Is your computer hacked?
It's vital, as I discussed in the last article that you have to figure out what's truly going on in the environment. An unusual local IP address linking to a foreign IP address should be the first thing you search for. What we can see over here is that we can actually keep an eye out for the possibility of anything like this happening, and one of the important highlights is part 8044 tree, which is a well-established connection leading outwards into a hacker Machiavelli.
The attacker machine monitors your internet traffic from the control system. With the help of task manager, you may inspect the services and processes that are running. You can get a lot more information about what's going on in the background from Task Manager, such as the process ID, which you can view if you right-click on Windows PowerShell and select Details. Process ID can reveal what an attacker is doing to get access to your system and data, as well as any covert operations.
The next step is to download and install Wireshark, an internet traffic monitoring program. This is an application that lets you see real-time traffic entering and exiting your operating system. Start the traffic capturing procedure to check what's going on in your computer system and if the hacker has already established a session connection and run commands like PW or LS to list out the complete existing directory or all of the files in the working directory. As a result of the commands executed from the hacker's workstation, we can see the destination IP address in wireshark, and it is almost certainly an external IP address.
The external IP address shows that the IP address does not belong to your Network/Subnet or that it originates from a country other than the one where you are now working. This IP will display multiple times in order to authenticate communication and contact between two machines, not only once or twice. To get a better understanding of this concept, consider removing your computer from the internet and then resuming the wireshark traffic capture procedure to see what activities or IP addresses appear. Only internal IP addresses and Microsoft IP addresses will be returned if they are attempting to sync with Microsoft servers. When you connect your computer to the internet and open wireshark, you'll see a lot of external IP addresses, including a lot of Microsoft's. Some of those Microsoft IP addresses will have many entries, depending on the nature of the IP address and the service received by the operating system through it.