[collector:] client az-mbox2.ceda.unina2.it.powershell powershell XymonPS [date] Sat 01 Nov 06:16:35 2025 [clock] epoch: 1761974195 local: Sat 01 Nov 06:16:35 2025 UTC: Sat 01 Nov 05:16:35 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 4 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0000608s Root Dispersion: 0.0100002s ReferenceId: 0x564D5450 (source IP: 86.77.84.80) Last Successful Sync Time: 11/1/2025 6:16:21 AM Source: VM IC Time Synchronization Provider Poll Interval: 6 (64s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter Azure Edition (build 20348) [cpu] up: 7 days, 0 users, 168 procs, load=2.63% CPU states: total 2.63% cores: 4 CPU PID Image Name Pri Time MemUsage 1.0% 1432 SVC:EventLog 8 07:09:15 28260k 0.5% 13496 powershell 8 00:05:21 135112k 0.4% 7044 SVC:MSComplianceAudit 8 01:41:36 210800k 0.1% 2648 taskhostw 6 00:51:03 90616k 0.1% 4000 SVC:WinDefend 8 01:20:57 268500k 0.1% 900 SVC:KeyIso/Netlogon/SamSs 9 00:45:33 90576k 0.1% 14204 EdgeTransport 8 00:21:55 1020700k 0.1% 8740 MSExchangeHMWorker 8 00:31:05 525656k 0.0% 13100 w3wp 8 00:09:21 638452k 0.0% 1320 SVC:MSExchangeDiagnostics 8 00:16:19 207128k 0.0% 4556 SVC:DPS 8 00:15:40 25200k 0.0% 4048 SVC:WindowsAzureGuestAgent 8 00:04:16 67664k 0.0% 3836 SVC:MSExchangeHM 8 00:08:07 144724k 0.0% 880 services 9 00:12:28 16088k 0.0% 7036 SVC:MSExchangeEdgeSync 8 00:07:51 105032k 0.0% 1556 LogonUI 13 00:01:25 46304k 0.0% 10928 w3wp 8 00:04:06 267084k 0.0% 1680 SVC:Dhcp 8 00:00:55 8520k 0.0% 2020 SVC:Schedule 8 00:02:16 16688k 0.0% 1896 SVC:Dnscache 8 00:01:42 11188k 0.0% 7020 SVC:MSExchangeFrontEndTranspor 8 00:07:36 279588k 0.0% 3272 SVC:Winmgmt 8 00:02:35 23700k 0.0% 5980 w3wp 8 00:01:45 411880k 0.0% 6948 SVC:MSExchangeSubmission 8 00:04:49 190676k 0.0% 7640 noderunner 8 00:07:56 589400k 0.0% 5832 SVC:MSExchangeDelivery 8 00:02:38 192460k 0.0% 3016 SVC:FMS 8 00:08:07 17788k 0.0% 7124 SVC:MSExchangeRepl 10 00:05:38 209040k 0.0% 4 System 8 00:08:01 112k 0.0% 2260 w3wp 8 00:02:27 225840k 0.0% 7012 SVC:MSExchangeMailboxReplicati 8 00:00:48 240016k 0.0% 17032 SVC:XymonPSClient 8 00:00:00 6712k 0.0% 7028 SVC:MSExchangeIS 8 00:00:08 161456k 0.0% 6996 SVC:MSExchangeRPC 8 00:01:33 180616k 0.0% 6980 SVC:MSExchangeServiceHost 8 00:02:44 237960k 0.0% 7004 SVC:MSExchangeIMAP4BE 8 00:00:05 120076k 0.0% 17424 conhost 8 00:00:00 10900k 0.0% 16580 SVC:MSExchangeImap4 8 00:00:07 120040k 0.0% 7076 SVC:MSExchangeFastSearch 8 00:00:07 141396k 0.0% 14696 Microsoft.Exchange.Store.Worke 8 00:00:59 876968k 0.0% 7084 SVC:MSExchangeTransportLogSear 8 00:00:30 128148k 0.0% 7068 SVC:MSExchangeMitigation 8 00:00:37 268352k 0.0% 14744 conhost 8 00:00:00 14072k 0.0% 7052 SVC:MSExchangeCompliance 8 00:00:05 136276k 0.0% 7060 SVC:MSExchangeFlighting 8 00:01:07 361740k 0.0% 6184 SVC:MSExchangeMailboxAssistant 8 00:00:04 244292k 0.0% 6208 dllhost 8 00:00:00 12796k 0.0% 6344 w3wp 8 00:02:30 489140k 0.0% 6048 conhost 8 00:00:00 10908k 0.0% 23248 WaSecAgentProv 8 00:00:00 6764k 0.0% 5972 w3wp 8 00:00:43 185268k 0.0% 5988 w3wp 8 00:01:01 283456k 0.0% 6804 noderunner 8 00:00:31 182676k 0.0% 19684 SVC:SecurityHealthService 8 00:00:00 11984k 0.0% 6964 SVC:MSExchangeThrottling 8 00:00:01 106388k 0.0% 6972 SVC:MSExchangePOP3BE 8 00:00:06 119644k 0.0% 20160 SVC:StateRepository 8 00:00:00 12272k 0.0% 6896 Microsoft.Exchange.Pop3 8 00:00:11 147376k 0.0% 23052 SVC:Appinfo 8 00:00:00 6724k 0.0% 6956 SVC:MSExchangePop3 8 00:00:05 120096k 0.0% 7092 SVC:MSExchangeDagMgmt 8 00:00:09 192596k 0.0% 9316 w3wp 8 00:00:49 273144k 0.0% 13380 SVC:CDPSvc 8 00:00:00 12132k 0.0% 9384 w3wp 8 00:00:48 368992k 0.0% 13308 SVC:PcaSvc 8 00:00:00 12500k 0.0% 9228 conhost 8 00:00:00 10796k 0.0% 9152 SVC:DsSvc 8 00:00:09 11036k 0.0% 9308 w3wp 8 00:01:47 499748k 0.0% 9272 conhost 8 00:00:00 10792k 0.0% 12432 ForefrontActiveDirectoryConnec 8 00:00:05 139104k 0.0% 12788 scanningprocess 8 00:27:16 283996k 0.0% 12724 SVC:MSExchangeTransport 8 00:00:02 108516k 0.0% 12604 scanningprocess 8 00:07:35 179428k 0.0% 9700 SVC:TabletInputService 8 00:00:00 7800k 0.0% 9512 SVC:MSDTC 8 00:00:00 11712k 0.0% 11316 updateservice 8 00:05:51 20948k 0.0% 12940 SVC:StorSvc 8 00:00:01 15536k 0.0% 7872 Microsoft.Exchange.Imap4 8 00:00:31 185572k 0.0% 14372 Microsoft.Exchange.Imap4 8 00:02:07 189960k 0.0% 7884 noderunner 8 00:00:35 189128k 0.0% 14216 conhost 8 00:00:00 10872k 0.0% 14512 SVC:WinRM 8 00:00:01 17604k 0.0% 7100 SVC:MSExchangeAntispamUpdate 8 00:00:01 33292k 0.0% 7604 WmiPrvSE 8 00:00:00 9596k 0.0% 14412 SVC:UsoSvc 8 00:00:00 12832k 0.0% 13596 rhs 13 00:00:05 12848k 0.0% 8796 conhost 8 00:00:00 10804k 0.0% 9028 conhost 8 00:00:00 10784k 0.0% 8948 Microsoft.Exchange.Pop3 8 00:00:33 187832k 0.0% 8344 noderunner 8 00:00:20 171312k 0.0% 8184 w3wp 8 00:02:27 390140k 0.0% 8756 SVC:TokenBroker 8 00:00:00 16060k 0.0% 13936 SVC:WdiServiceHost 8 00:00:00 6664k 0.0% 1708 SVC:ProfSvc 8 00:00:00 13460k 0.0% 1664 dwm 13 00:00:03 44720k 0.0% 1724 SVC:gpsvc 8 00:00:02 13988k 0.0% 1716 SVC:Themes 8 00:00:00 6180k 0.0% 1628 SVC:nsi 8 00:00:02 10440k 0.0% 1392 SVC:vmictimesync 8 00:00:06 6380k 0.0% 1360 SVC:vmicshutdown 8 00:00:00 6280k 0.0% 1484 SVC:CertPropSvc 8 00:00:00 7308k 0.0% 1448 SVC:NlaSvc 8 00:00:00 13132k 0.0% 2160 SVC:ShellHWDetection 8 00:00:00 13128k 0.0% 2124 SVC:AppHostSvc 8 00:00:00 12632k 0.0% 2232 SVC:FontCache 8 00:00:00 7552k 0.0% 2208 SVC:LanmanWorkstation 8 00:00:52 10856k 0.0% 2088 SVC:WdNisSvc 8 00:00:38 14356k 0.0% 1844 SVC:UmRdpService 8 00:00:00 8468k 0.0% 1748 SVC:EventSystem 8 00:00:01 8608k 0.0% 2064 SVC:Wcmsvc 8 00:00:00 9120k 0.0% 1908 SVC:SENS 8 00:00:00 8824k 0.0% 1352 SVC:vmickvpexchange 8 00:00:29 6516k 0.0% 736 wininit 13 00:00:00 7276k 0.0% 656 csrss 13 00:00:13 7192k 0.0% 808 winlogon 13 00:00:00 10528k 0.0% 744 csrss 13 00:00:00 6056k 0.0% 580 fontdrvhost 8 00:00:00 4012k 0.0% 116 Registry 8 00:00:04 97620k 0.0% 0 Idle 0 8k 0.0% 576 fontdrvhost 8 00:00:00 4124k 0.0% 516 smss 11 00:00:00 1228k 0.0% 1240 SVC:TimeBrokerSvc 8 00:00:00 12292k 0.0% 1172 SVC:lmhosts 8 00:00:00 6648k 0.0% 1340 SVC:vmicheartbeat 8 00:01:35 12136k 0.0% 1248 SVC:NcbService 8 00:00:00 10032k 0.0% 1168 SVC:W32Time 8 00:00:06 8716k 0.0% 1016 SVC:BrokerInfrastructure/DcomL 8 00:00:20 25160k 0.0% 952 SVC:RpcEptMapper/RpcSs 8 00:02:08 41656k 0.0% 1120 SVC:TermService 8 00:00:17 27588k 0.0% 1052 SVC:LSM 8 00:00:07 11120k 0.0% 2300 SVC:CoreMessagingRegistrar 8 00:00:00 6512k 0.0% 3912 SVC:TrkWks 8 00:00:00 6060k 0.0% 3900 scanningprocess 8 00:07:19 179860k 0.0% 4120 SVC:WpnService 8 00:00:00 12076k 0.0% 4080 SVC:WMSVC 8 00:00:00 23464k 0.0% 3892 SVC:SysMain 8 00:00:00 7128k 0.0% 3756 SVC:SearchExchangeTracing 8 00:01:06 16792k 0.0% 3684 SVC:RdAgent 8 00:03:02 94216k 0.0% 3880 SVC:sacsvr 8 00:00:00 5728k 0.0% 3828 SVC:MSExchangeHMRecovery 8 00:00:00 36860k 0.0% 5324 SVC:PolicyAgent 8 00:00:00 8008k 0.0% 4856 SVC:MSExchangeADTopology 8 00:01:27 154260k 0.0% 5724 w3wp 8 00:00:15 255348k 0.0% 5624 SVC:NetMsmqActivator 8 00:00:00 17784k 0.0% 4648 SVC:ClusSvc 13 00:01:43 33916k 0.0% 4468 SVC:UALSVC 8 00:00:09 15424k 0.0% 4272 rhs 13 00:00:00 16412k 0.0% 4604 AggregatorHost 8 00:00:02 7120k 0.0% 4504 SVC:RasMan 8 00:00:00 13492k 0.0% 3640 SVC:pla 8 00:00:02 7372k 0.0% 2756 SVC:UserManager 8 00:00:00 9468k 0.0% 2748 SVC:HostControllerService 8 00:01:53 94276k 0.0% 2876 SVC:DispBrokerDesktopSvc 8 00:00:00 7400k 0.0% 2788 SVC:DiagTrack 8 00:00:52 42848k 0.0% 2512 SVC:netprofm 8 00:00:02 11364k 0.0% 2400 SVC:WinHttpAutoProxySvc 8 00:00:07 8272k 0.0% 2352 SVC:BFE/mpssvc 8 00:00:10 23512k 0.0% 2504 SVC:CryptSvc 8 00:00:11 14964k 0.0% 2496 SVC:SessionEnv 8 00:00:00 10424k 0.0% 3580 SVC:W3SVC/WAS 8 00:00:35 16112k 0.0% 3556 SVC:LanmanServer 8 00:00:02 9300k 0.0% 3632 SVC:SstpSvc 8 00:00:00 7632k 0.0% 3588 SVC:MSMQ 8 00:00:00 15152k 0.0% 3496 SVC:NetPipeActivator/NetTcpAct 8 00:00:03 38580k 0.0% 3080 SVC:iphlpsvc 8 00:00:00 10536k 0.0% 3064 SVC:Spooler 8 00:00:09 27312k 0.0% 3484 SVC:MDCoreSvc 8 00:00:09 29600k 0.0% 3140 SVC:IISADMIN 8 00:02:43 30464k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 132589516 84715964 47873552 64% /FIXED/C:\ Windows 126.45\45.66 Exch-DB\Az-DB01 1073723388 134013752 939709636 12% /FIXED/C:\Exch-DB\Az-DB01\ Az-DB01 1023.98\896.18 [memory] memory Total Used physical: 32717 12838 virtual: 37581 19133 page: 4864 1344 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 163840000 207863 Security Circular 133103616 454923 System Circular 133103616 319572 Application [msgs:eventlog_Security] Information - 11/01/2025 06:16:17 - [5156] - Microsoft-Windows-Security-Auditing - The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 7020 Application Name: \device\harddiskvolume4\program files\microsoft\exchange server\v15\bin\msexchangefrontendtransport.exe Network Information: Direction: Inbound Source Address: 10.124.129.17 Source Port: 34980 Destination Address: 10.124.129.7 Destination Port: 25 Protocol: 6 Interface Index: 11 Filter Information: Filter Origin: Unknown Filter Run-Time ID: 183928 Layer Name: Receive/Accept Layer Run-Time ID: 44 Remote User ID: S-1-0-0 Remote Machine ID: S-1-0-0 Information - 11/01/2025 06:16:17 - [5156] - Microsoft-Windows-Security-Auditing - The Windows Filtering Platform has permitted a connection. Application Information: Process ID: 6956 Application Name: \device\harddiskvolume4\program files\microsoft\exchange server\v15\frontend\popimap\microsoft.exchange.pop3service.exe Network Information: Direction: Inbound Source Address: 10.124.129.17 Source Port: 34614 Destination Address: 10.124.129.7 Destination Port: 995 Protocol: 6 Interface Index: 11 Filter Information: Filter Origin: Unknown Filter Run-Time ID: 183928 Layer Name: Receive/Accept Layer Run-Time ID: 44 Remote User ID: S-1-0-0 Remote Machine ID: S-1-0-0 [msgs:eventlog_System] [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 1432 NT AUTHORITY\LOCAL SERVICE 28260/41164 2151802208/2152336840 23248/37392 18 567 1.0 2025-10-25 03:15:45 10261 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 13496 NT AUTHORITY\SYSTEM 135112/206680 2152415392/2152456480 117180/189828 37 564 0.5 2025-11-01 02:00:03 256 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 7044 NT AUTHORITY\SYSTEM 210800/246000 5267780/5318728 206180/245056 68 1107 0.4 2025-10-25 03:15:55 10260 SVC:MSComplianceAudit "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ComplianceAuditService.exe" 2648 NT AUTHORITY\SYSTEM 90616/101056 2152496088/2186089232 101824/109456 72 2072 0.1 2025-10-25 03:15:49 10260 taskhostw taskhostw.exe ExploitGuardPolicy 4000 Unknown 268500/1130800 2152939136/2154072420 308320/1146744 241 886 0.1 2025-10-25 03:15:49 10260 SVC:WinDefend 900 NT AUTHORITY\SYSTEM 90576/111616 2151880484/2151883592 73532/94828 40 31366 0.1 2025-10-25 03:15:44 10261 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe 14204 NT AUTHORITY\NETWORK SERVICE 1020700/1728284 24260104/24467944 1310728/1842648 132 5101 0.1 2025-10-25 03:17:24 10259 EdgeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\edgetransport.exe" -pipe:2880 -stopkey:Global\ExchangeStopKey-22303d25-6ba7-4c14-851a-8ff7388552f3 -resetkey:Global\ExchangeResetKey-f8871e04-ec1b-4aed-9b04-89458b55d972 -readykey:Global\ExchangeReadyKey-b1501133-5df3-4335-acdf-ada1f863d76d -hangkey:Global\ExchangeHangKey-34bdb270-0191-47e3-8969-c4d01fc69999 -startUpProgressKey:Global\ExchangeProgressKey-d0754c2b-7955-4811-b90d-c53015e8955c -workerListening 8740 NT AUTHORITY\SYSTEM 525656/654252 5826892/5867568 458772/588096 168 4145 0.1 2025-10-25 03:16:03 10260 MSExchangeHMWorker "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe" -pipe:3760 -stopkey:Global\ExchangeStopKey-3d947ddc-662f-4ef0-a8c0-eee5ec5acacf -resetkey:Global\ExchangeResetKey-7f921d83-f11a-4ad4-a289-212e2c23ed87 -readykey:Global\ExchangeReadyKey-24784294-44bc-4588-b826-281fdbd492f9 -hangkey:Global\ExchangeHangKey-74ce37e9-2772-46a9-a9c4-e3e2fef3d403 -startUpProgressKey:Global\ExchangeProgressKey-e1560923-2ed3-45f2-89bd-58b61fcfa9b0 -workerListening 13100 NT AUTHORITY\SYSTEM 638452/761688 2153333056/2153350272 580416/703732 225 2188 0.0 2025-10-25 03:18:23 10258 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm0af2a6eb-7379-4ee8-9b62-4a8aa8c428a0 -h "C:\inetpub\temp\apppools\MSExchangePowerShellAppPool\MSExchangePowerShellAppPool.config" -w "" -m 0 1320 NT AUTHORITY\SYSTEM 207128/271676 5307512/5351756 217392/292952 103 2493 0.0 2025-10-25 03:19:10 10257 SVC:MSExchangeDiagnostics "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe" 4556 NT AUTHORITY\LOCAL SERVICE 25200/30608 2151841412/2152121740 23788/26624 20 317 0.0 2025-10-25 03:19:09 10257 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 4048 NT AUTHORITY\SYSTEM 67664/85012 4899568/4933112 50224/67664 37 629 0.0 2025-10-25 03:15:50 10260 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190106\WindowsAzureGuestAgent.exe 3836 NT AUTHORITY\SYSTEM 144724/146432 5211312/5226640 144384/145904 62 1021 0.0 2025-10-25 03:15:49 10260 SVC:MSExchangeHM "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMHost.exe" 880 Unknown 16088/18148 2151768116/2152315592 7568/14560 16 805 0.0 2025-10-25 03:15:44 10261 services 7036 NT AUTHORITY\SYSTEM 105032/107484 5035052/5039148 97200/100024 46 663 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeEdgeSync "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe" 1556 NT AUTHORITY\SYSTEM 46304/49956 2151966624/2151972344 11452/18132 26 455 0.0 2025-10-25 03:15:45 10261 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3ac7855 /state1:0x41c64e6d 10928 NT AUTHORITY\SYSTEM 267084/327964 2152924800/2152994092 270140/341256 117 1273 0.0 2025-10-25 03:20:02 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiMailboxAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config" -a \\.\pipe\iisipmab8cd8e4-1f65-462a-9cd3-d4f7f016c2d8 -h "C:\inetpub\temp\apppools\MSExchangeMapiMailboxAppPool\MSExchangeMapiMailboxAppPool.config" -w "" -m 0 1680 NT AUTHORITY\LOCAL SERVICE 8520/8700 2151758472/2151769736 2516/3232 12 241 0.0 2025-10-25 03:15:49 10260 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 2020 NT AUTHORITY\SYSTEM 16688/62700 2151863240/2151879920 5904/61796 20 381 0.0 2025-10-25 03:15:49 10260 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule 1896 NT AUTHORITY\NETWORK SERVICE 11188/11480 2151800900/2151812172 5008/5300 19 360 0.0 2025-10-25 03:15:49 10260 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache 7020 NT AUTHORITY\SYSTEM 279588/452696 22882712/22993048 438288/592788 90 1891 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeFrontEndTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeFrontendTransport.exe" 3272 NT AUTHORITY\SYSTEM 23700/30796 2151837684/2151860696 12440/19680 18 394 0.0 2025-10-25 03:15:49 10260 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 5980 NT AUTHORITY\SYSTEM 411880/412156 2153280436/2153285116 424412/424452 208 3137 0.0 2025-10-25 03:15:52 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWAAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmdf81ec9d-97b3-41cd-9d68-11955436a381 -h "C:\inetpub\temp\apppools\MSExchangeOWAAppPool\MSExchangeOWAAppPool.config" -w "" -m 0 6948 NT AUTHORITY\SYSTEM 190676/193044 5321892/5427360 192712/196908 76 1492 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeSubmission "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeSubmission.exe" 7640 NT AUTHORITY\SYSTEM 589400/666416 24174928/24183116 701028/783804 240 2106 0.0 2025-10-25 03:15:58 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\ResourceProfile\contentengine\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Logs\NodeRunner.log" --applicationbase "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0" 5832 NT AUTHORITY\NETWORK SERVICE 192460/195908 5264384/5415736 190412/196836 80 1212 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeDelivery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDelivery.exe" 3016 NT AUTHORITY\SYSTEM 17788/18212 4294116/4295832 8108/8492 15 345 0.0 2025-10-25 03:15:49 10260 SVC:FMS "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\FMS.exe" 7124 NT AUTHORITY\SYSTEM 209040/213892 6029120/6033256 259076/264368 117 1887 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeRepl "C:\Program Files\Microsoft\Exchange Server\V15\Bin\msexchangerepl.exe" 4 Unknown 112/1876 3968/15296 36/56 0 3080 0.0 2025-10-25 03:15:40 10261 System 2260 NT AUTHORITY\SYSTEM 225840/225856 2152809136/2152809904 236420/236460 125 1139 0.0 2025-10-25 03:18:52 10257 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyAppPool_CLRConfig.config" -a \\.\pipe\iisipm4007e47c-65a5-4d21-9310-1cb5f7195ff9 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyAppPool\MSExchangeRpcProxyAppPool.config" -w "" -m 0 7012 NT AUTHORITY\SYSTEM 240016/263340 13890288/13896944 328692/352616 74 1633 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeMailboxReplication "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxReplication.exe" 17032 NT AUTHORITY\SYSTEM 6712/6952 4267672/4272792 1960/2272 8 123 0.0 2025-11-01 02:00:03 256 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe" 7028 NT AUTHORITY\SYSTEM 161456/162036 5241672/5244744 162516/163272 68 974 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeIS "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Service.exe" 6996 NT AUTHORITY\SYSTEM 180616/181572 5293076/5301344 173908/174728 75 1146 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeRPC "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.RpcClientAccess.Service.exe" 6980 NT AUTHORITY\SYSTEM 237960/243868 5490952/5502048 227876/235440 111 2285 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeServiceHost "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.ServiceHost.exe" 7004 NT AUTHORITY\NETWORK SERVICE 120076/120156 5002428/5011968 99784/100092 65 807 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeIMAP4BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe" 17424 NT AUTHORITY\SYSTEM 10900/10940 2151757412/2151759460 6224/6312 8 87 0.0 2025-11-01 02:19:08 237 conhost \??\C:\Windows\system32\conhost.exe 0x4 16580 NT AUTHORITY\SYSTEM 120040/120172 5001416/5012232 99240/99560 67 884 0.0 2025-10-25 03:38:53 10237 SVC:MSExchangeImap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4Service.exe" 7076 NT AUTHORITY\SYSTEM 141396/142964 5211508/5268040 165652/165732 59 2033 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeFastSearch "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Search.Service.exe" 14696 NT AUTHORITY\SYSTEM 876968/885608 6607416/6642096 1024080/1036124 90 1107 0.0 2025-10-25 03:19:30 10257 Microsoft.Exchange.Store.Worker "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Worker.exe" -id:59fc8808-844b-4244-a2bb-6a83f1ba6f3e -dag:35ceee8a-1604-4bb6-bd1a-765ff0ac7606 -pipe:1852 -readykey:Global\WorkerReadyKey-0983da83-8c01-4db2-9120-89069bb10727 7084 NT AUTHORITY\SYSTEM 128148/128452 5088864/5096032 127232/128568 50 788 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeTransportLogSearch "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransportLogSearch.exe" 7068 NT AUTHORITY\SYSTEM 268352/269164 5482960/5626564 251560/272256 103 2313 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeMitigation "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Mitigation.Service.exe" 14744 NT AUTHORITY\SYSTEM 14072/14072 2151770496/2151772544 6648/6696 10 148 0.0 2025-11-01 02:00:03 256 conhost \??\C:\Windows\system32\conhost.exe 0x4 7052 NT AUTHORITY\SYSTEM 136276/138416 5236684/5245900 143580/145920 60 1272 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeCompliance "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeCompliance.exe" 7060 NT AUTHORITY\SYSTEM 361740/377480 5493680/5642456 338932/364688 104 2216 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeFlighting "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Management.Flighting.Service.exe" 6184 NT AUTHORITY\SYSTEM 244292/244396 5534416/5538300 268324/268476 84 2444 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeMailboxAssistants "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe" 6208 NT AUTHORITY\SYSTEM 12796/12900 2152037920/2152043652 3688/3904 18 210 0.0 2025-10-25 03:15:52 10260 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} 6344 NT AUTHORITY\SYSTEM 489140/508572 2161604240/2161605264 490620/502896 184 2949 0.0 2025-10-25 03:15:53 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeSyncAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeSyncAppPool_CLRConfig.config" -a \\.\pipe\iisipm2abe2521-d27d-4eb7-aeb2-2b510d1cba34 -h "C:\inetpub\temp\apppools\MSExchangeSyncAppPool\MSExchangeSyncAppPool.config" -w "" -m 0 6048 NT AUTHORITY\SYSTEM 10908/10964 2151757412/2151760480 6232/6344 8 87 0.0 2025-10-25 03:38:54 10237 conhost \??\C:\Windows\system32\conhost.exe 0x4 23248 NT AUTHORITY\SYSTEM 6764/7356 2151743632/2151760016 1532/2192 8 142 0.0 2025-11-01 02:19:08 237 WaSecAgentProv "C:\WindowsAzure\SecAgent\WaSecAgentProv.exe" -startPoll C:\WindowsAzure\Logs\ 168.63.129.16 5248000 3600000 21600000 5972 NT AUTHORITY\SYSTEM 185268/191104 2152803584/2152860660 199964/210068 86 1846 0.0 2025-10-25 03:15:52 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOABAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm0f42cc76-70c7-4c2d-825f-32bb24fff634 -h "C:\inetpub\temp\apppools\MSExchangeOABAppPool\MSExchangeOABAppPool.config" -w "" -m 0 5988 NT AUTHORITY\SYSTEM 283456/283568 2152887844/2152889004 274636/274772 130 2050 0.0 2025-10-25 03:15:52 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeECPAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm4504a3b2-6105-48f3-ba4e-e730ccb29b63 -h "C:\inetpub\temp\apppools\MSExchangeECPAppPool\MSExchangeECPAppPool.config" -w "" -m 0 6804 NT AUTHORITY\SYSTEM 182676/182760 5143400/5149980 166256/166444 132 1579 0.0 2025-10-25 03:15:55 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Logs\NodeRunner.log" 19684 Unknown 11984/12092 2151758232/2151761304 2568/2724 11 195 0.0 2025-10-28 04:30:50 5865 SVC:SecurityHealthService 6964 NT AUTHORITY\NETWORK SERVICE 106388/106484 5155552/5165088 124352/124560 53 1133 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeThrottling "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeThrottling.exe" 6972 NT AUTHORITY\NETWORK SERVICE 119644/119732 5002408/5011948 99320/99676 65 836 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangePOP3BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe" 20160 NT AUTHORITY\SYSTEM 12272/16800 2151759484/2151779712 4708/8268 10 149 0.0 2025-10-26 10:53:35 8363 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository 6896 NT AUTHORITY\SYSTEM 147376/191376 5040192/5110108 123480/171936 71 1226 0.0 2025-10-25 03:16:07 10260 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1532 -stopkey:Global\ExchangeStopKey-61ef957d-42d1-4037-b309-614c764dd61a -resetkey:Global\ExchangeResetKey-3599abf3-bd72-4617-875d-0ff33c206c9d -readykey:Global\ExchangeReadyKey-1254c1de-2e4a-4cba-b020-c8351e9ec113 -hangkey:Global\ExchangeHangKey-4e6439ce-f04e-4169-b39e-f17bbcc1fe2b -startUpProgressKey:Global\ExchangeProgressKey-b2186131-3596-40b4-b76a-9c27af01a010 23052 NT AUTHORITY\SYSTEM 6724/6872 2151744736/2151754900 1324/1600 8 125 0.0 2025-10-26 10:53:37 8363 SVC:Appinfo C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo 6956 NT AUTHORITY\SYSTEM 120096/120296 5001328/5011892 99808/100224 67 975 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangePop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3Service.exe" 7092 NT AUTHORITY\SYSTEM 192596/196784 5228664/5245732 161012/165692 77 958 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeDagMgmt "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDagMgmt.exe" 9316 NT AUTHORITY\SYSTEM 273144/612368 2170269660/2170304224 301908/652228 98 2089 0.0 2025-10-25 03:16:07 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmf190cda7-8c5b-4dce-b445-a9bbfff55736 -h "C:\inetpub\temp\apppools\MSExchangeMapiFrontEndAppPool\MSExchangeMapiFrontEndAppPool.config" -w "" -m 0 13380 NT AUTHORITY\LOCAL SERVICE 12132/12192 2151774400/2151788736 2372/2932 12 204 0.0 2025-10-25 03:19:09 10257 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc 9384 NT AUTHORITY\SYSTEM 368992/558792 2170248492/2170295992 419976/599088 88 1837 0.0 2025-10-25 03:16:08 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmf5456a3c-e95a-4189-8828-6e1af36ddaa3 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyFrontEndAppPool\MSExchangeRpcProxyFrontEndAppPool.config" -w "" -m 0 13308 NT AUTHORITY\SYSTEM 12500/13624 2151776128/2151790296 4620/5260 14 265 0.0 2025-10-25 03:19:10 10257 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 9228 NT AUTHORITY\SYSTEM 10796/10856 2151757412/2151760484 6248/6360 8 87 0.0 2025-10-25 03:16:07 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4 9152 NT AUTHORITY\SYSTEM 11036/11076 2152300008/2152309224 6368/6748 16 192 0.0 2025-10-25 11:15:50 9780 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 9308 NT AUTHORITY\SYSTEM 499748/650344 2153500476/2153502012 528420/659148 221 3628 0.0 2025-10-25 03:16:07 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeServicesAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm6debd7f8-3ee7-4efc-b01d-62135ab0c2bc -h "C:\inetpub\temp\apppools\MSExchangeServicesAppPool\MSExchangeServicesAppPool.config" -w "" -m 0 9272 NT AUTHORITY\NETWORK SERVICE 10792/10852 2151757412/2151760484 6236/6352 8 87 0.0 2025-10-25 03:16:07 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4 12432 NT AUTHORITY\NETWORK SERVICE 139104/139364 5066904/5079120 118680/119864 56 903 0.0 2025-10-25 03:16:53 10259 ForefrontActiveDirectoryConnector "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ForefrontActiveDirectoryConnector.exe" -Embedding 12788 NT AUTHORITY\LOCAL SERVICE 283996/1123016 5479520/6323568 624708/1446064 301 852 0.0 2025-10-25 03:17:05 10259 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 12724 NT AUTHORITY\NETWORK SERVICE 108516/108604 5157504/5171712 124512/124696 52 1176 0.0 2025-10-25 03:17:18 10259 SVC:MSExchangeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransport.exe" 12604 NT AUTHORITY\LOCAL SERVICE 179428/976836 5378436/6224464 555336/1374020 290 556 0.0 2025-10-25 03:17:05 10259 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 9700 NT AUTHORITY\SYSTEM 7800/7868 2151747752/2151755088 1508/1756 10 159 0.0 2025-10-26 10:53:36 8363 SVC:TabletInputService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService 9512 NT AUTHORITY\NETWORK SERVICE 11712/13200 2151766336/2151769380 3160/4464 17 252 0.0 2025-10-25 03:19:10 10257 SVC:MSDTC C:\Windows\System32\msdtc.exe 11316 NT AUTHORITY\NETWORK SERVICE 20948/154568 4309728/4444844 8448/8892 16 451 0.0 2025-10-25 03:16:38 10260 updateservice "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\updateservice.exe" -Embedding 12940 NT AUTHORITY\SYSTEM 15536/16080 2151778076/2151792412 3316/4164 14 254 0.0 2025-10-25 03:17:18 10259 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 7872 NT AUTHORITY\NETWORK SERVICE 185572/192088 5082684/5109900 154876/171640 93 1142 0.0 2025-10-25 03:16:07 10260 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1492 -stopkey:Global\ExchangeStopKey-faa7b5ee-ce6d-47e3-99b2-02f9d355dd70 -resetkey:Global\ExchangeResetKey-9dc9e7bd-f182-43e2-864a-772db50d51ee -readykey:Global\ExchangeReadyKey-4dc66b81-cb60-497e-b244-39c8ea09c4ad -hangkey:Global\ExchangeHangKey-f5d9416a-fb2a-4933-b1e0-c40d7492dbef -startUpProgressKey:Global\ExchangeProgressKey-0b81d06b-375f-48a2-ba22-9be8cd200fc5 14372 NT AUTHORITY\SYSTEM 189960/204060 5065212/5109736 147556/171496 80 1220 0.0 2025-10-25 03:38:54 10237 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1512 -stopkey:Global\ExchangeStopKey-877ce66b-2af2-4779-98fe-1e677846f659 -resetkey:Global\ExchangeResetKey-eda206fa-a8dd-4529-9792-dd23dc70626d -readykey:Global\ExchangeReadyKey-fb75282a-c1e2-4ba7-9ecf-68b20386c446 -hangkey:Global\ExchangeHangKey-0af90441-8c80-4c50-99be-ce1e13e9374f -startUpProgressKey:Global\ExchangeProgressKey-e5b669b5-a8fb-4478-8eb9-caaad60c9764 7884 NT AUTHORITY\SYSTEM 189128/189800 6034500/6084972 175336/175516 160 1633 0.0 2025-10-25 03:15:58 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Logs\NodeRunner.log" 14216 NT AUTHORITY\NETWORK SERVICE 10872/10916 2151757412/2151759460 6228/6312 8 87 0.0 2025-10-25 03:17:24 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4 14512 NT AUTHORITY\NETWORK SERVICE 17604/22388 2151813544/2151821900 4492/8760 18 294 0.0 2025-10-25 03:19:16 10257 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM 7100 NT AUTHORITY\SYSTEM 33292/33444 4841920/4848320 34980/35168 23 613 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeAntispamUpdate "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe" 7604 NT AUTHORITY\SYSTEM 9596/9668 2151752248/2151757080 2416/5988 11 172 0.0 2025-11-01 05:37:52 38 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -Embedding 14412 NT AUTHORITY\SYSTEM 12832/13200 2151768852/2151784212 2912/3792 15 236 0.0 2025-10-25 03:19:16 10257 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 13596 NT AUTHORITY\SYSTEM 12848/12968 2151769108/2151774228 3540/3860 15 249 0.0 2025-10-25 03:19:02 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\1381e993-700b-46e8-b5c0-cdfcb4365420 -parentPid 4648 -initEvent 7394bf27-af8c-44cd-9090-2a2dce431090 -replyEndpoint LRPC-53caccf56a051a464b 8796 NT AUTHORITY\SYSTEM 10804/10844 2151757412/2151759460 6240/6328 8 87 0.0 2025-10-25 03:16:03 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4 9028 NT AUTHORITY\NETWORK SERVICE 10784/10844 2151757412/2151760484 6240/6352 8 87 0.0 2025-10-25 03:16:05 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4 8948 NT AUTHORITY\NETWORK SERVICE 187832/192796 5087096/5110152 155688/171840 93 1202 0.0 2025-10-25 03:16:04 10260 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1492 -stopkey:Global\ExchangeStopKey-db3054fd-3ec4-4e26-a2f0-5ae079a6ace6 -resetkey:Global\ExchangeResetKey-458cfa04-7215-41dd-be5e-fc3a5e79794d -readykey:Global\ExchangeReadyKey-afae800f-8ec0-41e9-9dc6-43d767220fea -hangkey:Global\ExchangeHangKey-e7eb2b90-958a-42a0-8fc4-451907eb80a8 -startUpProgressKey:Global\ExchangeProgressKey-67a3acc8-6772-4549-8857-59ddfb9f0b37 8344 NT AUTHORITY\SYSTEM 171312/171996 5144720/5185028 155640/155780 129 1133 0.0 2025-10-25 03:16:01 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Logs\NodeRunner.log" 8184 NT AUTHORITY\SYSTEM 390140/396868 2153047808/2153049344 367132/384392 180 2797 0.0 2025-10-25 03:16:07 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeAutodiscoverAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm3a5eab29-8cb1-4659-8142-cc693facec3f -h "C:\inetpub\temp\apppools\MSExchangeAutodiscoverAppPool\MSExchangeAutodiscoverAppPool.config" -w "" -m 0 8756 NT AUTHORITY\SYSTEM 16060/21864 2151782176/2151813676 3048/4024 13 225 0.0 2025-10-26 10:53:36 8363 SVC:TokenBroker C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker 13936 NT AUTHORITY\LOCAL SERVICE 6664/6704 2151751744/2151756864 1584/1884 9 124 0.0 2025-10-25 03:19:10 10257 SVC:WdiServiceHost C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost 1708 NT AUTHORITY\SYSTEM 13460/13568 2151779296/2151788512 2904/3268 13 225 0.0 2025-10-25 03:15:49 10260 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc 1664 Window Manager\DWM-1 44720/45000 2151923448/2151925052 18764/24580 26 631 0.0 2025-10-25 03:15:49 10260 dwm "dwm.exe" 1724 NT AUTHORITY\SYSTEM 13988/14608 2151768376/2151779412 3064/3488 17 278 0.0 2025-10-25 03:15:49 10260 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc 1716 NT AUTHORITY\SYSTEM 6180/6204 2151751324/2151754400 1344/1472 8 128 0.0 2025-10-25 03:15:49 10260 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes 1628 NT AUTHORITY\LOCAL SERVICE 10440/10604 2151749516/2151756684 5916/6232 30 185 0.0 2025-10-25 03:15:49 10260 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi 1392 NT AUTHORITY\LOCAL SERVICE 6380/6412 2151750624/2151752672 1508/1720 9 117 0.0 2025-10-25 03:15:45 10261 SVC:vmictimesync C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s vmictimesync 1360 NT AUTHORITY\SYSTEM 6280/6316 2151751644/2151755740 1464/1596 9 113 0.0 2025-10-25 03:15:45 10261 SVC:vmicshutdown C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmicshutdown 1484 NT AUTHORITY\SYSTEM 7308/7324 2151752136/2151754696 1556/1704 9 158 0.0 2025-10-25 03:15:49 10260 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc 1448 NT AUTHORITY\NETWORK SERVICE 13132/13260 2151781920/2151799336 4152/4784 17 396 0.0 2025-10-25 03:15:49 10260 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc 2160 NT AUTHORITY\SYSTEM 13128/13228 2151767488/2151777728 2196/2520 13 185 0.0 2025-10-25 03:15:49 10260 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 2124 NT AUTHORITY\SYSTEM 12632/12644 2151761180/2151764252 5272/5448 12 170 0.0 2025-10-25 03:15:49 10260 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc 2232 NT AUTHORITY\LOCAL SERVICE 7552/8776 2151783804/2151800148 1780/2512 10 141 0.0 2025-10-25 03:15:49 10260 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache 2208 NT AUTHORITY\NETWORK SERVICE 10856/10920 2151765720/2151773912 2520/2668 14 247 0.0 2025-10-25 03:15:49 10260 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 2088 Unknown 14356/14660 2151789024/2151792160 6768/7120 13 216 0.0 2025-10-25 03:16:53 10259 SVC:WdNisSvc 1844 NT AUTHORITY\SYSTEM 8468/9724 2151758592/2151775588 1624/1888 10 151 0.0 2025-10-25 03:15:49 10260 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 1748 NT AUTHORITY\LOCAL SERVICE 8608/8708 2151759468/2151771748 2380/2632 11 183 0.0 2025-10-25 03:15:49 10260 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem 2064 NT AUTHORITY\LOCAL SERVICE 9120/9412 2151753388/2151769772 1948/3104 12 300 0.0 2025-10-25 03:15:49 10260 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 1908 NT AUTHORITY\SYSTEM 8824/8952 2151755972/2151765240 1936/2252 11 179 0.0 2025-10-25 03:15:49 10260 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS 1352 NT AUTHORITY\SYSTEM 6516/6556 2151752104/2151756200 1548/1684 9 130 0.0 2025-10-25 03:15:45 10261 SVC:vmickvpexchange C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmickvpexchange 736 Unknown 7276/7400 2151749416/2151764400 1412/2028 11 155 0.0 2025-10-25 03:15:43 10261 wininit 656 Unknown 7192/7264 2151782436/2151785516 2424/2620 33 986 0.0 2025-10-25 03:15:42 10261 csrss 808 NT AUTHORITY\SYSTEM 10528/15256 2151812880/2151826264 2524/6508 12 214 0.0 2025-10-25 03:15:44 10261 winlogon winlogon.exe 744 Unknown 6056/6304 2151767968/2151773244 1956/2512 12 169 0.0 2025-10-25 03:15:43 10261 csrss 580 Font Driver Host\UMFD-1 4012/4056 2151747824/2151750896 1316/1416 7 39 0.0 2025-10-25 03:15:44 10261 fontdrvhost "fontdrvhost.exe" 116 Unknown 97620/209460 108740/211140 3744/145620 14 0 0.0 2025-10-25 03:15:39 10261 Registry 0 8/8 8/8 60/60 0 0 0.0 0 Idle 576 Font Driver Host\UMFD-0 4124/4164 2151748276/2151751348 1372/1476 7 39 0.0 2025-10-25 03:15:44 10261 fontdrvhost "fontdrvhost.exe" 516 Unknown 1228/1332 2151719588/2151728136 1120/1204 4 57 0.0 2025-10-25 03:15:40 10261 smss 1240 NT AUTHORITY\LOCAL SERVICE 12292/12372 2151762348/2151768492 1812/2224 10 177 0.0 2025-10-25 03:15:45 10261 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1172 NT AUTHORITY\LOCAL SERVICE 6648/6684 2151754268/2151757340 1588/1824 10 140 0.0 2025-10-25 03:15:45 10261 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 1340 NT AUTHORITY\SYSTEM 12136/12184 2151771048/2151777316 2940/3112 16 219 0.0 2025-10-25 03:15:45 10261 SVC:vmicheartbeat C:\Windows\system32\svchost.exe -k ICService -p -s vmicheartbeat 1248 NT AUTHORITY\SYSTEM 10032/10092 2151758920/2151763964 2032/2472 12 209 0.0 2025-10-25 03:15:45 10261 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1168 NT AUTHORITY\LOCAL SERVICE 8716/8792 2151755512/2151758072 1976/2156 14 232 0.0 2025-10-25 03:15:45 10261 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time 1016 NT AUTHORITY\SYSTEM 25160/25380 2151803448/2151827000 7932/8796 21 986 0.0 2025-10-25 03:15:44 10261 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p 952 NT AUTHORITY\NETWORK SERVICE 41656/41668 2151796584/2151803752 34848/34896 25 1337 0.0 2025-10-25 03:15:44 10261 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p 1120 NT AUTHORITY\NETWORK SERVICE 27588/52592 2151866320/2151910372 14332/44732 26 751 0.0 2025-10-25 03:15:45 10261 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService 1052 NT AUTHORITY\SYSTEM 11120/11504 2151762448/2151777992 2668/3168 15 303 0.0 2025-10-25 03:15:45 10261 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM 2300 NT AUTHORITY\LOCAL SERVICE 6512/6548 2151756716/2151760812 1508/1640 8 125 0.0 2025-10-25 03:15:49 10260 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p 3912 NT AUTHORITY\SYSTEM 6060/6096 2151746792/2151750888 1332/1504 8 134 0.0 2025-10-25 03:15:49 10260 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 3900 NT AUTHORITY\LOCAL SERVICE 179860/977336 5378480/6224540 555836/1374312 290 556 0.0 2025-10-25 03:17:05 10259 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding 4120 NT AUTHORITY\SYSTEM 12076/12220 2151758680/2151766872 1616/1968 9 137 0.0 2025-10-25 03:15:50 10260 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService 4080 NT AUTHORITY\LOCAL SERVICE 23464/23480 2152251432/2152252456 23080/23108 25 316 0.0 2025-10-25 03:15:50 10260 SVC:WMSVC C:\Windows\system32\inetsrv\wmsvc.exe 3892 NT AUTHORITY\SYSTEM 7128/7184 2155944800/2155952992 1780/1976 9 143 0.0 2025-10-25 03:15:49 10260 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 3756 NT AUTHORITY\SYSTEM 16792/17300 4282816/4299024 9292/9640 13 240 0.0 2025-10-25 03:15:49 10260 SVC:SearchExchangeTracing "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\TraceService\sftracing.exe" 3684 NT AUTHORITY\SYSTEM 94216/142644 4884852/4953484 78820/128484 48 1578 0.0 2025-10-25 03:15:49 10260 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190106\WaAppAgent.exe 3880 NT AUTHORITY\SYSTEM 5728/5748 2151747544/2151749592 1280/1376 8 105 0.0 2025-10-25 03:15:49 10260 SVC:sacsvr C:\Windows\System32\svchost.exe -k netsvcs -p -s sacsvr 3828 NT AUTHORITY\SYSTEM 36860/36916 4903156/4913288 47936/48060 28 878 0.0 2025-10-25 03:15:49 10260 SVC:MSExchangeHMRecovery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMRecovery.exe" 5324 NT AUTHORITY\NETWORK SERVICE 8008/9516 2151752776/2151756872 2224/3400 11 167 0.0 2025-10-25 03:15:51 10260 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent 4856 NT AUTHORITY\SYSTEM 154260/154516 5213860/5224356 158664/159084 90 1469 0.0 2025-10-25 03:15:50 10260 SVC:MSExchangeADTopology "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe" 5724 NT AUTHORITY\SYSTEM 255348/286236 2153054460/2153063392 280644/312204 130 1539 0.0 2025-10-25 03:20:58 10255 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRestAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm9ab2d935-1be5-4a02-8c2c-81e29216fba0 -h "C:\inetpub\temp\apppools\MSExchangeRestAppPool\MSExchangeRestAppPool.config" -w "" -m 0 5624 NT AUTHORITY\NETWORK SERVICE 17784/17804 4782280/4787656 24964/25208 14 262 0.0 2025-10-25 03:15:51 10260 SVC:NetMsmqActivator "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator 4648 NT AUTHORITY\SYSTEM 33916/34316 2151814524/2151828736 13664/14736 38 1022 0.0 2025-10-25 03:15:50 10260 SVC:ClusSvc C:\Windows\Cluster\clussvc.exe -s 4468 NT AUTHORITY\SYSTEM 15424/18724 2152339480/2152360108 8316/11760 21 282 0.0 2025-10-25 03:19:14 10257 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC 4272 NT AUTHORITY\SYSTEM 16412/16564 2151780968/2151786612 4992/5392 17 324 0.0 2025-10-25 03:19:02 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\05f584dd-097b-4d27-87c6-f7e4d2139ec6 -parentPid 4648 -initEvent 3236c9b5-771f-47a0-99e4-eb35381a6983 -replyEndpoint LRPC-53caccf56a051a464b 4604 NT AUTHORITY\SYSTEM 7120/18404 2151739792/2151751056 2424/2756 7 97 0.0 2025-10-25 03:15:51 10260 AggregatorHost AggregatorHost.exe 4504 NT AUTHORITY\SYSTEM 13492/13536 2151775828/2151781484 3464/3796 24 432 0.0 2025-10-25 03:15:50 10260 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs 3640 NT AUTHORITY\LOCAL SERVICE 7372/7396 2151751820/2151755916 1620/1744 9 158 0.0 2025-10-25 03:15:49 10260 SVC:pla C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s pla 2756 NT AUTHORITY\SYSTEM 9468/9804 2151757428/2151775184 2392/3036 10 202 0.0 2025-10-25 03:15:49 10260 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager 2748 NT AUTHORITY\SYSTEM 94276/97548 5226580/5239316 68800/70088 66 967 0.0 2025-10-25 03:15:49 10260 SVC:HostControllerService "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe" 2876 NT AUTHORITY\LOCAL SERVICE 7400/7508 2151748124/2151757340 1436/1816 9 123 0.0 2025-10-25 03:15:49 10260 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 2788 NT AUTHORITY\SYSTEM 42848/72400 2151870320/2151889464 22900/53160 29 585 0.0 2025-10-25 03:15:49 10260 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p 2512 NT AUTHORITY\LOCAL SERVICE 11364/11532 2151766712/2151786984 3192/3716 15 422 0.0 2025-10-25 03:15:49 10260 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm 2400 NT AUTHORITY\LOCAL SERVICE 8272/8424 2151752644/2151759524 2296/2648 10 180 0.0 2025-10-25 03:15:49 10260 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 2352 NT AUTHORITY\LOCAL SERVICE 23512/26612 2151803512/2151823864 13744/16180 34 458 0.0 2025-10-25 03:15:49 10260 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 2504 NT AUTHORITY\NETWORK SERVICE 14964/16468 2152040664/2152053640 4268/5964 27 397 0.0 2025-10-25 03:15:49 10260 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc 2496 NT AUTHORITY\SYSTEM 10424/10460 2151765436/2151775300 2392/2568 17 245 0.0 2025-10-25 03:15:49 10260 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 3580 NT AUTHORITY\SYSTEM 16112/16140 2151780032/2151780544 8796/9248 19 372 0.0 2025-10-25 03:15:49 10260 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs 3556 NT AUTHORITY\SYSTEM 9300/9396 2151752824/2151755404 2324/2536 11 205 0.0 2025-10-25 03:15:49 10260 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer 3632 NT AUTHORITY\LOCAL SERVICE 7632/7660 2151755464/2151761612 1752/1988 43 159 0.0 2025-10-25 03:15:49 10260 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc 3588 NT AUTHORITY\NETWORK SERVICE 15152/15200 2151802324/2151805396 5872/6360 32 392 0.0 2025-10-25 03:15:49 10260 SVC:MSMQ C:\Windows\system32\mqsvc.exe 3496 NT AUTHORITY\LOCAL SERVICE 38580/38840 4799112/4804044 34524/34868 34 441 0.0 2025-10-25 03:15:49 10260 SVC:NetPipeActivator/NetTcpActivator/NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 3080 NT AUTHORITY\SYSTEM 10536/10612 2152813900/2152829044 2704/3480 15 354 0.0 2025-10-25 03:15:49 10260 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 3064 NT AUTHORITY\SYSTEM 27312/29228 2151842604/2151860992 8864/12096 28 524 0.0 2025-10-25 03:15:49 10260 SVC:Spooler C:\Windows\System32\spoolsv.exe 3484 Unknown 29600/30504 2151811868/2151818020 16084/16980 19 1050 0.0 2025-10-25 03:15:49 10260 SVC:MDCoreSvc 3140 NT AUTHORITY\SYSTEM 30464/30644 2151793720/2151798856 20056/20300 18 226 0.0 2025-10-25 03:15:49 10260 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe [netstat] PacketsReceived=23486954 ReceivedHeaderErrors=0 ReceivedAddressErrors=34 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=634 ReceivedPacketsDelivered=23489220 OutputRequests=28381230 RoutingDiscards=0 DiscardedOutputPackets=3 OutputPacketNoRoute=3 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=287955 ReceivedHeaderErrors=0 ReceivedAddressErrors=104 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=13 ReceivedPacketsDelivered=288057 OutputRequests=259782 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=742405 tcpPassiveOpens=1925028 tcpFailedConnectionAttempts=1236328 tcpResetConnections=125493 tcpCurrentConnections=129 tcpSegmentsReceived=27624159 tcpSegmentsSent=32511125 tcpSegmentsRetransmitted=88207 tcpActiveOpens=183471 tcpPassiveOpens=183465 tcpFailedConnectionAttempts=24392 tcpResetConnections=185571 tcpCurrentConnections=166 tcpSegmentsReceived=9413588 tcpSegmentsSent=9322010 tcpSegmentsRetransmitted=20 udpDatagramsReceived=1573196 udpNoPorts=634 udpReceiveErrors=0 udpDatagramsSent=1543956 udpDatagramsReceived=93 udpNoPorts=13 udpReceiveErrors=0 udpDatagramsSent=244 [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : Az-mbox2 Primary Dns Suffix . . . . . . . : ceda.unina2.it Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : ceda.unina2.it reddog.microsoft.com Ethernet adapter Ethernet 3: Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter #2 Physical Address. . . . . . . . . : 00-22-48-81-F3-FC DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6e0b:13d7:72ec:4952%11(Preferred) IPv4 Address. . . . . . . . . . . : 10.124.129.7(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Saturday, October 25, 2025 2:15:49 AM Lease Expires . . . . . . . . . . : Tuesday, December 8, 2161 12:44:49 PM Default Gateway . . . . . . . . . : 10.124.129.1 DHCP Server . . . . . . . . . . . : 168.63.129.16 DHCPv6 IAID . . . . . . . . . . . : 134226504 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-CD-EC-AA-00-22-48-88-8D-7D DNS Servers . . . . . . . . . . . : 10.124.1.4 10.124.1.5 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 10: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Failover Cluster Virtual Adapter Physical Address. . . . . . . . . : 02-E0-7A-2C-69-56 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::9107:86a8:1716:79d5%18(Preferred) IPv4 Address. . . . . . . . . . . : 169.254.2.120(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.0.0 Default Gateway . . . . . . . . . : DHCPv6 IAID . . . . . . . . . . . : 302135671 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2D-CD-EC-AA-00-22-48-88-8D-7D NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 11...00 22 48 81 f3 fc ......Microsoft Hyper-V Network Adapter #2 18...02 e0 7a 2c 69 56 ......Microsoft Failover Cluster Virtual Adapter 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.124.129.1 10.124.129.7 10 10.124.129.0 255.255.255.0 On-link 10.124.129.7 266 10.124.129.7 255.255.255.255 On-link 10.124.129.7 266 10.124.129.255 255.255.255.255 On-link 10.124.129.7 266 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 168.63.129.16 255.255.255.255 10.124.129.1 10.124.129.7 11 169.254.0.0 255.255.0.0 On-link 169.254.2.120 271 169.254.2.120 255.255.255.255 On-link 169.254.2.120 271 169.254.169.254 255.255.255.255 10.124.129.1 10.124.129.7 11 169.254.255.255 255.255.255.255 On-link 169.254.2.120 271 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.124.129.7 266 224.0.0.0 240.0.0.0 On-link 169.254.2.120 271 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.124.129.7 266 255.255.255.255 255.255.255.255 On-link 169.254.2.120 271 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 11 266 fe80::/64 On-link 18 271 fe80::/64 On-link 11 266 fe80::6e0b:13d7:72ec:4952/128 On-link 18 271 fe80::9107:86a8:1716:79d5/128 On-link 1 331 ff00::/8 On-link 11 266 ff00::/8 On-link 18 271 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.124.129.7 31167604192 20894079596 169.254.2.120 41566062 46491391 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual started Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) aspnet_state manual stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AxInstSV disabled stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service c2wts manual stopped Claims to Windows Token Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) ClusSvc automatic started Cluster Service COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CPrepSrv manual stopped CPrepSrv CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System FcSrv manual stopped FcSrv fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FMS automatic started Microsoft Filtering Management Service FontCache automatic started Windows Font Cache Service FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc hidserv manual stopped Human Interface Device Service HostControllerService automatic started Microsoft Exchange Search Host Controller HvHost manual stopped HV Host Service IISADMIN automatic started IIS Admin Service IKEEXT manual stopped IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService MDCoreSvc automatic started Microsoft Defender Core Service MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSComplianceAudit automatic started Microsoft Exchange Compliance Audit MSDTC automatic started Distributed Transaction Coordinator MSExchangeADTopology automatic started Microsoft Exchange Active Directory Topology MSExchangeAntispamUpdate automatic started Microsoft Exchange Anti-spam Update MSExchangeCompliance automatic started Microsoft Exchange Compliance Service MSExchangeDagMgmt automatic started Microsoft Exchange DAG Management MSExchangeDelivery automatic started Microsoft Exchange Mailbox Transport Delivery MSExchangeDiagnostics automatic started Microsoft Exchange Diagnostics MSExchangeEdgeSync automatic started Microsoft Exchange EdgeSync MSExchangeFastSearch automatic started Microsoft Exchange Search MSExchangeFlighting automatic started Microsoft Exchange Flighting Service MSExchangeFrontEndTransport automatic started Microsoft Exchange Frontend Transport MSExchangeHM automatic started Microsoft Exchange Health Manager MSExchangeHMRecovery automatic started Microsoft Exchange Health Manager Recovery MSExchangeImap4 automatic started Microsoft Exchange IMAP4 MSExchangeIMAP4BE automatic started Microsoft Exchange IMAP4 Backend MSExchangeIS automatic started Microsoft Exchange Information Store MSExchangeMailboxAssistants automatic started Microsoft Exchange Mailbox Assistants MSExchangeMailboxReplication automatic started Microsoft Exchange Mailbox Replication MSExchangeMitigation automatic started Microsoft Exchange Emergency Mitigation Service MSExchangePop3 automatic started Microsoft Exchange POP3 MSExchangePOP3BE automatic started Microsoft Exchange POP3 Backend MSExchangeRepl automatic started Microsoft Exchange Replication MSExchangeRPC automatic started Microsoft Exchange RPC Client Access MSExchangeServiceHost automatic started Microsoft Exchange Service Host MSExchangeSubmission automatic started Microsoft Exchange Mailbox Transport Submission MSExchangeThrottling automatic started Microsoft Exchange Throttling MSExchangeTransport automatic started Microsoft Exchange Transport MSExchangeTransportLogSearch automatic started Microsoft Exchange Transport Log Search MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MSMQ automatic started Message Queuing NcaSvc disabled stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections NetMsmqActivator automatic started Net.Msmq Listener Adapter NetPipeActivator automatic started Net.Pipe Listener Adapter netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpActivator automatic started Net.Tcp Listener Adapter NetTcpPortSharing automatic started Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla automatic started Performance Logs & Alerts PlugPlay manual started Plug and Play PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RdAgent automatic started RdAgent RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RPCHTTPLBS manual stopped RPC/HTTP Load Balancing Service RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual started Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy SearchExchangeTracing automatic started Tracing Service for Search in Exchange seclogon manual stopped Secondary Logon SecurityHealthService manual started Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager SmbWitness manual stopped SMB Witness smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv manual stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual started Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TargetMgr disabled stopped Target Manager TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual started Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual started Hyper-V Heartbeat Service vmickvpexchange manual started Hyper-V Data Exchange Service vmicshutdown manual started Hyper-V Guest Shutdown Service vmictimesync manual started Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS manual stopped Volume Shadow Copy W32Time automatic started Windows Time w3logsvc manual stopped W3C Logging Service W3SVC automatic started World Wide Web Publishing Service WaaSMedicSvc manual stopped Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WAS manual started Windows Process Activation Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual started Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service WindowsAzureGuestAgent automatic started Windows Azure Guest Agent WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WMSVC automatic started Web Management Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service wsbexchange manual stopped Microsoft Exchange Server Extension for Windows Server Backup WSearch disabled stopped Windows Search wuauserv manual stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 615635 7 days 3 hours 0 minutes 35 seconds Bootup: 20251025031543.498944+120 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 3 Total sessions disconnected: 1 Total sessions reconnected: 0 [users] [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :80: 127.0.0.1:80: ServerState 2 SecureBindings 127.0.0.1:443: :443: Exchange Back End IIS://localhost/W3SVC/2 SiteID: 2 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :81: ServerState 2 SecureBindings :444: [XymonConfig] XymonSettings serversList : 10.224.4.197 serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : az-mbox2.ceda.unina2.it clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableIISSection : 1 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : C:\Program Files\xymon clientlogretain : 0 XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 externalscriptlocation : C:\Program Files\xymon\ext externaldatalocation : C:\Program Files\xymon\tmp localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : 10.224.4.197 clientlogfile : C:\Program Files\xymon\xymonclient.log clientconfigfile : C:\Program Files\xymon\clientconfig.cfg clientfqdn : 1 clientlower : 1 clientbbwinmembug : 0 clientremotecfgexec : 1 HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname az-mbox2.ceda.unina2.it [XymonPSClientInfo] Collection number: 53 Last transmission method: TCP Id : 13496 Handles : 561 CPU : 326.828125 SI : 0 Name : powershell