Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about CryptnetURLCache and NetwokService


  • Please log in to reply
4 replies to this topic

#1 HairyApricot

HairyApricot

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 13 November 2016 - 05:52 AM

So I posted a few months ago asking about this and Network Service. http://www.bleepingcomputer.com/forums/t/617403/strange-connections-from-svchostnetworkservice/ 

 

The issue wa svchost(NetworkService) was making connections, as detailed there. Well none of it turned out to be malicious, which was good. However I would like to know more about it. The cryptsvc service is always the one being used when these connections, such as 93.184.220.29 or 104.16.93.188 are made. Why? Most of the time, when they happen, I can find a corresponding file has been edited in C:\Users\Apricot\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content. But sometimes a file has not been updated. Stranger still, the connections used to be larger, and the files edited were 50kb+ in size. Then I went away for a few days, and when I came back, the traffic was smaller and the files were too. Any help with this is greatly appreciated :)



BC AdBot (Login to Remove)

 


#2 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:10:27 PM

Posted 13 November 2016 - 10:36 PM

See here http://www.bleepingcomputer.com/startups/cryptsvc.dll-25643.html

Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#3 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 23 November 2016 - 03:18 PM

Alright then, so NetworkService is meant to make these connections?



#4 Sneakycyber

Sneakycyber

    Network Engineer


  • BC Advisor
  • 6,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ohio
  • Local time:10:27 PM

Posted 23 November 2016 - 07:31 PM

Yes That is correct.  :thumbup2:


Chad Mockensturm 

Systems and Network Engineer

Certified CompTia Network +, A +


#5 HairyApricot

HairyApricot
  • Topic Starter

  • Members
  • 197 posts
  • OFFLINE
  •  
  • Local time:02:27 AM

Posted 26 November 2016 - 03:58 PM

Thanks SneakyCyber. If it is not too much trouble, why does NetworkService also show traffic for 224.0.0.252? As I understand its for multicast, but what does that mean exactly?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users