[collector:] client az-mbox1.ceda.unina2.it.powershell powershell XymonPS [date] Sat 01 Nov 06:16:46 2025 [clock] epoch: 1761974207 local: Sat 01 Nov 06:16:46 2025 UTC: Sat 01 Nov 05:16:46 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 4 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0000830s Root Dispersion: 0.0100002s ReferenceId: 0x564D5450 (source IP: 86.77.84.80) Last Successful Sync Time: 11/1/2025 6:16:44 AM Source: VM IC Time Synchronization Provider Poll Interval: 6 (64s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter Azure Edition (build 20348) [cpu] up: 7 days, 0 users, 193 procs, load=41.18% CPU states: total 41.18% cores: 4 CPU PID Image Name Pri Time MemUsage 24.8% 6688 SVC:MSExchangeMailboxReplicati 8 7 301096k 10.6% 15192 Microsoft.Exchange.Store.Worke 8 3 2340748k 1.4% 1368 SVC:EventLog 8 09:56:41 29036k 1.1% 4336 SVC:WinDefend 8 07:43:39 223788k 0.7% 14756 powershell 8 00:07:47 135320k 0.5% 6608 SVC:MSComplianceAudit 8 02:33:04 204064k 0.3% 23084 scanningprocess 8 00:36:19 265476k 0.3% 14320 EdgeTransport 8 00:28:14 1052912k 0.2% 900 SVC:KeyIso/Netlogon/SamSs 9 01:40:13 107016k 0.2% 2608 taskhostw 6 01:13:57 94664k 0.1% 5576 MSExchangeHMWorker 8 01:01:32 597176k 0.1% 7836 noderunner 8 00:12:21 744428k 0.1% 4 System 8 00:40:22 140k 0.1% 15500 SVC:MSExchangeDiagnostics 8 00:26:46 211956k 0.1% 6408 SVC:DPS 8 00:22:49 25576k 0.0% 6640 SVC:MSExchangeFrontEndTranspor 8 00:11:38 292172k 0.0% 5400 w3wp 8 00:19:52 992428k 0.0% 6632 SVC:MSExchangeEdgeSync 8 00:11:03 107796k 0.0% 3684 SVC:MSExchangeHM 8 00:13:18 239300k 0.0% 880 services 9 00:17:05 15560k 0.0% 3764 w3wp 8 00:08:13 277444k 0.0% 3148 SVC:FMS 8 00:07:14 18676k 0.0% 8864 w3wp 8 00:07:20 386700k 0.0% 4344 SVC:WindowsAzureGuestAgent 8 00:06:42 73588k 0.0% 6352 w3wp 8 00:06:39 474084k 0.0% 3452 SVC:Winmgmt 8 00:03:20 23328k 0.0% 6580 SVC:MSExchangeRepl 10 00:05:15 187740k 0.0% 13052 scanningprocess 8 00:11:47 179532k 0.0% 6536 SVC:MSExchangeRPC 8 00:02:55 198684k 0.0% 3136 SVC:HostControllerService 8 00:02:29 93836k 0.0% 6388 w3wp 8 00:06:37 504920k 0.0% 8776 w3wp 8 00:05:05 317120k 0.0% 8792 w3wp 8 00:04:59 671632k 0.0% 4820 SVC:MSExchangeADTopology 8 00:03:12 151196k 0.0% 5960 w3wp 8 00:07:45 636104k 0.0% 5772 w3wp 8 00:05:34 244804k 0.0% 9016 w3wp 8 00:03:39 400296k 0.0% 9368 Microsoft.Exchange.Imap4 8 00:05:05 223096k 0.0% 4076 SVC:RdAgent 8 00:05:52 97384k 0.0% 6568 SVC:MSExchangeMailboxAssistant 8 00:27:17 451840k 0.0% 8800 w3wp 8 00:02:31 240324k 0.0% 1960 SVC:Schedule 8 00:02:59 17024k 0.0% 1640 SVC:Dhcp 8 00:01:22 8568k 0.0% 588 SVC:RpcEptMapper/RpcSs 8 00:03:02 47972k 0.0% 1552 LogonUI 13 00:02:09 46400k 0.0% 1352 SVC:vmicheartbeat 8 00:01:55 12276k 0.0% 8140 noderunner 8 00:01:21 193852k 0.0% 22768 LogonUI 13 00:00:00 31108k 0.0% 8200 conhost 8 00:00:00 10816k 0.0% 21476 ctfmon 13 00:00:00 15976k 0.0% 22064 scanningprocess 8 00:07:59 179368k 0.0% 22164 SVC:TabletInputService 8 00:00:00 7984k 0.0% 21752 explorer 8 00:00:09 164308k 0.0% 21088 SVC:cbdhsvc_33b15775 8 00:00:00 15920k 0.0% 20772 SVC:TokenBroker 8 00:00:03 16788k 0.0% 19920 TextInputHost 8 00:00:00 44560k 0.0% 21136 SVC:CDPUserSvc_33b15775 8 00:00:00 16352k 0.0% 8404 Microsoft.Exchange.Pop3 8 00:01:09 169228k 0.0% 8556 Microsoft.Exchange.Pop3 8 00:01:41 199700k 0.0% 8572 conhost 8 00:00:00 10808k 0.0% 25252 dwm 13 00:00:01 37924k 0.0% 25744 rdpclip 8 00:00:00 19780k 0.0% 24948 SVC:camsvc 8 00:00:00 10712k 0.0% 6656 SVC:MSExchangeTransportLogSear 8 00:00:47 127388k 0.0% 6616 SVC:MSExchangeFlighting 8 00:01:27 376540k 0.0% 12728 WmiPrvSE 8 00:00:23 16436k 0.0% 6624 SVC:MSExchangeThrottling 8 00:00:02 106448k 0.0% 26148 SVC:WaaSMedicSvc 8 00:00:00 8444k 0.0% 6676 SVC:MSExchangeDelivery 8 00:05:12 361456k 0.0% 23284 taskhostw 8 00:00:00 12248k 0.0% 6884 noderunner 8 00:01:09 182900k 0.0% 7536 conhost 8 00:00:00 10824k 0.0% 22780 SVC:SecurityHealthService 8 00:00:00 11596k 0.0% 6752 SVC:MSExchangeMitigation 8 00:00:49 262552k 0.0% 24800 TabTip32 8 00:00:00 5720k 0.0% 24192 fontdrvhost 8 00:00:00 5020k 0.0% 6812 SVC:MSExchangePop3 8 00:00:06 119992k 0.0% 8816 StartMenuExperienceHost 8 00:00:00 56184k 0.0% 17508 SVC:StateRepository 8 00:00:02 14104k 0.0% 17604 RuntimeBroker 8 00:00:00 17152k 0.0% 13900 SVC:UsoSvc 8 00:00:01 12892k 0.0% 13432 SVC:MSExchangeTransport 8 00:00:02 108348k 0.0% 12668 SVC:WdiServiceHost 8 00:00:00 6684k 0.0% 12364 rhs 13 00:00:00 16480k 0.0% 13004 RuntimeBroker 8 00:00:00 13540k 0.0% 17628 SVC:XymonPSClient 8 00:00:00 6732k 0.0% 15292 SVC:CDPSvc 8 00:00:00 13844k 0.0% 16100 SVC:UALSVC 8 00:00:10 15404k 0.0% 15420 SVC:MSDTC 8 00:00:00 11760k 0.0% 15404 SVC:WinRM 8 00:00:02 17424k 0.0% 14108 conhost 8 00:00:00 10880k 0.0% 14048 w3wp 8 00:04:08 248348k 0.0% 16212 winlogon 13 00:00:00 10060k 0.0% 14232 SVC:StorSvc 8 00:00:40 18336k 0.0% 12360 conhost 8 00:00:01 14068k 0.0% 9212 conhost 8 00:00:00 10812k 0.0% 9164 Microsoft.Exchange.Imap4 8 00:01:21 172996k 0.0% 9452 conhost 8 00:00:00 10812k 0.0% 18864 TabTip 13 00:00:00 18860k 0.0% 8920 w3wp 8 00:00:54 212232k 0.0% 19864 SearchApp 8 00:00:05 80236k 0.0% 8928 noderunner 8 00:01:04 172824k 0.0% 19336 SVC:WpnUserService_33b15775 8 00:00:00 27096k 0.0% 12256 updateservice 8 00:07:05 20880k 0.0% 11736 ForefrontActiveDirectoryConnec 8 00:00:06 139412k 0.0% 17700 SVC:Appinfo 8 00:00:00 6772k 0.0% 18000 SVC:DsSvc 8 00:00:08 10996k 0.0% 10188 WaSecAgentProv 8 00:00:00 6884k 0.0% 18456 RuntimeBroker 8 00:00:02 27152k 0.0% 10960 csrss 13 00:00:00 7124k 0.0% 18280 sihost 8 00:00:01 27692k 0.0% 1872 SVC:NlaSvc 8 00:00:00 13312k 0.0% 1860 SVC:DiagTrack 8 00:01:18 43688k 0.0% 1924 SVC:Dnscache 8 00:02:26 11196k 0.0% 2016 SVC:PcaSvc 8 00:00:00 12636k 0.0% 1944 SVC:SENS 8 00:00:00 9004k 0.0% 1700 dwm 13 00:00:02 44796k 0.0% 1676 SVC:gpsvc 8 00:00:04 14124k 0.0% 1716 SVC:ProfSvc 8 00:00:00 13584k 0.0% 1732 SVC:EventSystem 8 00:00:01 8692k 0.0% 1724 SVC:Themes 8 00:00:00 6232k 0.0% 2352 SVC:CoreMessagingRegistrar 8 00:00:00 6580k 0.0% 2284 SVC:CertPropSvc 8 00:00:00 7772k 0.0% 2360 SVC:BFE/mpssvc 8 00:00:15 24216k 0.0% 2452 SVC:LanmanWorkstation 8 00:00:09 10740k 0.0% 2372 SVC:WinHttpAutoProxySvc 8 00:00:14 8316k 0.0% 2072 SVC:ShellHWDetection 8 00:00:00 13320k 0.0% 2020 SVC:UmRdpService 8 00:00:00 10328k 0.0% 2192 SVC:FontCache 8 00:00:00 7636k 0.0% 2268 w3wp 8 00:00:30 256224k 0.0% 2220 SVC:netprofm 8 00:00:03 11440k 0.0% 1588 SVC:nsi 8 00:00:03 10668k 0.0% 744 csrss 13 00:00:00 6056k 0.0% 736 wininit 13 00:00:00 7364k 0.0% 808 winlogon 13 00:00:00 10612k 0.0% 1016 SVC:BrokerInfrastructure/DcomL 8 00:00:21 25324k 0.0% 920 SVC:Wcmsvc 8 00:00:00 9160k 0.0% 516 smss 11 00:00:00 1276k 0.0% 116 Registry 8 00:00:06 106596k 0.0% 608 fontdrvhost 8 00:00:00 4068k 0.0% 652 csrss 13 00:00:18 7328k 0.0% 612 fontdrvhost 8 00:00:00 4180k 0.0% 1360 SVC:vmickvpexchange 8 00:00:47 6564k 0.0% 1252 SVC:TimeBrokerSvc 8 00:00:00 12364k 0.0% 1376 SVC:vmicshutdown 8 00:00:00 6336k 0.0% 1520 SVC:CryptSvc 8 00:00:13 15128k 0.0% 1424 SVC:vmictimesync 8 00:00:08 6452k 0.0% 1124 SVC:TermService 8 00:00:24 32492k 0.0% 1060 SVC:LSM 8 00:00:10 11708k 0.0% 1168 SVC:lmhosts 8 00:00:00 5776k 0.0% 1232 SVC:NcbService 8 00:00:00 10104k 0.0% 1176 SVC:W32Time 8 00:00:07 8768k 0.0% 4596 AggregatorHost 8 00:00:03 6392k 0.0% 4508 SVC:RasMan 8 00:00:00 13572k 0.0% 5804 dllhost 8 00:00:00 12848k 0.0% 0 Idle 0 8k 0.0% 5892 SVC:NetMsmqActivator 8 00:00:00 17764k 0.0% 4328 rhs 13 00:00:00 12696k 0.0% 4312 SVC:TrkWks 8 00:00:00 6124k 0.0% 4372 SVC:WMSVC 8 00:00:00 23604k 0.0% 4460 SVC:WdNisSvc 8 00:00:02 12588k 0.0% 4400 SVC:WpnService 8 00:00:00 12180k 0.0% 6560 SVC:MSExchangeCompliance 8 00:00:07 138024k 0.0% 6552 SVC:MSExchangeIS 8 00:00:13 164212k 0.0% 6576 SVC:MSExchangeFastSearch 8 00:00:12 142164k 0.0% 6600 SVC:MSExchangeAntispamUpdate 8 00:00:08 33196k 0.0% 6592 SVC:MSExchangeDagMgmt 8 00:00:20 192200k 0.0% 6512 SVC:MSExchangeImap4 8 00:00:06 119700k 0.0% 6504 SVC:MSExchangeServiceHost 8 00:04:01 260116k 0.0% 6520 SVC:MSExchangeIMAP4BE 8 00:00:10 120428k 0.0% 6544 SVC:MSExchangeSubmission 8 00:06:54 252008k 0.0% 6528 SVC:MSExchangePOP3BE 8 00:00:06 120984k 0.0% 4224 SVC:SysMain 8 00:00:00 7252k 0.0% 3092 SVC:iphlpsvc 8 00:00:01 10996k 0.0% 3068 SVC:AppHostSvc 8 00:00:00 12636k 0.0% 3360 SVC:NetPipeActivator/NetTcpAct 8 00:00:06 38880k 0.0% 3436 SVC:LanmanServer 8 00:00:02 9308k 0.0% 3372 SVC:MDCoreSvc 8 00:00:31 29784k 0.0% 2664 SVC:SessionEnv 8 00:00:00 10480k 0.0% 2472 SVC:IISADMIN 8 00:03:50 30236k 0.0% 2680 SVC:UserManager 8 00:00:01 9728k 0.0% 3032 SVC:Spooler 8 00:00:10 28468k 0.0% 2916 SVC:DispBrokerDesktopSvc 8 00:00:00 7560k 0.0% 4048 SVC:ClusSvc 13 00:02:37 33720k 0.0% 4040 SVC:SstpSvc 8 00:00:00 7688k 0.0% 4116 conhost 8 00:00:00 10912k 0.0% 4180 SVC:SearchExchangeTracing 8 00:00:32 17128k 0.0% 4140 SVC:sacsvr 8 00:00:00 5796k 0.0% 3800 SVC:PolicyAgent 8 00:00:00 8032k 0.0% 3676 SVC:MSExchangeHMRecovery 8 00:00:00 36796k 0.0% 3832 SVC:MSMQ 8 00:00:00 15296k 0.0% 4032 SVC:pla 8 00:00:04 7456k 0.0% 3856 SVC:W3SVC/WAS 8 00:00:51 16100k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 132589516 111139792 21449724 84% /FIXED/C:\ Windows 126.45\20.46 Exch-DB\Az-DB01 1073723388 134144992 939578396 12% /FIXED/C:\Exch-DB\Az-DB01\ Az-DB01 1023.98\896.05 [memory] memory Total Used physical: 32717 16551 virtual: 40897 22530 page: 8180 1368 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 163840000 206564 Security Circular 133103616 180354 System Circular 133103616 310053 Application [msgs:eventlog_Security] Information - 11/01/2025 06:16:21 - [5156] - Microsoft-Windows-Security-Auditing - The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.124.129.17 Source Port: 59124 Destination Address: 10.124.129.6 Destination Port: 443 Protocol: 6 Interface Index: 7 Filter Information: Filter Origin: Unknown Filter Run-Time ID: 182797 Layer Name: Receive/Accept Layer Run-Time ID: 44 Remote User ID: S-1-0-0 Remote Machine ID: S-1-0-0 Information - 11/01/2025 06:16:21 - [5156] - Microsoft-Windows-Security-Auditing - The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 4 Application Name: System Network Information: Direction: Inbound Source Address: 10.124.129.17 Source Port: 59110 Destination Address: 10.124.129.6 Destination Port: 443 Protocol: 6 Interface Index: 7 Filter Information: Filter Origin: Unknown Filter Run-Time ID: 182797 Layer Name: Receive/Accept Layer Run-Time ID: 44 Remote User ID: S-1-0-0 Remote Machine ID: S-1-0-0 [msgs:eventlog_System] [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 6688 NT AUTHORITY\SYSTEM 301096/460360 13977540/13985760 365224/527260 91 1559 24.8 2025-10-25 03:17:33 10259 SVC:MSExchangeMailboxReplication "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxReplication.exe" 15192 NT AUTHORITY\SYSTEM 2340748/2366176 8262752/8271972 2322816/2375204 106 1442 10.6 2025-10-25 03:19:19 10257 Microsoft.Exchange.Store.Worker "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Worker.exe" -id:59fc8808-844b-4244-a2bb-6a83f1ba6f3e -dag:35ceee8a-1604-4bb6-bd1a-765ff0ac7606 -pipe:3652 -readykey:Global\WorkerReadyKey-438aec00-e902-44b5-bab2-7a2588127cfe 1368 NT AUTHORITY\LOCAL SERVICE 29036/41964 2151803948/2152338732 24412/38532 18 595 1.4 2025-10-25 03:17:25 10259 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 4336 Unknown 223788/1154952 2152922560/2154071936 303620/1166020 239 894 1.1 2025-10-25 03:17:29 10259 SVC:WinDefend 14756 NT AUTHORITY\SYSTEM 135320/208632 2152414612/2152457492 116736/191528 37 556 0.7 2025-11-01 02:00:03 256 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 6608 NT AUTHORITY\SYSTEM 204064/254644 5270908/5321168 196840/252228 69 1246 0.5 2025-10-25 03:17:33 10259 SVC:MSComplianceAudit "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ComplianceAuditService.exe" 23084 NT AUTHORITY\LOCAL SERVICE 265476/1107872 5478224/6423620 603276/1425648 302 852 0.3 2025-10-25 07:54:05 9982 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 14320 NT AUTHORITY\NETWORK SERVICE 1052912/1111608 24245840/24758448 1201752/1227364 136 5335 0.3 2025-10-25 03:19:10 10257 EdgeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\edgetransport.exe" -pipe:2916 -stopkey:Global\ExchangeStopKey-c56ac18c-55c7-45f6-b13f-f18890b1db1d -resetkey:Global\ExchangeResetKey-b2552ea3-1774-4b0b-83b5-027240bfa07c -readykey:Global\ExchangeReadyKey-78a14d92-5876-4a6f-b01a-825e31e1e1f8 -hangkey:Global\ExchangeHangKey-73cfca41-780c-43da-b6ed-220ef77a2430 -startUpProgressKey:Global\ExchangeProgressKey-cd47b525-7206-4527-9b07-56faef211073 -workerListening 900 NT AUTHORITY\SYSTEM 107016/121288 2151889804/2151891888 89936/104292 42 52058 0.2 2025-10-25 03:17:23 10259 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe 2608 NT AUTHORITY\SYSTEM 94664/97248 2152449828/2186008448 79856/82800 74 1726 0.2 2025-10-25 03:17:28 10259 taskhostw taskhostw.exe ExploitGuardPolicy 5576 NT AUTHORITY\SYSTEM 597176/643292 6094432/6109824 542288/590752 171 3874 0.1 2025-10-25 03:17:39 10259 MSExchangeHMWorker "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe" -pipe:3740 -stopkey:Global\ExchangeStopKey-06abf853-fa29-404c-a1ef-dbb82d1566ad -resetkey:Global\ExchangeResetKey-7b4da774-9404-45ec-95f1-8ff756d2fecf -readykey:Global\ExchangeReadyKey-3848ab69-b884-4713-ae84-7a076614d209 -hangkey:Global\ExchangeHangKey-c8dacee7-f14c-44b2-9b0d-575c7d8bfeca -startUpProgressKey:Global\ExchangeProgressKey-1546d830-ecb3-4e8c-83a5-f9e428fd5b2b -workerListening 7836 NT AUTHORITY\SYSTEM 744428/809856 24421204/24431444 866408/924828 252 2295 0.1 2025-10-25 03:17:38 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\ResourceProfile\contentengine\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Logs\NodeRunner.log" --applicationbase "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0" 4 Unknown 140/1876 3968/20560 40/72 0 3762 0.1 2025-10-25 03:17:20 10259 System 15500 NT AUTHORITY\SYSTEM 211956/274664 5321008/5361664 221604/297464 106 2393 0.1 2025-10-25 03:20:49 10256 SVC:MSExchangeDiagnostics "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe" 6408 NT AUTHORITY\LOCAL SERVICE 25576/30952 2151858820/2152139776 26244/29256 21 312 0.1 2025-10-25 03:20:48 10256 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 6640 NT AUTHORITY\SYSTEM 292172/390056 22880984/23007968 446368/548468 91 1596 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeFrontEndTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeFrontendTransport.exe" 5400 NT AUTHORITY\SYSTEM 992428/1134100 2153802972/2153824756 933776/1076692 262 3156 0.0 2025-10-25 03:21:15 10255 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm71e51571-82a4-4b70-9013-0d8dd0b8d936 -h "C:\inetpub\temp\apppools\MSExchangePowerShellAppPool\MSExchangePowerShellAppPool.config" -w "" -m 0 6632 NT AUTHORITY\SYSTEM 107796/109736 5033872/5041744 99560/101904 46 662 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeEdgeSync "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe" 3684 NT AUTHORITY\SYSTEM 239300/244596 5482004/5568372 239964/245248 85 1984 0.0 2025-10-25 03:17:28 10259 SVC:MSExchangeHM "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMHost.exe" 880 Unknown 15560/18196 2151769180/2152311200 6976/14352 16 841 0.0 2025-10-25 03:17:23 10259 services 3764 NT AUTHORITY\SYSTEM 277444/328124 2152966024/2152993636 283028/341608 122 1545 0.0 2025-10-25 03:20:43 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiMailboxAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config" -a \\.\pipe\iisipm552adaf4-2d71-448a-ac59-8f1c5191a52d -h "C:\inetpub\temp\apppools\MSExchangeMapiMailboxAppPool\MSExchangeMapiMailboxAppPool.config" -w "" -m 0 3148 NT AUTHORITY\SYSTEM 18676/19044 4295936/4297112 8664/8968 16 355 0.0 2025-10-25 03:17:28 10259 SVC:FMS "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\FMS.exe" 8864 NT AUTHORITY\SYSTEM 386700/397952 2170265512/2170300656 421364/428044 121 2728 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipm11ab7a63-d33c-4de0-a07a-e20e33971b4b -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyFrontEndAppPool\MSExchangeRpcProxyFrontEndAppPool.config" -w "" -m 0 4344 NT AUTHORITY\SYSTEM 73588/87880 4905232/4933128 55500/70640 38 635 0.0 2025-10-25 03:17:29 10259 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190126\WindowsAzureGuestAgent.exe 6352 NT AUTHORITY\SYSTEM 474084/491556 2153356640/2153361748 476280/512704 237 3455 0.0 2025-10-25 03:17:35 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWAAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm8c060c7e-5597-4596-816c-46f75b0bc2de -h "C:\inetpub\temp\apppools\MSExchangeOWAAppPool\MSExchangeOWAAppPool.config" -w "" -m 0 3452 NT AUTHORITY\SYSTEM 23328/29544 2151831808/2151880968 11552/16616 18 396 0.0 2025-10-25 03:17:28 10259 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 6580 NT AUTHORITY\SYSTEM 187740/189640 5306500/6003120 176204/234304 104 1799 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeRepl "C:\Program Files\Microsoft\Exchange Server\V15\Bin\msexchangerepl.exe" 13052 NT AUTHORITY\LOCAL SERVICE 179532/977340 5378724/6224476 555032/1374228 290 556 0.0 2025-10-25 03:18:51 10258 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 6536 NT AUTHORITY\SYSTEM 198684/204240 5342196/5347644 194432/200460 84 1297 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeRPC "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.RpcClientAccess.Service.exe" 3136 NT AUTHORITY\SYSTEM 93836/98560 5226580/5237268 68364/70964 67 867 0.0 2025-10-25 03:17:28 10259 SVC:HostControllerService "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe" 6388 NT AUTHORITY\SYSTEM 504920/664108 2161731212/2161732824 489496/652460 215 3330 0.0 2025-10-25 03:17:35 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeSyncAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeSyncAppPool_CLRConfig.config" -a \\.\pipe\iisipmba449f4c-fa20-4cd4-8802-69e0146f4b92 -h "C:\inetpub\temp\apppools\MSExchangeSyncAppPool\MSExchangeSyncAppPool.config" -w "" -m 0 8776 NT AUTHORITY\SYSTEM 317120/473792 2170278368/2170308772 344404/502844 104 2505 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmda119580-b0e9-4e54-a1b3-2e001b73d2ea -h "C:\inetpub\temp\apppools\MSExchangeMapiFrontEndAppPool\MSExchangeMapiFrontEndAppPool.config" -w "" -m 0 8792 NT AUTHORITY\SYSTEM 671632/767912 2153691248/2153694840 621240/735612 258 3543 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeServicesAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm9c31f793-7b74-420e-85d7-7d821cc61745 -h "C:\inetpub\temp\apppools\MSExchangeServicesAppPool\MSExchangeServicesAppPool.config" -w "" -m 0 4820 NT AUTHORITY\SYSTEM 151196/152280 5208976/5230740 155740/157124 94 1496 0.0 2025-10-25 03:17:29 10259 SVC:MSExchangeADTopology "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe" 5960 NT AUTHORITY\SYSTEM 636104/714224 2153522148/2153525732 555124/634476 320 3302 0.0 2025-10-25 03:17:31 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeECPAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm7810093e-e8db-49b2-9d31-94d6f7be2dde -h "C:\inetpub\temp\apppools\MSExchangeECPAppPool\MSExchangeECPAppPool.config" -w "" -m 0 5772 NT AUTHORITY\SYSTEM 244804/244820 2152833932/2152835724 254584/254688 165 1180 0.0 2025-10-25 03:20:13 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyAppPool_CLRConfig.config" -a \\.\pipe\iisipm7e72f57d-6395-40ab-88ee-1389f7d03686 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyAppPool\MSExchangeRpcProxyAppPool.config" -w "" -m 0 9016 NT AUTHORITY\SYSTEM 400296/402324 2153047304/2153048840 374316/382380 182 2605 0.0 2025-10-25 03:17:47 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeAutodiscoverAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm290302cd-8689-49d0-ad12-72153cb21183 -h "C:\inetpub\temp\apppools\MSExchangeAutodiscoverAppPool\MSExchangeAutodiscoverAppPool.config" -w "" -m 0 9368 NT AUTHORITY\NETWORK SERVICE 223096/229600 5142848/5155076 186296/193396 107 1238 0.0 2025-10-25 03:17:50 10259 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1488 -stopkey:Global\ExchangeStopKey-b4462ebb-a73c-4f7f-8c7e-768f05a25b82 -resetkey:Global\ExchangeResetKey-b5dd859b-6f06-406f-8e63-4d47ec21645c -readykey:Global\ExchangeReadyKey-c8950b41-16ce-4a9b-b370-099f6fe45fd3 -hangkey:Global\ExchangeHangKey-7b6873f3-7228-403b-bf57-55f3ff8de1b3 -startUpProgressKey:Global\ExchangeProgressKey-0b3170a6-8a5d-4331-b93f-6b0dd979803c 4076 NT AUTHORITY\SYSTEM 97384/142828 4885468/4968000 82316/128548 49 1585 0.0 2025-10-25 03:17:29 10259 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190126\WaAppAgent.exe 6568 NT AUTHORITY\SYSTEM 451840/616804 5738572/5775316 407460/601248 137 3083 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeMailboxAssistants "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe" 8800 NT AUTHORITY\SYSTEM 240324/243344 2152824052/2152868436 233988/247828 102 2050 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOABAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmc551bd96-2725-40a7-8e23-20b5cee4c650 -h "C:\inetpub\temp\apppools\MSExchangeOABAppPool\MSExchangeOABAppPool.config" -w "" -m 0 1960 NT AUTHORITY\SYSTEM 17024/63656 2151865668/2151879552 6024/61732 21 394 0.0 2025-10-25 03:17:28 10259 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule 1640 NT AUTHORITY\LOCAL SERVICE 8568/8772 2151758472/2151775896 2568/3668 12 249 0.0 2025-10-25 03:17:28 10259 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 588 NT AUTHORITY\NETWORK SERVICE 47972/48044 2151804776/2151811992 41228/41412 27 1428 0.0 2025-10-25 03:17:24 10259 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p 1552 NT AUTHORITY\SYSTEM 46400/50200 2151966624/2151972420 11724/18372 26 455 0.0 2025-10-25 03:17:25 10259 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3ad3855 /state1:0x41c64e6d 1352 NT AUTHORITY\SYSTEM 12276/12308 2151771048/2151777316 3052/3128 16 219 0.0 2025-10-25 03:17:25 10259 SVC:vmicheartbeat C:\Windows\system32\svchost.exe -k ICService -p -s vmicheartbeat 8140 NT AUTHORITY\SYSTEM 193852/196284 6034304/6092724 179520/179892 160 1654 0.0 2025-10-25 03:17:39 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Logs\NodeRunner.log" 22768 NT AUTHORITY\SYSTEM 31108/31444 2151922320/2151929304 8008/8700 21 353 0.0 2025-10-31 12:12:03 1084 LogonUI "LogonUI.exe" /flags:0x0 /state0:0xa4f80855 /state1:0x41c64e6d 8200 NT AUTHORITY\SYSTEM 10816/10860 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:48 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4 21476 CEDA\058091 15976/16068 2151812256/2151822512 3464/3524 15 371 0.0 2025-10-27 18:35:14 6461 ctfmon "ctfmon.exe" 22064 NT AUTHORITY\LOCAL SERVICE 179368/977340 5378344/6224452 554928/1374488 289 551 0.0 2025-10-25 07:54:04 9982 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 22164 NT AUTHORITY\SYSTEM 7984/8088 2151749800/2151756312 1584/1748 10 183 0.0 2025-10-26 10:53:11 8363 SVC:TabletInputService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService 21752 CEDA\058091 164308/182792 2152185888/2152215992 35288/55168 65 1639 0.0 2025-10-27 18:35:12 6461 explorer C:\Windows\Explorer.EXE 21088 CEDA\058091 15920/16008 2151792960/2151797576 2408/2676 11 179 0.0 2025-10-27 18:37:11 6459 SVC:cbdhsvc_33b15775 C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc 20772 NT AUTHORITY\SYSTEM 16788/21544 2151782176/2151810964 3600/4064 13 261 0.0 2025-10-26 10:53:10 8363 SVC:TokenBroker C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker 19920 CEDA\058091 44560/45416 2151982740/2151995116 10096/10548 24 552 0.0 2025-10-27 18:35:16 6461 TextInputHost "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca 21136 CEDA\058091 16352/16556 2151795084/2151801748 3872/4240 15 290 0.0 2025-10-27 18:35:11 6461 SVC:CDPUserSvc_33b15775 C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc 8404 NT AUTHORITY\SYSTEM 169228/191856 5059884/5109856 142412/171988 77 1205 0.0 2025-10-25 03:17:48 10259 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1516 -stopkey:Global\ExchangeStopKey-70a0b2bb-49a8-4c0a-9a58-c1673b4d1ffd -resetkey:Global\ExchangeResetKey-ca95bc28-6494-4657-9f0c-1b924ff045fd -readykey:Global\ExchangeReadyKey-120a0a36-a2b5-4c2b-9d79-9c74b460f493 -hangkey:Global\ExchangeHangKey-3b21ecd1-2eec-47dd-8185-f732ef33be22 -startUpProgressKey:Global\ExchangeProgressKey-4e71ae9e-b464-4854-b8c4-79ac50e4a59a 8556 NT AUTHORITY\NETWORK SERVICE 199700/213672 5129432/5135320 168840/182568 102 1249 0.0 2025-10-25 03:17:43 10259 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1508 -stopkey:Global\ExchangeStopKey-f1935237-5596-4b37-8287-3a5945aa363c -resetkey:Global\ExchangeResetKey-4cfa68d8-2fef-4be2-b01b-9c03bbad2560 -readykey:Global\ExchangeReadyKey-ce94a5d0-02b1-4111-a7ac-e1646315ab29 -hangkey:Global\ExchangeHangKey-deffb41d-b4d5-472a-b7bb-4827b07e68bb -startUpProgressKey:Global\ExchangeProgressKey-044ad2bc-ac68-49d7-966a-df15c5e3fbc7 8572 NT AUTHORITY\NETWORK SERVICE 10808/10848 2151757412/2151759460 6224/6300 8 87 0.0 2025-10-25 03:17:43 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4 25252 Window Manager\DWM-2 37924/103112 2151983964/2152080232 10504/37888 28 670 0.0 2025-10-27 18:35:10 6461 dwm "dwm.exe" 25744 CEDA\058091 19780/20128 2151828496/2151839776 3312/3668 17 426 0.0 2025-10-27 18:35:11 6461 rdpclip rdpclip 24948 NT AUTHORITY\SYSTEM 10712/10764 2151757660/2151762780 2024/2280 10 151 0.0 2025-10-27 18:35:12 6461 SVC:camsvc C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc 6656 NT AUTHORITY\SYSTEM 127388/132480 5088632/5096216 127692/132616 50 788 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeTransportLogSearch "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransportLogSearch.exe" 6616 NT AUTHORITY\SYSTEM 376540/393908 5499940/5592336 354612/381676 105 2253 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeFlighting "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Management.Flighting.Service.exe" 12728 NT AUTHORITY\SYSTEM 16436/16640 2151784784/2151786308 6400/6632 14 270 0.0 2025-10-25 03:18:48 10258 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -Embedding 6624 NT AUTHORITY\NETWORK SERVICE 106448/106600 5153468/5165052 124676/125004 53 859 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeThrottling "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeThrottling.exe" 26148 Unknown 8444/8580 2151749720/2151762020 1572/2000 9 174 0.0 2025-10-26 10:53:27 8363 SVC:WaaSMedicSvc 6676 NT AUTHORITY\NETWORK SERVICE 361456/373808 5499748/5570408 311440/328076 118 1835 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeDelivery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDelivery.exe" 23284 CEDA\058091 12248/13012 2151802068/2152070840 2152/3560 12 187 0.0 2025-10-27 18:35:11 6461 taskhostw taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E} 6884 NT AUTHORITY\SYSTEM 182900/183564 5140096/5150900 166296/167048 138 1441 0.0 2025-10-25 03:17:33 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Logs\NodeRunner.log" 7536 NT AUTHORITY\SYSTEM 10824/10864 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:39 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4 22780 Unknown 11596/11956 2151758232/2151761304 2512/2684 11 195 0.0 2025-10-25 09:17:30 9899 SVC:SecurityHealthService 6752 NT AUTHORITY\SYSTEM 262552/263152 5466192/5578540 248900/259396 101 2148 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeMitigation "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Mitigation.Service.exe" 24800 CEDA\058091 5720/5800 81716/83252 1336/1564 9 94 0.0 2025-10-27 18:35:14 6461 TabTip32 /loadhooks /Parent:00000000000049b0 24192 Font Driver Host\UMFD-2 5020/5064 2151749484/2151751532 1596/1676 7 39 0.0 2025-10-27 18:35:10 6461 fontdrvhost "fontdrvhost.exe" 6812 NT AUTHORITY\SYSTEM 119992/120044 5002684/5011968 99732/99996 68 1056 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangePop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3Service.exe" 8816 CEDA\058091 56184/57524 2151989556/2152052044 13020/17336 27 575 0.0 2025-10-27 18:35:13 6461 StartMenuExperienceHost "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca 17508 NT AUTHORITY\SYSTEM 14104/18628 2151762672/2151779500 5468/9648 10 159 0.0 2025-10-25 03:28:00 10248 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository 17604 CEDA\058091 17152/18652 2151809436/2151815028 2936/3444 12 198 0.0 2025-10-27 18:35:13 6461 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding 13900 NT AUTHORITY\SYSTEM 12892/13368 2151768852/2151784164 2968/3752 15 235 0.0 2025-10-25 03:20:55 10255 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 13432 NT AUTHORITY\NETWORK SERVICE 108348/108428 5156220/5172732 124396/124564 52 1070 0.0 2025-10-25 03:19:07 10257 SVC:MSExchangeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransport.exe" 12668 NT AUTHORITY\LOCAL SERVICE 6684/6728 2151751744/2151756864 1588/1864 9 124 0.0 2025-10-25 03:20:48 10256 SVC:WdiServiceHost C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost 12364 NT AUTHORITY\SYSTEM 16480/16660 2151780968/2151787124 5072/5532 17 324 0.0 2025-10-25 03:19:01 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\0b897a79-4faa-4818-9ceb-c726a775dd90 -parentPid 4048 -initEvent dc232686-0be4-4cda-8efa-0ddf4036b304 -replyEndpoint LRPC-2776256d2cb7c8d642 13004 CEDA\058091 13540/15368 2151795132/2151802716 2284/2932 12 222 0.0 2025-10-27 18:35:15 6461 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding 17628 NT AUTHORITY\SYSTEM 6732/6944 4267672/4271768 1948/2228 8 123 0.0 2025-11-01 02:00:03 256 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe" 15292 NT AUTHORITY\LOCAL SERVICE 13844/13956 2151779892/2151790140 2752/3128 14 235 0.0 2025-10-25 03:20:48 10256 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc 16100 NT AUTHORITY\SYSTEM 15404/18620 2152339480/2152358060 8232/11428 21 282 0.0 2025-10-25 03:20:53 10255 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC 15420 NT AUTHORITY\NETWORK SERVICE 11760/13296 2151766336/2151769388 3152/4524 17 252 0.0 2025-10-25 03:20:49 10256 SVC:MSDTC C:\Windows\System32\msdtc.exe 15404 NT AUTHORITY\NETWORK SERVICE 17424/22128 2151811992/2151821900 4356/8632 18 291 0.0 2025-10-25 03:20:55 10255 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM 14108 NT AUTHORITY\NETWORK SERVICE 10880/10920 2151757412/2151759460 6224/6300 8 87 0.0 2025-10-25 03:19:10 10257 conhost \??\C:\Windows\system32\conhost.exe 0x4 14048 NT AUTHORITY\SYSTEM 248348/248420 2152823124/2152874576 249840/249980 98 2471 0.0 2025-10-25 03:20:24 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm41ae064e-49c8-4c61-b4ab-e1cf339fd0db -h "C:\inetpub\temp\apppools\MSExchangePowerShellFrontEndAppPool\MSExchangePowerShellFrontEndAppPool.config" -w "" -m 0 16212 NT AUTHORITY\SYSTEM 10060/18216 2151776044/2151802244 1912/2476 11 258 0.0 2025-10-27 18:35:10 6461 winlogon winlogon.exe 14232 NT AUTHORITY\SYSTEM 18336/97420 2151853052/2151884792 4624/84180 20 278 0.0 2025-10-25 03:19:06 10257 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 12360 NT AUTHORITY\SYSTEM 14068/14068 2151770496/2151772544 6632/6684 10 148 0.0 2025-11-01 02:00:03 256 conhost \??\C:\Windows\system32\conhost.exe 0x4 9212 NT AUTHORITY\SYSTEM 10812/10856 2151757412/2151759460 6216/6304 8 87 0.0 2025-10-25 03:17:48 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4 9164 NT AUTHORITY\SYSTEM 172996/192096 5065812/5111816 144492/172020 79 1173 0.0 2025-10-25 03:17:47 10259 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1524 -stopkey:Global\ExchangeStopKey-1dfd67aa-7b2f-42bd-9035-beadf1ba5d6c -resetkey:Global\ExchangeResetKey-2f4ee8c4-5fde-4a81-9012-092d6c2ae92a -readykey:Global\ExchangeReadyKey-26166fb7-2230-4314-94d1-8143279a6390 -hangkey:Global\ExchangeHangKey-95783275-511b-41ab-a225-493c58d615ca -startUpProgressKey:Global\ExchangeProgressKey-85bf6e89-910b-4737-89cd-41512d248272 9452 NT AUTHORITY\NETWORK SERVICE 10812/10856 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:50 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4 18864 CEDA\058091 18860/18940 2151843640/2151847224 4184/4336 18 358 0.0 2025-10-27 18:35:14 6461 TabTip /QuitInfo:00000000000002B0;00000000000002CC; 8920 NT AUTHORITY\SYSTEM 212232/214788 2152804324/2152857448 220280/225488 89 1877 0.0 2025-10-25 03:20:17 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWACalendarAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm20815b27-824e-42ba-bf3b-a6ac900cc3d9 -h "C:\inetpub\temp\apppools\MSExchangeOWACalendarAppPool\MSExchangeOWACalendarAppPool.config" -w "" -m 0 19864 CEDA\058091 80236/98284 2152061484/2152107700 31564/51864 34 649 0.0 2025-10-27 18:35:14 6461 SearchApp "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca 8928 NT AUTHORITY\SYSTEM 172824/177192 5145596/5194416 157168/161672 129 1132 0.0 2025-10-25 03:17:46 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Logs\NodeRunner.log" 19336 CEDA\058091 27096/27308 2151829620/2151837436 5252/5728 17 326 0.0 2025-10-27 18:35:11 6461 SVC:WpnUserService_33b15775 C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService 12256 NT AUTHORITY\NETWORK SERVICE 20880/154632 4309728/4444844 8012/8900 16 449 0.0 2025-10-25 03:18:22 10258 updateservice "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\updateservice.exe" -Embedding 11736 NT AUTHORITY\NETWORK SERVICE 139412/139716 5066664/5079136 118772/120092 56 743 0.0 2025-10-25 03:18:42 10258 ForefrontActiveDirectoryConnector "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ForefrontActiveDirectoryConnector.exe" -Embedding 17700 NT AUTHORITY\SYSTEM 6772/6896 2151744736/2151754900 1352/1596 8 130 0.0 2025-10-26 10:53:12 8363 SVC:Appinfo C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo 18000 NT AUTHORITY\SYSTEM 10996/11040 2152297960/2152309224 6268/6720 16 191 0.0 2025-10-25 03:28:01 10248 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 10188 NT AUTHORITY\SYSTEM 6884/7416 2151743632/2151760748 1776/2384 8 141 0.0 2025-11-01 02:20:41 236 WaSecAgentProv "C:\WindowsAzure\SecAgent\WaSecAgentProv.exe" -startPoll C:\WindowsAzure\Logs\ 168.63.129.16 5248000 3600000 21600000 18456 CEDA\058091 27152/49132 2151871816/2151893396 8372/26440 19 332 0.0 2025-10-27 18:35:14 6461 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding 10960 Unknown 7124/64496 2151769824/2151828184 2108/2544 14 288 0.0 2025-10-27 18:35:10 6461 csrss 18280 CEDA\058091 27692/28616 2151853404/2151859328 5348/5848 17 513 0.0 2025-10-27 18:35:11 6461 sihost sihost.exe 1872 NT AUTHORITY\NETWORK SERVICE 13312/13412 2151782300/2151797668 4200/4764 17 398 0.0 2025-10-25 03:17:28 10259 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc 1860 NT AUTHORITY\SYSTEM 43688/74188 2151871956/2151930160 23528/53084 30 596 0.0 2025-10-25 03:17:28 10259 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p 1924 NT AUTHORITY\NETWORK SERVICE 11196/11428 2151792708/2151802948 4828/5224 18 342 0.0 2025-10-25 03:17:28 10259 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache 2016 NT AUTHORITY\SYSTEM 12636/13832 2151776128/2151789272 4700/5320 14 275 0.0 2025-10-25 03:20:48 10256 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 1944 NT AUTHORITY\SYSTEM 9004/9184 2151756996/2151766264 1996/2360 11 185 0.0 2025-10-25 03:17:28 10259 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS 1700 Window Manager\DWM-1 44796/45224 2151923448/2151925580 18712/25272 26 633 0.0 2025-10-25 03:17:28 10259 dwm "dwm.exe" 1676 NT AUTHORITY\SYSTEM 14124/14692 2151767352/2151780436 3188/3556 17 303 0.0 2025-10-25 03:17:28 10259 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc 1716 NT AUTHORITY\SYSTEM 13584/13768 2151777248/2151790560 2940/3368 13 228 0.0 2025-10-25 03:17:28 10259 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc 1732 NT AUTHORITY\LOCAL SERVICE 8692/8852 2151757420/2151771748 2356/2780 10 188 0.0 2025-10-25 03:17:28 10259 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem 1724 NT AUTHORITY\SYSTEM 6232/6276 2151749276/2151754400 1292/1472 8 162 0.0 2025-10-25 03:17:28 10259 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes 2352 NT AUTHORITY\LOCAL SERVICE 6580/6616 2151754668/2151758764 1496/1624 8 153 0.0 2025-10-25 03:17:28 10259 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p 2284 NT AUTHORITY\SYSTEM 7772/7864 2151751612/2151756220 1656/1912 9 171 0.0 2025-10-25 03:17:28 10259 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc 2360 NT AUTHORITY\LOCAL SERVICE 24216/29100 2151808632/2151820948 14356/18600 35 464 0.0 2025-10-25 03:17:28 10259 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 2452 NT AUTHORITY\NETWORK SERVICE 10740/10788 2151765544/2151775784 2536/2696 14 247 0.0 2025-10-25 03:17:28 10259 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 2372 NT AUTHORITY\LOCAL SERVICE 8316/8444 2151752644/2151759524 2260/2612 10 179 0.0 2025-10-25 03:17:28 10259 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 2072 NT AUTHORITY\SYSTEM 13320/13436 2151765532/2151777728 2224/2624 13 192 0.0 2025-10-25 03:17:28 10259 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 2020 NT AUTHORITY\SYSTEM 10328/10716 2151772888/2151778008 2052/2364 33 199 0.0 2025-10-25 03:17:28 10259 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 2192 NT AUTHORITY\LOCAL SERVICE 7636/8840 2151792000/2151801044 1824/2508 11 166 0.0 2025-10-25 03:17:28 10259 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache 2268 NT AUTHORITY\SYSTEM 256224/286428 2153055472/2153064404 281252/312504 129 1523 0.0 2025-10-25 03:22:17 10254 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRestAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmd82f1931-64f2-481d-9317-42ed3326568d -h "C:\inetpub\temp\apppools\MSExchangeRestAppPool\MSExchangeRestAppPool.config" -w "" -m 0 2220 NT AUTHORITY\LOCAL SERVICE 11440/11608 2151763640/2151789032 3140/3872 14 436 0.0 2025-10-25 03:17:28 10259 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm 1588 NT AUTHORITY\LOCAL SERVICE 10668/10884 2151749516/2151756684 6084/6464 30 187 0.0 2025-10-25 03:17:25 10259 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi 744 Unknown 6056/6284 2151767968/2151773244 1892/2184 12 169 0.0 2025-10-25 03:17:23 10259 csrss 736 Unknown 7364/7428 2151749416/2151764400 1456/2152 12 155 0.0 2025-10-25 03:17:23 10259 wininit 808 NT AUTHORITY\SYSTEM 10612/15272 2151812880/2151826264 2548/6536 12 214 0.0 2025-10-25 03:17:23 10259 winlogon winlogon.exe 1016 NT AUTHORITY\SYSTEM 25324/25588 2151801400/2151827000 7956/8664 21 1099 0.0 2025-10-25 03:17:24 10259 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p 920 NT AUTHORITY\LOCAL SERVICE 9160/9400 2151753388/2151767724 1948/2928 12 298 0.0 2025-10-25 03:17:28 10259 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 516 Unknown 1276/1332 2151719588/2151728136 1128/1212 4 60 0.0 2025-10-25 03:17:20 10259 smss 116 Unknown 106596/209452 111624/211080 3548/145460 15 0 0.0 2025-10-25 03:17:19 10259 Registry 608 Font Driver Host\UMFD-1 4068/4108 2151747824/2151750896 1316/1424 7 39 0.0 2025-10-25 03:17:24 10259 fontdrvhost "fontdrvhost.exe" 652 Unknown 7328/7416 2151783204/2151787312 2524/2728 34 1012 0.0 2025-10-25 03:17:22 10259 csrss 612 Font Driver Host\UMFD-0 4180/4216 2151748276/2151751348 1396/1480 7 39 0.0 2025-10-25 03:17:24 10259 fontdrvhost "fontdrvhost.exe" 1360 NT AUTHORITY\SYSTEM 6564/6604 2151750056/2151754152 1484/1616 9 130 0.0 2025-10-25 03:17:25 10259 SVC:vmickvpexchange C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmickvpexchange 1252 NT AUTHORITY\LOCAL SERVICE 12364/12468 2151761324/2151768492 1728/2236 10 183 0.0 2025-10-25 03:17:25 10259 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1376 NT AUTHORITY\SYSTEM 6336/6372 2151749596/2151753692 1412/1560 8 113 0.0 2025-10-25 03:17:25 10259 SVC:vmicshutdown C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmicshutdown 1520 NT AUTHORITY\NETWORK SERVICE 15128/16436 2152040664/2152055516 4420/5868 27 403 0.0 2025-10-25 03:17:28 10259 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc 1424 NT AUTHORITY\LOCAL SERVICE 6452/6508 2151749600/2151752672 1408/1716 9 117 0.0 2025-10-25 03:17:25 10259 SVC:vmictimesync C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s vmictimesync 1124 NT AUTHORITY\NETWORK SERVICE 32492/92588 2151940336/2151990776 17140/82332 29 777 0.0 2025-10-25 03:17:25 10259 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService 1060 NT AUTHORITY\SYSTEM 11708/11920 2151763824/2151779184 2912/3428 15 375 0.0 2025-10-25 03:17:24 10259 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM 1168 NT AUTHORITY\LOCAL SERVICE 5776/5812 2151747812/2151750884 1332/1536 8 118 0.0 2025-10-25 03:17:25 10259 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 1232 NT AUTHORITY\SYSTEM 10104/10164 2151756872/2151763016 1976/2416 12 208 0.0 2025-10-25 03:17:25 10259 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1176 NT AUTHORITY\LOCAL SERVICE 8768/8832 2151756024/2151758072 2048/2164 14 232 0.0 2025-10-25 03:17:25 10259 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time 4596 NT AUTHORITY\SYSTEM 6392/18384 2151739316/2151751056 1904/2872 7 89 0.0 2025-10-25 03:17:29 10259 AggregatorHost AggregatorHost.exe 4508 NT AUTHORITY\SYSTEM 13572/13648 2151776852/2151783532 3500/3896 24 447 0.0 2025-10-25 03:17:29 10259 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs 5804 NT AUTHORITY\SYSTEM 12848/12948 2152037920/2152043624 3676/3920 18 210 0.0 2025-10-25 03:17:31 10259 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} 0 8/8 8/8 60/60 0 0 0.0 0 Idle 5892 NT AUTHORITY\NETWORK SERVICE 17764/17796 4781316/4787716 24916/25180 14 255 0.0 2025-10-25 03:17:31 10259 SVC:NetMsmqActivator "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator 4328 NT AUTHORITY\SYSTEM 12696/12928 2151767572/2151773732 3488/3964 14 243 0.0 2025-10-25 03:19:01 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\5c6200cc-be32-4151-9aeb-c86e6b45737d -parentPid 4048 -initEvent da047c1b-407d-493e-9df8-fbf49702dd61 -replyEndpoint LRPC-2776256d2cb7c8d642 4312 NT AUTHORITY\SYSTEM 6124/6144 2151746792/2151752936 1340/1560 8 134 0.0 2025-10-25 03:17:29 10259 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 4372 NT AUTHORITY\LOCAL SERVICE 23604/23608 2152251452/2152252476 23140/23152 33 316 0.0 2025-10-25 03:17:29 10259 SVC:WMSVC C:\Windows\system32\inetsrv\wmsvc.exe 4460 Unknown 12588/12964 2151777744/2151785976 4276/5308 11 208 0.0 2025-10-25 03:18:33 10258 SVC:WdNisSvc 4400 NT AUTHORITY\SYSTEM 12180/12288 2151756632/2151764824 1616/1876 9 139 0.0 2025-10-25 03:17:29 10259 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService 6560 NT AUTHORITY\SYSTEM 138024/138948 5239748/5246916 145044/146068 60 1393 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeCompliance "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeCompliance.exe" 6552 NT AUTHORITY\SYSTEM 164212/164532 5240636/5243728 163588/164716 69 1057 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeIS "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Service.exe" 6576 NT AUTHORITY\SYSTEM 142164/143684 5211288/5275600 165468/165804 58 1578 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeFastSearch "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Search.Service.exe" 6600 NT AUTHORITY\SYSTEM 33196/33556 4840940/4847340 34868/35248 23 418 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeAntispamUpdate "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe" 6592 NT AUTHORITY\SYSTEM 192200/193280 5228396/5245464 162404/164132 77 1034 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeDagMgmt "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDagMgmt.exe" 6512 NT AUTHORITY\SYSTEM 119700/119732 5003676/5011936 99420/99692 68 946 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeImap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4Service.exe" 6504 NT AUTHORITY\SYSTEM 260116/264268 5525808/5537576 246580/251480 119 2370 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeServiceHost "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.ServiceHost.exe" 6520 NT AUTHORITY\NETWORK SERVICE 120428/120540 5001416/5011980 100052/100320 65 887 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeIMAP4BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe" 6544 NT AUTHORITY\SYSTEM 252008/257016 5379320/5507316 238884/244740 86 1637 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeSubmission "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeSubmission.exe" 6528 NT AUTHORITY\NETWORK SERVICE 120984/121128 5002648/5011932 100656/100976 65 949 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangePOP3BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe" 4224 NT AUTHORITY\SYSTEM 7252/7280 2155942752/2155950944 1792/1960 9 143 0.0 2025-10-25 03:17:29 10259 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 3092 NT AUTHORITY\SYSTEM 10996/11124 2152815240/2152829452 2856/3544 15 363 0.0 2025-10-25 03:17:28 10259 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 3068 NT AUTHORITY\SYSTEM 12636/12680 2151759132/2151764252 5164/5456 12 170 0.0 2025-10-25 03:17:28 10259 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc 3360 NT AUTHORITY\LOCAL SERVICE 38880/39088 4799140/4802468 34784/35076 37 536 0.0 2025-10-25 03:17:28 10259 SVC:NetPipeActivator/NetTcpActivator/NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 3436 NT AUTHORITY\SYSTEM 9308/9420 2151751800/2151756408 2276/2536 11 205 0.0 2025-10-25 03:17:28 10259 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer 3372 Unknown 29784/30140 2151811900/2151819004 16376/17504 19 1050 0.0 2025-10-25 03:17:28 10259 SVC:MDCoreSvc 2664 NT AUTHORITY\SYSTEM 10480/10520 2151763388/2151773796 2360/2584 16 246 0.0 2025-10-25 03:17:28 10259 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 2472 NT AUTHORITY\SYSTEM 30236/30616 2151793208/2151798248 19884/20280 18 223 0.0 2025-10-25 03:17:28 10259 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe 2680 NT AUTHORITY\SYSTEM 9728/9932 2151755720/2151774160 2420/3064 10 217 0.0 2025-10-25 03:17:28 10259 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager 3032 NT AUTHORITY\SYSTEM 28468/30224 2151843092/2151861576 9236/11964 28 549 0.0 2025-10-25 03:17:28 10259 SVC:Spooler C:\Windows\System32\spoolsv.exe 2916 NT AUTHORITY\LOCAL SERVICE 7560/7652 2151746076/2151757340 1368/1800 8 126 0.0 2025-10-25 03:17:28 10259 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 4048 NT AUTHORITY\SYSTEM 33720/33788 2151815036/2151828992 13264/14280 38 1507 0.0 2025-10-25 03:17:29 10259 SVC:ClusSvc C:\Windows\Cluster\clussvc.exe -s 4040 NT AUTHORITY\LOCAL SERVICE 7688/7728 2151753416/2151761612 1708/2012 43 159 0.0 2025-10-25 03:17:29 10259 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc 4116 NT AUTHORITY\SYSTEM 10912/10952 2151757412/2151759460 6228/6304 8 87 0.0 2025-11-01 02:20:41 236 conhost \??\C:\Windows\system32\conhost.exe 0x4 4180 NT AUTHORITY\SYSTEM 17128/17520 4282816/4299280 9572/9804 13 232 0.0 2025-10-25 03:17:29 10259 SVC:SearchExchangeTracing "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\TraceService\sftracing.exe" 4140 NT AUTHORITY\SYSTEM 5796/5852 2151745496/2151751636 1228/1432 8 105 0.0 2025-10-25 03:17:29 10259 SVC:sacsvr C:\Windows\System32\svchost.exe -k netsvcs -p -s sacsvr 3800 NT AUTHORITY\NETWORK SERVICE 8032/9712 2151750728/2151755864 2144/3416 11 167 0.0 2025-10-25 03:17:30 10259 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent 3676 NT AUTHORITY\SYSTEM 36796/36884 4901156/4913336 47756/47964 28 907 0.0 2025-10-25 03:17:28 10259 SVC:MSExchangeHMRecovery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMRecovery.exe" 3832 NT AUTHORITY\NETWORK SERVICE 15296/15344 2151802324/2151805396 5936/6344 33 392 0.0 2025-10-25 03:17:28 10259 SVC:MSMQ C:\Windows\system32\mqsvc.exe 4032 NT AUTHORITY\LOCAL SERVICE 7456/7500 2151751820/2151757964 1644/1796 9 154 0.0 2025-10-25 03:17:29 10259 SVC:pla C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s pla 3856 NT AUTHORITY\SYSTEM 16100/16156 2151777984/2151779520 7824/9140 19 388 0.0 2025-10-25 03:17:28 10259 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs [netstat] PacketsReceived=507825079 ReceivedHeaderErrors=0 ReceivedAddressErrors=37 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=387 ReceivedPacketsDelivered=507827808 OutputRequests=1006796871 RoutingDiscards=0 DiscardedOutputPackets=27 OutputPacketNoRoute=3 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=258256 ReceivedHeaderErrors=0 ReceivedAddressErrors=98 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=0 ReceivedPacketsDelivered=258305 OutputRequests=292997 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=837450 tcpPassiveOpens=2027984 tcpFailedConnectionAttempts=1236097 tcpResetConnections=128591 tcpCurrentConnections=169 tcpSegmentsReceived=514739082 tcpSegmentsSent=1012535358 tcpSegmentsRetransmitted=1128849 tcpActiveOpens=419820 tcpPassiveOpens=419814 tcpFailedConnectionAttempts=24656 tcpResetConnections=367699 tcpCurrentConnections=222 tcpSegmentsReceived=15283221 tcpSegmentsSent=15307931 tcpSegmentsRetransmitted=20 udpDatagramsReceived=1546937 udpNoPorts=384 udpReceiveErrors=0 udpDatagramsSent=1578234 udpDatagramsReceived=85 udpNoPorts=0 udpReceiveErrors=0 udpDatagramsSent=254 [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : Az-mbox1 Primary Dns Suffix . . . . . . . : ceda.unina2.it Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ceda.unina2.it reddog.microsoft.com Ethernet adapter Ethernet: Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter Physical Address. . . . . . . . . : 60-45-BD-8E-45-19 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::55a1:c340:fd6e:7c3c%7(Preferred) IPv4 Address. . . . . . . . . . . : 10.124.129.6(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, October 25, 2025 2:17:28 AM Lease Expires . . . . . . . . . . : Tuesday, December 8, 2161 12:45:00 PM Default Gateway . . . . . . . . . : 10.124.129.1 DHCP Server . . . . . . . . . . . : 168.63.129.16 DHCPv6 IAID . . . . . . . . . . . : 106972605 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-CD-D9-05-60-45-BD-8E-45-19 DNS Servers . . . . . . . . . . . : 10.124.1.4 10.124.1.5 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 10: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter Physical Address. . . . . . . . . : 02-E2-C0-2A-83-38 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::a908:3842:1f2d:c922%3(Preferred) IPv4 Address. . . . . . . . . . . : 169.254.1.17(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 50472042 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-CD-D9-05-60-45-BD-8E-45-19 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 7...60 45 bd 8e 45 19 ......Microsoft Hyper-V Network Adapter 3...02 e2 c0 2a 83 38 ......Microsoft Failover Cluster Virtual Adapter 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.124.129.1 10.124.129.6 10 10.124.129.0 255.255.255.0 On-link 10.124.129.6 266 10.124.129.6 255.255.255.255 On-link 10.124.129.6 266 10.124.129.255 255.255.255.255 On-link 10.124.129.6 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 168.63.129.16 255.255.255.255 10.124.129.1 10.124.129.6 11 169.254.0.0 255.255.0.0 On-link 169.254.1.17 271 169.254.1.17 255.255.255.255 On-link 169.254.1.17 271 169.254.169.254 255.255.255.255 10.124.129.1 10.124.129.6 11 169.254.255.255 255.255.255.255 On-link 169.254.1.17 271 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.124.129.6 266 224.0.0.0 240.0.0.0 On-link 169.254.1.17 271 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.124.129.6 266 255.255.255.255 255.255.255.255 On-link 169.254.1.17 271 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 7 266 fe80::/64 On-link 3 271 fe80::/64 On-link 7 266 fe80::55a1:c340:fd6e:7c3c/128 On-link 3 271 fe80::a908:3842:1f2d:c922/128 On-link 1 331 ff00::/8 On-link 7 266 ff00::/8 On-link 3 271 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.124.129.6 702360139834 1163605063998 169.254.1.17 46491719 41566734 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual started Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) aspnet_state manual stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AxInstSV disabled stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service c2wts manual stopped Claims to Windows Token Service camsvc manual started Capability Access Manager Service CaptureService_33b15775 manual stopped CaptureService_33b15775 cbdhsvc_33b15775 automatic started Clipboard User Service_33b15775 CDPSvc automatic started Connected Devices Platform Service CDPUserSvc_33b15775 automatic started Connected Devices Platform User Service_33b15775 CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) ClusSvc automatic started Cluster Service COMSysApp manual stopped COM+ System Application ConsentUxUserSvc_33b15775 manual stopped ConsentUX User Service_33b15775 CoreMessagingRegistrar automatic started CoreMessaging CPrepSrv manual stopped CPrepSrv CredentialEnrollmentManagerUserSvc_33b15775 manual stopped CredentialEnrollmentManagerUserSvc_33b15775 CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationBrokerSvc_33b15775 manual stopped DeviceAssociationBroker_33b15775 DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevicePickerUserSvc_33b15775 disabled stopped DevicePicker_33b15775 DevicesFlowUserSvc_33b15775 manual stopped DevicesFlow_33b15775 DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System FcSrv manual stopped FcSrv fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FMS automatic started Microsoft Filtering Management Service FontCache automatic started Windows Font Cache Service FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc hidserv manual stopped Human Interface Device Service HostControllerService automatic started Microsoft Exchange Search Host Controller HvHost manual stopped HV Host Service IISADMIN automatic started IIS Admin Service IKEEXT manual stopped IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService MDCoreSvc automatic started Microsoft Defender Core Service MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSComplianceAudit automatic started Microsoft Exchange Compliance Audit MSDTC automatic started Distributed Transaction Coordinator MSExchangeADTopology automatic started Microsoft Exchange Active Directory Topology MSExchangeAntispamUpdate automatic started Microsoft Exchange Anti-spam Update MSExchangeCompliance automatic started Microsoft Exchange Compliance Service MSExchangeDagMgmt automatic started Microsoft Exchange DAG Management MSExchangeDelivery automatic started Microsoft Exchange Mailbox Transport Delivery MSExchangeDiagnostics automatic started Microsoft Exchange Diagnostics MSExchangeEdgeSync automatic started Microsoft Exchange EdgeSync MSExchangeFastSearch automatic started Microsoft Exchange Search MSExchangeFlighting automatic started Microsoft Exchange Flighting Service MSExchangeFrontEndTransport automatic started Microsoft Exchange Frontend Transport MSExchangeHM automatic started Microsoft Exchange Health Manager MSExchangeHMRecovery automatic started Microsoft Exchange Health Manager Recovery MSExchangeImap4 automatic started Microsoft Exchange IMAP4 MSExchangeIMAP4BE automatic started Microsoft Exchange IMAP4 Backend MSExchangeIS automatic started Microsoft Exchange Information Store MSExchangeMailboxAssistants automatic started Microsoft Exchange Mailbox Assistants MSExchangeMailboxReplication automatic started Microsoft Exchange Mailbox Replication MSExchangeMitigation automatic started Microsoft Exchange Emergency Mitigation Service MSExchangePop3 automatic started Microsoft Exchange POP3 MSExchangePOP3BE automatic started Microsoft Exchange POP3 Backend MSExchangeRepl automatic started Microsoft Exchange Replication MSExchangeRPC automatic started Microsoft Exchange RPC Client Access MSExchangeServiceHost automatic started Microsoft Exchange Service Host MSExchangeSubmission automatic started Microsoft Exchange Mailbox Transport Submission MSExchangeThrottling automatic started Microsoft Exchange Throttling MSExchangeTransport automatic started Microsoft Exchange Transport MSExchangeTransportLogSearch automatic started Microsoft Exchange Transport Log Search MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MSMQ automatic started Message Queuing NcaSvc disabled stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections NetMsmqActivator automatic started Net.Msmq Listener Adapter NetPipeActivator automatic started Net.Pipe Listener Adapter netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpActivator automatic started Net.Tcp Listener Adapter NetTcpPortSharing automatic started Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host PimIndexMaintenanceSvc_33b15775 manual stopped Contact Data_33b15775 pla automatic started Performance Logs & Alerts PlugPlay manual started Plug and Play PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications PrintWorkflowUserSvc_33b15775 manual stopped PrintWorkflow_33b15775 ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RdAgent automatic started RdAgent RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RPCHTTPLBS manual stopped RPC/HTTP Load Balancing Service RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual started Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy SearchExchangeTracing automatic started Tracing Service for Search in Exchange seclogon manual stopped Secondary Logon SecurityHealthService manual started Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager SmbWitness manual stopped SMB Witness smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv manual stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual started Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TargetMgr disabled stopped Target Manager TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual started Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UdkUserSvc_33b15775 manual stopped Udk User Service_33b15775 UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector UnistoreSvc_33b15775 manual stopped User Data Storage_33b15775 upnphost disabled stopped UPnP Device Host UserDataSvc_33b15775 manual stopped User Data Access_33b15775 UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual started Hyper-V Heartbeat Service vmickvpexchange manual started Hyper-V Data Exchange Service vmicshutdown manual started Hyper-V Guest Shutdown Service vmictimesync manual started Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS manual stopped Volume Shadow Copy W32Time automatic started Windows Time w3logsvc manual stopped W3C Logging Service W3SVC automatic started World Wide Web Publishing Service WaaSMedicSvc manual started Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WAS manual started Windows Process Activation Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual started Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service WindowsAzureGuestAgent automatic started Windows Azure Guest Agent WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WMSVC automatic started Web Management Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WpnUserService_33b15775 automatic started Windows Push Notifications User Service_33b15775 wsbexchange manual stopped Microsoft Exchange Server Extension for Windows Server Backup WSearch disabled stopped Windows Search wuauserv manual stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 615540 7 days 2 hours 59 minutes 0 seconds Bootup: 20251025031722.323052+120 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 058091 2 Disc 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 4 Total sessions disconnected: 3 Total sessions reconnected: 0 [users] USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME 058091 2 Disc 18:04 10/27/2025 6:35 PM [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :80: 127.0.0.1:80: ServerState 2 SecureBindings 127.0.0.1:443: :443: Exchange Back End IIS://localhost/W3SVC/2 SiteID: 2 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :81: ServerState 2 SecureBindings :444: [XymonConfig] XymonSettings serversList : 10.224.4.197 serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : az-mbox1.ceda.unina2.it clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableIISSection : 1 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : C:\Program Files\xymon clientlogretain : 0 XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 externalscriptlocation : C:\Program Files\xymon\ext externaldatalocation : C:\Program Files\xymon\tmp localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : 10.224.4.197 clientlogfile : C:\Program Files\xymon\xymonclient.log clientconfigfile : C:\Program Files\xymon\clientconfig.cfg clientfqdn : 1 clientlower : 1 clientbbwinmembug : 0 clientremotecfgexec : 1 HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname az-mbox1.ceda.unina2.it [XymonPSClientInfo] Collection number: 53 Last transmission method: TCP Id : 14756 Handles : 560 CPU : 476.328125 SI : 0 Name : powershell