Overview

overview

10

Static

static

10

intelservice.exe

windows7-x64

10

intelservice.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    1746s
  • max time network
    1780s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/11/2023, 01:03 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    intelservice.exe

  • Size

    348KB

  • MD5

    2f890b7ca2e7b4b24bb534c28e54d7cf

  • SHA1

    e8d9f966c18f10f1eff01478d41dabacd0300da5

  • SHA256

    92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7

  • SHA512

    666670b52d4113a4909cc27fb38b851c0066a74aa2bfe67bb906a0c1fffedffaf26bd8f4aa0371adea3c9e51917c1de27b3cde2ed05db56aad16f476a955f841

  • SSDEEP

    6144:60qQ4i1FFiEKDvLJavf52ibVcbVKglEb0ouAYyj9jZV293DIa:rpliTVOf56WBYylc3DIa

Score
10/10
quasarhackeespywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.3.0.0

Botnet

hackee

C2

20.205.140.63:1024

Mutex

QSR_MUTEX_5Tlo4RbwyDWBOOlMEb

Attributes
  • encryption_key

    zFGtr8G9lnuwN5OHbzbL

  • install_name

    intelservice.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Intel CPU Service

  • subdirectory

    intelcpu

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar payload 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Creates scheduled task(s) 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\intelservice.exe
    "C:\Users\Admin\AppData\Local\Temp\intelservice.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:440
    • C:\Windows\SysWOW64\schtasks.exe
      "schtasks" /create /tn "Intel CPU Service" /sc ONLOGON /tr "C:\Users\Admin\AppData\Local\Temp\intelservice.exe" /rl HIGHEST /f
      2⤵
      • Creates scheduled task(s)
      PID:1228
    • C:\Users\Admin\AppData\Roaming\intelcpu\intelservice.exe
      "C:\Users\Admin\AppData\Roaming\intelcpu\intelservice.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4412
      • C:\Windows\SysWOW64\schtasks.exe
        "schtasks" /create /tn "Intel CPU Service" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\intelcpu\intelservice.exe" /rl HIGHEST /f
        3⤵
        • Creates scheduled task(s)
        PID:2092

Network

  • flag-us
    DNS
    67.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    67.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.154.82.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.154.82.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    146.78.124.51.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.78.124.51.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    240.221.184.93.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    240.221.184.93.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    ip-api.com
    intelservice.exe
    Remote address:
    8.8.8.8:53
    Request
    ip-api.com
    IN A
    Response
    ip-api.com
    IN A
    208.95.112.1
  • flag-us
    GET
    http://ip-api.com/json/
    intelservice.exe
    Remote address:
    208.95.112.1:80
    Request
    GET /json/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
    Host: ip-api.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Nov 2023 01:03:57 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 321
    Access-Control-Allow-Origin: *
    X-Ttl: 58
    X-Rl: 43
  • flag-us
    DNS
    198.1.85.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.1.85.104.in-addr.arpa
    IN PTR
    Response
    198.1.85.104.in-addr.arpa
    IN PTR
    a104-85-1-198deploystaticakamaitechnologiescom
  • flag-us
    DNS
    1.112.95.208.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.112.95.208.in-addr.arpa
    IN PTR
    Response
    1.112.95.208.in-addr.arpa
    IN PTR
    ip-apicom
  • flag-us
    DNS
    26.35.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    26.35.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    http://ip-api.com/json/
    intelservice.exe
    Remote address:
    208.95.112.1:80
    Request
    GET /json/ HTTP/1.1
    User-Agent: Mozilla/5.0 (Windows NT 6.3; rv:48.0) Gecko/20100101 Firefox/48.0
    Host: ip-api.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Date: Tue, 21 Nov 2023 01:04:00 GMT
    Content-Type: application/json; charset=utf-8
    Content-Length: 321
    Access-Control-Allow-Origin: *
    X-Ttl: 55
    X-Rl: 41
  • flag-us
    DNS
    63.140.205.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    63.140.205.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    208.194.73.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    208.194.73.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    86.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    86.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.126.166.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.126.166.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    138.175.53.84.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    138.175.53.84.in-addr.arpa
    IN PTR
    Response
    138.175.53.84.in-addr.arpa
    IN PTR
    a84-53-175-138deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301274_1PA1BJMKSSMY4Z5BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301274_1PA1BJMKSSMY4Z5BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 608336
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: C296A4AE925C4A8DAB862D1A1AC69743 Ref B: AMS04EDGE2919 Ref C: 2023-11-21T01:04:35Z
    date: Tue, 21 Nov 2023 01:04:35 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 528356
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0FD58BBA45734765ABACED9F55FA8155 Ref B: AMS04EDGE2919 Ref C: 2023-11-21T01:04:35Z
    date: Tue, 21 Nov 2023 01:04:35 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 681471
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: F80E24F7AE54478C8D62772B72B30627 Ref B: AMS04EDGE2919 Ref C: 2023-11-21T01:04:35Z
    date: Tue, 21 Nov 2023 01:04:35 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301683_1HSDAIPF7ZNRJKYTI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301683_1HSDAIPF7ZNRJKYTI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 592206
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EE905188B3994F32A5103C02C8C9F142 Ref B: AMS04EDGE2919 Ref C: 2023-11-21T01:04:35Z
    date: Tue, 21 Nov 2023 01:04:35 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 538610
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E9F74B1ACF5444028F13F1E6F87C51B9 Ref B: AMS04EDGE2919 Ref C: 2023-11-21T01:04:35Z
    date: Tue, 21 Nov 2023 01:04:35 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 556584
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D6B44CBB3CCB466C8DD6FAA1A84F5A31 Ref B: AMS04EDGE2919 Ref C: 2023-11-21T01:04:35Z
    date: Tue, 21 Nov 2023 01:04:35 GMT
  • flag-us
    DNS
    22.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    22.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    131.72.42.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    131.72.42.20.in-addr.arpa
    IN PTR
    Response
  • 208.95.112.1:80
    http://ip-api.com/json/
    http
    intelservice.exe
    374 B
     590 B
     5
    2

    HTTP Request

    GET http://ip-api.com/json/

    HTTP Response

    200
  • 208.95.112.1:80
    http://ip-api.com/json/
    http
    intelservice.exe
    374 B
     670 B
     5
    4

    HTTP Request

    GET http://ip-api.com/json/

    HTTP Response

    200
  • 20.205.140.63:1024
    intelservice.exe
    8.0kB
     6.9kB
     147
    145
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.2kB
     16
    12
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.3kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    126.6kB
     3.6MB
     2628
    2622

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301274_1PA1BJMKSSMY4Z5BP&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301316_1NWRA5BA4WHRRVK19&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301725_1LMIXSOPUKT44X82W&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301683_1HSDAIPF7ZNRJKYTI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317300992_1OQJAKUFY0EQY29DG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301425_1VRGL6P12DBLOL6XY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    67.31.126.40.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    67.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    241.154.82.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.154.82.20.in-addr.arpa

  • 8.8.8.8:53
    146.78.124.51.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    146.78.124.51.in-addr.arpa

  • 8.8.8.8:53
    240.221.184.93.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    240.221.184.93.in-addr.arpa

  • 8.8.8.8:53
    ip-api.com
    dns
    intelservice.exe
    56 B
     72 B
     1
    1

    DNS Request

    ip-api.com

    DNS Response

    208.95.112.1

  • 8.8.8.8:53
    198.1.85.104.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    198.1.85.104.in-addr.arpa

  • 8.8.8.8:53
    1.112.95.208.in-addr.arpa
    dns
    71 B
     95 B
     1
    1

    DNS Request

    1.112.95.208.in-addr.arpa

  • 8.8.8.8:53
    26.35.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    26.35.223.20.in-addr.arpa

  • 8.8.8.8:53
    63.140.205.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    63.140.205.20.in-addr.arpa

  • 8.8.8.8:53
    208.194.73.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    208.194.73.20.in-addr.arpa

  • 8.8.8.8:53
    86.23.85.13.in-addr.arpa
    dns
    70 B
     144 B
     1
    1

    DNS Request

    86.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    56.126.166.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    56.126.166.20.in-addr.arpa

  • 8.8.8.8:53
    138.175.53.84.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    138.175.53.84.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    22.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    22.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    131.72.42.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    131.72.42.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\intelservice.exe.log
    Filesize

    1KB

    MD5

    10eab9c2684febb5327b6976f2047587

    SHA1

    a12ed54146a7f5c4c580416aecb899549712449e

    SHA256

    f49dbd55029bfbc15134f7c6a4f967d6c39142c63f2e8f1f8c78fab108a2c928

    SHA512

    7e5fd90fffae723bd0c662a90e0730b507805f072771ee673d1d8c262dbf60c8a03ba5fe088f699a97c2e886380de158b2ccd59ee62e3d012dd6dd14ea9d0e50

    Download Submit

  • C:\Users\Admin\AppData\Roaming\intelcpu\intelservice.exe
    Filesize

    348KB

    MD5

    2f890b7ca2e7b4b24bb534c28e54d7cf

    SHA1

    e8d9f966c18f10f1eff01478d41dabacd0300da5

    SHA256

    92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7

    SHA512

    666670b52d4113a4909cc27fb38b851c0066a74aa2bfe67bb906a0c1fffedffaf26bd8f4aa0371adea3c9e51917c1de27b3cde2ed05db56aad16f476a955f841

    Download Submit

  • C:\Users\Admin\AppData\Roaming\intelcpu\intelservice.exe
    Filesize

    348KB

    MD5

    2f890b7ca2e7b4b24bb534c28e54d7cf

    SHA1

    e8d9f966c18f10f1eff01478d41dabacd0300da5

    SHA256

    92dde00e5a5426b5a20e9e9e87ea29c66c6ab7cd467cbe9a90bf971f2d21a6a7

    SHA512

    666670b52d4113a4909cc27fb38b851c0066a74aa2bfe67bb906a0c1fffedffaf26bd8f4aa0371adea3c9e51917c1de27b3cde2ed05db56aad16f476a955f841

    Download Submit

  • memory/440-4-0x0000000005840000-0x0000000005850000-memory.dmp

    Filesize

    64KB

    Download

  • memory/440-0-0x0000000000DC0000-0x0000000000E1E000-memory.dmp

    Filesize

    376KB

    Download

  • memory/440-5-0x0000000005A20000-0x0000000005A86000-memory.dmp

    Filesize

    408KB

    Download

  • memory/440-6-0x0000000005E80000-0x0000000005E92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/440-7-0x0000000006A80000-0x0000000006ABC000-memory.dmp

    Filesize

    240KB

    Download

  • memory/440-3-0x0000000005850000-0x00000000058E2000-memory.dmp

    Filesize

    584KB

    Download

  • memory/440-2-0x0000000005ED0000-0x0000000006474000-memory.dmp

    Filesize

    5.6MB

    Download

  • memory/440-1-0x00000000748E0000-0x0000000075090000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/440-15-0x00000000748E0000-0x0000000075090000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4412-16-0x00000000748E0000-0x0000000075090000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4412-17-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4412-19-0x0000000006460000-0x000000000646A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/4412-20-0x00000000748E0000-0x0000000075090000-memory.dmp

    Filesize

    7.7MB

    Download

  • memory/4412-21-0x0000000004AD0000-0x0000000004AE0000-memory.dmp

    Filesize

    64KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.