Daily Emotet IoCs and Notes for 02/15/19

Emotet Malware Document links/IOCs for 02/15/19 as of 02/16/19 01:00 EST

Notes and Credits now at the bottom Follow us on twitter @cryptolaemus1 for more updates.


http://104.155.134.95/Amazon/En/Clients/2019-02/
http://104.198.73.104/Amazon/En/Transactions/022019/
http://104.198.73.104/secure.myacc.send.com/
http://104.223.40.40/Amazon/En/Orders_details/02_19/
http://115.66.127.67/Amazon/EN/Transactions/2019-02/
http://128.199.187.124/Amazon/En/Documents/2019-02/
http://13.112.69.225/wp-content/Amazon/En/Clients_Messages/02_19/
http://13.126.61.22/Amazon/En/Messages/2019-02/
http://13.233.31.203/trust.accs.resourses.net/
http://132.145.153.89/Amazon/En/Attachments/02_19/
http://159.65.142.218/wp-admin/Amazon/Attachments/022019/
http://159.65.83.246/Telekom/Rechnung/012019/
http://178.128.54.239/Amazon/Transactions-details/022019/
http://178.128.54.239/secure.accs.resourses.net/
http://178.236.210.22/Amazon/En/Payments_details/02_19/
http://178.236.210.22/secure.myaccount.docs.biz/
http://178.62.233.192/AMAZON/Clients_transactions/022019/
http://18.217.211.183/wordpress/Amazon/Documents/022019/
http://18.217.96.49/Amazon/EN/Messages/2019-02/
http://18.218.56.72/wp-content/AMAZON/Clients/022019/
http://18.222.169.76/AMAZON/Transaction_details/02_19/
http://18.223.20.43/Amazon/Payments_details/022019/
http://188.131.164.117/Amazon/Attachments/022019/
http://188.192.104.226/wordpress/Amazon/EN/Transactions-details/022019/
http://188.192.104.226/wordpress/secure.myacc.send.biz/
http://204.48.21.209/AMAZON/Clients_Messages/022019/
http://211.238.147.196/@eaDir/verif.accs.docs.net/
http://3.112.13.31/Amazon/En/Clients_Messages/02_19/
http://3.92.174.100/Amazon/En/Information/02_19/
http://34.242.190.144/secure.accs.docs.com/
http://35.176.197.139/Amazon/EN/Attachments/022019/
http://35.190.186.53/Amazon/En/Payments_details/022019/
http://35.196.135.186/wordpress/Telekom/RechnungOnline/012019/
http://35.202.250.4/AMAZON/Messages/2019-02/
http://35.204.88.6/Amazon/Clients_information/2019-02/
http://52.196.225.91/wordpress/Amazon/EN/Details/2019-02/
http://52.202.101.89/Amazon/En/Orders-details/022019/
http://52.205.176.136/Amazon/EN/Details/022019/
http://52.63.119.3/Amazon/En/Clients/022019/
http://52.63.71.120/Amazon/En/Clients/022019/
http://54.164.84.17/Amazon/Attachments/02_19/
http://54.167.192.134/Amazon/Details/02_19/
http://54.175.140.118/secure.myacc.docs.net/
http://54.202.85.204/Amazon/EN/Information/02_19/
http://54.202.85.204/trust.accounts.docs.net/
http://54.38.35.144/verif.accounts.docs.net/
http://alabarderomadrid.es/verif.accounts.resourses.biz/
http://aminshiri.com/AMAZON/Transactions/022019/
http://app.myresource.center/Amazon/En/Payments/2019-02/
http://arieloutdoors.in/Amazon/En/Transaction_details/022019/
http://arvendanismanlik.com/Amazon/EN/Transaction_details/02_19/
http://asansor.parsnet.space/Amazon/EN/Clients/2019-02/
http://astventures.in/Amazon/Transaction_details/2019-02/
http://aterrosanitarioouroverde.com.br/Amazon/Clients_transactions/2019-02/
http://awcq60100.com/verif.accounts.send.biz/
http://banyuwangi.org/REF/download/Newreceipt/JgGuv-QfZWB_ZmTI-ae/
http://barjockeysclub.com/trust.myacc.docs.net/
http://bayaneabrishami.ir/verif.accs.send.com/
http://bestcleaningcolombia.com/Amazon/Clients_transactions/02_19/
http://big.5072610.ru/Amazon/En/Details/022019/
http://bownforcouncil.com/Amazon/Transactions-details/2019-02/
http://brucelin.co/Amazon/Clients_transactions/02_19/
http://buralistesdugard.fr/Amazon/Transactions-details/02_19/
http://cash-lovers.com/Amazon/En/Attachments/02_19/
http://ccbaike.cn/Amazon/Payments_details/2019-02/
http://charms.com.co/Amazon/EN/Orders_details/02_19/
http://chenhaitian.com/verif.accounts.docs.biz/
http://cicekciilhan.com/Amazon/EN/Transactions/022019/
http://costartechnology.com/Amazon/EN/Payments_details/02_19/
http://csvina.vn/wp-snapshots/Amazon/En/Orders-details/02_19/
http://currenteventsmemes.com/Amazon/En/Clients_Messages/2019-02/
http://doctorjuliandiaz.com/trust.myaccount.docs.com/
http://doservicework.com/Amazon/Details/2019-02/
http://earplasticsurgeon.com/Amazon/En/Clients_transactions/02_19/
http://enviedepices.fr/AMAZON/Clients/02_19/
http://erem.com.ua/Amazon/Transaction_details/2019-02/
http://eunmingwan.com/verif.myaccount.send.net/
http://ewan-eg.com/sec.myacc.docs.com/
http://exdev.com.au/AMAZON/Attachments/02_19/
http://firstcryptobank.io/Amazon/En/Clients/022019/
http://focus-group.spb.ru/Amazon/Details/022019/
http://forestaljal.com/verif.accounts.resourses.biz/
http://galinakulesh.ru/Amazon/Transactions/022019/
http://ge.kreo.co.ke/Amazon/Orders_details/022019/
http://greeksoft.gr/sec.myacc.resourses.net/
http://h809171554.nichost.ru/Amazon/Messages/2019-02/
http://hardwareportugal.com/Amazon/En/Details/02_19/
http://haunnhyundaibacninh.com/AMAZON/Messages/02_19/
http://hdzbih.tv/verif.myacc.send.biz/
http://hdzbih.tv/verif.myacc.send.biz/index.php.suspected/
http://healthcarejobsuae.com/trust.accs.send.biz/
http://heatherdawn.com/Amazon/Information/02_19/
http://helpdesk.lesitedemamsp.fr/Amazon/En/Orders_details/2019-02/
http://highdesertnomads.com/sec.myaccount.send.biz/
http://hoatuoithienhuong.com/Amazon/En/Transaction_details/2019-02/
http://hoatuoitoancau.com/Amazon/Clients_transactions/02_19/
http://ilo-drink.nl/Amazon/EN/Messages/02_19/
http://infobreakerz.com/Amazon/Clients/02_19/
http://insideljpc.com/AMAZON/Information/2019-02/
http://irnanoshop.com/trust.accs.docs.biz/
http://istratrans.ru/AMAZON/Payments/2019-02/
http://jardinsterapias.com.br/Telekom/Transaktion/01_19/
http://jobbautomlands.com/trust.myacc.docs.biz/
http://jrbdecorators.com/sec.accounts.resourses.com/
http://jy-property.com/Amazon/Messages/02_19/
http://kebunrayabaturraden.id/sec.accounts.send.com/
http://kgr.kirov.spb.ru/Amazon/En/Transactions-details/02_19/
http://khtc.hcmut.edu.vn/trust.myacc.send.com/
http://kn-paradise.net.vn/trust.accs.send.net/
http://kpccontracting.ca/verif.myaccount.resourses.biz/
http://kupiklopik.ru/AMAZON/Transaction_details/022019/
http://lakornhot.com/verif.accs.resourses.net/
http://lazell.pl/wp-includes/Amazon/Transaction_details/022019/
http://lun.otrweb.ru/verif.myaccount.resourses.com/
http://malayalinewsonline.com/sec.accs.resourses.biz/
http://mapleleafsb.com/Amazon/En/Payments_details/02_19/
http://mclplumbing.com/trust.myacc.send.net/
http://mebelni-master.ru/Amazon/EN/Clients/022019/
http://media-standard.ru/Amazon/Documents/022019/
http://menzway.com/secure.myaccount.send.biz/
http://mgxconsultancy.com/secure.myaccount.resourses.net/
http://misionnevado.gob.ve/Sec_Refund/xerox/receipt/Jamd-in_mauMO-bbc/
http://misophoniatreatment.com/Telekom/Rechnungen/012019/
http://mohinhgohandmadedtoys.com/Amazon/EN/Transactions/02_19/
http://mulmart.ru/Amazon/EN/Documents/2019-02/
http://my.jiwa-nala.org/css/Amazon/En/Messages/02_19/
http://n24rk.ru/Amazon/Messages/022019/
http://nicosong.com/RF/corporation/Receipt_Notice/295565133969/TxInO-SmV_UEMi-A4g/
http://nimitta.life/Amazon/EN/Information/022019/
http://nmce2015.nichost.ru/Amazon/En/Clients_Messages/02_19/
http://okna-csm.ru/Amazon/En/Clients_information/2019-02/
http://opcbgpharma.com/themes/Amazon/En/Details/2019-02/
http://portlandelectric.co/AMAZON/Clients_information/02_19/
http://portlandmaintenance.com/Amazon/En/Orders-details/02_19/
http://property.arkof5.com/Amazon/Documents/02_19/
http://qitafood.com/Amazon/Payments/02_19/
http://renodoconsulting.com/AMAZON/Transactions-details/022019/
http://repproduce.com/Sec_Refund/doc/53389343721/Spmi-UXOXi_CG-Trm/
http://research.fph.tu.ac.th/wp-content/uploads/verif.accounts.send.net/
http://retreatsmaui.com/Amazon/EN/Messages/02_19/
http://rms.uzelbilisim.com.tr/Amazon/En/Information/2019-02/
http://ronex90.myjino.ru/Amazon/Clients_information/2019-02/
http://royalskyworld.com/AMAZON/Payments/02_19/
http://sapidestraining.com/secure.myaccount.send.com/
http://satellit-group.ru/Amazon/Clients_information/022019/
http://seksmag.nl/trust.accs.docs.biz/
http://sexchatsnol.nl/Amazon/En/Documents/2019-02/
http://shirtsforpatriots.com/Amazon/EN/Payments/02_19/
http://smtfmb.com/sec.accs.resourses.biz/
http://speechwar.com/trust.accs.docs.biz/
http://springcube.com/secure.myaccount.docs.biz/
http://stardenteurope.com/Amazon/EN/Payments_details/2019-02/
http://starlineyapi.xyz/AMAZON/Clients_Messages/2019-02/
http://stbarnabasps.edu.na/Amazon/EN/Transactions-details/2019-02/
http://sweethusky.com/Amazon/Attachments/02_19/
http://tattoolabmaxakula.kz/secure.myaccount.send.biz/
http://tekirmak.com.tr/secure.myacc.send.net/
http://test.aimakinvest.kz/Amazon/Orders-details/022019/
http://thammydiemquynh.com/Ref_operation/Receipts/Mutz-sr_HxITwd-rE/
http://thebandofrivals.dreamhosters.com/Amazon/EN/Clients_transactions/2019-02/
http://thehivecreative.com/secure.myacc.docs.net/
http://thinhlv.vn/wp-admin/document/Rcpt/Mwmy-eg_tFuW-iQ/
http://threemenandamovie.com/trust.accounts.send.biz/
http://tinpanalley.com/Amazon/En/Transaction_details/022019/
http://tongdailyson.com/sec.accs.send.net/
http://treasureto.com/Amazon/EN/Transactions-details/2019-02/
http://truenorthtimber.com/Amazon/En/Clients_Messages/022019/
http://ucanbisiklet.com/Amazon/Payments_details/022019/
http://upro.org.in/secure.accounts.resourses.biz/
http://wagnermenezes.org/secure.myaccount.send.com/
http://wordpress-219768-716732.cloudwaysapps.com/AMAZON/Transactions/022019/
http://wordpress-219768-716732.cloudwaysapps.com/verif.myaccount.resourses.com/
http://www.allindiaoneatm.com/sec.myacc.send.biz/
http://www.capitalrh.com.br/AMAZON/Details/2019-02/
http://www.goworldmarketing.net/Amazon/En/Transactions/2019-02/
http://www.misionnevado.gob.ve/Sec_Refund/xerox/receipt/Jamd-in_mauMO-bbc/
http://www.ppp-au.com/verif.myaccount.docs.biz/
http://www.prdbrasil.com.br/Amazon/Attachments/02_19/
http://www.sweethusky.com/Amazon/Attachments/02_19/
http://www.tepeas.com/sec.accounts.resourses.net/
http://xn--777-9cdpxv4b3g4a.xn--p1ai/Amazon/Information/022019/
http://xn----7sbb4abj9beddh.xn--p1ai/Amazon/Details/2019-02/
http://xn----7sbbdfeovrgh2b6al.xn--p1ai/Amazon/En/Orders-details/2019-02/
http://xn--90achbqoo0ahef9czcb.xn--p1ai/secure.accs.send.net/
http://xn--90aeb9ae9a.xn--p1ai/Amazon/Documents/022019/
http://yahyabahadir.com/sec.myacc.docs.net/
http://zendegieziba.com/sec.accs.send.net/
https://gastrohero.zendesk.com/attachments/token/SpLLREGAJCvV26JDPR1szmfVu/?name=Rechnung+D01K88L.doc/
https://jardinsterapias.com.br/Telekom/Transaktion/01_19/
https://lun.otrweb.ru/verif.myaccount.resourses.com/
https://misophoniatreatment.com/Telekom/Rechnungen/012019/



http://103.11.22.51/wp-content/uploads/US_us/info/Inv/JuiTQ-Ubvx_Zn-D8/
http://104.155.65.6/DE_de/WUBQWPKMTT2568902/Scan/DETAILS/
http://104.223.40.40/wp-admin/download/shMfe-dM_nnFgX-sRy/
http://104.248.140.207/xerox/Copy_Invoice/QabZ-lS_GduWJiqh-ZS5/
http://104.248.66.24/En_us/llc/Inv/ekEtx-tJPL_uda-dmT/
http://115.66.127.67/En_us/Invoice_number/ZsHTW-GFAJ_xaonYTpnK-1GD/
http://118.25.176.38/US/download/New_invoice/EMQRa-Mp6_Ik-r8N/
http://118.25.176.38/US/file/pzNrj-UiBO_xho-hm/
http://119.254.12.142/US_us/corporation/Invoice_number/aXwy-4a_IPVAwL-Yrb/
http://128.199.187.124/EN_en/Invoice_number/ncuQs-C0hW_uPvdSfApY-zz/
http://128.199.207.179/US/document/Inv/hTdoS-bd5_rq-JcZ/
http://13.126.61.11/EN_en/Copy_Invoice/3537640860405/dkXlq-Ij_ZxmVpj-fLJ/
http://13.233.16.248/info/Invoice/REkMq-z2D_OoBNqwM-A0q/
http://13.233.173.191/wp-content/US_us/document/Copy_Invoice/FLEt-le9Bu_ZrU-1qX/
http://13.233.183.227/EN_en/file/AJLoK-sa91z_Mfbpo-BCp/
http://13.233.22.226/EN_en/info/PGTH-QJ_DJfTjdA-2d/
http://13.233.31.203/US/8203538/hWNpZ-Rbjd_SG-9y/
http://130.211.205.139/En_us/document/Invoice/ciSH-CC7t_CVeGI-bX/
http://130.211.205.139/HtDDY-RBS_s-6w5/
http://139.59.130.73/De_de/XFTAUDVWI4985024/Scan/DOC/
http://139.59.182.250/En/llc/Invoice_Notice/26997967767947/xFUlr-Ng4Hq_drWklraru-fK/
http://139.59.182.250/xerox/New_invoice/32044145106/Xzeqc-sHt_iauGP-k3/
http://139.59.6.216/corporation/Invoice_Notice/NFBB-Sz_r-6k/
http://139.59.64.173/document/Viug-LTDg_DmjGWykv-EZ/
http://140.227.27.252/wp-content/En_us/company/260678375091/tochY-ZuC_zNJsI-VU/
http://158.69.135.116/EN_en/info/VLavl-5jWa_NN-Yxz/
http://159.203.101.9/bDQo-p6Sx_viMZSpIP-HJI/
http://159.65.65.213/US_us/llc/Inv/OsvtZ-fja_VeDfqRvsn-9mK/
http://159.65.83.246/Februar2019/MCJAGEVEJ9676275/Scan/Hilfestellung/
http://159.89.153.180/US/corporation/gzjt-hFUt_HVt-6m/
http://159.89.167.92/De/ZMIUKLF0088630/Rechnungs-Details/Zahlung/
http://160.16.198.220/scan/Inv/NFqVR-RQ_aLTZfrBiO-fYA/
http://162.243.254.239/quoteandbuy/New_invoice/lgQw-bp3v1_mGHi-RkF/
http://167.99.10.129/De/QSCTCD4359230/Rechnungs/DETAILS/
http://176.32.32.140/De/IXFUDQVPX5493186/Rechnung/Rechnungsanschrift/
http://178.62.102.110/En/llc/Inv/873706184896/rUHbR-pwe_UL-Tq6/
http://178.62.213.188/DE/KWDMEALPJ2127558/Rechnungskorrektur/Zahlungserinnerung/
http://178.62.213.188/DE_de/POTJCPC8133291/Rech/Rechnungsanschrift/
http://18.188.113.212/DE_de/UPNEDGNCRR5337942/de/RECHNUNG/
http://18.206.204.30/wp-content/uploads/doc/Invoice/ipzbx-nCDBi_Kksu-Q9G/
http://18.218.56.72/wp-content/US/ZgjN-7JOe_B-u0A/
http://18.221.1.168/corporation/Invoice_number/19580066705/gzOGt-HXwZr_JkfdtFW-QN8/
http://18.221.1.168/corporation/Rthgy-VE_DqQJ-iP/
http://18.223.20.43/EN_en/xerox/Invoice_number/LaejY-Xt_sgrNPE-YD/
http://190.164.186.104/EN_en/New_invoice/kaGto-SKA_DSIJvMBnm-DfE/
http://190.164.186.104/xerox/Copy_Invoice/64069841415/isqdt-LqXK_eoS-K8/
http://193.77.216.20/US_us/scan/Invoice_number/eaFz-bA1hG_IrMD-5it/
http://1lorawicz.pl/plan/De/YBNCHLRE3099335/Rechnungs/RECH/
http://204.93.160.43/DE/MPOFSQSQZS7461881/Rechnungskorrektur/DOC-Dokument/
http://204.93.160.43/De_de/NQAGMTBHA1973801/Rechnungs-docs/Rechnungszahlung/
http://206.189.154.46/En_us/info/New_invoice/tPds-xIodr_VDgMFSO-s9d/
http://206.189.154.46/US_us/file/Invoice_number/pTMek-4W_Tfg-ZaC/
http://206.189.45.178/wp-content/uploads/De/BJBUZMEG0557084/de/RECHNUNG/
http://211.238.147.196/@eaDir/info/hvKcX-ByyHe_lmc-ER1/
http://25yardscreamer.co.uk/file/Invoice_Notice/DNeUA-zc4F_JyyF-MyE/
http://3.112.13.31/EN_en/llc/Inv/QbLAG-DMjut_T-Gt/
http://3.16.186.154/de_DE/JBNJVOTP7779410/Rechnung/Zahlungserinnerung/
http://3.16.186.154/download/361415307/dWup-Mg_XPrcp-e5H/
http://34.208.141.93/AFWGBTAL9125778/de/FORM/
http://34.242.190.144/En/info/New_invoice/MJsM-ePI_g-pQS/
http://35.170.104.162/Februar2019/OILSFDX0082973/Rechnungskorrektur/Fakturierung/
http://35.176.197.139/US/company/Invoice/Yegah-4UC2R_EqbBA-uK/
http://35.184.197.183/De_de/WEXQNPI4060956/Rechnungs-Details/DOC-Dokument/
http://35.196.135.186/wordpress/de_DE/VFLMIFHU1523439/Rechnungs-docs/DETAILS/
http://35.200.161.87/DE/MTCRKMWEE5142395/DE_de/Rechnungsanschrift/
http://35.226.135.179/wp-content/uploads/KVNYWXAG6111046/gescanntes-Dokument/Zahlungserinnerung/
http://35.232.73.116/New_invoice/11748266539/OQuWW-v33wt_atU-7iI/
http://35.232.73.116/scan/898053748436506/ttSQH-TTO_nNouWKfU-fsG/
http://35.247.37.148/De/XMFAFAOAZ4892552/GER/Rechnungszahlung/
http://37.139.27.218/US/document/Inv/5014931055813/UmTFt-UY_BDJMDb-83Z/
http://3hi.in/US/document/VDnf-uVHU_DOmH-Spb/
http://51.77.192.138/En/file/Invoice_number/923223948040/NwCO-MiEZa_WvFVTc-jia/
http://52.196.225.91/wordpress/corporation/Copy_Invoice/xveJ-E22p_TURm-pkB/
http://52.211.179.190/de_DE/ZVSSHBMVKT7067800/DE/Zahlung/
http://52.66.236.210/de_DE/AUTMAGM5440478/Rechnungs/DOC-Dokument/
http://54.146.46.168/DE/BGMHJYILP5652933/DE/RECH/
http://54.153.245.124/document/Invoice_number/snqMU-136A_J-50/
http://54.234.174.153/US_us/Invoice_Notice/734489132/vsQIJ-C52_WlNCNM-9tZ/
http://54.250.159.171/US/company/Invoice_number/123405918808120/nZdg-6se_PlUK-UQ/
http://54.250.159.171/US_us/corporation/mlKxT-I19OF_MChYwJVdO-FD/
http://54.38.35.144/US/doc/Inv/GnOu-KAf_TSUry-RvD/
http://54.85.253.114/EN_en/document/Invoice_Notice/xsMVK-BL_ugbhUUWX-zDa/
http://78.207.210.11/@eaDir/US_us/doc/blvY-ZLi_vfDtzP-4k/
http://82.253.156.136/wordpress/document/03152911871242/eCbFE-RU_mthlzaFHB-mUv/
http://85.171.136.37/@eaDir/DE/AYKPEIRGX3418789/DE_de/RECH/
http://abijanexchange.com/En_us/company/New_invoice/WCyG-mOnNF_pwrqmEZ-TDL/
http://accounts.elementlabs.xyz/US_us/file/3862437356661/ArCWu-aG6A_LvQpcoE-Wa/
http://acdhon.com/doc/GJHjE-Ut8_oFh-YJ/
http://adbord.com/css/En/scan/Invoice/IbfH-Oat3_o-HEe/
http://admin.staging.buildsmart.io/document/Invoice/iDgb-7xup_ZI-omO/
http://aginversiones.net/US_us/llc/23806405831/vRSJ-4fgRh_HIg-cN/
http://ajaa.ru/En_us/company/hLzCH-Z8B_cl-riQ/
http://alainghazal.com/De/ETMYLTL8953726/Rechnungs/DOC-Dokument/
http://alainghazal.com/De_de/BMCUOX5828606/Rechnungs/Rechnungszahlung/
http://allens.youcheckit.ca/Februar2019/ZCFKTKKP3354975/Rechnungs-Details/Rechnungszahlung/
http://allopizzanuit.fr/De_de/APWVQAFFB8960027/Rechnungs-docs/Hilfestellung/
http://altuntuval.com/info/Invoice/dRdoc-G3Q_TdxMB-ygf/
http://amatiran.online/scan/Inv/ZRpb-S20J_pneMMM-dq/
http://angelageorgesphotography.com/EN_en/corporation/Inv/79644556/IwVD-GV1W_bSw-2mY/
http://anhsangtuthien.com/US/company/RNIkZ-ldYb_hvovAD-Wx/
http://ankaraliderlikzirvesi.com/En_us/xerox/Fsjb-Dv_jAuxwqVjE-3tB/
http://apotheek-vollenhove.nl/DE/WHGZTTI7020141/Rechnungs/Zahlungserinnerung/
http://arayana.ir/llc/Invoice/EqxR-oS_fMyy-KSS/
http://archmove.com.br/file/Copy_Invoice/2170832/mRfE-olO_Aiemp-ui/
http://arqis.jp/EN_en/xerox/MCKC-oqcW_CbEvRm-Ivp/
http://attaqwapreneur.com/En_us/company/axExd-MJEG_cBtxjKJg-lxB/
http://authenticity.id/scan/Invoice_Notice/uqvC-jKT_rSYEDRAT-vJ/
http://autobuschel.ru/En_us/llc/8629908607223/gTPLL-q5m_vyXAFmH-syu/
http://ayaks-gruz.ru/De/PLYNYUU0859486/Bestellungen/Hilfestellung/
http://balooteabi.com/US_us/En_us/dxJTg-4x_QfxoqYr-GM/
http://bankofamerica24help-clients.u0482981.cp.regruhosting.ru/En_us/corporation/Inv/zVSf-iFu_tIerFBg-fU/
http://barabooseniorhigh.com/US/Invoice_Notice/kRIOU-DqB_ZsSqnJZFD-kfz/
http://barrycaputo.com/corporation/New_invoice/ReYB-KGBfF_btPUHMDOo-0wj/
http://base.n24rostov.ru/US/WVWYZ-WjTW_KXk-ni/
http://base2.n24rostov.ru/EN_en/Uieji-eaWK_nxy-bpH/
http://batdongsanphonoi.vn/company/Invoice/uwlS-nrB_QbgLLvsD-gY/
http://baza-dekora.ru/En_us/New_invoice/yQUV-A6_XiQhW-nl/
http://befirstclub.org/EN_en/70553116/VLOP-sxNSc_nyHGmQi-Yz/
http://birchgroupllc.com/file/Copy_Invoice/BrEV-q7Rcv_TwTCqh-yv/
http://birdiiz.com/De_de/LOZSGMCZB2877966/Rechnungskorrektur/Hilfestellung/
http://bkm-adwokaci.pl/res/En/Copy_Invoice/NexAt-nx_dWYibmDm-G2k/
http://blueelephantmassage.com.au/En/download/8243513533/ZsScr-fwQ_vfsKCVRz-TUA/
http://bnpartnersweb.com/US_us/New_invoice/lTKbk-Q0_L-VTm/
http://bohobitches.co.uk/file/eEwY-IVlQT_uX-Jg7/
http://bonex.it/US/Inv/2438647724/KpUgA-a9_xxNz-2G/
http://bueno.adv.br/US/document/Invoice/Swzo-dniRC_TmQUVPZCX-cpq/
http://buonbantenmien.com/DE/WGEUTXYY7185622/Rechnung/RECH/
http://camasdecks.com/info/Invoice/MQKX-w0_lMkDp-BG/
http://candyrays.co.uk/US/download/Invoice/62275413/oTAv-xZmXO_fyzKhszl-Ey/
http://caree.in/corporation/ogjZD-sn4YS_aGlxAcciF-yVX/
http://carolechabrand.it/DE/SNZSVYQOE2636987/Dokumente/Zahlung/
http://carsibazar.com/corporation/Inv/aMTY-oqbx_JdrQ-lzJ/
http://cashin.ca/US/xerox/LInKO-mf_ybRVceE-wgd/
http://catscream.wp.iex.uno/doc/Invoice_number/JTyQ-YhCg_GawolVS-h8r/
http://cech.gdansk.pl/llc/Inv/51545223150/KyNd-8Z8SW_qri-JS/
http://chopman.ru/scan/sezW-Fg_JZxlYfTKH-DNA/
http://chowdownmarketing.com/EN_en/xerox/Inv/VLPX-GccM_itLJudwyF-5GI/
http://churchofgod.team/phpMyAdmin/US_us/Invoice_number/zKVWe-HLC_tdBujH-c6R/
http://chuthapdobg.org.vn/tmp/Invoice/hgjz-zS1_rC-tl3/
http://cild.edu.vn/DE_de/VZFPYLAO2818712/gescanntes-Dokument/RECH/
http://cinemaschool.pro/En/company/Invoice_number/zTWY-bvr9_zwmKjgDNL-HW6/
http://cityofpossibilities.org/US_us/doc/Invoice_Notice/LPNXf-eZ_iB-Bc/
http://clashofclansgems.nl/US_us/30186813/ztaT-1p4J3_W-lat/
http://clickprintnow.com.au/EN_en/corporation/JCxH-tCidK_bdKaWc-tjW/
http://clients.nashikclick.com/EN_en/doc/New_invoice/rEvuk-5UC_WLYVK-Sy/
http://cng.spb.ru/De_de/FCHGHSYQQE1228151/gescanntes-Dokument/DOC/
http://construccionesrm.com.ar/US/corporation/Invoice/6295745/iUfi-T7_nLhlJ-dU/
http://corebodybrand.com/file/Inv/gsXXD-IDjWN_HnTwU-yh/
http://crypto-strategy.ru/document/Dyofl-L4l_saN-2c/
http://decorinfo.ru/document/Invoice_number/BLcL-0V3_TuwLe-Zph/
http://demo.hoatuoinhuy.vn/US/scan/CfeF-Q5gO_rtdLh-U5/
http://demo.supegift.com/En_us/Invoice_Notice/mUcf-v6U_Antg-bbJ/
http://demo1.parsnet.space/EN_en/document/New_invoice/LWhV-pN_UdPzMLn-Vc/
http://dentistmomma.com/US_us/corporation/EKaok-mK_puUnx-zb/
http://dermatologysechenov.ru/de_DE/JHSOXOMB2865068/GER/DETAILS/
http://desbloqueosuniversales.com/EN_en/corporation/Copy_Invoice/BalcZ-858_C-HIO/
http://designmebeli.by/file/Invoice_Notice/1570128133721/FFjJf-JQGOu_EKjpgbWcW-ocr/
http://dev.go.bookingrobin.com/doc/Inv/tOsm-8Bc_TwVvfZu-e5Y/
http://dijitalthink.com/de_DE/DAHQOXAU0462499/Rechnungs-Details/DOC-Dokument/
http://dinero-online.club/US_us/company/Invoice_number/ICocU-75_GkXwjNYSi-nN/
http://dixe.online/En/document/Invoice_number/cJaLC-On_M-yu/
http://dkstudy.com/LGCAITZQT8921006/de/Rechnungsanschrift/
http://dod-tec.ru/EN_en/document/73826160583/VlZUL-qU_eAPqY-tW/
http://domanhtrang.com/En/scan/Invoice_number/QVKS-FFWtW_nGdgp-xD/
http://dverliga.ru/En_us/corporation/Invoice_Notice/DVahQ-cLr_Gqhq-OlY/
http://dzienniksport.pl/scan/Invoice_number/PTylj-cHLv_iz-Fw/
http://ecotonedigital.com/US_us/corporation/rTVu-QfVXw_tQewfc-OG/
http://edax.com.pl/xerox/FLqDa-0Tg0p_xbjIkWx-KWS/
http://ejder.com.tr/US_us/xerox/New_invoice/jMzdO-9s_wPk-Em5/
http://elbizkonut.com/En_us/OhfUR-zRW_ECYHxzMCX-IwK/
http://electbloom.com/En/Inv/DUCY-Aof_ORvy-3k/
http://embrava.eu/EN_en/Copy_Invoice/TNXWS-e0tv_Pos-9xo/
http://empressxtensions.com/US_us/5667351314009/JiRt-TN_lBKR-r7/
http://equall.co/New_invoice/896860086/mSKV-N3G_kylxdZkR-mm/
http://eroes.nl/llc/Invoice_number/csrXs-CbF_bklbf-2E/
http://etka.com.tr/En/llc/New_invoice/tcEP-BV_RjtvlM-kMw/
http://explorehue.com/corporation/059767712543/FlyI-uBcdu_KAasjYjt-hW/
http://fenceandgateco.com/document/Invoice_Notice/FFAkh-MoU_GSAmzo-66T/
http://fenichka.ru/En/download/Invoice_Notice/jjhzf-rIi_PSROCFYf-OB/
http://fgroup.net/En/uMlqj-WSSW_n-0bc/
http://fiat-fullback.ru/De/UOKXXSK1821754/GER/Zahlung/
http://fonocamilapassos.com.br/En/company/uqplO-ZdR_ho-b26/
http://food-stories.ru/De/ZFIITIVLVF4074664/Rechnung/DETAILS/
http://forodigitalpyme.es/En/download/iiJNr-RvP_lMcn-8t9/
http://forsalebybuilderusa.com/En/scan/Invoice_number/0009788342914/vsHI-qTON_DqAgcAYw-11j/
http://fortuneinfosys.com/En_us/info/Invoice_Notice/2986743250/lwYN-Y2_MUvIcLZ-Asr/
http://frog.cl/xerox/Invoice/GJLg-mj_sWxLJm-Hj/
http://fupfa.org/Februar2019/BQADLYIX6017258/Rechnungs-Details/FORM/
http://fur-market.ru/Februar2019/RLSDYBEVFU3100419/Rech/Fakturierung/
http://fwpanels.com/De/ABHYSQR9969074/Rechnung/Hilfestellung/
http://gaminggo.website/dbssxdydaf/file/jeMNh-Ra_puh-g0j/
http://gbconnection.vn/Invoice_number/HXxh-fLJ_tZ-mGT/
http://gestiongerencial.com.ar/llc/Copy_Invoice/968442503382/hgrM-tGrBZ_msTmLl-Yw9/
http://gethdfit.com/En_us/llc/New_invoice/dQaZ-R2h_l-Or/
http://giamcannhanhslimfast.com/En_us/doc/Inv/0609247872/JRKos-pB0_cC-DZN/
http://giancarloraso.com/US/download/qrZvo-Z3O04_bKRwVcLq-iJ/
http://gohappybody.com/En_us/xerox/KUjt-nQhwP_FF-5K/
http://gor-gorizont.ru/de_DE/SDTELNJPXU6007402/Bestellungen/DETAILS/
http://grapeness.mx/En/xerox/Invoice_number/pbhZ-cRPgP_zEmPCHin-7w/
http://greatescapesworkshop.com/scan/Invoice_number/192204032053284/bHImA-6f_qfCKF-jXU/
http://greenoak.in/EN_en/company/Copy_Invoice/gVpn-6h_JlRzKXNK-4Y/
http://groundswellfilms.org/FLRIQOKW1501524/Rechnung/Rechnungszahlung/
http://hashtagvietnam.com/De_de/WVPIAH2280666/Bestellungen/Fakturierung/
http://health.chmoz.com/download/Copy_Invoice/HdvXD-Ii32d_HOsonMPci-dEM/
http://helmaccounts.co.uk/document/Copy_Invoice/chhjN-g8_W-kNO/
http://hongcheng.org.hk/llc/New_invoice/88982804151066/rMFQN-PSnss_ZUbTCmH-Vz/
http://horse-moskva.ru/En/Invoice/738908009963389/lWnS-H2Cu_Xbeezsrx-mMn/
http://hotelmaya.mx/En_us/scan/New_invoice/QaLyv-9S_tX-tX/
http://hourofcode.cn/De/FTTLDGN7338525/Rechnungs-Details/Hilfestellung/
http://huyushop.com/US/Invoice_Notice/zbNo-LqVx_EF-Q3W/
http://huyushop.com/us/invoice_notice/zbno-lqvx_ef-q3w/
http://hvanli.com/US_us/doc/GgFgC-xe_tpeYEEQpt-zH/
http://idecor.ge/llc/LZFor-doj_RJZPSF-jP/
http://idecor.ge/US/xerox/565711769621028/NrRJ-KIh_mCQC-8em/
http://iiccfp.com/info/Invoice_Notice/96187351938/hpGZ-WqTa_Zu-GO/
http://ikols.net/En/xerox/New_invoice/dYcyp-Ygr_eseqAkXGj-6Cz/
http://illa-berek.com/US/document/Invoice/QoACx-bj_YrUkJDFh-KP/
http://ilo-drink.nl/corporation/56243092/AQRv-C65sd_jPnXLO-Cd/
http://ingramjapan.com/US/corporation/kAuuC-LxnRQ_ev-gg/
http://ipnat.ru/US_us/company/oeia-SCsQ5_N-5cr/
http://istratrans.ru/llc/fmDd-K1p_h-yxr/
http://itexpress.victoria-makeup.kz/EN_en/download/Invoice/QMnPG-K5w_iDSg-P7/
http://izeussolutions.com/document/Copy_Invoice/hgMEX-8PG_PAvRNqo-Th/
http://jaihanuman.us/wp-content/uploads/9/En_us/download/New_invoice/CyEb-Ii_Yavg-50B/
http://jaspinformatica.com/HRdFL-IZC_yV-VS/
http://jaspinformatica.com/US_us/scan/Copy_Invoice/Bibd-nOH_KyoVziKW-Z5z/
http://joerath.ca/US_us/scan/Inv/379791966093282/ozeH-2byJM_hd-yP/
http://julesmariano.com/EN_en/file/Invoice_number/VhEQ-Umo_DjULJVV-xLK/
http://karditsa.org/DE_de/CADKDONOO0032549/Rechnungs-docs/Fakturierung/
http://kendinyap.club/EN_en/document/Invoice_number/hIBsT-Hmi2_huftCxLC-Fn/
http://keshtafzoon.com/En_us/Invoice/33015438/BgsqQ-cloCn_PaYSlBcJP-eL/
http://kgr.kirov.spb.ru/Copy_Invoice/xYDp-erk_WogHeTD-o6M/
http://kiabongo.ru/Februar2019/EIJOSYZCD2755748/DE/FORM/
http://kimberly5esthetique.com/xerox/Invoice_Notice/aboxP-ru_UVSOu-9Q/
http://kinhbacchemical.com/En_us/xerox/650849278697591/DjXN-vK_PAiJzKk-f1z/
http://knigamart38.ru/US_us/doc/Inv/0219513490/tShKm-9a_Ho-L6d/
http://kostrzewapr.pl/css/En_us/RKgIj-oF4_dC-JEq/
http://kymviet.vn/US_us/doc/04142725342386/EiTrG-7z_Hc-vqQ/
http://kynangbanhang.edu.vn/Februar2019/BJRVAYZ7803452/Rechnungs/DETAILS/
http://kynangdaotao.com/Invoice/GwpQh-2Re_lpTUlKn-mH/
http://kynanggiaotiepungxu.edu.vn/info/PJrRM-qjS_LypV-giD/
http://kynangthuyettrinh.edu.vn/EN_en/xerox/Copy_Invoice/MTUd-RE9c_ZOjEMbPN-FA/
http://lasementera.org/xerox/Invoice/8726285/cwGZ-bJ_Uyz-PDb/
http://laylalanemusic.com/DE/TIXJZV4153771/GER/RECHNUNG/
http://legalth.com/En_us/scan/Invoice_Notice/hhwOs-j7_VGrGVwj-Ghz/
http://lesclefsdor.sg/scan/IbkD-dSf1_S-bH/
http://lienquangiare.vn/US/download/CUQL-eeveX_MDgzJuFAj-r6/
http://liketop.tk/Februar2019/DEWZDFS5921051/Rechnungs/Fakturierung/
http://lionabrasives.ru/DE/RYKGGACW7337658/DE/RECHNUNG/
http://macampenyakit.com/EN_en/download/New_invoice/93164486026707/ygoS-Lw_TPKC-wIM/
http://majerasocial.com/EN_en/New_invoice/KGYDx-7B1KG_pJF-bfF/
http://mak-sports.kz/UCPCUTUBV1667532/Rechnung/Fakturierung/
http://manhattanluxuryrealestatelistings.com/En/Inv/IZWK-kTt_JLvmH-HT/
http://manualquickbooksespanol.com/scan/Inv/wIPR-wSA86_oKJzi-WVJ/
http://masjidsolar.nl/EN_en/doc/Invoice_Notice/yeKx-z3_pQRN-OH/
http://mask.studio/Februar2019/WDEJKKTMWV8742548/Rechnung/FORM/
http://maskproduction.ru/US_us/scan/Copy_Invoice/574264353827648/zfXmL-Z3_DOhxv-Pg/
http://matex.biz/En/company/New_invoice/kxTg-XJr_ddPRb-D0x/
http://matongcaocap.vn/IUEMUPSROR4940478/Rechnung/FORM/
http://maxarmstrongradio.com/US/Copy_Invoice/eQgGl-w6rV_I-Ds/
http://megahost.pt/bdDi-82_ZauxX-OER/
http://megl.ca/llc/Invoice_Notice/VZYa-iN3oZ_MmWHxgsT-C7A/
http://miamifloridainvestigator.com/DE_de/NCGPKMLQ2278313/Rechnungs/DETAILS/
http://mingroups.vn/company/Invoice_Notice/18513116945962/aBgCb-ZaC_bBREJCMeF-V1Z/
http://mingroups.vn/En/document/vqimK-93_ujgxHBl-2T/
http://mkcelectric.com/doc/qvjs-cJG4D_zNPVc-GG/
http://mmctalent.com/En/corporation/4918770/PHCI-23_m-zRS/
http://mrm.lt/company/Invoice/mRLa-XVx19_ZQh-p2m/
http://napier.eu/de_DE/AUMYNHSSLP8162109/Dokumente/DOC/
http://new.focus-group.spb.ru/US/document/GrTf-LPKo_RpNAup-sn1/
http://nexusinfor.com/DE_de/TAKMPFGFQ0046319/GER/Hilfestellung/
http://nikastroi.ru/De/DQOUAT1965838/Rechnungs-Details/Rechnungsanschrift/
http://noithatshop.vn/US_us/xerox/Invoice/KsSCN-zUX_yk-T6D/
http://northcityspb.ru/de_DE/AKUNRVPV5601935/Rechnungskorrektur/Zahlung/
http://oil-dt.ru/Februar2019/CQKVUELZW6252035/DE/DOC/
http://online01-capitalhelp24.da-ar.ru/En/doc/Invoice_Notice/mGJcc-uY_ZmaFH-ZL6/
http://online-citibank.u0482981.cp.regruhosting.ru/US/Inv/WbKV-CPO_aDzp-Gy/
http://ortotomsk.ru/De_de/EHDBXWZBJO7581980/GER/Hilfestellung/
http://otosude.com/wp-admin/llc/Invoice/NGAX-HfmVz_XjJYU-LN/
http://pattani.mcu.ac.th/wp-content/uploads/US/xerox/New_invoice/yOkVu-OX_qQVzLsP-QjW/
http://politicot.com/En_us/scan/Inv/53552012776285/uVRfy-faEM_ocsud-mzt/
http://pootle.wp.iex.uno/En/scan/Copy_Invoice/707933870/zNJzV-Vpa_BmrCyGLPK-xW/
http://port-vostochny.ru/company/Invoice/5839993372131/fNDH-UTv7_SMvffHRVw-0bl/
http://pravara-mi.com/download/Invoice_number/fofur-h2CAB_c-lgb/
http://print.abcreative.com/de_DE/CVUDOVQW1847028/Rech/Fakturierung/
http://progettonottetorino.it/En/company/cPCN-4HvR_lnc-J47/
http://prostranstvorosta.ru/EN_en/download/78720601871/gNrCC-bhx_DdkAUl-KL0/
http://pw-financial.net/Februar2019/YXSHKE7345353/Rechnungs/Rechnungszahlung/
http://qqenglish.com.cn/EN_en/llc/rkjV-e8WJ4_Qj-3Gs/
http://rameshsood.com/US/xuTXt-rfjM_iCVbXiL-tQ/
http://reddeadtwo.com/US_us/xerox/New_invoice/0555844815483/DOsL-oiU_S-W2/
http://re-ms.ru/En_us/scan/New_invoice/aSUZl-B5D_zIYW-Vz/
http://rightsense.in/En_us/Invoice_Notice/HaJTM-Mybf_VGWlPlzQx-sB/
http://rohrreinigung-wiener-neustadt.at/EN_en/yZgbm-KmG_vgWV-EN/
http://romantis.penghasilan.website/En/llc/0204066758/wVcLq-vu8C_hV-Tj/
http://rongenfishingpro.com/En/document/New_invoice/wqNW-yG_xtu-R8/
http://rupbasanbandung.com/US/xerox/Invoice_number/nitY-LG6_vaiXe-RU0/
http://salesround.com/US_us/download/Invoice_Notice/1549691030811/RrWbu-vV_jYIMXESHL-LE/
http://saleswork.nl/9883973888669/sKfw-JJWCx_zdAVRkDnn-xq/
http://saltech.sg/En/download/Copy_Invoice/3495381713649/eWZN-xn3M_sbBUu-cmF/
http://secondmortgagerates.ca/EN_en/company/TURn-PY03_URCgOL-yTN/
http://seksmag.nl/En_us/document/Invoice_number/SwMIY-3uko_iI-OJK/
http://shaynamccullough.com/US/Invoice/JFUcr-BSmEE_rjtG-MT/
http://shrimalisonimahamandal.com/US/New_invoice/fsCMJ-xXK_VaHjOdXn-AOI/
http://smdistributors.co.za/De_de/TLPKUAUXYR2124975/Rechnungs-Details/Fakturierung/
http://socialmediafactory.se/De_de/QZSPUIKYBO6106030/Rechnungs-Details/DOC/
http://sonshinecelebrations.com/EN_en/download/Inv/ILaR-yT_toW-qu2/
http://sosh47.citycheb.ru/de_DE/WKZXJI0470165/Rechnungskorrektur/Fakturierung/
http://sshousingnproperties.com/US_us/company/Copy_Invoice/xhucL-T8_LalYYnEtA-83U/
http://stemcoderacademy.com/De_de/XECTENIZU6230170/Rechnungs-docs/Rechnungszahlung/
http://suanua.com/info/Inv/296971785/lUVIn-BKedW_NjI-XSW/
http://sukien.aloduhoc.com/En_us/document/zNUN-vtLco_ELfsnAV-cg/
http://symbisystems.com/DHYIWWE1138573/Rechnungskorrektur/RECHNUNG/
http://tantrung.com/En_us/scan/Inv/681481662692/YSUCq-yL_pYdhPM-EMX/
http://techrecyclers.info/EN_en/jSjtg-W7_gGC-rJX/
http://tellingmusic.com/En_us/document/Copy_Invoice/051321957164/Jdmj-w2F_WaL-cS/
http://tesonisitma.com/En_us/Copy_Invoice/4802432474/cNSaF-Y6W_sxqIx-7g/
http://test.38abc.ru/En/Invoice/052494575759824/NbVv-we_izUt-B3z/
http://testcrowd.nl/De_de/LXZGPFAIKS1775641/Rechnungs-Details/Fakturierung/
http://thales-las.cfdt-fgmm.fr/cgi-bin/DE_de/OZBXGJKOPG3127945/Rechnungskorrektur/RECHNUNG/
http://thedarlings.com.au/xerox/OQJLZ-bf_ONdij-Uq/
http://theengineersguild.com/info/Invoice_Notice/aqJr-KGB_A-JoI/
http://thefragrancefreeshop.com/TBBAUMGGK1680634/Dokumente/Hilfestellung/
http://themaiergroup.com.au/US/qxzki-TsUoV_zBV-rIL/
http://timothymills.org.uk/corporation/Copy_Invoice/uXaER-jbJ_DYX-lyE/
http://tischer.ro/US/document/Invoice/thmRA-M2eu_ct-9s/
http://torontoluxuryrealestatelistings.com/US_us/corporation/YBFNo-8ndqK_UdBOJ-aK3/
http://traktor.parsnet.space/En/YZUYI-dlk_CfhKdCOSl-i6C/
http://trandinhtuan.vn/EN_en/download/Inv/DopUi-Wu5Tc_S-ZCn/
http://transcendsin.org/EN_en/file/Inv/22174501/epGH-Gu_zw-hIj/
http://tsogomediakit.co.za/En_us/sVLmw-N5_hQQ-Gj/
http://tych.pe/iDLLJ-fs_pQU-VF/
http://tycpyt.com/scan/Invoice_number/sHOih-7KW_iIsUFbg-0T/
http://ulco.tv/doc/Invoice_number/WRSTM-CHkG_mv-Pjb/
http://varzeshpress.com/EN_en/corporation/Invoice_Notice/bRCS-dwz6m_Z-iE/
http://vcpesaas.com/info/Invoice/pBXt-q6Sq_xS-1B/
http://venta72.ru/company/Invoice/DYTf-2H_B-jhh/
http://vgpromoters.com/llc/Invoice_number/KOrtl-rTQBR_OSKn-JB/
http://view52.com/En/ThKIO-mF3vn_LgYuedH-53/
http://viticomvietnam.com/US/file/Invoice_Notice/oqFVw-8nZ_llHfonJEE-tr/
http://vivekanandaeducation-armoor.org/corporation/Invoice_Notice/JhGpZ-bMVh_SpOYPCo-tf/
http://walnutgrey.com/de_DE/WHOYMK6607843/DE/RECHNUNG/
http://weiweinote.com/US/New_invoice/yiURQ-1c_K-Gop/
http://weresolve.ca/AWlN-dO_LPWjbADqQ-hjt/
http://weresolve.ca/doc/Invoice/KmtQq-Vs8yN_VmpHLQ-KJP/
http://westsideresources.org/US_us/scan/Copy_Invoice/BmNl-4B_LMSObWM-FN9/
http://whitefarmhousestudio.com/corporation/Invoice_number/ZZwEc-WU_kbmpt-77/
http://white-top.com/PVXzw-4087_sYrq-MzZ/
http://wiki.ugix.ru/US_us/Invoice_Notice/jnRX-jj_FaayjRy-xY2/
http://wilkinsgrants.com/551223333/WwhS-7A1ck_eHfrP-p6/
http://wineswap.com.au/US_us/aNMn-Nb_A-ire/
http://wordwave.academy/scan/66653977405360/vcjGs-3fw2I_WQzUDnH-Kq/
http://worldrunner.co.uk/download/Invoice_number/SXma-sRF_mYH-fg2/
http://wpdemo.wctravel.com.au/EN_en/Invoice_Notice/3587030376176/LuApR-pna_EJX-dW/
http://www.blueelephantmassage.com.au/En/download/8243513533/ZsScr-fwQ_vfsKCVRz-TUA/
http://www.caassure.ovh/xerox/jwrdp-dml7_N-qqo/
http://www.campustv.pk/de_DE/GVGJDPBVXP7608465/Bestellungen/DETAILS/
http://www.cateringbangkok.in.th/wp-content/US/scan/Invoice_number/Kuzfu-S4_Trevk-inp/
http://www.cbmagency.com/DE/KRYUXSHE4155921/Rechnungs-docs/Fakturierung/
http://www.cducarre.fr/US_us/xerox/Invoice/Ugzd-5F_xxzhwl-PVM/
http://www.cng.spb.ru/De_de/FCHGHSYQQE1228151/gescanntes-Dokument/DOC/
http://www.crownrentals.net/US/doc/Invoice_number/UAIL-mF_Dm-iC/
http://www.forodigitalpyme.es/En/download/iiJNr-RvP_lMcn-8t9/
http://www.forodigitalpyme.es/US/file/Invoice_Notice/YSBoc-HFsMY_FXHFU-bf/
http://www.idoctorcloud.com/Invoice/KwpQ-5yNQ_Hx-eMI/
http://www.jagielkyscandy.net/EN_en/file/EVEn-AywR_Sco-1vW/
http://www.pattani.mcu.ac.th/wp-content/uploads/US/xerox/New_invoice/yOkVu-OX_qQVzLsP-QjW/
http://www.prowidor.com/corporation/Inv/KPDJg-tK_lRzuQw-KCt/
http://www.pw-financial.net/Februar2019/YXSHKE7345353/Rechnungs/Rechnungszahlung/
http://www.qqenglish.com.cn/EN_en/llc/rkjV-e8WJ4_Qj-3Gs/
http://www.rosero.co/xerox/Invoice/FwPs-Lwi_fZ-M9T/
http://www.salesround.com/US_us/download/Invoice_Notice/1549691030811/RrWbu-vV_jYIMXESHL-LE/
http://www.seksmag.nl/En_us/document/Invoice_number/SwMIY-3uko_iI-OJK/
http://www.sgokta.com/doc/Invoice_number/eWxG-pp_tFSgHut-er/
http://www.simplebsolutions.co.uk/US/corporation/Invoice_Notice/9955581/ZEqz-9WuK_ApOHQ-8pw/
http://www.sponsorplay.com/scan/04602848/QhWi-Fl_zcy-sj/
http://www.timothymills.org.uk/corporation/Copy_Invoice/uXaER-jbJ_DYX-lyE/
http://www.vangout.com/llc/MrbP-Izeay_BUEIiE-Pk/
http://www.westernamericanfoods.com/EN_en/info/Invoice_Notice/kJSdP-s2J1M_S-7Kw/
http://www.winefriend.co.za/De/FIORQOXU7539661/Dokumente/Rechnungsanschrift/
http://xn--116-eddot8cge.xn--p1ai/En/file/fiONA-5yY_z-0BB/
http://xn--116-eddot8cge.xn--p1ai/US/UxeAF-KtEV_UdOuTI-t8q/
http://xn--34-6kc5ajgpzw.xn--p1ai/De_de/LFVOKILEVW1185520/Rech/Rechnungsanschrift/
http://xn----7sbhaobqpf0albbckrilel.xn--p1ai/New_invoice/2218786/Jshz-xJ_URFH-QA4/
http://xn--90aeb9ae9a.xn--p1ai/xerox/NGWL-eHat_nrqqdaZ-36/
http://xn-----9kccsa1afbhzcgd9a1ay5l.xn--p1ai/scan/EN_en/scan/New_invoice/xdjG-hNRx_vKYc-Dl/
http://xn----dtbicbmcv0cdfeb.xn--p1ai/file/oWMy-SkxRJ_HnOAadBB-3hM/
http://x-soft.tomsk.ru/EN_en/Invoice_Notice/Ujdw-re9LW_xd-qrV/
http://yduoclaocai.info/En_us/company/Invoice_number/OghqV-ZtJ2_w-x5J/
http://yduoclongan.info/En_us/llc/New_invoice/tuQj-tg_NsT-STe/
http://yduocthanhoa.info/Copy_Invoice/lsycr-cD_ndd-wfU/
http://yojolife.site/cgi-bin/En/llc/dfrFK-RQF3_rT-O5/
http://yourdentalfirst.com/Inv/SokEd-Qbk_dqUc-P7/
http://yushifandb.co.th/De_de/YJAEZN2289916/Rechnungskorrektur/Rechnungsanschrift/
http://zem-m7.ru/EN_en/info/njYp-zEHh1_HKV-rpl/
http://zprb.ru/company/YeGPb-MfhXf_r-PX/
https://admin.staging.buildsmart.io/document/Invoice/iDgb-7xup_ZI-omO/
https://agilife.pl/file/1767554/ajlzT-SeK_W-xRz/
https://bkkbubblebar.com/EN_en/file/pwPyo-OpsA_yEWnZTg-UL/
https://carsibazar.com/corporation/Inv/aMTY-oqbx_JdrQ-lzJ/
https://dkstudy.com/LGCAITZQT8921006/de/Rechnungsanschrift/
https://ftp.smartcarpool.co.kr/lf_care/user_picture/document/Copy_Invoice/ZPvfU-Y9N0_hUF-Mj/
https://noithatshop.vn/US_us/xerox/Invoice/KsSCN-zUX_yk-T6D/
https://protect-us.mimecast.com/s/357TC5yx0ZfRY4quOzKwy?domain=54.234.174.153/
https://tischer.ro/document/61805022/gksJP-pt_vVj-agO/
https://view52.com/En/ThKIO-mF3vn_LgYuedH-53/
https://www.dkstudy.com/LGCAITZQT8921006/de/Rechnungsanschrift/
https://www.exablack.com/Februar2019/EVPXGEQIS4018025/de/Rechnungsanschrift/

Epoch 1 Payloads by Document SHA256 - All Times UTC


Creation Time	2019-02-15 19:58:00 (XML Based - ENG - Off-Center - Light Blue White)
SHA256:
578109d64ed9c185e12a5d4c83f3059c34cf1ea61cb77e4ec1174fc25d186153
45afc9f4d53e3fbff96f519bd65b02a363a211883f528affadefa2e52f082ae1
69e06a409da3594ed4c019fde55ea24dfbcaa0fcb0c565ad67045a9e95e4818f
01b02b129fd2922c3f95341380a56f59d8d66cc1182e1e8806905bd98bc7cae6
c848b029189f309e69a7f761d8d444c90c51554539556bb3980273fa7d77a12a
4dc383917b808055b3f576594ea71fabdd1841eacc252aac3976dba7abc8e351
7a05499c076f56bfa443af34459ee61e06057d5f33aa3e7d16687347b0208a7d
c51e3d1c6f2b10da70fa41348cf2ffe32d9b867bf113b550d9cf00e1ad03d3ad
ad646e6a26b647c69c4b917b20f9335dead13f9d24cf79b920014e2a90985934
ce954101718414a6515eb603c2a09e99631cdd1e4acdb33cf73fdc13d441daa1
64ff57f6b7796927713bfdf8140757b4248e0c0972126b0cce662ebbfc8de9c8
616f316670f9fcaf0f768b829a51c7289b390da7a90ae3856333d2c6e5219140
af22751ee222f7fec37e1630103aae36c78ca3a91f7bb98e080960d92e678b07
c956ef818390cb2697c089e1eb8fd0e002201a2e2735b2b286e42cfe155b0a8e
67c0bda6446b4138ae36e17b5e72ee8c851fc6e8e4b4061403086c503738d1a5
96f13308155b96a6f917b12b813b34b0575e30016d080cb5175920a11538fe8f
e8a365e79f424b70afaf0d814137e62ee618d7886f90f14013d8cd9367cd3a33
317ef73ee5154bd08d6594b2ec0ad0e1aca1afae8fb2b2cb2cb14d780d3daa20
22ae5c6e60f38d6c1a03b80f03a48b4a40c0e8f20805a105ef69e6b01f07b45e
f9d014f5a743c882181dba1fb4076fd6def1f781916b07dae29f7c462e86b041
f803f65f511bfbdd34e622c08cf3d3ce5fe8d8a3921a2f9e469a3a25f5177436
1b0e74a2428e0658349b91bdfa1faf0aa268ead29a31d6f664f2b0dadfb9a29c
1a6342aa6a54cf5fadfce1d87f53798968f7c1a9cab190f9a72f28a2de876813
80a07cb0ec7e186a444c9848f53909e96de63eb4083b4a764b2654b9d661cf35
d0fb8300180c5ab257a79b5cd5bcaff81a2ecf535c067913bffe59477bfb0036
8b5c1d8ba88f090f1cf161a918b08e550e0d9efc0a59a26311b5d37420cf9474
d4984651bbc1b31745ba052b58e4a28779a041e902dad1a7dbcee466ca32a629
270a6a024f528ca7aaf896af939d722ceca1801460af7e7851b441f4ec990cae
a98d0840d8e56233527d8a6bc89f5131655cfc6bad53c64703c54347d0e51650
7c7137011ffde45351b95b324cfa5302ffc580721672e88c79cddf62ddeb10e9
0f7774ccc170235a1b006fd4395166a7786b0e8f9f4a87e20568bb317909cec5
b1f8014308b3d44eea52d71078b4d8d8c00bc77a39e90dcf85453f5220d65577
e48ebb4422f4feaf82849e16b561e151426d8f9de7281f60dc81ea7206ffdeeb
66e662873a8192d26208880fdb622e8d7774bf6670e90a4db92a0745bf376ef4
f231ed302b729be363c90c6d2e1759ed55eba9a10cc89c34d2224eb6f69f9968
318339f86a202cdaac198784651b9be4915fdeefa9fbeefe75f94babfe6c038d
efdc800a7bea01fe83523a9136685a053c61db0287571e0d012b018f0e3aa6b5
795232ca3eaf96e9f9de4e70eb39ac64df94c420e0f836f09b80713af626084a

http://rhlnetwork.com/uuf31PTan3/
http://eventcherry.com/EPRpYDL/
http://themodellabel.com/QByaBRWa/
http://128.199.172.4/J1EuGgi0sx/
http://207.154.223.104/sycTwoHI4/

Creation Time	2019-02-15 14:25:00 (XML Based - ENG - Off-Center - Light Blue White)
SHA256:
12d52738a3d85a0e3de633d15a33aade880ae89ecab45395b4c94d70499c2f9b
540a4124f0fe078cd6f83a017969cc812dc324135390a2a714801c380644b107
4cf047131f03bc071e0ee1cd30bc0b30033e4cfb18ed20832806c6d77a06d8a1
9d7918a944e8f45a771d34a09b961ae4fed5227c13beac0483e1c68c0a3fa308
bac60f9a5ea0a7ec807a00c420c72c953c80331e2041840d19416e791f026ed4
c10dadc91ec1e5a816f3860b2b654c41082c56d9947baf495c09739b94cd1d29
3f5c8959f964c4e8f92c91863d2439b6b85aff428ccd9480e23b3658ea9485f0
c5024133070375cedf0984199ca45c2dc900d0b474b3a750c72186c29104d6bf
c0be2edc7e76bb408e336e2dff7081a4f4a2be2a7195204284f7105f72266f6c
2750775b1132087a57df3b45f529077ca42dd1e362352773d73a7ee1baafe7ed
2240c56016d54856ce7d2b1b3c73df5e7d5267f56517d40d65f88cff76c5ebc7
8536b9ad79cab91a27a9f40ededa85b8b71bd7f94b7ebefab538adab00b841be
37de51e4cce1b955049a5bd5bbe6b38425f20c67a9f74790a5acd48a7be3eada
e1b7fda26cf6e3fb756788640f26b9ba5e0dd36843583eff85b7485d9d43fa62
bf8aaf259cdf9079be439df40d4d0b86851f8b317e3ef14d038ce035450372ba
3fa33eb59c390a5fa8770b52226537a1a3be58241aa933e9e31e43039c450264
dd311886db214bc28e2be2f2fa72815d994b392df9cedc58b2c608051d143504
eda3a261d09490852535cfb3787523c9f12c7443d63b5f986b61e490f64a8792
48078c3e5150a2f423601cc152baf68697b965ad53b2f3330797da50f4fb3b20
d3bc8fce29e70592a3370695e05ef8b67f32d84828273b94101021d3f4853e8f
126dbabfc82c77f0dcd3bae96789062145e495848c43c7568d0c3d6acfaf2d82
49268926148ace9dd2afa969a66594773e042c21b4f05594c57d032a085dcfc4
92eeec418770b620646b88beeb4ce35ec04d2092fd50347836559c648003033d
f0dd009a12a6eae424f05a46945f36b6bc1ca36877bee70137d45502697d7574
b0b5362c24ea0f21a02ba2f420b6b63832ff6fb7fb35e81223c44d24d8be7979
c1787498524d0f409c455083a63680596ec4ba4a22ea9ad3b708df433981445b
c6c079049ca23c1df66206a456f5f3639aeeb80acc1257cbb4b6b5c4c1f0c8e8
ef537e95794f57fe787db58caeec5966152e9198abf0a9031eff5b04124dbf22
f2a3c4fb551cfbb8152545e5828540a674cca02ac4060cf6b185cece74404304
e34801b0f1dc7d45f293caef4d214bdc90c1ea23e2e61f315a39e16df0c3dc55
84fc00c89ceb5da4ef9436cd1ddfc1e503e08f71c60a0c76347b8e283a80bbf6
53f704f3669db2faf8eb3223846f541b78a67acbd148ea0b5993a1231663cdb9

http://themaiergroup.com/8C4ebB7oC/
http://foundationrepairdirectory.com/4RDIWs7WeP/
http://13.233.22.226/VbLAXz7/
http://farzandeshad.com/YJYFpfds/
http://www.drberrinkarakuy.com/WbB9Y9w/

Creation Time	2019-02-15 12:35:00 (XML Based - ENG - Off-Center - Light Blue White)
SHA256:
a5cda9e08c6a68e631118acc51af16d3fb6eed3493a7545c17bb40739fc594f0
dc4f5e43b80c40d0d0c715b9437605dc3bf43addb4356abbef3922a377498f35
ad730630428442ad7b683d2af03f2cffde8fa06bf25facb46f41d1920cd29c9c
fffa60e190b828cb74f853acea632eef8f337930d02b1b59dcf9d92244ac3eff
a91c367076985a496c139b27d77daf30b9138ed72a97adc7a589ae354bfe370b
3ea1ef14bc529214b94e9ffe6a00638358c2db57d00b4bed1fce7ba646d5667c
d53f9fd700393c6feb2c80b82a057b139bdcb99de6c4bcddcc718af502d53701
af7c1b90b5f84e9f32f83a3afb094f2ceb9880c02fbb46d10daaf41b54cbcae9
d0b99fba8aebfa49ca48a0b908de8495d910b55064f21560c64877ebafc3c320
7e325765ae5b80fca7c0b74a3b1cfda0834bb85e5157d45ecaf978a035bb7628

http://81.56.198.200/MrMAFWOk9/
http://54.165.253.1/4mBBNcsGYL/
http://54.224.240.34/L0PRmepe6/
http://noithatchungcudep.info/47urKpX3/
http://128.199.68.28/QZp55xxC/

Creation Time	2019-02-15 07:14:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
4cb20ff586783c98ef32038a4138e98d432e18900d3a07200f32097e804c59d7
46bf76d348e6e778c5bc696fd33ba065518e75c6545d0205e9a6dc59b9f7d891
1c696921a66731edc869b9a950ed78a809c897fa516a1fe7b94d826df6186b57
6f6a5964aa8c142783c4c22127a1849e7c1e452025d813bd10f20cd03b694d28
27b46a9b40af7e61adaf785f734bef2ede46e738a3ba00f6f3045b1e563bedbb
b227d80f1da8de12b6eee0963b39d233a66d35802a726c1a9866054f2d518191
581490cd4e4ddbaf4f9cdaf5b0b77ee9bb98d998030e77ed18ecffc01b8ad14f
04b3e3482a652f2fe16f2efd5b489398a6ffb8be2b659b240d99bdaeeaa5f5f2
8de16622ccc656ae1950ee9f49d9dd4949ef823ec682c6b2e87f9a4d1043b999
dd1f2fbf8d2cb21f86aa9d5ee3ba2e7c43151fc0619e649cc7941ea89c438383
cd9bfb6d44bae7fec29e2b0374ee271672db07564dd3ada96e69c56260d2e986
49e0043d520c393be5a6dc736c35e073dfaf1b587efc4cb6249e034fa336e92f
e449b61d7675ea39f3388fbd70b2b5162f77d26092fb56180bc0f902677850bf
e828d07c9be87fd492f93f23fc4c23bec1ae91e583b44db8e6f6026044c9674a
b2ff7080e878c54c3e7269cf08531a8d2a09251e1b99626855fa1690829db425
67fce4c305457ba9b4e0cea8195088aba459d976113d0e43cd54e062eb0fb075
bab9daa474dbd8cd15c18dc881a633bde17174df1d45faf51e5f4ad0d5d1f138
5b68725205e39ebd559005e70b10bb1b78d91f7047b3d13b7673035ab953dc26
bcd4a63e3d1f2d64a497e57da41b4c752b00c470acbde6a0d11721cc0c850010
0d629c9ae4befd990561e036457f0af47f89eb18db6f813724d7881f3c4fea0c
2675cc6c4cf36935c4723a5dfadf605f7534bca6f175edbe581f81f71b18e778
e9d2b0cd785d1ca461b1451d110910bd3e70393091fcd4025a637c10b0d0ee22
e5a913c058d880e79ab4b21af6097fc8804581d655346e217bd779d45b4159e1
0a27f9a62432dfd396920cc780ef5d2b86515361faa0715671ac052a8724d0ac
8c904a61d15f2fb84d3865f4d9729f835e9fcef1527e845e63d2e9555038972f
5556561b3d239c0acac810a962346b4fa6749888821fd0265fd036d197ed759e
26cf13dfb811034b54c4402c63a261a4e550402931545a5e42695fd1c4bdb73f
94989903e26726fcaa9df05d455f44da79640fa2bbfb3e08bc6c553ceee6a1d4
aa6fd0dccb65f1d2948060309d406b79b62be0d02ff904bf1365668e9c6a8ad7
1842701e689d2638a899c6e83354e34072bac0711de194530beea664c96b47c9
432c91e9adf23260e3b5299b3ba90e6b961ac842d89112bfbcf482fbbd26bd90
e765b15ac1ce4e9b72365060f4812f652d22914ecd8063fc24eaa07b83a0685f

http://xem.tomtera.com/MbTsjook2n/
http://limerakitchen.com/DVgsvHWHfS/
http://casfetaudsm.org/Cx3yC6Kd/	
http://jntrader.com/QkF34W2k6s/
http://yokocobra.com/miksSYCmpY/

Creation Time	2019-02-14 19:21:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
cf992621d66e06f2fca2423a513f1f9bf828fdbc7545b9d6b3603e40a44b6dd4
65c8ffcab44c2cbba5564d5a6924af82fc313e81f8b3bf76cd78b0c1d7603c65
79fc3ad838a44fc0edfcaec1225f91b817a1811be5b09755e6e68d3a48281706
2665d158779bca41f0b6bc5920c415a8705bf7e8fd80d81e84a62f8567903a27
94eb055dd2c9d3e339e4c12764b8f7242d4a1fe33a08e7f7820ade8c357faf93
f9569ec16dad70c1a754bd86d810ac5518b38693ae2ebc770500a4a953ed795e
2bbf03b597e2dc3ae4fbd2958109e6f9a198d2ef04dad0bbecedf8ffdb93b35c
111091f5216b08b9667c31d016bca364d6d211421e0f767b33411041c0c42d8f
35a4c8ee4228e816bd4eb08f3b0a88c8a7c0d59979dad87c9cc891e0a9554ce2
f556bca81f7517130a63352d28bb4237b61cf44b71f568f2c602ab9831c49f2a
c31ba6c3131c3c7132790871f023e8e40c0132d3793ad8f4e292f8c2108a7476
7960c7c8709289a652fe4a56fab9429002205b884f36d841865324fbd5611fef
4841ff3a345487a536b76ab3f35e1e3e2e10d67cd2f151f592ac263e6206c9c1
a98ea85359c668c0f734b3b93044d2b3b9d1bc8d04359905f616f2099b82b038
655ea52876f0e7dd05a7cfbbd3b781ea2a6da9cb3539f6be2ac7ba0a09895259
4a5e8d464827fbd10a7d6a1533999bd5039c17ee3cc16d70112b15802afb755f
bc6384c64af4bc9771dc4797f4a0c1948157942b823b21493b660666790a47e0
cfe993c392de3cdda678bb9771ab9070201365aed1d597a0979b72453d3d51c6
f1bd233a3b9b6b0ea6148dea17bed51f3ca0f71e23c9e6a6955b028e516bb53f
643fd185aae3bfe6ca1fdfc6f5e7e8f71290d59783d991cb2a194a22b5b88403
4695c37088af46352ae23b590cef6aac69696c99f0ec5239921f7cf0b663fa6d
6a6b883d955728746235b16c61185dda42fd09569c15cacec2315ef594e38aee
97cab237d957c57b19ef70d5ab7e2aa5d2487cf58ebd839b50e54c3edf8c6a9d
b49c9a22922bebab7d767c732338eba417c0a6c2149ce8f141a886184be3c949
91fe305a78b5c88f6f181f3a64fa7098ee36e2e166861d505b26079b6ebeaafa
f8336db42976d5c7ec95df0f80e52fdfe8e18c9ceefbbdc898c64ee13a43cc7a
948e256c53e10b93c327b45efe8629b3f3612cb0605a782293e26d36b1950d64
ce8d31d9414f0d296828b6c176fe23d1ad4f09c93774b6d4d49b115980232238
7e432eaccc7fee2b8ab0d7bfbed20b4d3b4e519e3b325d62d14df283e2e83ebe
21735a28dea318be302e52cdd1daba76404942057a3cee24bbb3a03f5b07e752
b0d4b233aea13f0cf2e48f64ecdc6504478090bfa5414cfa1a1ce8739c20d4d2
c96c7ac1102b8ccbd02f7bb51c768da7e09e33830096718d2b33796e2cd9de7b
7624507950aee0bccf264807cf20dff21a5c3bafd476830eb29ada4b8dc8d25f
fdc58287932afb134d3fccb474c00fb6c5f5b71b6876f3a4171ebdfeb7737eb8
c8722f847d62be9287029d2f54c8e86893502c3505665f9d5533c6d1298451bf
2b1229359899970d360bf063f96918306d07c7dd6e1d5d248f24c6ec36b55897
ad1bff7ab5748a521d54db010e86dcf65d3fb23eed378927697fa4ee342ded98
910ecee21de484ef238a555495abbe912c3fc4c6585438db6f4fb3e557482f0b
fc3b02c15bb18a64052774a9a1847b19584a83bef57e2d2620a19f17a00e0da9
46ecd52135b2b3f160cb28a9054916cc6d372ebde3700fe434666825877bf670
d2e19d553d410718597203d71b480d0e42f82e6bda1b98a186ceb7524a8bb1b2
b566280cea6f3390751f2799ef2a07fd2a5ae7b94affd01f5b344e65a9d5e663
87de3380817115140976171dbb9e5aa4207f8a2dff124065a772e90df6453229
d084730c3222a57b4ca69af66213b15fc808df800fcef09536125f2b8bbb3bfc
b7a5b11180a66fb10c9957a84c517f926da64a33bfc5949a5a87d694892f30a7

http://idjvn.com/VFRvAVWyF8/
http://constructiondistrict.com/zA0jHm2vt/
http://www.bspartage.com/MofXXfVq/
http://adam-ch.com/OMKLfD9mZC/
http://galeriakolash.com.ve/RlGVXxAvx/

SHA256s for Epoch 1 Payload EXEs seen on 02/15/19


8f58b91ac8ecebb19e23dbd5b8ccd2dec28f155de7f29906867dd06dce506d69
d14b458bfe3347fbab6605654c56dcdb08f28e463d0363d8c5e149b533414c8e
e479c1fc98f4f5a2bc2cd50d197717422718bb47416368f37515fbf7ca3c0c66
431e53e36b86f786130bf5080f4d0f5359d3fce83307025cae0f8b8b93a78e71
d2a83008e73b675608dbca614100b11b788209c059cc7afa03d3f66ae4ded770
013aef2e0281742cb8bfca72babdf47f7922a94f01bf798a120f5143911af5ba
25a312419d117f969420ed83215cd414081ac21e27c771d88ef1d47867e19136
559ed08d135725d55c18d383bce899942e06116c0182e1fd12d1332805ea7080
140dc061dc1210f35cb53ae2509bd90581960af5b0cc7e851c09bd5bd3d0a2be
f97216a2cd7ae957eb625f77be15650f931c9464f439daed7ef95e4d168a5ec2
c0349f0d7f506636c3cf1caab5ef0ec02ff21955c96428ac63bbc5ba12534b2f
14b64acb8ff9c2a07ea50ba2c04aacd3c1d2681bf72f25384220ea02db388ebe
55d0d7314e9abe3eb6c5f21caaf3c9b4ba42f1564e9b034180762534e19ff6d7
f5f4ba4df77588663f7ece5a86dd8dcf9af63059703fd6b58b05c748652d34f4
072f3f4b35b48b246719e357e9b6e56313aa66bf7f538cc15457a35a8cd165ca
831c3c3a07d36d433b492c6b4f96f9fd6d81bd9df85bb5e9ecb53ad623339f43
c7f844437edb3d792536d37cc33bb7050c983e55d3153d9dd3712afe4ce18813
df2444bd34115e451bf12038c03c0276472e95ef251461bec8a0b75869fdb3c1
8f83b4e2b8385e0fba788848e975739be5d7b45477d41a5ea06c5a5c8172391f
39f475f5fa349617779cd6f205a03daec789737db383ae8df0115ef7e9896de1
36228d603694cd12d452b01deee3dafa4895d14a0a93383e59400017b481b0d2
8532393e4777030593a7a306b5b9a1fd241d5df340eef446ffe3915c5e9fd8a0
885d1fecef3af4ce4610dba04c4e553dfefbe97ca2312a881e1b7a9bd99397a7
5520bcdf3def834e9096cfc6734a38035550c8b6a02353c86877be39314df490
634c20ce7cf27031e142d40a1d3331b2973f2909778f690edaa1c3cb1ecf25ee
35844cfcb17bb4fa64baaa15a0f2cef6578c5cce301494f97f92310894dee0cd
d577a29af5b20aab8cc6fd6a99670c1229912f5e4f345ae03a70a3f2a1c59672
5c9296fbe710fc7e740ae0f189217a3c816d13afc00d9b5dec0104e913c0c5e8
14548a77608a3946dc45b1e8688034bb3a5b2e8cd565d375f79060d4f9527d70
804b8ff3c7343b00a34aafa51e288ae7a94ecb2d2b8bc938bbe8953f2a69f4cc
d76a00d95e629be142d3ad062c018bf83773a22d94a9daf1268034e851a3d8e0
f8a261b63e8e8a81bf2cace4f315650e92201efb8772f09f3b200fdc53da9866
08aac9788471a4bfbd1a9e220b42ed80869b0f64422beee3d86b4359cf320e68
340ad65eba34320c57f53e146c222599bf6035a8296bde0e11c0996457926879
a3447c68e0005200596664fe9834e6c64887c519a9d03a62078fde9124442d87
bd13166f63d46d1e97eace26f2106fcb5fd40904f89abfddc8cf39353b08a649
62fb9b9c188cba10cd50a8b1925e68db8d39e5fc33694b19275593ab45af6e31
042d736851ce2175a6d9ea49bd2237b0be182ba475c5c970840cc39161dad231
43843953ea00fa2c1a989fb924bf510937dea92d30d5f15c6f444fa2e49e77fd
e2def5045457ad6851ccc55f3e81e9a1e4c9a843fe8e2aae3444c8e9d2a1f831
bc748912af062d349122b71afaf97cac0c2ac6d933f1321bbe31ad44f1428303
931c1818b5ddc87d26adf6c546cf07373cb0134df4c00f46eb4303c8ec7ef12e
588d5ce59e157363702c70b567c418f2af9309e67b57672819ce36815ff75a7f
f0e1d7fb73cb726a49b6516c10db6419d941dd33b2d1c2cb2f6bac6652c70df7
04c02187dcafe582eed726e804901683dec8c14d7e6d79cca453872104cf52b9
b6a61c406e6d671d5aa5a899201886c1282e9000c6d19e16ec7eb6708b9a8feb
f75dee300c6a5da9b993afa8ae69a8355d262424dc783e7e12148ff2c075e550
b3ab1adefaac78234319b8fbcabdbe780203b4e9642dd0da0f469dd756772419
10727b504bbc210c4af26d806cc9c3a8ee0f428f9a5874bdb8f1e0e7733ad2b1
04700e4722242976b36f2a0039ce9d41054fa1941da7766d4dd8ec0722cea216
8eaa2fef2d232cadd0432bc2a3620db621815b2baecfb540ef06e5b435525e69
a41ecd7c8d44d6268f2fda17e6be376408bd23ce945a6e669cb13fc2a709dc4f
1e71eeedd14cd0e0039aec1ac38229af78ad4deb06bdb7eec2ecf7fe59dc4582

Epoch 2 Payloads by Document SHA256 - All Times UTC


Creation Time	2019-02-15 20:27:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
93675c4b5af94b1e065b31addd0b6aa99be51dc902896560a62bd8d87c30a9f5
4da1cf7ad1505f830de348c2e6b3e887dc9df100039666b3c94df38d9e9f132a
8082c4f56f1918bfc374e99f7c752084dd98802c32221a58c0bdab89fdec712a
59b25e2756ec3e2c0a30d5c82fddad232d138fc27c598287160b58dd185e22f0
2b2d6fc4b2c2c1cc7f3437a68ea4a53c86fe3fd59086844a45a178a7d66eb9db
8c1e2c45a9542ca5afd84eb96fd60498c3d8cf5b245b7be245a855fe671cfa8d
b7842825b5309e80b93452d0302d812f5ae4db552dfb9ee859065ee878c661f9
3536690140c70bc0d34f1e54ccc3e19529febe0ecac53120b7603688e8afe67b
e3034c6b354ef2e988570aa8a3852edf69d9b5106655b0416f8c695745dee1bb
3d2a105015f76f25982e4b7525df9ff95d0fcb9e6030d20a0de31435be09be3a
dee7a035c13d11cd62b85e03e430784c8bc82675c8c5bff1e2414f92d9cccfec
7ffd4fe72e26e0697e50febd61eeb68a8ac2082f6647804ff218e7e53a158559
13d37c13ebe92f998138f4953ef9fa3487ee94337ff3c6a7f618e01f2f9121c0
28c9ea98543527cd59aded6410c1540de3e092658690eb6911e18d22ffc46c5e
fad9aa6519064347dfcd23a81b2e6d3130ed8cb28a28f864c21f7816ed922e8c
7dbe3fa34f083a40aa32362e54ab0c7daa2a640c2a34d95fd931c40417a95198
469313aebde6e553b5075a77503377b1b336466fbc8d5ae410793434a552ff2c
17710c1404357c70866616eb1175eaaf5a5b48fc21e5c4f07700c890610741fb
2d16e7c225fbf5166db769a0edb7d3ef2815ed9402687d85e4934f28f8f5c01a
9904915a0e2796c3cc33ff1698cb4db6e66cbb12de617d5f4cda222e549928c4

http://tellusvillas.com/l2BOnRc5q_pGXL6RE/
http://markkellylive.com.au/nzB1yr7bR8Jf_VXGMg/
http://195.88.208.202/GkR3jnNg/
http://138.197.72.9/5jEtWZHLS/
http://13.126.61.11/qpA8kpDj8_rp/

Creation Time	2019-02-15 14:25:00 (Doc Based - ENG - Unzoomed Indigo/White)
SHA256:
595e15905941de90e3246af0ddddca1e301222af97d81bbc417185274037a33c
8519f51ab417e2acdf0c307a2d5b345487e52dc484b3b668b61724b49f945c1f
c58f7bf7bf4ee55159d3d6138e674a6d481bfe44d9730f89f32330afca9feed2
8c2c81eab3724a093b4fad75d4d8f97b8699c73fd85dbfc68721e488e6162e27
172238cc6d056b7066c472eeaf3a7303df4f75365f16a7396d4dbb913b57bfe1
5d144af42e46010b6ce5b6ed2fe2d1da0528c46b9a921288d1bd0e40bbe8bd81
6c5842d02dda1456a3b8e41da8c55dbb4770ca135d3f34d16a72330d8f5f32b9
81e8ab03ca56727a1d5e407c5a79deda5d8d35f7ed3a2c6ad91b36b55d685587
a34121dbb3148a64d51ab7099f0c2d5e9add622df0446a6e468021e1598e9b52
179a92ba3314be573380de2049b467d29b33a87f5ee506e357d093e7d7e46f2d
443f7a781d38ae6a58d7cf751c8703625b1b8300638ff04befc9142a0e9023af
5f18b5bf5c2fdbf6c288bca1e19d087e505d4a7ae66ca5637269c28a5a678d03
510112233bc930b7cc59ee908be43e43039edeaa74f6b1b6039c7ac5a6a4222d
ec9a1bbaa2c5f529edc38c89d4c03df97ef113ea635f3a0e932eb472eccbafb7
71fcdc9385b6fcb4b2e6c1b80a965f3b432499e76d7d5dff40d0965f7114dff7
ce8aa9c7d6c06e5fe37cc386fa16b33343f9d27eb45dcc5d5144ca97465c6f3b
94ab81e4db1d9c0f77fb6c6164d076cf24dfaf7c3fd8ab62674c877f4eeea5c8
5a4778bc32bcb7a30ed5c24f3aa7b426e8c3acf00563f7d4c1c8e078b1a67805
d1c4eacc12faf202f25668e3af6c775e5f45a3fbe6da227d2ed0e12129ca797c
6aa38232450f527768c6b38e64449750bc63fd696743d7b14619c81b6e7ece51
22e70a42eeeeea74f9d57ed75cc3cefaacb0830b5f3cc4cb3bbd28e43da45984
861ff69651f5fbca47c2db5279af709edfb2d5c1178a131c99d24a873003a040
c286bfa4a741ae1dfc7ae7176cb74166074510ec77835ee072b192d6bebae5f1
316cec27e95fde63ed487f19008068f1780fb7ac8f89d4b41780ad470cc01457
495a09f1dd092fe0016ce1cd75681e4296a802e82d3b0b7b430511144e68c330
5b2f2eb326088774f2058a22ec27992f363cc82cf8f3b1446d9d22e21f5cf283
654ce94d776c16a6974e30577490ddd3a3906f2d5244dcdef49575c09ace6646
c00a29d9ee8d43768a44fb6a3dd642028dfe059747a008989d37a7e9f8da54dc
ace4a55e7bd6b6da878c3614e4258464a2c2cca2b30a6548208b99c0f450f1dd
f5f77f89f93837581150946eea2f6b9e6f1ac6d3a8451160d2a362402b10bfd9
ee86cb3bfe2e5a4c17b50b3c37d9951164f89a18f7e1a27b92baaf29b9c395e6
3ccac07b6d5000e03cd9b04d7c9f28c5401f16a1c4fbec49cc007be7d585615e
54ec0210ef84a0405dbfa03cf6a3eff6e7d26433af839d80b570f518959df8fd
67f9e68ace864c2188ca32a9534b905dabb4d724f65a3e6e974d6e5cc30c6041
92f7d101bb1185941b0b37c4491eebca8c0dbd77928c439ad602518915ea8071
cb7ffb49be1ad1a74162fa91c0e0a804ffb2cfb462a2bbc1b99389c2e65a5096
40c3fadc0475331146630f65b5cd6c2b817825cf0192dfa4a7a692c78b2c74a8
496981c2312f8ad24d9d68f2afc93f0225462431c7f32e56ae0faef98f509fd4
b018e9c1f8735a31e580b37a4f1fa7b76c8242f17610482fcf62399e332d1acd
63e5b42e12dceef445c5603e337e4241e951d4383dd4881b5051ec0b005fdf5d
96c21a8f1fe648c4b9de0380dd45120219ab6d0e9766cdbfee7856065cf4cf5f
d787fb5bdac0650c933df11e084d90bb33abf85ba388b02df70172953353eaa9
28997eadf97f11a8a43159b148026f5facc310eadc0ac9c52c905bc768be9634
e39f51c5e013f6d5b542b875f4a97ea58d2cfe71c0467c45c338a8692c10ae4e
5514b670fdb2360d7ebe349a792c17932c31e69f9ed79d6acb22facdc2b15d02
d4053337dd48d7f99b7d016a324a94b4f386b7c07868ebca23e2604193d48d3c
1e88c6ccb939ca1abc359b1f91ad2a63ae575395c49b125f7ab06627a4e646f7
12179171ec85ce2e25de6dc800294ab6879b2586ecff1d02cb8b11b24e454422
56cebaad888a13e71845249376ca9d4c4b697d2058eac1713c4d07840d320623

http://ishqekamil.com/ciY34zeKn3d/
http://cvlancer.com/CWvd8iMnLfj9C/
http://aucklandluxuryrealestatelistings.com/pHXewgm3qzll_3L/
http://nosomosgenios.com/cCZThGY1_wVKtkj23V/
http://2647403-1.web-hosting.es/blMc65Xgegv_YFDyjpRH/

Creation Time	2019-02-15 08:44:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
962032dac4682bdfc2f5db4470e08414c3b910d348c0d56a4398afa05da301a5
44115b7321d378a8bc433aa7c666f74b7090664314b02ac14ef912f9c053b19b
3ec5ec84ca75ea608a92f2d6586b2aa0fdcb209e1106cb39b028cd180d9fc0e0
8ed5fc88b480986e71b77f8a04356620f415dbda61118f8aeeb5e42e5732f56e
59107b6f3ab97af7908aa56867a65f68f4f681a85f284077950eec2645534706
f785848cc27d19befb78878417efbcd0368b854f3817c3db6286942acb7a13bd
1fa95942b50ba9e05216e1d14d810efce62a17e4948e0bc568593807f97935a0
c7f7091a3acdf8602b44d3734a8f2b4af419ac22717019e785faaeda45d6d552
09b60ea9916d87974acb31205d8b14debce55d805bf0932c87a864645f11a537
ef0d92853060f64185bd1e8cbbc8120c68359c8a21925286f3d2bbb8a58000be
6e0e3a7a86117d0b67e8f51ec6659620d4389fd7003f1f39b10c51ce5e5625fe
b3280511fa1f6561394777af7bcd63c1213031e5f4b0c39cf13e22466ef53ebd
0e234c73d75096bb92f80f97e5055a0d3a038d69189f184dea3279381e91b94c
3b5adace92c9aa756133051cf84230fd7d13627fe571ddac9bc2dd02b915e56e
69725e571c171f06492a3aee4e1210a2255eb229f4399d770bbc3c3ec7e76df8
b13b6e56db48cfcada069ed262e7d0bf3d8111db05a17e080c82cab4ac2958ca
fd957960a0bfcd636cdfd3387f6807f042e1143bbf017f080e459a396cd8a2e2
f8172a2dc1d67fbdea13fe7d73ff8f4c4ad672afec5029225202ca9dcb1d85cc
64efd9d8b9437115972b678afe91d2d162fca505bc5bbf5c12f89be2fb5d5967
ea43e44fe8202b2c586361221366d6d73c7a3f9e00b3471202c81fc8b104dd94
f1fac57e105fc5dea493c436b5a8169a626ceb5f04e7ba277db426378936f575
b39f2165230a08be839d993a21e65fe0236b2f22bb481eaac414da80e0a16814
4bddb7c97a45703317ead1e7b4c47a303726c38b9279e6bb20304273ea87bb1c
7099059f10ab61e6a1d264b2971cdfdb1ff469679082d212f82f45417848b633
7dbb60e59c03be1e84411e2ac45d3b35a35cb64960ee38da5c510f346badab20
b6d8f83559aea424992d9ae0c957d7a57c1314b71c877c6421c6dab81b7344a4
87a4be5e902f75b3674c90c4d1497e6800df6bff04472afc6349235b75f7ac01
ac71280f56ac47e19ea329d3685797e017a95a44af1dec8d9d0fe18977de5281
10fee53ef466c2db1469b1e43e8ab0652256b13b21855ec835a07784f48c6f8b
5e1e95bbe0fcbd1debbbdfb566674ddb244ce533a66b7476e5f936f5d7e734e9
2edb0fc4f343fc9ac272a217b388774e5d1838f919d3dd899ea346a9bf33e899
d51befceae4586545e86358ab31a1c20fd7f39092f64b9bda0b3c7c4c5fa73fc
9bbec888611dbef3adb3b79f256313f8d0849a63d45fa13abeda502661ff992a
7fead632cfa06762288a63ad80bd0c4117b2731ef976db9aa0e662ab8506d43f

http://summertreesnews.com/0GkOWnOx16FEka/
http://ziyimusic.com/UodjTJ0riBe3w_gBUxJCO/
http://shalomsilverspring.com/DjYnScdrVeCU/
http://grupomedica.equipment/Ftfh7wZ3JuiVUFr/
http://hapoo.pet/9vYXJezSnwW3Q/


Creation Time	2019-02-14 20:31:00 (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
58ce2c20bb1c5fa098355c408f433f45283fd6f1c30de817f8ba0cdbd7c8b5a4
5d1417b0af6dfe343eadfb2e942320ddfa640eefab4e67f1fd73944524269c34
180b861d69ae2c5e56585f77c89c2fc310a77e8eb5dc5bc8b01383ec30466779
76829cffa47805f777bcfeecc78d19297332051588de29ec86e28a8e772c9874
64a9cca238ef5a0f0b66bae0ec4737716d3da59fe9033665f043e46dbb38fbde
b2a825dad3bf548a0d029d06ae7918aaee864f8dd585c2200e43c5fdd9d9b30f
c4c6864c23c2ec89797829a20f797eb8f347b575df03e06567e8da30a2abd54e
7315f94b01f84b76c1b1884b21bb25c747c89092347515278b32ede89ffa0a1e
51876f09ad4a176e3d4cbe9fc7e3a594951d813415b3eea7db9e46a1d50eb4f9
b87c6d9d69ea5b2e1007c27fdf3cce675e135aebc269933c59a1d818054c3ec5
8684f6a3902e53492c323711ead750c8bc89cfecf275df6dea172dd6ac2496d3
740b0a8f0a8667879b21cbe8aed9f1b4fd69bf7fa84e6a596b9e02860f5f1c54
8883d9a7d7ff701bd2cbe8a02b9925ca3dfa850859c3be1bca4386637658713d
abaca59abea151faea5ff968e925eb1365b136669aa2f353cf3015d36a7f0872
479b923b0077f6a80cf191a1727a5cbe4d5c1a25652e598eddbbb611f4b20153
2881aab6e692c0525d3d508c89480221759bb26d6a9e5fa56595838efe5db0d8
60c11b3685bf6c9c23cca22c440f1035ca43a37cdc4468e8c3ee65590fc1598f
541316a342c2973eb97eeee70a74a023e3f280e2f5f8893979eda15ab55318ff
a5fceaa60e61bc107521469cca705ecb8e7478d9088dc1db9a24398ac2bf122d
44a43a92eaaf73f061eac4756a945677670642f7036cf4b9b364f7df909e4b2b
bcc9db6f612014ed0af6110bb37fc9565c6299699e2afc510c477670139adb6a
df153c96c06c400e953a5d568ebbc36a7fdfedcb99baab67f87252150c9457a4
3258a072e0043407d3003ad7abbe646198adbf150cd69fbea3bb03b2078859c6
f40efe04a0924168cd659ebe5fa801f927f3918e47c3df3b9cb267d682f55464

http://emploired.com/ZpFvWHkpIOZ0Sl89_qI/
http://hoanglonglighting.com/03q47xywwOugYVF/
http://brazenfreight.co.za/keFNCAwCOCUbkf_lTFb/
http://cbd-planet.ch/7ON6ZtCGM_Wv/
http://foldio360.nl/kSZatJQy5U/

Creation Time	2019-02-14 15:22:00 -Rerun (XML Based - ENG - Unzoomed Indigo/White)
SHA256:
d1345b11d27480e2e8272503a1699178719bff0af83a2b28a55ad63de7324856
fdfc9e81e97a868f7682abd638b4864716ce36dcf03c0c88ecde9944e43e7c29
b2c737f365bf3786f9633b47b5a6ad178291246a4d5ffacdccdcb82c409d0399
379615a4b78b1f00179c185d32c3f1b91d7969d3afd8ac3514e829d56bde3b3b
e15b1d3ba6d78cdc35a8549a7fe802f8b4808ba610f29d58f0c9161bdc59a4e3
32022e12de45abb4646041fa13bbaf2dc56811a16024df615ea987f875a0a008
60b3e981fc794551b99dfbd3b876173a713b6a23bea42ce77a9179bd2cad4950
a790847abff6f94b363d388a6011f550227b1fd8b915d8757d063e6b860a4baa
af0c6d993ca5981c53632ca5270f138829ebe0d6f68e8a8b8a7fb761f3fd6c78
61b55d0f6ef49268ecf9307f87a8c9f9644c1115a249e088eeddab021d4d4719
4180d8687adc9a7377f1da81675b7ad26fd299a3aec263301158d83395d1c249
0d6916f0e3712f614cc2d1a033d68fcc5613576109a3433e8dc3bc0d691978f7
ed0bf400d6f097bc6ca1f736c878e9e98146ad177b10c5677b8ec9c9d3ed97ba
8392aae0677e08913ad51a48a0c1a13cc5d0e9284811a340ef2dddbef2c49472
969d18906217fb95200a191f6e85e60ca0a0d25f60b61fbdfc091bc5e6158f65
4d92b58aaf53b74409c96606d43c5317f74392e9656cb6790b2acac4edd1d0f4
bf2df017031624697f1a3eb18cd8a63352a53b2da30266465216ee56f375df84
ef68dc6c49a71cb869bc6a2c1de8232a40fb7383f4cb0ba89e3b191fbbecbc0a
ecb4b5dd62426afe2b1945a286fee06e4428a73717ef474d717f8b223954823e

http://shashlichnydom.ru/NbEDRSsyiy_Rl2/
http://wolf.camera/jkeU0iK6Mf8v_dy0Ad/
http://www.marekvoprsal.cz/s1yTiin0l_AUP/
http://www.eufacopublicidade.com.br/ULxnLcrzzz4E/
http://londonmarathon2019.kevinmiller66.co.uk/9bT6FbyqID9O9B/

SHA256s for Epoch 2 Payload EXEs seen on 02/15/19


13321c3594f36934de0ef980a69c17452e64dce253cebf5888f7eba3b86c013f
a5d92c7d370ed6f2afc3e57f20e26ff7267bcc78617101c90c4c640a91e47fc0
8ca51197e8914c908f414d455ea6204b6bc4e9f558fd29813f87749640ebebb0
eeab0d980882641347c5401c31691e58819079f23a090e45f0d7a729c22cfd5f
ddf2a34a183c4a2ff04d0f6cf09592335e11a3729ba4410eac7394b666d34f1c
910bb1a9c3945ef7fb32cfcb254a7ef50a7101887a02dda9ff43f485af2d82e8
67d1e7980e3ef24aa8127adef54e057ce24d324e28da2197482966d2cf637dfa
327d1b7b359321371003492982a4538bf33038705e295f0736f9df7b035ba620
2b00148eaae3a06f39d1b0b9482ffa2c0fc2e3dc536f99103eedb383f4d63bc5
fb766cb93d8e045c6019e59bdaaef71592dfbd64513245f3a4edad7e31649abe
3bfd2c19631e775be7a5a6700b6704c02afe50193ff23db2f4403a24aace457b
c4eaf6517322d8c67f083aae15ca5c62c04c2ea8bc375b672a610fee1cc8cec4
27eb2fa36ea6b5be9f23cb27f023c46ad94367c11fc8c341727159f799e06ead
3ed45533d7846cd93fc025aa1604a1e880cb58efee9dd1d0da3617b89d1856c1
0a0a2c09452cbe5c5c28a5eb59a97cc82cd8ccb26461c15231f0c88670db67e8
7f7a806c2d9d9c806eae375a4831be2a24d2f64805954d82e9d28c90584e9c66
5ed5e6ea8eec3027d42004118187c772b847815e05105197b45d22110bb2828b
a7a321e6291c1b1068ef73453d7c9b44b1e44262a8a61ba8a63b5ad7d2f1b121
47ab302b0d22a385d06d9d0ec8e4a0e8e0438668960a32920d1aed7b5b95cc7a
f7fce3abce93dbbd0154c761a87c318dce5695c696da25da0e5feeb3e95c00cb
4974210226006be420efe44d25a373bfa34d45ebe50baf0fae99db746060113f
6dcd2a999800294aae0e1898c74d829e653088535b1f61f21dbda5bc7f0c08e9
27e0844b5298b50cd7f7dd5666083c9acd94f41a0f1c3f612c73e37f40c77526
c3d90da3c83064c4ec006a2a3745dd7f20a6aeaabfd71e52b059dd90f1867aee
be9550664c09a649cbfff2fad747dde54d4607680045adc09b024f4a4db75c0b
a44451b86cc69cf3eab92e543c25b388592a1fcc4113a57309c56335737bff22
cc5f2d278e600719d5486df662294d03d6b504dad19032bb96cb96bbcca285b2
4b3661a4ce85d7b613cbb5c494e72607d6f6549b53f1d9179e4e4cb55af00ef0
500067d922c8a86296572877eb950ef82d392eae0673ff1c2572b918208de35d
c818f88fcb1f8f0580930b172bbf8c1ab8e36ffe2d695e6cedca584d12c163bb
559b5dfe4a331dce21dcd3d9393e845b01c52e6b8e588267900e14e0d9f90d90
808cdcfb9542a6f77f15a9e1e884415bb3cb50690ac2ef48d28e8b9a3ae5da46

Epoch 1 C2s


109.104.79.48:8080
12.6.183.21:8080
138.68.139.199:443
144.76.117.247:8080
159.65.76.245:443
162.247.42.61:80
165.227.213.173:8080
168.226.35.218:80
179.62.48.123:143
181.15.224.57:80
181.56.165.97:53
185.86.148.222:8080
186.15.180.71:443
186.4.127.72:995
186.72.205.234:22
189.173.176.115:443
189.251.40.71:8080
190.117.226.104:8080
192.155.90.90:7080
192.163.199.254:8080
200.114.142.15:80
201.124.46.8:8080
201.183.238.18:443
201.212.113.14:50000
201.217.133.34:80
208.180.246.147:80
209.159.244.240:443
210.2.86.72:8080
219.94.254.93:8080
23.254.203.51:8080
24.194.252.25:80
5.9.128.163:8080
51.255.50.164:8080
51.77.109.100:80
66.209.69.165:443
69.163.33.82:8080
70.167.72.96:143
70.24.147.245:443
71.40.213.82:8080
72.47.248.48:8080
74.45.170.110:80
76.94.36.57:80
80.15.172.81:50000
88.225.226.91:443
90.63.245.70:8080
92.48.118.27:8080
98.121.75.14:80
98.238.127.216:21

Spam/Stealer C2s


104.236.185.25:8080
181.169.2.89:8080
181.58.30.155
198.58.114.91:4143
216.98.148.157:8080
31.167.70.26:8080
64.178.246.207:8080
73.83.148.166:443
74.57.246.27:8080

Current Epoch 1 RSA Public Key


MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAL9KRKWqcld40xbUZ6hRh+fPNkgJe7K+ 0y1rR0UFqc2SBmnyoR/2Ctd+8MRvU8zri2eNVkVBxCUH1Cthf3AEgRqY2kGva8gJ Wcqls3j7RztZzqFoL+wM9DNnz/OWuiyPAQIDAQAB

Epoch 2 C2s


100.35.190.8:443
104.228.227.210:80
12.195.47.98:7080
129.24.37.8:443
133.242.164.31:7080
138.201.140.110:8080
153.121.36.202:7080
155.186.224.38:443
173.255.196.209:8080
173.255.250.241:443
178.62.37.188:443
181.1.124.16:8080
184.54.110.31:990
189.236.235.73:80
190.114.242.130:20
190.80.214.25:443
208.78.100.202:8080
211.115.111.19:443
217.13.106.160:7080
24.155.49.236:8080
24.227.158.234:21
24.228.124.151:7080
38.27.109.250:21
40.132.40.83:443
45.123.3.54:443
45.63.17.206:8080
47.224.42.17:8080
5.230.147.179:8080
50.245.173.58:80
50.31.0.160:8080
50.93.34.66:443
62.75.187.192:8080
62.75.191.231:8080
63.227.80.10:8080
67.205.149.117:443
67.254.13.154:80
69.198.17.7:8080
70.184.86.103:8080
75.99.7.18:8443
76.113.130.72:8090
76.94.226.173:20
79.75.233.224:21
83.222.124.62:8080
87.106.210.123:80
94.76.200.114:8080
95.10.12.151:80
96.37.137.42:80
97.96.130.176:80
98.175.156.154:80
98.31.4.186:21

Epoch 2 - Spam/Stealer C2s


31.167.70.26:8080
64.178.246.207:8080
73.83.148.166:443

Current Epoch 2 RSA Public Key


MHwwDQYJKoZIhvcNAQEBBQADawAwaAJhAMPLgcO0RQdJg/LTgiku57nH4KcLwHCx S0lbynOUhHhKjTnmENrMA2idUbK6hI0JRZtii9oJSlb3e5NZiCK+Qr/NB2u7ZNRc hG87aibm0ndS9xKDRXcmWwaQkF0PFuOHpwIDAQAB

Credits and Notes Section

Updated 7/13/18
WARNING - Some links may have been taken down shortly after I reported them to URLHaus.ch because they rock and report everything to ISPs as it
is confirmed to be malware. Additionally, this list MAY include doc DL URLS from previous days, see the previous days here to get the full picture:
https://pastebin.com/u/jroosen
 
NOTE: The doc DL URLS are in alphabetical order now. The community lists below may contain content I do not have in my list.
I am providing them for your benefit in case you want to parse them to be sure.

What is Epoch 1 and Epoch 2?

 
What is Epoch 1 and Epoch 2? (updated 01/29/2019)It has been awhile since I refreshed this section so I wanted to update it and bring it up to date.

I have been tracking Epoch 1 and Epoch 2 since May of 2018. Epoch 1 and 2 are two botnets with distinct C2 infrastructures with separate RSA keys for
communications. Epoch 2 is currently the larger of the two botnets and I think it is the main push of Emotet. Epoch 2 WAS a smaller more rapidly changing
version of Emotet at one point in May/June of 2018. Now Epoch 1 seems to be the smaller of the two since this time period. Despite having unique unshared
C2 infrastructures, these two botnets have been seen to move bots from one to the other and show similar behavoirs seemingly controlled by a single
entity/group. Here are some observations I have noted since I have been watching these botnets:

- Checking a document download site from Epoch 1 will deliver a document that is different than what is being delivered at the same time on an Epoch 2
document download site. Specifically, Maldocs on Epoch 1 will have a different document creation times and payload quintets than those being delivered
in maldocs on Epoch 2 at any time.
- Document hashes change very 10 minutes on both Epochs while distribution/spamming are active.
- Document download and payload URLs tend to become orphaned as templates are changed out and they age. By 72 hours most are no longer updating.
- On Monday's of every week a new set of document download sites and usually templates to accompany them are generated early on Monday morning/Sunday night.
- Both Epoch's may share a host for binaries or documents but NEVER the same directory. Eg. Epoch 1 may have an EXE in directory host.tld/A and Epoch 2 may
have a document hosted on host.tld/B.
- The RSA keys will change every month or so for C2 communications on each Epoch/Botnet.
- Binaries for Epoch 1 payload sites are different than the binaries for Epoch 2 payload sites.
- Each binary has a hard coded list of C2 sites unique to the Epoch it was derived from.
- C2s are never shared between Epochs/Botnets.
- Both Epoch 1 and 2 seem to go into "break" periods at the same time for several weeks. During this time binaries are updated every 2-4 hours to stay ahead
of AV defs.
- Spamming activity seems to cease on each botnet at around 00:00UTC each day. It usually starts back up around 07:00-08:00UTC each day.
- Spamming usually does not occur on weekends and the Emotet team seems to take weekends off.
- The easiest way to tell what botnet a sample is from is to find the payload and then check the C2s/RSA Key.

If I think of anything else to add or if anyone else has any suggestions, I will add them here.

Community Lists


https://pastebin.com/AKZn71t8 - @pollo290987
https://otx.alienvault.com/pulse/5c66bc646308ea734e45d852/ - @SecSome

Credits

(OC from @JRoosen and/or combination work of the following)

Doc DL URLs - @James_inthe_box, @unixronin, @abuse_ch, @JayTHL @dms1899, @avman1995, @pancak3lullz, @pollo290987, @malware_traffic, @0xtadavie,
@Bitterman59, @devnullnoop, @Bauldini, @baberpervez2, @executemalware, @leunammejii, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial
@shotgunner101, @HerbieZimmerman, @Outkast_TI

C2 info/RSA Keys - @unixronin, @CapeSandbox, @sysopfb, @pollo290987, @MalwareTechBlog, @ps66uk, @JayTHL, @malware_traffic, @0xtadavie, @devnullnoop,
@gorimpthon, @Racco42, @Jan0fficial

Payloads - @bigmacjpg, @decalage2, @James_inthe_box, @MalwareTechBlog, @ps66uk, @dms1899, @avman1995, @unixronin, @pancak3lullz, @pollo290987,
@malware_traffic, @JayTHL, @Bitterman59, @devnullnoop, @executemalware, @Bauldini, @jcarndt, @gorimpthon, @Racco42, @papa_anniekey, @Jan0fficial,
@OguzhanTopgul, @HerbieZimmerman

Spam Templates - @0xtadavie, @SaurabhSha15, @devnullnoop, @raashidbhatt 

Special thanks to @devnullnoop, @2sec4u, @unixronin, @pollo290987, @ps66uk for creating scripts/servers/infrastructure and helping out with all of this!

Very special thanks to @capesandbox, @bigmacjpg and @decalage2 of the ViperMonkey Project https://github.com/decalage2/ViperMonkey , 
@digitalocean, @mploessel, @anyrun_app, @MalwareTechBlog, @unixronin, @hurricanelabs, @KryptosLogic, @abuse_ch/urlhaus.abuse.ch
and @Virustotal for providing services/software no charge to this cause!

Daily Log


Received only about 20 malspams today. Unfortunately the Amazon order template is back. Also we saw more of the same newer templates today.
I was receiving some attachments documents as well.

We noticed a few oddities with the order of docs and creation times today. There seems to be a lot of reuse of previous payload quintets
but the odd thing was there were new hashes for old payload quintets that were appearing after the quintet had changed to another set in between.

E1 C2s changed and added 1 to the count for a total of 48. - Recorded above.
E2 C2s changed but the count is still the same. Recorded above.

Long week. That is about all I have for you today.
Have a great weekend everyone!

Sandbox 02/15/19

(all with fakenet and MITM unless spam/secondary infection)


Epoch 1 C2 run on 2019-02-16 at 03:30 UTC - https://cape.contextis.com/analysis/37454



Epoch 2 C2 run on 2019-02-16 at 03:30 UTC - https://cape.contextis.com/analysis/37455/