Analysis Overview
SHA256
a1ad74dc64848ba32406c68e34533894feefe7c1eb1e41574b25bea3507d927c
Threat Level: Known bad
The file 2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker was found to be: Known bad.
Malicious Activity Summary
Detection of CryptoLocker Variants
Detection of Cryptolocker Samples
Detection of Cryptolocker Samples
Detection of CryptoLocker Variants
Executes dropped EXE
Loads dropped DLL
Checks computer location settings
Enumerates physical storage devices
Suspicious use of UnmapMainImage
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-09 07:34
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detection of Cryptolocker Samples
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-09 07:34
Reported
2024-06-09 07:37
Platform
win7-20240221-en
Max time kernel
128s
Max time network
150s
Command Line
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detection of Cryptolocker Samples
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hurok.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | N/A |
Enumerates physical storage devices
Suspicious use of UnmapMainImage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hurok.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2696 wrote to memory of 2592 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
| PID 2696 wrote to memory of 2592 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
| PID 2696 wrote to memory of 2592 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
| PID 2696 wrote to memory of 2592 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe"
C:\Users\Admin\AppData\Local\Temp\hurok.exe
"C:\Users\Admin\AppData\Local\Temp\hurok.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gemlttwi.com | udp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
Files
memory/2696-0-0x0000000000230000-0x0000000000236000-memory.dmp
memory/2696-8-0x0000000000230000-0x0000000000236000-memory.dmp
memory/2696-1-0x0000000000400000-0x0000000000406000-memory.dmp
\Users\Admin\AppData\Local\Temp\hurok.exe
| MD5 | 942f7117dc84ed6178563205a55ba8bb |
| SHA1 | 35eae2efa463683e444b83ed23ffc35aacc95e16 |
| SHA256 | 5d017d31ad7dfe4378c54b903b04412c481f01ca129e57918145967d2b542f61 |
| SHA512 | 61758961af268524f6484546a9a849104b3a9fa950ad9343ce84f01b4c55f05fef78fea92ca3ddd77a2a5c3cefd4b773607ac224979a39fef29f2ef942d187c9 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-09 07:34
Reported
2024-06-09 07:37
Platform
win10v2004-20240508-en
Max time kernel
149s
Max time network
152s
Command Line
Signatures
Detection of CryptoLocker Variants
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Detection of Cryptolocker Samples
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\hurok.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\hurok.exe | N/A |
Enumerates physical storage devices
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1996 wrote to memory of 4104 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
| PID 1996 wrote to memory of 4104 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
| PID 1996 wrote to memory of 4104 | N/A | C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe | C:\Users\Admin\AppData\Local\Temp\hurok.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-09_d027de35ae2e38744ed08255a41bec8d_cryptolocker.exe"
C:\Users\Admin\AppData\Local\Temp\hurok.exe
"C:\Users\Admin\AppData\Local\Temp\hurok.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gemlttwi.com | udp |
| US | 192.185.35.56:443 | gemlttwi.com | tcp |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.35.185.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 32.25.90.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.77.117.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.165.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 56.126.166.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 26.178.89.13.in-addr.arpa | udp |
Files
memory/1996-0-0x00000000004D0000-0x00000000004D6000-memory.dmp
memory/1996-1-0x0000000000400000-0x0000000000406000-memory.dmp
memory/1996-8-0x00000000004D0000-0x00000000004D6000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\hurok.exe
| MD5 | 942f7117dc84ed6178563205a55ba8bb |
| SHA1 | 35eae2efa463683e444b83ed23ffc35aacc95e16 |
| SHA256 | 5d017d31ad7dfe4378c54b903b04412c481f01ca129e57918145967d2b542f61 |
| SHA512 | 61758961af268524f6484546a9a849104b3a9fa950ad9343ce84f01b4c55f05fef78fea92ca3ddd77a2a5c3cefd4b773607ac224979a39fef29f2ef942d187c9 |
memory/4104-25-0x00000000005C0000-0x00000000005C6000-memory.dmp