Attacchi ping of death automatici all'accensione del pc di mio padre

Se Windows genera un errore, hai un problema di virus o vuoi discutere/segnalare l'uscita della nuova versione di un software per la piattaforma Microsoft, questa è la sezione giusta.
Regole del forum
Rispondi
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

C'è Avira sul pc di mio padre, io ho Kaspersky che si è dimostrato invalicabile. Proverò a vedere cosa esce con CurrPorts!
Top
System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da System » ven ott 20, 2023 5:16 pm

Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Nella sezione Sicurezza di Windows ho trovato il controllo anti exploit e l'isolamento della memoria disattivati...
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

CurrPorts mi fa vedere un sacco di processi svchost.exe e msedge, ho provato a generare un report ma è super sintetico e non mostra ciò che vede il programma...
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Scusami crazycat, non avevo letto la tua richiesta e andando indietro per leggere i suggerimenti me ne sono accorto...ho creato 4 log di autoruns per ogni utente (gli altri 3 sono nt authority system e servizio locale e di rete) Qui i trovi i file con estensione .arn https://easyupload.io/m/e71iu4
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Comunque ho pensato che può essere proprio come diceva matilde...magari il problema è partito dal file squirrels di Teams e poi si è propagato altrove, ecco perché non si risolve disattivando l'autorun...
Top
Avatar utente
Matilda12
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1258
Iscritto il: ven ott 18, 2013 2:18 pm
Località: Marche
Contatta:
Contatta Matilda12

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Matilda12 »

Zigul ha scritto: ven ott 20, 2023 2:57 pm Sì, l'idea di fondo dell'avvio pulito è accertarsi che il colpevole sia un processo che non parte con l'avvio pulito, altrimenti la faccenda diventa ancor più delicata e complessa. Poi vanno riavviati gradualmente i vari processi e programmi, controllando nel PC che segnala gli attacchi quando questi ricominciano (ossia in concomitanza con la riattivazione del processo colpevole); è una procedura che richiede tempo e pazienza. ...
:grazie ;)
tekmanfixer777 ha scritto: ven ott 20, 2023 5:16 pm C'è Avira sul pc di mio padre, io ho Kaspersky che si è dimostrato invalicabile. Proverò a vedere cosa esce con CurrPorts!
Visto che l'elaboratore di tuo padre ha Avira, perché non provare ad effettuare una indolore scansione "live" con Kaspersky?
Come accennato, dai un'occhiata a questo articolo: Utilizzare Kaspersky Rescue Disk per ripulire un computer infetto da malware

Riguardo a CurrPorts, per non vederti sommerso da una marea di voci, farei così:
  • chiudi tutti i programmi possibili (browser senz'altro);
  • controlla con l'altro elaboratore che i ping siano in corso (così siamo sicuri che il maledetto processo è attivo);
  • apri CurrPorts (nel mio caso ho dovuto farlo come amministratore, altrimenti non faceva il log) e preleva il log/report.
Il report in formato html, oscurati eventuali tuoi dati personali e sensibili, andrebbe caricato in questa discussione, così che gli esperti possano darci uno sguardo.
Stessa cosa, come suggerito da crazy.cat, per il log di Autoruns. [... ho visto adesso che hai caricato i log, scusami!]

Purtroppo, almeno secondo il mio metro, la caccia è complicata e lunga ... tuttavia, torno a dire, visto che la macchina di tuo padre monta un altro antivirus, io farei subito una ricerca - magari limitati alla ricerca per il momento - proprio con la versione "live" di Kaspersky.
Ultima modifica di Matilda12 il ven ott 20, 2023 6:37 pm, modificato 1 volta in totale.
"Facesti come quei che va di notte, che porta il lume dietro e sé non giova, ma dopo sé fa le persone dotte"
Dante (Purgatorio, Canto XXII)
Top
Avatar utente
Matilda12
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1258
Iscritto il: ven ott 18, 2013 2:18 pm
Località: Marche
Contatta:
Contatta Matilda12

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Matilda12 »

tekmanfixer777 ha scritto: ven ott 20, 2023 6:05 pm ...magari il problema è partito dal file squirrels di Teams e poi si è propagato altrove, ecco perché non si risolve disattivando l'autorun...
Francamente non credo ... almeno stando alle ricerche e ai tentativi svolti.
E' un'ipotesi remota, ma, per essere più realista del re, puoi sempre andare a controllare la chiave di registro (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run) che lancia l'update di Teams (meglio: gli argomenti contenuti in quella chiave), come avevo indicato QUI.
Ripeto: è una ipotesi remota ... avendo un po' di tempo, prima andrei di sicuro con la scansione live di Kaspersky.
"Facesti come quei che va di notte, che porta il lume dietro e sé non giova, ma dopo sé fa le persone dotte"
Dante (Purgatorio, Canto XXII)
Top
Avatar utente
Matilda12
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1258
Iscritto il: ven ott 18, 2013 2:18 pm
Località: Marche
Contatta:
Contatta Matilda12

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Matilda12 »

tekmanfixer777, ho prelevato i log di Autoruns e sto cercando da diversi minuti, con tutti i miei limiti (eh!), di raccapezzarmi.

Per quanto riguarda la chiave "com.squirrel.Teams.Teams" sotto "Run" sembrerebbe non puntare a nulla, avendo come path solo "C:\Users\nomeutente".

Nel frattempo che arrivi qualche altro suggerimento più oculato dei miei, farei la scansione con la "live" di Kaspersky ... :yes
"Facesti come quei che va di notte, che porta il lume dietro e sé non giova, ma dopo sé fa le persone dotte"
Dante (Purgatorio, Canto XXII)
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Ok, ma per quanto riguarda currports devo farlo dal mio pc?
Top
Avatar utente
Matilda12
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1258
Iscritto il: ven ott 18, 2013 2:18 pm
Località: Marche
Contatta:
Contatta Matilda12

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Matilda12 »

tekmanfixer777 ha scritto: ven ott 20, 2023 7:13 pm Ok, ma per quanto riguarda currports devo farlo dal mio pc?
CurrPorts, che non ha bisogno di alcuna installazione, deve sempre essere lanciato sulla macchina da cui nascono i problemi, quindi l'elaboratore di tuo padre.

Stavo cercando in rete qualche altro strumento per indagare, ma non vorrei creare troppa confusione.
Procedi con la scansione "live" di Kaspersky, credo che sia la cosa migliore, pure in ragione del tempo che hai speso in questa vicenda. Meglio far cercare un eventuale malware a Kaspersky, piuttosto che andarne a caccia noi con qualche tool! :cool:
"Facesti come quei che va di notte, che porta il lume dietro e sé non giova, ma dopo sé fa le persone dotte"
Dante (Purgatorio, Canto XXII)
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Ho controllato gli argomenti della chiave in Run e dice ciò che è indicato in Autoruns, niente di più a parte il codice binario.
Top
Avatar utente
Matilda12
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1258
Iscritto il: ven ott 18, 2013 2:18 pm
Località: Marche
Contatta:
Contatta Matilda12

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Matilda12 »

tekmanfixer777 ha scritto: ven ott 20, 2023 7:28 pm Ho controllato gli argomenti della chiave in Run e dice ciò che è indicato in Autoruns, niente di più a parte il codice binario.
Sì, infatti, niente di più o di meno, per quanto possa capirci anch'io.

Vai con Kaspersky Rescue Disk (immagine direttamente dal sito di Kaspersky).
"Facesti come quei che va di notte, che porta il lume dietro e sé non giova, ma dopo sé fa le persone dotte"
Dante (Purgatorio, Canto XXII)
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Comunque questo è il log di CurrPorts preso dal pc di mio padre, sbagliavo a non selezionare tutto...
==================================================
Process Name : Avira.Spotlight.Service.exe
Process ID : 3396
Protocol : TCP
Local Port : 49703
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 18.195.247.94
Remote Host Name : ec2-18-195-247-94.eu-central-1.compute.amazonaws.com
State : Close Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
Product Name : Avira Security
File Description : Avira Security
File Version : 1.1.95.7
Company : Avira Operations GmbH
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : AviraSecurity
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:58
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Avira.Spotlight.Service.exe
Process ID : 3396
Protocol : TCP
Local Port : 49711
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 18.194.0.230
Remote Host Name : ec2-18-194-0-230.eu-central-1.compute.amazonaws.com
State : Established
Sent Bytes : 70
Received Bytes : 62
Sent Packets : 2
Received Packets : 4
Process Path : C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
Product Name : Avira Security
File Description : Avira Security
File Version : 1.1.95.7
Company : Avira Operations GmbH
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : AviraSecurity
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:13
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Avira.Spotlight.Service.exe
Process ID : 3396
Protocol : TCP
Local Port : 49712
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.68.168.63
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
Product Name : Avira Security
File Description : Avira Security
File Version : 1.1.95.7
Company : Avira Operations GmbH
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : AviraSecurity
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:15
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Avira.VpnService.exe
Process ID : 3388
Protocol : TCP
Local Port : 49674
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 151.29.122.25
Remote Host Name : ppp-25-122.29-151.wind.it
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
Product Name : Avira Phantom VPN
File Description : VpnService
File Version : 2.43.1.16819
Company : Avira Operations GmbH & Co. KG
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : AviraPhantomVPN
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:39
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Avira.VpnService.exe
Process ID : 3388
Protocol : TCP
Local Port : 49697
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 3.127.184.99
Remote Host Name : ec2-3-127-184-99.eu-central-1.compute.amazonaws.com
State : Close Wait
Sent Bytes :
Received Bytes : 31
Sent Packets :
Received Packets : 1
Process Path : C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
Product Name : Avira Phantom VPN
File Description : VpnService
File Version : 2.43.1.16819
Company : Avira Operations GmbH & Co. KG
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : AviraPhantomVPN
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:53
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Avira.VpnService.exe
Process ID : 3388
Protocol : UDP
Local Port : 56869
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
Product Name : Avira Phantom VPN
File Description : VpnService
File Version : 2.43.1.16819
Company : Avira Operations GmbH & Co. KG
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : AviraPhantomVPN
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:43
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : BackgroundTaskHost.exe
Process ID : 10808
Protocol : TCP
Local Port : 49783
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.31.169.57
Remote Host Name :
State : Established
Sent Bytes : 4.468
Received Bytes : 3.474
Sent Packets : 4
Received Packets : 7
Process Path : C:\WINDOWS\system32\BackgroundTaskHost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Background Task Host
File Version : 10.0.22621.1 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:49:13
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:15
Creation Timestamp: 20/10/2023 19:49:13
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : BackgroundTaskHost.exe
Process ID : 5336
Protocol : TCP
Local Port : 49788
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 162.125.69.18
Remote Host Name :
State : Established
Sent Bytes : 781
Received Bytes : 5.574
Sent Packets : 5
Received Packets : 7
Process Path : C:\WINDOWS\system32\BackgroundTaskHost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Background Task Host
File Version : 10.0.22621.1 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:49:13
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:17
Creation Timestamp: 20/10/2023 19:49:16
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : BackgroundTransferHost.exe
Process ID : 10404
Protocol : TCP
Local Port : 49790
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 162.125.1.20
Remote Host Name :
State : Established
Sent Bytes : 1.860
Received Bytes : 3.975
Sent Packets : 7
Received Packets : 6
Process Path : C:\WINDOWS\system32\BackgroundTransferHost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Download/Upload Host
File Version : 10.0.22621.1 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:49:16
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:17
Creation Timestamp: 20/10/2023 19:49:17
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : dashost.exe
Process ID : 4652
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\dashost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Device Association Framework Provider Host
File Version : 10.0.22621.1778 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:49
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : dashost.exe
Process ID : 4652
Protocol : UDP
Local Port : 51900
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\dashost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Device Association Framework Provider Host
File Version : 10.0.22621.1778 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:11
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : dashost.exe
Process ID : 4652
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\dashost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Device Association Framework Provider Host
File Version : 10.0.22621.1778 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:49
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : dashost.exe
Process ID : 4652
Protocol : UDP
Local Port : 51901
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\dashost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Device Association Framework Provider Host
File Version : 10.0.22621.1778 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:11
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Explorer.EXE
Process ID : 6164
Protocol : TCP
Local Port : 49679
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.199.58.43
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets : 1
Process Path : C:\WINDOWS\Explorer.EXE
Product Name : Sistema operativo Microsoft® Windows®
File Description : Esplora risorse
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:37
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:44
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title : Program Manager
==================================================

==================================================
Process Name : Explorer.EXE
Process ID : 6164
Protocol : TCP
Local Port : 49709
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.109.32.51
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\Explorer.EXE
Product Name : Sistema operativo Microsoft® Windows®
File Description : Esplora risorse
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:37
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:07
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title : Program Manager
==================================================

==================================================
Process Name : Explorer.EXE
Process ID : 6164
Protocol : TCP
Local Port : 49710
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.109.32.51
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\Explorer.EXE
Product Name : Sistema operativo Microsoft® Windows®
File Description : Esplora risorse
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:37
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:07
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title : Program Manager
==================================================

==================================================
Process Name : jhi_service.exe
Process ID : 4244
Protocol : TCP
Local Port : 49669
Local Port Name :
Local Address : ::1
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
Product Name : Intel(R) Dynamic Application Loader Host Interface
File Description : Intel(R) Dynamic Application Loader Host Interface
File Version : 1.41.2021.0121
Company : Intel Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : jhi_service
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:35
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : lsass.exe
Process ID : 1020
Protocol : TCP
Local Port : 49664
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\lsass.exe
Product Name : Microsoft® Windows® Operating System
File Description : Local Security Authority Process
File Version : 10.0.22621.2215 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:31
User Name : NT AUTHORITY\SYSTEM
Process Services : KeyIso, SamSs
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : lsass.exe
Process ID : 1020
Protocol : TCP
Local Port : 49664
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\lsass.exe
Product Name : Microsoft® Windows® Operating System
File Description : Local Security Authority Process
File Version : 10.0.22621.2215 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:31
User Name : NT AUTHORITY\SYSTEM
Process Services : KeyIso, SamSs
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : msedgewebview2.exe
Process ID : 10588
Protocol : TCP
Local Port : 49746
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 23.102.0.171
Remote Host Name :
State : Established
Sent Bytes : 181
Received Bytes : 84
Sent Packets : 2
Received Packets : 2
Process Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\118.0.2088.46\msedgewebview2.exe
Product Name : Microsoft Edge WebView2
File Description : Microsoft Edge WebView2
File Version : 118.0.2088.46
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:48:21
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:28
Creation Timestamp: 20/10/2023 19:48:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : msteams.exe
Process ID : 11752
Protocol : TCP
Local Port : 49727
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.189.173.14
Remote Host Name :
State : Established
Sent Bytes : 2.843
Received Bytes : 497
Sent Packets : 2
Received Packets : 1
Process Path : C:\Program Files\WindowsApps\MicrosoftTeams_23258.704.2395.9691_x64__8wekyb3d8bbwe\msteams.exe
Product Name : Microsoft Teams
File Description : Microsoft Teams
File Version : 23258.704.2395.9691
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:48:20
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:21
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : OfficeClickToRun.exe
Process ID : 3468
Protocol : TCP
Local Port : 49681
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.89.178.27
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Product Name : Microsoft 365 and Office
File Description : Microsoft Office Click-to-Run (SxS)
File Version : 16.0.16827.20166
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : ClickToRunSvc
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:45
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : OneApp.IGCC.WinService.exe
Process ID : 3596
Protocol : TCP
Local Port : 808
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
Product Name : IGCC Service
File Description : Intel® Graphics Command Center Service
File Version : 1.0.0.0
Company : Intel Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : igccservice
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:35
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : OneApp.IGCC.WinService.exe
Process ID : 3596
Protocol : TCP
Local Port : 808
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_553b9a82ff9cf770\OneApp.IGCC.WinService.exe
Product Name : IGCC Service
File Description : Intel® Graphics Command Center Service
File Version : 1.0.0.0
Company : Intel Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : igccservice
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:35
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : PhoneExperienceHost.exe
Process ID : 9324
Protocol : TCP
Local Port : 49784
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.107.5.88
Remote Host Name :
State : Established
Sent Bytes : 1.008
Received Bytes : 17.819
Sent Packets : 3
Received Packets : 14
Process Path : C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23082.131.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
Product Name : Microsoft Phone Link
File Description : Microsoft Phone Link
File Version : 1.23082.131.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:59
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:15
Creation Timestamp: 20/10/2023 19:49:14
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49695
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 2.17.101.32
Remote Host Name : a2-17-101-32.deploy.static.akamaitechnologies.com
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:52
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49699
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.97.135.50
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:56
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49700
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.97.135.50
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:56
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49706
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.107.4.254
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:02
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49707
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.107.246.43
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:03
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49708
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 151.21.209.138
Remote Host Name : ppp-138-209.21-151.wind.it
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:48:04
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : SearchHost.exe
Process ID : 7344
Protocol : TCP
Local Port : 49781
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 204.79.197.222
Remote Host Name :
State : Established
Sent Bytes : 1.672
Received Bytes : 6.934
Sent Packets : 5
Received Packets : 10
Process Path : C:\WINDOWS\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
Product Name : Microsoft® Windows® Operating System
File Description :
File Version : 623.22800.10.0
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:13
Creation Timestamp: 20/10/2023 19:49:12
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : services.exe
Process ID : 948
Protocol : TCP
Local Port : 49670
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Windows\System32\services.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : App Servizi e Controller
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: N/A
User Name :
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:36
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : services.exe
Process ID : 948
Protocol : TCP
Local Port : 49670
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Windows\System32\services.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : App Servizi e Controller
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: N/A
User Name :
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:36
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : spoolsv.exe
Process ID : 2980
Protocol : TCP
Local Port : 49668
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\System32\spoolsv.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Applicazione sottosistema spooler
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:33
User Name : NT AUTHORITY\SYSTEM
Process Services : Spooler
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:33
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : spoolsv.exe
Process ID : 2980
Protocol : TCP
Local Port : 49668
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\System32\spoolsv.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Applicazione sottosistema spooler
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:33
User Name : NT AUTHORITY\SYSTEM
Process Services : Spooler
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:33
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : StartMenuExperienceHost.exe
Process ID : 7352
Protocol : TCP
Local Port : 49688
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.109.32.97
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Windows Start Experience Host
File Version : 10.0.22621.2361 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:50
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : StartMenuExperienceHost.exe
Process ID : 7352
Protocol : TCP
Local Port : 49690
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.109.28.62
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Windows Start Experience Host
File Version : 10.0.22621.2361 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:51
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : StartMenuExperienceHost.exe
Process ID : 7352
Protocol : TCP
Local Port : 49691
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.109.32.51
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
Product Name : Microsoft® Windows® Operating System
File Description : Windows Start Experience Host
File Version : 10.0.22621.2361 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:43
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:51
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1188
Protocol : TCP
Local Port : 135
Local Port Name : epmap
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : RpcEptMapper, RpcSs
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 6440
Protocol : TCP
Local Port : 5040
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:38
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : CDPSvc
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:41
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1504
Protocol : TCP
Local Port : 49666
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SYSTEM
Process Services : Schedule
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2220
Protocol : TCP
Local Port : 49667
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventLog
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 4024
Protocol : TCP
Local Port : 49678
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.54.37.64
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : WpnService
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:43
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5364
Protocol : TCP
Local Port : 49694
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.54.232.160
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services : CDPUserSvc_40105
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:52
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 6440
Protocol : TCP
Local Port : 49701
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.82.217.86
Remote Host Name :
State : Established
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:38
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : CDPSvc
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:57
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:48
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 4536
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:49
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 6440
Protocol : UDP
Local Port : 5050
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:38
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : CDPSvc
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:38
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 5353
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:39
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 5355
Local Port Name : llmnr
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:39
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 3656
Protocol : UDP
Local Port : 49664
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SYSTEM
Process Services : iphlpsvc
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:35
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1188
Protocol : TCP
Local Port : 135
Local Port Name : epmap
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : RpcEptMapper, RpcSs
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 1504
Protocol : TCP
Local Port : 49666
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SYSTEM
Process Services : Schedule
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2220
Protocol : TCP
Local Port : 49667
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : EventLog
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2756
Protocol : UDP
Local Port : 546
Local Port Name : dhcpv6-client
Local Address : fe80::23b6:f71c:1d3c:2a4b
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes : 190
Sent Packets :
Received Packets : 2
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:33
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : Dhcp
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:38
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : ::1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:48
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 4536
Protocol : UDP
Local Port : 3702
Local Port Name : ws-discovery
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:49
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 5353
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:39
Module Filename : C:\Windows\System32\svchost.exe
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 5355
Local Port Name : llmnr
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:39
Module Filename : C:\Windows\System32\svchost.exe
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5364
Protocol : TCP
Local Port : 49732
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.54.103.203
Remote Host Name :
State : Established
Sent Bytes : 4.401
Received Bytes : 6.831
Sent Packets : 3
Received Packets : 6
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : LAPTOP-IHOF2LE9\Rosa Maria
Process Services : CDPUserSvc_40105
Process Attributes: A
Added On : 20/10/2023 19:48:24
Creation Timestamp: 20/10/2023 19:48:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : 192.168.1.93
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 50802
Local Port Name :
Local Address : 192.168.1.93
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes : 274
Received Bytes :
Sent Packets : 2
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 50803
Local Port Name :
Local Address : 127.0.0.1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes : 536
Received Bytes : 536
Sent Packets : 4
Received Packets : 4
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 4536
Protocol : UDP
Local Port : 50804
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 57187
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:24
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 1900
Local Port Name : ssdp
Local Address : fe80::23b6:f71c:1d3c:2a4b
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 50800
Local Port Name :
Local Address : fe80::23b6:f71c:1d3c:2a4b
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 5320
Protocol : UDP
Local Port : 50801
Local Port Name :
Local Address : ::1
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes : 238
Sent Packets :
Received Packets : 2
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:36
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : SSDPSRV
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 4536
Protocol : UDP
Local Port : 50805
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:35
User Name : NT AUTHORITY\SERVIZIO LOCALE
Process Services : FDResPub
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:23
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 57187
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:49:25
Creation Timestamp: 20/10/2023 19:49:24
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 3480
Protocol : TCP
Local Port : 49799
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 23.1.70.102
Remote Host Name :
State : Established
Sent Bytes : 227
Received Bytes : 1.006
Sent Packets : 1
Received Packets : 1
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 3480
Protocol : TCP
Local Port : 49800
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 23.1.70.102
Remote Host Name :
State : Established
Sent Bytes : 227
Received Bytes : 589
Sent Packets : 1
Received Packets : 1
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 12704
Protocol : TCP
Local Port : 49801
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 178.79.225.0
Remote Host Name : https-178-79-225-0.mxp.llnw.net
State : Established
Sent Bytes : 351
Received Bytes : 858
Sent Packets : 1
Received Packets : 1
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:49:21
User Name : NT AUTHORITY\SYSTEM
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 3480
Protocol : TCP
Local Port : 49802
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 8.238.153.254
Remote Host Name :
State : Established
Sent Bytes : 568
Received Bytes : 672
Sent Packets : 2
Received Packets : 2
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 12704
Protocol : TCP
Local Port : 49803
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 178.79.225.0
Remote Host Name : https-178-79-225-0.mxp.llnw.net
State : Established
Sent Bytes : 2.128
Received Bytes : 30.299
Sent Packets : 5
Received Packets : 17
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:49:21
User Name : NT AUTHORITY\SYSTEM
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 3480
Protocol : TCP
Local Port : 49804
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 109.70.240.130
Remote Host Name : h31.actalis.it
State : Established
Sent Bytes : 385
Received Bytes : 2.490
Sent Packets : 1
Received Packets : 2
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 3480
Protocol : TCP
Local Port : 49805
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 192.229.221.95
Remote Host Name :
State : Established
Sent Bytes : 963
Received Bytes : 2.209
Sent Packets : 3
Received Packets : 3
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:34
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : CryptSvc
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 56386
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : svchost.exe
Process ID : 2188
Protocol : UDP
Local Port : 56386
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name : LAPTOP-IHOF2LE9
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\WINDOWS\system32\svchost.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Processo host per servizi di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: 20/10/2023 19:47:32
User Name : NT AUTHORITY\SERVIZIO DI RETE
Process Services : Dnscache
Process Attributes: A
Added On : 20/10/2023 19:49:27
Creation Timestamp: 20/10/2023 19:49:26
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 139
Local Port Name : netbios-ssn
Local Address : 192.168.1.93
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:38
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:35
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 5357
Local Port Name : wsd
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:48
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 137
Local Port Name : netbios-ns
Local Address : 192.168.1.93
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes : 7.250
Received Bytes : 300
Sent Packets : 145
Received Packets : 6
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:38
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : UDP
Local Port : 138
Local Port Name : netbios-dgm
Local Address : 192.168.1.93
Remote Port :
Remote Port Name :
Remote Address :
Remote Host Name :
State :
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:38
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 445
Local Port Name : microsoft-ds
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:35
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : System
Process ID : 4
Protocol : TCP
Local Port : 5357
Local Port Name : wsd
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : System
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:48
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49671
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 104.208.16.89
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49684
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 3.127.184.99
Remote Host Name : ec2-3-127-184-99.eu-central-1.compute.amazonaws.com
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49689
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 3.127.184.99
Remote Host Name : ec2-3-127-184-99.eu-central-1.compute.amazonaws.com
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49696
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 3.127.184.99
Remote Host Name : ec2-3-127-184-99.eu-central-1.compute.amazonaws.com
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:22
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49733
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.107.42.16
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49735
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.113.194.132
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49737
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.113.194.133
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49738
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.23.50.66
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49739
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.113.194.133
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49740
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.113.194.133
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49741
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 52.113.194.133
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49743
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 23.102.0.171
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49747
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 13.107.3.128
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:28
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49685
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 20.190.181.6
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:51
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49680
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 80
Remote Port Name : http
Remote Address : 104.120.125.70
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:53
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49692
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 35.186.224.25
Remote Host Name : 25.224.186.35.bc.googleusercontent.com
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:53
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49693
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 35.186.224.25
Remote Host Name : 25.224.186.35.bc.googleusercontent.com
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:48:53
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49705
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 204.79.197.222
Remote Host Name :
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:49:13
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49675
Local Port Name :
Local Address : 192.168.1.93
Remote Port : 443
Remote Port Name : https
Remote Address : 130.211.34.183
Remote Host Name : 183.34.211.130.bc.googleusercontent.com
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:49:21
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49797
Local Port Name :
Local Address : 127.0.0.1
Remote Port : 5357
Remote Port Name : wsd
Remote Address : 127.0.0.1
Remote Host Name : LAPTOP-IHOF2LE9
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:49:25
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : Unknown
Process ID : 0
Protocol : TCP
Local Port : 49796
Local Port Name :
Local Address : ::1
Remote Port : 5357
Remote Port Name : wsd
Remote Address : ::1
Remote Host Name : LAPTOP-IHOF2LE9
State : Time Wait
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path :
Product Name :
File Description :
File Version :
Company :
Process Created On: N/A
User Name :
Process Services :
Process Attributes:
Added On : 20/10/2023 19:49:25
Creation Timestamp:
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : wininit.exe
Process ID : 840
Protocol : TCP
Local Port : 49665
Local Port Name :
Local Address : 0.0.0.0
Remote Port :
Remote Port Name :
Remote Address : 0.0.0.0
Remote Host Name :
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Windows\System32\wininit.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Applicazione di avvio di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: N/A
User Name :
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================

==================================================
Process Name : wininit.exe
Process ID : 840
Protocol : TCP
Local Port : 49665
Local Port Name :
Local Address : ::
Remote Port :
Remote Port Name :
Remote Address : ::
Remote Host Name : LAPTOP-IHOF2LE9
State : Listening
Sent Bytes :
Received Bytes :
Sent Packets :
Received Packets :
Process Path : C:\Windows\System32\wininit.exe
Product Name : Sistema operativo Microsoft® Windows®
File Description : Applicazione di avvio di Windows
File Version : 10.0.22621.2428 (WinBuild.160101.0800)
Company : Microsoft Corporation
Process Created On: N/A
User Name :
Process Services :
Process Attributes: A
Added On : 20/10/2023 19:48:22
Creation Timestamp: 20/10/2023 19:47:32
Module Filename :
Remote IP Country :
Remote IP ASN :
Remote IP Company :
Window Title :
==================================================
Top
Avatar utente
crazy.cat
Amministratore
Amministratore
Messaggi: 12501
Iscritto il: mer mag 01, 2013 4:02 pm
Località: Noventa Padovana
Contatta:
Contatta crazy.cat

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da crazy.cat »

tekmanfixer777 ha scritto: ven ott 20, 2023 7:52 pm Comunque questo è il log di CurrPorts preso dal pc di mio padre, sbagliavo a non selezionare tutto...
@ tekmanfixer777, per favore usa il tag spoiler per nascondere i log lunghi, altrimenti la discussione diventa ingestibile.
Currports nel log ci sono troppi processi sconosciuti, potresti controllare se uno degli indirizzi presenti nel firewall è presente anche nel log di currports?
Da autoruns ho visto una strana operazione pianificata, la prima della lista dei task scheduler, puoi vedere dove punta nel pc?
Voto anche io per la scansione con kaspersky.
“Se tutti i documenti raccontavano la stessa favola, ecco che la menzogna diventava un fatto storico, quindi vera.”
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Scusami, non sono pratico con i forum...
Comunque io vedo questi IP a cui sono rivolti gli attacchi ping of death da parte dell'IP del pc di mio padre:
207.244.64.33
209.58.148.129
23.81.209.174
23.81.180.8
23.83.129.202
38.132.124.98
Top
Avatar utente
Zigul
VIP
VIP
Messaggi: 219
Iscritto il: dom ott 08, 2023 12:11 am

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Zigul »

Sembrerebbero tutti indirizzi legati a AviraPhantomVpn; prova a disattivarla da autoruns e vediamo se le molestie continuano.
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Ma quindi è possibile sfruttare le debolezze di una vpn per fare queste cose?
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Comunque le vere molestie sono i tcp port scan attack...
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

kernel: TCP PORT SCAN ATTACK:IN=ppp2 OUT= MAC= SRC=61.7.174.220 DST=37.101.122.173 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=716 PROTO=TCP SPT=16157 DPT=9760 WINDOW=0 RES=0x00 URG ACK PSH RST SYN FIN URGP=24031

Partono da indirizzi sempre diversi, ma sempre rivolti al mio IP. E' indubbiamente qualcuno che mi ha preso di mira e si maschera dietro un finto IP "mascherina". La Polizia Postale di Bari a cui mi ero recato per denunciare, non ha voluto prendere una denuncia, ma solo una segnalazione con i vari IP a cui non hanno ancora risposto...tra l'altro ad una mail ordinaria...Mi hanno detto che non c'è reato perché non sono entrati nel pc, ma io ho detto che questo non posso dirlo e che ho dei log di file di sistema danneggiati...
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Crazycat, il primo processo di task scheduler punta alla cartella C:\Users, era questo che volevi sapere?
Top
Avatar utente
CUB3
Moderatore
Moderatore
Messaggi: 3985
Iscritto il: lun gen 26, 2015 10:13 am

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da CUB3 »

tekmanfixer777 ha scritto: ven ott 20, 2023 9:33 pm kernel: TCP PORT SCAN ATTACK:IN=ppp2 OUT= MAC= SRC=61.7.174.220 DST=37.101.122.173 LEN=60 TOS=0x00 PREC=0x00 TTL=53 ID=716 PROTO=TCP SPT=16157 DPT=9760 WINDOW=0 RES=0x00 URG ACK PSH RST SYN FIN URGP=24031

Partono da indirizzi sempre diversi, ma sempre rivolti al mio IP. E' indubbiamente qualcuno che mi ha preso di mira e si maschera dietro un finto IP "mascherina".
Credo che puoi stare tranquillo, nessuno ti ha preso di mira, nessuno ce l'ha con te. :)
Sono scansioni automatiche fatte a casaccio in cerca di porte aperte o vulnerabilità e ci sono altri utenti che le hanno notate (vedi qui), qualche anno fa, avevano destato preoccupazione anche a me.
Per rassicurarti ancora, ti mostro un estratto del log del mio router di questa mattina:
Immagine
L'unica cosa importante è tenere aggiornati i computer e il router :ciao
"Let me tell you a secret: when you hear that the machine is “smart”, what it actually means is that it’s exploitable." Mikko Hypponen
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Oggi faccio la scansione di kaspersky rescue disk
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

ragazzi, la scansione eseguita perfettamente con la connessione funzionante per gli aggiornamenti, non ha trovato nulla, quindi il computer è stato proprio hackerato
Top
Avatar utente
tekmanfixer777
Livello: DVD-ROM (5/15)
Livello: DVD-ROM (5/15)
Messaggi: 114
Iscritto il: mer ago 09, 2023 8:23 pm

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da tekmanfixer777 »

Ho messo l'avvio pulito nascondendo tutti i servizi microsoft e disabilitando il resto e non si verifica niente come vi dissi già
Top
Avatar utente
Matilda12
Livello: Workstation (10/15)
Livello: Workstation (10/15)
Messaggi: 1258
Iscritto il: ven ott 18, 2013 2:18 pm
Località: Marche
Contatta:
Contatta Matilda12

Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da Matilda12 »

Premesso e richiamato l'intervento di CUB3, ossia (in estratto):
CUB3 ha scritto: sab ott 28, 2023 9:28 am Credo che puoi stare tranquillo, nessuno ti ha preso di mira, nessuno ce l'ha con te. :)
Sono scansioni automatiche fatte a casaccio in cerca di porte aperte o vulnerabilità e ci sono altri utenti che le hanno notate (vedi qui), qualche anno fa, avevano destato preoccupazione anche a me.
...
Visto che:
tekmanfixer777 ha scritto: sab ott 28, 2023 12:17 pm Ho messo l'avvio pulito nascondendo tutti i servizi microsoft e disabilitando il resto e non si verifica niente come vi dissi già
Considerato che, nonostante la scansione non abbia dato esiti, temi:
tekmanfixer777 ha scritto: sab ott 28, 2023 12:02 pm ragazzi, la scansione eseguita perfettamente con la connessione funzionante per gli aggiornamenti, non ha trovato nulla, quindi il computer è stato proprio hackerato
... ciò detto, potresti, se hai tempo (e ce ne vorrà) e voglia, riattivare servizio per servizio e controllare quando i ping ripartono.

Ho scritto il post quasi come se fosse un atto pubblico ... scusatemi ... ho cambiato stile, magari peggiorando, in corsa. :eccitato

:ciao
"Facesti come quei che va di notte, che porta il lume dietro e sé non giova, ma dopo sé fa le persone dotte"
Dante (Purgatorio, Canto XXII)
Top
System
System
Bot ufficiale TurboLab.it
Bot
Messaggi:
Iscritto il: sab dic 31, 2016 6:19 pm
Contatta: Contatta

Re: Re: Attacchi ping of death automatici all'accensione del pc di mio padre

Messaggio da System » dom ott 29, 2023 6:24 pm

Top
Rispondi
  • Argomenti simili
    Risposte
    Visite
    Ultimo messaggio

Torna a “Microsoft Windows”