Netscan pid -1

[0xExpensive]

A process (example.exe) communicates with the IP 123.123.123.123 (Not the actual IP).

But the netscan plugin actually shows that that process example.exe communicates with Foreign Address ":", instead of showing it communicates with Foreign Address 123.123.123.123.

Instead of associating the connection of 123.123.123.213 in Foreign Address with example.exe, it creates a separate new line for 123.123.123.123, but the associated PID with that connection appears as PID -1 instead of the actual PID of the process. Also, the name of the process associated with 123.123.123.123 is not shown at all.

Meaning, you can not actually prove example.exe communicated with 123.123.123.123, because Foreign Address shows as ":", and you cannot prove the new line of 123.123.123.123 belongs to example.exe, because the PID is -1 and the process name is blank.

Using the suggested yarascan method does not help in this case.

I've tried running netscan with all of the suggested profiles. This happens with a memory dump of Windows 10 using Kali volatility to investigate, version 2.6