[collector:] client azeligo.cressi.unicampania.it.powershell powershell XymonPS [date] Sat 01 Nov 08:23:04 2025 [clock] epoch: 1761981784 local: Sat 01 Nov 08:23:04 2025 UTC: Sat 01 Nov 07:23:04 2025 Time Synchronisation type: NTP NTP server: time.windows.com,0x9 Leap Indicator: 0(no warning) Stratum: 2 (secondary reference - syncd by (S)NTP) Precision: -6 (15.625ms per tick) Root Delay: 0.0001927s Root Dispersion: 0.0100000s ReferenceId: 0x564D5450 (source IP: 86.77.84.80) Last Successful Sync Time: 11/1/2025 8:22:51 AM Source: VM IC Time Synchronization Provider Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2008 R2 Datacenter Service Pack 1 (build 7601) [cpu] up: 457 days, 0 users, 70 procs, load=1.66% CPU states: total 1.66% cores: 2 CPU PID Image Name Pri Time MemUsage 0.8% 316 SVC:ReportServer 8 4 50808k 0.3% 2520 powershell 8 3 93160k 0.1% 832 SVC:Dhcp/eventlog/lmhosts/vmic 8 3 16128k 0.1% 4152 SVC:WindowsAzureGuestAgent 8 03:24:26 41300k 0.1% 2528 conhost 8 1 544k 0.1% 400 csrss 13 16:56:11 2608k 0.0% 3372 MicrosoftDependencyAgent 8 04:08:22 11688k 0.0% 2220 SVC:TSM Client Scheduler 8 00:19:08 7840k 0.0% 13852 DeltaC 8 00:00:00 7132k 0.0% 980 SVC:Netman/TrkWks/UmRdpService 8 01:06:24 4676k 0.0% 892 SVC:BITS/CertPropSvc/gpsvc/IKE 8 05:56:36 103704k 0.0% 4 System 8 04:24:49 52k 0.0% 548 services 9 03:14:45 6832k 0.0% 3484 rundll32 10 00:00:00 716k 0.0% 3444 taskeng 6 00:00:01 2376k 0.0% 40628 conhost 8 00:00:00 3412k 0.0% 4072 SVC:MicrosoftDependencyAgent 8 00:00:27 988k 0.0% 4040 SVC:MSSQLFDLauncher 8 00:00:28 1184k 0.0% 3868 rundll32 10 00:00:00 704k 0.0% 2808 conhost 8 00:00:10 416k 0.0% 2712 SVC:SQLSERVERAGENT 8 00:08:55 7664k 0.0% 42384 taskeng 8 00:00:00 7028k 0.0% 2976 SVC:MSDTC 8 00:00:27 1160k 0.0% 46224 w3wp 8 00:00:00 38088k 0.0% 2896 SVC:PolicyAgent 8 00:00:23 1052k 0.0% 36016 cmd 8 00:00:00 72k 0.0% 10268 SVC:RdAgent 8 00:05:29 18940k 0.0% 19684 taskhost 8 00:00:19 5412k 0.0% 10248 explorer 8 00:01:19 42908k 0.0% 18388 csrss 13 00:02:17 3348k 0.0% 18236 dwm 8 00:00:00 2892k 0.0% 19536 rdpclip 8 00:00:00 3668k 0.0% 8924 conhost 8 00:00:00 1688k 0.0% 4528 SVC:MSMQ_MailRelyService 8 00:00:57 4140k 0.0% 4368 conhost 8 00:00:00 124k 0.0% 4360 fdhost 8 00:00:01 1096k 0.0% 26100 winlogon 13 00:00:00 2348k 0.0% 8440 rsync 8 00:00:00 5020k 0.0% 6420 w3wp 8 00:00:00 51396k 0.0% 760 SVC:RpcEptMapper/RpcSs 8 00:24:53 5564k 0.0% 680 SVC:DcomLaunch/PlugPlay/Power 8 01:50:45 4600k 0.0% 592 SVC:BFE/DPS/MpsSvc/pla 8 00:16:20 5548k 0.0% 848 LogonUI 13 00:00:00 288k 0.0% 1052 SVC:Spooler 8 00:00:28 2740k 0.0% 1020 SVC:CryptSvc/Dnscache/LanmanWo 8 00:19:39 10576k 0.0% 936 SVC:EventSystem/FontCache/netp 8 00:33:15 8416k 0.0% 572 lsm 8 00:09:11 3804k 0.0% 452 wininit 13 00:00:00 76k 0.0% 300 smss 11 00:00:00 540k 0.0% 0 Idle 0 24k 0.0% 464 csrss 13 00:00:02 120k 0.0% 564 SVC:KeyIso/SamSs 9 03:32:58 14172k 0.0% 556 SVC:VSS 8 00:00:29 1252k 0.0% 492 winlogon 13 00:00:00 72k 0.0% 1080 SVC:vmicheartbeat/vmicrdv 8 00:25:32 1616k 0.0% 2044 SVC:MSSQLSERVER 8 12:58:28 425044k 0.0% 1948 SVC:MSMQ 8 00:00:35 1424k 0.0% 1760 SVC:MsDtsServer100 8 00:07:08 24144k 0.0% 2072 SVC:SQLWriter 8 00:00:31 1452k 0.0% 2400 SVC:XymonPSClient 8 00:00:22 880k 0.0% 2272 SVC:W3SVC/WAS 8 00:01:18 4108k 0.0% 2148 SVC:TSM Client Acceptor 8 00:00:39 2092k 0.0% 1644 SVC:RemoteRegistry 8 00:00:24 872k 0.0% 1448 SVC:DiagTrack 8 00:00:27 2112k 0.0% 1376 SVC:DeltaCopyService 8 00:00:42 1112k 0.0% 1200 SVC:AppHostSvc 8 00:00:21 1420k 0.0% 1476 rsync 8 00:00:00 64k 0.0% 1608 SVC:IISADMIN 8 00:01:52 8136k 0.0% 1600 SVC:TermService 8 00:09:59 5704k 0.0% 1492 conhost 8 00:00:00 172k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 132655100 47513216 85141884 36% /FIXED/C:\ Windows 126.51\81.20 D 16775164 11711336 5063828 70% /FIXED/D:\ Temporary Storage 16.00\4.83 E 52425664 8691776 43733888 17% /FIXED/E:\ Backup_SQL 50.00\41.71 F 104753148 52976936 51776212 51% /FIXED/F:\ 99.90\49.38 G 102396 28840 73556 28% /FIXED/G:\ Riservato per il sistema 0.10\0.07 [memory] memory Total Used physical: 8192 1627 virtual: 19578 7726 page: 11389 5749 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 29679 Security Circular 20971520 75870 System Circular 20971520 21759 Application [msgs:eventlog_Security] [msgs:eventlog_System] Error - 11/01/2025 08:16:36 - [36888] - Schannel - The following fatal alert was generated: 40. The internal error state is 1205. Error - 11/01/2025 08:16:36 - [36874] - Schannel - An TLS 1.2 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed. Information - 11/01/2025 07:50:24 - [5186] - Microsoft-Windows-WAS - A worker process with process id of '21448' serving application pool 'DefaultAppPool' was shutdown due to inactivity. Application Pool timeout configuration was set to 20 minutes. A new worker process will be started when needed. Information - 11/01/2025 07:37:31 - [5186] - Microsoft-Windows-WAS - A worker process with process id of '27216' serving application pool 'unicampania' was shutdown due to inactivity. Application Pool timeout configuration was set to 20 minutes. A new worker process will be started when needed. [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 316 NT AUTHORITY\NETWORK SERVICE 50808/263816 3396880/3405696 194716/308552 67 481 0.8 2024-08-01 08:04:41 658098 SVC:ReportServer "C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" 2520 NT AUTHORITY\SYSTEM 93160/170968 899460/902788 352744/366436 36 416 0.3 2024-08-01 08:04:45 658098 powershell "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Xymon\xymonclient.ps1" 832 NT AUTHORITY\LOCAL SERVICE 16128/133948 705916/720296 642028/642600 25 457 0.1 2024-08-01 08:04:19 658099 SVC:Dhcp/eventlog/lmhosts/vmictimesync C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted 4152 NT AUTHORITY\SYSTEM 41300/88084 684820/725932 61876/74480 45 649 0.1 2025-08-27 21:01:36 94281 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190129\WindowsAzureGuestAgent.exe 2528 NT AUTHORITY\SYSTEM 544/3404 25920/26248 1284/1284 5 33 0.1 2024-08-01 08:04:45 658098 conhost \??\C:\windows\system32\conhost.exe "13935456821387393103-2055931594-6698328901361945480-1389296828-9204002041056124510 400 NT AUTHORITY\SYSTEM 2608/6568 58968/59932 4528/4528 16 990 0.1 2024-08-01 08:04:17 658099 csrss %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 3372 NT AUTHORITY\SYSTEM 11688/29760 82672/121776 23744/23984 16 251 0.0 2024-08-01 08:05:43 658097 MicrosoftDependencyAgent "C:\Program Files\Microsoft Dependency Agent\bin\MicrosoftDependencyAgent.exe" 2220 AZELIGO\eligo 7840/53476 179852/187568 31024/34196 27 61011 0.0 2024-08-01 08:04:44 658098 SVC:TSM Client Scheduler "C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe" 13852 AZELIGO\eligo 7132/7140 77440/77880 2796/2940 10 116 0.0 2025-11-01 08:22:00 1 DeltaC "C:\Program Files (x86)\DeltaCopy\DeltaC.exe" "C:\Program Files (x86)\DeltaCopy\AzEligoToWVDFileserver.dcp" 980 NT AUTHORITY\SYSTEM 4676/18044 86180/91204 9464/9744 28 425 0.0 2024-08-01 08:04:19 658099 SVC:Netman/TrkWks/UmRdpService/UxSms/vmickvpexchange/vmicshutdown/vmicvss C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted 892 NT AUTHORITY\SYSTEM 103704/1331644 4816820/5461732 4415148/4957300 172 399855 0.0 2024-08-01 08:04:19 658099 SVC:BITS/CertPropSvc/gpsvc/IKEEXT/iphlpsvc/LanmanServer/ProfSvc/sacsvr/Schedule/SENS/SessionEnv/ShellHWDetection/Winmgmt/wuauserv C:\windows\system32\svchost.exe -k netsvcs 4 Unknown 52/9528 3340/12668 128/284 0 1097 0.0 2024-08-01 08:04:07 658099 System 548 NT AUTHORITY\SYSTEM 6832/12784 45836/99868 6044/8920 14 309 0.0 2024-08-01 08:04:18 658099 services C:\windows\system32\services.exe 3484 NT AUTHORITY\SYSTEM 716/7648 56524/58060 3256/3468 9 102 0.0 2024-08-01 08:04:55 658098 rundll32 C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "GAEvents" "0xd54_0xd58_0x280a45a6" 3444 NT AUTHORITY\SYSTEM 2376/5748 32460/42916 1948/2216 8 102 0.0 2024-08-01 08:04:54 658098 taskeng taskeng.exe {35A1D81C-5AD8-4933-BEBA-CAF8FE9B9A32} S-1-5-18:NT AUTHORITY\System:Service: 40628 AZELIGO\eligo 3412/3412 45632/46172 1072/1072 5 30 0.0 2025-11-01 08:22:42 0 conhost \??\C:\windows\system32\conhost.exe "-2126450217656009309-210907497433500544-2032476085-1830203260450755702-1792828691 4072 NT AUTHORITY\SYSTEM 988/3964 16068/17092 1168/1204 6 37 0.0 2024-08-01 08:05:43 658097 SVC:MicrosoftDependencyAgent "C:\Program Files\Microsoft Dependency Agent\bin\agentwrap.exe" 4040 NT AUTHORITY\LOCAL SERVICE 1184/4232 25152/27200 1472/1512 6 55 0.0 2024-08-01 08:05:43 658097 SVC:MSSQLFDLauncher "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER 3868 NT AUTHORITY\SYSTEM 704/7828 56524/58060 3420/3628 9 102 0.0 2024-08-01 08:05:05 658098 rundll32 C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "RTEvents" "0xef8_0xefc_0x2e9f4d01" 2808 NT AUTHORITY\NETWORK SERVICE 416/3240 25920/27488 1036/1036 5 33 0.0 2024-08-01 08:04:47 658098 conhost \??\C:\windows\system32\conhost.exe "884572628157227516362277470-1202845949-17576685261445597096-1300841607971795190 2712 NT AUTHORITY\NETWORK SERVICE 7664/22244 531596/535700 25388/26884 46 446 0.0 2024-08-01 08:04:46 658098 SVC:SQLSERVERAGENT "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER 42384 AZELIGO\eligo 7028/7032 71468/72488 2232/2304 9 112 0.0 2025-11-01 08:07:00 16 taskeng taskeng.exe {46CB91B6-9896-41A3-BE46-DA1CF80C57E2} S-1-5-21-3919955272-2875196840-571901215-500:AZELIGO\eligo:Interactive:[3] 2976 NT AUTHORITY\NETWORK SERVICE 1160/8088 60708/61748 3304/3484 17 146 0.0 2024-08-01 08:07:43 658095 SVC:MSDTC C:\windows\System32\msdtc.exe 46224 IIS APPPOOL\DefaultAppPool 38088/38160 9219540/9222356 74964/75144 50 563 0.0 2025-11-01 07:54:15 29 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipm905f3555-b910-4b68-85d5-2d7b3e20a3e6 -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20 2896 NT AUTHORITY\NETWORK SERVICE 1052/6292 32724/34164 2124/2180 10 96 0.0 2024-08-01 08:05:44 658097 SVC:PolicyAgent C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted 36016 AZELIGO\eligo 72/3208 41956/51040 2028/2164 5 22 0.0 2025-02-03 09:38:08 390165 cmd "C:\Windows\System32\cmd.exe" 10268 NT AUTHORITY\SYSTEM 18940/59112 603132/607036 52192/58308 34 442 0.0 2025-08-27 21:01:34 94281 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190129\WaAppAgent.exe 19684 AZELIGO\eligo 5412/12232 418892/681064 7796/8392 21 200 0.0 2025-02-03 09:32:05 390171 taskhost "taskhost.exe" 10248 AZELIGO\eligo 42908/89628 348512/389588 57888/69248 51 775 0.0 2025-02-03 09:32:05 390171 explorer C:\windows\Explorer.EXE 18388 NT AUTHORITY\SYSTEM 3348/11392 48536/255440 2624/2720 11 315 0.0 2025-02-03 09:32:04 390171 csrss %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 18236 AZELIGO\eligo 2892/5584 55048/59664 1668/1884 7 74 0.0 2025-02-03 09:32:05 390171 dwm "C:\windows\system32\Dwm.exe" 19536 AZELIGO\eligo 3668/7164 65760/68836 1804/1980 8 111 0.0 2025-02-03 09:32:05 390171 rdpclip rdpclip 8924 AZELIGO\eligo 1688/5012 61176/61304 1436/1452 6 42 0.0 2025-02-03 09:38:08 390165 conhost \??\C:\windows\system32\conhost.exe "423606781600851886712389297371329181-1886508111390968192-2090297082-1017121696 4528 NT AUTHORITY\SYSTEM 4140/51128 614528/618880 45380/55024 24 300 0.0 2024-08-01 08:07:43 658095 SVC:MSMQ_MailRelyService "C:\mailservice\MSMQ_MailRelyService.exe" 4368 NT AUTHORITY\LOCAL SERVICE 124/3084 25628/27036 952/952 4 31 0.0 2024-08-01 08:05:45 658097 conhost \??\C:\windows\system32\conhost.exe "1986984763972768904209835361171921927-102152400119338232341717805021-1307919290 4360 NT AUTHORITY\LOCAL SERVICE 1096/5688 39424/39424 3548/3552 9 130 0.0 2024-08-01 08:05:45 658097 fdhost "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe" "MSSQL10_50.MSSQLSERVERC29017938f1aaaf49ecfa401f798c615b17a6327c" "MSSQL10_50.MSSQLSERVER" "MSSQL10_50.MSSQLSERVER" "4" "" "8192" "M" "0" "" "" "" 26100 NT AUTHORITY\SYSTEM 2348/5488 30628/55424 1728/1900 7 100 0.0 2025-02-03 09:32:04 390171 winlogon winlogon.exe 8440 AZELIGO\eligo 5020/5020 449764/449764 5956/5956 9 81 0.0 2025-11-01 08:22:42 0 rsync rsync.exe -v -rlt -z --chmod=a=rw,Da+x --delete "/cygdrive/E/Backup_SQL/" "rsync@10.124.128.8::AzEligoBackupDir/Backup_SQL/" 6420 IIS APPPOOL\unicampania 51396/51396 9383772/9384652 109872/109940 60 485 0.0 2025-11-01 08:07:17 16 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "unicampania" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmee77bfaf-9c2b-408b-8501-dca7e064116c -h "C:\inetpub\temp\apppools\unicampania\unicampania.config" -w "" -m 0 -t 20 760 NT AUTHORITY\NETWORK SERVICE 5564/9460 46252/49596 5708/5832 16 323 0.0 2024-08-01 08:04:19 658099 SVC:RpcEptMapper/RpcSs C:\windows\system32\svchost.exe -k RPCSS 680 NT AUTHORITY\SYSTEM 4600/10908 54312/67792 4840/5224 14 359 0.0 2024-08-01 08:04:19 658099 SVC:DcomLaunch/PlugPlay/Power C:\windows\system32\svchost.exe -k DcomLaunch 592 NT AUTHORITY\LOCAL SERVICE 5548/14568 59400/60540 10852/10968 33 333 0.0 2024-08-01 08:04:20 658099 SVC:BFE/DPS/MpsSvc/pla C:\windows\system32\svchost.exe -k LocalServiceNoNetwork 848 NT AUTHORITY\SYSTEM 288/21828 86452/88068 8280/15488 23 148 0.0 2024-08-01 08:04:19 658099 LogonUI "LogonUI.exe" /flags:0x0 1052 NT AUTHORITY\SYSTEM 2740/11764 80324/81536 6276/6520 19 283 0.0 2024-08-01 08:04:20 658099 SVC:Spooler C:\windows\System32\spoolsv.exe 1020 NT AUTHORITY\NETWORK SERVICE 10576/58760 465604/728900 37076/52416 55 568 0.0 2024-08-01 08:04:20 658099 SVC:CryptSvc/Dnscache/LanmanWorkstation/NlaSvc/WinRM C:\windows\system32\svchost.exe -k NetworkService 936 NT AUTHORITY\LOCAL SERVICE 8416/16860 102916/114584 8936/9348 28 389 0.0 2024-08-01 08:04:19 658099 SVC:EventSystem/FontCache/netprofm/nsi/W32Time/WinHttpAutoProxySvc C:\windows\system32\svchost.exe -k LocalService 572 NT AUTHORITY\SYSTEM 3804/7256 36124/38180 3720/4200 11 264 0.0 2024-08-01 08:04:18 658099 lsm C:\windows\system32\lsm.exe 452 NT AUTHORITY\SYSTEM 76/4760 45364/51428 1492/1796 10 80 0.0 2024-08-01 08:04:18 658099 wininit wininit.exe 300 NT AUTHORITY\SYSTEM 540/1312 4500/17856 496/536 2 33 0.0 2024-08-01 08:04:07 658099 smss \SystemRoot\System32\smss.exe 0 24/24 0/0 0/0 0 0 0.0 0 Idle 464 NT AUTHORITY\SYSTEM 120/4040 40584/40584 1648/1648 9 72 0.0 2024-08-01 08:04:18 658099 csrss %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 564 NT AUTHORITY\SYSTEM 14172/21024 65660/67196 14448/14552 35 1156 0.0 2024-08-01 08:04:18 658099 SVC:KeyIso/SamSs C:\windows\system32\lsass.exe 556 NT AUTHORITY\SYSTEM 1252/9856 54500/57108 3752/3952 11 142 0.0 2024-08-01 08:05:43 658097 SVC:VSS C:\windows\system32\vssvc.exe 492 NT AUTHORITY\SYSTEM 72/4596 24556/54912 1488/1640 6 76 0.0 2024-08-01 08:04:18 658099 winlogon winlogon.exe 1080 NT AUTHORITY\SYSTEM 1616/7448 40784/41808 3492/3600 12 147 0.0 2024-08-01 08:04:20 658099 SVC:vmicheartbeat/vmicrdv C:\windows\System32\svchost.exe -k ICService 2044 NT AUTHORITY\NETWORK SERVICE 425044/1488376 12035816/12083112 638592/1584492 137 664 0.0 2024-08-01 08:04:39 658098 SVC:MSSQLSERVER "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER 1948 NT AUTHORITY\NETWORK SERVICE 1424/10828 61612/67760 5132/5316 29 234 0.0 2024-08-01 08:04:39 658098 SVC:MSMQ C:\windows\system32\mqsvc.exe 1760 NT AUTHORITY\NETWORK SERVICE 24144/129544 2859184/2872856 189356/224140 24 20758 0.0 2024-08-01 08:04:23 658099 SVC:MsDtsServer100 "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" 2072 NT AUTHORITY\SYSTEM 1452/12520 89900/98092 4976/5124 17 196 0.0 2024-08-01 08:04:43 658098 SVC:SQLWriter "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" 2400 NT AUTHORITY\SYSTEM 880/4820 39020/41744 2316/2400 6 59 0.0 2024-08-01 08:04:45 658098 SVC:XymonPSClient C:\Xymon\nssm.exe 2272 NT AUTHORITY\SYSTEM 4108/12400 50456/51988 8580/10052 18 169 0.0 2024-08-01 08:04:45 658098 SVC:W3SVC/WAS C:\windows\system32\svchost.exe -k iissvcs 2148 AZELIGO\eligo 2092/44032 157528/174308 15732/31748 28 485 0.0 2024-08-01 08:04:43 658098 SVC:TSM Client Acceptor "C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe" 1644 NT AUTHORITY\LOCAL SERVICE 872/3188 12940/14060 1144/1196 4 46 0.0 2024-08-01 08:04:41 658098 SVC:RemoteRegistry C:\windows\system32\svchost.exe -k regsvc 1448 NT AUTHORITY\SYSTEM 2112/7748 85276/86300 4188/4296 12 153 0.0 2024-08-01 08:04:23 658099 SVC:DiagTrack C:\windows\System32\svchost.exe -k utcsvc 1376 AZELIGO\eligo 1112/5096 35320/36736 2688/2744 9 78 0.0 2024-08-01 08:04:22 658099 SVC:DeltaCopyService "C:\Program Files (x86)\DeltaCopy\DCServce.exe" 1200 NT AUTHORITY\SYSTEM 1420/11140 69724/71772 6076/6300 18 136 0.0 2024-08-01 08:04:21 658099 SVC:AppHostSvc C:\windows\system32\svchost.exe -k apphost 1476 AZELIGO\eligo 64/5636 435384/442296 5936/6152 10 110 0.0 2024-08-01 08:04:23 658099 rsync rsync.exe -v --daemon --config=deltacd.conf --no-detach 1608 NT AUTHORITY\SYSTEM 8136/21164 119384/120932 26728/26900 22 2065 0.0 2024-08-01 08:04:23 658099 SVC:IISADMIN C:\windows\system32\inetsrv\inetinfo.exe 1600 NT AUTHORITY\NETWORK SERVICE 5704/9496 45884/48444 3464/3772 14 272 0.0 2024-08-01 08:05:43 658097 SVC:TermService C:\windows\System32\svchost.exe -k termsvcs 1492 AZELIGO\eligo 172/3272 25920/27228 1036/1036 5 32 0.0 2024-08-01 08:04:23 658099 conhost \??\C:\windows\system32\conhost.exe "175265836042567919317875541911998757138317785573-5047531801595695337174937984 [netstat] PacketsReceived=142219298 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=276178 ReceivedPacketsDelivered=142275457 OutputRequests=139354000 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=0 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=928 ReceivedPacketsDelivered=0 OutputRequests=648312 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=2 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=18724283 tcpPassiveOpens=2636784 tcpFailedConnectionAttempts=2620182 tcpResetConnections=373659 tcpCurrentConnections=4 tcpSegmentsReceived=147384895 tcpSegmentsSent=160551696 tcpSegmentsRetransmitted=7179200 tcpActiveOpens=4 tcpPassiveOpens=4 tcpFailedConnectionAttempts=0 tcpResetConnections=8 tcpCurrentConnections=0 tcpSegmentsReceived=443 tcpSegmentsSent=443 tcpSegmentsRetransmitted=0 udpDatagramsReceived=315138 udpNoPorts=276179 udpReceiveErrors=1 udpDatagramsSent=589506 udpDatagramsReceived=0 udpNoPorts=928 udpReceiveErrors=0 udpDatagramsSent=648294 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:873 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 0.0.0.0:1501 0.0.0.0:0 LISTENING TCP 0.0.0.0:1583 0.0.0.0:0 LISTENING TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING TCP 0.0.0.0:49218 0.0.0.0:0 LISTENING TCP 0.0.0.0:49228 0.0.0.0:0 LISTENING TCP 10.124.129.5:139 0.0.0.0:0 LISTENING TCP 10.124.129.5:50110 168.63.129.16:80 ESTABLISHED TCP 10.124.129.5:50132 10.124.128.8:873 SYN_SENT TCP 10.124.129.5:62552 168.63.129.16:32526 ESTABLISHED TCP 10.124.129.5:62574 168.63.129.16:32526 ESTABLISHED TCP 10.124.129.5:64197 168.63.129.16:80 ESTABLISHED TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING TCP [::]:80 [::]:0 LISTENING TCP [::]:135 [::]:0 LISTENING TCP [::]:443 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:873 [::]:0 LISTENING TCP [::]:1433 [::]:0 LISTENING TCP [::]:1801 [::]:0 LISTENING TCP [::]:2103 [::]:0 LISTENING TCP [::]:2105 [::]:0 LISTENING TCP [::]:2107 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49152 [::]:0 LISTENING TCP [::]:49153 [::]:0 LISTENING TCP [::]:49154 [::]:0 LISTENING TCP [::]:49158 [::]:0 LISTENING TCP [::]:49159 [::]:0 LISTENING TCP [::]:49218 [::]:0 LISTENING TCP [::1]:1434 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:55929 *:* UDP 10.124.129.5:137 *:* UDP 10.124.129.5:138 *:* UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:4500 *:* UDP [::]:5355 *:* UDP [fe80::88a:67a9:5c2d:f67e%13]:546 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : AzEligo Primary Dns Suffix . . . . . . . : cressi.unicampania.it Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cressi.unicampania.it reddog.microsoft.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter Physical Address. . . . . . . . . : 00-0D-3A-AF-AB-23 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::88a:67a9:5c2d:f67e%13(Preferred) IPv4 Address. . . . . . . . . . . : 10.124.129.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, August 01, 2024 7:04:20 AM Lease Expires . . . . . . . . . . : Tuesday, December 08, 2161 2:51:17 PM Default Gateway . . . . . . . . . : 10.124.129.1 DHCP Server . . . . . . . . . . . : 168.63.129.16 DHCPv6 IAID . . . . . . . . . . . : 201329978 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-A3-5E-3B-00-0D-3A-AF-AB-23 DNS Servers . . . . . . . . . . . : 10.124.1.10 10.124.1.11 10.124.0.196 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.reddog.microsoft.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes [route] =========================================================================== Interface List 13...00 0d 3a af ab 23 ......Microsoft Hyper-V Network Adapter 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.124.129.1 10.124.129.5 5 10.124.129.0 255.255.255.0 On-link 10.124.129.5 261 10.124.129.5 255.255.255.255 On-link 10.124.129.5 261 10.124.129.255 255.255.255.255 On-link 10.124.129.5 261 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 168.63.129.16 255.255.255.255 10.124.129.1 10.124.129.5 6 169.254.169.254 255.255.255.255 10.124.129.1 10.124.129.5 6 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.124.129.5 261 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.124.129.5 261 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 13 261 fe80::/64 On-link 13 261 fe80::88a:67a9:5c2d:f67e/128 On-link 1 306 ff00::/8 On-link 13 261 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.124.129.5 97882987618 58716644806 [svcs] Name StartupType Status DisplayName AeLookupSvc manual stopped Application Experience ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management aspnet_state disabled stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder AudioSrv manual stopped Windows Audio AxInstSV manual stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual started Background Intelligent Transfer Service Browser disabled stopped Computer Browser CertPropSvc manual started Certificate Propagation clr_optimization_v2.0.50727_32 manual stopped Microsoft .NET Framework NGEN v2.0.50727_X86 clr_optimization_v2.0.50727_64 manual stopped Microsoft .NET Framework NGEN v2.0.50727_X64 clr_optimization_v4.0.30319_32 automatic stopped Microsoft .NET Framework NGEN v4.0.30319_X86 clr_optimization_v4.0.30319_64 automatic stopped Microsoft .NET Framework NGEN v4.0.30319_X64 COMSysApp manual stopped COM+ System Application CryptSvc automatic started Cryptographic Services DcomLaunch automatic started DCOM Server Process Launcher defragsvc manual stopped Disk Defragmenter DeltaCopyService automatic started DeltaCopy Server Dhcp automatic started DHCP Client DiagTrack automatic started Diagnostics Tracking Service Dnscache automatic started DNS Client dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service EapHost manual stopped Extensible Authentication Protocol EFS manual stopped Encrypting File System (EFS) eventlog automatic started Windows Event Log EventSystem automatic started COM+ Event System FCRegSvc manual stopped Microsoft Fibre Channel Platform Registration Service fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 gpsvc automatic started Group Policy Client hidserv manual stopped Human Interface Device Access hkmsvc manual stopped Health Key and Certificate Management idsvc manual stopped Windows CardSpace IEEtwCollectorService manual stopped Internet Explorer ETW Collector Service IISADMIN automatic started IIS Admin Service IKEEXT automatic started IKE and AuthIP IPsec Keying Modules IPBusEnum disabled stopped PnP-X IP Bus Enumerator iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lltdsvc manual stopped Link-Layer Topology Discovery Mapper lmhosts automatic started TCP/IP NetBIOS Helper MicrosoftDependencyAgent manual started Microsoft Dependency Agent MMCSS manual stopped Multimedia Class Scheduler MozillaMaintenance manual stopped Mozilla Maintenance Service MpsSvc automatic started Windows Firewall MSDTC automatic started Distributed Transaction Coordinator MsDtsServer100 automatic started SQL Server Integration Services 10.0 MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MSMQ automatic started Message Queuing MSMQ_MailRelyService automatic started Eligo Mail Rely MSSQLFDLauncher manual started SQL Full-text Filter Daemon Launcher (MSSQLSERVER) MSSQLSERVER automatic started SQL Server (MSSQLSERVER) MSSQLServerADHelper100 disabled stopped SQL Active Directory Helper Service MSSQLServerOLAPService manual stopped SQL Server Analysis Services (MSSQLSERVER) napagent manual stopped Network Access Protection Agent Netlogon manual stopped Netlogon Netman manual started Network Connections NetMsmqActivator disabled stopped Net.Msmq Listener Adapter NetPipeActivator disabled stopped Net.Pipe Listener Adapter netprofm manual started Network List Service NetTcpActivator disabled stopped Net.Tcp Listener Adapter NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PerfHost manual stopped Performance Counter DLL Host pla manual started Performance Logs & Alerts PlugPlay automatic started Plug and Play PolicyAgent manual started IPsec Policy Agent Power automatic started Power ProfSvc automatic started User Profile Service ProtectedStorage manual stopped Protected Storage RasAuto manual stopped Remote Access Auto Connection Manager RasMan manual stopped Remote Access Connection Manager RdAgent automatic started RdAgent RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic started Remote Registry ReportServer automatic started SQL Server Reporting Services (MSSQLSERVER) RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual started Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy seclogon manual stopped Secondary Logon SENS automatic started System Event Notification Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection SNMPTRAP manual stopped SNMP Trap Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection sppuinotify manual stopped SPP Notification Service SQLBrowser disabled stopped SQL Server Browser SQLSERVERAGENT automatic started SQL Server Agent (MSSQLSERVER) SQLWriter automatic started SQL Server VSS Writer SSDPSRV disabled stopped SSDP Discovery SstpSvc manual stopped Secure Socket Tunneling Protocol Service swprv manual stopped Microsoft Software Shadow Copy Provider TapiSrv manual stopped Telephony TermService manual started Remote Desktop Services THREADORDER manual stopped Thread Ordering Server TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer TSM_Client_Acceptor automatic started TSM Client Acceptor TSM_Client_Scheduler automatic started TSM Client Scheduler UI0Detect manual stopped Interactive Services Detection UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UxSms automatic started Desktop Window Manager Session Manager VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk vmicheartbeat automatic started Hyper-V Heartbeat Service vmickvpexchange automatic started Hyper-V Data Exchange Service vmicrdv automatic started Hyper-V Remote Desktop Virtualization Service vmicshutdown automatic started Hyper-V Guest Shutdown Service vmictimesync automatic started Hyper-V Time Synchronization Service vmicvss automatic started Hyper-V Volume Shadow Copy Requestor VSS manual started Volume Shadow Copy W32Time automatic started Windows Time W3SVC automatic started World Wide Web Publishing Service WAS manual started Windows Process Activation Service WcsPlugInService manual stopped Windows Color System WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host Wecsvc manual stopped Windows Event Collector wercplsupport manual stopped Problem Reports and Solutions Control Panel Support WerSvc manual stopped Windows Error Reporting Service WindowsAzureGuestAgent automatic started Windows Azure Guest Agent WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wmiApSrv manual stopped WMI Performance Adapter WMSVC manual stopped Web Management Service WPDBusEnum manual stopped Portable Device Enumerator Service wuauserv automatic started Windows Update wudfsvc manual stopped Windows Driver Foundation - User-mode Driver Framework XymonPSClient automatic started XymonPSClient [uptime] sec: 39485939 457 days 0 hours 18 minutes 59 seconds Bootup: 20240801080358.768250+120 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn eligo 3 Disc rdp-tcp 65536 Listen Total sessions created: 11 Total sessions disconnected: 14 Total sessions reconnected: 5 [users] USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME eligo 3 Disc 5+21:06 2/3/2025 9:32 AM [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :80: ServerState 2 SecureBindings :443: [XymonConfig] XymonSettings serversList : 10.224.4.197 serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : azeligo.cressi.unicampania.it clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableIISSection : 1 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : C:\Program Files\xymon clientlogretain : 0 XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 externalscriptlocation : C:\Xymon\ext externaldatalocation : C:\Xymon\tmp localdatalocation : C:\Xymon\local servergiflocation : /xymon/gifs/ servers : 10.224.4.197 clientlogfile : C:\Program Files\xymon\xymonclient.log clientconfigfile : C:\Program Files\xymon\clientconfig.cfg clientfqdn : 1 clientlower : 1 clientbbwinmembug : 0 clientremotecfgexec : 1 HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname azeligo.cressi.unicampania.it [XymonPSClientInfo] Collection number: 131382 Last transmission method: TCP Id : 2520 Handles : 327 CPU : 262837.28125 Name : powershell