[collector:] client az-mbox1.ceda.unina2.it.powershell powershell XymonPS [date] Sat 01 Nov 08:56:56 2025 [clock] epoch: 1761983816 local: Sat 01 Nov 08:56:56 2025 UTC: Sat 01 Nov 07:56:56 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 4 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0000786s Root Dispersion: 0.0100002s ReferenceId: 0x564D5450 (source IP: 86.77.84.80) Last Successful Sync Time: 11/1/2025 8:56:44 AM Source: VM IC Time Synchronization Provider Poll Interval: 6 (64s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter Azure Edition (build 20348) [cpu] up: 7 days, 0 users, 194 procs, load=40.42% CPU states: total 40.42% cores: 4 CPU PID Image Name Pri Time MemUsage 24.6% 6688 SVC:MSExchangeMailboxReplicati 8 7 324344k 10.4% 15192 Microsoft.Exchange.Store.Worke 8 3 2351948k 1.5% 1368 SVC:EventLog 8 10:05:57 28980k 1.1% 4336 SVC:WinDefend 8 07:51:08 195132k 0.7% 14756 powershell 8 00:12:33 142352k 0.6% 6608 SVC:MSComplianceAudit 8 02:36:33 204240k 0.2% 900 SVC:KeyIso/Netlogon/SamSs 9 01:41:45 105548k 0.2% 2608 taskhostw 6 01:15:07 93588k 0.1% 5576 MSExchangeHMWorker 8 01:02:29 588508k 0.1% 2472 SVC:IISADMIN 8 00:03:55 30284k 0.1% 4 System 8 00:41:01 140k 0.1% 12256 updateservice 8 00:07:12 20940k 0.1% 6504 SVC:MSExchangeServiceHost 8 00:04:05 256844k 0.1% 6408 SVC:DPS 8 00:23:10 25804k 0.1% 15500 SVC:MSExchangeDiagnostics 8 00:27:11 226824k 0.1% 14320 EdgeTransport 8 00:28:27 1031864k 0.1% 23084 scanningprocess 8 00:36:36 266444k 0.1% 5400 w3wp 8 00:20:09 1040244k 0.0% 6640 SVC:MSExchangeFrontEndTranspor 8 00:11:46 295156k 0.0% 3684 SVC:MSExchangeHM 8 00:13:30 237148k 0.0% 6388 w3wp 8 00:06:43 507544k 0.0% 6544 SVC:MSExchangeSubmission 8 00:07:01 251308k 0.0% 14048 w3wp 8 00:04:11 237376k 0.0% 4344 SVC:WindowsAzureGuestAgent 8 00:06:49 74540k 0.0% 5960 w3wp 8 00:07:52 602372k 0.0% 5772 w3wp 8 00:05:40 244800k 0.0% 3764 w3wp 8 00:08:21 277616k 0.0% 6632 SVC:MSExchangeEdgeSync 8 00:11:12 105960k 0.0% 880 services 9 00:17:22 15740k 0.0% 3148 SVC:FMS 8 00:07:20 18812k 0.0% 588 SVC:RpcEptMapper/RpcSs 8 00:03:05 48572k 0.0% 9368 Microsoft.Exchange.Imap4 8 00:05:10 223004k 0.0% 4820 SVC:MSExchangeADTopology 8 00:03:14 151148k 0.0% 4076 SVC:RdAgent 8 00:05:57 95448k 0.0% 4048 SVC:ClusSvc 13 00:02:39 33604k 0.0% 9016 w3wp 8 00:03:42 400408k 0.0% 8864 w3wp 8 00:07:26 387084k 0.0% 8556 Microsoft.Exchange.Pop3 8 00:01:43 202588k 0.0% 8776 w3wp 8 00:05:10 296768k 0.0% 8792 w3wp 8 00:05:03 672380k 0.0% 6676 SVC:MSExchangeDelivery 8 00:05:16 361284k 0.0% 6536 SVC:MSExchangeRPC 8 00:02:58 199472k 0.0% 6580 SVC:MSExchangeRepl 10 00:05:20 187716k 0.0% 13052 scanningprocess 8 00:11:58 179552k 0.0% 22248 SVC:wuauserv 8 00:00:00 17532k 0.0% 1924 SVC:Dnscache 8 00:02:29 11220k 0.0% 6352 w3wp 8 00:06:45 475852k 0.0% 7836 noderunner 8 00:12:27 740740k 0.0% 1960 SVC:Schedule 8 00:03:01 17080k 0.0% 8928 noderunner 8 00:01:05 172816k 0.0% 8920 w3wp 8 00:00:55 212280k 0.0% 6656 SVC:MSExchangeTransportLogSear 8 00:00:47 127384k 0.0% 22768 LogonUI 13 00:00:00 31108k 0.0% 8140 noderunner 8 00:01:22 193852k 0.0% 8200 conhost 8 00:00:00 10816k 0.0% 6624 SVC:MSExchangeThrottling 8 00:00:02 106452k 0.0% 9164 Microsoft.Exchange.Imap4 8 00:01:22 171604k 0.0% 9212 conhost 8 00:00:00 10812k 0.0% 8572 conhost 8 00:00:00 10808k 0.0% 6884 noderunner 8 00:01:10 182932k 0.0% 25744 rdpclip 8 00:00:00 19780k 0.0% 7536 conhost 8 00:00:00 10824k 0.0% 8404 Microsoft.Exchange.Pop3 8 00:01:10 159592k 0.0% 6812 SVC:MSExchangePop3 8 00:00:06 119960k 0.0% 8816 StartMenuExperienceHost 8 00:00:00 56184k 0.0% 26148 SVC:WaaSMedicSvc 8 00:00:00 8444k 0.0% 8800 w3wp 8 00:02:34 240456k 0.0% 6752 SVC:MSExchangeMitigation 8 00:00:50 261288k 0.0% 25260 WaSecAgentProv 8 00:00:00 4296k 0.0% 18000 SVC:DsSvc 8 00:00:09 10996k 0.0% 17700 SVC:Appinfo 8 00:00:00 6772k 0.0% 18280 sihost 8 00:00:01 27696k 0.0% 18864 TabTip 13 00:00:00 18860k 0.0% 18456 RuntimeBroker 8 00:00:02 27152k 0.0% 16212 winlogon 13 00:00:00 10060k 0.0% 16100 SVC:UALSVC 8 00:00:10 15404k 0.0% 17508 SVC:StateRepository 8 00:00:02 14108k 0.0% 17628 SVC:XymonPSClient 8 00:00:00 6740k 0.0% 17604 RuntimeBroker 8 00:00:00 17152k 0.0% 19336 SVC:WpnUserService_33b15775 8 00:00:00 27096k 0.0% 21476 ctfmon 13 00:00:00 15976k 0.0% 21136 SVC:CDPUserSvc_33b15775 8 00:00:00 16352k 0.0% 21752 explorer 8 00:00:09 164284k 0.0% 22164 SVC:TabletInputService 8 00:00:00 7984k 0.0% 22064 scanningprocess 8 00:08:07 179196k 0.0% 19920 TextInputHost 8 00:00:00 44556k 0.0% 19864 SearchApp 8 00:00:05 80236k 0.0% 20772 SVC:TokenBroker 8 00:00:03 17068k 0.0% 22780 SVC:SecurityHealthService 8 00:00:00 11592k 0.0% 21088 SVC:cbdhsvc_33b15775 8 00:00:00 15920k 0.0% 12668 SVC:WdiServiceHost 8 00:00:00 6684k 0.0% 12364 rhs 13 00:00:00 16480k 0.0% 12728 WmiPrvSE 8 00:00:23 16052k 0.0% 24948 SVC:camsvc 8 00:00:00 10712k 0.0% 13004 RuntimeBroker 8 00:00:00 13540k 0.0% 10960 csrss 13 00:00:00 7124k 0.0% 9452 conhost 8 00:00:00 10812k 0.0% 11736 ForefrontActiveDirectoryConnec 8 00:00:06 139380k 0.0% 12360 conhost 8 00:00:02 14068k 0.0% 25252 dwm 13 00:00:01 37924k 0.0% 13432 SVC:MSExchangeTransport 8 00:00:02 108364k 0.0% 23284 taskhostw 8 00:00:00 12248k 0.0% 24192 fontdrvhost 8 00:00:00 5020k 0.0% 15292 SVC:CDPSvc 8 00:00:00 13844k 0.0% 15420 SVC:MSDTC 8 00:00:00 11760k 0.0% 15404 SVC:WinRM 8 00:00:02 17264k 0.0% 24896 conhost 8 00:00:00 10912k 0.0% 13900 SVC:UsoSvc 8 00:00:01 12888k 0.0% 24800 TabTip32 8 00:00:00 5720k 0.0% 14232 SVC:StorSvc 8 00:00:40 18336k 0.0% 14108 conhost 8 00:00:00 10880k 0.0% 6616 SVC:MSExchangeFlighting 8 00:01:28 377644k 0.0% 1724 SVC:Themes 8 00:00:00 6232k 0.0% 1716 SVC:ProfSvc 8 00:00:00 13616k 0.0% 1732 SVC:EventSystem 8 00:00:01 8736k 0.0% 1872 SVC:NlaSvc 8 00:00:00 13312k 0.0% 1860 SVC:DiagTrack 8 00:01:18 43688k 0.0% 1588 SVC:nsi 8 00:00:03 10692k 0.0% 1552 LogonUI 13 00:02:11 46392k 0.0% 1640 SVC:Dhcp 8 00:01:24 8564k 0.0% 1700 dwm 13 00:00:02 44668k 0.0% 1676 SVC:gpsvc 8 00:00:05 14104k 0.0% 2268 w3wp 8 00:00:30 256272k 0.0% 2220 SVC:netprofm 8 00:00:03 11520k 0.0% 2284 SVC:CertPropSvc 8 00:00:00 7772k 0.0% 2360 SVC:BFE/mpssvc 8 00:00:15 24172k 0.0% 2352 SVC:CoreMessagingRegistrar 8 00:00:00 6580k 0.0% 2016 SVC:PcaSvc 8 00:00:00 12640k 0.0% 1944 SVC:SENS 8 00:00:00 9004k 0.0% 2020 SVC:UmRdpService 8 00:00:00 10328k 0.0% 2192 SVC:FontCache 8 00:00:00 7636k 0.0% 2072 SVC:ShellHWDetection 8 00:00:00 13320k 0.0% 1520 SVC:CryptSvc 8 00:00:13 14980k 0.0% 744 csrss 13 00:00:00 6056k 0.0% 736 wininit 13 00:00:00 7364k 0.0% 808 winlogon 13 00:00:00 10612k 0.0% 1016 SVC:BrokerInfrastructure/DcomL 8 00:00:21 25324k 0.0% 920 SVC:Wcmsvc 8 00:00:00 9160k 0.0% 516 smss 11 00:00:00 1276k 0.0% 116 Registry 8 00:00:06 106444k 0.0% 608 fontdrvhost 8 00:00:00 4068k 0.0% 652 csrss 13 00:00:18 7316k 0.0% 612 fontdrvhost 8 00:00:00 4180k 0.0% 1352 SVC:vmicheartbeat 8 00:01:56 12296k 0.0% 1252 SVC:TimeBrokerSvc 8 00:00:00 12364k 0.0% 1360 SVC:vmickvpexchange 8 00:00:47 6564k 0.0% 1424 SVC:vmictimesync 8 00:00:08 6452k 0.0% 1376 SVC:vmicshutdown 8 00:00:00 6336k 0.0% 1124 SVC:TermService 8 00:00:24 32488k 0.0% 1060 SVC:LSM 8 00:00:10 11744k 0.0% 1168 SVC:lmhosts 8 00:00:00 5776k 0.0% 1232 SVC:NcbService 8 00:00:00 10104k 0.0% 1176 SVC:W32Time 8 00:00:07 8744k 0.0% 4508 SVC:RasMan 8 00:00:00 13576k 0.0% 4460 SVC:WdNisSvc 8 00:00:02 12800k 0.0% 4596 AggregatorHost 8 00:00:03 6392k 0.0% 5892 SVC:NetMsmqActivator 8 00:00:00 17764k 0.0% 5804 dllhost 8 00:00:00 12848k 0.0% 4312 SVC:TrkWks 8 00:00:00 6124k 0.0% 4224 SVC:SysMain 8 00:00:00 7268k 0.0% 4328 rhs 13 00:00:00 12696k 0.0% 4400 SVC:WpnService 8 00:00:00 12180k 0.0% 4372 SVC:WMSVC 8 00:00:00 23604k 0.0% 6568 SVC:MSExchangeMailboxAssistant 8 00:28:25 437884k 0.0% 6560 SVC:MSExchangeCompliance 8 00:00:07 137956k 0.0% 6576 SVC:MSExchangeFastSearch 8 00:00:12 142172k 0.0% 6600 SVC:MSExchangeAntispamUpdate 8 00:00:08 33400k 0.0% 6592 SVC:MSExchangeDagMgmt 8 00:00:20 192148k 0.0% 6512 SVC:MSExchangeImap4 8 00:00:06 119644k 0.0% 0 Idle 0 8k 0.0% 6520 SVC:MSExchangeIMAP4BE 8 00:00:10 120424k 0.0% 6552 SVC:MSExchangeIS 8 00:00:13 163688k 0.0% 6528 SVC:MSExchangePOP3BE 8 00:00:06 120944k 0.0% 4180 SVC:SearchExchangeTracing 8 00:00:32 17132k 0.0% 3068 SVC:AppHostSvc 8 00:00:00 12640k 0.0% 3032 SVC:Spooler 8 00:00:10 28468k 0.0% 3092 SVC:iphlpsvc 8 00:00:01 10980k 0.0% 3360 SVC:NetPipeActivator/NetTcpAct 8 00:00:06 38892k 0.0% 3136 SVC:HostControllerService 8 00:02:31 93828k 0.0% 2452 SVC:LanmanWorkstation 8 00:00:09 10732k 0.0% 2372 SVC:WinHttpAutoProxySvc 8 00:00:15 8244k 0.0% 2664 SVC:SessionEnv 8 00:00:00 10480k 0.0% 2916 SVC:DispBrokerDesktopSvc 8 00:00:00 7560k 0.0% 2680 SVC:UserManager 8 00:00:01 9732k 0.0% 3856 SVC:W3SVC/WAS 8 00:00:52 16164k 0.0% 3832 SVC:MSMQ 8 00:00:00 15296k 0.0% 4032 SVC:pla 8 00:00:04 7464k 0.0% 4140 SVC:sacsvr 8 00:00:00 5796k 0.0% 4040 SVC:SstpSvc 8 00:00:00 7688k 0.0% 3436 SVC:LanmanServer 8 00:00:02 9312k 0.0% 3372 SVC:MDCoreSvc 8 00:00:31 30204k 0.0% 3452 SVC:Winmgmt 8 00:03:23 24456k 0.0% 3800 SVC:PolicyAgent 8 00:00:00 8036k 0.0% 3676 SVC:MSExchangeHMRecovery 8 00:00:00 36796k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 132589516 109810080 22779436 83% /FIXED/C:\ Windows 126.45\21.72 Exch-DB\Az-DB01 1073723388 134162656 939560732 12% /FIXED/C:\Exch-DB\Az-DB01\ Az-DB01 1023.98\896.03 [memory] memory Total Used physical: 32717 16420 virtual: 40897 22513 page: 8180 1368 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 163840000 210938 Security Circular 133103616 180416 System Circular 133103616 309831 Application [msgs:eventlog_Security] Information - 11/01/2025 08:56:32 - [5156] - Microsoft-Windows-Security-Auditing - The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 6512 Application Name: \device\harddiskvolume4\program files\microsoft\exchange server\v15\frontend\popimap\microsoft.exchange.imap4service.exe Network Information: Direction: Inbound Source Address: 127.0.0.1 Source Port: 29756 Destination Address: 127.0.0.1 Destination Port: 993 Protocol: 6 Interface Index: 1 Filter Information: Filter Origin: AppContainer Loopback Filter Run-Time ID: 182016 Layer Name: Receive/Accept Layer Run-Time ID: 44 Remote User ID: S-1-0-0 Remote Machine ID: S-1-0-0 Information - 11/01/2025 08:56:32 - [5156] - Microsoft-Windows-Security-Auditing - The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 5576 Application Name: \device\harddiskvolume4\program files\microsoft\exchange server\v15\bin\msexchangehmworker.exe Network Information: Direction: Outbound Source Address: 127.0.0.1 Source Port: 29756 Destination Address: 127.0.0.1 Destination Port: 993 Protocol: 6 Interface Index: 1 Filter Information: Filter Origin: AppContainer Loopback Filter Run-Time ID: 182022 Layer Name: Connect Layer Run-Time ID: 48 Remote User ID: S-1-0-0 Remote Machine ID: S-1-0-0 [msgs:eventlog_System] [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 6688 NT AUTHORITY\SYSTEM 324344/460360 13977540/13985760 387272/527260 91 1634 24.6 2025-10-25 03:17:33 10419 SVC:MSExchangeMailboxReplication "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxReplication.exe" 15192 NT AUTHORITY\SYSTEM 2351948/2366176 8271732/8277184 2335116/2375204 108 1450 10.4 2025-10-25 03:19:19 10417 Microsoft.Exchange.Store.Worker "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Worker.exe" -id:59fc8808-844b-4244-a2bb-6a83f1ba6f3e -dag:35ceee8a-1604-4bb6-bd1a-765ff0ac7606 -pipe:3652 -readykey:Global\WorkerReadyKey-438aec00-e902-44b5-bab2-7a2588127cfe 1368 NT AUTHORITY\LOCAL SERVICE 28980/41964 2151803948/2152338732 24544/38532 18 596 1.5 2025-10-25 03:17:25 10419 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 4336 Unknown 195132/1154952 2152921900/2154071936 293108/1166020 239 985 1.1 2025-10-25 03:17:29 10419 SVC:WinDefend 14756 NT AUTHORITY\SYSTEM 142352/208632 2152415380/2152457492 123628/191528 37 558 0.7 2025-11-01 02:00:03 416 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 6608 NT AUTHORITY\SYSTEM 204240/254644 5272956/5321168 197036/252228 70 1279 0.6 2025-10-25 03:17:33 10419 SVC:MSComplianceAudit "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ComplianceAuditService.exe" 900 NT AUTHORITY\SYSTEM 105548/121288 2151888780/2151891888 88496/104292 41 52395 0.2 2025-10-25 03:17:23 10419 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe 2608 NT AUTHORITY\SYSTEM 93588/97248 2152451520/2186008448 79720/82800 75 1730 0.2 2025-10-25 03:17:28 10419 taskhostw taskhostw.exe ExploitGuardPolicy 5576 NT AUTHORITY\SYSTEM 588508/643292 6093416/6109824 528572/590752 172 4850 0.1 2025-10-25 03:17:39 10419 MSExchangeHMWorker "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe" -pipe:3740 -stopkey:Global\ExchangeStopKey-06abf853-fa29-404c-a1ef-dbb82d1566ad -resetkey:Global\ExchangeResetKey-7b4da774-9404-45ec-95f1-8ff756d2fecf -readykey:Global\ExchangeReadyKey-3848ab69-b884-4713-ae84-7a076614d209 -hangkey:Global\ExchangeHangKey-c8dacee7-f14c-44b2-9b0d-575c7d8bfeca -startUpProgressKey:Global\ExchangeProgressKey-1546d830-ecb3-4e8c-83a5-f9e428fd5b2b -workerListening 2472 NT AUTHORITY\SYSTEM 30284/30616 2151794232/2151798248 19988/20280 18 250 0.1 2025-10-25 03:17:28 10419 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe 4 Unknown 140/1876 3968/20560 40/72 0 3771 0.1 2025-10-25 03:17:20 10419 System 12256 NT AUTHORITY\NETWORK SERVICE 20940/154632 4310496/4444844 8452/8900 16 460 0.1 2025-10-25 03:18:22 10418 updateservice "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\updateservice.exe" -Embedding 6504 NT AUTHORITY\SYSTEM 256844/264268 5531892/5537576 243220/251480 119 2084 0.1 2025-10-25 03:17:33 10419 SVC:MSExchangeServiceHost "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.ServiceHost.exe" 6408 NT AUTHORITY\LOCAL SERVICE 25804/30952 2151856772/2152139776 26280/29256 20 316 0.1 2025-10-25 03:20:48 10416 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 15500 NT AUTHORITY\SYSTEM 226824/274664 5322220/5361664 236628/297464 106 2394 0.1 2025-10-25 03:20:49 10416 SVC:MSExchangeDiagnostics "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe" 14320 NT AUTHORITY\NETWORK SERVICE 1031864/1111608 24257104/24758448 1184744/1227364 138 5283 0.1 2025-10-25 03:19:10 10417 EdgeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\edgetransport.exe" -pipe:2916 -stopkey:Global\ExchangeStopKey-c56ac18c-55c7-45f6-b13f-f18890b1db1d -resetkey:Global\ExchangeResetKey-b2552ea3-1774-4b0b-83b5-027240bfa07c -readykey:Global\ExchangeReadyKey-78a14d92-5876-4a6f-b01a-825e31e1e1f8 -hangkey:Global\ExchangeHangKey-73cfca41-780c-43da-b6ed-220ef77a2430 -startUpProgressKey:Global\ExchangeProgressKey-cd47b525-7206-4527-9b07-56faef211073 -workerListening 23084 NT AUTHORITY\LOCAL SERVICE 266444/1107872 5478128/6423620 602452/1425648 301 849 0.1 2025-10-25 07:54:05 10142 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 5400 NT AUTHORITY\SYSTEM 1040244/1134100 2153803484/2153824756 981628/1076692 263 3224 0.1 2025-10-25 03:21:15 10415 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm71e51571-82a4-4b70-9013-0d8dd0b8d936 -h "C:\inetpub\temp\apppools\MSExchangePowerShellAppPool\MSExchangePowerShellAppPool.config" -w "" -m 0 6640 NT AUTHORITY\SYSTEM 295156/390056 22903512/23007968 451184/548468 94 1886 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeFrontEndTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeFrontendTransport.exe" 3684 NT AUTHORITY\SYSTEM 237148/244596 5482004/5568372 237796/245248 85 1992 0.0 2025-10-25 03:17:28 10419 SVC:MSExchangeHM "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMHost.exe" 6388 NT AUTHORITY\SYSTEM 507544/664108 2161730700/2161732824 495416/652460 215 3406 0.0 2025-10-25 03:17:35 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeSyncAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeSyncAppPool_CLRConfig.config" -a \\.\pipe\iisipmba449f4c-fa20-4cd4-8802-69e0146f4b92 -h "C:\inetpub\temp\apppools\MSExchangeSyncAppPool\MSExchangeSyncAppPool.config" -w "" -m 0 6544 NT AUTHORITY\SYSTEM 251308/257016 5371128/5507316 237968/244740 85 1559 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeSubmission "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeSubmission.exe" 14048 NT AUTHORITY\SYSTEM 237376/248932 2152823124/2152874576 238768/250392 98 2180 0.0 2025-10-25 03:20:24 10416 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm41ae064e-49c8-4c61-b4ab-e1cf339fd0db -h "C:\inetpub\temp\apppools\MSExchangePowerShellFrontEndAppPool\MSExchangePowerShellFrontEndAppPool.config" -w "" -m 0 4344 NT AUTHORITY\SYSTEM 74540/87880 4913424/4933128 56504/70640 38 655 0.0 2025-10-25 03:17:29 10419 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190126\WindowsAzureGuestAgent.exe 5960 NT AUTHORITY\SYSTEM 602372/714224 2153521636/2153525732 518480/634476 320 3264 0.0 2025-10-25 03:17:31 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeECPAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm7810093e-e8db-49b2-9d31-94d6f7be2dde -h "C:\inetpub\temp\apppools\MSExchangeECPAppPool\MSExchangeECPAppPool.config" -w "" -m 0 5772 NT AUTHORITY\SYSTEM 244800/245108 2152835212/2152837260 254496/254952 150 1158 0.0 2025-10-25 03:20:13 10416 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyAppPool_CLRConfig.config" -a \\.\pipe\iisipm7e72f57d-6395-40ab-88ee-1389f7d03686 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyAppPool\MSExchangeRpcProxyAppPool.config" -w "" -m 0 3764 NT AUTHORITY\SYSTEM 277616/328124 2152966024/2152993636 283032/341608 122 1469 0.0 2025-10-25 03:20:43 10416 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiMailboxAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config" -a \\.\pipe\iisipm552adaf4-2d71-448a-ac59-8f1c5191a52d -h "C:\inetpub\temp\apppools\MSExchangeMapiMailboxAppPool\MSExchangeMapiMailboxAppPool.config" -w "" -m 0 6632 NT AUTHORITY\SYSTEM 105960/109736 5031824/5041744 97624/101904 46 658 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeEdgeSync "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe" 880 Unknown 15740/18196 2151769180/2152311200 7112/14352 16 848 0.0 2025-10-25 03:17:23 10419 services 3148 NT AUTHORITY\SYSTEM 18812/19044 4295404/4297112 8840/8968 15 348 0.0 2025-10-25 03:17:28 10419 SVC:FMS "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\FMS.exe" 588 NT AUTHORITY\NETWORK SERVICE 48572/48684 2151807848/2151816328 41868/42108 27 1432 0.0 2025-10-25 03:17:24 10419 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p 9368 NT AUTHORITY\NETWORK SERVICE 223004/229600 5143616/5155076 185260/193396 107 1312 0.0 2025-10-25 03:17:50 10419 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1488 -stopkey:Global\ExchangeStopKey-b4462ebb-a73c-4f7f-8c7e-768f05a25b82 -resetkey:Global\ExchangeResetKey-b5dd859b-6f06-406f-8e63-4d47ec21645c -readykey:Global\ExchangeReadyKey-c8950b41-16ce-4a9b-b370-099f6fe45fd3 -hangkey:Global\ExchangeHangKey-7b6873f3-7228-403b-bf57-55f3ff8de1b3 -startUpProgressKey:Global\ExchangeProgressKey-0b3170a6-8a5d-4331-b93f-6b0dd979803c 4820 NT AUTHORITY\SYSTEM 151148/152280 5211280/5230740 155012/157124 97 1457 0.0 2025-10-25 03:17:29 10419 SVC:MSExchangeADTopology "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe" 4076 NT AUTHORITY\SYSTEM 95448/142828 4885212/4968000 79916/128548 49 1580 0.0 2025-10-25 03:17:29 10419 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190126\WaAppAgent.exe 4048 NT AUTHORITY\SYSTEM 33604/33788 2151814780/2151828992 13204/14280 38 1502 0.0 2025-10-25 03:17:29 10419 SVC:ClusSvc C:\Windows\Cluster\clussvc.exe -s 9016 NT AUTHORITY\SYSTEM 400408/402324 2153046792/2153048840 374284/382380 181 2578 0.0 2025-10-25 03:17:47 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeAutodiscoverAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm290302cd-8689-49d0-ad12-72153cb21183 -h "C:\inetpub\temp\apppools\MSExchangeAutodiscoverAppPool\MSExchangeAutodiscoverAppPool.config" -w "" -m 0 8864 NT AUTHORITY\SYSTEM 387084/397952 2170264744/2170300656 421764/428044 111 2669 0.0 2025-10-25 03:17:45 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipm11ab7a63-d33c-4de0-a07a-e20e33971b4b -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyFrontEndAppPool\MSExchangeRpcProxyFrontEndAppPool.config" -w "" -m 0 8556 NT AUTHORITY\NETWORK SERVICE 202588/213672 5126360/5135320 171984/182568 101 1443 0.0 2025-10-25 03:17:43 10419 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1508 -stopkey:Global\ExchangeStopKey-f1935237-5596-4b37-8287-3a5945aa363c -resetkey:Global\ExchangeResetKey-4cfa68d8-2fef-4be2-b01b-9c03bbad2560 -readykey:Global\ExchangeReadyKey-ce94a5d0-02b1-4111-a7ac-e1646315ab29 -hangkey:Global\ExchangeHangKey-deffb41d-b4d5-472a-b7bb-4827b07e68bb -startUpProgressKey:Global\ExchangeProgressKey-044ad2bc-ac68-49d7-966a-df15c5e3fbc7 8776 NT AUTHORITY\SYSTEM 296768/473792 2170278368/2170308772 316296/502844 104 2299 0.0 2025-10-25 03:17:45 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmda119580-b0e9-4e54-a1b3-2e001b73d2ea -h "C:\inetpub\temp\apppools\MSExchangeMapiFrontEndAppPool\MSExchangeMapiFrontEndAppPool.config" -w "" -m 0 8792 NT AUTHORITY\SYSTEM 672380/767912 2153691248/2153694840 621780/735612 258 3565 0.0 2025-10-25 03:17:45 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeServicesAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm9c31f793-7b74-420e-85d7-7d821cc61745 -h "C:\inetpub\temp\apppools\MSExchangeServicesAppPool\MSExchangeServicesAppPool.config" -w "" -m 0 6676 NT AUTHORITY\NETWORK SERVICE 361284/373808 5492580/5570408 311240/328076 116 1896 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeDelivery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDelivery.exe" 6536 NT AUTHORITY\SYSTEM 199472/204240 5342196/5347644 194904/200460 82 1306 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeRPC "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.RpcClientAccess.Service.exe" 6580 NT AUTHORITY\SYSTEM 187716/189640 5305476/6003120 175752/234304 105 1600 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeRepl "C:\Program Files\Microsoft\Exchange Server\V15\Bin\msexchangerepl.exe" 13052 NT AUTHORITY\LOCAL SERVICE 179552/977340 5378664/6224476 555088/1374228 289 551 0.0 2025-10-25 03:18:51 10418 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 22248 NT AUTHORITY\SYSTEM 17532/17532 2152067040/2152072096 8672/8940 26 317 0.0 2025-11-01 08:50:29 6 SVC:wuauserv C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv 1924 NT AUTHORITY\NETWORK SERVICE 11220/11428 2151792708/2151802948 4844/5224 17 344 0.0 2025-10-25 03:17:28 10419 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache 6352 NT AUTHORITY\SYSTEM 475852/491556 2153356640/2153361748 479796/512704 235 3511 0.0 2025-10-25 03:17:35 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWAAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm8c060c7e-5597-4596-816c-46f75b0bc2de -h "C:\inetpub\temp\apppools\MSExchangeOWAAppPool\MSExchangeOWAAppPool.config" -w "" -m 0 7836 NT AUTHORITY\SYSTEM 740740/809856 24420180/24431444 861184/924828 252 2231 0.0 2025-10-25 03:17:38 10419 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\ResourceProfile\contentengine\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Logs\NodeRunner.log" --applicationbase "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0" 1960 NT AUTHORITY\SYSTEM 17080/63656 2151865668/2151879552 6108/61732 21 394 0.0 2025-10-25 03:17:28 10419 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule 8928 NT AUTHORITY\SYSTEM 172816/177192 5144572/5194416 157140/161672 129 1127 0.0 2025-10-25 03:17:46 10419 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Logs\NodeRunner.log" 8920 NT AUTHORITY\SYSTEM 212280/214788 2152804068/2152857448 220316/225488 89 1875 0.0 2025-10-25 03:20:17 10416 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWACalendarAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm20815b27-824e-42ba-bf3b-a6ac900cc3d9 -h "C:\inetpub\temp\apppools\MSExchangeOWACalendarAppPool\MSExchangeOWACalendarAppPool.config" -w "" -m 0 6656 NT AUTHORITY\SYSTEM 127384/132480 5087608/5096216 127672/132616 50 802 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeTransportLogSearch "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransportLogSearch.exe" 22768 NT AUTHORITY\SYSTEM 31108/31444 2151922320/2151929304 8008/8700 21 353 0.0 2025-10-31 12:12:03 1244 LogonUI "LogonUI.exe" /flags:0x0 /state0:0xa4f80855 /state1:0x41c64e6d 8140 NT AUTHORITY\SYSTEM 193852/196284 6034304/6092724 179516/179892 160 1688 0.0 2025-10-25 03:17:39 10419 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Logs\NodeRunner.log" 8200 NT AUTHORITY\SYSTEM 10816/10860 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:48 10419 conhost \??\C:\Windows\system32\conhost.exe 0x4 6624 NT AUTHORITY\NETWORK SERVICE 106452/106600 5153468/5165052 124676/125004 53 764 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeThrottling "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeThrottling.exe" 9164 NT AUTHORITY\SYSTEM 171604/192096 5064788/5111816 143068/172020 79 1305 0.0 2025-10-25 03:17:47 10419 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1524 -stopkey:Global\ExchangeStopKey-1dfd67aa-7b2f-42bd-9035-beadf1ba5d6c -resetkey:Global\ExchangeResetKey-2f4ee8c4-5fde-4a81-9012-092d6c2ae92a -readykey:Global\ExchangeReadyKey-26166fb7-2230-4314-94d1-8143279a6390 -hangkey:Global\ExchangeHangKey-95783275-511b-41ab-a225-493c58d615ca -startUpProgressKey:Global\ExchangeProgressKey-85bf6e89-910b-4737-89cd-41512d248272 9212 NT AUTHORITY\SYSTEM 10812/10856 2151757412/2151759460 6216/6304 8 87 0.0 2025-10-25 03:17:48 10419 conhost \??\C:\Windows\system32\conhost.exe 0x4 8572 NT AUTHORITY\NETWORK SERVICE 10808/10848 2151757412/2151759460 6224/6300 8 87 0.0 2025-10-25 03:17:43 10419 conhost \??\C:\Windows\system32\conhost.exe 0x4 6884 NT AUTHORITY\SYSTEM 182932/183564 5140352/5150900 166340/167048 138 1397 0.0 2025-10-25 03:17:33 10419 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Logs\NodeRunner.log" 25744 CEDA\058091 19780/20128 2151828496/2151839776 3312/3668 17 426 0.0 2025-10-27 18:35:11 6621 rdpclip rdpclip 7536 NT AUTHORITY\SYSTEM 10824/10864 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:39 10419 conhost \??\C:\Windows\system32\conhost.exe 0x4 8404 NT AUTHORITY\SYSTEM 159592/191856 5061932/5109856 133692/171988 77 948 0.0 2025-10-25 03:17:48 10419 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1516 -stopkey:Global\ExchangeStopKey-70a0b2bb-49a8-4c0a-9a58-c1673b4d1ffd -resetkey:Global\ExchangeResetKey-ca95bc28-6494-4657-9f0c-1b924ff045fd -readykey:Global\ExchangeReadyKey-120a0a36-a2b5-4c2b-9d79-9c74b460f493 -hangkey:Global\ExchangeHangKey-3b21ecd1-2eec-47dd-8185-f732ef33be22 -startUpProgressKey:Global\ExchangeProgressKey-4e71ae9e-b464-4854-b8c4-79ac50e4a59a 6812 NT AUTHORITY\SYSTEM 119960/120044 5001404/5011968 99668/99996 67 1030 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangePop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3Service.exe" 8816 CEDA\058091 56184/57524 2151989556/2152052044 13020/17336 27 575 0.0 2025-10-27 18:35:13 6621 StartMenuExperienceHost "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca 26148 Unknown 8444/8580 2151749720/2151762020 1572/2000 9 177 0.0 2025-10-26 10:53:27 8523 SVC:WaaSMedicSvc 8800 NT AUTHORITY\SYSTEM 240456/243344 2152824308/2152868436 234128/247828 102 2074 0.0 2025-10-25 03:17:45 10419 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOABAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmc551bd96-2725-40a7-8e23-20b5cee4c650 -h "C:\inetpub\temp\apppools\MSExchangeOABAppPool\MSExchangeOABAppPool.config" -w "" -m 0 6752 NT AUTHORITY\SYSTEM 261288/264036 5468240/5578540 247704/260140 102 2406 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeMitigation "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Mitigation.Service.exe" 25260 NT AUTHORITY\SYSTEM 4296/4336 2151735060/2151741204 1088/1220 6 78 0.0 2025-11-01 08:20:46 36 WaSecAgentProv "C:\WindowsAzure\SecAgent\WaSecAgentProv.exe" -startPoll C:\WindowsAzure\Logs\ 168.63.129.16 5248000 3600000 21600000 18000 NT AUTHORITY\SYSTEM 10996/11040 2152297960/2152309224 6268/6720 16 191 0.0 2025-10-25 03:28:01 10409 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 17700 NT AUTHORITY\SYSTEM 6772/6896 2151744736/2151754900 1352/1596 8 130 0.0 2025-10-26 10:53:12 8523 SVC:Appinfo C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo 18280 CEDA\058091 27696/28616 2151853404/2151859328 5352/5848 17 519 0.0 2025-10-27 18:35:11 6621 sihost sihost.exe 18864 CEDA\058091 18860/18940 2151843640/2151847224 4184/4336 18 358 0.0 2025-10-27 18:35:14 6621 TabTip /QuitInfo:00000000000002B0;00000000000002CC; 18456 CEDA\058091 27152/49132 2151871816/2151893396 8372/26440 19 332 0.0 2025-10-27 18:35:14 6621 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding 16212 NT AUTHORITY\SYSTEM 10060/18216 2151776044/2151802244 1912/2476 11 258 0.0 2025-10-27 18:35:10 6621 winlogon winlogon.exe 16100 NT AUTHORITY\SYSTEM 15404/18620 2152339480/2152358060 8232/11428 21 280 0.0 2025-10-25 03:20:53 10416 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC 17508 NT AUTHORITY\SYSTEM 14108/18628 2151762672/2151779500 5472/9648 10 159 0.0 2025-10-25 03:28:00 10409 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository 17628 NT AUTHORITY\SYSTEM 6740/6944 4267672/4271768 1948/2228 8 123 0.0 2025-11-01 02:00:03 416 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe" 17604 CEDA\058091 17152/18652 2151809436/2151815028 2936/3444 12 198 0.0 2025-10-27 18:35:13 6621 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding 19336 CEDA\058091 27096/27308 2151829620/2151837436 5252/5728 17 326 0.0 2025-10-27 18:35:11 6621 SVC:WpnUserService_33b15775 C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService 21476 CEDA\058091 15976/16068 2151812256/2151822512 3464/3524 15 371 0.0 2025-10-27 18:35:14 6621 ctfmon "ctfmon.exe" 21136 CEDA\058091 16352/16556 2151795084/2151801748 3872/4240 15 290 0.0 2025-10-27 18:35:11 6621 SVC:CDPUserSvc_33b15775 C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc 21752 CEDA\058091 164284/182792 2152185376/2152215992 35212/55168 65 1631 0.0 2025-10-27 18:35:12 6621 explorer C:\Windows\Explorer.EXE 22164 NT AUTHORITY\SYSTEM 7984/8088 2151749800/2151756312 1584/1748 10 183 0.0 2025-10-26 10:53:11 8523 SVC:TabletInputService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService 22064 NT AUTHORITY\LOCAL SERVICE 179196/977340 5378644/6224452 554700/1374488 289 551 0.0 2025-10-25 07:54:04 10142 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 19920 CEDA\058091 44556/45416 2151982740/2151995116 10092/10548 24 552 0.0 2025-10-27 18:35:16 6621 TextInputHost "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca 19864 CEDA\058091 80236/98284 2152061484/2152107700 31564/51864 34 649 0.0 2025-10-27 18:35:14 6621 SearchApp "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca 20772 NT AUTHORITY\SYSTEM 17068/21544 2151782992/2151810964 3672/4064 13 267 0.0 2025-10-26 10:53:10 8523 SVC:TokenBroker C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker 22780 Unknown 11592/11956 2151758232/2151761304 2508/2684 11 195 0.0 2025-10-25 09:17:30 10059 SVC:SecurityHealthService 21088 CEDA\058091 15920/16008 2151792960/2151797576 2408/2676 11 179 0.0 2025-10-27 18:37:11 6619 SVC:cbdhsvc_33b15775 C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc 12668 NT AUTHORITY\LOCAL SERVICE 6684/6728 2151751744/2151756864 1588/1864 9 124 0.0 2025-10-25 03:20:48 10416 SVC:WdiServiceHost C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost 12364 NT AUTHORITY\SYSTEM 16480/16660 2151780968/2151787124 5072/5532 17 324 0.0 2025-10-25 03:19:01 10418 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\0b897a79-4faa-4818-9ceb-c726a775dd90 -parentPid 4048 -initEvent dc232686-0be4-4cda-8efa-0ddf4036b304 -replyEndpoint LRPC-2776256d2cb7c8d642 12728 NT AUTHORITY\SYSTEM 16052/16640 2151784784/2151786308 5564/6632 14 270 0.0 2025-10-25 03:18:48 10418 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -Embedding 24948 NT AUTHORITY\SYSTEM 10712/10764 2151757660/2151762780 2024/2280 10 151 0.0 2025-10-27 18:35:12 6621 SVC:camsvc C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc 13004 CEDA\058091 13540/15368 2151795132/2151802716 2284/2932 12 222 0.0 2025-10-27 18:35:15 6621 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding 10960 Unknown 7124/64496 2151769824/2151828184 2108/2544 14 288 0.0 2025-10-27 18:35:10 6621 csrss 9452 NT AUTHORITY\NETWORK SERVICE 10812/10856 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:50 10419 conhost \??\C:\Windows\system32\conhost.exe 0x4 11736 NT AUTHORITY\NETWORK SERVICE 139380/139716 5066664/5079136 119152/120092 56 1217 0.0 2025-10-25 03:18:42 10418 ForefrontActiveDirectoryConnector "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ForefrontActiveDirectoryConnector.exe" -Embedding 12360 NT AUTHORITY\SYSTEM 14068/14068 2151770496/2151772544 6632/6684 10 148 0.0 2025-11-01 02:00:03 416 conhost \??\C:\Windows\system32\conhost.exe 0x4 25252 Window Manager\DWM-2 37924/103112 2151983964/2152080232 10504/37888 28 670 0.0 2025-10-27 18:35:10 6621 dwm "dwm.exe" 13432 NT AUTHORITY\NETWORK SERVICE 108364/108428 5157244/5172732 124432/124564 52 995 0.0 2025-10-25 03:19:07 10417 SVC:MSExchangeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransport.exe" 23284 CEDA\058091 12248/13012 2151802068/2152070840 2152/3560 12 187 0.0 2025-10-27 18:35:11 6621 taskhostw taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} 24192 Font Driver Host\UMFD-2 5020/5064 2151749484/2151751532 1596/1676 7 39 0.0 2025-10-27 18:35:10 6621 fontdrvhost "fontdrvhost.exe" 15292 NT AUTHORITY\LOCAL SERVICE 13844/13956 2151779892/2151790140 2752/3128 14 235 0.0 2025-10-25 03:20:48 10416 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc 15420 NT AUTHORITY\NETWORK SERVICE 11760/13296 2151766336/2151769388 3152/4524 17 252 0.0 2025-10-25 03:20:49 10416 SVC:MSDTC C:\Windows\System32\msdtc.exe 15404 NT AUTHORITY\NETWORK SERVICE 17264/22128 2151811992/2151821900 4136/8632 18 291 0.0 2025-10-25 03:20:55 10416 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM 24896 NT AUTHORITY\SYSTEM 10912/10956 2151757412/2151759460 6220/6308 8 87 0.0 2025-11-01 08:20:46 36 conhost \??\C:\Windows\system32\conhost.exe 0x4 13900 NT AUTHORITY\SYSTEM 12888/13368 2151768852/2151784164 2952/3752 15 235 0.0 2025-10-25 03:20:55 10416 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 24800 CEDA\058091 5720/5800 81716/83252 1336/1564 9 94 0.0 2025-10-27 18:35:14 6621 TabTip32 /loadhooks /Parent:00000000000049b0 14232 NT AUTHORITY\SYSTEM 18336/97420 2151853052/2151884792 4624/84180 20 278 0.0 2025-10-25 03:19:06 10417 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 14108 NT AUTHORITY\NETWORK SERVICE 10880/10920 2151757412/2151759460 6224/6300 8 87 0.0 2025-10-25 03:19:10 10417 conhost \??\C:\Windows\system32\conhost.exe 0x4 6616 NT AUTHORITY\SYSTEM 377644/393908 5498916/5592336 355520/381676 106 2449 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeFlighting "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Management.Flighting.Service.exe" 1724 NT AUTHORITY\SYSTEM 6232/6276 2151749276/2151754400 1292/1472 8 162 0.0 2025-10-25 03:17:28 10419 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes 1716 NT AUTHORITY\SYSTEM 13616/13768 2151777248/2151790560 2960/3368 13 228 0.0 2025-10-25 03:17:28 10419 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc 1732 NT AUTHORITY\LOCAL SERVICE 8736/8852 2151763564/2151771748 2536/2780 11 196 0.0 2025-10-25 03:17:28 10419 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem 1872 NT AUTHORITY\NETWORK SERVICE 13312/13412 2151782300/2151797668 4200/4764 17 398 0.0 2025-10-25 03:17:28 10419 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc 1860 NT AUTHORITY\SYSTEM 43688/74188 2151871956/2151930160 23516/53084 30 594 0.0 2025-10-25 03:17:28 10419 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p 1588 NT AUTHORITY\LOCAL SERVICE 10692/10884 2151751564/2151756684 6148/6464 31 188 0.0 2025-10-25 03:17:25 10419 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi 1552 NT AUTHORITY\SYSTEM 46392/50200 2151966624/2151972420 11312/18372 26 455 0.0 2025-10-25 03:17:25 10419 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3ad3855 /state1:0x41c64e6d 1640 NT AUTHORITY\LOCAL SERVICE 8564/8772 2151758472/2151775896 2532/3668 12 241 0.0 2025-10-25 03:17:28 10419 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 1700 Window Manager\DWM-1 44668/45224 2151923448/2151925580 18728/25272 26 633 0.0 2025-10-25 03:17:28 10419 dwm "dwm.exe" 1676 NT AUTHORITY\SYSTEM 14104/14692 2151767352/2151780436 3172/3568 17 303 0.0 2025-10-25 03:17:28 10419 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc 2268 NT AUTHORITY\SYSTEM 256272/286428 2153055472/2153064404 282324/312504 130 1526 0.0 2025-10-25 03:22:17 10414 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRestAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmd82f1931-64f2-481d-9317-42ed3326568d -h "C:\inetpub\temp\apppools\MSExchangeRestAppPool\MSExchangeRestAppPool.config" -w "" -m 0 2220 NT AUTHORITY\LOCAL SERVICE 11520/11608 2151769784/2151789032 3372/3872 15 444 0.0 2025-10-25 03:17:28 10419 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm 2284 NT AUTHORITY\SYSTEM 7772/7864 2151751612/2151756220 1656/1912 9 171 0.0 2025-10-25 03:17:28 10419 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc 2360 NT AUTHORITY\LOCAL SERVICE 24172/29100 2151806584/2151820948 14292/18600 34 460 0.0 2025-10-25 03:17:28 10419 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 2352 NT AUTHORITY\LOCAL SERVICE 6580/6616 2151754668/2151758764 1496/1624 8 153 0.0 2025-10-25 03:17:28 10419 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p 2016 NT AUTHORITY\SYSTEM 12640/13832 2151776128/2151789272 4704/5320 14 275 0.0 2025-10-25 03:20:48 10416 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 1944 NT AUTHORITY\SYSTEM 9004/9184 2151756996/2151766264 1996/2360 11 185 0.0 2025-10-25 03:17:28 10419 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS 2020 NT AUTHORITY\SYSTEM 10328/10716 2151772888/2151778008 2052/2364 33 199 0.0 2025-10-25 03:17:28 10419 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 2192 NT AUTHORITY\LOCAL SERVICE 7636/8840 2151792000/2151801044 1824/2508 11 166 0.0 2025-10-25 03:17:28 10419 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache 2072 NT AUTHORITY\SYSTEM 13320/13436 2151765532/2151777728 2224/2624 13 192 0.0 2025-10-25 03:17:28 10419 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 1520 NT AUTHORITY\NETWORK SERVICE 14980/16436 2152040664/2152055516 4272/5868 27 315 0.0 2025-10-25 03:17:28 10419 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc 744 Unknown 6056/6284 2151767968/2151773244 1892/2184 12 169 0.0 2025-10-25 03:17:23 10419 csrss 736 Unknown 7364/7428 2151749416/2151764400 1456/2152 12 155 0.0 2025-10-25 03:17:23 10419 wininit 808 NT AUTHORITY\SYSTEM 10612/15272 2151812880/2151826264 2548/6536 12 214 0.0 2025-10-25 03:17:23 10419 winlogon winlogon.exe 1016 NT AUTHORITY\SYSTEM 25324/25588 2151802424/2151827000 7940/8664 21 1106 0.0 2025-10-25 03:17:24 10419 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p 920 NT AUTHORITY\LOCAL SERVICE 9160/9400 2151753388/2151767724 1948/2928 12 298 0.0 2025-10-25 03:17:28 10419 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 516 Unknown 1276/1332 2151719588/2151728136 1128/1212 4 60 0.0 2025-10-25 03:17:20 10419 smss 116 Unknown 106444/209452 111624/211080 3468/145460 15 0 0.0 2025-10-25 03:17:19 10419 Registry 608 Font Driver Host\UMFD-1 4068/4108 2151747824/2151750896 1316/1424 7 39 0.0 2025-10-25 03:17:24 10419 fontdrvhost "fontdrvhost.exe" 652 Unknown 7316/7416 2151783268/2151787312 2504/2728 34 1019 0.0 2025-10-25 03:17:22 10419 csrss 612 Font Driver Host\UMFD-0 4180/4216 2151748276/2151751348 1396/1480 7 39 0.0 2025-10-25 03:17:24 10419 fontdrvhost "fontdrvhost.exe" 1352 NT AUTHORITY\SYSTEM 12296/12308 2151771048/2151777316 3056/3128 16 221 0.0 2025-10-25 03:17:25 10419 SVC:vmicheartbeat C:\Windows\system32\svchost.exe -k ICService -p -s vmicheartbeat 1252 NT AUTHORITY\LOCAL SERVICE 12364/12468 2151761324/2151768492 1728/2236 10 183 0.0 2025-10-25 03:17:25 10419 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1360 NT AUTHORITY\SYSTEM 6564/6604 2151750056/2151754152 1484/1616 9 130 0.0 2025-10-25 03:17:25 10419 SVC:vmickvpexchange C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmickvpexchange 1424 NT AUTHORITY\LOCAL SERVICE 6452/6508 2151749600/2151752672 1408/1716 9 117 0.0 2025-10-25 03:17:25 10419 SVC:vmictimesync C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s vmictimesync 1376 NT AUTHORITY\SYSTEM 6336/6372 2151749596/2151753692 1412/1560 8 113 0.0 2025-10-25 03:17:25 10419 SVC:vmicshutdown C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmicshutdown 1124 NT AUTHORITY\NETWORK SERVICE 32488/92588 2151940336/2151990776 17128/82332 29 780 0.0 2025-10-25 03:17:25 10419 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService 1060 NT AUTHORITY\SYSTEM 11744/11920 2151765872/2151779184 3004/3428 15 374 0.0 2025-10-25 03:17:24 10419 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM 1168 NT AUTHORITY\LOCAL SERVICE 5776/5812 2151747812/2151750884 1332/1536 8 118 0.0 2025-10-25 03:17:25 10419 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 1232 NT AUTHORITY\SYSTEM 10104/10164 2151756872/2151763016 1976/2416 12 208 0.0 2025-10-25 03:17:25 10419 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1176 NT AUTHORITY\LOCAL SERVICE 8744/8832 2151755512/2151758072 1968/2164 13 232 0.0 2025-10-25 03:17:25 10419 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time 4508 NT AUTHORITY\SYSTEM 13576/13648 2151776852/2151783532 3484/3896 24 447 0.0 2025-10-25 03:17:29 10419 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs 4460 Unknown 12800/12964 2151783916/2151785976 4964/5308 12 212 0.0 2025-10-25 03:18:33 10418 SVC:WdNisSvc 4596 NT AUTHORITY\SYSTEM 6392/18384 2151738804/2151751056 1892/2872 7 89 0.0 2025-10-25 03:17:29 10419 AggregatorHost AggregatorHost.exe 5892 NT AUTHORITY\NETWORK SERVICE 17764/17796 4781316/4787716 24916/25180 14 255 0.0 2025-10-25 03:17:31 10419 SVC:NetMsmqActivator "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator 5804 NT AUTHORITY\SYSTEM 12848/12948 2152037920/2152043624 3676/3920 18 210 0.0 2025-10-25 03:17:31 10419 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} 4312 NT AUTHORITY\SYSTEM 6124/6144 2151746792/2151752936 1340/1560 8 134 0.0 2025-10-25 03:17:29 10419 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 4224 NT AUTHORITY\SYSTEM 7268/7328 2155942752/2155950944 1808/2008 9 143 0.0 2025-10-25 03:17:29 10419 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 4328 NT AUTHORITY\SYSTEM 12696/12928 2151767572/2151773732 3488/3964 14 243 0.0 2025-10-25 03:19:01 10418 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\5c6200cc-be32-4151-9aeb-c86e6b45737d -parentPid 4048 -initEvent da047c1b-407d-493e-9df8-fbf49702dd61 -replyEndpoint LRPC-2776256d2cb7c8d642 4400 NT AUTHORITY\SYSTEM 12180/12288 2151756632/2151764824 1616/1876 9 139 0.0 2025-10-25 03:17:29 10419 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService 4372 NT AUTHORITY\LOCAL SERVICE 23604/23608 2152251452/2152252476 23140/23152 33 316 0.0 2025-10-25 03:17:29 10419 SVC:WMSVC C:\Windows\system32\inetsrv\wmsvc.exe 6568 NT AUTHORITY\SYSTEM 437884/616804 5733452/5775316 391468/601248 138 3030 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeMailboxAssistants "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe" 6560 NT AUTHORITY\SYSTEM 137956/138948 5235396/5246916 144892/146068 60 1302 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeCompliance "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeCompliance.exe" 6576 NT AUTHORITY\SYSTEM 142172/143684 5211544/5275600 165996/166148 59 1672 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeFastSearch "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Search.Service.exe" 6600 NT AUTHORITY\SYSTEM 33400/33556 4845036/4847340 35036/35248 23 546 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeAntispamUpdate "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe" 6592 NT AUTHORITY\SYSTEM 192148/193280 5227116/5245464 162312/164132 76 1062 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeDagMgmt "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDagMgmt.exe" 6512 NT AUTHORITY\SYSTEM 119644/119732 5001372/5011936 99312/99692 67 833 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeImap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4Service.exe" 0 8/8 8/8 60/60 0 0 0.0 0 Idle 6520 NT AUTHORITY\NETWORK SERVICE 120424/120540 5001416/5011980 100048/100320 65 970 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeIMAP4BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe" 6552 NT AUTHORITY\SYSTEM 163688/164532 5240636/5243728 163048/164716 68 974 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangeIS "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Service.exe" 6528 NT AUTHORITY\NETWORK SERVICE 120944/121128 5001368/5011932 100584/100976 65 926 0.0 2025-10-25 03:17:33 10419 SVC:MSExchangePOP3BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe" 4180 NT AUTHORITY\SYSTEM 17132/17520 4282816/4299280 9576/9804 13 232 0.0 2025-10-25 03:17:29 10419 SVC:SearchExchangeTracing "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\TraceService\sftracing.exe" 3068 NT AUTHORITY\SYSTEM 12640/12680 2151759132/2151764252 5164/5456 12 170 0.0 2025-10-25 03:17:28 10419 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc 3032 NT AUTHORITY\SYSTEM 28468/30224 2151843092/2151861576 9236/11964 28 549 0.0 2025-10-25 03:17:28 10419 SVC:Spooler C:\Windows\System32\spoolsv.exe 3092 NT AUTHORITY\SYSTEM 10980/11124 2152815240/2152829452 2824/3544 15 363 0.0 2025-10-25 03:17:28 10419 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 3360 NT AUTHORITY\LOCAL SERVICE 38892/39088 4799140/4802468 34792/35076 37 441 0.0 2025-10-25 03:17:28 10419 SVC:NetPipeActivator/NetTcpActivator/NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 3136 NT AUTHORITY\SYSTEM 93828/98560 5226580/5237268 68356/70964 67 913 0.0 2025-10-25 03:17:28 10419 SVC:HostControllerService "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe" 2452 NT AUTHORITY\NETWORK SERVICE 10732/10788 2151765544/2151775784 2528/2696 14 247 0.0 2025-10-25 03:17:28 10419 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 2372 NT AUTHORITY\LOCAL SERVICE 8244/8456 2151752644/2151759524 2184/2644 10 177 0.0 2025-10-25 03:17:28 10419 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 2664 NT AUTHORITY\SYSTEM 10480/10520 2151763388/2151773796 2360/2584 16 246 0.0 2025-10-25 03:17:28 10419 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 2916 NT AUTHORITY\LOCAL SERVICE 7560/7652 2151746076/2151757340 1368/1800 8 126 0.0 2025-10-25 03:17:28 10419 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 2680 NT AUTHORITY\SYSTEM 9732/9932 2151757768/2151774160 2472/3064 10 219 0.0 2025-10-25 03:17:28 10419 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager 3856 NT AUTHORITY\SYSTEM 16164/16192 2151777984/2151779520 8616/9140 19 389 0.0 2025-10-25 03:17:28 10419 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs 3832 NT AUTHORITY\NETWORK SERVICE 15296/15344 2151802324/2151805396 5936/6344 33 392 0.0 2025-10-25 03:17:28 10419 SVC:MSMQ C:\Windows\system32\mqsvc.exe 4032 NT AUTHORITY\LOCAL SERVICE 7464/7524 2151751820/2151757964 1660/1796 9 154 0.0 2025-10-25 03:17:29 10419 SVC:pla C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s pla 4140 NT AUTHORITY\SYSTEM 5796/5852 2151745496/2151751636 1228/1432 8 105 0.0 2025-10-25 03:17:29 10419 SVC:sacsvr C:\Windows\System32\svchost.exe -k netsvcs -p -s sacsvr 4040 NT AUTHORITY\LOCAL SERVICE 7688/7728 2151753416/2151761612 1708/2012 43 159 0.0 2025-10-25 03:17:29 10419 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc 3436 NT AUTHORITY\SYSTEM 9312/9420 2151751800/2151756408 2280/2536 11 205 0.0 2025-10-25 03:17:28 10419 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer 3372 Unknown 30204/30608 2151811892/2151819004 16712/17504 20 1052 0.0 2025-10-25 03:17:28 10419 SVC:MDCoreSvc 3452 NT AUTHORITY\SYSTEM 24456/29544 2151837076/2151880968 12768/16616 19 406 0.0 2025-10-25 03:17:28 10419 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 3800 NT AUTHORITY\NETWORK SERVICE 8036/9712 2151750728/2151755864 2144/3416 11 167 0.0 2025-10-25 03:17:30 10419 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent 3676 NT AUTHORITY\SYSTEM 36796/36884 4901156/4913336 47756/47964 28 942 0.0 2025-10-25 03:17:28 10419 SVC:MSExchangeHMRecovery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMRecovery.exe" [netstat] PacketsReceived=515748669 ReceivedHeaderErrors=0 ReceivedAddressErrors=37 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=389 ReceivedPacketsDelivered=515751446 OutputRequests=1022530080 RoutingDiscards=0 DiscardedOutputPackets=27 OutputPacketNoRoute=3 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=262272 ReceivedHeaderErrors=0 ReceivedAddressErrors=98 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=0 ReceivedPacketsDelivered=262321 OutputRequests=297536 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=849755 tcpPassiveOpens=2058796 tcpFailedConnectionAttempts=1255284 tcpResetConnections=130622 tcpCurrentConnections=170 tcpSegmentsReceived=522737179 tcpSegmentsSent=1028321314 tcpSegmentsRetransmitted=1149977 tcpActiveOpens=426336 tcpPassiveOpens=426330 tcpFailedConnectionAttempts=25079 tcpResetConnections=373394 tcpCurrentConnections=204 tcpSegmentsReceived=15520929 tcpSegmentsSent=15546016 tcpSegmentsRetransmitted=20 udpDatagramsReceived=1570932 udpNoPorts=386 udpReceiveErrors=0 udpDatagramsSent=1602688 udpDatagramsReceived=85 udpNoPorts=0 udpReceiveErrors=0 udpDatagramsSent=254 [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : Az-mbox1 Primary Dns Suffix . . . . . . . : ceda.unina2.it Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ceda.unina2.it reddog.microsoft.com Ethernet adapter Ethernet: Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter Physical Address. . . . . . . . . : 60-45-BD-8E-45-19 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::55a1:c340:fd6e:7c3c%7(Preferred) IPv4 Address. . . . . . . . . . . : 10.124.129.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, October 25, 2025 2:17:28 AM Lease Expires . . . . . . . . . . : Tuesday, December 8, 2161 3:25:10 PM Default Gateway . . . . . . . . . : 10.124.129.1 DHCP Server . . . . . . . . . . . : 168.63.129.16 DHCPv6 IAID . . . . . . . . . . . : 106972605 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-CD-D9-05-60-45-BD-8E-45-19 DNS Servers . . . . . . . . . . . : 10.124.1.4 10.124.1.5 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 10: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter Physical Address. . . . . . . . . : 02-E2-C0-2A-83-38 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a908:3842:1f2d:c922%3(Preferred) IPv4 Address. . . . . . . . . . . : 169.254.1.17(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 50472042 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-CD-D9-05-60-45-BD-8E-45-19 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 7...60 45 bd 8e 45 19 ......Microsoft Hyper-V Network Adapter 3...02 e2 c0 2a 83 38 ......Microsoft Failover Cluster Virtual Adapter 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.124.129.1 10.124.129.6 10 10.124.129.0 255.255.255.0 On-link 10.124.129.6 266 10.124.129.6 255.255.255.255 On-link 10.124.129.6 266 10.124.129.255 255.255.255.255 On-link 10.124.129.6 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 168.63.129.16 255.255.255.255 10.124.129.1 10.124.129.6 11 169.254.0.0 255.255.0.0 On-link 169.254.1.17 271 169.254.1.17 255.255.255.255 On-link 169.254.1.17 271 169.254.169.254 255.255.255.255 10.124.129.1 10.124.129.6 11 169.254.255.255 255.255.255.255 On-link 169.254.1.17 271 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.124.129.6 266 224.0.0.0 240.0.0.0 On-link 169.254.1.17 271 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.124.129.6 266 255.255.255.255 255.255.255.255 On-link 169.254.1.17 271 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 7 266 fe80::/64 On-link 3 271 fe80::/64 On-link 7 266 fe80::55a1:c340:fd6e:7c3c/128 On-link 3 271 fe80::a908:3842:1f2d:c922/128 On-link 1 331 ff00::/8 On-link 7 266 ff00::/8 On-link 3 271 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.124.129.6 713355487650 1181825204566 169.254.1.17 47214311 42207222 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual started Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) aspnet_state manual stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AxInstSV disabled stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service c2wts manual stopped Claims to Windows Token Service camsvc manual started Capability Access Manager Service CaptureService_33b15775 manual stopped CaptureService_33b15775 cbdhsvc_33b15775 automatic started Clipboard User Service_33b15775 CDPSvc automatic started Connected Devices Platform Service CDPUserSvc_33b15775 automatic started Connected Devices Platform User Service_33b15775 CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) ClusSvc automatic started Cluster Service COMSysApp manual stopped COM+ System Application ConsentUxUserSvc_33b15775 manual stopped ConsentUX User Service_33b15775 CoreMessagingRegistrar automatic started CoreMessaging CPrepSrv manual stopped CPrepSrv CredentialEnrollmentManagerUserSvc_33b15775 manual stopped CredentialEnrollmentManagerUserSvc_33b15775 CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationBrokerSvc_33b15775 manual stopped DeviceAssociationBroker_33b15775 DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevicePickerUserSvc_33b15775 disabled stopped DevicePicker_33b15775 DevicesFlowUserSvc_33b15775 manual stopped DevicesFlow_33b15775 DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System FcSrv manual stopped FcSrv fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FMS automatic started Microsoft Filtering Management Service FontCache automatic started Windows Font Cache Service FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc hidserv manual stopped Human Interface Device Service HostControllerService automatic started Microsoft Exchange Search Host Controller HvHost manual stopped HV Host Service IISADMIN automatic started IIS Admin Service IKEEXT manual stopped IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService MDCoreSvc automatic started Microsoft Defender Core Service MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSComplianceAudit automatic started Microsoft Exchange Compliance Audit MSDTC automatic started Distributed Transaction Coordinator MSExchangeADTopology automatic started Microsoft Exchange Active Directory Topology MSExchangeAntispamUpdate automatic started Microsoft Exchange Anti-spam Update MSExchangeCompliance automatic started Microsoft Exchange Compliance Service MSExchangeDagMgmt automatic started Microsoft Exchange DAG Management MSExchangeDelivery automatic started Microsoft Exchange Mailbox Transport Delivery MSExchangeDiagnostics automatic started Microsoft Exchange Diagnostics MSExchangeEdgeSync automatic started Microsoft Exchange EdgeSync MSExchangeFastSearch automatic started Microsoft Exchange Search MSExchangeFlighting automatic started Microsoft Exchange Flighting Service MSExchangeFrontEndTransport automatic started Microsoft Exchange Frontend Transport MSExchangeHM automatic started Microsoft Exchange Health Manager MSExchangeHMRecovery automatic started Microsoft Exchange Health Manager Recovery MSExchangeImap4 automatic started Microsoft Exchange IMAP4 MSExchangeIMAP4BE automatic started Microsoft Exchange IMAP4 Backend MSExchangeIS automatic started Microsoft Exchange Information Store MSExchangeMailboxAssistants automatic started Microsoft Exchange Mailbox Assistants MSExchangeMailboxReplication automatic started Microsoft Exchange Mailbox Replication MSExchangeMitigation automatic started Microsoft Exchange Emergency Mitigation Service MSExchangePop3 automatic started Microsoft Exchange POP3 MSExchangePOP3BE automatic started Microsoft Exchange POP3 Backend MSExchangeRepl automatic started Microsoft Exchange Replication MSExchangeRPC automatic started Microsoft Exchange RPC Client Access MSExchangeServiceHost automatic started Microsoft Exchange Service Host MSExchangeSubmission automatic started Microsoft Exchange Mailbox Transport Submission MSExchangeThrottling automatic started Microsoft Exchange Throttling MSExchangeTransport automatic started Microsoft Exchange Transport MSExchangeTransportLogSearch automatic started Microsoft Exchange Transport Log Search MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MSMQ automatic started Message Queuing NcaSvc disabled stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections NetMsmqActivator automatic started Net.Msmq Listener Adapter NetPipeActivator automatic started Net.Pipe Listener Adapter netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpActivator automatic started Net.Tcp Listener Adapter NetTcpPortSharing automatic started Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host PimIndexMaintenanceSvc_33b15775 manual stopped Contact Data_33b15775 pla automatic started Performance Logs & Alerts PlugPlay manual started Plug and Play PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications PrintWorkflowUserSvc_33b15775 manual stopped PrintWorkflow_33b15775 ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RdAgent automatic started RdAgent RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RPCHTTPLBS manual stopped RPC/HTTP Load Balancing Service RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual started Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy SearchExchangeTracing automatic started Tracing Service for Search in Exchange seclogon manual stopped Secondary Logon SecurityHealthService manual started Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager SmbWitness manual stopped SMB Witness smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv manual stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual started Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TargetMgr disabled stopped Target Manager TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual started Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UdkUserSvc_33b15775 manual stopped Udk User Service_33b15775 UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector UnistoreSvc_33b15775 manual stopped User Data Storage_33b15775 upnphost disabled stopped UPnP Device Host UserDataSvc_33b15775 manual stopped User Data Access_33b15775 UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual started Hyper-V Heartbeat Service vmickvpexchange manual started Hyper-V Data Exchange Service vmicshutdown manual started Hyper-V Guest Shutdown Service vmictimesync manual started Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS manual stopped Volume Shadow Copy W32Time automatic started Windows Time w3logsvc manual stopped W3C Logging Service W3SVC automatic started World Wide Web Publishing Service WaaSMedicSvc manual started Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WAS manual started Windows Process Activation Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual started Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service WindowsAzureGuestAgent automatic started Windows Azure Guest Agent WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WMSVC automatic started Web Management Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WpnUserService_33b15775 automatic started Windows Push Notifications User Service_33b15775 wsbexchange manual stopped Microsoft Exchange Server Extension for Windows Server Backup WSearch disabled stopped Windows Search wuauserv manual started Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 625149 7 days 5 hours 39 minutes 9 seconds Bootup: 20251025031722.323052+120 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 058091 2 Disc 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 4 Total sessions disconnected: 3 Total sessions reconnected: 0 [users] USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME 058091 2 Disc 20:44 10/27/2025 6:35 PM [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :80: 127.0.0.1:80: ServerState 2 SecureBindings 127.0.0.1:443: :443: Exchange Back End IIS://localhost/W3SVC/2 SiteID: 2 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :81: ServerState 2 SecureBindings :444: [XymonConfig] XymonSettings serversList : 10.224.4.197 serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : az-mbox1.ceda.unina2.it clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableIISSection : 1 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : C:\Program Files\xymon clientlogretain : 0 XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 externalscriptlocation : C:\Program Files\xymon\ext externaldatalocation : C:\Program Files\xymon\tmp localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : 10.224.4.197 clientlogfile : C:\Program Files\xymon\xymonclient.log clientconfigfile : C:\Program Files\xymon\clientconfig.cfg clientfqdn : 1 clientlower : 1 clientbbwinmembug : 0 clientremotecfgexec : 1 HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname az-mbox1.ceda.unina2.it [XymonPSClientInfo] Collection number: 85 Last transmission method: TCP Id : 14756 Handles : 560 CPU : 762.046875 SI : 0 Name : powershell