Sat 01 Nov 06:16:35 2025 - Processes ok
 No process checks defined
PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command
1432 NT AUTHORITY\LOCAL SERVICE 28260/41164 2151802208/2152336840 23248/37392 18 567 1.0 2025-10-25 03:15:45 10261 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
13496 NT AUTHORITY\SYSTEM 135112/206680 2152415392/2152456480 117180/189828 37 564 0.5 2025-11-01 02:00:03 256 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1"
7044 NT AUTHORITY\SYSTEM 210800/246000 5267780/5318728 206180/245056 68 1107 0.4 2025-10-25 03:15:55 10260 SVC:MSComplianceAudit "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ComplianceAuditService.exe"
2648 NT AUTHORITY\SYSTEM 90616/101056 2152496088/2186089232 101824/109456 72 2072 0.1 2025-10-25 03:15:49 10260 taskhostw taskhostw.exe ExploitGuardPolicy
4000 Unknown 268500/1130800 2152939136/2154072420 308320/1146744 241 886 0.1 2025-10-25 03:15:49 10260 SVC:WinDefend
900 NT AUTHORITY\SYSTEM 90576/111616 2151880484/2151883592 73532/94828 40 31366 0.1 2025-10-25 03:15:44 10261 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe
14204 NT AUTHORITY\NETWORK SERVICE 1020700/1728284 24260104/24467944 1310728/1842648 132 5101 0.1 2025-10-25 03:17:24 10259 EdgeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\edgetransport.exe" -pipe:2880 -stopkey:Global\ExchangeStopKey-22303d25-6ba7-4c14-851a-8ff7388552f3 -resetkey:Global\ExchangeResetKey-f8871e04-ec1b-4aed-9b04-89458b55d972 -readykey:Global\ExchangeReadyKey-b1501133-5df3-4335-acdf-ada1f863d76d -hangkey:Global\ExchangeHangKey-34bdb270-0191-47e3-8969-c4d01fc69999 -startUpProgressKey:Global\ExchangeProgressKey-d0754c2b-7955-4811-b90d-c53015e8955c -workerListening
8740 NT AUTHORITY\SYSTEM 525656/654252 5826892/5867568 458772/588096 168 4145 0.1 2025-10-25 03:16:03 10260 MSExchangeHMWorker "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMWorker.exe" -pipe:3760 -stopkey:Global\ExchangeStopKey-3d947ddc-662f-4ef0-a8c0-eee5ec5acacf -resetkey:Global\ExchangeResetKey-7f921d83-f11a-4ad4-a289-212e2c23ed87 -readykey:Global\ExchangeReadyKey-24784294-44bc-4588-b826-281fdbd492f9 -hangkey:Global\ExchangeHangKey-74ce37e9-2772-46a9-a9c4-e3e2fef3d403 -startUpProgressKey:Global\ExchangeProgressKey-e1560923-2ed3-45f2-89bd-58b61fcfa9b0 -workerListening
13100 NT AUTHORITY\SYSTEM 638452/761688 2153333056/2153350272 580416/703732 225 2188 0.0 2025-10-25 03:18:23 10258 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangePowerShellAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm0af2a6eb-7379-4ee8-9b62-4a8aa8c428a0 -h "C:\inetpub\temp\apppools\MSExchangePowerShellAppPool\MSExchangePowerShellAppPool.config" -w "" -m 0
1320 NT AUTHORITY\SYSTEM 207128/271676 5307512/5351756 217392/292952 103 2493 0.0 2025-10-25 03:19:10 10257 SVC:MSExchangeDiagnostics "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Diagnostics.Service.exe"
4556 NT AUTHORITY\LOCAL SERVICE 25200/30608 2151841412/2152121740 23788/26624 20 317 0.0 2025-10-25 03:19:09 10257 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS
4048 NT AUTHORITY\SYSTEM 67664/85012 4899568/4933112 50224/67664 37 629 0.0 2025-10-25 03:15:50 10260 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190106\WindowsAzureGuestAgent.exe
3836 NT AUTHORITY\SYSTEM 144724/146432 5211312/5226640 144384/145904 62 1021 0.0 2025-10-25 03:15:49 10260 SVC:MSExchangeHM "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMHost.exe"
880 Unknown 16088/18148 2151768116/2152315592 7568/14560 16 805 0.0 2025-10-25 03:15:44 10261 services
7036 NT AUTHORITY\SYSTEM 105032/107484 5035052/5039148 97200/100024 46 663 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeEdgeSync "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe"
1556 NT AUTHORITY\SYSTEM 46304/49956 2151966624/2151972344 11452/18132 26 455 0.0 2025-10-25 03:15:45 10261 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3ac7855 /state1:0x41c64e6d
10928 NT AUTHORITY\SYSTEM 267084/327964 2152924800/2152994092 270140/341256 117 1273 0.0 2025-10-25 03:20:02 10256 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiMailboxAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiMailboxAppPool_CLRConfig.config" -a \\.\pipe\iisipmab8cd8e4-1f65-462a-9cd3-d4f7f016c2d8 -h "C:\inetpub\temp\apppools\MSExchangeMapiMailboxAppPool\MSExchangeMapiMailboxAppPool.config" -w "" -m 0
1680 NT AUTHORITY\LOCAL SERVICE 8520/8700 2151758472/2151769736 2516/3232 12 241 0.0 2025-10-25 03:15:49 10260 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
2020 NT AUTHORITY\SYSTEM 16688/62700 2151863240/2151879920 5904/61796 20 381 0.0 2025-10-25 03:15:49 10260 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1896 NT AUTHORITY\NETWORK SERVICE 11188/11480 2151800900/2151812172 5008/5300 19 360 0.0 2025-10-25 03:15:49 10260 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
7020 NT AUTHORITY\SYSTEM 279588/452696 22882712/22993048 438288/592788 90 1891 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeFrontEndTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeFrontendTransport.exe"
3272 NT AUTHORITY\SYSTEM 23700/30796 2151837684/2151860696 12440/19680 18 394 0.0 2025-10-25 03:15:49 10260 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
5980 NT AUTHORITY\SYSTEM 411880/412156 2153280436/2153285116 424412/424452 208 3137 0.0 2025-10-25 03:15:52 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOWAAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipmdf81ec9d-97b3-41cd-9d68-11955436a381 -h "C:\inetpub\temp\apppools\MSExchangeOWAAppPool\MSExchangeOWAAppPool.config" -w "" -m 0
6948 NT AUTHORITY\SYSTEM 190676/193044 5321892/5427360 192712/196908 76 1492 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeSubmission "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeSubmission.exe"
7640 NT AUTHORITY\SYSTEM 589400/666416 24174928/24183116 701028/783804 240 2106 0.0 2025-10-25 03:15:58 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\ResourceProfile\contentengine\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\ContentEngineNode1\Logs\NodeRunner.log" --applicationbase "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0"
5832 NT AUTHORITY\NETWORK SERVICE 192460/195908 5264384/5415736 190412/196836 80 1212 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeDelivery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDelivery.exe"
3016 NT AUTHORITY\SYSTEM 17788/18212 4294116/4295832 8108/8492 15 345 0.0 2025-10-25 03:15:49 10260 SVC:FMS "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\FMS.exe"
7124 NT AUTHORITY\SYSTEM 209040/213892 6029120/6033256 259076/264368 117 1887 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeRepl "C:\Program Files\Microsoft\Exchange Server\V15\Bin\msexchangerepl.exe"
4 Unknown 112/1876 3968/15296 36/56 0 3080 0.0 2025-10-25 03:15:40 10261 System
2260 NT AUTHORITY\SYSTEM 225840/225856 2152809136/2152809904 236420/236460 125 1139 0.0 2025-10-25 03:18:52 10257 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyAppPool_CLRConfig.config" -a \\.\pipe\iisipm4007e47c-65a5-4d21-9310-1cb5f7195ff9 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyAppPool\MSExchangeRpcProxyAppPool.config" -w "" -m 0
7012 NT AUTHORITY\SYSTEM 240016/263340 13890288/13896944 328692/352616 74 1633 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeMailboxReplication "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxReplication.exe"
17032 NT AUTHORITY\SYSTEM 6712/6952 4267672/4272792 1960/2272 8 123 0.0 2025-11-01 02:00:03 256 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe"
7028 NT AUTHORITY\SYSTEM 161456/162036 5241672/5244744 162516/163272 68 974 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeIS "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Service.exe"
6996 NT AUTHORITY\SYSTEM 180616/181572 5293076/5301344 173908/174728 75 1146 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeRPC "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.RpcClientAccess.Service.exe"
6980 NT AUTHORITY\SYSTEM 237960/243868 5490952/5502048 227876/235440 111 2285 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeServiceHost "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.ServiceHost.exe"
7004 NT AUTHORITY\NETWORK SERVICE 120076/120156 5002428/5011968 99784/100092 65 807 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeIMAP4BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4Service.exe"
17424 NT AUTHORITY\SYSTEM 10900/10940 2151757412/2151759460 6224/6312 8 87 0.0 2025-11-01 02:19:08 237 conhost \??\C:\Windows\system32\conhost.exe 0x4
16580 NT AUTHORITY\SYSTEM 120040/120172 5001416/5012232 99240/99560 67 884 0.0 2025-10-25 03:38:53 10237 SVC:MSExchangeImap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4Service.exe"
7076 NT AUTHORITY\SYSTEM 141396/142964 5211508/5268040 165652/165732 59 2033 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeFastSearch "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Search.Service.exe"
14696 NT AUTHORITY\SYSTEM 876968/885608 6607416/6642096 1024080/1036124 90 1107 0.0 2025-10-25 03:19:30 10257 Microsoft.Exchange.Store.Worker "C:\Program Files\Microsoft\Exchange Server\V15\bin\Microsoft.Exchange.Store.Worker.exe" -id:59fc8808-844b-4244-a2bb-6a83f1ba6f3e -dag:35ceee8a-1604-4bb6-bd1a-765ff0ac7606 -pipe:1852 -readykey:Global\WorkerReadyKey-0983da83-8c01-4db2-9120-89069bb10727
7084 NT AUTHORITY\SYSTEM 128148/128452 5088864/5096032 127232/128568 50 788 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeTransportLogSearch "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransportLogSearch.exe"
7068 NT AUTHORITY\SYSTEM 268352/269164 5482960/5626564 251560/272256 103 2313 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeMitigation "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Mitigation.Service.exe"
14744 NT AUTHORITY\SYSTEM 14072/14072 2151770496/2151772544 6648/6696 10 148 0.0 2025-11-01 02:00:03 256 conhost \??\C:\Windows\system32\conhost.exe 0x4
7052 NT AUTHORITY\SYSTEM 136276/138416 5236684/5245900 143580/145920 60 1272 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeCompliance "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeCompliance.exe"
7060 NT AUTHORITY\SYSTEM 361740/377480 5493680/5642456 338932/364688 104 2216 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeFlighting "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Management.Flighting.Service.exe"
6184 NT AUTHORITY\SYSTEM 244292/244396 5534416/5538300 268324/268476 84 2444 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeMailboxAssistants "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeMailboxAssistants.exe"
6208 NT AUTHORITY\SYSTEM 12796/12900 2152037920/2152043652 3688/3904 18 210 0.0 2025-10-25 03:15:52 10260 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
6344 NT AUTHORITY\SYSTEM 489140/508572 2161604240/2161605264 490620/502896 184 2949 0.0 2025-10-25 03:15:53 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeSyncAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeSyncAppPool_CLRConfig.config" -a \\.\pipe\iisipm2abe2521-d27d-4eb7-aeb2-2b510d1cba34 -h "C:\inetpub\temp\apppools\MSExchangeSyncAppPool\MSExchangeSyncAppPool.config" -w "" -m 0
6048 NT AUTHORITY\SYSTEM 10908/10964 2151757412/2151760480 6232/6344 8 87 0.0 2025-10-25 03:38:54 10237 conhost \??\C:\Windows\system32\conhost.exe 0x4
23248 NT AUTHORITY\SYSTEM 6764/7356 2151743632/2151760016 1532/2192 8 142 0.0 2025-11-01 02:19:08 237 WaSecAgentProv "C:\WindowsAzure\SecAgent\WaSecAgentProv.exe" -startPoll C:\WindowsAzure\Logs\ 168.63.129.16 5248000 3600000 21600000
5972 NT AUTHORITY\SYSTEM 185268/191104 2152803584/2152860660 199964/210068 86 1846 0.0 2025-10-25 03:15:52 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeOABAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm0f42cc76-70c7-4c2d-825f-32bb24fff634 -h "C:\inetpub\temp\apppools\MSExchangeOABAppPool\MSExchangeOABAppPool.config" -w "" -m 0
5988 NT AUTHORITY\SYSTEM 283456/283568 2152887844/2152889004 274636/274772 130 2050 0.0 2025-10-25 03:15:52 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeECPAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm4504a3b2-6105-48f3-ba4e-e730ccb29b63 -h "C:\inetpub\temp\apppools\MSExchangeECPAppPool\MSExchangeECPAppPool.config" -w "" -m 0
6804 NT AUTHORITY\SYSTEM 182676/182760 5143400/5149980 166256/166444 132 1579 0.0 2025-10-25 03:15:55 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\AdminNode1\Logs\NodeRunner.log"
19684 Unknown 11984/12092 2151758232/2151761304 2568/2724 11 195 0.0 2025-10-28 04:30:50 5865 SVC:SecurityHealthService
6964 NT AUTHORITY\NETWORK SERVICE 106388/106484 5155552/5165088 124352/124560 53 1133 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeThrottling "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeThrottling.exe"
6972 NT AUTHORITY\NETWORK SERVICE 119644/119732 5002408/5011948 99320/99676 65 836 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangePOP3BE "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3Service.exe"
20160 NT AUTHORITY\SYSTEM 12272/16800 2151759484/2151779712 4708/8268 10 149 0.0 2025-10-26 10:53:35 8363 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
6896 NT AUTHORITY\SYSTEM 147376/191376 5040192/5110108 123480/171936 71 1226 0.0 2025-10-25 03:16:07 10260 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1532 -stopkey:Global\ExchangeStopKey-61ef957d-42d1-4037-b309-614c764dd61a -resetkey:Global\ExchangeResetKey-3599abf3-bd72-4617-875d-0ff33c206c9d -readykey:Global\ExchangeReadyKey-1254c1de-2e4a-4cba-b020-c8351e9ec113 -hangkey:Global\ExchangeHangKey-4e6439ce-f04e-4169-b39e-f17bbcc1fe2b -startUpProgressKey:Global\ExchangeProgressKey-b2186131-3596-40b4-b76a-9c27af01a010
23052 NT AUTHORITY\SYSTEM 6724/6872 2151744736/2151754900 1324/1600 8 125 0.0 2025-10-26 10:53:37 8363 SVC:Appinfo C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
6956 NT AUTHORITY\SYSTEM 120096/120296 5001328/5011892 99808/100224 67 975 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangePop3 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Pop3Service.exe"
7092 NT AUTHORITY\SYSTEM 192596/196784 5228664/5245732 161012/165692 77 958 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeDagMgmt "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeDagMgmt.exe"
9316 NT AUTHORITY\SYSTEM 273144/612368 2170269660/2170304224 301908/652228 98 2089 0.0 2025-10-25 03:16:07 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeMapiFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeMapiFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmf190cda7-8c5b-4dce-b445-a9bbfff55736 -h "C:\inetpub\temp\apppools\MSExchangeMapiFrontEndAppPool\MSExchangeMapiFrontEndAppPool.config" -w "" -m 0
13380 NT AUTHORITY\LOCAL SERVICE 12132/12192 2151774400/2151788736 2372/2932 12 204 0.0 2025-10-25 03:19:09 10257 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
9384 NT AUTHORITY\SYSTEM 368992/558792 2170248492/2170295992 419976/599088 88 1837 0.0 2025-10-25 03:16:08 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRpcProxyFrontEndAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\MSExchangeRpcProxyFrontEndAppPool_CLRConfig.config" -a \\.\pipe\iisipmf5456a3c-e95a-4189-8828-6e1af36ddaa3 -h "C:\inetpub\temp\apppools\MSExchangeRpcProxyFrontEndAppPool\MSExchangeRpcProxyFrontEndAppPool.config" -w "" -m 0
13308 NT AUTHORITY\SYSTEM 12500/13624 2151776128/2151790296 4620/5260 14 265 0.0 2025-10-25 03:19:10 10257 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc
9228 NT AUTHORITY\SYSTEM 10796/10856 2151757412/2151760484 6248/6360 8 87 0.0 2025-10-25 03:16:07 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4
9152 NT AUTHORITY\SYSTEM 11036/11076 2152300008/2152309224 6368/6748 16 192 0.0 2025-10-25 11:15:50 9780 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
9308 NT AUTHORITY\SYSTEM 499748/650344 2153500476/2153502012 528420/659148 221 3628 0.0 2025-10-25 03:16:07 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeServicesAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm6debd7f8-3ee7-4efc-b01d-62135ab0c2bc -h "C:\inetpub\temp\apppools\MSExchangeServicesAppPool\MSExchangeServicesAppPool.config" -w "" -m 0
9272 NT AUTHORITY\NETWORK SERVICE 10792/10852 2151757412/2151760484 6236/6352 8 87 0.0 2025-10-25 03:16:07 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4
12432 NT AUTHORITY\NETWORK SERVICE 139104/139364 5066904/5079120 118680/119864 56 903 0.0 2025-10-25 03:16:53 10259 ForefrontActiveDirectoryConnector "C:\Program Files\Microsoft\Exchange Server\V15\Bin\ForefrontActiveDirectoryConnector.exe" -Embedding
12788 NT AUTHORITY\LOCAL SERVICE 283996/1123016 5479520/6323568 624708/1446064 301 852 0.0 2025-10-25 03:17:05 10259 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding
12724 NT AUTHORITY\NETWORK SERVICE 108516/108604 5157504/5171712 124512/124696 52 1176 0.0 2025-10-25 03:17:18 10259 SVC:MSExchangeTransport "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeTransport.exe"
12604 NT AUTHORITY\LOCAL SERVICE 179428/976836 5378436/6224464 555336/1374020 290 556 0.0 2025-10-25 03:17:05 10259 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding
9700 NT AUTHORITY\SYSTEM 7800/7868 2151747752/2151755088 1508/1756 10 159 0.0 2025-10-26 10:53:36 8363 SVC:TabletInputService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TabletInputService
9512 NT AUTHORITY\NETWORK SERVICE 11712/13200 2151766336/2151769380 3160/4464 17 252 0.0 2025-10-25 03:19:10 10257 SVC:MSDTC C:\Windows\System32\msdtc.exe
11316 NT AUTHORITY\NETWORK SERVICE 20948/154568 4309728/4444844 8448/8892 16 451 0.0 2025-10-25 03:16:38 10260 updateservice "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\updateservice.exe" -Embedding
12940 NT AUTHORITY\SYSTEM 15536/16080 2151778076/2151792412 3316/4164 14 254 0.0 2025-10-25 03:17:18 10259 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
7872 NT AUTHORITY\NETWORK SERVICE 185572/192088 5082684/5109900 154876/171640 93 1142 0.0 2025-10-25 03:16:07 10260 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1492 -stopkey:Global\ExchangeStopKey-faa7b5ee-ce6d-47e3-99b2-02f9d355dd70 -resetkey:Global\ExchangeResetKey-9dc9e7bd-f182-43e2-864a-772db50d51ee -readykey:Global\ExchangeReadyKey-4dc66b81-cb60-497e-b244-39c8ea09c4ad -hangkey:Global\ExchangeHangKey-f5d9416a-fb2a-4933-b1e0-c40d7492dbef -startUpProgressKey:Global\ExchangeProgressKey-0b81d06b-375f-48a2-ba22-9be8cd200fc5
14372 NT AUTHORITY\SYSTEM 189960/204060 5065212/5109736 147556/171496 80 1220 0.0 2025-10-25 03:38:54 10237 Microsoft.Exchange.Imap4 "C:\Program Files\Microsoft\Exchange Server\V15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe" -pipe:1512 -stopkey:Global\ExchangeStopKey-877ce66b-2af2-4779-98fe-1e677846f659 -resetkey:Global\ExchangeResetKey-eda206fa-a8dd-4529-9792-dd23dc70626d -readykey:Global\ExchangeReadyKey-fb75282a-c1e2-4ba7-9ecf-68b20386c446 -hangkey:Global\ExchangeHangKey-0af90441-8c80-4c50-99be-ce1e13e9374f -startUpProgressKey:Global\ExchangeProgressKey-e5b669b5-a8fb-4478-8eb9-caaad60c9764
7884 NT AUTHORITY\SYSTEM 189128/189800 6034500/6084972 175336/175516 160 1633 0.0 2025-10-25 03:15:58 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\IndexNode1\Logs\NodeRunner.log"
14216 NT AUTHORITY\NETWORK SERVICE 10872/10916 2151757412/2151759460 6228/6312 8 87 0.0 2025-10-25 03:17:24 10259 conhost \??\C:\Windows\system32\conhost.exe 0x4
14512 NT AUTHORITY\NETWORK SERVICE 17604/22388 2151813544/2151821900 4492/8760 18 294 0.0 2025-10-25 03:19:16 10257 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM
7100 NT AUTHORITY\SYSTEM 33292/33444 4841920/4848320 34980/35168 23 613 0.0 2025-10-25 03:15:55 10260 SVC:MSExchangeAntispamUpdate "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe"
7604 NT AUTHORITY\SYSTEM 9596/9668 2151752248/2151757080 2416/5988 11 172 0.0 2025-11-01 05:37:52 38 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -Embedding
14412 NT AUTHORITY\SYSTEM 12832/13200 2151768852/2151784212 2912/3792 15 236 0.0 2025-10-25 03:19:16 10257 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
13596 NT AUTHORITY\SYSTEM 12848/12968 2151769108/2151774228 3540/3860 15 249 0.0 2025-10-25 03:19:02 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\1381e993-700b-46e8-b5c0-cdfcb4365420 -parentPid 4648 -initEvent 7394bf27-af8c-44cd-9090-2a2dce431090 -replyEndpoint LRPC-53caccf56a051a464b
8796 NT AUTHORITY\SYSTEM 10804/10844 2151757412/2151759460 6240/6328 8 87 0.0 2025-10-25 03:16:03 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4
9028 NT AUTHORITY\NETWORK SERVICE 10784/10844 2151757412/2151760484 6240/6352 8 87 0.0 2025-10-25 03:16:05 10260 conhost \??\C:\Windows\system32\conhost.exe 0x4
8948 NT AUTHORITY\NETWORK SERVICE 187832/192796 5087096/5110152 155688/171840 93 1202 0.0 2025-10-25 03:16:04 10260 Microsoft.Exchange.Pop3 "C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\PopImap\Microsoft.Exchange.Pop3.exe" -pipe:1492 -stopkey:Global\ExchangeStopKey-db3054fd-3ec4-4e26-a2f0-5ae079a6ace6 -resetkey:Global\ExchangeResetKey-458cfa04-7215-41dd-be5e-fc3a5e79794d -readykey:Global\ExchangeReadyKey-afae800f-8ec0-41e9-9dc6-43d767220fea -hangkey:Global\ExchangeHangKey-e7eb2b90-958a-42a0-8fc4-451907eb80a8 -startUpProgressKey:Global\ExchangeProgressKey-67a3acc8-6772-4549-8857-59ddfb9f0b37
8344 NT AUTHORITY\SYSTEM 171312/171996 5144720/5185028 155640/155780 129 1133 0.0 2025-10-25 03:16:01 10260 noderunner "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Runtime\1.0\NodeRunner.exe" --noderoot "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1" --addfrom "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Configuration\Local\Node.ini" --tracelog "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\Data\Nodes\Fsis\InteractionEngineNode1\Logs\NodeRunner.log"
8184 NT AUTHORITY\SYSTEM 390140/396868 2153047808/2153049344 367132/384392 180 2797 0.0 2025-10-25 03:16:07 10260 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeAutodiscoverAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm3a5eab29-8cb1-4659-8142-cc693facec3f -h "C:\inetpub\temp\apppools\MSExchangeAutodiscoverAppPool\MSExchangeAutodiscoverAppPool.config" -w "" -m 0
8756 NT AUTHORITY\SYSTEM 16060/21864 2151782176/2151813676 3048/4024 13 225 0.0 2025-10-26 10:53:36 8363 SVC:TokenBroker C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
13936 NT AUTHORITY\LOCAL SERVICE 6664/6704 2151751744/2151756864 1584/1884 9 124 0.0 2025-10-25 03:19:10 10257 SVC:WdiServiceHost C:\Windows\System32\svchost.exe -k LocalService -p -s WdiServiceHost
1708 NT AUTHORITY\SYSTEM 13460/13568 2151779296/2151788512 2904/3268 13 225 0.0 2025-10-25 03:15:49 10260 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1664 Window Manager\DWM-1 44720/45000 2151923448/2151925052 18764/24580 26 631 0.0 2025-10-25 03:15:49 10260 dwm "dwm.exe"
1724 NT AUTHORITY\SYSTEM 13988/14608 2151768376/2151779412 3064/3488 17 278 0.0 2025-10-25 03:15:49 10260 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1716 NT AUTHORITY\SYSTEM 6180/6204 2151751324/2151754400 1344/1472 8 128 0.0 2025-10-25 03:15:49 10260 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1628 NT AUTHORITY\LOCAL SERVICE 10440/10604 2151749516/2151756684 5916/6232 30 185 0.0 2025-10-25 03:15:49 10260 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1392 NT AUTHORITY\LOCAL SERVICE 6380/6412 2151750624/2151752672 1508/1720 9 117 0.0 2025-10-25 03:15:45 10261 SVC:vmictimesync C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s vmictimesync
1360 NT AUTHORITY\SYSTEM 6280/6316 2151751644/2151755740 1464/1596 9 113 0.0 2025-10-25 03:15:45 10261 SVC:vmicshutdown C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmicshutdown
1484 NT AUTHORITY\SYSTEM 7308/7324 2151752136/2151754696 1556/1704 9 158 0.0 2025-10-25 03:15:49 10260 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc
1448 NT AUTHORITY\NETWORK SERVICE 13132/13260 2151781920/2151799336 4152/4784 17 396 0.0 2025-10-25 03:15:49 10260 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
2160 NT AUTHORITY\SYSTEM 13128/13228 2151767488/2151777728 2196/2520 13 185 0.0 2025-10-25 03:15:49 10260 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
2124 NT AUTHORITY\SYSTEM 12632/12644 2151761180/2151764252 5272/5448 12 170 0.0 2025-10-25 03:15:49 10260 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc
2232 NT AUTHORITY\LOCAL SERVICE 7552/8776 2151783804/2151800148 1780/2512 10 141 0.0 2025-10-25 03:15:49 10260 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache
2208 NT AUTHORITY\NETWORK SERVICE 10856/10920 2151765720/2151773912 2520/2668 14 247 0.0 2025-10-25 03:15:49 10260 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
2088 Unknown 14356/14660 2151789024/2151792160 6768/7120 13 216 0.0 2025-10-25 03:16:53 10259 SVC:WdNisSvc
1844 NT AUTHORITY\SYSTEM 8468/9724 2151758592/2151775588 1624/1888 10 151 0.0 2025-10-25 03:15:49 10260 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService
1748 NT AUTHORITY\LOCAL SERVICE 8608/8708 2151759468/2151771748 2380/2632 11 183 0.0 2025-10-25 03:15:49 10260 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
2064 NT AUTHORITY\LOCAL SERVICE 9120/9412 2151753388/2151769772 1948/3104 12 300 0.0 2025-10-25 03:15:49 10260 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1908 NT AUTHORITY\SYSTEM 8824/8952 2151755972/2151765240 1936/2252 11 179 0.0 2025-10-25 03:15:49 10260 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1352 NT AUTHORITY\SYSTEM 6516/6556 2151752104/2151756200 1548/1684 9 130 0.0 2025-10-25 03:15:45 10261 SVC:vmickvpexchange C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s vmickvpexchange
736 Unknown 7276/7400 2151749416/2151764400 1412/2028 11 155 0.0 2025-10-25 03:15:43 10261 wininit
656 Unknown 7192/7264 2151782436/2151785516 2424/2620 33 986 0.0 2025-10-25 03:15:42 10261 csrss
808 NT AUTHORITY\SYSTEM 10528/15256 2151812880/2151826264 2524/6508 12 214 0.0 2025-10-25 03:15:44 10261 winlogon winlogon.exe
744 Unknown 6056/6304 2151767968/2151773244 1956/2512 12 169 0.0 2025-10-25 03:15:43 10261 csrss
580 Font Driver Host\UMFD-1 4012/4056 2151747824/2151750896 1316/1416 7 39 0.0 2025-10-25 03:15:44 10261 fontdrvhost "fontdrvhost.exe"
116 Unknown 97620/209460 108740/211140 3744/145620 14 0 0.0 2025-10-25 03:15:39 10261 Registry
0 8/8 8/8 60/60 0 0 0.0 0 Idle
576 Font Driver Host\UMFD-0 4124/4164 2151748276/2151751348 1372/1476 7 39 0.0 2025-10-25 03:15:44 10261 fontdrvhost "fontdrvhost.exe"
516 Unknown 1228/1332 2151719588/2151728136 1120/1204 4 57 0.0 2025-10-25 03:15:40 10261 smss
1240 NT AUTHORITY\LOCAL SERVICE 12292/12372 2151762348/2151768492 1812/2224 10 177 0.0 2025-10-25 03:15:45 10261 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1172 NT AUTHORITY\LOCAL SERVICE 6648/6684 2151754268/2151757340 1588/1824 10 140 0.0 2025-10-25 03:15:45 10261 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1340 NT AUTHORITY\SYSTEM 12136/12184 2151771048/2151777316 2940/3112 16 219 0.0 2025-10-25 03:15:45 10261 SVC:vmicheartbeat C:\Windows\system32\svchost.exe -k ICService -p -s vmicheartbeat
1248 NT AUTHORITY\SYSTEM 10032/10092 2151758920/2151763964 2032/2472 12 209 0.0 2025-10-25 03:15:45 10261 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1168 NT AUTHORITY\LOCAL SERVICE 8716/8792 2151755512/2151758072 1976/2156 14 232 0.0 2025-10-25 03:15:45 10261 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time
1016 NT AUTHORITY\SYSTEM 25160/25380 2151803448/2151827000 7932/8796 21 986 0.0 2025-10-25 03:15:44 10261 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p
952 NT AUTHORITY\NETWORK SERVICE 41656/41668 2151796584/2151803752 34848/34896 25 1337 0.0 2025-10-25 03:15:44 10261 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p
1120 NT AUTHORITY\NETWORK SERVICE 27588/52592 2151866320/2151910372 14332/44732 26 751 0.0 2025-10-25 03:15:45 10261 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService
1052 NT AUTHORITY\SYSTEM 11120/11504 2151762448/2151777992 2668/3168 15 303 0.0 2025-10-25 03:15:45 10261 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
2300 NT AUTHORITY\LOCAL SERVICE 6512/6548 2151756716/2151760812 1508/1640 8 125 0.0 2025-10-25 03:15:49 10260 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
3912 NT AUTHORITY\SYSTEM 6060/6096 2151746792/2151750888 1332/1504 8 134 0.0 2025-10-25 03:15:49 10260 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
3900 NT AUTHORITY\LOCAL SERVICE 179860/977336 5378480/6224540 555836/1374312 290 556 0.0 2025-10-25 03:17:05 10259 scanningprocess "C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS\Bin\scanningprocess.exe" -Embedding
4120 NT AUTHORITY\SYSTEM 12076/12220 2151758680/2151766872 1616/1968 9 137 0.0 2025-10-25 03:15:50 10260 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
4080 NT AUTHORITY\LOCAL SERVICE 23464/23480 2152251432/2152252456 23080/23108 25 316 0.0 2025-10-25 03:15:50 10260 SVC:WMSVC C:\Windows\system32\inetsrv\wmsvc.exe
3892 NT AUTHORITY\SYSTEM 7128/7184 2155944800/2155952992 1780/1976 9 143 0.0 2025-10-25 03:15:49 10260 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain
3756 NT AUTHORITY\SYSTEM 16792/17300 4282816/4299024 9292/9640 13 240 0.0 2025-10-25 03:15:49 10260 SVC:SearchExchangeTracing "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\Diagnostics\TraceService\sftracing.exe"
3684 NT AUTHORITY\SYSTEM 94216/142644 4884852/4953484 78820/128484 48 1578 0.0 2025-10-25 03:15:49 10260 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190106\WaAppAgent.exe
3880 NT AUTHORITY\SYSTEM 5728/5748 2151747544/2151749592 1280/1376 8 105 0.0 2025-10-25 03:15:49 10260 SVC:sacsvr C:\Windows\System32\svchost.exe -k netsvcs -p -s sacsvr
3828 NT AUTHORITY\SYSTEM 36860/36916 4903156/4913288 47936/48060 28 878 0.0 2025-10-25 03:15:49 10260 SVC:MSExchangeHMRecovery "C:\Program Files\Microsoft\Exchange Server\V15\Bin\MSExchangeHMRecovery.exe"
5324 NT AUTHORITY\NETWORK SERVICE 8008/9516 2151752776/2151756872 2224/3400 11 167 0.0 2025-10-25 03:15:51 10260 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
4856 NT AUTHORITY\SYSTEM 154260/154516 5213860/5224356 158664/159084 90 1469 0.0 2025-10-25 03:15:50 10260 SVC:MSExchangeADTopology "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Microsoft.Exchange.Directory.TopologyService.exe"
5724 NT AUTHORITY\SYSTEM 255348/286236 2153054460/2153063392 280644/312204 130 1539 0.0 2025-10-25 03:20:58 10255 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "MSExchangeRestAppPool" -v "v4.0" -c "C:\Program Files\Microsoft\Exchange Server\V15\bin\GenericAppPoolConfigWithGCServerEnabledFalse.config" -a \\.\pipe\iisipm9ab2d935-1be5-4a02-8c2c-81e29216fba0 -h "C:\inetpub\temp\apppools\MSExchangeRestAppPool\MSExchangeRestAppPool.config" -w "" -m 0
5624 NT AUTHORITY\NETWORK SERVICE 17784/17804 4782280/4787656 24964/25208 14 262 0.0 2025-10-25 03:15:51 10260 SVC:NetMsmqActivator "C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator
4648 NT AUTHORITY\SYSTEM 33916/34316 2151814524/2151828736 13664/14736 38 1022 0.0 2025-10-25 03:15:50 10260 SVC:ClusSvc C:\Windows\Cluster\clussvc.exe -s
4468 NT AUTHORITY\SYSTEM 15424/18724 2152339480/2152360108 8316/11760 21 282 0.0 2025-10-25 03:19:14 10257 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC
4272 NT AUTHORITY\SYSTEM 16412/16564 2151780968/2151786612 4992/5392 17 324 0.0 2025-10-25 03:19:02 10257 rhs C:\Windows\Cluster\rhs.exe -key SYSTEM\CurrentControlSet\Services\ClusSvc\Parameters\Rhs\05f584dd-097b-4d27-87c6-f7e4d2139ec6 -parentPid 4648 -initEvent 3236c9b5-771f-47a0-99e4-eb35381a6983 -replyEndpoint LRPC-53caccf56a051a464b
4604 NT AUTHORITY\SYSTEM 7120/18404 2151739792/2151751056 2424/2756 7 97 0.0 2025-10-25 03:15:51 10260 AggregatorHost AggregatorHost.exe
4504 NT AUTHORITY\SYSTEM 13492/13536 2151775828/2151781484 3464/3796 24 432 0.0 2025-10-25 03:15:50 10260 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs
3640 NT AUTHORITY\LOCAL SERVICE 7372/7396 2151751820/2151755916 1620/1744 9 158 0.0 2025-10-25 03:15:49 10260 SVC:pla C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s pla
2756 NT AUTHORITY\SYSTEM 9468/9804 2151757428/2151775184 2392/3036 10 202 0.0 2025-10-25 03:15:49 10260 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
2748 NT AUTHORITY\SYSTEM 94276/97548 5226580/5239316 68800/70088 66 967 0.0 2025-10-25 03:15:49 10260 SVC:HostControllerService "C:\Program Files\Microsoft\Exchange Server\V15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe"
2876 NT AUTHORITY\LOCAL SERVICE 7400/7508 2151748124/2151757340 1436/1816 9 123 0.0 2025-10-25 03:15:49 10260 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
2788 NT AUTHORITY\SYSTEM 42848/72400 2151870320/2151889464 22900/53160 29 585 0.0 2025-10-25 03:15:49 10260 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p
2512 NT AUTHORITY\LOCAL SERVICE 11364/11532 2151766712/2151786984 3192/3716 15 422 0.0 2025-10-25 03:15:49 10260 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
2400 NT AUTHORITY\LOCAL SERVICE 8272/8424 2151752644/2151759524 2296/2648 10 180 0.0 2025-10-25 03:15:49 10260 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
2352 NT AUTHORITY\LOCAL SERVICE 23512/26612 2151803512/2151823864 13744/16180 34 458 0.0 2025-10-25 03:15:49 10260 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
2504 NT AUTHORITY\NETWORK SERVICE 14964/16468 2152040664/2152053640 4268/5964 27 397 0.0 2025-10-25 03:15:49 10260 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
2496 NT AUTHORITY\SYSTEM 10424/10460 2151765436/2151775300 2392/2568 17 245 0.0 2025-10-25 03:15:49 10260 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv
3580 NT AUTHORITY\SYSTEM 16112/16140 2151780032/2151780544 8796/9248 19 372 0.0 2025-10-25 03:15:49 10260 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs
3556 NT AUTHORITY\SYSTEM 9300/9396 2151752824/2151755404 2324/2536 11 205 0.0 2025-10-25 03:15:49 10260 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer
3632 NT AUTHORITY\LOCAL SERVICE 7632/7660 2151755464/2151761612 1752/1988 43 159 0.0 2025-10-25 03:15:49 10260 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc
3588 NT AUTHORITY\NETWORK SERVICE 15152/15200 2151802324/2151805396 5872/6360 32 392 0.0 2025-10-25 03:15:49 10260 SVC:MSMQ C:\Windows\system32\mqsvc.exe
3496 NT AUTHORITY\LOCAL SERVICE 38580/38840 4799112/4804044 34524/34868 34 441 0.0 2025-10-25 03:15:49 10260 SVC:NetPipeActivator/NetTcpActivator/NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
3080 NT AUTHORITY\SYSTEM 10536/10612 2152813900/2152829044 2704/3480 15 354 0.0 2025-10-25 03:15:49 10260 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
3064 NT AUTHORITY\SYSTEM 27312/29228 2151842604/2151860992 8864/12096 28 524 0.0 2025-10-25 03:15:49 10260 SVC:Spooler C:\Windows\System32\spoolsv.exe
3484 Unknown 29600/30504 2151811868/2151818020 16084/16980 19 1050 0.0 2025-10-25 03:15:49 10260 SVC:MDCoreSvc
3140 NT AUTHORITY\SYSTEM 30464/30644 2151793720/2151798856 20056/20300 18 226 0.0 2025-10-25 03:15:49 10260 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
| 