[collector:] client dc1,beta,arpa.windows windows [date] 2026-06-06 02:28:54 [osversion] Windows Server 2022 Standard Evaluation, version 6.2.9200.587 (NT 6.2) [winuptime] up 2 days, 04:10, since 2026-06-03 20:18:05 [bios] SystemProductName: Standard PC (Q35 + ICH9, 2009) SystemManufacturer: QEMU BaseBoardManufacturer: BIOSVendor: Proxmox distribution of EDK II BIOSVersion: 4.2025.05-2 BIOSReleaseDate: 11/13/2025 [who] USERNAME SESSIONNAME ID STATE IDLE TIME LOGON TIME - Console 1 Unknown 39d 10h 15m - [diskinfo] \\.\PHYSICALDrive0 Total disk size: 32.00 GB Partitioning style; GPT Partition count: 4 Partition 1 (100.00 MB, type EFI System) Partition 2 ( 16.00 MB, type Microsoft Reserved) Partition 3 ( 31.37 GB, type Basic) Disk Drive C:\ Volume name: File system: NTFS Total space: 31.37 GB Free space: 14.87 GB Block size: 4.00 KB Partition 4 (524.00 MB, type Microsoft Recovery) [dirs_filter_childred] 1. 5120.00 MB C:\Temp 2. 2542.00 MB C:\Program Files (x86)\Microsoft 3. 1317.27 MB C:\Program Files (x86)\Microsoft\EdgeCore 4. 835.05 MB C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.96 5. 702.23 MB C:\ProgramData\Microsoft\Windows Defender 6. 658.63 MB C:\Program Files (x86)\Microsoft\EdgeCore\148.0.3967.96 7. 658.63 MB C:\Program Files (x86)\Microsoft\EdgeCore\Optimized 8. 370.11 MB C:\Program Files (x86)\Microsoft\EdgeUpdate\Download 9. 333.74 MB C:\ProgramData\Microsoft\Windows Defender\Definition Updates 10. 300.67 MB C:\ProgramData\Microsoft\Windows Defender\Scans [dirs] 1. 5120.00 MB C:\Temp 2. 2586.28 MB C:\Program Files (x86) 3. 2542.00 MB C:\Program Files (x86)\Microsoft 4. 1317.27 MB C:\Program Files (x86)\Microsoft\EdgeCore 5. 844.85 MB C:\Program Files (x86)\Microsoft\Edge 6. 844.83 MB C:\Program Files (x86)\Microsoft\Edge\Application 7. 835.05 MB C:\Program Files (x86)\Microsoft\Edge\Application\148.0.3967.96 8. 738.54 MB C:\ProgramData 9. 729.65 MB C:\ProgramData\Microsoft 10. 702.23 MB C:\ProgramData\Microsoft\Windows Defender [winmemory] TOTAL USED FREE MEMORY USAGE Physical 1.93 GB 1217.87 MB 762.54 MB 61.50% Pagefile 640.00 MB 232.42 MB 407.58 MB 36.32% Virtual 2.56 GB 1184.34 MB 1436.07 MB 45.20% [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : dc1 Primary Dns Suffix . . . . . . . : beta.arpa Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : beta.arpa Ethernet adapter Ethernet: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter Physical Address. . . . . . . . . : BC-24-11-38-46-23 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:2042:3e48:3901:f832:38e9:687d:29af(Preferred) Link-local IPv6 Address . . . . . : fe80::f832:38e9:687d:29af%5(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.10.230(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : fe80::cea:14ff:fe34:ea16%5 192.168.10.1 DHCPv6 IAID . . . . . . . . . . . : 112993297 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-31-AD-4A-F3-BC-24-11-38-46-23 DNS Servers . . . . . . . . . . . : ::1 127.0.0.1 NetBIOS over Tcpip. . . . . . . . : Enabled [winroute] =========================================================================== Interface List 5...bc 24 11 38 46 23 ......Red Hat VirtIO Ethernet Adapter 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.10.1 192.168.10.230 271 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.10.0 255.255.255.0 On-link 192.168.10.230 271 192.168.10.230 255.255.255.255 On-link 192.168.10.230 271 192.168.10.255 255.255.255.255 On-link 192.168.10.230 271 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.10.230 271 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.10.230 271 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.10.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 5 31 ::/0 fe80::cea:14ff:fe34:ea16 1 331 ::1/128 On-link 5 31 2001:2042:3e48:3901::/64 On-link 5 271 2001:2042:3e48:3901:f832:38e9:687d:29af/128 On-link 5 271 fe80::/64 On-link 5 271 fe80::f832:38e9:687d:29af/128 On-link 1 331 ff00::/8 On-link 5 271 ff00::/8 On-link =========================================================================== Persistent Routes: None [winportsused] IP version Protocol Ports Used # Ports Used % IPv4 TCP 71 0.11 IPv6 TCP 45 0.07 IPv4 UDP 2527 3.86 IPv6 UDP 2520 3.85 [winports] Proto Local Address Foreign Address State PID TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 912 TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 912 TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 368 TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2408 TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4 TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 528 TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 860 TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1312 TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:51941 0.0.0.0:0 LISTENING 2440 TCP 0.0.0.0:51953 0.0.0.0:0 LISTENING 2420 TCP 0.0.0.0:61065 0.0.0.0:0 LISTENING 680 TCP 0.0.0.0:61066 0.0.0.0:0 LISTENING 2356 TCP 0.0.0.0:61069 0.0.0.0:0 LISTENING 660 TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2440 TCP 192.168.10.230:53 0.0.0.0:0 LISTENING 2440 TCP 192.168.10.230:88 192.168.10.231:35072 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:35082 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:35840 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:35848 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:43428 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:52466 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:52480 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:55272 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:57640 ESTABLISHED 680 TCP 192.168.10.230:88 192.168.10.231:57646 ESTABLISHED 680 TCP 192.168.10.230:139 0.0.0.0:0 LISTENING 4 TCP 192.168.10.230:389 192.168.10.231:33120 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:33136 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:33784 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:33792 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:38696 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:50620 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:50636 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:52748 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:52760 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:52766 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.231:58166 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.232:36198 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:36478 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:36480 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:44814 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:44816 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:46848 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:50258 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:50266 ESTABLISHED 680 TCP 192.168.10.230:389 192.168.10.233:53830 ESTABLISHED 680 ...IP 192.168.10.230 and PID 680 spans above 20 entries, and 14 more with highest local port 3268 TCP [::]:88 [::]:0 LISTENING 680 TCP [::]:135 [::]:0 LISTENING 912 TCP [::]:389 [::]:0 LISTENING 680 TCP [::]:445 [::]:0 LISTENING 4 TCP [::]:464 [::]:0 LISTENING 680 TCP [::]:593 [::]:0 LISTENING 912 TCP [::]:636 [::]:0 LISTENING 680 TCP [::]:3268 [::]:0 LISTENING 680 TCP [::]:3269 [::]:0 LISTENING 680 TCP [::]:3389 [::]:0 LISTENING 368 TCP [::]:5357 [::]:0 LISTENING 4 TCP [::]:5985 [::]:0 LISTENING 4 TCP [::]:9389 [::]:0 LISTENING 2408 TCP [::]:47001 [::]:0 LISTENING 4 TCP [::]:49664 [::]:0 LISTENING 680 TCP [::]:49665 [::]:0 LISTENING 528 TCP [::]:49666 [::]:0 LISTENING 860 TCP [::]:49667 [::]:0 LISTENING 1312 TCP [::]:49668 [::]:0 LISTENING 680 TCP [::]:51941 [::]:0 LISTENING 2440 TCP [::]:51953 [::]:0 LISTENING 2420 TCP [::]:61065 [::]:0 LISTENING 680 TCP [::]:61066 [::]:0 LISTENING 2356 TCP [::]:61069 [::]:0 LISTENING 660 TCP [100::]:53 [::]:0 LISTENING 2440 TCP [100::]:389 [100::]:59120 ESTABLISHED 680 TCP [100::]:389 [100::]:61067 ESTABLISHED 680 TCP [100::]:389 [100::]:61068 ESTABLISHED 680 TCP [100::]:59120 [100::]:389 ESTABLISHED 2440 TCP [100::]:61067 [100::]:389 ESTABLISHED 2464 TCP [100::]:61068 [100::]:389 ESTABLISHED 2464 TCP [af29:7d68:e938:32f8:139:483e:4220:120]:53 [::]:0 LISTENING 2440 TCP [af29:7d68:e938:32f8::80fe]:53 [::]:0 LISTENING 2440 TCP [af29:7d68:e938:32f8::80fe]:389 [af29:7d68:e938:32f8::80fe]:59111 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:389 [af29:7d68:e938:32f8::80fe]:59115 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:389 [af29:7d68:e938:32f8::80fe]:59117 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:49668 [af29:7d68:e938:32f8::80fe]:51944 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:49668 [af29:7d68:e938:32f8::80fe]:52023 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:49668 [af29:7d68:e938:32f8::80fe]:57903 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:51944 [af29:7d68:e938:32f8::80fe]:49668 ESTABLISHED 2420 TCP [af29:7d68:e938:32f8::80fe]:52023 [af29:7d68:e938:32f8::80fe]:49668 ESTABLISHED 680 TCP [af29:7d68:e938:32f8::80fe]:57903 [af29:7d68:e938:32f8::80fe]:49668 ESTABLISHED 2524 TCP [af29:7d68:e938:32f8::80fe]:59111 [af29:7d68:e938:32f8::80fe]:389 ESTABLISHED 2420 TCP [af29:7d68:e938:32f8::80fe]:59115 [af29:7d68:e938:32f8::80fe]:389 ESTABLISHED 2420 TCP [af29:7d68:e938:32f8::80fe]:59117 [af29:7d68:e938:32f8::80fe]:389 ESTABLISHED 2440 UDP 127.0.0.1:53 *:* 2440 UDP 192.168.10.230:53 *:* 2440 UDP 192.168.10.230:88 *:* 680 UDP 0.0.0.0:123 *:* 692 UDP 192.168.10.230:137 *:* 4 UDP 192.168.10.230:138 *:* 4 UDP 0.0.0.0:389 *:* 680 UDP 192.168.10.230:464 *:* 680 UDP 0.0.0.0:3389 *:* 368 UDP 0.0.0.0:3702 *:* 1504 UDP 0.0.0.0:3702 *:* 1504 UDP 0.0.0.0:5353 *:* 1072 UDP 0.0.0.0:5355 *:* 1072 UDP 127.0.0.1:49241 *:* 2464 UDP 0.0.0.0:49245 *:* 2440 UDP 0.0.0.0:49246 *:* 2440 UDP 0.0.0.0:49247 *:* 2440 UDP 0.0.0.0:49248 *:* 2440 UDP 0.0.0.0:49249 *:* 2440 UDP 0.0.0.0:49250 *:* 2440 UDP 0.0.0.0:49251 *:* 2440 UDP 0.0.0.0:49252 *:* 2440 UDP 0.0.0.0:49253 *:* 2440 UDP 0.0.0.0:49254 *:* 2440 UDP 0.0.0.0:49255 *:* 2440 UDP 0.0.0.0:49256 *:* 2440 UDP 0.0.0.0:49257 *:* 2440 UDP 0.0.0.0:49258 *:* 2440 UDP 0.0.0.0:49259 *:* 2440 UDP 0.0.0.0:49260 *:* 2440 UDP 0.0.0.0:49261 *:* 2440 UDP 0.0.0.0:49262 *:* 2440 UDP 0.0.0.0:49263 *:* 2440 UDP 0.0.0.0:49264 *:* 2440 ...IP 0.0.0.0 and PID 2440 spans above 20 entries, and 347 more with highest local port 49611 UDP 0.0.0.0:49612 *:* 1504 UDP 0.0.0.0:49614 *:* 2440 UDP 0.0.0.0:49615 *:* 2440 UDP 0.0.0.0:49616 *:* 2440 UDP 0.0.0.0:49617 *:* 2440 UDP 0.0.0.0:49618 *:* 2440 UDP 0.0.0.0:49619 *:* 2440 UDP 0.0.0.0:49620 *:* 2440 UDP 0.0.0.0:49621 *:* 2440 UDP 0.0.0.0:49622 *:* 2440 UDP 0.0.0.0:49623 *:* 2440 UDP 0.0.0.0:49624 *:* 2440 UDP 0.0.0.0:49625 *:* 2440 UDP 0.0.0.0:49626 *:* 2440 UDP 0.0.0.0:49627 *:* 2440 UDP 0.0.0.0:49628 *:* 2440 UDP 0.0.0.0:49629 *:* 2440 UDP 0.0.0.0:49630 *:* 2440 UDP 0.0.0.0:49631 *:* 2440 UDP 0.0.0.0:49632 *:* 2440 UDP 0.0.0.0:49633 *:* 2440 ...IP 0.0.0.0 and PID 2440 spans above 20 entries, and 2064 more with highest local port 51697 UDP 127.0.0.1:51698 *:* 1312 UDP 0.0.0.0:51699 *:* 2440 UDP 0.0.0.0:51700 *:* 2440 UDP 0.0.0.0:51701 *:* 2440 UDP 0.0.0.0:51702 *:* 2440 UDP 0.0.0.0:51703 *:* 2440 UDP 0.0.0.0:51704 *:* 2440 UDP 0.0.0.0:51705 *:* 2440 UDP 0.0.0.0:51706 *:* 2440 UDP 0.0.0.0:51707 *:* 2440 UDP 0.0.0.0:51708 *:* 2440 UDP 0.0.0.0:51709 *:* 2440 UDP 0.0.0.0:51710 *:* 2440 UDP 0.0.0.0:51711 *:* 2440 UDP 0.0.0.0:51712 *:* 2440 UDP 0.0.0.0:51713 *:* 2440 UDP 0.0.0.0:51714 *:* 2440 UDP 0.0.0.0:51715 *:* 2440 UDP 0.0.0.0:51716 *:* 2440 UDP 0.0.0.0:51717 *:* 2440 UDP 0.0.0.0:51718 *:* 2440 ...IP 0.0.0.0 and PID 2440 spans above 20 entries, and 30 more with highest local port 54249 UDP 127.0.0.1:54571 *:* 2440 UDP 127.0.0.1:55875 *:* 2524 UDP 127.0.0.1:57006 *:* 1072 UDP 127.0.0.1:58417 *:* 680 UDP 127.0.0.1:58893 *:* 2408 UDP 127.0.0.1:59192 *:* 2356 UDP 127.0.0.1:63840 *:* 2420 UDP 0.0.0.0:54251 *:* 1072 UDP 0.0.0.0:61473 *:* 1072 UDP 0.0.0.0:64225 *:* 1072 UDP [100::]:53 *:* 2440 UDP [af29:7d68:e938:32f8:139:483e:4220:120]:53 *:* 2440 UDP [af29:7d68:e938:32f8::80fe]:53 *:* 2440 UDP [af29:7d68:e938:32f8:139:483e:4220:120]:88 *:* 680 UDP [af29:7d68:e938:32f8::80fe]:88 *:* 680 UDP [::]:123 *:* 692 UDP [::]:389 *:* 680 UDP [af29:7d68:e938:32f8:139:483e:4220:120]:464 *:* 680 UDP [af29:7d68:e938:32f8::80fe]:464 *:* 680 UDP [::]:3389 *:* 368 UDP [::]:3702 *:* 1504 UDP [::]:3702 *:* 1504 UDP [::]:5353 *:* 1072 UDP [::]:5355 *:* 1072 UDP [100::]:49242 *:* 2440 UDP [::]:49613 *:* 1504 UDP [::]:51748 *:* 2440 UDP [::]:51749 *:* 2440 UDP [::]:51750 *:* 2440 UDP [::]:51751 *:* 2440 UDP [::]:51752 *:* 2440 UDP [::]:51753 *:* 2440 UDP [::]:51754 *:* 2440 UDP [::]:51755 *:* 2440 UDP [::]:51756 *:* 2440 UDP [::]:51757 *:* 2440 UDP [::]:51758 *:* 2440 UDP [::]:51759 *:* 2440 UDP [::]:51760 *:* 2440 UDP [::]:51761 *:* 2440 UDP [::]:51762 *:* 2440 UDP [::]:51763 *:* 2440 UDP [::]:51764 *:* 2440 UDP [::]:51765 *:* 2440 UDP [::]:51766 *:* 2440 UDP [::]:51767 *:* 2440 ...IP [::] and PID 2440 spans above 20 entries, and 2481 more with highest local port 54250 UDP [::]:54251 *:* 1072 UDP [::]:61473 *:* 1072 UDP [::]:64225 *:* 1072 [processes] PROCESS PID USER CPU MEMORY AggregatorHost 1840 NT AUTHORITY\SYSTEM 0.0 % 588.00 KB conhost 4320 - 0.0 % 5.91 MB csrss 544 NT AUTHORITY\SYSTEM 0.0 % 1.04 MB csrss 456 NT AUTHORITY\SYSTEM 0.0 % 1.14 MB dfsrs 2420 NT AUTHORITY\SYSTEM 0.0 % 9.10 MB dfssvc 2524 NT AUTHORITY\SYSTEM 0.0 % 1.60 MB dllhost 3280 NT AUTHORITY\SYSTEM 0.0 % 1.83 MB dns 2440 NT AUTHORITY\SYSTEM 0.0 % 117.86 MB dwm 404 Window Manager\DWM-1 0.0 % 15.96 MB fontdrvhost 3632 Font Driver Host\UMFD-0 0.0 % 1000.00 KB fontdrvhost 3624 Font Driver Host\UMFD-1 0.0 % 936.00 KB ismserv 2464 NT AUTHORITY\SYSTEM 0.0 % 1.07 MB LogonUI 72 NT AUTHORITY\SYSTEM 0.0 % 7.38 MB lsass 680 NT AUTHORITY\SYSTEM 0.0 % 37.81 MB Microsoft.ActiveDirectory.WebServices 2408 NT AUTHORITY\SYSTEM 0.0 % 16.52 MB MicrosoftEdgeUpdate 4672 NT AUTHORITY\SYSTEM 0.0 % 1008.00 KB MpDefenderCoreService 2632 NT AUTHORITY\SYSTEM 0.0 % 6.38 MB mrbig64 1684 NT AUTHORITY\SYSTEM 89.2 % 6.06 MB msdtc 4692 NT AUTHORITY\NETWORK SERVICE 0.0 % 2.21 MB MsMpEng 2588 NT AUTHORITY\SYSTEM 3.1 % 71.98 MB NisSrv 3508 NT AUTHORITY\LOCAL SERVICE 0.0 % 3.34 MB Registry 100 NT AUTHORITY\SYSTEM 0.0 % 1.11 MB services 660 NT AUTHORITY\SYSTEM 0.0 % 3.46 MB smss 312 NT AUTHORITY\SYSTEM 0.0 % 284.00 KB spoolsv 2356 NT AUTHORITY\SYSTEM 0.0 % 4.69 MB svchost 3156 NT AUTHORITY\NETWORK SERVICE 0.0 % 3.43 MB svchost 3000 NT AUTHORITY\SYSTEM 0.0 % 1.14 MB svchost 2400 NT AUTHORITY\SYSTEM 0.0 % 12.38 MB svchost 2388 NT AUTHORITY\LOCAL SERVICE 0.0 % 6.34 MB svchost 2284 NT AUTHORITY\SYSTEM 0.0 % 1.61 MB svchost 1624 NT AUTHORITY\SYSTEM 0.0 % 2.50 MB svchost 1504 NT AUTHORITY\LOCAL SERVICE 0.0 % 2.11 MB svchost 1380 NT AUTHORITY\LOCAL SERVICE 0.0 % 1.36 MB svchost 1312 NT AUTHORITY\SYSTEM 0.0 % 22.27 MB svchost 1228 NT AUTHORITY\LOCAL SERVICE 0.0 % 9.46 MB svchost 1072 NT AUTHORITY\NETWORK SERVICE 0.0 % 7.32 MB svchost 912 NT AUTHORITY\NETWORK SERVICE 0.0 % 3.50 MB svchost 868 NT AUTHORITY\SYSTEM 0.0 % 4.23 MB svchost 860 NT AUTHORITY\LOCAL SERVICE 0.0 % 12.02 MB svchost 800 NT AUTHORITY\SYSTEM 0.0 % 7.98 MB svchost 704 NT AUTHORITY\LOCAL SERVICE 0.0 % 5.68 MB svchost 692 NT AUTHORITY\LOCAL SERVICE 0.0 % 1.12 MB svchost 368 NT AUTHORITY\NETWORK SERVICE 0.0 % 7.04 MB System 4 NT AUTHORITY\SYSTEM 0.0 % 12.00 KB vds 2156 NT AUTHORITY\SYSTEM 0.0 % 1.76 MB wininit 528 NT AUTHORITY\SYSTEM 0.0 % 996.00 KB winlogon 592 NT AUTHORITY\SYSTEM 0.0 % 1.18 MB wlms 2596 NT AUTHORITY\SYSTEM 0.0 % 464.00 KB [topprocessescpu] PROCESS PID USER CPU MEMORY mrbig64 1684 NT AUTHORITY\SYSTEM 89.2 % 6.06 MB MsMpEng 2588 NT AUTHORITY\SYSTEM 3.1 % 71.98 MB AggregatorHost 1840 NT AUTHORITY\SYSTEM 0.0 % 588.00 KB conhost 4320 - 0.0 % 5.91 MB csrss 544 NT AUTHORITY\SYSTEM 0.0 % 1.04 MB csrss 456 NT AUTHORITY\SYSTEM 0.0 % 1.14 MB dfsrs 2420 NT AUTHORITY\SYSTEM 0.0 % 9.10 MB dfssvc 2524 NT AUTHORITY\SYSTEM 0.0 % 1.60 MB dllhost 3280 NT AUTHORITY\SYSTEM 0.0 % 1.83 MB dns 2440 NT AUTHORITY\SYSTEM 0.0 % 117.86 MB dwm 404 Window Manager\DWM-1 0.0 % 15.96 MB fontdrvhost 3632 Font Driver Host\UMFD-0 0.0 % 1000.00 KB fontdrvhost 3624 Font Driver Host\UMFD-1 0.0 % 936.00 KB ismserv 2464 NT AUTHORITY\SYSTEM 0.0 % 1.07 MB LogonUI 72 NT AUTHORITY\SYSTEM 0.0 % 7.38 MB lsass 680 NT AUTHORITY\SYSTEM 0.0 % 37.81 MB Microsoft.ActiveDirectory.WebServices 2408 NT AUTHORITY\SYSTEM 0.0 % 16.52 MB MicrosoftEdgeUpdate 4672 NT AUTHORITY\SYSTEM 0.0 % 1008.00 KB MpDefenderCoreService 2632 NT AUTHORITY\SYSTEM 0.0 % 6.38 MB msdtc 4692 NT AUTHORITY\NETWORK SERVICE 0.0 % 2.21 MB [topprocessesmemory] PROCESS PID USER CPU MEMORY dns 2440 NT AUTHORITY\SYSTEM 0.0 % 117.86 MB MsMpEng 2588 NT AUTHORITY\SYSTEM 3.1 % 71.98 MB lsass 680 NT AUTHORITY\SYSTEM 0.0 % 37.81 MB svchost 1312 NT AUTHORITY\SYSTEM 0.0 % 22.27 MB Microsoft.ActiveDirectory.WebServices 2408 NT AUTHORITY\SYSTEM 0.0 % 16.52 MB dwm 404 Window Manager\DWM-1 0.0 % 15.96 MB svchost 2400 NT AUTHORITY\SYSTEM 0.0 % 12.38 MB svchost 860 NT AUTHORITY\LOCAL SERVICE 0.0 % 12.02 MB svchost 1228 NT AUTHORITY\LOCAL SERVICE 0.0 % 9.46 MB dfsrs 2420 NT AUTHORITY\SYSTEM 0.0 % 9.10 MB svchost 800 NT AUTHORITY\SYSTEM 0.0 % 7.98 MB LogonUI 72 NT AUTHORITY\SYSTEM 0.0 % 7.38 MB svchost 1072 NT AUTHORITY\NETWORK SERVICE 0.0 % 7.32 MB svchost 368 NT AUTHORITY\NETWORK SERVICE 0.0 % 7.04 MB MpDefenderCoreService 2632 NT AUTHORITY\SYSTEM 0.0 % 6.38 MB svchost 2388 NT AUTHORITY\LOCAL SERVICE 0.0 % 6.34 MB mrbig64 1684 NT AUTHORITY\SYSTEM 89.2 % 6.06 MB conhost 4320 - 0.0 % 5.91 MB svchost 704 NT AUTHORITY\LOCAL SERVICE 0.0 % 5.68 MB spoolsv 2356 NT AUTHORITY\SYSTEM 0.0 % 4.69 MB [runningservices] PID SERVICE DISPLAY NAME STARTUP STATUS 2408 ADWS Active Directory Web Services Auto Running 1228 BFE Base Filtering Engine Auto Running 868 BrokerInfrastructure Background Tasks Infrastructure Service Auto Running 704 CDPSvc Connected Devices Platform Service Auto Running 1624 CertPropSvc Certificate Propagation Manual Running 2388 CoreMessagingRegistrar CoreMessaging Auto Running 1072 CryptSvc Cryptographic Services Auto Running 868 DcomLaunch DCOM Server Process Launcher Auto Running 2524 Dfs DFS Namespace Auto Running 2420 DFSR DFS Replication Auto Running 860 Dhcp DHCP Client Auto Running 2400 DiagTrack Connected User Experiences and Telemetry Auto Running 704 DispBrokerDesktopSvc Display Policy Service Auto Running 2440 DNS DNS Server Auto Running 1072 Dnscache DNS Client Auto Running 3156 DoSvc Delivery Optimization Manual Running 2388 DPS Diagnostic Policy Service Auto Running 1312 DsmSvc Device Setup Manager Manual Running 800 DsSvc Data Sharing Service Manual Running 860 EventLog Windows Event Log Auto Running 704 EventSystem COM+ Event System Auto Running 704 fdPHost Function Discovery Provider Host Manual Running 1504 FDResPub Function Discovery Resource Publication Manual Running 704 FontCache Windows Font Cache Service Auto Running 1312 gpsvc Group Policy Client Auto Running 1312 iphlpsvc IP Helper Auto Running 2464 IsmServ Intersite Messaging Auto Running 680 Kdc Kerberos Key Distribution Center Auto Running 680 KeyIso CNG Key Isolation Manual Running 2284 LanmanServer Server Auto Running 1072 LanmanWorkstation Workstation Auto Running 860 lmhosts TCP/IP NetBIOS Helper Manual Running 868 LSM Local Session Manager Auto Running 2632 MDCoreSvc Microsoft Defender Core Service Auto Running 1228 mpssvc Windows Defender Firewall Auto Running 1684 MrBig Mr Big Monitoring Agent Auto Running 4692 MSDTC Distributed Transaction Coordinator Auto Running 800 NcbService Network Connection Broker Manual Running 680 Netlogon Netlogon Auto Running 704 netprofm Network List Service Manual Running 1072 NlaSvc Network Location Awareness Auto Running 704 nsi Network Store Interface Service Auto Running 680 NTDS Active Directory Domain Services Auto Running 800 PcaSvc Program Compatibility Assistant Service Auto Running 868 PlugPlay Plug and Play Manual Running 868 Power Power Auto Running 1312 ProfSvc User Profile Service Auto Running 1624 RasMan Remote Access Connection Manager Auto Running 912 RpcEptMapper RPC Endpoint Mapper Auto Running 912 RpcSs Remote Procedure Call (RPC) Auto Running 680 SamSs Security Accounts Manager Auto Running 1312 Schedule Task Scheduler Auto Running 1312 SENS System Event Notification Service Auto Running 1312 SessionEnv Remote Desktop Configuration Manual Running 1312 ShellHWDetection Shell Hardware Detection Auto Running 2356 Spooler Print Spooler Auto Running 704 SstpSvc Secure Socket Tunneling Protocol Service Manual Running 800 StorSvc Storage Service Auto Running 800 SysMain SysMain Auto Running 868 SystemEventsBroker System Events Broker Auto Running 368 TermService Remote Desktop Services Manual Running 1312 Themes Themes Auto Running 860 TimeBrokerSvc Time Broker Manual Running 800 UALSVC User Access Logging Service Auto Running 800 UmRdpService Remote Desktop Services UserMode Port Redirector Manual Running 1312 UserManager User Manager Auto Running 1312 UsoSvc Update Orchestrator Service Auto Running 2156 vds Virtual Disk Manual Running 692 W32Time Windows Time Auto Running 3000 WaaSMedicSvc Windows Update Medic Service Manual Running 1380 Wcmsvc Windows Connection Manager Auto Running 3508 WdNisSvc Microsoft Defender Antivirus Network Inspection Service Manual Running 2588 WinDefend Microsoft Defender Antivirus Service Auto Running 1312 Winmgmt Windows Management Instrumentation Auto Running 1072 WinRM Windows Remote Management (WS-Management) Auto Running 2596 WLMS Windows Licensing Monitoring Service Auto Running 1312 WpnService Windows Push Notifications System Service Auto Running - edgeupdate Microsoft Edge Update Service (edgeupdate) Auto Stopped - RemoteRegistry Remote Registry Auto Stopped - sppsvc Software Protection Auto Stopped - StateRepository State Repository Service Auto Stopped [eventlog_application] (No warnings or errors found within the last 1.000000h.) [eventlog_setup] (No warnings or errors found within the last 1.000000h.) [eventlog_system] (No warnings or errors found within the last 1.000000h.) [applications] Microsoft Edge 148.0.3967.96 Microsoft Corporation x64 Microsoft Edge Update 1.3.237.7 - x64 [certificates] (No certificates found in store 'MY')[reboots] Date User Reason 2026-05-30 16:55:13 DC1\Administrator No title for this reason could be found 2026-05-30 16:52:52 WIN-M3JS4F1N7Q2\Administrator No title for this reason could be found 2026-05-30 16:45:20 NT AUTHORITY\SYSTEM Operating System: Upgrade (Planned) 2026-05-30 10:13:14 DC\Administrator No title for this reason could be found [clientversion] MrBig version 0.26.4 [clock] local: 2026-06-06 02:28:55 W. Europe Daylight Time UTC: 2026-06-06 00:28:55 UTC