[collector:] client azeligo.cressi.unicampania.it.powershell powershell XymonPS [date] Sat 01 Nov 06:12:51 2025 [clock] epoch: 1761973971 local: Sat 01 Nov 06:12:51 2025 UTC: Sat 01 Nov 05:12:51 2025 Time Synchronisation type: NTP NTP server: time.windows.com,0x9 Leap Indicator: 0(no warning) Stratum: 2 (secondary reference - syncd by (S)NTP) Precision: -6 (15.625ms per tick) Root Delay: 0.0002477s Root Dispersion: 0.0100000s ReferenceId: 0x564D5450 (source IP: 86.77.84.80) Last Successful Sync Time: 11/1/2025 6:12:43 AM Source: VM IC Time Synchronization Provider Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2008 R2 Datacenter Service Pack 1 (build 7601) [cpu] up: 456 days, 0 users, 65 procs, load=1.67% CPU states: total 1.67% cores: 2 CPU PID Image Name Pri Time MemUsage 0.8% 316 SVC:ReportServer 8 4 50808k 0.3% 2520 powershell 8 3 93120k 0.2% 832 SVC:Dhcp/eventlog/lmhosts/vmic 8 3 16120k 0.1% 2528 conhost 8 1 544k 0.1% 4152 SVC:WindowsAzureGuestAgent 8 03:24:14 37476k 0.1% 400 csrss 13 16:55:59 2604k 0.0% 3372 MicrosoftDependencyAgent 8 04:08:19 11660k 0.0% 892 SVC:BITS/CertPropSvc/gpsvc/IKE 8 05:56:34 102996k 0.0% 548 services 9 03:14:43 6836k 0.0% 10268 SVC:RdAgent 8 00:05:28 18984k 0.0% 4 System 8 04:24:47 52k 0.0% 1020 SVC:CryptSvc/Dnscache/LanmanWo 8 00:19:39 10584k 0.0% 3868 rundll32 10 00:00:00 704k 0.0% 3484 rundll32 10 00:00:00 716k 0.0% 3444 taskeng 6 00:00:01 2376k 0.0% 2400 SVC:XymonPSClient 8 00:00:22 880k 0.0% 2272 SVC:W3SVC/WAS 8 00:01:18 4108k 0.0% 2220 SVC:TSM Client Scheduler 8 00:19:08 7820k 0.0% 2712 SVC:SQLSERVERAGENT 8 00:08:55 7668k 0.0% 2976 SVC:MSDTC 8 00:00:27 1160k 0.0% 2896 SVC:PolicyAgent 8 00:00:23 1056k 0.0% 2808 conhost 8 00:00:10 416k 0.0% 4040 SVC:MSSQLFDLauncher 8 00:00:28 1188k 0.0% 19536 rdpclip 8 00:00:00 3668k 0.0% 18388 csrss 13 00:02:17 3316k 0.0% 18236 dwm 8 00:00:00 2892k 0.0% 33692 w3wp 8 00:00:00 38372k 0.0% 26100 winlogon 13 00:00:00 2348k 0.0% 19684 taskhost 8 00:00:19 5416k 0.0% 10248 explorer 8 00:01:19 42876k 0.0% 36016 cmd 8 00:00:00 72k 0.0% 4360 fdhost 8 00:00:01 1096k 0.0% 4072 SVC:MicrosoftDependencyAgent 8 00:00:27 988k 0.0% 8924 conhost 8 00:00:00 1688k 0.0% 4528 SVC:MSMQ_MailRelyService 8 00:00:57 4136k 0.0% 4368 conhost 8 00:00:00 124k 0.0% 680 SVC:DcomLaunch/PlugPlay/Power 8 01:50:45 4608k 0.0% 592 SVC:BFE/DPS/MpsSvc/pla 8 00:16:20 5564k 0.0% 572 lsm 8 00:09:11 3772k 0.0% 760 SVC:RpcEptMapper/RpcSs 8 00:24:52 5572k 0.0% 980 SVC:Netman/TrkWks/UmRdpService 8 01:06:23 4676k 0.0% 936 SVC:EventSystem/FontCache/netp 8 00:33:15 8420k 0.0% 848 LogonUI 13 00:00:00 288k 0.0% 452 wininit 13 00:00:00 76k 0.0% 300 smss 11 00:00:00 540k 0.0% 0 Idle 0 24k 0.0% 464 csrss 13 00:00:02 120k 0.0% 564 SVC:KeyIso/SamSs 9 03:32:56 14136k 0.0% 556 SVC:VSS 8 00:00:29 1252k 0.0% 492 winlogon 13 00:00:00 72k 0.0% 1052 SVC:Spooler 8 00:00:28 2740k 0.0% 1760 SVC:MsDtsServer100 8 00:07:08 24136k 0.0% 1644 SVC:RemoteRegistry 8 00:00:24 872k 0.0% 1608 SVC:IISADMIN 8 00:01:52 8132k 0.0% 1948 SVC:MSMQ 8 00:00:35 1420k 0.0% 2148 SVC:TSM Client Acceptor 8 00:00:39 2092k 0.0% 2072 SVC:SQLWriter 8 00:00:31 1452k 0.0% 2044 SVC:MSSQLSERVER 8 12:58:25 424932k 0.0% 1376 SVC:DeltaCopyService 8 00:00:42 1112k 0.0% 1200 SVC:AppHostSvc 8 00:00:21 1420k 0.0% 1080 SVC:vmicheartbeat/vmicrdv 8 00:25:32 1616k 0.0% 1448 SVC:DiagTrack 8 00:00:27 2108k 0.0% 1600 SVC:TermService 8 00:09:59 5684k 0.0% 1492 conhost 8 00:00:00 172k 0.0% 1476 rsync 8 00:00:00 64k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 132655100 47512508 85142592 36% /FIXED/C:\ Windows 126.51\81.20 D 16775164 11711336 5063828 70% /FIXED/D:\ Temporary Storage 16.00\4.83 E 52425664 8719360 43706304 17% /FIXED/E:\ Backup_SQL 50.00\41.68 F 104753148 52976936 51776212 51% /FIXED/F:\ 99.90\49.38 G 102396 28840 73556 28% /FIXED/G:\ Riservato per il sistema 0.10\0.07 [memory] memory Total Used physical: 8192 1578 virtual: 19578 7598 page: 11389 5749 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 29679 Security Circular 20971520 75857 System Circular 20971520 21751 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 11/01/2025 06:11:40 - [5186] - Microsoft-Windows-WAS - A worker process with process id of '13860' serving application pool 'unicampania' was shutdown due to inactivity. Application Pool timeout configuration was set to 20 minutes. A new worker process will be started when needed. [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 316 NT AUTHORITY\NETWORK SERVICE 50808/263816 3396880/3405696 194716/308552 67 485 0.8 2024-08-01 08:04:41 657968 SVC:ReportServer "C:\Program Files\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe" 2520 NT AUTHORITY\SYSTEM 93120/170968 899460/902788 352708/366436 36 413 0.3 2024-08-01 08:04:45 657968 powershell "C:\windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Xymon\xymonclient.ps1" 832 NT AUTHORITY\LOCAL SERVICE 16120/133948 705916/720296 642060/642600 25 452 0.2 2024-08-01 08:04:19 657968 SVC:Dhcp/eventlog/lmhosts/vmictimesync C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted 2528 NT AUTHORITY\SYSTEM 544/3404 25920/26248 1284/1284 5 33 0.1 2024-08-01 08:04:45 657968 conhost \??\C:\windows\system32\conhost.exe "13935456821387393103-2055931594-6698328901361945480-1389296828-9204002041056124510 4152 NT AUTHORITY\SYSTEM 37476/88084 680980/725932 58044/74480 45 648 0.1 2025-08-27 21:01:36 94151 SVC:WindowsAzureGuestAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190129\WindowsAzureGuestAgent.exe 400 NT AUTHORITY\SYSTEM 2604/6568 58136/59932 4528/4528 16 956 0.1 2024-08-01 08:04:17 657968 csrss %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 3372 NT AUTHORITY\SYSTEM 11660/29760 81648/121776 23716/23984 16 251 0.0 2024-08-01 08:05:43 657967 MicrosoftDependencyAgent "C:\Program Files\Microsoft Dependency Agent\bin\MicrosoftDependencyAgent.exe" 892 NT AUTHORITY\SYSTEM 102996/1331644 4816788/5461732 4414476/4957300 172 399775 0.0 2024-08-01 08:04:19 657968 SVC:BITS/CertPropSvc/gpsvc/IKEEXT/iphlpsvc/LanmanServer/ProfSvc/sacsvr/Schedule/SENS/SessionEnv/ShellHWDetection/Winmgmt/wuauserv C:\windows\system32\svchost.exe -k netsvcs 548 NT AUTHORITY\SYSTEM 6836/12784 45836/99868 6048/8920 14 312 0.0 2024-08-01 08:04:18 657968 services C:\windows\system32\services.exe 10268 NT AUTHORITY\SYSTEM 18984/59112 603132/607036 52236/58308 33 446 0.0 2025-08-27 21:01:34 94151 SVC:RdAgent C:\WindowsAzure\GuestAgent_2.7.41491.1172_2025-08-27_190129\WaAppAgent.exe 4 Unknown 52/9528 3340/12668 128/284 0 1089 0.0 2024-08-01 08:04:07 657969 System 1020 NT AUTHORITY\NETWORK SERVICE 10584/58760 465604/728900 37084/52416 56 574 0.0 2024-08-01 08:04:20 657968 SVC:CryptSvc/Dnscache/LanmanWorkstation/NlaSvc/WinRM C:\windows\system32\svchost.exe -k NetworkService 3868 NT AUTHORITY\SYSTEM 704/7828 56524/58060 3420/3628 9 102 0.0 2024-08-01 08:05:05 657968 rundll32 C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "RTEvents" "0xef8_0xefc_0x2e9f4d01" 3484 NT AUTHORITY\SYSTEM 716/7648 56524/58060 3256/3468 9 102 0.0 2024-08-01 08:04:55 657968 rundll32 C:\windows\system32\rundll32.exe C:\windows\system32\pla.dll,PlaHost "GAEvents" "0xd54_0xd58_0x280a45a6" 3444 NT AUTHORITY\SYSTEM 2376/5748 32460/42916 1948/2216 8 102 0.0 2024-08-01 08:04:54 657968 taskeng taskeng.exe {35A1D81C-5AD8-4933-BEBA-CAF8FE9B9A32} S-1-5-18:NT AUTHORITY\System:Service: 2400 NT AUTHORITY\SYSTEM 880/4820 39020/41744 2316/2400 6 59 0.0 2024-08-01 08:04:45 657968 SVC:XymonPSClient C:\Xymon\nssm.exe 2272 NT AUTHORITY\SYSTEM 4108/12400 50456/51988 8576/10052 17 166 0.0 2024-08-01 08:04:45 657968 SVC:W3SVC/WAS C:\windows\system32\svchost.exe -k iissvcs 2220 AZELIGO\eligo 7820/53476 178828/187568 30996/34196 27 61011 0.0 2024-08-01 08:04:44 657968 SVC:TSM Client Scheduler "C:\Program Files\Tivoli\TSM\baclient\dsmcsvc.exe" 2712 NT AUTHORITY\NETWORK SERVICE 7668/22244 531596/535700 25392/26884 46 446 0.0 2024-08-01 08:04:46 657968 SVC:SQLSERVERAGENT "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER 2976 NT AUTHORITY\NETWORK SERVICE 1160/8088 60708/61748 3304/3484 17 146 0.0 2024-08-01 08:07:43 657965 SVC:MSDTC C:\windows\System32\msdtc.exe 2896 NT AUTHORITY\NETWORK SERVICE 1056/6292 32724/34164 2124/2180 10 96 0.0 2024-08-01 08:05:44 657967 SVC:PolicyAgent C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted 2808 NT AUTHORITY\NETWORK SERVICE 416/3240 25920/27488 1036/1036 5 33 0.0 2024-08-01 08:04:47 657968 conhost \??\C:\windows\system32\conhost.exe "884572628157227516362277470-1202845949-17576685261445597096-1300841607971795190 4040 NT AUTHORITY\LOCAL SERVICE 1188/4232 25152/27200 1476/1512 6 53 0.0 2024-08-01 08:05:43 657967 SVC:MSSQLFDLauncher "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL10_50.MSSQLSERVER 19536 AZELIGO\eligo 3668/7164 65760/68836 1804/1980 8 111 0.0 2025-02-03 09:32:05 390041 rdpclip rdpclip 18388 NT AUTHORITY\SYSTEM 3316/11392 48280/255440 2624/2720 10 293 0.0 2025-02-03 09:32:04 390041 csrss %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 18236 AZELIGO\eligo 2892/5584 55048/59664 1668/1884 7 74 0.0 2025-02-03 09:32:05 390041 dwm "C:\windows\system32\Dwm.exe" 33692 IIS APPPOOL\DefaultAppPool 38372/38408 9221076/9221332 75268/75340 52 582 0.0 2025-11-01 05:50:40 22 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipm1c7cebed-102c-4cbb-b0f5-35224bb4b2d4 -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20 26100 NT AUTHORITY\SYSTEM 2348/5488 30628/55424 1728/1900 7 100 0.0 2025-02-03 09:32:04 390041 winlogon winlogon.exe 19684 AZELIGO\eligo 5416/12232 418892/681064 7800/8392 21 200 0.0 2025-02-03 09:32:05 390041 taskhost "taskhost.exe" 10248 AZELIGO\eligo 42876/89628 347488/389588 57736/69248 51 775 0.0 2025-02-03 09:32:05 390041 explorer C:\windows\Explorer.EXE 36016 AZELIGO\eligo 72/3208 41956/51040 2028/2164 5 22 0.0 2025-02-03 09:38:08 390035 cmd "C:\Windows\System32\cmd.exe" 4360 NT AUTHORITY\LOCAL SERVICE 1096/5688 39424/39424 3548/3552 9 130 0.0 2024-08-01 08:05:45 657967 fdhost "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\fdhost.exe" "MSSQL10_50.MSSQLSERVERC29017938f1aaaf49ecfa401f798c615b17a6327c" "MSSQL10_50.MSSQLSERVER" "MSSQL10_50.MSSQLSERVER" "4" "" "8192" "M" "0" "" "" "" 4072 NT AUTHORITY\SYSTEM 988/3964 16068/17092 1172/1204 6 39 0.0 2024-08-01 08:05:43 657967 SVC:MicrosoftDependencyAgent "C:\Program Files\Microsoft Dependency Agent\bin\agentwrap.exe" 8924 AZELIGO\eligo 1688/5012 61176/61304 1436/1452 6 42 0.0 2025-02-03 09:38:08 390035 conhost \??\C:\windows\system32\conhost.exe "423606781600851886712389297371329181-1886508111390968192-2090297082-1017121696 4528 NT AUTHORITY\SYSTEM 4136/51128 614528/618880 45376/55024 24 298 0.0 2024-08-01 08:07:43 657965 SVC:MSMQ_MailRelyService "C:\mailservice\MSMQ_MailRelyService.exe" 4368 NT AUTHORITY\LOCAL SERVICE 124/3084 25628/27036 952/952 4 31 0.0 2024-08-01 08:05:45 657967 conhost \??\C:\windows\system32\conhost.exe "1986984763972768904209835361171921927-102152400119338232341717805021-1307919290 680 NT AUTHORITY\SYSTEM 4608/10908 54312/67792 4844/5224 14 358 0.0 2024-08-01 08:04:19 657968 SVC:DcomLaunch/PlugPlay/Power C:\windows\system32\svchost.exe -k DcomLaunch 592 NT AUTHORITY\LOCAL SERVICE 5564/14568 59912/60540 10904/10968 34 333 0.0 2024-08-01 08:04:20 657968 SVC:BFE/DPS/MpsSvc/pla C:\windows\system32\svchost.exe -k LocalServiceNoNetwork 572 NT AUTHORITY\SYSTEM 3772/7256 35100/38180 3504/4200 10 263 0.0 2024-08-01 08:04:18 657968 lsm C:\windows\system32\lsm.exe 760 NT AUTHORITY\NETWORK SERVICE 5572/9460 46252/49596 5712/5832 16 319 0.0 2024-08-01 08:04:19 657968 SVC:RpcEptMapper/RpcSs C:\windows\system32\svchost.exe -k RPCSS 980 NT AUTHORITY\SYSTEM 4676/18044 86180/91204 9464/9744 28 425 0.0 2024-08-01 08:04:19 657968 SVC:Netman/TrkWks/UmRdpService/UxSms/vmickvpexchange/vmicshutdown/vmicvss C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted 936 NT AUTHORITY\LOCAL SERVICE 8420/16860 102916/114584 8936/9348 28 387 0.0 2024-08-01 08:04:19 657968 SVC:EventSystem/FontCache/netprofm/nsi/W32Time/WinHttpAutoProxySvc C:\windows\system32\svchost.exe -k LocalService 848 NT AUTHORITY\SYSTEM 288/21828 86452/88068 8280/15488 23 148 0.0 2024-08-01 08:04:19 657968 LogonUI "LogonUI.exe" /flags:0x0 452 NT AUTHORITY\SYSTEM 76/4760 45364/51428 1492/1796 10 80 0.0 2024-08-01 08:04:18 657968 wininit wininit.exe 300 NT AUTHORITY\SYSTEM 540/1312 4500/17856 496/536 2 33 0.0 2024-08-01 08:04:07 657969 smss \SystemRoot\System32\smss.exe 0 24/24 0/0 0/0 0 0 0.0 0 Idle 464 NT AUTHORITY\SYSTEM 120/4040 40584/40584 1648/1648 9 72 0.0 2024-08-01 08:04:18 657968 csrss %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 564 NT AUTHORITY\SYSTEM 14136/21024 65148/67196 14372/14552 35 1148 0.0 2024-08-01 08:04:18 657968 SVC:KeyIso/SamSs C:\windows\system32\lsass.exe 556 NT AUTHORITY\SYSTEM 1252/9856 54500/57108 3752/3952 11 144 0.0 2024-08-01 08:05:43 657967 SVC:VSS C:\windows\system32\vssvc.exe 492 NT AUTHORITY\SYSTEM 72/4596 24556/54912 1488/1640 6 76 0.0 2024-08-01 08:04:18 657968 winlogon winlogon.exe 1052 NT AUTHORITY\SYSTEM 2740/11764 80324/81536 6276/6520 19 283 0.0 2024-08-01 08:04:20 657968 SVC:Spooler C:\windows\System32\spoolsv.exe 1760 NT AUTHORITY\NETWORK SERVICE 24136/129544 2859184/2872856 189356/224140 24 20753 0.0 2024-08-01 08:04:23 657968 SVC:MsDtsServer100 "C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe" 1644 NT AUTHORITY\LOCAL SERVICE 872/3188 12940/14060 1144/1196 4 46 0.0 2024-08-01 08:04:41 657968 SVC:RemoteRegistry C:\windows\system32\svchost.exe -k regsvc 1608 NT AUTHORITY\SYSTEM 8132/21164 119384/120932 26724/26900 22 2067 0.0 2024-08-01 08:04:23 657968 SVC:IISADMIN C:\windows\system32\inetsrv\inetinfo.exe 1948 NT AUTHORITY\NETWORK SERVICE 1420/10828 61612/67760 5128/5316 29 234 0.0 2024-08-01 08:04:39 657968 SVC:MSMQ C:\windows\system32\mqsvc.exe 2148 AZELIGO\eligo 2092/44032 157528/174308 15732/31748 28 485 0.0 2024-08-01 08:04:43 657968 SVC:TSM Client Acceptor "C:\Program Files\Tivoli\TSM\baclient\dsmcad.exe" 2072 NT AUTHORITY\SYSTEM 1452/12520 89900/98092 4976/5124 17 194 0.0 2024-08-01 08:04:43 657968 SVC:SQLWriter "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" 2044 NT AUTHORITY\NETWORK SERVICE 424932/1488376 12035816/12083112 638588/1584492 137 664 0.0 2024-08-01 08:04:39 657968 SVC:MSSQLSERVER "C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER 1376 AZELIGO\eligo 1112/5096 35320/36736 2688/2744 9 76 0.0 2024-08-01 08:04:22 657968 SVC:DeltaCopyService "C:\Program Files (x86)\DeltaCopy\DCServce.exe" 1200 NT AUTHORITY\SYSTEM 1420/11140 69724/71772 6076/6300 18 136 0.0 2024-08-01 08:04:21 657968 SVC:AppHostSvc C:\windows\system32\svchost.exe -k apphost 1080 NT AUTHORITY\SYSTEM 1616/7448 40784/41808 3492/3600 12 147 0.0 2024-08-01 08:04:20 657968 SVC:vmicheartbeat/vmicrdv C:\windows\System32\svchost.exe -k ICService 1448 NT AUTHORITY\SYSTEM 2108/7748 85276/86300 4188/4296 12 155 0.0 2024-08-01 08:04:23 657968 SVC:DiagTrack C:\windows\System32\svchost.exe -k utcsvc 1600 NT AUTHORITY\NETWORK SERVICE 5684/9496 44860/48444 3368/3772 14 269 0.0 2024-08-01 08:05:43 657967 SVC:TermService C:\windows\System32\svchost.exe -k termsvcs 1492 AZELIGO\eligo 172/3272 25920/27228 1036/1036 5 32 0.0 2024-08-01 08:04:23 657968 conhost \??\C:\windows\system32\conhost.exe "175265836042567919317875541911998757138317785573-5047531801595695337174937984 1476 AZELIGO\eligo 64/5636 435384/442296 5936/6152 10 110 0.0 2024-08-01 08:04:23 657968 rsync rsync.exe -v --daemon --config=deltacd.conf --no-detach [netstat] PacketsReceived=142191171 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=276124 ReceivedPacketsDelivered=142247317 OutputRequests=139332428 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=0 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=926 ReceivedPacketsDelivered=0 OutputRequests=648178 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=2 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=18720967 tcpPassiveOpens=2636721 tcpFailedConnectionAttempts=2620152 tcpResetConnections=373603 tcpCurrentConnections=4 tcpSegmentsReceived=147356883 tcpSegmentsSent=160526806 tcpSegmentsRetransmitted=7179149 tcpActiveOpens=4 tcpPassiveOpens=4 tcpFailedConnectionAttempts=0 tcpResetConnections=8 tcpCurrentConnections=0 tcpSegmentsReceived=443 tcpSegmentsSent=443 tcpSegmentsRetransmitted=0 udpDatagramsReceived=315074 udpNoPorts=276125 udpReceiveErrors=1 udpDatagramsSent=589388 udpDatagramsReceived=0 udpNoPorts=926 udpReceiveErrors=0 udpDatagramsSent=648160 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:443 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:873 0.0.0.0:0 LISTENING TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING TCP 0.0.0.0:1501 0.0.0.0:0 LISTENING TCP 0.0.0.0:1583 0.0.0.0:0 LISTENING TCP 0.0.0.0:1801 0.0.0.0:0 LISTENING TCP 0.0.0.0:2103 0.0.0.0:0 LISTENING TCP 0.0.0.0:2105 0.0.0.0:0 LISTENING TCP 0.0.0.0:2107 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING TCP 0.0.0.0:49158 0.0.0.0:0 LISTENING TCP 0.0.0.0:49159 0.0.0.0:0 LISTENING TCP 0.0.0.0:49218 0.0.0.0:0 LISTENING TCP 0.0.0.0:49228 0.0.0.0:0 LISTENING TCP 10.124.129.5:139 0.0.0.0:0 LISTENING TCP 10.124.129.5:62552 168.63.129.16:32526 ESTABLISHED TCP 10.124.129.5:62574 168.63.129.16:32526 ESTABLISHED TCP 10.124.129.5:63185 93.123.17.252:80 ESTABLISHED TCP 10.124.129.5:64197 168.63.129.16:80 ESTABLISHED TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING TCP [::]:80 [::]:0 LISTENING TCP [::]:135 [::]:0 LISTENING TCP [::]:443 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:873 [::]:0 LISTENING TCP [::]:1433 [::]:0 LISTENING TCP [::]:1801 [::]:0 LISTENING TCP [::]:2103 [::]:0 LISTENING TCP [::]:2105 [::]:0 LISTENING TCP [::]:2107 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49152 [::]:0 LISTENING TCP [::]:49153 [::]:0 LISTENING TCP [::]:49154 [::]:0 LISTENING TCP [::]:49158 [::]:0 LISTENING TCP [::]:49159 [::]:0 LISTENING TCP [::]:49218 [::]:0 LISTENING TCP [::1]:1434 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:55929 *:* UDP 10.124.129.5:137 *:* UDP 10.124.129.5:138 *:* UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:4500 *:* UDP [::]:5355 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : AzEligo Primary Dns Suffix . . . . . . . : cressi.unicampania.it Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : cressi.unicampania.it reddog.microsoft.com Ethernet adapter Local Area Connection: Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter Physical Address. . . . . . . . . : 00-0D-3A-AF-AB-23 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::88a:67a9:5c2d:f67e%13(Preferred) IPv4 Address. . . . . . . . . . . : 10.124.129.5(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Thursday, August 01, 2024 7:04:20 AM Lease Expires . . . . . . . . . . : Tuesday, December 08, 2161 12:41:04 PM Default Gateway . . . . . . . . . : 10.124.129.1 DHCP Server . . . . . . . . . . . : 168.63.129.16 DHCPv6 IAID . . . . . . . . . . . : 201329978 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-A3-5E-3B-00-0D-3A-AF-AB-23 DNS Servers . . . . . . . . . . . : 10.124.1.10 10.124.1.11 10.124.0.196 NetBIOS over Tcpip. . . . . . . . : Enabled Tunnel adapter Local Area Connection* 9: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 11: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft 6to4 Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.reddog.microsoft.com: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : reddog.microsoft.com Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes [route] =========================================================================== Interface List 13...00 0d 3a af ab 23 ......Microsoft Hyper-V Network Adapter 1...........................Software Loopback Interface 1 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface 11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.124.129.1 10.124.129.5 5 10.124.129.0 255.255.255.0 On-link 10.124.129.5 261 10.124.129.5 255.255.255.255 On-link 10.124.129.5 261 10.124.129.255 255.255.255.255 On-link 10.124.129.5 261 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 168.63.129.16 255.255.255.255 10.124.129.1 10.124.129.5 6 169.254.169.254 255.255.255.255 10.124.129.1 10.124.129.5 6 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 10.124.129.5 261 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 10.124.129.5 261 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 306 ::1/128 On-link 13 261 fe80::/64 On-link 13 261 fe80::88a:67a9:5c2d:f67e/128 On-link 1 306 ff00::/8 On-link 13 261 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.124.129.5 97859089240 58708752295 [svcs] Name StartupType Status DisplayName AeLookupSvc manual stopped Application Experience ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management aspnet_state disabled stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder AudioSrv manual stopped Windows Audio AxInstSV manual stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual started Background Intelligent Transfer Service Browser disabled stopped Computer Browser CertPropSvc manual started Certificate Propagation clr_optimization_v2.0.50727_32 manual stopped Microsoft .NET Framework NGEN v2.0.50727_X86 clr_optimization_v2.0.50727_64 manual stopped Microsoft .NET Framework NGEN v2.0.50727_X64 clr_optimization_v4.0.30319_32 automatic stopped Microsoft .NET Framework NGEN v4.0.30319_X86 clr_optimization_v4.0.30319_64 automatic stopped Microsoft .NET Framework NGEN v4.0.30319_X64 COMSysApp manual stopped COM+ System Application CryptSvc automatic started Cryptographic Services DcomLaunch automatic started DCOM Server Process Launcher defragsvc manual stopped Disk Defragmenter DeltaCopyService automatic started DeltaCopy Server Dhcp automatic started DHCP Client DiagTrack automatic started Diagnostics Tracking Service Dnscache automatic started DNS Client dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service EapHost manual stopped Extensible Authentication Protocol EFS manual stopped Encrypting File System (EFS) eventlog automatic started Windows Event Log EventSystem automatic started COM+ Event System FCRegSvc manual stopped Microsoft Fibre Channel Platform Registration Service fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 gpsvc automatic started Group Policy Client hidserv manual stopped Human Interface Device Access hkmsvc manual stopped Health Key and Certificate Management idsvc manual stopped Windows CardSpace IEEtwCollectorService manual stopped Internet Explorer ETW Collector Service IISADMIN automatic started IIS Admin Service IKEEXT automatic started IKE and AuthIP IPsec Keying Modules IPBusEnum disabled stopped PnP-X IP Bus Enumerator iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lltdsvc manual stopped Link-Layer Topology Discovery Mapper lmhosts automatic started TCP/IP NetBIOS Helper MicrosoftDependencyAgent manual started Microsoft Dependency Agent MMCSS manual stopped Multimedia Class Scheduler MozillaMaintenance manual stopped Mozilla Maintenance Service MpsSvc automatic started Windows Firewall MSDTC automatic started Distributed Transaction Coordinator MsDtsServer100 automatic started SQL Server Integration Services 10.0 MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MSMQ automatic started Message Queuing MSMQ_MailRelyService automatic started Eligo Mail Rely MSSQLFDLauncher manual started SQL Full-text Filter Daemon Launcher (MSSQLSERVER) MSSQLSERVER automatic started SQL Server (MSSQLSERVER) MSSQLServerADHelper100 disabled stopped SQL Active Directory Helper Service MSSQLServerOLAPService manual stopped SQL Server Analysis Services (MSSQLSERVER) napagent manual stopped Network Access Protection Agent Netlogon manual stopped Netlogon Netman manual started Network Connections NetMsmqActivator disabled stopped Net.Msmq Listener Adapter NetPipeActivator disabled stopped Net.Pipe Listener Adapter netprofm manual started Network List Service NetTcpActivator disabled stopped Net.Tcp Listener Adapter NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PerfHost manual stopped Performance Counter DLL Host pla manual started Performance Logs & Alerts PlugPlay automatic started Plug and Play PolicyAgent manual started IPsec Policy Agent Power automatic started Power ProfSvc automatic started User Profile Service ProtectedStorage manual stopped Protected Storage RasAuto manual stopped Remote Access Auto Connection Manager RasMan manual stopped Remote Access Connection Manager RdAgent automatic started RdAgent RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic started Remote Registry ReportServer automatic started SQL Server Reporting Services (MSSQLSERVER) RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual started Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy seclogon manual stopped Secondary Logon SENS automatic started System Event Notification Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection SNMPTRAP manual stopped SNMP Trap Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection sppuinotify manual stopped SPP Notification Service SQLBrowser disabled stopped SQL Server Browser SQLSERVERAGENT automatic started SQL Server Agent (MSSQLSERVER) SQLWriter automatic started SQL Server VSS Writer SSDPSRV disabled stopped SSDP Discovery SstpSvc manual stopped Secure Socket Tunneling Protocol Service swprv manual stopped Microsoft Software Shadow Copy Provider TapiSrv manual stopped Telephony TermService manual started Remote Desktop Services THREADORDER manual stopped Thread Ordering Server TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer TSM_Client_Acceptor automatic started TSM Client Acceptor TSM_Client_Scheduler automatic started TSM Client Scheduler UI0Detect manual stopped Interactive Services Detection UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UxSms automatic started Desktop Window Manager Session Manager VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk vmicheartbeat automatic started Hyper-V Heartbeat Service vmickvpexchange automatic started Hyper-V Data Exchange Service vmicrdv automatic started Hyper-V Remote Desktop Virtualization Service vmicshutdown automatic started Hyper-V Guest Shutdown Service vmictimesync automatic started Hyper-V Time Synchronization Service vmicvss automatic started Hyper-V Volume Shadow Copy Requestor VSS manual started Volume Shadow Copy W32Time automatic started Windows Time W3SVC automatic started World Wide Web Publishing Service WAS manual started Windows Process Activation Service WcsPlugInService manual stopped Windows Color System WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host Wecsvc manual stopped Windows Event Collector wercplsupport manual stopped Problem Reports and Solutions Control Panel Support WerSvc manual stopped Windows Error Reporting Service WindowsAzureGuestAgent automatic started Windows Azure Guest Agent WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wmiApSrv manual stopped WMI Performance Adapter WMSVC manual stopped Web Management Service WPDBusEnum manual stopped Portable Device Enumerator Service wuauserv automatic started Windows Update wudfsvc manual stopped Windows Driver Foundation - User-mode Driver Framework XymonPSClient automatic started XymonPSClient [uptime] sec: 39478126 456 days 22 hours 8 minutes 46 seconds Bootup: 20240801080358.768250+120 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn eligo 3 Disc rdp-tcp 65536 Listen Total sessions created: 11 Total sessions disconnected: 14 Total sessions reconnected: 5 [users] USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME eligo 3 Disc 5+18:56 2/3/2025 9:32 AM [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerAutoStart True ServerBindings :80: ServerState 2 SecureBindings :443: [XymonConfig] XymonSettings serversList : 10.224.4.197 serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : azeligo.cressi.unicampania.it clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableIISSection : 1 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : C:\Program Files\xymon clientlogretain : 0 XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 externalscriptlocation : C:\Xymon\ext externaldatalocation : C:\Xymon\tmp localdatalocation : C:\Xymon\local servergiflocation : /xymon/gifs/ servers : 10.224.4.197 clientlogfile : C:\Program Files\xymon\xymonclient.log clientconfigfile : C:\Program Files\xymon\clientconfig.cfg clientfqdn : 1 clientlower : 1 clientbbwinmembug : 0 clientremotecfgexec : 1 HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname azeligo.cressi.unicampania.it [XymonPSClientInfo] Collection number: 131356 Last transmission method: TCP Id : 2520 Handles : 327 CPU : 262784.359375 Name : powershell