Information in the Modules loaded into the process section
The Modules loaded into the process section displays information about the modules loaded into the process associated with the detected network activity. For example, a DLL library may be loaded into a process. By clicking the link with the path to the module, you can open the section of information about this process.
The following information is displayed:
File path—Path to the file loaded into the process.
Program name—Name of the file loaded into the process.
File description—Additional information about the detected file.
File size—Size of the detected file.
File version—Version of the detected file.
MD5—MD5 hash of a file.
SHA256—SHA256 hash of a file.
Vendor—Company that released the program related to the process.
Program version—Program version.
Signed by—Author of the certificate containing the digital signature for the detected file.
Signature is valid—Information on whether the certificate is valid.
Found on the local network—Date and time when the process was detected in the local network.
Found on computers—Number of times this process was detected in the local network.
Computers with similar activity—Number of computers on which a similar process was detected.
Global file popularity—Global popularity of the file that started the process.
Global path popularity—Global popularity of the path by which the process was loaded.
You can click the View log link to expand the section containing information about operations performed with the loaded module:
Time—Time when the module was loaded.
Details—Path to the loaded file.
User name—Name of the user account that loaded the module.