Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

Beeping is cute, if you are in the office ;) -- Alan Cox

computers / alt.comp.os.windows-10 / Ping Paul: Parsec ?

SubjectAuthor
* Ping Paul: Parsec ?T
`* Ping Paul: Parsec ?Paul
 `- Ping Paul: Parsec ?T

1
Ping Paul: Parsec ?

<uldupp$183q3$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=76541&group=alt.comp.os.windows-10#76541

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!usenet.network!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: T@invalid.invalid (T)
Newsgroups: alt.comp.os.windows-10
Subject: Ping Paul: Parsec ?
Date: Wed, 13 Dec 2023 20:03:04 -0800
Organization: A noiseless patient Spider
Lines: 22
Message-ID: <uldupp$183q3$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Thu, 14 Dec 2023 04:03:06 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="662a09f73422f1419b0dffa3fdf2c6ab";
logging-data="1314627"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1984C4avop9MYX4LSMuT6ZcNPKnksQk8wE="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:SfkSlHQ/N2yLDv4aQhkPsPOMh4g=
Content-Language: en-US
 by: T - Thu, 14 Dec 2023 04:03 UTC

Hi Paul,

I ran the RAT identifier program you sent me to on
on a customer's computer. It kicked me out and it
kicked out something called "Parsec"

Looking at the Rat id program's source code, I find:

[PSCustomObject]@{Name = "Parsec"; DisplayName = "Parsec"; ProcessName =
"parsecd", "pservice"; ExecutablePath = "Parsec\parsecd.exe",
"Parsec\pservice.exe" }

I was unable to find those names or paths anywhere on
his drive or in his registry. And no running program
or service called that or similar.

Hmmmmmmmm. Your take?

-T

Re: Ping Paul: Parsec ?

<uleeki$1addm$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=76543&group=alt.comp.os.windows-10#76543

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: nospam@needed.invalid (Paul)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Ping Paul: Parsec ?
Date: Thu, 14 Dec 2023 03:33:21 -0500
Organization: A noiseless patient Spider
Lines: 32
Message-ID: <uleeki$1addm$1@dont-email.me>
References: <uldupp$183q3$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 14 Dec 2023 08:33:22 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="07204240deb17ecfa20d24085371222b";
logging-data="1390006"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18R1z/KplypSDdAsPhWVTo+IlaYk+J3hNU="
User-Agent: Ratcatcher/2.0.0.25 (Windows/20130802)
Cancel-Lock: sha1:CMh3+BQgrr8GhQzVoDV15FKY8ac=
Content-Language: en-US
In-Reply-To: <uldupp$183q3$1@dont-email.me>
 by: Paul - Thu, 14 Dec 2023 08:33 UTC

On 12/13/2023 11:03 PM, T wrote:
> Hi Paul,
>
> I ran the RAT identifier program you sent me to on
> on a customer's computer.  It kicked me out and it
> kicked out something called "Parsec"
>
> Looking at the Rat id program's source code, I find:
>
> [PSCustomObject]@{Name = "Parsec"; DisplayName = "Parsec"; ProcessName = "parsecd", "pservice"; ExecutablePath = "Parsec\parsecd.exe", "Parsec\pservice.exe" }
>
> I was unable to find those names or paths anywhere on
> his drive or in his registry.  And no running program
> or service called that or similar.
>
> Hmmmmmmmm.   Your take?
>
> -T

Could it be disguised ?

https://en.wikipedia.org/wiki/Parsec_%28software%29

"In January 2018, Parsec partnered with Hewlett-Packard to create OMEN Game Stream,
a free game streaming service based on Parsec's technology designed specifically for HP Omen PCs."

A RAT Hunter needs continuous maintenance, almost as
badly as an AV needs malware definitions :-)

Paul

Re: Ping Paul: Parsec ?

<ulfqee$1hlje$1@dont-email.me>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=76547&group=alt.comp.os.windows-10#76547

  copy link   Newsgroups: alt.comp.os.windows-10
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: T@invalid.invalid (T)
Newsgroups: alt.comp.os.windows-10
Subject: Re: Ping Paul: Parsec ?
Date: Thu, 14 Dec 2023 13:01:02 -0800
Organization: A noiseless patient Spider
Lines: 40
Message-ID: <ulfqee$1hlje$1@dont-email.me>
References: <uldupp$183q3$1@dont-email.me> <uleeki$1addm$1@dont-email.me>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Thu, 14 Dec 2023 21:01:03 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="662a09f73422f1419b0dffa3fdf2c6ab";
logging-data="1627758"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/lHDRW+alXhmHTP0vSyBvWdgbsjnQDMRo="
User-Agent: Mozilla Thunderbird
Cancel-Lock: sha1:vBlGBBGFwj/sgRRQB2zZ14jUxAk=
Content-Language: en-US
In-Reply-To: <uleeki$1addm$1@dont-email.me>
 by: T - Thu, 14 Dec 2023 21:01 UTC

On 12/14/23 00:33, Paul wrote:
> On 12/13/2023 11:03 PM, T wrote:
>> Hi Paul,
>>
>> I ran the RAT identifier program you sent me to on
>> on a customer's computer.  It kicked me out and it
>> kicked out something called "Parsec"
>>
>> Looking at the Rat id program's source code, I find:
>>
>> [PSCustomObject]@{Name = "Parsec"; DisplayName = "Parsec"; ProcessName = "parsecd", "pservice"; ExecutablePath = "Parsec\parsecd.exe", "Parsec\pservice.exe" }
>>
>> I was unable to find those names or paths anywhere on
>> his drive or in his registry.  And no running program
>> or service called that or similar.
>>
>> Hmmmmmmmm.   Your take?
>>
>> -T
>
> Could it be disguised ?
>
> https://en.wikipedia.org/wiki/Parsec_%28software%29
>
> "In January 2018, Parsec partnered with Hewlett-Packard to create OMEN Game Stream,
> a free game streaming service based on Parsec's technology designed specifically for HP Omen PCs."
>
> A RAT Hunter needs continuous maintenance, almost as
> badly as an AV needs malware definitions :-)
>
> Paul
>
>

No doubt! Be nice if that program would tattle on
where it finds stuff

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor