Daily Emotet IoCs and Notes for 01/28/19

Emotet Malware Document links/IOCs for 01/28/19 as of 01/28/19 23:59 EST

Notes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.


http://103.254.86.219/rdfcrm/custom/history/Amazon/En/Information/012019/
http://184.72.117.84/wordpress/VNoZ-BH_LLiy-39D/Southwire/JCH92745479/US_us/Invoice-00890434/
http://207.180.213.67/wp-content/Amazon/Attachments/2019-01/
http://24-site.ru/ypInq-cj8gv_FDA-nq/Ref/83493822En_us/Outstanding-Invoices/
http://3.dohodtut.ru/Amazon/En/Transactions/2019-01/
http://51laserclean.com/oyXf-pH_zQIHpYiql-7W/Inv/71371846260/En_us/New-order/
http://aavra.com.ar/tmp/hdxTw-n0N_NeS-76/Invoice/5546564/EN_en/Sales-Invoice/
http://addireengg.logicalat.com/Amazon/EN/Details/012019/
http://adventcalendarfordepressedpeople.com/Amazon/Clients_transactions/01_19/
http://afimetal.es/qvtkc-3r3Hc_Q-M8f/EXT/PaymentStatus/En_us/Outstanding-Invoices/
http://airmanship.nl/Vodafone/Rechnung/01_19/
http://allopizzanuit.fr/Amazon/Transaction_details/01_19/
http://altuntuval.com/wp-admin/Amazon/En/Details/01_19/
http://appliancestalk.com/Amazon/En/Information/2019-01/
http://armaz.org/Amazon/Orders-details/2019-01/
http://askhenry.co.uk/blog/upload/Vodafone/Rechnung/01_19/
http://azuresys.com/Amazon/Clients_information/2019-01/
http://bali.reveance.nl/Amazon/En/Clients/2019-01/
http://batdongsanphonoi.vn/Amazon/Transactions/012019/
http://bbcescritoriosvirtuais.com.br/mNIBX-9J09_vjFhKkrx-pHK/B261/invoicing/US/Past-Due-Invoices/
http://blogg.postvaxel.se/Amazon/En/Documents/01_19/
http://blogs.thule.su/RZXfD-gNDi_IlZjee-fb/INV/41859FORPO/1216021364/EN_en/Inv-994042-PO-6N580151/
http://blogtintuc.tk/server/Amazon/Transactions/012019/
http://bobin-head.com/Amazon/Transactions-details/01_19/
http://bsssnagar.com/Amazon/Clients_transactions/012019/
http://canhogiaresaigon.net/salamediaz.com/Amazon/Clients/2019-01/
http://catsandfacts.info/Amazon/En/Transactions/01_19/
http://cavineetjain.co.in/AMAZON/Transactions/012019/
http://clipingpathassociatebd.com/AMAZON/Clients_information/012019/
http://clubmestre.com/tCfQX-4HR_P-D9o/PaymentStatus/US_us/Paid-Invoices/
http://comeinitiative.org/Amazon/Transaction_details/2019-01/
http://conguilliosustentable.cl/qaUf-PdK4z_Nhw-EPn/Inv/25760040305/En/Invoice/
http://copsnailsanddrinks.fr/Amazon/En/Transactions-details/01_19/
http://danielapereira.com.br/AMAZON/Clients_Messages/01_19/
http://dcfloraldecor.lt/Amazon/Transactions-details/01_19/
http://deltaviptemizlik.com/Amazon/Clients_information/2019-01/
http://detectin.com/Amazon/En/Transaction_details/2019-01/
http://diabetesugart.es/jYeo-NTB_p-U9/ACH/PaymentAdvice/US_us/Sales-Invoice/
http://distinctiveblog.ir/Vodafone/Transaktion/012019/
http://dom-m2.kz/Amazon/EN/Details/2019-01/
http://educamedico.com.br/fbNsB-PYM_ZotrWf-Qb/invoices/7320/5253/US_us/Service-Report-6739/
http://ema-trans.kz/Amazon/Transaction_details/2019-01/
http://empresadereformasentenerife.com/Amazon/Clients_Messages/012019/
http://fashiaura.com/choA-kNTi_zQZEX-uCP/INVOICE/84559/OVERPAYMENT/US_us/Invoice/
http://faternegar.ir/SmOG-vu_LTiFC-AyF/9894703/SurveyQuestionsUS_us/Outstanding-Invoices/
http://favorite-sport.by/fbAKg-XGRnd_PCCPVXHod-zJ9/Invoice/0808295/En/Invoice-for-h/l-01/28/2019/
http://futurefynbos.com/Amazon/Clients/01_19/
http://gephesf.pontocritico.org/Telekom/RechnungOnline/12_18/
http://gnu531.myjino.ru/vajQ-XK_klHHZ-rt/Southwire/VUU849710373/En_us/Invoice-Corrections-for-55/95/
http://hemel-electric.co.id/fqRE-8O_dfC-2R/U777/invoicing/US_us/Invoice/
http://huurwoningdirect.nl/YSMMl-OSqc_K-p1D/INV/99120FORPO/1087504003/EN_en/Service-Report-03966/
http://idojewellery.com/PaFy-Of8jf_jpS-p3/INV/4361809FORPO/60858553368/En_us/047-04-810728-359-047-04-810728-916/
http://inmarsat.com.kz/MlfP-DhU_ShUKzThtZ-uG8/740719/SurveyQuestionsEn_us/ACH-form/
http://investasiafoundation.com/dnkQ-fha4_ludqm-Wv/Invoice/2474767/En_us/Companies-Invoice-35434423/
http://isoblogs.ir/Amazon/Clients_Messages/012019/
http://its.futminna.edu.ng/Amazon/En/Orders_details/01_19/
http://ivaneteferreiraimoveis.com.br/zfFIf-SG_XIk-1k/Southwire/KXM50900491/En/Past-Due-Invoices/
http://jaihanuman.us/wp-content/uploads/HSiGV-ANP1M_qn-Kn/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/US/Invoice-for-e/n-01/29/2/
http://jostmed.futminna.edu.ng/Amazon/En/Transactions/01_19/
http://jostmed.futminna.edu.ng/Amazon/En/Transactions/01_19\/
http://justexam.xyz/Amazon/Payments/012019/
http://k.iepedacitodecielo.edu.co/Vodafone/DE/Rechnungen/012019/
http://kadinveyasam.org/Vodafone/DE/RechnungOnline/012019/
http://khomyphamhanoi.com/Amazon/En/Clients/01_19/
http://kosolve.com/Telekom/Rechnung/12_18/
http://kymviet.vn/AMAZON/Clients_Messages/2019-01/
http://lanhodiepuytin.com/Vodafone/RechnungOnline/012019/
http://liuyouai.com/AMAZON/Transactions/012019/
http://maktronicmedical.com/Amazon/En/Payments/01_19/
http://malin-kdo.fr/Amazon/Payments_details/2019-01/
http://marisel.com.ua/Vodafone/DE/RechnungOnline/012019/
http://mayphatrasua.com/AMAZON/Transactions-details/2019-01/
http://meuwi.com/lhtTA-GL_fVK-CmW/En/Invoice/
http://mileageindia.com/Amazon/Payments/2019-01/
http://mingroups.vn/Vodafone/DE/Rechnung/012019/
http://missionautosalesinc.com/zHuuX-WF0mr_WqcLLTZIB-HU/InvoiceCodeChanges/En_us/Past-Due-Invoice/
http://ngkidshop.com/iZOlp-FjEu6_YjGtyNeM-Y3/Inv/41010427113/US/Document-needed/
http://noithatnghiakhiet.com/hRRsv-triVq_Zui-Vo/ACH/PaymentAdvice/En/Invoice-for-you/
http://noithatshop.vn/Amazon/Transactions-details/012019/
http://noscan.us/Amazon/EN/Clients_transactions/012019/
http://oceangate.parkhomes.vn/Vodafone/RechnungOnline/012019/
http://offblack.de/Telekom/Rechnungen/12_18/
http://olapixels.com/Amazon/EN/Details/01_19/
http://openhousemonterrey.org/Toej-aL_gAP-ZvE/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/En_us/Service-Report-1280/
http://otohondavungtau.com/Vodafone/RechnungOnline/012019/
http://phatgiaovn.net/wp-content/Amazon/Details/2019-01/
http://prisma.fp.ub.ac.id/wp-content/Amazon/EN/Information/012019/
http://realgen-marketing.nl/Amazon/En/Clients_information/2019-01/
http://realgen-webdesign.nl/AMAZON/Details/2019-01/
http://rodaleitura.canoas.ifrs.edu.br/AMAZON/Details/2019-01/
http://sankosha-thailand.com/ApYQ-jB_JWnSNJfLR-C9/PaymentStatus/En/ACH-form/
http://sanmarengenharia.com.br/RNsJ-9mg_QG-oiM/Southwire/APC284393273/En/Paid-Invoice-Credit-Card-Receipt/
http://sassearch.net/AMAZON/Payments_details/012019/
http://sevensites.es/Vodafone_Gmbh/RechnungOnline/012019/
http://shlifovka.by/Vodafone/DE/RechnungOnline/012019/
http://sozdanie-sajtov.rise-up.nsk.ru/Amazon/Attachments/01_19/
http://spbv.org/Pweoi-qu_dK-MjX/invoices/4073/73455/US_us/Outstanding-Invoices/
http://ssearthmovers.in/Amazon/En/Orders_details/012019/
http://subramfamily.com/boyku/AMAZON/Clients_transactions/01_19/
http://summertour.com.br/Amazon/Clients/01_19/
http://talkaboutyouth.co.uk/dGWTw-Nn6h_Ry-hfy/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/US/Document-needed/
http://tarjetaenlinea.com.ve/Amazon/Payments/012019/
http://temptest123.reveance.nl/Amazon/En/Transactions/012019/
http://test.xn--f1a7c.xn--90ais/saurT-1oVa_Jvfmyh-opH/INVOICE/EN_en/Invoice-7280928/
http://thanhlapdoanhnghiephnh.com/Amazon/EN/Transactions/012019/
http://thinhphatstore.com/ytvb-PO_YalMXs-gv/Ref/891390963US/Companies-Invoice-7505575/
http://tisoft.vn/public/Amazon/Clients_Messages/012019/
http://tsn-shato.ru/EDLpH-wHV_h-93/InvoiceCodeChanges/US/9-Past-Due-Invoices/
http://turbineblog.ir/Amazon/EN/Messages/012019/
http://uborka-snega.spectehnika.novosibirsk.ru/Amazon/En/Clients_information/01_19/
http://uckelecorp.com/Amazon/En/Messages/2019-01/
http://ulco.tv/Vodafone/DE/RechnungOnline/012019/
http://up2m.politanisamarinda.ac.id/wp-content/Amazon/Transactions-details/01_19/
http://viablecareers.org/UXoqy-QTX_fXiD-yvL/PaymentStatus/EN_en/727-70-172785-996-727-70-172785-395/
http://vsb.reveance.nl/AMAZON/Clients_Messages/01_19/
http://vysotnye-raboty.tomsk.ru/Amazon/En/Orders-details/2019-01/
http://westland-onderhoud.nl/Amazon/Details/2019-01/
http://wieczniezywechoinki.pl/Amazon/EN/Attachments/01_19/
http://wsports.org.au/FYom-VGtc_g-ljw/US/610-81-637186-688-610-81-637186-156/
http://www.biometricsystems.ru/Vodafone_Gmbh/Rechnungen/012019/
http://www.caribbean360.com/test/XChCw-sav_KomKB-Pe0/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/En_us/Sales-Invoice/
http://www.carspy24.com/fUJEb-gFQ_JcpoXcw-qwF/Inv/52424345995/En_us/Past-Due-Invoices/
http://www.comamigos.com.br/XMye-wY_t-wh6/ACH/PaymentInfo/US/Invoices-Overdue/
http://www.forodigitalpyme.es/AMAZON/Transactions/01_19/
http://www.glazastiks.ru/Vodafone/DE/Rechnung/01_19/
http://www.grantkulinar.ru/Vodafone/DE/RechnungOnline/012019/
http://www.holzheuer.de/Amazon/EN/Orders-details/2019-01/
http://www.hopeintlschool.org/Vodafone/Rechnungen/012019/
http://www.jackservice.com.pl/sTWSh-GQ_zPVpXA-ifn/878509/SurveyQuestionsUS_us/Paid-Invoices/
http://www.kaplonoverseas.com/Amazon/En/Clients/01_19/
http://www.ledet.gov.za/Amazon/Transactions/01_19/
http://www.liuyouai.com/AMAZON/Transactions/012019/
http://www.mbaisetopseed.org/CTAZn-4AVk_xAXhg-II5/Southwire/IVA426640832/En_us/Overdue-payment/
http://www.novacasanova.band/YsAu-WC_YX-pen/EN_en/Need-to-send-the-attachment/
http://www.ontamada.ru/Vodafone/DE/Rechnung/01_19/
http://www.panafspace.com/gTBph-0kFn_bHQTL-Iag/6901312/SurveyQuestionsEN_en/Paid-Invoice/
http://www.pivmag02.ru/Vodafone_Gmbh/Transaktion/012019/
http://www.promonoble.com/Documents/AMAZON/Messages/2019-01/
http://www.simicat.com/hmcmq-Zj_FeXOwd-H9t/INVOICE/EN_en/Invoices-attached/
http://www.sos-secretariat.be/AMAZON/Clients_information/2019-01/
http://www.tubeian.com/PXXp-2zve_XjwQzHm-oE/EXT/PaymentStatus/US_us/Inv-48182-PO-3D523287/
http://www.wins-power.com/Vodafone/DE/Rechnungen/012019/
http://www.xn----8sbef8axpew9i.xn--p1ai/Vodafone/DE/RechnungOnline/012019/
http://www.yulimaria.com/wp-content/uploads/LQoV-c8_KyX-iP/INVOICE/US_us/Document-needed/
http://xn--80apaabfhzk7a5ck.xn--p1ai/Vodafone/DE/RechnungOnline/012019/
http://xn--90aeb9ae9a.xn--p1ai/Amazon/En/Clients_information/01_19/
http://ybhkdy.cf/AMAZON/Clients/01_19/
http://yclasdy.cf/CyyWM-c9_bvmApFf-f2/Southwire/NLU49883463/US_us/Invoice-for-you/
http://yodmpdy.cf/wp-admin/Amazon/EN/Clients/012019/
http://zamena-schetchikov.novosibirsk.ru/AMAZON/Clients_transactions/01_19/
https://buligbugto.org/QrlC-TLlQ3_PcCmbWYm-PXx/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/US_us/Service-Report-7974/
https://installatiebedrijfroosendaal.nl/Amazon/Details/012019/
https://noithatshop.vn/Amazon/Transactions-details/012019/
https://typo3.aktemo.de/Amazon/Clients_Messages/01_19/
https://u6547982.ct.sendgrid.net/wf/click?upn=3D9FWmq-2BIJYJouvHijx3kL5ceyucmCNjt-2BNHlrkJdC4v3AFcaVm5BFNuLMv1CK2zyWOYFxCGU0-2F59jjuRfhAKj4igHOU-2FuydmOeDxdU-2F-2Fw9Mca5fyZ5u5UlFbJanAAkfQAa8-2B3GZ29nZU0a1KtG164-2FXU-2F-2FPrGnyL0iBuI-2B2kFsaMlJCI4Gx1H1MRUQnogSSlUOTxZ8L-2F3URCVDPxVwVHfTQGW2pfJCLDi-2BPKjBb1qe9M-3D_7G8vDI6mSm0GXu7guNpW-2BuGr69QxZX2ai6mFMFK0lLgodSc7EhpdmhlaAxA9mt8-2BCQ92SdiqybTU9Pog2s1FDh0-2FN3d0-2F8QcAbz6xb32ZeorgkbO0wK8BDn0HdNIin4zL5IW8JHkulvGeEcSuR9sR9f3UN4JLVHDaa6bk6WHpz-2F0cyTB0eJKwAcw4c5ec1w1zi83gByCBoE5oadkqHyVzw-3D-3D/
https://url.emailprotection.link/?aRc1xcsSr90vz8pzIVpsLmURs0ao4lF4VtKVzXo_K3UmYtJy-dJLehG7bxGFMbQQglYNkzAV1X7aFNlI00D4s2bY9JFlDudoLLyoDnOK0Koi64XVUfM2mTK44R3UbdmMr/
https://www.gtp.usgtf.com/JJds-V8_lWuDAMM-xbM/INVOICE/En_us/Past-Due-Invoice/
https://www.holzheuer.de/Amazon/EN/Orders-details/2019-01/


http://0qixri.thule.su/eFGl-RL_IHaA-oF9/InvoiceCodeChanges/EN_en/Document-needed/
http://163.172.233.237/eHIz-vewid_Q-8D/InvoiceCodeChanges/En_us/Invoices-attached/
http://3kiloafvallen.nl/EmpcL-FI_pJZjhYNB-zzG/34522/SurveyQuestionsEn/Need-to-send-the-attachment/
http://64.69.83.43/gacl/admin/templates_c/XTlF-6k_SwjIrETT-lSd/En/Invoices-attached/
http://afrovisionministries.org/EmSyi-gN_lxO-t8/DK49/invoicing/US/Inv-512653-PO-9T022723/
http://airshot.ir/tUDm-EFu_jnPpr-3Yh/EXT/PaymentStatus/En_us/Document-needed/
http://altindezhco.com/qLQtc-jReEJ_Uxar-A1W/ACH/PaymentInfo/EN_en/Companies-Invoice-8887348/
http://alucorex.com/EewP-6D8S_EdVbgw-Zu/InvoiceCodeChanges/EN_en/Invoices-Overdue/
http://amocrmkrg.kz/pbFgW-L292A_SGbXnYuA-uu/ACH/PaymentInfo/US_us/Invoice-receipt/
http://aqjolgazet.kz/uXFPC-eix_xNEmhftGG-qs1/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/US_us/Past-Due-Invoice/
http://askthuto.com/DVij-ph_aBMXfZi-RQ/ACH/PaymentAdvice/US/Important-Please-Read/
http://astra-empress.com.ve/DDPxG-hKw_hGgDHvCY-ZB/invoices/8931/4779/US_us/Document-needed/
http://autopart.tomsk.ru/fNJe-F6f6_R-lyL/INV/249003FORPO/50655035572/En_us/Invoice-Number-08552/
http://autosarir.ir/zpdq-g9_lIZ-e0w/invoices/7178/13323/En/Invoices-attached/
http://aztel.ca/wp-content/plugins/FNfC-ol9m_m-1L/Ref/0638094415US_us/Sales-Invoice/
http://bachhoatrangia.com/IUwUK-Na_dTUBvQ-9g/InvoiceCodeChanges/US_us/Invoice/
http://baza-dekora.ru/IXsw-dM4y_QCsd-U66/EXT/PaymentStatus/En/Scan/
http://befluffy.ru/CHufF-dvI_xPjrsj-yh/ACH/PaymentAdvice/En/Important-Please-Read/
http://belsprosshina.by/ZVxn-apjJ_bStxr-wVT/US/Invoices-Overdue/
http://ben-major.com/qOeiv-1LE_gaOlrp-dY/ACH/PaymentAdvice/En_us/Document-needed/
http://bensilverwood.com.au/JIYn-ZFV2V_aCb-LAT/InvoiceCodeChanges/US_us/Question/
http://bitabrands.com/nDdUh-cC7H9_q-R7P/InvoiceCodeChanges/En/Invoice-for-you/
http://bobors.se/DUfQf-yNL_oLC-Hsd/Invoice/242890029/EN_en/Important-Please-Read/
http://campeonatodemaquiagem.com.br/Ixxj-y33P_yhpPDSiHq-hQ/InvoiceCodeChanges/En/Invoices-attached/
http://cam-tech.ir/guCa-40Ht9_Km-Gf/ACH/PaymentAdvice/En/Past-Due-Invoices/
http://carmaks.ru/pqJH-XE3_cLrrClO-fan/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/US_us/Open-Past-Due-Orders/
http://carolineredaction.fr/DLxTU-uQs_XLiy-fTb/Southwire/MZP9246709562/En_us/Invoice-55318384/
http://cbfund.io/DYBNy-1c_IMrbWd-zB/InvoiceCodeChanges/EN_en/Need-to-send-the-attachment/
http://cooljam.sdssoftltd.co.uk/fTpVx-ladHT_zBfcpScYg-mkF/INVOICE/0093/OVERPAYMENT/En_us/Service-Invoice/
http://crowdsource.oasishub.co/BCuIj-5BS5a_mcIsTbE-d3L/Inv/432719241/EN_en/Outstanding-Invoices/
http://cwc.vi-bus.com/TvfUd-WhN_mMCAgz-aI/INV/21387FORPO/21687766112/US_us/Invoices-Overdue/
http://dienlanhlehai.com/hoviejdk/YAzj-kBR_oZ-CO/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/US_us/Past-Due-Invoices/
http://docs.web-x.com.my/mEJfO-Om_Li-gSG/invoices/72482/46092/US/Important-Please-Read/
http://dromertontus.com/xZIpe-RG1_mjZuP-iMR/En_us/Paid-Invoices/
http://d-trump.jp/fAMB-2714_Pawh-Nk/47410/SurveyQuestionsEn/Past-Due-Invoice/
http://edmij.org.ve/SXDK-On_oPjDarCq-fat/Invoice/4234679/En/Companies-Invoice-3094689/
http://eltiron.com/uXYrM-ef_Advp-T0n/invoices/64403/61099/US_us/Invoice-Corrections-for-31/79/
http://environglobalstaging.co.za/vbsW-1YE_rsCtBvEmv-aXi/INVOICE/5158/OVERPAYMENT/US/Open-invoices/
http://fergus.vn/jaqq-J7_q-i9/invoices/74832/98582/EN_en/Paid-Invoice/
http://fira.org.za/jMOCy-k3A_yew-dxp/Southwire/VML801821328/En/Paid-Invoice/
http://fixi.mobi/wp-content/plugins/hKrac-Cb9t0_KYWDCu-3P/Southwire/QSS7548092840/US_us/Invoice/
http://flytospain.co.il/oVMDU-AEFj7_MljYIarva-mYG/PaymentStatus/EN_en/Open-invoices/
http://foladsotoon.com/vdhxQ-0kT_q-mR/YO00/invoicing/US/Important-Please-Read/
http://frankcoin.thememove.com/fcDkf-Ii_eNLdDD-vO/ACH/PaymentInfo/US/Paid-Invoices/
http://franklincovey.co.ke/wREv-Lmuv_xeFnU-u7/INVOICE/En_us/Service-Report-94585/
http://frigotechniek.be/bGBZd-DUa_VmMCVrxXJ-JDd/ACH/PaymentInfo/En_us/Paid-Invoice-Credit-Card-Receipt/
http://fundacionmontehoreb.org.ve/TdfFD-SlfJl_DhIybr-VMk/invoices/1669/2484/En_us/Invoice-for-you/
http://gabzara.com/xXPD-gMjRH_PXhp-z9/Southwire/UQI0924447731/EN_en/Invoice-for-you/
http://gelikatakoy.com/FCFVP-apO_IulAiwrp-TdF/20227/SurveyQuestionsUS_us/9-Past-Due-Invoices/
http://girlsphonenumbers.online/nDiJu-Z8WF_mSMXHA-Ze/523408/SurveyQuestionsEn/Invoice-97962184/
http://gitrgc17.gribbio.com/suVxF-LLHr_nMDmEKAry-kMp/INV/19384FORPO/579328450530/US_us/Outstanding-Invoices/
http://habitacaosocial.org.br/bFHSc-ass_rviqgP-CZ/invoices/34036/20577/US_us/Need-to-send-the-attachment/index.php.suspected/
http://haghshenas110.com/QtJO-9T_BmNud-SM/I16/invoicing/EN_en/Invoice-for-you/
http://hillcricketballs.co.za/SHso-vDNY_vPjejWu-5Qw/ACH/PaymentAdvice/En/Open-Past-Due-Orders/
http://hireanaccountant.ca/KoEX-rUkAr_nHTQs-jwF/INVOICE/2714/OVERPAYMENT/US_us/Invoice/
http://hoatangthainguyen.com/SNpq-H9k_lpu-ir/invoices/8060/91517/En/Invoice/
http://hotelkian.com/CLNG-bwMFJ_kdC-VV/INVOICE/1747/OVERPAYMENT/US_us/Service-Invoice/
http://iccl.club/cHiMU-hL_CZbOd-dPq/Invoice/75229868/US_us/Service-Invoice/
http://icta.futminna.edu.ng/hDmDR-mY_QdQoMIYLa-EPi/ACH/PaymentInfo/US/Service-Report-92561/
http://igsm.co/SKkWK-AO_MweTYfa-cV/XN307/invoicing/US/3-Past-Due-Invoices/
http://ijabr.futminna.edu.ng/kwMKB-o07Y_XEe-v2M/EN_en/Past-Due-Invoice/
http://insomnia.kz/PcdQQ-IT_U-BP/EXT/PaymentStatus/US_us/Outstanding-Invoices/
http://invfactor.cnr.it/sites/files/YZod-XqHJ_rjfHhBGq-STt/Southwire/FYH2691283986/US/Companies-Invoice-72445385/
http://ispytanie.savel.ru/LvKm-ml_FeTZBvsm-or/EXT/PaymentStatus/En/Document-needed/
http://kamelot.marketing-pr.biz/PVtMe-r4MK_o-At/Invoice/0777488/US_us/Paid-Invoice/
http://kpib.koperasimualaf.com/BSWx-FY_HFAcQr-J7/EXT/PaymentStatus/US/Past-Due-Invoices/
http://lacuisine2maman.fr/wp-content/aiowps_backups/MJBRq-e9_ybclD-fc/ACH/PaymentInfo/EN_en/Sales-Invoice/
http://lepdecor.kz/gpEit-ES_wuIlxq-JIj/Southwire/CGW6869413828/US_us/Companies-Invoice-1818417/
http://lostri-o.com/Eagvj-K8Gfk_yniM-r3/1323237/SurveyQuestionsUS_us/New-order/
http://megandilmore.com/eCbC-Z4_wURIx-JgN/INVOICE/9060/OVERPAYMENT/En/Important-Please-Read/
http://mexventure.co/FmHTa-LF_qKWPcSmmO-32/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/EN_en/ACH-form/
http://mike.trmbldigital.xyz/NvCfP-WW_C-Lo2/invoices/57170/8048/US_us/Open-invoices/
http://mimiabner.com/inDi-nWBI_Dz-FEA/Inv/370605467/En_us/Invoices-attached/
http://mississipi2011.com.br/YjlLZ-93C_gyNsdMS-LS/InvoiceCodeChanges/En/9-Past-Due-Invoices/
http://mountainrp.com/RqlIj-s0q_zwNX-GGO/invoices/6237/3130/En/Invoice/
http://mutevazisaheserler.com/wp-admin/images/CbBN-u6voJ_A-UWl/INV/990951FORPO/349615905750/US_us/Outstanding-Invoices/
http://mywoods.by/AaLDx-y4n_nsYpLFOvd-T0/ACH/PaymentAdvice/En/Paid-Invoice/
http://nightonline.ru/images/WxOF-XbCd2_CbFEO-ZP4/EXT/PaymentStatus/EN_en/Invoice-Number-992023/
http://nrnreklam.com/EDbon-QAXP_kcAQbMrZ-Kj/InvoiceCodeChanges/US_us/Open-Past-Due-Orders/
http://old.norsec.kz/WELx-7b_e-50G/EXT/PaymentStatus/EN_en/Invoices-attached/
http://osteklenie-balkonov.tomsk.ru/ziXn-hS4_ZIFzQZ-cK/INV/2166303FORPO/5509690939/En_us/Invoice-Corrections-for-57/96/
http://pkgnie.org/KximQ-wH_TguqeVx-5u/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/En/Service-Report-58623/
http://pnneuroeducacao.pt/PifW-s8RU_gaILJP-MK/INVOICE/US/Invoice/
http://pornstarsare.us/uCVph-rF_PjxL-WK/EXT/PaymentStatus/En_us/Service-Report-78304/
http://queekebook.com/sDmpl-Lz_fUbpeZNBY-X5H/Ref/447376029En/5-Past-Due-Invoices/
http://saba.tokyo/bvylA-EemK_LhXrOC-TsM/invoices/8975/11756/US/Outstanding-Invoices/
http://saigonthinhvuong.net/BBPJ-ghmmb_PLTKk-NkC/INVOICE/76712/OVERPAYMENT/En/Paid-Invoice/
http://samoprogrammy.ru/JpZT-5j_LdUm-c4N/INV/00184FORPO/306966676496/En/Paid-Invoice/
http://satstore.kz/gmcogp0/KteM-N4_BGLMkVPih-jA/ACH/PaymentInfo/US_us/Question/
http://sellyourlcds.com/iOgjn-QlFST_W-Lu/PaymentStatus/US_us/Question/
http://smemy.com/NEQl-QaW_yaoYr-Ivv/Inv/8256500998/En_us/Invoice-Number-434525/
http://southgatetower.cdd.vn/eKvu-xUU9_PVpPIeWCZ-Ky/Southwire/RCY27635492/US/3-Past-Due-Invoices/
http://stationhousepubandgrill.ca/bZfce-Iw_uK-JZ/ACH/PaymentAdvice/En_us/New-order/
http://stonerholidays.com/AXITK-OvFmm_zWiYddo-En/Ref/77641969EN_en/Important-Please-Read/
http://supergct.com/oTiqU-9Ak_dedJvksoj-3oa/Inv/4572833131/US_us/Paid-Invoice/
http://t2lisboa.lisbonlab.com/GxCR-4lm_N-Be/INVOICE/2769/OVERPAYMENT/US/Companies-Invoice-7952621/
http://teknikakuten.com/lhlN-jeTpj_El-1DE/invoices/6023/30895/EN_en/6-Past-Due-Invoices/
http://thales-las.cfdt-fgmm.fr/QQsv-mm_YlRdr-nD5/PaymentStatus/En/Scan/
http://thuraya.kz/iVIg-wWj_tCpHue-kR/EXT/PaymentStatus/En/Past-Due-Invoice/
http://trehoadatoanthan.net/dBsSs-Kbz_I-lLs/EXT/PaymentStatus/En/Service-Report-15060/
http://truongtaynama.edu.vn/dyhW-n44e6_i-ox/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/En_us/Question/
http://tttcoiran.com/ufpxq-pxxxE_IPCoFDcbU-qlw/EXT/PaymentStatus/US_us/Open-invoices/
http://uanatabeer.com/wp-content/yipBn-Yi_K-exH/INVOICE/3139/OVERPAYMENT/US/Overdue-payment/
http://uogauoga.lt/paxPm-TtZxW_gzi-4A/ACH/PaymentAdvice/En/Invoice-receipt/
http://valkarm.ru/scripts_index/FpWrH-UkN74_gXD-qN/25517/SurveyQuestionsEN_en/Question/
http://view-indonesia.com/bVoqy-yxTn_jan-xu/Inv/87272621414/En_us/739-39-182432-089-739-39-182432-807/
http://visiskirtingivisilygus.lt/BtLG-x53FA_YAmJC-Hsr/PaymentStatus/US_us/Companies-Invoice-8021965/
http://voterscope.com/wp-content/dwlCH-UOO_VBc-ys/INVOICE/2175/OVERPAYMENT/US_us/Invoice-7923598-January/
http://web-cude.com/wp-admin/rqyG-lwkKC_lVVM-Zl/INVOICE/US/Invoices-attached/
http://weresolve.ca/fpPb-BdXn_iUXzU-QI/invoices/19509/1739/EN_en/New-order/
http://www.avis2018.cherrydemoserver10.com/cdFEl-tRiQ_f-hPf/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/US_us/Sales-Invoice/
http://www.devitforward.com/oHMG-YW_k-DP1/invoices/35953/32140/En/Overdue-payment/
http://www.fyo.com/wp-content/uploads/vTFC-xx_uhnS-s8/V75/invoicing/En_us/Outstanding-Invoices/
http://www.odishahr.xyz/pQSS-n1_xwRKva-Lta/ACH/PaymentAdvice/En_us/New-order/
http://www.paulownia-online.ro/VHlX-8C7_yG-Xo/Invoice/264120211/EN_en/Companies-Invoice-55672640/
http://www.pronodujour.fr/MhkqX-oMP_X-qN/INVOICE/5506/OVERPAYMENT/US_us/Paid-Invoice/
http://www.rijschool-marketing.nl/nkRfr-y2U_hE-Quy/A623/invoicing/En_us/Paid-Invoice/
http://www.sp11dzm.ru/osPN-j6_TaargVDi-95/US/New-order/
http://www.tovbekapisi.com/ceFx-688_RiglAtJ-L3J/US_us/ACH-form/
http://www.traktorski-deli.si/FRSi-b5KK_CtJbc-Sd/INVOICE/67622/OVERPAYMENT/US_us/Invoice-Number-73756/
http://www.vapercave.co.uk/wp-content/RzAnb-0wE_lKcMFHGB-P4q/PaymentStatus/EN_en/504-66-158876-840-504-66-158876-846/
http://x.jmxded153.net/y.z?l=http://thuraya.kz/iVIg-wWj_tCpHue-kR/EXT/PaymentStatus/En/Past-Due-Invoice&r=11940086345&d=271873&p=1&t=h/
http://ybuzzfmdy.cf/wELU-oX_gESWBu-e7/Ref/770157954US/Invoice/
http://ylosfnetdy.cf/VMPPo-mF_t-7UP/INVOICE/EN_en/Invoice-0784171-January/
http://zapmodulservice.ru/ITrgE-3BI_OXECDMa-i0/COMET/SIGNS/PAYMENT/NOTIFICATION/01/28/2019/En_us/Paid-Invoice/
http://zizzy.eu/rFmwe-2SE_IA-QZ/COMET/SIGNS/PAYMENT/NOTIFICATION/01/29/2019/En/Past-Due-Invoices/
http://zmogui.lt/jSda-p8Q_puHqDgG-Zp/Inv/7297704586/US/Question/
https://linkprotect.cudasvc.com/url?a=http://www.devitforward.com/oHMG-YW_k-DP1/invoices/35953/32140/En/Overdue-payment&c=E12K81ivlRwJEbGHWz5rkuD4zz45zc649JANxiM_g_N6XT-ygijWKStfF5G7EOXE6S9bHU9Ikp-E6BhOshhH7G5ucJprdtouSNTovHCKACA3t6OQ3UJ103oyc&typo=1/
https://nikait.co/wp-content/plugins/all-in-one-wp-migration/storage/aDgR-x7_uosr-4y/Southwire/MXC616892622/EN_en/Invoice-372965/
https://tischer.ro/fhov-aO_ekG-5k6/INVOICE/EN_en/Invoice-Corrections-for-23/99/
https://u9362720.ct.sendgrid.net/wf/click?upn=FkgLVrkReMLPH6rsf3o6UTC4y8Xn9TTELg5Dj-2FEvJKLssnyOlB5dszNlwH-2F4-2BvbT-2FJk8HItsL9T5-2BbDYQVXuqSAii8r44th1OWcbT3ZEqoKD-2BTBcS3F9J2g2JMaz-2BPei_zjKNohKKy6zvRGb51v-2BzNkRVmLUMRSNk6d1gNPNOWdIcSIx8OKOsbsVagGv1CSDDV1u9uBwzlJgDATvEYj3srBki-2FcOOrOZuUAL6gB1Ywvj78eVYjSX17o39dy-2FSsR9ZCDDxp1HeT8veK8SAteN0nL5DL7ffRsgOaWOEB-2FcN24CsJG7XCyp3Lcxnm0yFDsoPfXrBtOEnXH1fsJyVUNUoUg-3D-3D/
https://u9362720.ct.sendgrid.net/wf/click?upn=vdSKdPosac-2F09EF2p1pq1bHikaLLHkeYrJRcHX7suw8EQXtcmAsBQiHnHdn4W6Y8vuzfpWYMxy0TS8N-2FcatETJyX6ae1LzmMvASEdhpioRBk5IJpuhUUbpCJEuGKxMVl_L-2BLqrZY11HurY9nk3ij4uEbx2h5r9sT-2Bw8i0Y1yTKnxHHkaATDeJkaujbPEveDpSaMvlzNyffBjGs-2Bk2YdzmqcuuRLOLxUTapNQbBBfC8SFUeZ0GNPH-2Bmz-2F9mxJdNCJVbXUTmBXGgyJPyUgKRqRRKIu-2BGsBZ4BkDCfoaTyYFUtREOzsOrr-2BEX9NBi3Dv14juSvlYUmJ9T25AA8gdQmJWOHAmvrbW0DZpvlq7r3jOvhI-3D/

Epoch 1 Payloads by Document SHA256 - All Times UTC


Creation Time 2019-01-28 19:59:00 (XML Based - ENG - Orange/White)
SHA256:
65a4f345a99ec09d7455f85e20b065f24af50f70b786d0661ae1650570ac5582
67e00a7ea332b9a4ee4afd26153af40982001236a56e4c1d653aed1ce3a6d0e3
91d867a6ec520563d9fc9eea6c32322a68f385a6a7c0730c224f70663f01ff25
abee6b40772fa86e704be7a5168ba9cd548d457191e477c7d88e8a21168ffb1e
761eae1fde6a81eed50ab31331076969f6da3d380272d414cde95bfc206f3674
482173a877c35882c227f7de76e3a94d21bc2232a7c68c8428d2c972077a9b49
58ea9675b1d5cad5133b97d1821edaa85ddec629811537ae3ffdbd6b7bb34151
3127a4c0e32d6ccf1d3fbb358cb5a555b241184a5e0b1fef6ed58ba883ba15b1
5c79102444562b4b2723903727eedce1864038983b82d5c34e01a154bb6e0257
3e37d1604f865b8b941c7ef62f3d821f0666861afd61cb96d8ef2c40253813a2
dffc952cef9ee7bfca6c75fbdf0f443fb600b0a2e2307f2068b734c2a97e7658
96e600a560cb198246478051a0ee83c76025cc2362201fb8c2568679fe113435
21ac00f9881bdec79e953f5b17bfc41a39b74f7f584c228a88783fdbf6b2f9ce
f32f5d66c40f1427f199f3f1f911393ede2526ce89dd34af8c5908a2a15a2782
338cfd3dd61467bdd05d2c1451f44645b1d15c6e972ff941fcaea25a7b7099c0
28132a8050ad76d36463066fc29e1dd81fcbfdeea61c8ebe4be3dcd04aae8187
adad82c8946d89f1adcdcb09137f6bc51d7268c03b5824f0577da46c09f421c2
328dc4554a2da914856614818b667bf83e6eb7e101e4c786650bcffb36e7718e
8a6af907642ffdeb182c3d8b4239d4c5163be2b865c66b6e3201a722e54920d5
fc8f9832eed3a1eed316571c5114a8f947279644e39e8416f0b991aa10f9320a
739e512157432c69af2452b880e7d81f7223e50ae94c6088857262eea004a6ba
3435c0fad22db6feefd9e8f1fe9d4bd580fb5687ab56fd998eecef62763f3021
e1286980c7e43f132ebc5ea7936ca628cab8ac562f70cacc3420b77368c4ac55
fa7a036be7832a34a9116cb90c1d14c6b81ab9980bfa945d7e87031fe310751c
9f0005aaff6ed55268f0aa7d2a36f8469d8f2250b700828d85136dd999288877
6a7ea5695a0ed7dd7e66f9edfdd02a6accdf398cd7b551a70bae6f0cb6689be8
4fdbf5dc03d0c4693409ecf98b6a176bab4d8e1714f128bcbd68af6f32009d88
c76b5084f5f89b8182da500e565aef63a907d9bf37bc17a864b7e213d09e94d5
2742f3d26b10e12bb3655f4355f855fe39434457cec9a23ee8466244b5338908
9bff6bb204e3828916ea87bdcdcd90a779df601bd402059f8cd3c20e2a57022e
825774fda891b78c7d333f5cf99c44949d3b56d019dcc30570c3b5a778a9b0d9
530182047f76b0c1fc862fd558c0b5264ea9d1c8a1d9e45badeed77f170feec2
831153ba400a2cccaaa4d5350f85de18fea7d55cb4f12b6670dee8d4d5c555ca
d22047514234db1af4b890a420cdd1f77a0d7a6bbb37eac8ebfe1f58f0620cbe
e7bbcc8ced01106e85072345e6e9c1edf2004bfda6568ca384381ddcb8d0de0b
d3839e0533d74ac565ad4566179ba743a12356746064e9e0f5f7bbfaa9f29053
18c26af99991382777e622b767a47f6843ac7f04ddcf68ca48419b07bda5438c
4cb8d296be7ff7bf66b15d52c00988962459fb69a232a45bd2b10f01c89f29c9
a91cedc5ffef0e622037d278b33394d4c40a9ccaaca215ad37a9862d16e23f5b
782d30b26266b3c6824c0117bb1ba67756bb39d82bad3fd6868173b6b0ccf0eb
a928f7bd465c8051d6e72898fe77de4e745a1201b6a4d88b899b9624e46c59af
8bad4dc0084dfafb70a949a24fc27396b1e044338c180b73a0f192aa848abe7b
3140b1abb4032a6d6bf22729c971ca31d277cb68f73ca82803370725c34eba00

http://mhnew.enabledware.com/wp-content/upgrade/1Qvuku8g/
http://maquinadefalaringles.info/Us1uHMn/
http://5072610.ru/YjNBdzFKT9/
http://bietthunghiduong24h.info/oVQCPSWV/
http://ustpharm89.net/sYr7xBoXx/

Creation Time 2019-01-28 16:46:00 (XML Based - ENG - Orange/White)
SHA256:
61e13125d3b6ce9874d7127e13f49a184919401bd0c6b7396c603d4d05581d5e
d82a3a634830bb9d2e8ab75579ba75a9cadaca93aa700fe78714b72579a4b3d2
ddd1d4527da20f7d4218d42602d6118d08d6ceabdc22eb627afc091b1aa178fb
74aab715f4a421bfa04cb80eb7f0e6043746a23d45c5e08aa781d7e487cbb623
c97c90ecfb04f9e011547130ae34f89b1ce45dc002d1456a2e93dfa431c77768
2c764390ede9e20bb230123058bd0180f77ee8de82acd3e2bea33ce74c269a54
d8563f68b4e1892419aeabf07f839738ba55a858f20d42d0dd3d5c7ab55ffbe8
1fa8c12835a204772123ae932bb7402ef6ccfa6da357b3a82f46227c6b0989d4
fb58eb9c08ad0f3d86096c0cc189974fb543eb9b5fb707726c5297a51ca9a87e
93771b4e6650c23ce4dc0bacca1e380714db26d38816c333e752402d3009cff4
e0b4f4866de8022cfc184d30675f6c96e6869c0413ac910fde2b823fab0f0009
5eb9de8f8dc718bca436e988fe095e01ceb123019502e0d606d30fbfc1840e47
8ce92c822eda911cf776817d53fa8ac15496542ae21a385d032ac8499a472636
c7c1a8997f158560af753ad7b3724a700e3399cb28b7916f3dc20cbf79e6ea7f
2a10699709af7c35590cfe559027ae70fd3aa8c5001d7de1443e5a92edd19e54
732ab0ddcaa1c4e9b3dc8a9265e6b31fe1538e3e081ee4b5123c4119051cac6c
909c38f72a418c947146455fadc402c09d317914bb39fdd0e7a0cf7f4c02dd98
0fab5bdbb402f5052ba17a2153622a91f43b4d87c2afdb5e5715fdbb1e49c059
7e9585dbd7a4fa6ca41e653ee790fd03cec5e28f57f007c0559554d0c1f778b0
5e9c8b317442dd9d5b2beadd4c96c68407e98a104ce5386a5ca4b418be231775
915e95fa3bed9ce717b11e1bbe1a4bd1557801230464b56a3c1fa0267e40d3bf
d7c61bad0ff1f24516e3fa543ddc1fb005d0a48a89305dc48579fa2e8af247f9

http://jaspinformatica.com/kNuIiaBnH/
http://dev03.codebuzzers.com/7JJwTSZ/
http://dolartakip.online/ieQZgNVJH/
http://dinhdaiphat.com/wp-content/uploads/rRsvlNI/
http://drapart.org/nPOi41tV/

Creation Time 2019-01-28 11:17:00 (XML Based - ENG - Orange/White)
SHA256:
d1b05411669f21c2da1f464ac9295ff522bedbb1caccf6d4acca762b82bd54e4
6697860286c384ae5343a8c799cb96ea4b5b25207a90d9389dad27d9d22b1609
ca8e7615699b4af470d5b4c8362b271269396f4da9629bcad6b1b252aa900552
27b1bf73740bc93ca2a7541147cf84e397f4865847dffaa694f47c2035104201
15dfaf5ed5f44fbeb9636c03c3bf0d4dedfc2cf5b3bdfdf26da56f57d36a1b18
6752ba01de3ddbb36cbed6a5ddc25873235b1917f557d38f54fed90435f62161
857e6f728e9cf5c7a121161806c726dbbc86b5a79e68a2f2d280b5c492548b49
7e4de9b9c40856eabb03384f3472aaa4cd51ff291eb046044205dbc83d9270ec
1e207474a152a8728886852a89da2dd5d1906a06140ae28e85fb8d2d7b35f33d
b501801ec2818d0a27afa76867d961657463e6dfee7979c8ae9bf430b79ef256
6d493d534086107cf2cbb148e658e0abecce1ff4a79d2c8f09b49e47a6182a6b
76e784a71e49f2e3b7c73881abd011a0c29258be1d34f2ffe14765d4014d99d4
052cc61771cbbee87ebad30f685a4467720a551c6e2fd0294554c09f549eccc6
4f6d99751851538effd107a250f7a88d8196aaa3f5f5c940e64f5d69afa65cc8
9f0c755f76ed243581454954a2a33991fc8d795cc02fc359bfc3ebe6b9890013
832f672b351d88d78177573a5296f4eb0ec77b890e1a15b71a1f002af980cc33
1278ec4540d3d297ecdc0be05c0e85d7262338088ae94e06591179232beb6285
bd5c5670d64bd5278c81257bf52914951174f79082c4b5285a7f7e96a840107b
97a2c1308d83a674503dc8082f6d5fe3a8413fcd747dd9f0696725474e5f7759
06fb80743a9ec5640d444aa0e2c209821e9f4bbf01e389c6fdcef7d6735a0b7e
5fec634195e2bc6e362db72cd1de6ee92cc359024b38faeaa06dcbb3a492edfb
ac5680aa0d709c33fcd93a029ca97baa0a79580ba0142e542b5318908ee4e996
a99df2903e2c8d9cbfb3860baa0ed196a436a3866884b14b3105fc9699357d08
013eb3990a96b54d92f1ce94fb05b5e7118b9dcfb85b304af6b01461c29a727b
38cc90964ea71555a9f665d42cc5a078b8b83df1ff20cc4fb20d8465b2bb3031
4f53387f7e45da38e4a238014a542f178131edc7468da2a9a80cb601b72c332d
5ee3536c7806441d89fd5f0fcdc9101da66252893c0a5d848e3684e4f0b1252c

http://symbisystems.com/33jw2vz/
http://www.ermaproduction.com/wp-content/dX9Qujq88/
http://eclectiqueindustries.com/eieC5cE/
http://jongewolf.nl/95I0jws/
http://billfritzjr.com/6RR99em0pT/

Creation Time	2019-01-25 18:09:00  (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
e6670dbdaa8a4bd42c8e0ccb3c230c55c8e079db98248325d2e42f1f834e1856
82a827da4faaaef946204e03d283dace1f5a89a6c5407aec46f6fde6e1595686
13367393d9d148052fda0bc3dfc30845e2b79f9512762afb308fac7845f96b3f
cc0ba4e544320ca57255fb28519964fc761932953fd7e6625125d0759e186408
dc6fa70e565713a494a807bdb409d93b265fadfb55175dd7a9929c6aaa695029
064290c398ff5f5d91d0b1baa7294c4bda2c9c264e036f84d16cd67a1ac259e6
c1f80a87f0f84b013c5ac348393999d29cdd496b7d9ab0a394356cb339b3d4dc
22aa3df10d5204453d2af2c41f85a0ca4a5662cb3be2be243866f3bfb9b8a43a
6df8ac1b82796f69514ac94010081245a7772e4e65ea6931ca1dd8aaeebc971d
15ccee926260c7ac95a234efa04e72b6c178d9fbabec664776e7b98b4e46ca88
0a255976626ca2cb83db142e5692385530760847522b7edb231dcbef92e7e343
e2db7db557254d7fd12e750999241dd44d815548070b1a5763f290bf5e20135b
3f55a2b305c4e402037e738a2278c4a7655ebfc0ab52b50dcddad1539539ab2d
d757f681255a5777b8b27008fdf4e4f9ffc21655fccb471671e250c864142694
0b224525d261dac5222512b4766c9f28c9ff507e2fd8518af0ff2de2a168bf2a
dd158d6f73a95496358dd5599cbe3ed2c78becc7e9af06267c083bc31db14fd0
12a78c5bad7498d94c6551ad5183f116e0bd611ff4ff4ffd931c77e8179106a2
18ff8f353f91db4eacf6e6e8ede40330cba416853066f0dd9a2118a81b92aac0
85945f9d3086d0fc0c720abd907cfe98424f3f9253aff27902f667ff20cd44db
585c35f5a6ac3ffd2ee3ab7977cd016ee572226852fb7747538eab7291885e63
c8c5e3d5c4d6115d4a6d3375b77baadaf7824799680f8b8a66543b603b1e6996
186675105bcf6041496c6f1cf3f82e3625a89bbe4a77d1a36e9d57264efd975f
823b85d1a807365a221dcd31b17695ea3ae6675a5fa87d4a6aacba21778f6c56
a65e97e7e409a92aba51ba9a8cdf782a51ea83e2790e9355e765c45faf76d7fa
fb2650357f54ffe4584f255565bf8cc9f6920530024b6ab1be74da0a846d9ae3
b83681faf7f5c782485d63f02d7811a15c1e101f7c5b8e513d70f7d72dee395d
126f248302598d9ff85fe0a40990a6a54c97ce0e0d75c1e5dd087eda5e1d2026
e3a9d7938993434a80d22563ac416585375069aaf200e525acd33d503885fd4c
6a83f5f131c68f4407569894a645515105887c0429987cca0ce521ea8386ec85
637f8c64ef0ffc10c1a7b83318d3fd11e1145bb3d9d2f057a4fdaf21b42a8074
14a7a98a5112670a720954db3e781171bccef4a64e46abf8dc797412f06cd6d7
7578cb5d7fdbedb58af39071aebcaf5a79802462eb9de815d88496a096135428
7dada1cf0143a4317d584fb4ca426cbc8530b4ca6c70b8dda6cf253d023ea161
2f452a23c546181b1182416e80cf41c6c17f8f896a5702943aa8400022bfffca
f2a9b814e81e89f5a88322a21f7324c5a1f4ffe1616d4cfed2c27becc8f7361d
ce30fa7953732d651274a2aab3c100c55340df06fa1e669eb0dcd9f1a3f9982a
7dd96bb8860fbde286229161989785b01b35f826a064489f9ff966dd0ab2da2b
13f5f1c78fcb67cb11db707ce647060213bb457f5f2ba31a22be7520f4a87ae2
318e8d2f1de7ef91c5d742e93802d15738eca94d59709c51147841c419e30043
a350883dfb9922f900a2a8b7fda2f3f39fb1460539c1692fce0b48ea115858cb

http://bloggers.swarajyaawards.com/wp-content/HVkwzPX/
http://dev.umasterov.org/Ks930TSSPA/
http://www.grantkulinar.ru/NCTIn4jMv/
http://www.glazastiks.ru/fTq86CZSl/

SHA256s for Epoch 1 Payload EXEs seen on 01/25-28/19


ba72c153d0f4dab8e7a15d90725203cd2d75207a21134b6aa472e986f0c59f1d
d0b6aa22bbf5d8b76755926b3f917f7f22948f0aa4b81a19c9d6f330b409fc15
9b2e55ed819ae9e983103d4840ea156bc9f29ec7c9c8d256671b4bdca2322a93
c16e72d8c0eb59c1f63f196fed5abf2d1b3a8665a809133839aab82686571818
7baf734c18963b94f327d87ac2eb4dd87afa6d7da17d330f54469ad71cc708cb
5e218dbc7fe77de72d4c5c008606cfbe7b5cd51170632c88ca1ced8071a42ce6
16b075feeec85da1cf6162d27fd5a14f190ef21289c6814a166bf080b06b7113
98ff098faae3f3f78e24f92841d3f0bd517970a77e3d9c093adf67634ad2ea6d
4cb3227cfcf2cbf2022cedebcbc59119f6abf6b94e29bde94ac977ce9358985c
c01492b5116b7fe983cb131eaf1e53311d8a12d31d2759d2db8659e518fa447a
1a275db4c5420ca1c2b7415ff5c26374057978ae0ac0f934f3a89f2d3298be6c
acb0fae0316b68e250ffddd0d45e13e978e44fd20cd2a7246a83e2c8bc1337a3
f576b28f8b904afef11acbd66864673cafbbe197fcfd8a380d21b68730a6bf3b
69e1c991d77dd3d92e7c1d16028e888db2eab0fef5fb769f69f9b1cfbf422d42
14344b93623ab4ac02dd296f238611b405e52d43f17433fae4e6ef9d75070c10
d413be64df8a32757fb34e0f8de285cd541a5baa0491b2cc0a37a75b403ed5dc
4c8b8a34873f6b3e2d2eb74ba232042c16eab67015d958a1ab7aa1a23012ede4
e3d15919ac881ccbc0732b2c6879ac9b2d1c9bbc264782416750b3447a4149a1
96ef4bff21a245814c4d9a470e8472ffdf5923b133a85b4abf04bcc958dc4345
c2fa324826c7f32cf86ddd613946e9628439fa3a41e8b1400d160861a0ef3721
d32729612892343f12c2b2da293db0037928bee673b5703a7faa6af9d2ceb375
7b5c33da3ec4034642f620bb0e1fa361e4c3ac468499bd61225b3ce8b89dfd93
7fd37913c030b593566181eac32f9c4ca71e7bc1682a31108e96e29a24029289
f82980ad93d5a5a06f315f879efb605b2a1485b771b374f8f0e7726422d90f91
1e20d939a8708de79e13c33035796eb8fbf1f2041cf351060b64528d3ec33dfe
d6aee61b03c9ffcb1724b28c421cb2f981e02387151f6ec7a215e0271f17b121
cc53c9a9d01519dce234d1ba664c03334ef6202fdd29c9562735077920106a62
840b6224492b9f5f1b1020ee3c52021c36047466525cb13d97751d03f644bf31
078607bb7ec88547647016a4a09d815c2596a285a67d3b70c7079bdfb85c8b3e
557630997104e5146d65c4b0ebdb6e491b103c0d51d02cf9176a752b3ba3cee1
8221f4fcfa05abe8d0291263dec56d54dc1c48a92fd0976c479219aee853b64d
efdb9e86cb0025efc9cc5285af260d5ca2b961bc3289e52c930e3c985c0f2165
40bb1df0632b02a874841eb1af1a4107a65c4163481ec83a61be3e38cadeb190
a982a063f67950243cd46130cb23e7d8dc8b2c0e938fdff56996fa443b76bbf6
52832fdccdac5bf5c69c220720af7958db6e180be67440561005ac8b1727bde8
94695b9e0955ecd80e2351e6b6bf60a40900820f171514785214f5c98356e9e7
de155cf9497e0d3de10642381a3d2664fef6b5c4f9b328424e410d787c1afcd7
f4d37c26d3587adfca68c4b1488a39afcf098228b004b6dc637bcdae8fffb3bf
56adf9a2edb167774e8ee3245b8b84aa6929ba324a96dc715c9c3cc7f5b08b1b
0129e0aa9340e8a201bc1317f457404f0c55c6e53fbfbe936bbca4de0fd3f8ae
7fe44ba72db36f24da22a03efbd1d3712c9ed5c49eb9ccf205309df2a75bdcee
363822727e17bdff1c502fac03d4954ac23f5ba44133c410cc5094a4ee814cab
b2bec8fef4a6dd4f74ffb494e7386a8cd4dd5c179177782fcffb1bc519042342
7ee8a9799c8d4330abfdb28208f221a9aebf27cf2eb4bdbc2ed41d4adc09934b
f19a6fe5076d4eca1c2cc3207d69dd8796c954d6ab5af8f1e0be02a46e7f7017
21d4cde2ce931efcfa5d47fb02459d3dd92778796415d361c80b17c919599f26
8aea849cb4397e181189625a8a575eec684ae0fe7cd522484eb09c8a84c342ec
2d5e1969df98c6dc2b49cb52c626bedfdfb3f6ec937aeb31264b92887d7a3602
5aa82965732c8ffbfb6babd3c86b0259505054d9ad2f39f5ebe6eb290b2e135e
5402046c0d6c85d70ffe012be114c0e34a9ca80a1b8be9e47c275db93680354a
38d115ad77a4652950a0c144fa8cf19a0bb26d76b85b0305d25b423c057871fb
06b9f3427d823c77d3f268ab704f27e36ee5d4864b7a970dc12d1e13a4ff6304
2e79d7c273b584a944af282f3172a2780dc3ef01c01a7cd56fc495f5737947a0
8f9c2b8e2e513eb3896082abc1b27f7bfe6836e9e3fd4dbc9eb144adf97fb642
8d6892c329698e5dc9e8a22e55199948244cb58c6a917bd206a698310f717cfa
3858e151f787f4bfc1a4594c58dd33d98e706672569172a4c6ef0eb14375e82f
ffd3268d7cd0a1c02e78fd2dfbb1027ef18aad0661735e21e1dba831d90558fd
30b26d02e380b356c48ad87c5c94d4ced3430ccb14b327d65abcb125106901fb
4bc449bd62d63a4343500ce79c18beae74a716ffb891caad7629a31c9359ce54
1747d3bd671d7bf0ae0921ee24ed3252e44fdd6731134fc5950975964004d279
0aa45d6761bc92f66fc9dd02788bb9430640d410a1860fc3baa2e4d5b0bda68a
828dda263e96f5928d0fc59227bd835eacdcfc513143bb1c4d14cd835f894b9c
7d4ba5a21f65724e6e160136478c77aaa3448cb4d2218b6b29c167822d167284
c501516318fe5c960ad0d7a53055a64dc11429fce161761a9d13acce512ee5f1
cc668952562e73aac578da5a2b5bbbef3034abcb75bf3236cbe9a0864c94ded0
a98ef4b30764e21672bc1770c6ba5aa2f565cec05f0496c4bcd74d5881d491e6
b107d604f03d67da392eed09fceeeb380c0c3d6eb5703050acbd0a4b2dbfeb01
4b5c0be3a7f5c6a368369aa433e45402c6f556c14a8b68e2d39e55e35c1b33f7
e0e6e9ab5fb53869304ddacb67b6c02ad3a487d3aa9ae2bb31c593283d70a6f8

Epoch 2 Payloads by Document SHA256 - All Times UTC


Creation Time 	2019-01-28 22:02:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
e859900e99ff5568a0b79c4b36adf74264192b47aae7a91818125e6fd05038b6
7f8c46419cebfea736e95cdf31f491bc99880c70a46aa3eaf834b4bde8732477
7efbf4e74c9abed84297b3e9041c12435b54da9fa538cf26a2981fc4d239b700
84dd0db8b596783569f174e9e47d1ef634c651ac9969f5578a4cc50951050fe9
5ff2479f3d9744a64de66f93998ab5d1ed6e24748fb2673834449416f4a6b9bc
3fb0550b6078f28991621867811c0588ddd64666fe9fcbd256f3aba01f14f001
85741be6cd84c0a8b2c88dc629e3a9eb5e58ab628b593d35fa47113b6a7a6a9d
ca5c58ba600027ca88444ddb69e0ae8bf58d51c42ab4774c914daaa5861e23ac
a404f1217ede61a38d6d1d37d4ee8aa2d1b282f10e95cb7d480b768ef6c5b95f
6e7e0fbc239895aa6e9adc9edd1ff7d0e80bc3bda3835f48bbdc1861014ea5f6
43ba476ec2d076b31e126e45cd302ebccf404da4c4d79cb2fd78d3de74fb95c4
b08c21992e7975e996c937e729662fadef12166989249f09f1be2e75937ac692
23e046e06e56ae7b915149950baa84ec74c9ecceb9e5f5d9e025c311980965ff
aedab8e4e48a086d36998dbbf9a8459832eeb8d43fff3a43e4a1b771db7cd241
dcac959d00e0dd4932ad9f6f0ff9d93085eceac80c22ba21645186f9f8ba30f2
d94f70f220e25e182cd034256e9dd2cce02c43475a2839321f70b681cd935833
de2bb793266537420fc73fada4eefa10000eb7b066dab17d345b55d1f08fb020
1ec20c8ac1de34df5b38e08a870f4ac75c190f69618f6dd22eaa8da68ba94db9
c21c033f0e993b41e8866e427740db33043c82f189cc7c43bc6b32b3e11f3dab
625206d6902be1b9ed960291ceef5cd85fa6891425c9c92c02c2f974e32d55bc
a4959649699e5f97b345a982c60a1b6bd04d96181e9a3bbed216dc74c40812b7
d4646db49726d6f3a6bc761315b54619d03ed5765822056f6cf892bd48c71c42
9e1893c1b6b5a9437ac0921609eff313570dca8bc1dce4aacf0dc889a726cc13
521f3cfed6f9afb40900dbe297e004aa5023ed36015eb7bb8e603a70e462238c
99df6d0a8a0f467e1fdf7d535c2c364d117de8abc19ea0e54f4fe91a19bb5ded
d54ff257e1c837cf18e47ca69664f5515d0563d3e1cf3292580abbd7b1e425c7
cf2412bdc1e7734469cbbcd7a5d9bde0a9f012cf32c0b417fe02f189a64e3e42
2885aaadb20c469c69670edf1867c64c1fc71e5abfaf60955da6b83842b0d6c0
11858946644eac9074a30db2e5abbdf90e4d71e9200e7509bc9e0c98589adb66
a0e1d434f0ef7deed9b25c83df5a6c4ca6436cfcf340b5916d4c815649ba2472
1cb8449404fd676a4462cb812f6997c0c8ccf7ab86c16158ddb1cd40f8e0543a
f4dd2d3a0e9099b8a22c7c9af9fa3a018e5e28659377423c1376b7396594790a
ca93e74fbabc92bdad80e6e2a29f38123e9c9e02e7cf72bd542fe53913a6b35e
0cd5ab65e6e41396f6afc7b1b1a21fb47cc9dbee56cd46559afa382a0abb8691
211881f7e06a815d91386c680a2cb0ff1257dfdd2cff131f3fb41bc9fc3073f9
726f7600132c27fa7ca03ab68a8a09d75fa20e8ad51fd1978903ed0607a53875
6c3c277f87d2b0cacbead10000c6b25390a998a006144ae15e92a624dfec97a0
8a02defe8c92fadc27ba28b5c695c7c0f8786780f2ca509ab95fa889a74f6bdf
c3ef18673e6ca09daa0e143be978694c7ef0b107ef74ae7cb3a119098feaa7f5

http://techtiqdemo.co.uk/3o37iwk1Qyiu_h9/
http://pop3.lacuisine2maman.fr/wp-content/aiowps_backups/8DHD4NKpNc/
http://fitonutrient.com/CDMpn80Jm/
http://saspi.es/P2AWKd98r1SPrQ_NV0/
http://ftp.spbv.org/7WC0nCTOsds_9M/


Creation Time 	2019-01-28 19:49:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
50f960840708a192d87da1e63e208559e73d2c7662a95ed37fec3d0de6c4a48c
81e5ee0fba876048eecf6a24b9e2456197bc33a4428ef44412a2245bd3cca585
a17056c2859ae70c47ac28a8c654fb8f30480122a64dd8e546bb0e5e11ae004e
ab7e4bf14b9807193be93c474d21228a371a977eeabeebd9a2add8411d12e7f2
b100166cedb9139e6a5aec48afe39f2a6f0b60bc41d8156d6c9631e3cfa28f5b
e0ef6d961280283d59822dd9381810f5dae1df38da95b3701254612a3f1a68c8
af5d3f6806ded9b8c5ebe933c1fa6155c1144bcc5dac16f7751457954eee518f
625b7fbdc3669fa854b55552ae92555bec627c850ebaad9934639bbec0fadabf
1ba5b4718c68a02f5aa7e3462de0c5142a81ad25235571806aa57eb5f7fcaf9a
bf8369f27098afd81936eea2f25194c81b2a5eacc7db9a16d02a863ad321ab32
7126c93ba17a954d00a325c0a94da0eca53765d9382c2b42757c97cb41303456
29c918d07d6e54b9c64c4fbee0241fc2e5a037b0597aa0737569519722431450
1e4c45adad649f9fa3f9237257422b485d02efa5e0b7e1dc7e79549091ff7c1a

http://salonrocket.com/IcaqhnsKoJZY_s7/
http://promotion.likedoors.ru/PzpedI3jNoMQ/
http://maradop.com/QnTWqNr8vjf3fl1/
http://maxtraidingru.437.com1.ru/P9QvsI6oUtS5mCI5/
http://eczanedekorasyon.gen.tr/GTIseSRXZtnP4egB_0j6M/

Creation Time 	2019-01-28 15:32:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
51548dced2f68895ce4b1b4c8bf4486e099fd7da676f94528e40660449d1600a
d7ad4f6a4b310c296ea74fe3d3fea8952c57a3efc30618ab6ca0216de8b5c4e7
810eaf8d564d6dabad6b5c63709edaae19f8ccf54f143ab0e2a5e7ec2e664edf
8e32e1bebaeb08885b5f99a7459b7732cc5d41753ccb822377d624e67a1af3d4
13d4bc1cd266db6679d3a617835ef344111a80633db9dc6e6465fe6dde7d1bf8
9a120e5c911344802041c0a332aafbbd34585cc27147bbd14a3a8ec427447e90
91b57791ee38226308855e66df25ff7eaf6d50765f024179ad7af92004319dbb
2c2c6b243d4d9d6741d71e10c86c84df50727ff6f0f2b21bb6b0fc81441d3f44
27c5c8e0fc244b1d714e7e3f572559d313565b98822b36b37d019411e77a181e
33205f111608e0befa40df3e84f9dacb37b7699818f4823496277980149e3aed
be65a5c2f646afb7c0ff5a1ecbc4484e309cc01c5e002292171fca58e33e043b
d244c124bdf18628569350b425b48e8cba99e8988e48c3e44d8ef7ab485589d2
7e91be5bacca6171dbd74ae6980fc8f6b3213c3e03c633576e3a599a6662ae4e
f81f872541563032d37f53050e2935d3191c798479eeb8f843c06c8d306bee08
6e6ede3a7460fcf7f3d576e00e7a85213696fa2aa74ee1957247d71b85d31fc1
37cd033c95db6796907913a5f3289424d8a521ed9000bc17931a5b270715be47
e18aaa4c491c4785c6fb9f7ccca4d44d11e8a003ae3ff08453b858843bc00a7f
204943129893b598f8cf656844eeb68df67f3f9d57da1b09c01d1c7d225953dc
dd9869c28d2e08ae5a2eb555fa99fb1efcee6286eef8321a7fd7274460feb88d

http://www.vkn.net.br/weQaoFpWl/
http://ltbender.eu/lnpkJ1P6WPDy_Sc/
http://sosh47.citycheb.ru/Vd6K7hldNVrr/
http://test.laitspa.it/cinepromozione/Ha1awf7RKxxrQnF/
http://pruebas.zecaenergia.com/UVdx7wV5Rl/

Creation Time 	2019-01-28 12:31:00	(XML Based - ENG - Unzoomed Indigo/White)
SHA256:
9e771c89cd6a4ea82a2f308d9165273a4945b9df5455309e4ba7706bf33f6037
6f9675e6afa51249fc87b017ab80743b6dcb5846782be1cfc32b8e424783f50e
ebf980ce5ccf3502703a3d826e6ee0f2c5a4487ee4496dd6b6d80e7868e9e1a3
df63e8e601a2ef9a3e78259dcee7fdddcd4d1eb46570e017509e4821dfc3b27d
e51461bf0b48ab46414ff5c606bb7c090feb52775ede583d0376cc7df0b14f72
a2c2c14276c462e549483d313583f9927f147561bb4924e82d82baed879c697b
bafe292c1ca6b38612a82b502e157dd1c8d75fbcd061586f921fce512db19726
3f525ab46beb315c690742d872c3754fd5656a4ac252ac81e6062fea929f3378
ce464e93d9a295aa1393cab988e4597d7f9925ecbe504dcfb7620e6796d01be2
293fe54d08c0f961488a345c29ab65605f7038d2bfe50af53cb43d801a51b09f
a066753345f4895f909f70d411f249e954f76c1710b2e4b7ffaacc480fae37df
b39304f21c36d5cf163de1a044a56480b5bfc1061ef2a7ee28317e372c0c12ac
a60162d7cbf7759df95a2af31d65c0e4d96261dddff2246cf3fc90d4a085608c
76872ab0790ca225121b074fbf9682c2f171b137913ce21fed2ed7cff98b3097
6c8badbf54d63bb7c9acda9a2d06f87e8c2398a7e9afc877d0a0707ea1aa7499
75370d2d96e5fe37293b5153612387a2a2d2de2d67d64a6e004ad241e0daa8c7
cd4a48c42cbb4d43b51c371368c8e03e04428ac8a133f5c4f14f2273ea9d2e80
	
http://efreedommaker.com/Iz89HOst_6wKK/
http://www.retro11legendblue.com/mlm07p0Gbe_V55uL/
http://www.oussamatravel.com/pxFsfyVQ/
http://www.cashcow.ai/test1/Wl38q7oyPgy_CLHMZx/
http://www.shahdazma.com/g28rIYO6sU6K_ZIES8Ys/

Creation Time 	2019-01-25 22:10:00	(XML Based - ENG - Unzoomed Indigo/White)
SHA256:
7bd2a0d362235424a0c8652e5686a6ad949ad56be8deb85c600ae67a378b12a1
6f25456b3c29abcaf850775675c1c03cbc0929c9cdbb00c84bb009de96994cc2
4b36e6c853c0917f469b5264e618a64286121e700cfa3d2ce5573182c939d345
a6479afed5dd70ddaaaaad6e2dfbe42b01a62a268b5a7215aba0b15acdcc86d2
f8c0760c515eec1913f0a5dfdd5dc7bc0c86a9e419d472fe91b5b19baf85354a
da802e4ded89d03156a9759904ae07b4a74753a09f08552f3ac026343684f409
b89e7cbed3db91c2ae7b5f866d256bfffa29c663a4529afb3f3d789efa5e709e
2f491856cc6bfc7db199b86f6b5a79d5d94fe36c230ed4c181142cdc0ac58fca
a3447f8c332758038812b2f1c0bebfe0532f10a8d462cd91aebf8be27eb591bf
95a42d6551ffbc8c15a8fcaed54f90d2350acc5648ce06112101dab5f7216968
b717507b960c2bcedc8a87129198102103a3abad50721ac2324523baf0f90359
72ba987f74b0e0ebcd3cc16a12bfce7f0d525994ea9025f5b4d7f3fb9bde0851
b2488e1bd4ff72d754e966dfdddc5e6164467086af3984afd694412687747b63
59e159988978a0d16a7ed5a44e6127403a2d9daea9482f13e48cf34c0dc998fc
b74d9571a9c424545367951491f6770fa1a4be5be83bef825a3ed3a9a12aa807
aafd126035174d095ebca1a048450e4230d1a072069d214ef4b4621e888c9f4a
ae049bf884fcca8e07fd85e018f7f56a632765b2ce746cab788bb6dcf9cfe0c4

http://gpsalagoas.com.br/mZb9Ev99/
http://rockmayak.ru/uDwCv6rHyzRXC/
http://haberkirmizibeyaz.com/7NNaC35tpv4qr7ca/
http://hoanglecompany.vn/EaGimpLKxVUr_eo/
http://dcfloraldecor.lt/RiU3O8FFMsM/

SHA256s for Epoch 2 Payload EXEs seen on 01/25-28/19


c0ce105eeb77b1eb824d2c4c36e9e2f63ad2b26e73a028dc8d59d7270f81d1b8
1101a25bea3bac3704ad870ea8371b804eb474b573e3f16cedc2aee5a9e4bbb5
dc9ebe7c3f692fdc659c6dee0672d256b18b6831d2fb83fe1421978abb13dc60
124a28253f1062aee13bc30f74da128b27ff81432f47a21918afe3f3e5bae713
d271d90f5ad41488ad89c2f5c6ccc4bc2867bef2aea1d53ca99de4a7cd57654f
905786a9ac98aedee8cf4c5fb6044c41b44f064fb51e87f34818a6a5791dc493
540707c98179ebb6ce38470c3e5bd6ba9c02e6e9c7b7ab5f5a7d03c7d21ad043
649523f60460be3e494c2ad25e5dad767ee8e0f6c578fffd0f5019fb852474b5
7ba6c36e2d833806cce532dc15323518bf1f5c149727f42bfae51f06ef94a74f
1b907861c3c239d41c5e0fe482e207b2d3855969b427dafb45dd55011fe2e293
853c63192b6253bec3040190da90cb93b48a893cf57a485078495625db789dff
f8014a79585881a6dae0bcf0c644f6fefe9f1785766859dde543f83ca0436abf
963bd31737b665d3f87cf4f6fc31f4f00a2365553f9c0501852d9efd9c7b4910
5b5a79a5ac0d97943f115e406a82ea4245e5c8457c11518a8601bdb5671ebbe5
a769bed0f700dac6debe8378a69f868cd9f0e203d7fdb7c715a592f4b8c48108
a423e11cb77dd8d0193aec99b183220e9ef711d0eb6b9ffd6be1852ac0f6a697
efdafd216466a9535282208b84e650c1f43581391b12dd66a90a10aeb4eed10b
20d08e17f82489ab6e56f44ac8b761815511622f68ecb725798d037c5f0315d5
ffab6f00ae0b89e7132eedfb692e79713500104a4a52d98bed08bb9915eecff5
3eb1751f9f570e6df591af9eab16e7f8bfb534a4df0bc5c3e7687cb824a8ea54
6bc0cd273634ccbec647416977ce1879b7b055c6fb44a211a1f776c39a0c85b2
4d78d1dfe2d289f798ba46b9f82505f71aa77817902444913a71b551eaa66a53
c0fd2ae74fe8f03eadf65abfc7da207a252e7abc759b0652e68ae4ca4b5dc66b
289d8bbef51d72e7ac9735d3d050509deb4a79a1377e1a2e743f208e4a955265
7d20c8c7305a5e20bc07f0aee1c72c9a36e2c0f189418a8d29105f0f19699d13
79cafdb7bcb191a14b7e706084b93a968341b952a3c6eaa34d59ff7a92f72d4c
36f1497f793225b38a39c95787c0c8d7703dea9d00cc40f852eedad297949d05
d080ab544461c223cdddc7dbe200cd96e2fe95a85e2abb70407ef8b67280ed1d
30d514c5175f3cb26a726291bc014880d02248e118975f643c4e50195b5f47dd
3398c8311a49a49e3d52d01076d82fc424cb13d6ad27307500d5977604a1b7dc
da03b33b07fe8b100b4129c7811c733fb13638107c73579da7e151555075ab5b
1d51d3de7b55b7288033cf3ba6e4fbed0e756ceb2ae389b6749b0dc2f1f9026d
4d604bfd840171018a2704f557a767a5a1a612bdac2157db5171ed50db6bd4fe
94b30031a4da90c895d0dc7f3579ebc1938b51dd446186859bc92da7d22f0252
59694acc1dddc2c58a20b46cdb49a288ed385284f2a1df059c5f26f4e40ea0a4
ae62e1531bc6f712205ef2f14cf556ff9809ee5763fde920bc94336e70f781fa
8f94854fd77e1244940ab6f144785073685dd553cb2fcfcfc6bf7d97b88b71de
9f6dd1100e4fcc914919c4878ed93ff043238fa324eee26cdcc270def3b77c00
ef6e4f47fea43007542891f8f8ea08347ba3ccc8b9d9b9e0238b9812a742f1a8
ed83e6f5d865b0c85dea25eeb2a96a0d80ca570e394c423951e823ada32182b0
c30e6fa1a5c8290061b8ef3b5b1985e0d32db6a2d117449748618d59fd3ec969
f7a0beefe5ebc2bf50f3ee75f67a700b79205d2e5f884e3f1f97fa157bd1038a
c25e5aafbf23e9101a763b4a7417ecd665b812cfa787ee11554227f381173acc
c6b9a8f830b1a1655e66aeecdb0f88ca549342b88ba3fa48b171126217972ebe
aec6f0d0206dd49a23f94fde610ecf31f8aa17afe2110230a899313e726fc42f
f49057d11387f2fffed86649a9d5d5870cfe85b10870e148b7f1625bc9e0f3bc
f7e127b8d6ae173308c3621be8ae5ec502eb78491fdce83f881d1aabad5ca46c
a6c6443a5194909e539a2417d10c87e188e806f5d9ed6c661ff0ef43f66f9045
f8e50b42a16a95cc4828667154ea06835cad5ad4f8fc57f7681ede9fcdfed3d7
339798ac3dd168f0f45c50df8133cba2b854cfa09a9f9b6ae380bc2bfa90b367
cdcd802086426255657edf18a09adb9496b40b158afda3ee1cc4956303c1efdc
8f93c3a9c1a7a06f97cd326b50c7ec17f6ed0d3505f9ae75e0e625d41cff15be
f13a921c46d1c367c1d4985a39d2faa0b65fe198c2272e1361242b97d9be9543
4a31556b38086ecd2c943856b86af32fd9f25702c85c3535967d0551e240bc6f
b6f04c35f8dcb9091e4bc367054cd3901d780c01b53b2f7cba78853584e3b2c2
e778bd545ae8c62d750eb79948f2e14f976977ec5be60e540d4e0471d1620f17
65b1481317ce25802156415d11403ba9aaf3ebcdff6b4c23379aeec08d4f48e7
d788c866569ad7b9b248d5fb47135d4890c47c9ae77d28a4bd154a3f951b66d9
eef8efd8187ba3693a982125155c950fae47a670c17a4268b992d35d7b85c438
812048050ca9b906cb5b0f8ba055be18c40f60d08a3406ce6c6775524a8c6330
4ffa8c279423a6f47e996e9b12e4f3e6d5755d1e95d2b830978bbcee33b482f6
2bbba4f017841b77534d69288886200fdeb9bb51438d2dd91b41b7de6d6585c4
56d8812ac381935fe7ffead76e0b031bf1f16b70a3995defec4d814784a70846
e2278f7f09a788d6feb4827183ee3f155c41efe1377c9d77ace231494589bafa
53e3ea1ac22569f8c16dc5d641dea6e4f241247cbeacd0d4d1d5575858b06ee2
63c024765e86340753af891eb0072cbc3d8c063bbc479248384ddffeecafc645
bcb56515902e77e02fef6dd49f512cc839bfa23d7cc07f7264955f017b768fbc

Epoch 1 C2s


109.104.79.48:8080
133.242.208.183:8080
138.68.139.199:443
144.76.117.247:8080
157.100.238.225:143
159.65.76.245:443
165.227.213.173:8080
181.120.220.100:8080
181.143.18.91:80
181.143.99.26:80
181.171.12.139:8080
181.45.185.68:8080
185.86.148.222:8080
186.138.14.44:8090
186.146.235.8:80
186.4.127.72:80
187.147.145.48:143
187.153.104.216:8080
187.162.172.254:21
187.176.75.99:465
187.207.114.26:53
187.207.97.27:443
189.137.139.190:50000
189.186.65.188:8080
189.237.155.109:21
189.252.169.43:22
190.147.42.32:22
190.181.58.202:50000
190.201.26.83:22
190.75.114.47:8080
190.85.71.218:995
190.96.217.129:20
192.155.90.90:7080
197.83.195.16:22
198.46.157.252:8080
200.114.155.143:8080
200.127.229.182:995
200.236.100.14:20
200.77.120.234:995
201.103.128.207:993
201.152.106.10:8080
201.153.98.202:50000
201.175.70.250:443
201.192.163.160:143
201.212.149.191:20
201.235.149.157:443
201.252.219.139:80
210.2.86.72:8080
219.94.254.93:8080
23.254.203.51:8080
49.212.135.76:443
5.102.165.159:443
5.9.128.163:8080
69.163.33.82:8080
72.47.248.48:8080
78.32.147.100:8080
79.98.31.206:443
80.209.136.169:8080
86.4.88.6:20
92.27.88.150:143
92.48.118.27:8080

	

Spam/Stealer C2s


187.147.153.225:990
216.98.148.157:8080

Current Epoch 1 RSA Public Key


MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB

Epoch 2 C2s


105.247.123.133:8080
111.93.37.6:143
114.143.192.242:443
115.71.233.127:443
137.74.173.19:8080
148.101.130.84:21
152.170.155.182:20
152.231.88.114:7080
153.121.36.202:7080
173.255.196.209:8080
178.254.31.162:8080
178.62.37.188:443
179.159.20.70:80
181.119.30.26:53
181.129.16.82:53
187.144.192.126:20
187.152.81.36:21
187.207.136.122:990
187.240.45.54:443
189.141.224.222:993
189.190.83.34:7080
189.232.16.132:990
189.234.6.229:20
189.237.108.33:465
190.213.249.250:80
191.98.77.181:22
197.44.171.13:995
198.74.58.47:443
2.50.144.32:8443
2.50.148.99:7080
2.50.148.99:8443
2.50.28.190:20
2.50.57.180:443
200.68.61.242:143
201.137.4.91:993
201.183.239.117:8080
208.78.100.202:8080
211.115.111.19:443
212.25.55.70:20
217.13.106.160:7080
45.123.3.54:443
45.63.17.206:8080
5.230.147.179:8080
50.31.0.160:8080
62.75.191.231:8080
66.130.129.10:8090
67.205.149.117:443
67.223.128.207:80
69.195.223.154:7080
69.198.17.7:8080
75.99.13.124:7080
83.110.100.150:443
83.110.100.150:995
83.222.124.62:8080
85.105.145.205:21
91.74.62.86:8090
94.73.197.123:20
94.76.200.114:8080
95.141.175.240:443
98.142.208.27:443

Epoch 2 - Spam/Stealer C2s


120.150.92.75:50000

Current Epoch 2 RSA Public Key


MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB

Credits and Notes Section

Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen
 
NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.
 
UPDATED (08/31/18): Epoch 1 is back! For several days in a row it has been on the scene!

What is Epoch 1 and Epoch 2?
Epoch 1 and 2 are two distinct chains of payloads that I have been tracking for a couple weeks now.
Epoch 2 is currently the larger group of hosts and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing version
of Emotet that tended to change the hash of the document every 45-60 minutes sometimes has new payloads that fast also. Epoch 1 seems to change
payloads every 3-6 hours now and payload hashes change sometimes as fast as 1 hour. Epoch 1 may now be the development chain but I am not 100%
sure what they are up to. Checking either epoch host at a point in time will deliver a document that has payloads that are different than the
other epoch. That means epoch 1 may have payloads of a,b,c,d,e and epoch 2 will then have z,y,x,w,v. Sites sometimes move from one epoch to the
other but I have never seen the same exact directory go from one epoch to the other. It always a new directory for the change in epoch
as far as I have seen.

Community Lists


https://pastebin.com/3yNY0tej - @pollo290987

Credits

(OC from @JRoosen and/or combination work of the following)

Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial

C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
@gorimpthon, @Racco42, @Jan0fficial

Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987,
@malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial

Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt 

Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with all of this!

Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey , 
@digitalocean, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic,
@abuse_ch/urlhaus.abuse.ch and @Virustotal for providing services/software no charge to this cause!

Daily Log


Looks like I got around 250 Malspams today starting at about 06:30EST. It had stopped earlier in the day around 10:30 to just a trickle until 18:00.
I have not received anything since. Most of the malspams were Amazon order spoofs but some were Banking Inovice and ACH Batch processing again. 
A lot of the same templates as last week. What was interesting today is that about midday, I noticed that E1 started using URLs that were like E2's
format for the past few weeks. E1 has been very specific since last month on the format of the last directory. Examples:

*/01_19/
*/012019/
*/2019-01/
*/12_18/

You get the idea. In contrast E2 is normally like this:

*/En_us/Paid-Invoice/
*/En_us/New-order/
*/739-39-182432-089-739-39-182432-807/
*/Past-Due-Invoices/
*/Service-Report-15060/
*/US_us/Paid-Invoice/
*/Invoice-Corrections-for-23/99/
*/01/28/2019/US_us/Sales-Invoice/
ETC

These directory structures are part of older templates it seems and they are reusing a lot of them on E2 this week. It was then a surprise to
see them show up on E1. It didnt take long to verify results as correct. This is different from the endings of random crap from last week
such as /AQGwu-iFIpEXgvQ2A5qL_RQntSsgY-Tc9/ which also followed a structure and was seen on both E1/E2.

I am not sure if this mixing was a mistake or an attempt to make things more confusing or what. Frankly don't 
care because it was easy to figure out. It does make it harder to see on first glance what botnet things belong to though.

Also we saw a lot of formatting errors today in our group and things that were not proper links in emails. Some of the templates seemed to be missing
and ending > or ". Therefore the link was not clickable and was impotent. Thanks for making our job easier Emotet guys :)

E2 is finally going down in C2s and is now back down to around 60. E1 increased the C2 counts to 61 which is a high for the past few weeks. Not sure
what is going on but they keep adding a lot of C2s lately. Also things did not change from the report at 1830EST and the same C2s are still in the 
latest binaries. 

Till tomorrow. 

Sandbox 01/28/2019

(all with fakenet and MITM unless spam/secondary infection)

Epoch 1 C2 run on 01/28/2019 at 23:00 UTC https://cape.contextis.com/analysis/33275/
Epoch 1 C2 run on 01/29/2019 at 03:45 UTC https://cape.contextis.com/analysis/33307/
Epoch 2 C2 run on 01/28/2019 at 23:00 UTC https://cape.contextis.com/analysis/33277/
Epoch 2 C2 run on 01/29/2019 at 03:45 UTC https://cape.contextis.com/analysis/33308/