Volatility 3 Framework 1.0.1 Offset Proto LocalAddr LocalPort ForeignAddr ForeignPort State PID Owner Created 0x23d04218 TCPv4 0.0.0.0 49155 0.0.0.0 0 LISTENING 400 services.exe N/A 0x23d04218 TCPv6 :: 49155 :: 0 LISTENING 400 services.exe N/A 0x2554b460 TCPv4 10.0.2.15 49226 93.184.220.29 80 ESTABLISHED - - - 0x261e9d30 TCPv4 10.0.2.15 49228 172.67.177.22 443 ESTABLISHED - - - 0x3e22f008 UDPv4 0.0.0.0 0 * 0 2080 svchost.exe 2021-11-25 19:12:23.000000 0x3e22f008 UDPv6 :: 0 * 0 2080 svchost.exe 2021-11-25 19:12:23.000000 0x3e238300 TCPv4 0.0.0.0 445 0.0.0.0 0 LISTENING 4 System N/A 0x3e238300 TCPv6 :: 445 :: 0 LISTENING 4 System N/A 0x3e24c588 UDPv4 0.0.0.0 0 * 0 2080 svchost.exe 2021-11-25 19:12:23.000000 0x3e281368 UDPv4 10.0.2.15 138 * 0 4 System 2021-11-25 19:12:23.000000 0x3e2a29b8 UDPv4 0.0.0.0 0 * 0 1084 svchost.exe 2021-11-25 19:12:23.000000 0x3e2a29b8 UDPv6 :: 0 * 0 1084 svchost.exe 2021-11-25 19:12:23.000000 0x3e2a6448 UDPv4 0.0.0.0 5355 * 0 1084 svchost.exe 2021-11-25 19:12:26.000000 0x3e2b5b88 TCPv4 10.0.2.15 139 0.0.0.0 0 LISTENING 4 System N/A 0x3e2e9cc0 TCPv4 10.0.2.15 49221 212.205.126.106 443 ESTABLISHED - - - 0x3e354618 UDPv6 fe80::256b:4013:4140:453f 546 * 0 744 svchost.exe 2021-11-25 19:12:31.000000 0x3e3b0c70 UDPv4 0.0.0.0 0 * 0 2700 powershell.exe 2021-11-25 19:13:51.000000 0x3e5e4f50 UDPv4 0.0.0.0 5355 * 0 1084 svchost.exe 2021-11-25 19:12:26.000000 0x3e5e4f50 UDPv6 :: 5355 * 0 1084 svchost.exe 2021-11-25 19:12:26.000000 0x3e5f77a0 TCPv4 0.0.0.0 22 0.0.0.0 0 LISTENING 1676 sshd.exe N/A 0x3e619578 TCPv4 0.0.0.0 49152 0.0.0.0 0 LISTENING 348 wininit.exe N/A 0x3e619578 TCPv6 :: 49152 :: 0 LISTENING 348 wininit.exe N/A 0x3e619cc0 TCPv4 0.0.0.0 49152 0.0.0.0 0 LISTENING 348 wininit.exe N/A 0x3e630008 UDPv4 0.0.0.0 0 * 0 2700 powershell.exe 2021-11-25 19:13:51.000000 0x3e630008 UDPv6 :: 0 * 0 2700 powershell.exe 2021-11-25 19:13:51.000000 0x3e630a20 TCPv4 0.0.0.0 49156 0.0.0.0 0 LISTENING 408 lsass.exe N/A 0x3e630a20 TCPv6 :: 49156 :: 0 LISTENING 408 lsass.exe N/A 0x3e648508 TCPv4 0.0.0.0 49153 0.0.0.0 0 LISTENING 744 svchost.exe N/A 0x3e648508 TCPv6 :: 49153 :: 0 LISTENING 744 svchost.exe N/A 0x3e6b92c0 TCPv4 0.0.0.0 135 0.0.0.0 0 LISTENING 692 svchost.exe N/A 0x3e6b92c0 TCPv6 :: 135 :: 0 LISTENING 692 svchost.exe N/A 0x3e6b9910 TCPv4 0.0.0.0 135 0.0.0.0 0 LISTENING 692 svchost.exe N/A 0x3e6f0bd8 TCPv4 0.0.0.0 49153 0.0.0.0 0 LISTENING 744 svchost.exe N/A 0x3e75f8e0 TCPv4 0.0.0.0 49154 0.0.0.0 0 LISTENING 888 svchost.exe N/A 0x3e762a40 TCPv4 0.0.0.0 49155 0.0.0.0 0 LISTENING 400 services.exe N/A 0x3e7686e8 TCPv4 0.0.0.0 49154 0.0.0.0 0 LISTENING 888 svchost.exe N/A 0x3e7686e8 TCPv6 :: 49154 :: 0 LISTENING 888 svchost.exe N/A 0x3e8611f0 TCPv4 0.0.0.0 22 0.0.0.0 0 LISTENING 1676 sshd.exe N/A 0x3e8611f0 TCPv6 :: 22 :: 0 LISTENING 1676 sshd.exe N/A 0x3e9be828 TCPv4 0.0.0.0 49156 0.0.0.0 0 LISTENING 408 lsass.exe N/A 0x3ed036c8 UDPv4 10.0.2.15 137 * 0 4 System 2021-11-25 19:12:23.000000 0x3ee98d80 TCPv4 10.0.2.15 49229 147.182.172.189 4444 ESTABLISHED - - - 0x3f1b0df8 TCPv4 10.0.2.15 49216 212.205.126.106 443 ESTABLISHED - - - 0x3f225df8 TCPv4 10.0.2.15 49222 212.205.126.106 443 ESTABLISHED - - - 0x3f2cff50 UDPv4 0.0.0.0 0 * 0 - - 2021-11-25 19:13:04.000000 0x3f2cff50 UDPv6 :: 0 * 0 - - 2021-11-25 19:13:04.000000 0x3f4d7378 UDPv4 0.0.0.0 0 * 0 2700 powershell.exe 2021-11-25 19:13:51.000000 0x3f4dad28 UDPv4 127.0.0.1 58426 * 0 3344 iexplore.exe 2021-11-25 19:13:31.000000 0x3f520ab8 UDPv4 0.0.0.0 0 * 0 2700 powershell.exe 2021-11-25 19:13:51.000000 0x3f520ab8 UDPv6 :: 0 * 0 2700 powershell.exe 2021-11-25 19:13:51.000000 0x3f546de8 UDPv4 0.0.0.0 0 * 0 636 VBoxService.ex 2021-11-25 19:14:14.000000 0x3f547008 TCPv4 10.0.2.15 49220 212.205.126.106 443 ESTABLISHED - - - 0x3f561438 TCPv4 10.0.2.15 49215 204.79.197.203 443 ESTABLISHED - - - 0x3f57c438 TCPv4 10.0.2.15 49218 95.100.210.141 443 ESTABLISHED - - - 0x3f58b4c8 TCPv4 10.0.2.15 49217 212.205.126.106 443 ESTABLISHED - - - 0x3f58c748 TCPv4 10.0.2.15 49223 212.205.126.106 443 ESTABLISHED - - - 0x3f58e9d8 TCPv4 10.0.2.15 49225 172.67.177.22 443 ESTABLISHED - - - 0x3f5c6df8 TCPv4 10.0.2.15 49219 95.100.210.141 443 ESTABLISHED - - -