Program did not start
MALICIOUS | SUSPICIOUS | INFO |
---|---|---|
Loads dropped or rewritten executable
|
Executable content was dropped or overwritten
|
Application was dropped or rewritten from another process
|
Name | Virtual Address | Virtual Size | Raw Size | Charateristics | Entropy |
---|---|---|---|---|---|
.text | 0x00001000 | 0x000A50E0 | 0x000A5200 | IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ | 6.36825 |
.itext | 0x000A7000 | 0x00001668 | 0x00001800 | IMAGE_SCN_CNT_CODE,IMAGE_SCN_MEM_EXECUTE,IMAGE_SCN_MEM_READ | 5.95049 |
.data | 0x000A9000 | 0x000037A4 | 0x00003800 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 5.02787 |
.bss | 0x000AD000 | 0x0000676C | 0x00000000 | IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 0 |
.idata | 0x000B4000 | 0x00000F1C | 0x00001000 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 4.79161 |
.didata | 0x000B5000 | 0x000001A4 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 2.74582 |
.edata | 0x000B6000 | 0x0000009A | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 1.88107 |
.tls | 0x000B7000 | 0x00000018 | 0x00000000 | IMAGE_SCN_MEM_READ,IMAGE_SCN_MEM_WRITE | 0 |
.rdata | 0x000B8000 | 0x0000005D | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 1.36974 |
.rsrc | 0x000B9000 | 0x00004600 | 0x00004600 | IMAGE_SCN_CNT_INITIALIZED_DATA,IMAGE_SCN_MEM_READ | 4.44027 |
Click at the process to see the details.
Image |
---|
c:\users\admin\appdata\local\temp\firefox.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\version.dll |
c:\windows\syswow64\oleaut32.dll |
c:\windows\syswow64\ole32.dll |
c:\windows\syswow64\netapi32.dll |
c:\windows\syswow64\netutils.dll |
c:\windows\syswow64\srvcli.dll |
c:\windows\syswow64\wkscli.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\windows\syswow64\shell32.dll |
c:\windows\syswow64\uxtheme.dll |
c:\windows\syswow64\apphelp.dll |
c:\users\admin\appdata\local\temp\is-977pi.tmp\firefox.tmp |
Image |
---|
c:\users\admin\appdata\local\temp\is-977pi.tmp\firefox.tmp |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\mpr.dll |
c:\windows\syswow64\comdlg32.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll |
c:\windows\syswow64\shell32.dll |
c:\windows\syswow64\version.dll |
c:\windows\syswow64\oleaut32.dll |
c:\windows\syswow64\ole32.dll |
c:\windows\syswow64\netapi32.dll |
c:\windows\syswow64\netutils.dll |
c:\windows\syswow64\srvcli.dll |
c:\windows\syswow64\wkscli.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\windows\syswow64\wtsapi32.dll |
c:\windows\syswow64\winsta.dll |
c:\windows\syswow64\uxtheme.dll |
c:\windows\syswow64\clbcatq.dll |
c:\windows\syswow64\profapi.dll |
c:\windows\syswow64\shfolder.dll |
c:\windows\syswow64\rstrtmgr.dll |
c:\windows\syswow64\ncrypt.dll |
c:\windows\syswow64\bcrypt.dll |
c:\windows\syswow64\msasn1.dll |
c:\windows\syswow64\bcryptprimitives.dll |
c:\windows\syswow64\imageres.dll |
c:\program files (x86)\common files\microsoft shared\ink\tiptsf.dll |
c:\windows\syswow64\sfc.dll |
c:\windows\syswow64\sfc_os.dll |
c:\windows\syswow64\setupapi.dll |
c:\windows\syswow64\cfgmgr32.dll |
c:\windows\syswow64\devobj.dll |
c:\windows\syswow64\devrtl.dll |
c:\windows\syswow64\explorerframe.dll |
c:\windows\syswow64\duser.dll |
c:\windows\syswow64\dui70.dll |
c:\windows\syswow64\apphelp.dll |
c:\windows\syswow64\cmd.exe |
Image |
---|
c:\windows\syswow64\cmd.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\winbrand.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\windows\syswow64\apphelp.dll |
c:\windows\syswow64\rundll32.exe |
Image |
---|
c:\windows\syswow64\rundll32.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\imagehlp.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\apphelp.dll |
c:\windows\apppatch\aclayers.dll |
c:\windows\syswow64\shell32.dll |
c:\windows\syswow64\ole32.dll |
c:\windows\syswow64\oleaut32.dll |
c:\windows\syswow64\userenv.dll |
c:\windows\syswow64\profapi.dll |
c:\windows\syswow64\winspool.drv |
c:\windows\syswow64\mpr.dll |
c:\windows\apppatch\acwow64.dll |
c:\windows\syswow64\version.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\users\admin\appdata\local\temp\installsoftw.log |
c:\windows\syswow64\netapi32.dll |
c:\windows\syswow64\netutils.dll |
c:\windows\syswow64\srvcli.dll |
c:\windows\syswow64\wkscli.dll |
c:\windows\syswow64\propsys.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll |
c:\windows\syswow64\clbcatq.dll |
c:\windows\syswow64\ieframe.dll |
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-shell32-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll |
c:\windows\syswow64\normaliz.dll |
c:\windows\syswow64\iertutil.dll |
c:\windows\syswow64\setupapi.dll |
c:\windows\syswow64\cfgmgr32.dll |
c:\windows\syswow64\devobj.dll |
c:\windows\syswow64\ntmarta.dll |
c:\windows\syswow64\wldap32.dll |
c:\windows\syswow64\urlmon.dll |
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll |
c:\windows\syswow64\wininet.dll |
c:\windows\syswow64\secur32.dll |
c:\windows\syswow64\cmd.exe |
Image |
---|
c:\windows\syswow64\cmd.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\winbrand.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\windows\syswow64\apphelp.dll |
c:\users\admin\appdata\local\temp\bitssvc.exe |
c:\windows\syswow64\timeout.exe |
c:\windows\syswow64\reg.exe |
Image |
---|
c:\windows\syswow64\cmd.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\winbrand.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\windows\syswow64\apphelp.dll |
c:\windows\syswow64\timeout.exe |
Image |
---|
c:\users\admin\appdata\local\temp\bitssvc.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\users\admin\appdata\local\temp\pcicl32.dll |
c:\windows\syswow64\shfolder.dll |
c:\windows\syswow64\shell32.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\users\admin\appdata\local\temp\pcichek.dll |
c:\users\admin\appdata\local\temp\msvcr100.dll |
c:\users\admin\appdata\local\temp\pcicapi.dll |
c:\windows\syswow64\mpr.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll |
c:\windows\syswow64\version.dll |
c:\windows\syswow64\winmm.dll |
c:\windows\syswow64\wsock32.dll |
c:\windows\syswow64\nsi.dll |
c:\windows\syswow64\ws2_32.dll |
c:\windows\syswow64\winspool.drv |
c:\windows\syswow64\comdlg32.dll |
c:\windows\syswow64\ole32.dll |
c:\windows\syswow64\oleaut32.dll |
c:\windows\syswow64\netapi32.dll |
c:\windows\syswow64\netutils.dll |
c:\windows\syswow64\srvcli.dll |
c:\windows\syswow64\wkscli.dll |
c:\windows\syswow64\samcli.dll |
c:\windows\syswow64\wininet.dll |
c:\windows\syswow64\api-ms-win-downlevel-user32-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-version-l1-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-normaliz-l1-1-0.dll |
c:\windows\syswow64\normaliz.dll |
c:\windows\syswow64\iertutil.dll |
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l1-1-0.dll |
c:\windows\syswow64\userenv.dll |
c:\windows\syswow64\profapi.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
c:\windows\syswow64\dbghelp.dll |
c:\windows\syswow64\wtsapi32.dll |
c:\users\admin\appdata\local\temp\htctl32.dll |
c:\windows\syswow64\psapi.dll |
c:\windows\syswow64\winsta.dll |
c:\windows\syswow64\clbcatq.dll |
c:\windows\syswow64\wbem\wbemprox.dll |
c:\windows\syswow64\wbemcomn.dll |
c:\windows\syswow64\cryptsp.dll |
c:\windows\syswow64\rsaenh.dll |
c:\windows\syswow64\rpcrtremote.dll |
c:\windows\syswow64\wbem\wbemsvc.dll |
c:\windows\syswow64\wbem\fastprox.dll |
c:\windows\syswow64\ntdsapi.dll |
c:\windows\syswow64\riched32.dll |
c:\windows\syswow64\riched20.dll |
c:\windows\syswow64\mswsock.dll |
c:\windows\syswow64\wshtcpip.dll |
c:\windows\syswow64\iphlpapi.dll |
c:\windows\syswow64\winnsi.dll |
c:\windows\syswow64\dhcpcsvc6.dll |
c:\windows\syswow64\dhcpcsvc.dll |
c:\windows\syswow64\firewallapi.dll |
c:\windows\syswow64\secur32.dll |
c:\windows\syswow64\api-ms-win-downlevel-advapi32-l2-1-0.dll |
c:\windows\syswow64\api-ms-win-downlevel-ole32-l1-1-0.dll |
c:\windows\syswow64\nlaapi.dll |
c:\windows\syswow64\napinsp.dll |
c:\windows\syswow64\pnrpnsp.dll |
c:\windows\syswow64\winhttp.dll |
c:\windows\syswow64\webio.dll |
c:\windows\syswow64\dnsapi.dll |
c:\windows\syswow64\winrnr.dll |
c:\windows\syswow64\wship6.dll |
c:\windows\syswow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll |
c:\windows\syswow64\urlmon.dll |
c:\windows\syswow64\rasadhlp.dll |
c:\windows\syswow64\fwpuclnt.dll |
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll |
c:\windows\syswow64\wshqos.dll |
Image |
---|
c:\windows\syswow64\timeout.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\ws2_32.dll |
c:\windows\syswow64\nsi.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\version.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
Image |
---|
c:\windows\syswow64\timeout.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\ws2_32.dll |
c:\windows\syswow64\nsi.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\version.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
Image |
---|
c:\windows\syswow64\reg.exe |
c:\systemroot\system32\ntdll.dll |
c:\systemroot\syswow64\ntdll.dll |
c:\windows\system32\wow64.dll |
c:\windows\system32\wow64win.dll |
c:\windows\system32\wow64cpu.dll |
c:\windows\system32\kernel32.dll |
c:\windows\syswow64\kernel32.dll |
c:\windows\system32\user32.dll |
c:\windows\syswow64\kernelbase.dll |
c:\windows\syswow64\advapi32.dll |
c:\windows\syswow64\msvcrt.dll |
c:\windows\syswow64\sechost.dll |
c:\windows\syswow64\rpcrt4.dll |
c:\windows\syswow64\sspicli.dll |
c:\windows\syswow64\cryptbase.dll |
c:\windows\syswow64\user32.dll |
c:\windows\syswow64\gdi32.dll |
c:\windows\syswow64\lpk.dll |
c:\windows\syswow64\usp10.dll |
c:\windows\syswow64\ws2_32.dll |
c:\windows\syswow64\nsi.dll |
c:\windows\syswow64\shlwapi.dll |
c:\windows\syswow64\imm32.dll |
c:\windows\syswow64\msctf.dll |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2332 | bitssvc.exe | POST | 200 | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
text
binary
|
|
suspicious |
2332 | bitssvc.exe | POST | 200 | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
binary
|
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | GET | 200 | 195.171.92.116:80 | http://geo.netsupportsoftware.com/location/loca.asp | GB |
binary
|
|
malicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
2332 | bitssvc.exe | POST | –– | 5.45.74.219:443 | http://5.45.74.219/fakeurl.htm | NL |
binary
––
|
––
|
suspicious |
PID | Process | IP | ASN | CN | Reputation |
---|---|---|---|---|---|
2332 | bitssvc.exe | 5.45.74.219:443 | Serverius Holding B.V. | NL | suspicious |
2332 | bitssvc.exe | 195.171.92.116:80 | British Telecommunications PLC | GB | unknown |
PID | Process | Class | Message |
---|---|---|---|
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
2332 | bitssvc.exe | A Network Trojan was detected | SUSPICIOUS [PTsecurity] NetSupport Remote Admin |
2332 | bitssvc.exe | Potentially Bad Traffic | ET POLICY HTTP traffic on port 443 (POST) |
No debug info.