detection.wiki

Microsoft-Windows-Bits-Client › Event 60

Event ID 60 — BITS stopped transferring the name transfer job that is associated with the url URL.

Provider
Microsoft-Windows-Bits-Client
Channel
Operational
Level
Informational
Collection Priority
Recommended (Yamato Security)
Opcode
Stop

Description

BITS stopped transferring the name transfer job that is associated with the url URL. The status code is hr.

Message #

BITS stopped transferring the %2 transfer job that is associated with the %4 URL. The status code is %6.

Fields #

NameDescription
transferId GUID
name UnicodeString
Id GUID
url UnicodeString
peer UnicodeString
hr UInt32
fileTime FILETIME
fileLength UInt64
bytesTotal UInt64
bytesTransferred UInt64
proxy UnicodeString
peerProtocolFlags UInt64
bytesTransferredFromPeer UInt64
AdditionalInfoHr UInt32
PeerContextInfo UInt32
bandwidthLimit UInt64
ignoreBandwidthLimitsOnLan Boolean

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Bits-Client",
    "guid": "EF1CC15B-46C1-414E-BB95-E76B077BD51E",
    "event_source_name": "",
    "event_id": 60,
    "version": 1,
    "level": 4,
    "task": 0,
    "opcode": 2,
    "keywords": 4611686018427387904,
    "time_created": "2023-11-06T01:45:52.846707+00:00",
    "event_record_id": 435,
    "correlation": {
      "ActivityID": "837C306A-427B-4022-ABDF-56DD359EB862"
    },
    "execution": {
      "process_id": 16164,
      "thread_id": 12832
    },
    "channel": "Microsoft-Windows-Bits-Client/Operational",
    "computer": "WinDev2310Eval",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "transferId": "837C306A-427B-4022-ABDF-56DD359EB862",
    "name": "Chrome Component Updater",
    "Id": "9A25D168-24E6-4C66-AC78-5ED0E6007F1A",
    "url": "http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acwcdm4bj7lx4xbm2ireywxlhvca_4.10.2710.0/oimompecagnajdejgnnjijobebaeigek_4.10.2710.0_win64_adsurwm4gclupf32xdrpgdnapira.crx3",
    "peer": "",
    "hr": 0,
    "fileTime": "2023-09-22T20:52:50.000000Z",
    "fileLength": 14317402,
    "bytesTotal": 14317402,
    "bytesTransferred": 14317402,
    "proxy": "",
    "peerProtocolFlags": 0,
    "bytesTransferredFromPeer": 0,
    "AdditionalInfoHr": 0,
    "PeerContextInfo": 0,
    "bandwidthLimit": 18446744073709551615,
    "ignoreBandwidthLimitsOnLan": false
  },
  "message": ""
}

Community Notes #

Surfaces Background Intelligent Transfer Service misuse for exfil or downloads.

References #