Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
11/11/2024, 16:27 UTC
Static task
static1
Behavioral task
behavioral1
Sample
2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe
Resource
win10v2004-20241007-en
General
-
Target
2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe
-
Size
5.0MB
-
MD5
7b65594196838d8f5fb013dcfac6fada
-
SHA1
df08e23af71157c649644ddf0fa4b78d64150c79
-
SHA256
47159de8dca63f2cd81a6f2cd52fa7782a3ef9c35edabfefc338756b74986501
-
SHA512
e5210b97d5e357547511e95801169df16acf31ec7b1b0e75578359dd789a9b744b7cf1040a7bd8fd8f361468072e134963455aa0747afd9a3d941a87103496d5
-
SSDEEP
49152:QnxQqMSPbcBVQej/1INRx+TSqTdX1HkQ:Q6qPoBhz1aRxcSUDk
Malware Config
Signatures
-
Wannacry
WannaCry is a ransomware cryptoworm.
-
Wannacry family
-
Contacts a large (3260) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Drops file in System32 directory 4 IoCs
description ioc Process File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCookies 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe File opened for modification C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File created C:\WINDOWS\tasksche.exe 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe -
System Location Discovery: System Language Discovery 1 TTPs 2 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe -
Modifies data under HKEY_USERS 15 IoCs
description ioc Process Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1" 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1" 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0" 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:" 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:" 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Set value (int) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1" 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion 2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe"C:\Users\Admin\AppData\Local\Temp\2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe"1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:3436
-
C:\Users\Admin\AppData\Local\Temp\2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeC:\Users\Admin\AppData\Local\Temp\2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe -m security1⤵
- Drops file in System32 directory
- System Location Discovery: System Language Discovery
- Modifies data under HKEY_USERS
PID:4356
Network
-
DNSwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:8.8.8.8:53Requestwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN AResponsewww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN A103.224.212.215
-
DNSwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:8.8.8.8:53Requestwww.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN A
-
Remote address:8.8.8.8:53Request104.219.191.52.in-addr.arpaIN PTRResponse
-
GEThttp://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:103.224.212.215:80RequestGET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Cache-Control: no-cache
ResponseHTTP/1.1 302 Found
server: Apache
set-cookie: __tad=1731342481.8070713; expires=Thu, 09-Nov-2034 16:28:01 GMT; Max-Age=315360000
location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0183-b08f-fa319cf801a8
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
-
DNSww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:8.8.8.8:53Requestww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN AResponseww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comIN CNAME77026.bodis.com77026.bodis.comIN A199.59.243.227
-
GEThttp://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0183-b08f-fa319cf801a82024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:199.59.243.227:80RequestGET /?subid1=20241112-0328-0183-b08f-fa319cf801a8 HTTP/1.1
Cache-Control: no-cache
Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 1262
x-request-id: 99522234-7098-47ac-b552-00b0dad34be5
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_X1GfTjD97IP887QupiUQq4sHd1U10RpYA+b6Zdx/wqRA9tyVPT/9FLY0lWG/sYr1yTUWIGFV6xFIsVeuPI07wg==
set-cookie: parking_session=99522234-7098-47ac-b552-00b0dad34be5; expires=Mon, 11 Nov 2024 16:43:01 GMT; path=/
-
Remote address:8.8.8.8:53Request215.212.224.103.in-addr.arpaIN PTRResponse215.212.224.103.in-addr.arpaIN PTRlb-212-215abovecom
-
Remote address:8.8.8.8:53Request227.243.59.199.in-addr.arpaIN PTRResponse
-
GEThttp://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:103.224.212.215:80RequestGET / HTTP/1.1
Host: www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Cache-Control: no-cache
ResponseHTTP/1.1 302 Found
server: Apache
set-cookie: __tad=1731342481.8020352; expires=Thu, 09-Nov-2034 16:28:01 GMT; Max-Age=315360000
location: http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0171-9a31-3fb94de0dda0
content-length: 2
content-type: text/html; charset=UTF-8
connection: close
-
Remote address:8.8.8.8:53Request73.159.190.20.in-addr.arpaIN PTRResponse
-
GEThttp://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0171-9a31-3fb94de0dda02024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exeRemote address:199.59.243.227:80RequestGET /?subid1=20241112-0328-0171-9a31-3fb94de0dda0 HTTP/1.1
Cache-Control: no-cache
Host: ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
Connection: Keep-Alive
ResponseHTTP/1.1 200 OK
content-type: text/html; charset=utf-8
content-length: 1262
x-request-id: cdf4a093-f7ed-4825-b78d-962e8cc076c1
cache-control: no-store, max-age=0
accept-ch: sec-ch-prefers-color-scheme
critical-ch: sec-ch-prefers-color-scheme
vary: sec-ch-prefers-color-scheme
x-adblock-key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_Lif/0fUMyvY5kUGMq3zbHILs9AfrRe8Gn38pvdW+LNbL6L1DARXl2twuwB7pK4OgtpXRP2ZTRWt41k9jiphs+A==
set-cookie: parking_session=cdf4a093-f7ed-4825-b78d-962e8cc076c1; expires=Mon, 11 Nov 2024 16:43:01 GMT; path=/
-
Remote address:8.8.8.8:53Request95.221.229.192.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request228.249.119.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.211.185.52.in-addr.arpaIN PTRResponse
-
Request197.87.175.4.in-addr.arpaIN PTRResponse
-
Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Request240.221.184.93.in-addr.arpaIN PTRResponse
-
Request83.68.168.50.in-addr.arpaIN PTRResponse83.68.168.50.in-addr.arpaIN PTRc-50-168-68-83unallocatedcomcastbusinessnet
-
Request1.99.196.69.in-addr.arpaIN PTRResponse
-
Request1.99.196.69.in-addr.arpaIN PTRResponse
-
Request1.99.196.69.in-addr.arpaIN PTRResponse
-
Request131.99.196.69.in-addr.arpaIN PTRResponse
-
Request131.99.196.69.in-addr.arpaIN PTRResponse
-
Request131.99.196.69.in-addr.arpaIN PTRResponse
-
Request43.229.111.52.in-addr.arpaIN PTRResponse
-
Request61.253.63.185.in-addr.arpaIN PTRResponse61.253.63.185.in-addr.arpaIN PTRstatic1856325361host-palacecom
-
Request2.99.196.69.in-addr.arpaIN PTRResponse
-
Request2.99.196.69.in-addr.arpaIN PTRResponse
-
Request2.99.196.69.in-addr.arpaIN PTRResponse
-
Request19.253.63.185.in-addr.arpaIN PTRResponse19.253.63.185.in-addr.arpaIN PTRstatic1856325319host-palacecom
-
Request118.74.80.116.in-addr.arpaIN PTRResponse118.74.80.116.in-addr.arpaIN PTR116-80-74-118indigostaticarenanejp
-
Request3.99.196.69.in-addr.arpaIN PTRResponse
-
Request3.99.196.69.in-addr.arpaIN PTRResponse
-
Request3.99.196.69.in-addr.arpaIN PTRResponse
-
Request2.74.80.116.in-addr.arpaIN PTRResponse2.74.80.116.in-addr.arpaIN PTR116-80-74-2indigostaticarenanejp
-
Request3.74.80.116.in-addr.arpaIN PTRResponse3.74.80.116.in-addr.arpaIN PTR116-80-74-3indigostaticarenanejp
-
103.224.212.215:80http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/http2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe376 B 537 B 6 4
HTTP Request
GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/HTTP Response
302 -
199.59.243.227:80http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0183-b08f-fa319cf801a8http2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe491 B 2.1kB 7 4
HTTP Request
GET http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0183-b08f-fa319cf801a8HTTP Response
200 -
103.224.212.215:80http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/http2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe376 B 537 B 6 4
HTTP Request
GET http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/HTTP Response
302 -
199.59.243.227:80http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0171-9a31-3fb94de0dda0http2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe491 B 2.1kB 7 4
HTTP Request
GET http://ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com/?subid1=20241112-0328-0171-9a31-3fb94de0dda0HTTP Response
200 -
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 40 B 2 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 80 B 2 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 80 B 2 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 80 B 2 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 40 B 2 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 40 B 2 1
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 80 B 2 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 40 B 2 1
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
52 B 1
-
104 B 2
-
104 B 2
-
104 B 2
-
104 B 2
-
52 B 1
-
104 B 2
-
104 B 2
-
8.8.8.8:53www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comdns2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe190 B 111 B 2 1
DNS Request
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
DNS Request
www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
DNS Response
103.224.212.215
-
73 B 147 B 1 1
DNS Request
104.219.191.52.in-addr.arpa
-
8.8.8.8:53ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.comdns2024-11-11_7b65594196838d8f5fb013dcfac6fada_wannacry.exe96 B 138 B 1 1
DNS Request
ww25.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwff.com
DNS Response
199.59.243.227
-
74 B 108 B 1 1
DNS Request
215.212.224.103.in-addr.arpa
-
73 B 131 B 1 1
DNS Request
227.243.59.199.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
73.159.190.20.in-addr.arpa
-
73 B 144 B 1 1
DNS Request
95.221.229.192.in-addr.arpa
-
73 B 159 B 1 1
DNS Request
228.249.119.40.in-addr.arpa
-
73 B 147 B 1 1
DNS Request
133.211.185.52.in-addr.arpa