File name:

Dark Comet 5.3.2.rar

Full analysis: https://app.any.run/tasks/f73d8f60-e7d6-4a7f-848d-ca31ca5d97c4
Verdict: Malicious activity
Threats:

DarkComet RAT is a malicious program designed to remotely control or administer a victim's computer, steal private data and spy on the victim.

Malware Trends Tracker     >>>
Analysis date: August 16, 2024, 23:47:35
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
mpress
darkcomet
upx
dyndns
Indicators:
MIME: application/x-rar
File info: RAR archive data, v4, os: Win32
MD5:

9C9E0C14563E43CFDBD3B684EEA54DCD

SHA1:

D8261D6F6FBDD3BF647E90B5E8FA979A16AA9216

SHA256:

14E03138B1AD73F6C8214743A608267A7D0BBCBFFE78B31F8FB3AD343F48AB0D

SSDEEP:

98304:tiQarIeXhpgR4JN+xBQpXm+dU1ehu9YPutW5fNYYs6eiv7QMmUo1NzEokuwVP7ux:cur7I+wsWvs6d85Z5

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Changes the autorun value in the registry

      • cxcc.exe (PID: 6952)
      • msdcsc.exe (PID: 6380)

    • Changes the login/logoff helper path in the registry

      • cxcc.exe (PID: 6952)

    • Changes Security Center notification settings

      • msdcsc.exe (PID: 6380)
      • iexplore.exe (PID: 1432)

    • DARKCOMET has been detected (YARA)

      • Client.exe (PID: 6972)

  • SUSPICIOUS

    • Drops the executable file immediately after the start

      • Client.exe (PID: 6908)
      • cxcc.exe (PID: 6952)
      • Client.exe (PID: 6972)

    • Reads security settings of Internet Explorer

      • Client.exe (PID: 6908)
      • WinRAR.exe (PID: 6536)
      • cxcc.exe (PID: 6952)
      • Client.exe (PID: 6972)

    • Start notepad (likely ransomware note)

      • cxcc.exe (PID: 6952)

    • Uses ATTRIB.EXE to modify file attributes

      • cmd.exe (PID: 7036)
      • cmd.exe (PID: 7028)

    • Reads the date of Windows installation

      • Client.exe (PID: 6908)
      • cxcc.exe (PID: 6952)

    • Executable content was dropped or overwritten

      • cxcc.exe (PID: 6952)
      • Client.exe (PID: 6908)
      • Client.exe (PID: 6972)

    • Starts CMD.EXE for commands execution

      • cxcc.exe (PID: 6952)

    • Starts itself from another location

      • cxcc.exe (PID: 6952)

    • There is functionality for communication dyndns network (YARA)

      • Client.exe (PID: 6972)

  • INFO

    • Process checks computer location settings

      • Client.exe (PID: 6908)
      • cxcc.exe (PID: 6952)

    • Executable content was dropped or overwritten

      • WinRAR.exe (PID: 6536)

    • Reads the computer name

      • Client.exe (PID: 6908)
      • cxcc.exe (PID: 6952)
      • msdcsc.exe (PID: 6380)
      • Client.exe (PID: 6972)

    • Checks supported languages

      • Client.exe (PID: 6972)
      • cxcc.exe (PID: 6952)
      • Client.exe (PID: 6908)
      • msdcsc.exe (PID: 6380)

    • Create files in a temporary directory

      • Client.exe (PID: 6972)
      • Client.exe (PID: 6908)

    • Mpress packer has been detected

      • Client.exe (PID: 6972)

    • UPX packer has been detected

      • Client.exe (PID: 6972)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.rar | RAR compressed archive (v-4.x) (58.3)
.rar | RAR compressed archive (gen) (41.6)

EXIF

ZIP

CompressedSize: 5701614
UncompressedSize: 12853248
OperatingSystem: Win32
ModifyDate: 2017:02:12 20:59:30
PackingMethod: Normal
ArchivedFileName: Dark Comet 5.3.2\Dark Comet 5.3.2\Client.exe
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
148
Monitored processes
15
Malicious processes
5
Suspicious processes
0

Behavior graph

Click at the process to see the details
start winrar.exe client.exe cxcc.exe THREAT client.exe cmd.exe no specs cmd.exe no specs conhost.exe no specs conhost.exe no specs notepad.exe no specs attrib.exe no specs attrib.exe no specs msdcsc.exe iexplore.exe no specs notepad.exe no specs svchost.exe

Process information

PID
CMD
Path
Indicators
Parent process
1432"C:\Program Files (x86)\Internet Explorer\iexplore.exe"C:\Program Files (x86)\Internet Explorer\iexplore.exemsdcsc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Internet Explorer
Version:
11.00.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\program files (x86)\internet explorer\iexplore.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
2256C:\WINDOWS\system32\svchost.exe -k NetworkService -p -s DnscacheC:\Windows\System32\svchost.exe
services.exe
User:
NETWORK SERVICE
Company:
Microsoft Corporation
Integrity Level:
SYSTEM
Description:
Host Process for Windows Services
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\system32\svchost.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
c:\windows\system32\bcrypt.dll
c:\windows\system32\ucrtbase.dll
c:\windows\system32\combase.dll
c:\windows\system32\kernel.appcore.dll
5040notepadC:\Windows\SysWOW64\notepad.exeiexplore.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Notepad
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\notepad.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\gdi32.dll
c:\windows\syswow64\win32u.dll
6380"C:\Users\admin\Documents\MSDCSC\msdcsc.exe" C:\Users\admin\Documents\MSDCSC\msdcsc.exe
cxcc.exe
User:
admin
Company:
Microsoft Corp.
Integrity Level:
MEDIUM
Description:
Remote Service Application
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\documents\msdcsc\msdcsc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6536"C:\Program Files\WinRAR\WinRAR.exe" "C:\Users\admin\AppData\Local\Temp\Dark Comet 5.3.2.rar"C:\Program Files\WinRAR\WinRAR.exe
explorer.exe
User:
admin
Company:
Alexander Roshal
Integrity Level:
MEDIUM
Description:
WinRAR archiver
Version:
5.91.0
Modules
Images
c:\program files\winrar\winrar.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\win32u.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\gdi32full.dll
c:\windows\system32\msvcp_win.dll
c:\windows\system32\ucrtbase.dll
6908"C:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\Client.exe" C:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\Client.exe
WinRAR.exe
User:
admin
Company:
Unremote.org
Integrity Level:
MEDIUM
Description:
A remote administration tool from the cosmos
Exit code:
0
Version:
4.2.0.29
Modules
Images
c:\users\admin\appdata\local\temp\rar$exb6536.37689\dark comet 5.3.2\dark comet 5.3.2\client.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\shell32.dll
6952"C:\Users\admin\AppData\Local\Temp\cxcc.exe" C:\Users\admin\AppData\Local\Temp\cxcc.exe
Client.exe
User:
admin
Company:
Microsoft Corp.
Integrity Level:
MEDIUM
Description:
Remote Service Application
Exit code:
0
Version:
1, 0, 0, 1
Modules
Images
c:\users\admin\appdata\local\temp\cxcc.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
6972"C:\Users\admin\AppData\Local\Temp\Client.exe" C:\Users\admin\AppData\Local\Temp\Client.exe
Client.exe
User:
admin
Company:
Unremote.org
Integrity Level:
MEDIUM
Description:
A remote administration tool from the cosmos
Version:
4.2.0.29
Modules
Images
c:\users\admin\appdata\local\temp\client.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\oleaut32.dll
7028"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\admin\AppData\Local\Temp\cxcc.exe" +s +hC:\Windows\SysWOW64\cmd.execxcc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
7036"C:\Windows\System32\cmd.exe" /k attrib "C:\Users\admin\AppData\Local\Temp" +s +hC:\Windows\SysWOW64\cmd.execxcc.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Version:
10.0.19041.3636 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\cmd.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\msvcrt.dll
c:\windows\syswow64\combase.dll
Total events
22 895
Read events
22 782
Write events
110
Delete events
3

Modification events

(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtBMP
Value:
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface\Themes
Operation:writeName:ShellExtIcon
Value:
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:1
Value:
C:\Users\admin\Desktop\GoogleChromeEnterpriseBundle64.zip
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\ArcHistory
Operation:writeName:0
Value:
C:\Users\admin\AppData\Local\Temp\Dark Comet 5.3.2.rar
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:name
Value:
120
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:size
Value:
80
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:type
Value:
120
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\FileList\FileColumnWidths
Operation:writeName:mtime
Value:
100
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\WinRAR\Interface
Operation:writeName:ShowPassword
Value:
0
(PID) Process:(6536) WinRAR.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap
Operation:writeName:ProxyBypass
Value:
1
Executable files
8
Suspicious files
4
Text files
3
Unknown types
0

Dropped files

PID
Process
Filename
Type
6536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\Client.exeexecutable
MD5:77ABEFC4384D002091E8BFFE0E26BE64
SHA256:944E5D5196A415B19539BFBD9AE14795F2A4FFB4F05C2EA4ACBF53C52110EF90
6536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\GeoIP.datbinary
MD5:B64EA0C3E9617CCD2F22D8568676A325
SHA256:432E12E688449C2CF1B184C94E2E964F9E09398C194888A7FE1A5B1F8CF3059B
6536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\comet.dbsqlite
MD5:EB1551B704EEA54D1869FA70AA7F0A14
SHA256:F81162B1FC7730ADB489299070F9810C1736FB5E904E849EB842A72E71FFA5A4
6908Client.exeC:\Users\admin\AppData\Local\Temp\cxcc.exeexecutable
MD5:8006CC9D227E537286EADB5EFCEBBD7A
SHA256:35420715B18EB5647264E6F80F634F747C68F363FB056F44A7EA723E375C04FD
6972Client.exeC:\Users\admin\AppData\Local\Temp\config.initext
MD5:8BB400D926ED7F40BE31FADA430F45EA
SHA256:68A10A393C2FE6E8E1F47BD3B42564456CF55A7FC881550B1D7DCC765462C405
6972Client.exeC:\Users\admin\AppData\Local\Temp\GeoIP.datbinary
MD5:B64EA0C3E9617CCD2F22D8568676A325
SHA256:432E12E688449C2CF1B184C94E2E964F9E09398C194888A7FE1A5B1F8CF3059B
6536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\sqlite3.dllexecutable
MD5:D3979DB259F55D59B4EDB327673C1905
SHA256:043E5570299C6099756C1809C5632EABEAB95ED3C1A55C86843C0EC218940E5A
6972Client.exeC:\Users\admin\AppData\Local\Temp\comet.dbsqlite
MD5:EB1551B704EEA54D1869FA70AA7F0A14
SHA256:F81162B1FC7730ADB489299070F9810C1736FB5E904E849EB842A72E71FFA5A4
6536WinRAR.exeC:\Users\admin\AppData\Local\Temp\Rar$EXb6536.37689\Dark Comet 5.3.2\Dark Comet 5.3.2\config.initext
MD5:8BB400D926ED7F40BE31FADA430F45EA
SHA256:68A10A393C2FE6E8E1F47BD3B42564456CF55A7FC881550B1D7DCC765462C405
1432iexplore.exeC:\Users\admin\AppData\Roaming\dclogs\2024-08-16-6.dctext
MD5:8C423429D9B748862F61F0E46578828F
SHA256:6A24865109FA3F2CBA5A4CBF2F704FCACA864217ACF2B72B782363EC118F8983
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
7
TCP/UDP connections
54
DNS requests
29
Threats
10

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
5092
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
5092
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
2392
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
1360
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAn5bsKVVV8kdJ6vHl3O1J0%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEA77flR%2B3w%2FxBpruV2lte6A%3D
unknown
whitelisted
5336
SearchApp.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEApDqVCbATUviZV57HIIulA%3D
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
2536
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:138
whitelisted
2120
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1060
RUXIMICS.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
3888
svchost.exe
239.255.255.250:1900
whitelisted
4
System
192.168.100.255:137
whitelisted
2536
svchost.exe
40.127.240.158:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown
5336
SearchApp.exe
95.100.146.34:443
www.bing.com
Akamai International B.V.
CZ
unknown
5336
SearchApp.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
5092
svchost.exe
20.190.159.68:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
unknown

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 40.127.240.158
  • 4.231.128.59
whitelisted
google.com
  • 172.217.23.110
whitelisted
mrchlen228.ddns.net
malicious
www.bing.com
  • 95.100.146.34
  • 95.100.146.8
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 20.190.159.68
  • 20.190.159.75
  • 40.126.31.71
  • 20.190.159.71
  • 40.126.31.73
  • 20.190.159.2
  • 20.190.159.0
  • 20.190.159.23
whitelisted
client.wns.windows.com
  • 40.115.3.253
whitelisted
th.bing.com
  • 95.100.146.34
  • 95.100.146.8
whitelisted
arc.msn.com
  • 20.103.156.88
whitelisted
fd.api.iris.microsoft.com
  • 20.223.36.55
whitelisted

Threats

PID
Process
Class
Message
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
2256
svchost.exe
Potentially Bad Traffic
ET POLICY DNS Query to DynDNS Domain *.ddns .net
Process
Message
Client.exe
Thumbnail Cache: Attempting to replace an entry that is in use
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
Dark Comet 5.3.2.rar