccbf2cb335a7057813a523d900aed42
5d8b8d365ecdd9226fb37ce26454166884b3b94f5e2aeb9923457c38595c0a36

Creation Time	2019-01-14 23:10:00		(ENG - Orange/White)
SHA256:
794ae642a0a3cb291b6bc43ca1b9b69f69ff9add4befbf913a7c22d262ae2fd7
c494f6b22ab709985d185de9e349ddfe8d9411e5e51aaef3edf7f8b0ae06291b
6883ee85522c09576e85a9df443385cf9bd9ded5794bd0133136ba316e50d980
0f1f2793efb4d8a4bc07bd66cc608d0982e2025affaf0c1c0d67432f1b75a57c
1e7818f7fd879c98a93a934c2ca289f29121371015430dc8921fea589c6a5a81
4280bf2624544e303275ec94ec300eff710ef1ce58f95fe8ee702b63cfe3a331
61c2950fdf075bcdc03c90c8c66932ec05d50a6471924256aafcd5270e9c8919
68539aea0795d265502368da42783aa4df61a5cbb7d84163decc7dc16dbf3e7b
53e52264d5d0e4da081924fd59ff9aa7fc1888a9ae276f22f453eefdfe3c9fd7
22aec89603d396d3566a5f3d5f355f9efc1791ba67f26b85f2aed141aa0c6aaf
49325d71592d97899ebfd9639b3d3cc2e4ba6acc722bb5dfddbd22924452eda8
dc61b424999a87aea86422576c7dbfd9658b9ddbcdc1cab5424eaf3df2d1cb46
2daecb43f8f2c05545b6974ba9e4173b6708fb89141e1cac5ddd60847f46ec7f
decbc82d7c01ca9d07ddff78ac92f1cb461f46db4d170cb8459d159f8e79f100
4a5f793c1e2f5b8d8f040cbdc357b2e06b59a844ea7b5620440697fbfedc10b0
bb0713133afac2d28bf39ab96b3fac5225a8d167f043b21d0ac5716c2462a3fc
600285418c76a3b461a43e84cfde59054dae21f119cddd37cdca85a069b6e320
841622c88881bad69ba65df05aa44c90edbed7dffe9734998ff76d9399786de4
bb5e5db8160a056dfca4c383ed751946dacb53267dec9234be0c1354709fbe9b
d42a8f19235f0281bed1e194034c7e08fb60e0b497c222f9fb3272a790b4a28b
7c026a7ba7e7fa9623bdcb2d3c61493480e62e307c19c8ba99410f5c709ebe1f
19ee948b96af076865e64e4ca70ad97dee5be700a2dcdec84b70c387c740d515
47071c78d7840a1237c9acf13773c986f8a6d88a60d2b21da490cf6e323c4b72

http://www.araucarya.com/2Oc8ggZ_5h26fUU_fPrgc/
http://www.nigellane.net/uM3LyT_PCU9x_07nEz9/
http://www.mir-krovli62.ru/uGqCE_F8jceGFz/
http://www.clubdirectors.tv/zp7mEqv_zaz3h/
http://shantiniketangranthalay.com/eUOLBN_ukCfdG3Ux_q010wOU2/

Creation Time	2019-01-14 19:58:00		(ENG - Orange/White)
SHA256:
9a48610ba9f5d9ef95a5d87ba5d88379ff264e48d4257b01f0dc767cc6787e57
d4bb8e69e4f73413b6bb625dcab53ecf1f3b443ce2b00b9fa07a77ea62de98cd
39901286ca88ab2fbc792d4741af61add1b54860cd61f852dfc72e8dda19f020
75b23551aee14b1e4d598a793d11ed469f96d8721f919459781f4bb5e860663e
f15d939bdc728c34efd666bba3834c39702dd7acc56f93f102f435a1eff962c0
8f1c9e97954d971815da25398ef2906de057333b533b55f8fa3c03a3c2ea98db
25aafad5b7aac1a9696a8b0e3dffae6784ac328b33381e2fe89d5a6bc06375af
98625be56fb2e3b4aa0fc5c0ad13e8879bfd9a23fbb4e63badbcab6d06d467ab
863405add07488b40151b14c62425e4c8925dcb823640751f8ee524673352063
461d469a5c123f18bf0caf866d32ac06b1af34236b649d30615eca2ffc419b15
6f7de9b6e080292fb24280de48560db983cfd0dad0eb2947a0db723eccba0d18
afa166f969ac03380955d9c4ab6b873d9194cce37a3e0755294a52f560ff4c4a
5a4682bde103552b6c98485e6237c9ee83c9b49005dbe5f7f5e8c1b4ae0ef27d
74a9c775b4d748657c3e0a6f6d608763a1d63cc48ba0afc0af6acab7c6a005f1
d3267b47eb5ff200781cb100c9e7a02206b9965c08a18d601afc9aaf8f09b10b
a42e62d77699853d6def84b0b775cf85ec68dc93b002d5f2d6099205c5c4ea21
eaba0452504b33481edefe4f6a904c90a163c7600bb0fee607c2af296b0ffa1b
fff842211c499574cef09bf176ecc2af07fbb18f4075ec84f82d39256bb9f54e
4c52d1bb5065a4f46ad1a40e077b127eaa42a1e63a0c89df75b1cf8b35ecc973
168ef78dbc52456ba2c919119d48cc5d1fcfb692c65a8242d5ba8685fd47ceac
e5d829b9ad2ee3d40653e4d404df3d1934cdf85e46f7230524eaedccdd380f94
45410db407eb272835c9a503adfa685171ef895e4545160462abffe58f706634
2658e72dbad0059501ce4ed6e2f4c5435a1390e670b2d9df53c8b189709763a8
67d8d91f0b53407c7727cb6682de5862b9d35f6333ebb9c91e4d453842982615
6a1aa046a08ddf7d7e5f2d7d522a65e0a9612449f4369a7dac680a0cdb2f4ee9

http://tecno-logic.sci3e.com/FaCsh_vRa7wKtB2_kY170/
http://batdongsanbamien24h.com/lhBDdLtY_PHqPD4k/
http://sinarmas.pariadkomindo.com/S9tI4_2xBDUT_QEjB5P/
http://taboclub.com/nOd_Ls0lS/
http://letsspeakenglishonline.com/cV4_KLCfQG/


Creation Time	2019-01-14 15:13:00		(ENG - Orange/White)
SHA256:
2ca58ebcade09ea04d673ed20015d45b6e1046616b3278d5de446d8906cea368
dba531792d94dff27f95023a924018e6aa2bc13a34a9397039d552b02075bbb8
78065a4bab1545dfb1fd72c01bc8d1a30948190034b7333befd96d2eb03e8a97
bfb7b0dcefa43f7e7cbc67663e218298b104bfc94318f64ca84e466d8b13fad8
49f0fd390cb8aafce83cb6d14caccb7f9554cff792fcfb0d778e41dcf3c44cb1
05c0a1fb64c44871e53400a082c6cc14b09d2e36eb6b029ac7effbcf5c3be017
18685e551748c7bf5d80ceb32342439ebe6254ca1bce2800ce4e35102a369707
b9ac7fdbfe29cccc45820992b9aad386a6ec1901b39c8c45ec5cef1ac7fcf282
7ef69f2bee99dab71119478f0eff230488bae152a767fc4a454034b4c812458d
78cea517d568c13e5283505ba6c939121608955f8e5a5adbcbc5d3fe79dda8a5
3a227e4d998ddb5427004ce1e0d45a1877cdf42ead09bcf0211eb2786dbeb661
c2677e8194432bca3607cb1bc0f14d6f134f39aa4b44bf29462e96cdc262d53a
40f110a519931b34b3dccf69ad578ce0b537a3bc6606ba19e9f7fce2d1d1e1b3
26d08eb117b227ae255772ba329598202729db14e542daf2a3dbfc8536c0cc0a
360438e0a0065f3a6c9b60a1efa6041a2c2a8dae9486f29bca5b42ee1df2834d
8863acafb66a0f3ac77daa1849b0441a54f37b445f533d9cac5c7980a2f0c687
0c1787fb77fb198b62ac9f8cc254d084fba810202a274e8e83dda6ecd8c64e2e
e663871e8bdf96958321a2ae07b67efe02f4edc566bd63e0006842f41b2a3427
301559e1295ba8cb644bd15b2ad3afffe566f397321d148e2caea01c47ebad74
14601e911caa498667c29ada2028a0ac9298f9f4ada69f5600af8aecef86dd46
2d0456522cfa38c9393ff6199c6e55098d7c7d46dceaaa7e6d9fe997d4847b14
ee758b05596d19f3f93b1c358f970a601dd10df9fe65f9a6e2322a248540dc12
a57c9ced200a75c2d1918d30730b7c4c0dd93487dbdc688acabb7e2cb7e33f5f
916a22a4b904eee089c046af87b1ea2f9e87bc7a74cfd242101425471029656a
807d97e911275693f9c3c1a651045f9ca8f9901566e753cb0c79de2216ff6881
449cf7f70c4d0d833f99a15b818ea14e8fd5610afd68059ed6cdec9730a7ea6b
a73c52793aebb5741f3456b8c575eb3ee41953257cfdd0930b86c422b63b4ff1
5406eb288a28528710b1aa960b012c7cc3a0605fa78a81dbaf3b3d9c3263be88
ea8c96191c0c6e9b151dd48107e22dec3fcdcd7275d72d6804bf2761212acbc0
ea8f1a29b56d5bed5e8744d6cbba787cbf4ab6d8ae7112455ac0a2bb38e83a3c
c943959ac4eea66b557f8bbff3a4cdd35d88554fb2d338cddd3b059ce2bed88e
f4dbc0bf3fd53e0fc755ea28837266092ddbc02d8f9f5c3daa08b4dd31928817
bfc82319a2611b4c3db2907807b8f499c4e154c9211b6f639a038549682b747d
6df473bd7f09e7719e7b65b714b9dd346777266fe7297ccfb60e3075df21a399
a7520290d891c842126f97d018a14d335a5717391beeec3e24d10a6589880378

http://mothergoosepublishing.com/7CU3BZ_HawRe/
http://uicphipsi.com/4d20qS_izTLi7wu1_uuk/
http://vuonnhatrong.com/FSrJps_iKqwbRFjH/
http://themissfitlife.com/5wn_YAsyS0M/
http://mrtuz.com/AfJ9Gt0_f5HHi2GKr/


Creation Time	2019-01-14 13:22:00		(ENG - Orange/White)
SHA256:
594139300cbef750d9245dedb3c6e4de9915be90eabfc45b5f968137df99d837
6df473bd7f09e7719e7b65b714b9dd346777266fe7297ccfb60e3075df21a399
a7520290d891c842126f97d018a14d335a5717391beeec3e24d10a6589880378
bbc7a69c1979763b748c64a218b13313a8d9ae79b8604e330774a50c08a30716
86aec06b0167c3ae9c80db5f3b7cc7f55b618c7d88b365967ef77cc7e6ce354d
7ca6b8611c682e3f107153fb98a62321b914a1e867339f21793715e9d3985edf
6719e0e5b9fd94031417a2aa5fb3fb2b236c50ad9d96e283af1520082a81effb
5c9401679abeb7e976b104c85b4511f04e69cab583e3fa268156f03dba34105d
70a5445bc001ed3fc4e37927992d8c58199a29ace433e703e7a8dc046e8325a9
f11aafd00f8e79125089aabc85c9b449e482ddc66e93502257a19d0da885f430
73a7d924eb939da844d1bbf298748c3feda810d2cb6a51c002f526b472321927
64151a4bd32f323ceddbc46ada93dfc9c9779059684e9b958d2b503f8f233ebe
a3133000c49cb432515f8a4cac85b9a4de333da01507226a23af03425f5c2970
8b7c355c4cd80d80eae31425947803b59024f012f9a624dbee210fc3ec758777
9c04ad1bfd2bc3411cdc96fd28ae9af16b985686a928455caabc0ce74b94c924
acd45e8699166ff2859627f5c31cc865c4e048e7dca7d4142be445af985e0f6b
a880e613bbdbb4ac3bb67b7d9366222a56556663795b2c7711609e2e7afa13db
b998a79fe8fde1f80df5ed3fa8b1a4b089bf4d33fdee4f974612259ad8bf1a73
99f9c2c64e3ca8fa7c802bb96a0e04cf0d4857e6926aa0976ab6be1519b018e4

http://beitshalomcare.com/UCXoKly_3UeiaQjy_Ik/
http://topablaze.com/YOh_SNrprk/
http://tabaslotbpress.com/P7E5p_6YkjtH_BP4TMxN/
http://mydogmybuddy.com/ULyczwB_jTGov/
http://rinolfrecruitment.com/3ee8t_II0t/

Creation Time	2019-01-14 09:42:00		(ENG - Orange/White)
SHA256:
1185db243b6fa18aa3324b8a4ad99f7d42552995c276d9407cc3cb68b1a8dc68
824fa5bbf6c395ec85c8f0fec131f6f2b3b5d84a108de3ed71fe073450847453
356d8516b61a00f2a1ea4669e5cbb4c333a284f138267a446a0b0e602a0a5109
5332ba6babf7437e6eab5e2c9f10b14a7c6440eee282f3312033d17ccc87ee6d
66afedcd6b44bdce744e8b02f8fcfc66ebc3ac97af89649872551d0ec8dc6edb
0cb8b7b24e561cd79cc87bfdb188e3dcdc16999983823c326544db2bcc4c2378
e8dd3b0062ccd4c2a04a057f840a7e5cbee7cb5d8fa4b1f71e029065d15e0161
3ba8bd7abed2707c605c0443e718cc2dc55728d079ddb73ba4cf88cf288a84b2
972ea1aa9ce59df727bcdcd0b4d201ac5a1f91104890a9d2a74ab52a6f4f73cc
6bc705ca4ed72a3ae033154efa1065eb29192654b24d47ecf09012fa63c04001

http://lucaguarnieridesign.com/docs/WMr_mg9Cl_lB0bmBz8/
http://eilatsmanor.com/BGaY5Klo_prck5AF/
http://injakala.com/djN_7AvxDHcf_wTMYS/
http://voldprotekt.com/oBm_Ae6lH7q9K/
http://binderdate.com/7w00z7m_DOo0/

Creation Time	2019-01-13 23:11:00		(ENG - Orange/White)
SHA256:
cc88f2f682c0a55d601d3b02437cc74c3dcd529f82560e2464ed4832f96784b5
fcb9aa4a761cce1be28ce895412be48035c0d6ebcfdf03b978eff1cf2bfd7674

http://www.somerset.com.ar/wp-content/uploads/BxE8v6km_EOfpI6Bc/
http://welovecreative.co.nz/jrqUxh8_4HLOEf4/
http://billfritzjr.com/bkdmj_e4MS/
http://johnnycrap.com/E6s_Kk14a/
http://weresolve.ca/cgDRAqE_hx1NeK/

401b401b4bb88543a160657b8c9f54c85588792ac3ed089743f01a4b2e6730e7


4f1c0eb3806bdc950f8d563f55ac96e079f1f4484ae8aa5ac27bbe53f21b2cdc
296f421a8f830c9b249dda7b08603ef70b9940165b22c323c81ac63f026e3b14
d3ec904006c316b09072210167ab85906376a3ffe53428c58ea8951e7f7657ef
e8fec5df9be23687dd2249900f7ab151a3b12c38bacfe28204b625d34f5db1d8
0b664accc6898a9c073ca27deb58abaa597477d88c54559439f9a92a45f8d055
67b7afa9bab3c68e3458f3dc59bf78198ec09cbd26ee9b91c9ffcf01f837f514
cc9aa998aa79c24e5813e70701c4c09b29f3ccf1d69bb44b178bb19be8931f04
6cd191f1820e780fa46523aa7d5a497d906150e27aa59b6167e20fcf1f5dfe6d
31209882c24fcddad177023e254b6d7a5a7a8abc9f144ebb5d68f27f454df46a
edca19e6713370b59c662d27734529f86b3ad2dc541c7a9b5ee3e01107351638
d0f997d05dae5e1e573c1404d9f58200710b43c3414682ee6b011db50ca3fe33
c01f05adfb2e4e4133a7e90ee04d72f0f0528332757a308cee498a9342689b35
a17fb36a8d6abb8c60accf6c15dcea997ca53ed6420549ef409248f6360e0de8
df6b04ce996ec25548ffdb6d24a98427d7a8811b6363bf970c78fd064aafd19f
5239a4d824255e346b3de90ff864513635f1f4cd2e7535a9f604c517bbbe98c6
80913f232e0cfc2df899d6b92067aa66cbab7204eb1005d60d92aba95f7d51e1
2a49f7572e3f05f81232748d9ffc3bf468ea0a8002c2ed123dbae744e0e9af31
6e8cad959b8ebdca8858b7c27d780a813fe4bf4e56ca962c7a3999f9cb96e3bb
ac75f463cedfaaf7e5924deffd75f0fc8c7466b26dbd2af043fe8f7269e3c9a8

(Port is 80 unless noted)

109.104.79.48:8080
133.242.208.183:8080
138.68.139.199:443
139.13.84.107:8090
139.13.91.136:8080
139.13.91.149:20
139.13.92.63:8443
144.76.117.247:8080
154.120.231.114:20
159.65.76.245:443
165.227.213.173:8080
169.0.47.103
181.167.49.76
181.169.58.108
181.46.46.49
181.48.239.3:8080
181.61.253.90:20
183.82.34.65:465
185.86.148.222:8080
186.16.203.150
187.163.213.124:443
187.200.132.53:20
190.210.236.237:22
190.220.19.82:20
192.155.90.90:7080
200.113.106.18
200.71.112.158:22
201.231.70.72
210.19.41.87:50000
210.2.86.72:8080
216.252.83.23:465
219.94.254.93:8080
23.254.203.51:8080
49.212.135.76:443
5.9.128.163:8080
60.54.121.215:8080
69.163.33.82:8080
78.187.52.65:990
79.127.57.42
79.66.242.43:8080
79.98.31.206:443
80.12.84.86:8080
81.86.206.166:22
86.98.65.187:443
92.48.118.27:8080

	

Pending

(Port is 80 unless noted)

105.184.106.99:22
105.184.237.83
115.71.233.127:443
120.63.148.9:443
151.237.16.5:7080
173.255.196.209:8080
178.209.71.63:53
178.209.71.63:8080
178.254.31.162:8080
178.62.37.188:443
178.92.73.34
179.41.14.199:990
187.163.91.104
187.207.58.148:20
190.10.159.242:22
190.17.173.58:443
190.52.161.1
190.6.24.248:50000
190.60.225.114:990
198.74.58.47:443
200.93.90.133
201.111.29.109:20
201.143.82.199:995
201.230.255.100:22
201.235.65.61
201.245.184.16:8090
211.115.111.19:443
217.13.106.160:7080
24.232.79.140
27.109.116.48
45.123.3.54:443
45.167.12.22:8090
5.230.147.179:8080
62.75.191.231:8080
67.205.149.117:443
69.195.223.154:7080
69.198.17.7:8080
75.99.13.124:7080
80.44.121.62
83.222.124.62:8080
86.43.125.152:20
88.249.181.174:20
93.88.93.100:53
95.141.175.240:443
98.142.208.27:443

Pending

Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen
 
NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.
 
UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!

What is Epoch 1 and Epoch 2?
Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
as far as I have seen.

https://pastebin.com/mfEa0W1G - @James_inthe_box
https://pastebin.com/scHw434h - @executemalware

(OC from @JRoosen and/or combination work of the following)
Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey
C2 info - @unixronin, @MalwareTechBlog, @ps66uk, @JayTHL, @pollo290987, @malware_traffic, @0xtadavie, @devnullnoop, @gorimpthon, 
@Racco42
Payloads - @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987, @malware_traffic, @JayTHL,
@Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey
Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt 

Special thanks to @2sec4u, @unixronin, @pollo290987/@ps66uk for creating scripts/servers/infrastructure and helping out with all of this!

Very special thanks to @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch and @Virustotal!

Emotet has beern going since early this morning. A good deal of the malspam first received was all in German but the documents were still in English. It looks like E2 is the only one using URLs for downloading documents for now and E1 is just coming in as attachments. The URLs all are in German also for directory names. 

About 09:30 EST, we started seeing new URLs on the same distro sites that are in English. They are all based on invoice ruses so far.

Spamming continued all day and we had some minor changes with some C2s on E2 towards the end of the day. All of it was invoice based templates and none of it was particularly unique.

Until Tomorrow for more fun.

Epoch 1 C2 run at 22:00 https://app.any.run/tasks/fcd76a19-9036-443e-82d5-b1a4cc301036

Epoch 2 C2 run at 21:50 https://app.any.run/tasks/e6ee56b9-179c-423e-bfb3-9899811175fb