| File name: | junk_load_2.zip |
| Full analysis: | https://app.any.run/tasks/826478ec-e382-4abc-b7dd-abfb9e94e858 |
| Verdict: | Malicious activity |
| Threats: | DarkComet RAT is a malicious program designed to remotely control or administer a victim's computer, steal private data and spy on the victim. |
| Analysis date: | November 12, 2023, 19:36:26 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Tags: | |
| Indicators: | |
| MIME: | application/zip |
| File info: | Zip archive data, at least v2.0 to extract |
| MD5: | 9221D9BFE4B15DA2B13F518EC382855C |
| SHA1: | 17190B9E9F2DEDFDDF45EAE41792E2BDB13AF751 |
| SHA256: | 2B149822C804CD7BAEA7B7DFCFFB763C7677B91CEC02E4B258F74013FF2DCDFC |
| SSDEEP: | 98304:zi+mDYR58zGv7PNPkQjaauFYTa6t3H/Q3tp9D8RvTNQfO7f7PXWQUwYo2DHTFvAe:dR35wdhpR36ChOhsxE1Tq |
MALICIOUS
Drops the executable file immediately after the start
- facebook song_3pm.exe (PID: 3468)
- Flappy bird Cheat Tool.exe (PID: 3064)
- Testing5.exe (PID: 1576)
- facebook hack v2.14.exe (PID: 3980)
Connects to the CnC server
- instructions.exe (PID: 4080)
Changes the login/logoff helper path in the registry
- Testing5.exe (PID: 1576)
DARKCOMET has been detected (YARA)
- msdcsc.exe (PID: 2088)
SUSPICIOUS
Application launched itself
- facebook song_3pm.exe (PID: 3508)
- facebook.exe (PID: 3776)
- uTorrent.exe (PID: 3608)
Loads DLL from Mozilla Firefox
- facebook.exe (PID: 3936)
Reads the Internet Settings
- WMIC.exe (PID: 3956)
- WMIC.exe (PID: 4028)
- WMIC.exe (PID: 2116)
- WMIC.exe (PID: 2368)
- WMIC.exe (PID: 916)
- perfect dark.exe (PID: 1904)
- GTA Online Editor.exe (PID: 3004)
- uTorrent.exe (PID: 3608)
- uTorrent.exe (PID: 3952)
- SkyBlock2.0.exe (PID: 2376)
- Testing5.exe (PID: 1576)
Uses WMIC.EXE to obtain BIOS management information
- instructions.exe (PID: 4080)
Reads Microsoft Outlook installation path
- perfect dark.exe (PID: 1904)
- SkyBlock2.0.exe (PID: 2376)
Start notepad (likely ransomware note)
- Flappy bird Cheat Tool.exe (PID: 3064)
Process requests binary or script from the Internet
- uTorrent.exe (PID: 3952)
Checks Windows Trust Settings
- SkyBlock2.0.exe (PID: 2376)
Reads security settings of Internet Explorer
- SkyBlock2.0.exe (PID: 2376)
Reads settings of System Certificates
- SkyBlock2.0.exe (PID: 2376)
Starts itself from another location
- Testing5.exe (PID: 1576)
Reads Internet Explorer settings
- SkyBlock2.0.exe (PID: 2376)
- perfect dark.exe (PID: 1904)
INFO
Manual execution by a user
- facebook song_3pm.exe (PID: 3508)
- facebook hack v2.14.exe (PID: 3896)
- wmpnscfg.exe (PID: 1996)
- Crosshair32.exe (PID: 2084)
- perfect dark.exe (PID: 1904)
- AKAM.exe (PID: 1228)
- chdman.exe (PID: 1992)
- 99999.exe (PID: 2884)
- GTA Online Editor.exe (PID: 3004)
- Flappy bird Cheat Tool.exe (PID: 2516)
- Flappy bird Cheat Tool.exe (PID: 3064)
- uTorrent.exe (PID: 3608)
- Ultimate KeyBinder-beta2.exe (PID: 3704)
- Testing5.exe (PID: 1576)
- facebook hack v2.14.exe (PID: 3980)
- SkyBlock2.0.exe (PID: 2376)
- Flappy bird Cheat Tool.exe (PID: 1996)
- Flappy bird Cheat Tool.exe (PID: 1808)
Drops the executable file immediately after the start
- WinRAR.exe (PID: 3428)
Checks supported languages
- facebook song_3pm.exe (PID: 3468)
- facebook.exe (PID: 3776)
- facebook song_3pm.exe (PID: 3508)
- facebook.exe (PID: 3936)
- facebook hack v2.14.exe (PID: 3980)
- instructions.exe (PID: 4080)
- wmpnscfg.exe (PID: 1996)
- Crosshair32.exe (PID: 2084)
- perfect dark.exe (PID: 1904)
- chdman.exe (PID: 1992)
- GTA Online Editor.exe (PID: 3004)
- 99999.exe (PID: 2884)
- uTorrent.exe (PID: 3608)
- uTorrent.exe (PID: 3952)
- Flappy bird Cheat Tool.exe (PID: 3064)
- Ultimate KeyBinder-beta2.exe (PID: 3704)
- Testing5.exe (PID: 1576)
- SkyBlock2.0.exe (PID: 2376)
- AKAM.exe (PID: 1228)
- CRAZY THE RING.EXE (PID: 3968)
- Flappy bird Cheat Tool.exe (PID: 1996)
- msdcsc.exe (PID: 2088)
Reads the machine GUID from the registry
- facebook.exe (PID: 3776)
- facebook song_3pm.exe (PID: 3508)
- wmpnscfg.exe (PID: 1996)
- perfect dark.exe (PID: 1904)
- GTA Online Editor.exe (PID: 3004)
- AKAM.exe (PID: 1228)
- 99999.exe (PID: 2884)
- uTorrent.exe (PID: 3608)
- uTorrent.exe (PID: 3952)
- SkyBlock2.0.exe (PID: 2376)
- Testing5.exe (PID: 1576)
Reads the computer name
- facebook song_3pm.exe (PID: 3508)
- facebook song_3pm.exe (PID: 3468)
- facebook.exe (PID: 3776)
- facebook hack v2.14.exe (PID: 3980)
- facebook.exe (PID: 3936)
- instructions.exe (PID: 4080)
- wmpnscfg.exe (PID: 1996)
- perfect dark.exe (PID: 1904)
- 99999.exe (PID: 2884)
- GTA Online Editor.exe (PID: 3004)
- uTorrent.exe (PID: 3608)
- Flappy bird Cheat Tool.exe (PID: 3064)
- Testing5.exe (PID: 1576)
- uTorrent.exe (PID: 3952)
- SkyBlock2.0.exe (PID: 2376)
- CRAZY THE RING.EXE (PID: 3968)
- msdcsc.exe (PID: 2088)
Creates files or folders in the user directory
- facebook song_3pm.exe (PID: 3468)
- perfect dark.exe (PID: 1904)
- GTA Online Editor.exe (PID: 3004)
- uTorrent.exe (PID: 3608)
- uTorrent.exe (PID: 3952)
- SkyBlock2.0.exe (PID: 2376)
Reads mouse settings
- facebook.exe (PID: 3776)
- facebook song_3pm.exe (PID: 3508)
Create files in a temporary directory
- facebook song_3pm.exe (PID: 3468)
- facebook.exe (PID: 3776)
- facebook song_3pm.exe (PID: 3508)
- facebook hack v2.14.exe (PID: 3980)
- WMIC.exe (PID: 3956)
- WMIC.exe (PID: 4028)
- WMIC.exe (PID: 2116)
- WMIC.exe (PID: 916)
- WMIC.exe (PID: 2368)
- AKAM.exe (PID: 1228)
- Flappy bird Cheat Tool.exe (PID: 3064)
- Testing5.exe (PID: 1576)
- uTorrent.exe (PID: 3952)
- Flappy bird Cheat Tool.exe (PID: 1996)
Checks proxy server information
- perfect dark.exe (PID: 1904)
- uTorrent.exe (PID: 3608)
- uTorrent.exe (PID: 3952)
- SkyBlock2.0.exe (PID: 2376)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .zip | | | ZIP compressed archive (100) |
|---|
EXIF
ZIP
| ZipRequiredVersion: | 20 |
|---|---|
| ZipBitFlag: | - |
| ZipCompression: | Deflated |
| ZipModifyDate: | 2023:11:13 03:05:38 |
| ZipCRC: | 0xeec7ef79 |
| ZipCompressedSize: | 443509 |
| ZipUncompressedSize: | 1146368 |
| ZipFileName: | 99999.exe |
Total processes
94
Monitored processes
33
Malicious processes
8
Suspicious processes
3
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 916 | wmic /output:C:\Users\admin\AppData\Local\Temp\obhhelper.txt bios get version | C:\Windows\System32\wbem\WMIC.exe | — | instructions.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: HIGH Description: WMI Commandline Utility Exit code: 0 Version: 6.1.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1228 | "C:\Users\admin\Desktop\AKAM.exe" | C:\Users\admin\Desktop\AKAM.exe | explorer.exe | ||||||||||||
User: admin Company: Akam Pro Integrity Level: MEDIUM Exit code: 0 Version: 4.01.0005 Modules
| |||||||||||||||
| 1576 | "C:\Users\admin\Desktop\Testing5.exe" | C:\Users\admin\Desktop\Testing5.exe | explorer.exe | ||||||||||||
User: admin Company: Microsoft Corp. Integrity Level: MEDIUM Description: Remote Service Application Exit code: 0 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
| 1808 | "C:\Users\admin\Desktop\Flappy bird Cheat Tool.exe" | C:\Users\admin\Desktop\Flappy bird Cheat Tool.exe | — | explorer.exe | |||||||||||
User: admin Company: Castle Clash ULTIMATE Hack Integrity Level: MEDIUM Description: Castle Clash ULTIMATE Hack Tool 5.1 Installation Exit code: 3221226540 Version: 5.1 Modules
| |||||||||||||||
| 1904 | "C:\Users\admin\Desktop\perfect dark.exe" | C:\Users\admin\Desktop\perfect dark.exe | — | explorer.exe | |||||||||||
User: admin Company: information liberation organization Integrity Level: MEDIUM Description: perfect dark Exit code: 0 Version: 0, 0, 0, 0 Modules
| |||||||||||||||
| 1992 | "C:\Users\admin\Desktop\chdman.exe" | C:\Users\admin\Desktop\chdman.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 1 Modules
| |||||||||||||||
| 1996 | "C:\Program Files\Windows Media Player\wmpnscfg.exe" | C:\Program Files\Windows Media Player\wmpnscfg.exe | — | explorer.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Media Player Network Sharing Service Configuration Application Exit code: 0 Version: 12.0.7600.16385 (win7_rtm.090713-1255) Modules
| |||||||||||||||
| 1996 | "C:\Users\admin\Desktop\Flappy bird Cheat Tool.exe" | C:\Users\admin\Desktop\Flappy bird Cheat Tool.exe | explorer.exe | ||||||||||||
User: admin Company: Castle Clash ULTIMATE Hack Integrity Level: HIGH Description: Castle Clash ULTIMATE Hack Tool 5.1 Installation Exit code: 0 Version: 5.1 Modules
| |||||||||||||||
| 2084 | "C:\Users\admin\Desktop\Crosshair32.exe" | C:\Users\admin\Desktop\Crosshair32.exe | — | explorer.exe | |||||||||||
User: admin Integrity Level: MEDIUM Exit code: 0 Version: 1.1.14.03 Modules
| |||||||||||||||
| 2088 | "C:\Users\admin\AppData\Local\Temp\MSDCSC\msdcsc.exe" | C:\Users\admin\AppData\Local\Temp\MSDCSC\msdcsc.exe | Testing5.exe | ||||||||||||
User: admin Company: Microsoft Corp. Integrity Level: MEDIUM Description: Remote Service Application Exit code: 0 Version: 1, 0, 0, 1 Modules
| |||||||||||||||
Total events
14 489
Read events
14 282
Write events
204
Delete events
3
Modification events
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\17A\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 2 |
Value: C:\Users\admin\Desktop\virtio_ivshmem_master_build.zip | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 1 |
Value: C:\Users\admin\Desktop\Win7-KB3191566-x86.zip | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\ArcHistory |
| Operation: | write | Name: | 0 |
Value: C:\Users\admin\Desktop\phacker.zip | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | name |
Value: 120 | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | size |
Value: 80 | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | type |
Value: 120 | |||
| (PID) Process: | (3428) WinRAR.exe | Key: | HKEY_CURRENT_USER\Software\WinRAR\FileList\FileColumnWidths |
| Operation: | write | Name: | mtime |
Value: 100 | |||
| (PID) Process: | (3572) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | ProxyBypass |
Value: 1 | |||
| (PID) Process: | (3572) iexplore.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap |
| Operation: | write | Name: | IntranetName |
Value: 1 | |||
Executable files
23
Suspicious files
32
Text files
184
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\chdman.exe | executable | |
MD5:2CCDDAC5D682354B6DF31A67A01CA92E | SHA256:5AEBEF7EEBF19D8A40F0CA7FF3029D3FA6A60707FC946F372F7CA46B6535CBF4 | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\AKAM.exe | executable | |
MD5:9C074977F5680854415BE714F4885591 | SHA256:A97EE23072740BAB3274FB532C6B88314C0C1A3E1F98B2FD9C53008C91B9ED52 | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\PaPaGO.exe | executable | |
MD5:C1C3CA33336A2D43EDD6F80667E36DED | SHA256:292E6BCD7D73FAF125AAC30F0B06059A39AAE2B6ED52F4F07F86BD45345F2BB2 | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\facebook hack v2.14.exe | executable | |
MD5:4C180A337963153CBE0DF0C345934F6F | SHA256:1FEF3B6416E62A9D0EA173CE466593125A72DB46DDF54A00DE4195089AEB57AF | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\Crosshair32.exe | executable | |
MD5:FCC2EF4D233FCC8AE10EC3AE8E3AB28D | SHA256:D770B03A7B761FF4F7CC4B8A9736E06B8ABBCF78905C54213F915CFD9E65DD7C | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\perfect dark.exe | executable | |
MD5:D886C2057E2048F3E963E9D82F4E0F6B | SHA256:EBCA6BCD9A6C141220EB29B905846FC807FD7275C67FCF9E0DEF40899C2FD1E2 | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\flower_art.exe | executable | |
MD5:96CD4CBAA09CA7D3C4AFC5654E0C38D5 | SHA256:62D2D5E57679EB95929E6D0E0A3DFE07207F614DF6E3E08B75F8ED6F1DAAC8CC | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\99999.exe | executable | |
MD5:F4CB56B8255FFF183F26D77B3699C496 | SHA256:E1373FFE177E3F2C010E8CDB3F21F8D4F5E2CEC68D4D4C7B2D81F538A60BB1A7 | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\Flappy bird Cheat Tool.exe | executable | |
MD5:E5C9FBAC9CFA78427DCAB59D989D9B40 | SHA256:0344ADE898E36502318F0071940DCE226BF49CC51C5B65BDCB45A0B29E2E8FA8 | |||
| 3428 | WinRAR.exe | C:\Users\admin\AppData\Local\Temp\Rar$DRa3428.28242\Ultimate KeyBinder-beta2.exe | executable | |
MD5:CC46DB450323861005DC25909522E53B | SHA256:5336FFBBF5AA70A3E6BCC63EFFF200366BD93F37BD9905C53B5DF23E8B47F9F4 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
10
TCP/UDP connections
18
DNS requests
13
Threats
7
HTTP requests
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
|---|---|---|---|---|---|---|---|---|---|
3952 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=105082294&h=VK3zuVZ65GDmxoLZ&w=1DB10106&bu=0&pr=0&cmp=0&showtbexists&pid=3952&au=0&tbe=0&cd=0&view=win32 | unknown | — | — | unknown |
4080 | instructions.exe | GET | 302 | 3.94.41.167:80 | http://installer.ppdownload.com/Installer/Flow?pubid=8832&distid=13061&productid=12460&subpubid=0&campaignid=0&networkid=&dfb=-1&os=6.1&iev=9.11&ffv=115.0&chromev=109.0&macaddress=&netv=&hb=0&systembit=32&vm=0&version=3.0 | unknown | — | — | unknown |
2376 | SkyBlock2.0.exe | GET | 200 | 172.64.149.23:80 | http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D | unknown | binary | 1.42 Kb | unknown |
2376 | SkyBlock2.0.exe | GET | 200 | 178.79.242.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?81f1da039b4ef34d | unknown | compressed | 4.66 Kb | unknown |
2376 | SkyBlock2.0.exe | GET | 200 | 178.79.242.128:80 | http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?7ae1550059460714 | unknown | compressed | 4.66 Kb | unknown |
2376 | SkyBlock2.0.exe | GET | 200 | 172.64.149.23:80 | http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEH1bUSa0droR23QWC7xTDac%3D | unknown | binary | 2.18 Kb | unknown |
3952 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installstats.php?cl=uTorrent&v=105082294&h=VK3zuVZ65GDmxoLZ&w=1DB10106&bu=0&pr=0&cmp=0&offerretrievedfromserver&pid=3952&au=0&ServerOfferRetrieved=1&oc=1&bu=0&view=win32 | unknown | — | — | unknown |
2376 | SkyBlock2.0.exe | GET | 301 | 146.75.120.193:80 | http://i.imgur.com/qO15w.jpg | unknown | — | — | unknown |
2376 | SkyBlock2.0.exe | GET | 301 | 146.75.120.193:80 | http://i.imgur.com/Td1VD.jpg | unknown | — | — | unknown |
3952 | uTorrent.exe | GET | 200 | 67.215.246.203:80 | http://update.utorrent.com/installoffer.php?h=VK3zuVZ65GDmxoLZ&v=105082294&w=1DB10106&l=en&c=US&db=msedge.exe%22&cl=uTorrent&svp=4&io=474016 | unknown | text | 97 b | unknown |
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
2588 | svchost.exe | 239.255.255.250:1900 | — | — | — | whitelisted |
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |
4080 | instructions.exe | 3.94.41.167:80 | installer.ppdownload.com | AMAZON-AES | US | unknown |
4080 | instructions.exe | 104.26.6.37:443 | www.hugedomains.com | CLOUDFLARENET | US | shared |
3952 | uTorrent.exe | 67.215.246.203:80 | update.utorrent.com | ASN-QUADRANET-GLOBAL | US | unknown |
2376 | SkyBlock2.0.exe | 146.75.120.193:80 | i.imgur.com | FASTLY | US | unknown |
2376 | SkyBlock2.0.exe | 146.75.120.193:443 | i.imgur.com | FASTLY | US | unknown |
2376 | SkyBlock2.0.exe | 178.79.242.128:80 | ctldl.windowsupdate.com | LLNW | DE | unknown |
DNS requests
Domain | IP | Reputation |
|---|---|---|
installer.ppdownload.com |
| malicious |
facebook.3utilities.com |
| unknown |
www.hugedomains.com |
| whitelisted |
update.utorrent.com |
| whitelisted |
i.imgur.com |
| shared |
ctldl.windowsupdate.com |
| whitelisted |
ocsp.comodoca.com |
| whitelisted |
ocsp.usertrust.com |
| whitelisted |
gotyoukid.no-ip.biz |
| unknown |
Threats
PID | Process | Class | Message |
|---|---|---|---|
1080 | svchost.exe | Potentially Bad Traffic | ET POLICY DNS Query to DynDNS Domain *.3utilities .com |
4080 | instructions.exe | Possibly Unwanted Program Detected | ET ADWARE_PUP Downloader.NSIS.OutBrowse.b Checkin |
3952 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
3952 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
3952 | uTorrent.exe | Potential Corporate Privacy Violation | ET P2P Bittorrent P2P Client User-Agent (uTorrent) |
1080 | svchost.exe | Potentially Bad Traffic | ET INFO Observed DNS Query to .biz TLD |
1080 | svchost.exe | Misc activity | ET INFO DYNAMIC_DNS Query to a Suspicious no-ip Domain |
Process | Message |
|---|---|
AKAM.exe |
%s------------------------------------------------
--- WinLicense Professional ---
--- (c)2009 Oreans Technologies ---
------------------------------------------------
|