Sat 01 Nov 06:16:46 2025 - Processes ok
 No process checks defined
PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command
6688 NT AUTHORITY\SYSTEM 301096/460360 13977540/13985760 365224/527260 91 1559 24.8 2025-10-25 03:17:33 10259 SVC:MSExchangeMailboxReplication "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxReplication.exe"
15192 NT AUTHORITY\SYSTEM 2340748/2366176 8262752/8271972 2322816/2375204 106 1442 10.6 2025-10-25 03:19:19 10257 Microsoft.Exchange.Store.Worker "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Worker.exe" -id:59fc8808-844b-4244-a2bb-6a83f1ba6f3e -dag:35ceee8a-1604-4bb6-bd1a-765ff0ac7606 -pipe:3652 -readykey:Global\WorkerReadyKey-438aec00-e902-44b5-bab2-7a2588127cfe
1368 NT AUTHORITY\LOCAL SERVICE 29036/41964 2151803948/2152338732 24412/38532 18 595 1.4 2025-10-25 03:17:25 10259 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
4336 Unknown 223788/1154952 2152922560/2154071936 303620/1166020 239 894 1.1 2025-10-25 03:17:29 10259 SVC:WinDefend
14756 NT AUTHORITY\SYSTEM 135320/208632 2152414612/2152457492 116736/191528 37 556 0.7 2025-11-01 02:00:03 256 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1"
6608 NT AUTHORITY\SYSTEM 204064/254644 5270908/5321168 196840/252228 69 1246 0.5 2025-10-25 03:17:33 10259 SVC:MSComplianceAudit "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ComplianceAuditService.exe"
23084 NT AUTHORITY\LOCAL SERVICE 265476/1107872 5478224/6423620 603276/1425648 302 852 0.3 2025-10-25 07:54:05 9982 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding
14320 NT AUTHORITY\NETWORK SERVICE 1052912/1111608 24245840/24758448 1201752/1227364 136 5335 0.3 2025-10-25 03:19:10 10257 EdgeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\edgetransport.exe" -pipe:2916 -stopkey:Global\ExchangeStopKey-c56ac18c-55c7-45f6-b13f-f18890b1db1d -resetkey:Global\ExchangeResetKey-b2552ea3-1774-4b0b-83b5-027240bfa07c -readykey:Global\ExchangeReadyKey-78a14d92-5876-4a6f-b01a-825e31e1e1f8 -hangkey:Global\ExchangeHangKey-73cfca41-780c-43da-b6ed-220ef77a2430 -startUpProgressKey:Global\ExchangeProgressKey-cd47b525-7206-4527-9b07-56faef211073 -workerListening
900 NT AUTHORITY\SYSTEM 107016/121288 2151889804/2151891888 89936/104292 42 52058 0.2 2025-10-25 03:17:23 10259 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe
2608 NT AUTHORITY\SYSTEM 94664/97248 2152449828/2186008448 79856/82800 74 1726 0.2 2025-10-25 03:17:28 10259 taskhostw taskhostw.exe ExploitGuardPolicy
5576 NT AUTHORITY\SYSTEM 597176/643292 6094432/6109824 542288/590752 171 3874 0.1 2025-10-25 03:17:39 10259 MSExchangeHMWorker "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe" -pipe:3740 -stopkey:Global\ExchangeStopKey-06abf853-fa29-404c-a1ef-dbb82d1566ad -resetkey:Global\ExchangeResetKey-7b4da774-9404-45ec-95f1-8ff756d2fecf -readykey:Global\ExchangeReadyKey-3848ab69-b884-4713-ae84-7a076614d209 -hangkey:Global\ExchangeHangKey-c8dacee7-f14c-44b2-9b0d-575c7d8bfeca -startUpProgressKey:Global\ExchangeProgressKey-1546d830-ecb3-4e8c-83a5-f9e428fd5b2b -workerListening
7836 NT AUTHORITY\SYSTEM 744428/809856 24421204/24431444 866408/924828 252 2295 0.1 2025-10-25 03:17:38 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\ResourceProfile\contentengine\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Logs\NodeRunner.log" --applicationbase "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0"
4 Unknown 140/1876 3968/20560 40/72 0 3762 0.1 2025-10-25 03:17:20 10259 System
15500 NT AUTHORITY\SYSTEM 211956/274664 5321008/5361664 221604/297464 106 2393 0.1 2025-10-25 03:20:49 10256 SVC:MSExchangeDiagnostics "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe"
6408 NT AUTHORITY\LOCAL SERVICE 25576/30952 2151858820/2152139776 26244/29256 21 312 0.1 2025-10-25 03:20:48 10256 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
6640 NT AUTHORITY\SYSTEM 292172/390056 22880984/23007968 446368/548468 91 1596 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeFrontEndTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeFrontendTransport.exe"
5400 NT AUTHORITY\SYSTEM 992428/1134100 2153802972/2153824756 933776/1076692 262 3156 0.0 2025-10-25 03:21:15 10255 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm71e51571-82a4-4b70-9013-0d8dd0b8d936 -h "C:\inetpub\temp\apppools\MSExchangePowerShellAppPool\MSExchangePowerShellAppPool.config" -w "" -m 0
6632 NT AUTHORITY\SYSTEM 107796/109736 5033872/5041744 99560/101904 46 662 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeEdgeSync "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe"
3684 NT AUTHORITY\SYSTEM 239300/244596 5482004/5568372 239964/245248 85 1984 0.0 2025-10-25 03:17:28 10259 SVC:MSExchangeHM "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMHost.exe"
880 Unknown 15560/18196 2151769180/2152311200 6976/14352 16 841 0.0 2025-10-25 03:17:23 10259 services
3764 NT AUTHORITY\SYSTEM 277444/328124 2152966024/2152993636 283028/341608 122 1545 0.0 2025-10-25 03:20:43 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiMailboxAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config" -a \\.\pipe\iisipm552adaf4-2d71-448a-ac59-8f1c5191a52d -h "C:\inetpub\temp\apppools\MSExchangeMapiMailboxAppPool\MSExchangeMapiMailboxAppPool.config" -w "" -m 0
3148 NT AUTHORITY\SYSTEM 18676/19044 4295936/4297112 8664/8968 16 355 0.0 2025-10-25 03:17:28 10259 SVC:FMS "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\FMS.exe"
8864 NT AUTHORITY\SYSTEM 386700/397952 2170265512/2170300656 421364/428044 121 2728 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipm11ab7a63-d33c-4de0-a07a-e20e33971b4b -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyFrontEndAppPool\MSExchangeRpcProxyFrontEndAppPool.config" -w "" -m 0
4344 NT AUTHORITY\SYSTEM 73588/87880 4905232/4933128 55500/70640 38 635 0.0 2025-10-25 03:17:29 10259 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190126\WindowsAzureGuestAgent.exe
6352 NT AUTHORITY\SYSTEM 474084/491556 2153356640/2153361748 476280/512704 237 3455 0.0 2025-10-25 03:17:35 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWAAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm8c060c7e-5597-4596-816c-46f75b0bc2de -h "C:\inetpub\temp\apppools\MSExchangeOWAAppPool\MSExchangeOWAAppPool.config" -w "" -m 0
3452 NT AUTHORITY\SYSTEM 23328/29544 2151831808/2151880968 11552/16616 18 396 0.0 2025-10-25 03:17:28 10259 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
6580 NT AUTHORITY\SYSTEM 187740/189640 5306500/6003120 176204/234304 104 1799 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeRepl "C:\Program Files\Microsoft\Exchange Server\V15\Bin\msexchangerepl.exe"
13052 NT AUTHORITY\LOCAL SERVICE 179532/977340 5378724/6224476 555032/1374228 290 556 0.0 2025-10-25 03:18:51 10258 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding
6536 NT AUTHORITY\SYSTEM 198684/204240 5342196/5347644 194432/200460 84 1297 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeRPC "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.RpcClientAccess.Service.exe"
3136 NT AUTHORITY\SYSTEM 93836/98560 5226580/5237268 68364/70964 67 867 0.0 2025-10-25 03:17:28 10259 SVC:HostControllerService "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe"
6388 NT AUTHORITY\SYSTEM 504920/664108 2161731212/2161732824 489496/652460 215 3330 0.0 2025-10-25 03:17:35 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeSyncAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeSyncAppPool_CLRConfig.config" -a \\.\pipe\iisipmba449f4c-fa20-4cd4-8802-69e0146f4b92 -h "C:\inetpub\temp\apppools\MSExchangeSyncAppPool\MSExchangeSyncAppPool.config" -w "" -m 0
8776 NT AUTHORITY\SYSTEM 317120/473792 2170278368/2170308772 344404/502844 104 2505 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmda119580-b0e9-4e54-a1b3-2e001b73d2ea -h "C:\inetpub\temp\apppools\MSExchangeMapiFrontEndAppPool\MSExchangeMapiFrontEndAppPool.config" -w "" -m 0
8792 NT AUTHORITY\SYSTEM 671632/767912 2153691248/2153694840 621240/735612 258 3543 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeServicesAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm9c31f793-7b74-420e-85d7-7d821cc61745 -h "C:\inetpub\temp\apppools\MSExchangeServicesAppPool\MSExchangeServicesAppPool.config" -w "" -m 0
4820 NT AUTHORITY\SYSTEM 151196/152280 5208976/5230740 155740/157124 94 1496 0.0 2025-10-25 03:17:29 10259 SVC:MSExchangeADTopology "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe"
5960 NT AUTHORITY\SYSTEM 636104/714224 2153522148/2153525732 555124/634476 320 3302 0.0 2025-10-25 03:17:31 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeECPAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm7810093e-e8db-49b2-9d31-94d6f7be2dde -h "C:\inetpub\temp\apppools\MSExchangeECPAppPool\MSExchangeECPAppPool.config" -w "" -m 0
5772 NT AUTHORITY\SYSTEM 244804/244820 2152833932/2152835724 254584/254688 165 1180 0.0 2025-10-25 03:20:13 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyAppPool_CLRConfig.config" -a \\.\pipe\iisipm7e72f57d-6395-40ab-88ee-1389f7d03686 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyAppPool\MSExchangeRpcProxyAppPool.config" -w "" -m 0
9016 NT AUTHORITY\SYSTEM 400296/402324 2153047304/2153048840 374316/382380 182 2605 0.0 2025-10-25 03:17:47 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeAutodiscoverAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm290302cd-8689-49d0-ad12-72153cb21183 -h "C:\inetpub\temp\apppools\MSExchangeAutodiscoverAppPool\MSExchangeAutodiscoverAppPool.config" -w "" -m 0
9368 NT AUTHORITY\NETWORK SERVICE 223096/229600 5142848/5155076 186296/193396 107 1238 0.0 2025-10-25 03:17:50 10259 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1488 -stopkey:Global\ExchangeStopKey-b4462ebb-a73c-4f7f-8c7e-768f05a25b82 -resetkey:Global\ExchangeResetKey-b5dd859b-6f06-406f-8e63-4d47ec21645c -readykey:Global\ExchangeReadyKey-c8950b41-16ce-4a9b-b370-099f6fe45fd3 -hangkey:Global\ExchangeHangKey-7b6873f3-7228-403b-bf57-55f3ff8de1b3 -startUpProgressKey:Global\ExchangeProgressKey-0b3170a6-8a5d-4331-b93f-6b0dd979803c
4076 NT AUTHORITY\SYSTEM 97384/142828 4885468/4968000 82316/128548 49 1585 0.0 2025-10-25 03:17:29 10259 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190126\WaAppAgent.exe
6568 NT AUTHORITY\SYSTEM 451840/616804 5738572/5775316 407460/601248 137 3083 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeMailboxAssistants "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe"
8800 NT AUTHORITY\SYSTEM 240324/243344 2152824052/2152868436 233988/247828 102 2050 0.0 2025-10-25 03:17:45 10259 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOABAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmc551bd96-2725-40a7-8e23-20b5cee4c650 -h "C:\inetpub\temp\apppools\MSExchangeOABAppPool\MSExchangeOABAppPool.config" -w "" -m 0
1960 NT AUTHORITY\SYSTEM 17024/63656 2151865668/2151879552 6024/61732 21 394 0.0 2025-10-25 03:17:28 10259 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1640 NT AUTHORITY\LOCAL SERVICE 8568/8772 2151758472/2151775896 2568/3668 12 249 0.0 2025-10-25 03:17:28 10259 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
588 NT AUTHORITY\NETWORK SERVICE 47972/48044 2151804776/2151811992 41228/41412 27 1428 0.0 2025-10-25 03:17:24 10259 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p
1552 NT AUTHORITY\SYSTEM 46400/50200 2151966624/2151972420 11724/18372 26 455 0.0 2025-10-25 03:17:25 10259 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3ad3855 /state1:0x41c64e6d
1352 NT AUTHORITY\SYSTEM 12276/12308 2151771048/2151777316 3052/3128 16 219 0.0 2025-10-25 03:17:25 10259 SVC:vmicheartbeat C:\Windows\system32\svchost.exe -k ICService -p -s vmicheartbeat
8140 NT AUTHORITY\SYSTEM 193852/196284 6034304/6092724 179520/179892 160 1654 0.0 2025-10-25 03:17:39 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Logs\NodeRunner.log"
22768 NT AUTHORITY\SYSTEM 31108/31444 2151922320/2151929304 8008/8700 21 353 0.0 2025-10-31 12:12:03 1084 LogonUI "LogonUI.exe" /flags:0x0 /state0:0xa4f80855 /state1:0x41c64e6d
8200 NT AUTHORITY\SYSTEM 10816/10860 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:48 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4
21476 CEDA\058091 15976/16068 2151812256/2151822512 3464/3524 15 371 0.0 2025-10-27 18:35:14 6461 ctfmon "ctfmon.exe"
22064 NT AUTHORITY\LOCAL SERVICE 179368/977340 5378344/6224452 554928/1374488 289 551 0.0 2025-10-25 07:54:04 9982 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding
22164 NT AUTHORITY\SYSTEM 7984/8088 2151749800/2151756312 1584/1748 10 183 0.0 2025-10-26 10:53:11 8363 SVC:TabletInputService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
21752 CEDA\058091 164308/182792 2152185888/2152215992 35288/55168 65 1639 0.0 2025-10-27 18:35:12 6461 explorer C:\Windows\Explorer.EXE
21088 CEDA\058091 15920/16008 2151792960/2151797576 2408/2676 11 179 0.0 2025-10-27 18:37:11 6459 SVC:cbdhsvc_33b15775 C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
20772 NT AUTHORITY\SYSTEM 16788/21544 2151782176/2151810964 3600/4064 13 261 0.0 2025-10-26 10:53:10 8363 SVC:TokenBroker C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
19920 CEDA\058091 44560/45416 2151982740/2151995116 10096/10548 24 552 0.0 2025-10-27 18:35:16 6461 TextInputHost "C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXjd5de1g66v206tj52m9d0dtpppx4cgpn.mca
21136 CEDA\058091 16352/16556 2151795084/2151801748 3872/4240 15 290 0.0 2025-10-27 18:35:11 6461 SVC:CDPUserSvc_33b15775 C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
8404 NT AUTHORITY\SYSTEM 169228/191856 5059884/5109856 142412/171988 77 1205 0.0 2025-10-25 03:17:48 10259 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1516 -stopkey:Global\ExchangeStopKey-70a0b2bb-49a8-4c0a-9a58-c1673b4d1ffd -resetkey:Global\ExchangeResetKey-ca95bc28-6494-4657-9f0c-1b924ff045fd -readykey:Global\ExchangeReadyKey-120a0a36-a2b5-4c2b-9d79-9c74b460f493 -hangkey:Global\ExchangeHangKey-3b21ecd1-2eec-47dd-8185-f732ef33be22 -startUpProgressKey:Global\ExchangeProgressKey-4e71ae9e-b464-4854-b8c4-79ac50e4a59a
8556 NT AUTHORITY\NETWORK SERVICE 199700/213672 5129432/5135320 168840/182568 102 1249 0.0 2025-10-25 03:17:43 10259 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1508 -stopkey:Global\ExchangeStopKey-f1935237-5596-4b37-8287-3a5945aa363c -resetkey:Global\ExchangeResetKey-4cfa68d8-2fef-4be2-b01b-9c03bbad2560 -readykey:Global\ExchangeReadyKey-ce94a5d0-02b1-4111-a7ac-e1646315ab29 -hangkey:Global\ExchangeHangKey-deffb41d-b4d5-472a-b7bb-4827b07e68bb -startUpProgressKey:Global\ExchangeProgressKey-044ad2bc-ac68-49d7-966a-df15c5e3fbc7
8572 NT AUTHORITY\NETWORK SERVICE 10808/10848 2151757412/2151759460 6224/6300 8 87 0.0 2025-10-25 03:17:43 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4
25252 Window Manager\DWM-2 37924/103112 2151983964/2152080232 10504/37888 28 670 0.0 2025-10-27 18:35:10 6461 dwm "dwm.exe"
25744 CEDA\058091 19780/20128 2151828496/2151839776 3312/3668 17 426 0.0 2025-10-27 18:35:11 6461 rdpclip rdpclip
24948 NT AUTHORITY\SYSTEM 10712/10764 2151757660/2151762780 2024/2280 10 151 0.0 2025-10-27 18:35:12 6461 SVC:camsvc C:\Windows\system32\svchost.exe -k appmodel -p -s camsvc
6656 NT AUTHORITY\SYSTEM 127388/132480 5088632/5096216 127692/132616 50 788 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeTransportLogSearch "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransportLogSearch.exe"
6616 NT AUTHORITY\SYSTEM 376540/393908 5499940/5592336 354612/381676 105 2253 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeFlighting "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Management.Flighting.Service.exe"
12728 NT AUTHORITY\SYSTEM 16436/16640 2151784784/2151786308 6400/6632 14 270 0.0 2025-10-25 03:18:48 10258 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -Embedding
6624 NT AUTHORITY\NETWORK SERVICE 106448/106600 5153468/5165052 124676/125004 53 859 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeThrottling "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeThrottling.exe"
26148 Unknown 8444/8580 2151749720/2151762020 1572/2000 9 174 0.0 2025-10-26 10:53:27 8363 SVC:WaaSMedicSvc
6676 NT AUTHORITY\NETWORK SERVICE 361456/373808 5499748/5570408 311440/328076 118 1835 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeDelivery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDelivery.exe"
23284 CEDA\058091 12248/13012 2151802068/2152070840 2152/3560 12 187 0.0 2025-10-27 18:35:11 6461 taskhostw taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
6884 NT AUTHORITY\SYSTEM 182900/183564 5140096/5150900 166296/167048 138 1441 0.0 2025-10-25 03:17:33 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Logs\NodeRunner.log"
7536 NT AUTHORITY\SYSTEM 10824/10864 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:39 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4
22780 Unknown 11596/11956 2151758232/2151761304 2512/2684 11 195 0.0 2025-10-25 09:17:30 9899 SVC:SecurityHealthService
6752 NT AUTHORITY\SYSTEM 262552/263152 5466192/5578540 248900/259396 101 2148 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeMitigation "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Mitigation.Service.exe"
24800 CEDA\058091 5720/5800 81716/83252 1336/1564 9 94 0.0 2025-10-27 18:35:14 6461 TabTip32 /loadhooks /Parent:00000000000049b0
24192 Font Driver Host\UMFD-2 5020/5064 2151749484/2151751532 1596/1676 7 39 0.0 2025-10-27 18:35:10 6461 fontdrvhost "fontdrvhost.exe"
6812 NT AUTHORITY\SYSTEM 119992/120044 5002684/5011968 99732/99996 68 1056 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangePop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3Service.exe"
8816 CEDA\058091 56184/57524 2151989556/2152052044 13020/17336 27 575 0.0 2025-10-27 18:35:13 6461 StartMenuExperienceHost "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
17508 NT AUTHORITY\SYSTEM 14104/18628 2151762672/2151779500 5468/9648 10 159 0.0 2025-10-25 03:28:00 10248 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
17604 CEDA\058091 17152/18652 2151809436/2151815028 2936/3444 12 198 0.0 2025-10-27 18:35:13 6461 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding
13900 NT AUTHORITY\SYSTEM 12892/13368 2151768852/2151784164 2968/3752 15 235 0.0 2025-10-25 03:20:55 10255 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
13432 NT AUTHORITY\NETWORK SERVICE 108348/108428 5156220/5172732 124396/124564 52 1070 0.0 2025-10-25 03:19:07 10257 SVC:MSExchangeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransport.exe"
12668 NT AUTHORITY\LOCAL SERVICE 6684/6728 2151751744/2151756864 1588/1864 9 124 0.0 2025-10-25 03:20:48 10256 SVC:WdiServiceHost C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
12364 NT AUTHORITY\SYSTEM 16480/16660 2151780968/2151787124 5072/5532 17 324 0.0 2025-10-25 03:19:01 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\0b897a79-4faa-4818-9ceb-c726a775dd90 -parentPid 4048 -initEvent dc232686-0be4-4cda-8efa-0ddf4036b304 -replyEndpoint LRPC-2776256d2cb7c8d642
13004 CEDA\058091 13540/15368 2151795132/2151802716 2284/2932 12 222 0.0 2025-10-27 18:35:15 6461 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding
17628 NT AUTHORITY\SYSTEM 6732/6944 4267672/4271768 1948/2228 8 123 0.0 2025-11-01 02:00:03 256 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe"
15292 NT AUTHORITY\LOCAL SERVICE 13844/13956 2151779892/2151790140 2752/3128 14 235 0.0 2025-10-25 03:20:48 10256 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
16100 NT AUTHORITY\SYSTEM 15404/18620 2152339480/2152358060 8232/11428 21 282 0.0 2025-10-25 03:20:53 10255 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC
15420 NT AUTHORITY\NETWORK SERVICE 11760/13296 2151766336/2151769388 3152/4524 17 252 0.0 2025-10-25 03:20:49 10256 SVC:MSDTC C:\Windows\System32\msdtc.exe
15404 NT AUTHORITY\NETWORK SERVICE 17424/22128 2151811992/2151821900 4356/8632 18 291 0.0 2025-10-25 03:20:55 10255 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM
14108 NT AUTHORITY\NETWORK SERVICE 10880/10920 2151757412/2151759460 6224/6300 8 87 0.0 2025-10-25 03:19:10 10257 conhost \??\C:\Windows\system32\conhost.exe 0x4
14048 NT AUTHORITY\SYSTEM 248348/248420 2152823124/2152874576 249840/249980 98 2471 0.0 2025-10-25 03:20:24 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm41ae064e-49c8-4c61-b4ab-e1cf339fd0db -h "C:\inetpub\temp\apppools\MSExchangePowerShellFrontEndAppPool\MSExchangePowerShellFrontEndAppPool.config" -w "" -m 0
16212 NT AUTHORITY\SYSTEM 10060/18216 2151776044/2151802244 1912/2476 11 258 0.0 2025-10-27 18:35:10 6461 winlogon winlogon.exe
14232 NT AUTHORITY\SYSTEM 18336/97420 2151853052/2151884792 4624/84180 20 278 0.0 2025-10-25 03:19:06 10257 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
12360 NT AUTHORITY\SYSTEM 14068/14068 2151770496/2151772544 6632/6684 10 148 0.0 2025-11-01 02:00:03 256 conhost \??\C:\Windows\system32\conhost.exe 0x4
9212 NT AUTHORITY\SYSTEM 10812/10856 2151757412/2151759460 6216/6304 8 87 0.0 2025-10-25 03:17:48 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4
9164 NT AUTHORITY\SYSTEM 172996/192096 5065812/5111816 144492/172020 79 1173 0.0 2025-10-25 03:17:47 10259 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1524 -stopkey:Global\ExchangeStopKey-1dfd67aa-7b2f-42bd-9035-beadf1ba5d6c -resetkey:Global\ExchangeResetKey-2f4ee8c4-5fde-4a81-9012-092d6c2ae92a -readykey:Global\ExchangeReadyKey-26166fb7-2230-4314-94d1-8143279a6390 -hangkey:Global\ExchangeHangKey-95783275-511b-41ab-a225-493c58d615ca -startUpProgressKey:Global\ExchangeProgressKey-85bf6e89-910b-4737-89cd-41512d248272
9452 NT AUTHORITY\NETWORK SERVICE 10812/10856 2151757412/2151759460 6228/6316 8 87 0.0 2025-10-25 03:17:50 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4
18864 CEDA\058091 18860/18940 2151843640/2151847224 4184/4336 18 358 0.0 2025-10-27 18:35:14 6461 TabTip /QuitInfo:00000000000002B0;00000000000002CC;
8920 NT AUTHORITY\SYSTEM 212232/214788 2152804324/2152857448 220280/225488 89 1877 0.0 2025-10-25 03:20:17 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWACalendarAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm20815b27-824e-42ba-bf3b-a6ac900cc3d9 -h "C:\inetpub\temp\apppools\MSExchangeOWACalendarAppPool\MSExchangeOWACalendarAppPool.config" -w "" -m 0
19864 CEDA\058091 80236/98284 2152061484/2152107700 31564/51864 34 649 0.0 2025-10-27 18:35:14 6461 SearchApp "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
8928 NT AUTHORITY\SYSTEM 172824/177192 5145596/5194416 157168/161672 129 1132 0.0 2025-10-25 03:17:46 10259 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Logs\NodeRunner.log"
19336 CEDA\058091 27096/27308 2151829620/2151837436 5252/5728 17 326 0.0 2025-10-27 18:35:11 6461 SVC:WpnUserService_33b15775 C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s WpnUserService
12256 NT AUTHORITY\NETWORK SERVICE 20880/154632 4309728/4444844 8012/8900 16 449 0.0 2025-10-25 03:18:22 10258 updateservice "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\updateservice.exe" -Embedding
11736 NT AUTHORITY\NETWORK SERVICE 139412/139716 5066664/5079136 118772/120092 56 743 0.0 2025-10-25 03:18:42 10258 ForefrontActiveDirectoryConnector "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ForefrontActiveDirectoryConnector.exe" -Embedding
17700 NT AUTHORITY\SYSTEM 6772/6896 2151744736/2151754900 1352/1596 8 130 0.0 2025-10-26 10:53:12 8363 SVC:Appinfo C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
18000 NT AUTHORITY\SYSTEM 10996/11040 2152297960/2152309224 6268/6720 16 191 0.0 2025-10-25 03:28:01 10248 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
10188 NT AUTHORITY\SYSTEM 6884/7416 2151743632/2151760748 1776/2384 8 141 0.0 2025-11-01 02:20:41 236 WaSecAgentProv "C:\WindowsAzure\SecAgent\WaSecAgentProv.exe" -startPoll C:\WindowsAzure\Logs\ 168.63.129.16 5248000 3600000 21600000
18456 CEDA\058091 27152/49132 2151871816/2151893396 8372/26440 19 332 0.0 2025-10-27 18:35:14 6461 RuntimeBroker C:\Windows\System32\RuntimeBroker.exe -Embedding
10960 Unknown 7124/64496 2151769824/2151828184 2108/2544 14 288 0.0 2025-10-27 18:35:10 6461 csrss
18280 CEDA\058091 27692/28616 2151853404/2151859328 5348/5848 17 513 0.0 2025-10-27 18:35:11 6461 sihost sihost.exe
1872 NT AUTHORITY\NETWORK SERVICE 13312/13412 2151782300/2151797668 4200/4764 17 398 0.0 2025-10-25 03:17:28 10259 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1860 NT AUTHORITY\SYSTEM 43688/74188 2151871956/2151930160 23528/53084 30 596 0.0 2025-10-25 03:17:28 10259 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p
1924 NT AUTHORITY\NETWORK SERVICE 11196/11428 2151792708/2151802948 4828/5224 18 342 0.0 2025-10-25 03:17:28 10259 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
2016 NT AUTHORITY\SYSTEM 12636/13832 2151776128/2151789272 4700/5320 14 275 0.0 2025-10-25 03:20:48 10256 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
1944 NT AUTHORITY\SYSTEM 9004/9184 2151756996/2151766264 1996/2360 11 185 0.0 2025-10-25 03:17:28 10259 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1700 Window Manager\DWM-1 44796/45224 2151923448/2151925580 18712/25272 26 633 0.0 2025-10-25 03:17:28 10259 dwm "dwm.exe"
1676 NT AUTHORITY\SYSTEM 14124/14692 2151767352/2151780436 3188/3556 17 303 0.0 2025-10-25 03:17:28 10259 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1716 NT AUTHORITY\SYSTEM 13584/13768 2151777248/2151790560 2940/3368 13 228 0.0 2025-10-25 03:17:28 10259 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1732 NT AUTHORITY\LOCAL SERVICE 8692/8852 2151757420/2151771748 2356/2780 10 188 0.0 2025-10-25 03:17:28 10259 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1724 NT AUTHORITY\SYSTEM 6232/6276 2151749276/2151754400 1292/1472 8 162 0.0 2025-10-25 03:17:28 10259 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
2352 NT AUTHORITY\LOCAL SERVICE 6580/6616 2151754668/2151758764 1496/1624 8 153 0.0 2025-10-25 03:17:28 10259 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
2284 NT AUTHORITY\SYSTEM 7772/7864 2151751612/2151756220 1656/1912 9 171 0.0 2025-10-25 03:17:28 10259 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc
2360 NT AUTHORITY\LOCAL SERVICE 24216/29100 2151808632/2151820948 14356/18600 35 464 0.0 2025-10-25 03:17:28 10259 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
2452 NT AUTHORITY\NETWORK SERVICE 10740/10788 2151765544/2151775784 2536/2696 14 247 0.0 2025-10-25 03:17:28 10259 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
2372 NT AUTHORITY\LOCAL SERVICE 8316/8444 2151752644/2151759524 2260/2612 10 179 0.0 2025-10-25 03:17:28 10259 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
2072 NT AUTHORITY\SYSTEM 13320/13436 2151765532/2151777728 2224/2624 13 192 0.0 2025-10-25 03:17:28 10259 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
2020 NT AUTHORITY\SYSTEM 10328/10716 2151772888/2151778008 2052/2364 33 199 0.0 2025-10-25 03:17:28 10259 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService
2192 NT AUTHORITY\LOCAL SERVICE 7636/8840 2151792000/2151801044 1824/2508 11 166 0.0 2025-10-25 03:17:28 10259 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
2268 NT AUTHORITY\SYSTEM 256224/286428 2153055472/2153064404 281252/312504 129 1523 0.0 2025-10-25 03:22:17 10254 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRestAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmd82f1931-64f2-481d-9317-42ed3326568d -h "C:\inetpub\temp\apppools\MSExchangeRestAppPool\MSExchangeRestAppPool.config" -w "" -m 0
2220 NT AUTHORITY\LOCAL SERVICE 11440/11608 2151763640/2151789032 3140/3872 14 436 0.0 2025-10-25 03:17:28 10259 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1588 NT AUTHORITY\LOCAL SERVICE 10668/10884 2151749516/2151756684 6084/6464 30 187 0.0 2025-10-25 03:17:25 10259 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
744 Unknown 6056/6284 2151767968/2151773244 1892/2184 12 169 0.0 2025-10-25 03:17:23 10259 csrss
736 Unknown 7364/7428 2151749416/2151764400 1456/2152 12 155 0.0 2025-10-25 03:17:23 10259 wininit
808 NT AUTHORITY\SYSTEM 10612/15272 2151812880/2151826264 2548/6536 12 214 0.0 2025-10-25 03:17:23 10259 winlogon winlogon.exe
1016 NT AUTHORITY\SYSTEM 25324/25588 2151801400/2151827000 7956/8664 21 1099 0.0 2025-10-25 03:17:24 10259 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p
920 NT AUTHORITY\LOCAL SERVICE 9160/9400 2151753388/2151767724 1948/2928 12 298 0.0 2025-10-25 03:17:28 10259 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
516 Unknown 1276/1332 2151719588/2151728136 1128/1212 4 60 0.0 2025-10-25 03:17:20 10259 smss
116 Unknown 106596/209452 111624/211080 3548/145460 15 0 0.0 2025-10-25 03:17:19 10259 Registry
608 Font Driver Host\UMFD-1 4068/4108 2151747824/2151750896 1316/1424 7 39 0.0 2025-10-25 03:17:24 10259 fontdrvhost "fontdrvhost.exe"
652 Unknown 7328/7416 2151783204/2151787312 2524/2728 34 1012 0.0 2025-10-25 03:17:22 10259 csrss
612 Font Driver Host\UMFD-0 4180/4216 2151748276/2151751348 1396/1480 7 39 0.0 2025-10-25 03:17:24 10259 fontdrvhost "fontdrvhost.exe"
1360 NT AUTHORITY\SYSTEM 6564/6604 2151750056/2151754152 1484/1616 9 130 0.0 2025-10-25 03:17:25 10259 SVC:vmickvpexchange C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmickvpexchange
1252 NT AUTHORITY\LOCAL SERVICE 12364/12468 2151761324/2151768492 1728/2236 10 183 0.0 2025-10-25 03:17:25 10259 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1376 NT AUTHORITY\SYSTEM 6336/6372 2151749596/2151753692 1412/1560 8 113 0.0 2025-10-25 03:17:25 10259 SVC:vmicshutdown C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmicshutdown
1520 NT AUTHORITY\NETWORK SERVICE 15128/16436 2152040664/2152055516 4420/5868 27 403 0.0 2025-10-25 03:17:28 10259 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1424 NT AUTHORITY\LOCAL SERVICE 6452/6508 2151749600/2151752672 1408/1716 9 117 0.0 2025-10-25 03:17:25 10259 SVC:vmictimesync C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s vmictimesync
1124 NT AUTHORITY\NETWORK SERVICE 32492/92588 2151940336/2151990776 17140/82332 29 777 0.0 2025-10-25 03:17:25 10259 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService
1060 NT AUTHORITY\SYSTEM 11708/11920 2151763824/2151779184 2912/3428 15 375 0.0 2025-10-25 03:17:24 10259 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1168 NT AUTHORITY\LOCAL SERVICE 5776/5812 2151747812/2151750884 1332/1536 8 118 0.0 2025-10-25 03:17:25 10259 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1232 NT AUTHORITY\SYSTEM 10104/10164 2151756872/2151763016 1976/2416 12 208 0.0 2025-10-25 03:17:25 10259 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1176 NT AUTHORITY\LOCAL SERVICE 8768/8832 2151756024/2151758072 2048/2164 14 232 0.0 2025-10-25 03:17:25 10259 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time
4596 NT AUTHORITY\SYSTEM 6392/18384 2151739316/2151751056 1904/2872 7 89 0.0 2025-10-25 03:17:29 10259 AggregatorHost AggregatorHost.exe
4508 NT AUTHORITY\SYSTEM 13572/13648 2151776852/2151783532 3500/3896 24 447 0.0 2025-10-25 03:17:29 10259 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs
5804 NT AUTHORITY\SYSTEM 12848/12948 2152037920/2152043624 3676/3920 18 210 0.0 2025-10-25 03:17:31 10259 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
0 8/8 8/8 60/60 0 0 0.0 0 Idle
5892 NT AUTHORITY\NETWORK SERVICE 17764/17796 4781316/4787716 24916/25180 14 255 0.0 2025-10-25 03:17:31 10259 SVC:NetMsmqActivator "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
4328 NT AUTHORITY\SYSTEM 12696/12928 2151767572/2151773732 3488/3964 14 243 0.0 2025-10-25 03:19:01 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\5c6200cc-be32-4151-9aeb-c86e6b45737d -parentPid 4048 -initEvent da047c1b-407d-493e-9df8-fbf49702dd61 -replyEndpoint LRPC-2776256d2cb7c8d642
4312 NT AUTHORITY\SYSTEM 6124/6144 2151746792/2151752936 1340/1560 8 134 0.0 2025-10-25 03:17:29 10259 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
4372 NT AUTHORITY\LOCAL SERVICE 23604/23608 2152251452/2152252476 23140/23152 33 316 0.0 2025-10-25 03:17:29 10259 SVC:WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
4460 Unknown 12588/12964 2151777744/2151785976 4276/5308 11 208 0.0 2025-10-25 03:18:33 10258 SVC:WdNisSvc
4400 NT AUTHORITY\SYSTEM 12180/12288 2151756632/2151764824 1616/1876 9 139 0.0 2025-10-25 03:17:29 10259 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
6560 NT AUTHORITY\SYSTEM 138024/138948 5239748/5246916 145044/146068 60 1393 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeCompliance "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeCompliance.exe"
6552 NT AUTHORITY\SYSTEM 164212/164532 5240636/5243728 163588/164716 69 1057 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeIS "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Service.exe"
6576 NT AUTHORITY\SYSTEM 142164/143684 5211288/5275600 165468/165804 58 1578 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeFastSearch "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Search.Service.exe"
6600 NT AUTHORITY\SYSTEM 33196/33556 4840940/4847340 34868/35248 23 418 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeAntispamUpdate "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe"
6592 NT AUTHORITY\SYSTEM 192200/193280 5228396/5245464 162404/164132 77 1034 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeDagMgmt "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDagMgmt.exe"
6512 NT AUTHORITY\SYSTEM 119700/119732 5003676/5011936 99420/99692 68 946 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeImap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4Service.exe"
6504 NT AUTHORITY\SYSTEM 260116/264268 5525808/5537576 246580/251480 119 2370 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeServiceHost "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.ServiceHost.exe"
6520 NT AUTHORITY\NETWORK SERVICE 120428/120540 5001416/5011980 100052/100320 65 887 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeIMAP4BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe"
6544 NT AUTHORITY\SYSTEM 252008/257016 5379320/5507316 238884/244740 86 1637 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangeSubmission "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeSubmission.exe"
6528 NT AUTHORITY\NETWORK SERVICE 120984/121128 5002648/5011932 100656/100976 65 949 0.0 2025-10-25 03:17:33 10259 SVC:MSExchangePOP3BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe"
4224 NT AUTHORITY\SYSTEM 7252/7280 2155942752/2155950944 1792/1960 9 143 0.0 2025-10-25 03:17:29 10259 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
3092 NT AUTHORITY\SYSTEM 10996/11124 2152815240/2152829452 2856/3544 15 363 0.0 2025-10-25 03:17:28 10259 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
3068 NT AUTHORITY\SYSTEM 12636/12680 2151759132/2151764252 5164/5456 12 170 0.0 2025-10-25 03:17:28 10259 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc
3360 NT AUTHORITY\LOCAL SERVICE 38880/39088 4799140/4802468 34784/35076 37 536 0.0 2025-10-25 03:17:28 10259 SVC:NetPipeActivator/NetTcpActivator/NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
3436 NT AUTHORITY\SYSTEM 9308/9420 2151751800/2151756408 2276/2536 11 205 0.0 2025-10-25 03:17:28 10259 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer
3372 Unknown 29784/30140 2151811900/2151819004 16376/17504 19 1050 0.0 2025-10-25 03:17:28 10259 SVC:MDCoreSvc
2664 NT AUTHORITY\SYSTEM 10480/10520 2151763388/2151773796 2360/2584 16 246 0.0 2025-10-25 03:17:28 10259 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv
2472 NT AUTHORITY\SYSTEM 30236/30616 2151793208/2151798248 19884/20280 18 223 0.0 2025-10-25 03:17:28 10259 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
2680 NT AUTHORITY\SYSTEM 9728/9932 2151755720/2151774160 2420/3064 10 217 0.0 2025-10-25 03:17:28 10259 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
3032 NT AUTHORITY\SYSTEM 28468/30224 2151843092/2151861576 9236/11964 28 549 0.0 2025-10-25 03:17:28 10259 SVC:Spooler C:\Windows\System32\spoolsv.exe
2916 NT AUTHORITY\LOCAL SERVICE 7560/7652 2151746076/2151757340 1368/1800 8 126 0.0 2025-10-25 03:17:28 10259 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
4048 NT AUTHORITY\SYSTEM 33720/33788 2151815036/2151828992 13264/14280 38 1507 0.0 2025-10-25 03:17:29 10259 SVC:ClusSvc C:\Windows\Cluster\clussvc.exe -s
4040 NT AUTHORITY\LOCAL SERVICE 7688/7728 2151753416/2151761612 1708/2012 43 159 0.0 2025-10-25 03:17:29 10259 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc
4116 NT AUTHORITY\SYSTEM 10912/10952 2151757412/2151759460 6228/6304 8 87 0.0 2025-11-01 02:20:41 236 conhost \??\C:\Windows\system32\conhost.exe 0x4
4180 NT AUTHORITY\SYSTEM 17128/17520 4282816/4299280 9572/9804 13 232 0.0 2025-10-25 03:17:29 10259 SVC:SearchExchangeTracing "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\TraceService\sftracing.exe"
4140 NT AUTHORITY\SYSTEM 5796/5852 2151745496/2151751636 1228/1432 8 105 0.0 2025-10-25 03:17:29 10259 SVC:sacsvr C:\Windows\System32\svchost.exe -k netsvcs -p -s sacsvr
3800 NT AUTHORITY\NETWORK SERVICE 8032/9712 2151750728/2151755864 2144/3416 11 167 0.0 2025-10-25 03:17:30 10259 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
3676 NT AUTHORITY\SYSTEM 36796/36884 4901156/4913336 47756/47964 28 907 0.0 2025-10-25 03:17:28 10259 SVC:MSExchangeHMRecovery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMRecovery.exe"
3832 NT AUTHORITY\NETWORK SERVICE 15296/15344 2151802324/2151805396 5936/6344 33 392 0.0 2025-10-25 03:17:28 10259 SVC:MSMQ C:\Windows\system32\mqsvc.exe
4032 NT AUTHORITY\LOCAL SERVICE 7456/7500 2151751820/2151757964 1644/1796 9 154 0.0 2025-10-25 03:17:29 10259 SVC:pla C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s pla
3856 NT AUTHORITY\SYSTEM 16100/16156 2151777984/2151779520 7824/9140 19 388 0.0 2025-10-25 03:17:28 10259 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs
| 