Hi,
I'm new to all of this and the whole reason I'm here is to get to the bottom of a mysterious "freak" corruption that has infected almost all of my devices, in one way or another, for months. While running Wireshark, approximately 10 - 25 percent is classified as red / black in Expert Info depending on the task. Traffic during Windows updates yield many more warning level packets. I have a lot of unsigned certificates for in my Windows system files, ESET doesn't recognize many of my stock system files on my computer, along with the other day the icing on the cake, I saw in my Powershell history someone (who was definitely NOT ME) blocking a specific set of debug tools in real time, that I had just installed, as in, someone who wasn't me was remotely executing PowerShell commands to block me from investigating the problems on my computer.
Running Wireshark, Tcpdump, Netstat, etc. I will admit that I don't know what I'm looking at for the most part except the IP addresses I have connections established to (on many many ports that are not 443 or 80) are addresses that have been reported, some of them 5 times, some 20, some 250 times, as being abuser IPs reported for DDoS & CnC.
The most recent attack has been on my Surface's ability to connect to the Microsoft update server packets.
I have a ticket with I3C that I'll be updating but since literally all these attackers are doing is breaking my devices or potentially using my machines as proxies to hurt other people, (no money stolen or ransomware deployed against me) I'm really looking to understand the most effective way to communicate and package my message along with my pcap data effectively so Law Enforcement or my ISPs can act on the information.
Thanks for any help you can provide.
Best,
-A