#StackBounty: #windows #windows-server-2012-r2 Strange network addresses on Resource Monitor

Bounty: 50

I’m running Server 2012 R2.

When I look at the Network tab in the Resource Monitor, I see strange network addresses which last for a few seconds and then disappear.

The server is used as database server and should only be connected from Australian addresses. I can see many addresses from .ru, .tr, .fr, etc.

All these connections are being used by PID 4, the System image.

I have run a scan with Malwarebytes which picked up zero issues.

  1. Is there a way to see which System process is using these connections?
  2. Is this some type of worm and if so, how can I locate it?

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.