Edit tour
Windows
Analysis Report
OWd39WUX3D.exe
Overview
General Information
| Sample Name: | OWd39WUX3D.exe |
| Original Sample Name: | dc6330aff08812b5dbaf66cf0671cb20.exe |
| Analysis ID: | 1308712 |
| MD5: | dc6330aff08812b5dbaf66cf0671cb20 |
| SHA1: | 12ce2b2bf8bceb6862db8ae9f8af9e709844d051 |
| SHA256: | 3f45f9a83b45320ea3d0350d7d4f221a3a575a42a8e6928ae6cc158ff41256b8 |
| Tags: | 32Cutwailexetrojan |
| Infos: |  |
 | |
Detection
Pushdo
| Score: | 100 |
| Range: | 0 - 100 |
| Whitelisted: | false |
| Confidence: | 100% |
Signatures
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Snort IDS alert for network traffic
Yara detected Backdoor Pushdo
Multi AV Scanner detection for submitted file
Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Found evasive API chain (may stop execution after checking mutex)
Found stalling execution ending in API Sleep call
Machine Learning detection for sample
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Send many emails (e-Mail Spam)
Opens the same file many times (likely Sandbox evasion)
Contains functionality to inject code into remote processes
Contains functionality to compare user and computer (likely to detect sandboxes)
Writes to foreign memory regions
Found evasive API chain (may stop execution after reading information in the PEB, e.g. number of processors)
Machine Learning detection for dropped file
Drops PE files to the user root directory
Contains functionality to inject threads in other processes
Tries to resolve many domain names, but no domain seems valid
Contains functionality to detect sleep reduction / modifications
Found decision node followed by non-executed suspicious APIs
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Found evasive API chain (date check)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to dynamically determine API calls
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Found evasive API chain checking for process token information
Drops PE files to the user directory
Found large amount of non-executed APIs
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Connects to many different domains
Found inlined nop instructions (likely shell or obfuscated code)
Connects to several IPs in different countries
Uses SMTP (mail sending)
Found evasive API chain (may stop execution after accessing registry keys)
Creates or modifies windows services
Uses Microsoft's Enhanced Cryptographic Provider
Contains functionality to query network adapater information
Classification
- System is w10x64
OWd39WUX3D.exe (PID: 7080 cmdline: C:\Users\u ser\Deskto p\OWd39WUX 3D.exe MD5: DC6330AFF08812B5DBAF66CF0671CB20) - svchost.exe (PID: 5872 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 4164 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 4636 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 532 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 64 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 5268 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 24032 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433)
- pigalicapi.exe (PID: 6732 cmdline:
"C:\Users\ user\pigal icapi.exe" MD5: DC6330AFF08812B5DBAF66CF0671CB20) - svchost.exe (PID: 6424 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 5492 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 23024 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 23080 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 23196 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433) - svchost.exe (PID: 23328 cmdline:
C:\Windows \system32\ svchost.ex e MD5: FA6C268A5B5BDA067A901764D203D433)
- cleanup
| Name | Description | Attribution | Blogpost URLs | Link |
|---|---|---|---|---|
| Pushdo | Pushdo is usually classified as a "downloader" trojan - meaning its true purpose is to download and install additional malicious software. There are dozens of downloader trojan families out there, but Pushdo is actually more sophisticated than most, but that sophistication lies in the Pushdo control server rather than the trojan. | No Attribution |
⊘No configs have been found
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Pushdo | Yara detected Backdoor Pushdo | Joe Security |
| Source | Rule | Description | Author | Strings |
|---|---|---|---|---|
| JoeSecurity_Pushdo | Yara detected Backdoor Pushdo | Joe Security | ||
| JoeSecurity_Pushdo | Yara detected Backdoor Pushdo | Joe Security | ||
| JoeSecurity_Pushdo | Yara detected Backdoor Pushdo | Joe Security | ||
| JoeSecurity_Pushdo | Yara detected Backdoor Pushdo | Joe Security | ||
| JoeSecurity_Pushdo | Yara detected Backdoor Pushdo | Joe Security |
⊘No Sigma rule has matched
| Timestamp: | 192.168.2.3104.21.23.949712802016867 09/15/23-07:26:04.055516 |
| SID: | 2016867 |
| Source Port: | 49712 |
| Destination Port: | 80 |
| Protocol: | TCP |
| Classtype: | A Network Trojan was detected |
Click to jump to signature section
Show All Signature Results
AV Detection |   |
|---|
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira URL Cloud: | ||
| Source: | Avira: | ||
| Source: | ReversingLabs: | |||
| Source: | Virustotal: | Perma Link | ||
| Source: | Avira: | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | Virustotal: | Perma Link | ||
| Source: | ReversingLabs: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Joe Sandbox ML: | ||
| Source: | Code function: | 1_2_005D8A70 | |
| Source: | Code function: | 1_2_005D8800 | |
| Source: | Code function: | 1_2_005D8970 | |
| Source: | Code function: | 1_2_005D47F0 | |
| Source: | Code function: | 1_2_005D8BB0 | |
| Source: | Code function: | 1_2_005D4BA0 | |
| Source: | Code function: | 1_2_005D8CF0 | |
| Source: | Code function: | 1_2_005D4880 | |
| Source: | Static PE information: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | HTTPS traffic detected: | ||
| Source: | Static PE information: | ||
| Source: | Code function: | 1_2_0120F6EF | |
| Source: | Code function: | 1_2_0120616F | |
| Source: | Code function: | 1_2_0120616F | |
| Source: | Code function: | 1_2_0120616F | |
| Source: | Code function: | 1_2_01205553 | |
| Source: | Code function: | 1_2_01201761 | |
| Source: | Code function: | 1_2_01201761 | |
| Source: | Code function: | 1_2_01201761 | |
| Source: | Code function: | 1_2_01201761 | |
| Source: | Code function: | 1_2_01201761 | |
| Source: | Code function: | 1_2_01206E24 | |
Networking | |
|---|
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | Jump to behavior | ||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Network Connect: | |||
| Source: | Network Connect: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Domain query: | |||
| Source: | Snort IDS: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | DNS traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||
| Source: | HTTP traffic detected: | ||