Clicky

Windows File Shares :: Ransomware: Wannacry Extensions

last 24 hours
File Server IP File/Folder Total Percent
10.1.1.204 \Documents\Clinic\finance\Budget-Forecasts-2016.docx -> \Documents\Clinic\finance\Budget-Forecasts-2016.wnry 2 632 84.69%
10.1.1.204 \\10.1.1.204\SHARE\Documents\Clinic\finance\Budget-Forecasts-2016.docx -> \\10.1.1.204\SHARE\Documents\Clinic\finance\Budget-Forecasts-2016.wnry 719 15.31%
last 1 hour last 4 hours last 24 hours
none
5 10 25
None Headers & Content Content Only
Delete Cancel Save

Services :: Ransomware: Wannacry Domain

last 24 hours
Sensor Client IP DNS Server IP Time Resolved IP Website Name
1: Core Packet Sensor 10.1.1.201 (WIN2008DC1) 10.1.1.1 07:38:28 104.17.40.137 (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
1: Core Packet Sensor 10.1.1.167 (USER_LAPTOP4) 10.1.1.201 (WIN2008DC1) 07:38:28 104.17.40.137 (iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com) iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com
last 1 hour last 4 hours last 24 hours
none
5 10 25
None Headers & Content Content Only
Delete Cancel Save

Web Browsers :: Ransomware: Wannacry XP Clients

last 24 hours
Sensor IP OS Browser Major Version Minor Version Last Seen At
1: Core Packet Sensor 10.1.1.167 (USER_LAPTOP4) WinXP Chrome 49 .0 07:40:32
last 1 hour last 4 hours last 24 hours
none
5 10 25
None Headers & Content Content Only
Delete Cancel Save

Windows File Shares :: Ransomware: Wannacry Ransom Text File

last 24 hours
File Server IP File/Folder Total Percent
10.1.1.204 \\10.1.1.204\SHARE\Documents\Clinic\finance\@Please_Read_Me@.txt 2 100.00%
last 1 hour last 4 hours last 24 hours
none
5 10 25
None Headers & Content Content Only
Delete Cancel Save

File Share Actions

Windows File Shares :: Ransomware: Top Clients Renaming Files

last 24 hours
Sensor Source IP Total
1: Core Packet Sensor 10.1.1.167 (USER_LAPTOP4) 6 702
last 1 hour last 4 hours last 24 hours
none pie
5 10 25
None Headers & Content Content Only
Delete Cancel Save

Windows File Shares :: Ransomware: Wannacry SMBv1

last 24 hours
Server IP Actions Total
10.1.1.204 12 805 76.66 GB
10.1.1.97 508 7.64 MB
10.1.1.201 418 7.41 MB
last 1 hour last 4 hours last 24 hours
none pie
5 10 25
None Headers & Content Content Only
Delete Cancel Save

Bandwidth :: Ransomware: Outbound 445

last 24 hours
No results
last 1 hour last 4 hours last 24 hours
none pie bar
5 10 25
None Headers & Content Content Only
Delete Cancel Save