Sie sind auf Seite 1von 9

CcmExec.

exe
5760
TCP
50726
10.104.16.13
10123
10.50.144.94
cvgwpsccm02.ga.afginc.com
Established
C:\WINDOWS\CCM\C
cmExec.exe
System Center 2012 Configuration Manager
Host Process for
Microsoft Configuration Manager
5.00.7958.1000 (SCCM.130911-1354)
Microsoft Corporation 2/6/2015 7:59:18 AM
NT AUTHORITY\SYSTEM
CcmExec
A
2/6/2015 10:13:50 AM
CcmExec.exe
5760
UDP
61937
127.0.0.1
C:\WINDOWS\CCM\CcmExec.exe
System Center 2012 Configuration Manager
Host Process for Microsoft Configuration Manager
5.00.7958.1000 (SCCM.130
911-1354)
Microsoft Corporation 2/6/2015 7:59:18 AM
NT AUTHORITY\SYS
TEM
CcmExec A
2/6/2015 10:13:50 AM
chrome.exe
4400
TCP
52333
10.104.16.13
443
https
216.58.216.68 ord30s21-in-f4.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
52347
10.104.16.13
443
https
199.16.156.21
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52427
10.104.16.13
443
https
74.125.228.6
iad23s05-in-f6.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
52426
10.104.16.13
80
http
23.235.46.130
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52245
10.104.16.13
443
https
74.125.228.14 iad23s05-in-f14.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
51830
10.104.16.13
443
https
173.194.68.189 qa-in-f189.1e100.net
Established
C:\Program Files (x86)\G
oogle\Chrome\Application\chrome.exe
Google Chrome Google Chrome 38.0.212
5.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP network con
nections on Windows - Google Chrome
chrome.exe
4400
TCP
52419
10.104.16.13
80
http
8.21.198.139
alb54.clearspring.com Established
C:\Program Files (x86)\G
oogle\Chrome\Application\chrome.exe
Google Chrome Google Chrome 38.0.212
5.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP network con
nections on Windows - Google Chrome
chrome.exe
4400
TCP
50920
10.104.16.13
443
https
173.194.204.188
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52413
10.104.16.13
80
http

74.125.228.24 iad23s05-in-f24.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
52411
10.104.16.13
80
http
23.235.39.184
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52409
10.104.16.13
80
http
50.22.232.74
50.22.232.74-static.reverse.softlayer.com
Established
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Google Chrome
Google Chrome 38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrod
gers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monit
oring TCP/IP network connections on Windows - Google Chrome
chrome.exe
4400
TCP
52392
10.104.16.13
443
https
198.252.206.149 stackoverflow.com
Established
C:\Program Files (x86)\G
oogle\Chrome\Application\chrome.exe
Google Chrome Google Chrome 38.0.212
5.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP network con
nections on Windows - Google Chrome
chrome.exe
4400
TCP
52417
10.104.16.13
80
http
74.125.228.5
iad23s05-in-f5.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
CmRcService.exe 3172
TCP
2701
sms-rcinfo
::
::
Listening
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe System C
enter 2012 Configuration Manager
Configuration Manager Remote Control Ser
vice
5.00.7958.1401 (hermbld.140904-1713)
Microsoft Corporation 2/6/2015
7:59:23 AM
NT AUTHORITY\SYSTEM
CmRcService
A
2/6/2015 10:13:5
0 AM
CmRcService.exe 3172
TCP
2701
sms-rcinfo
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe System C
enter 2012 Configuration Manager
Configuration Manager Remote Control Ser
vice
5.00.7958.1401 (hermbld.140904-1713)
Microsoft Corporation 2/6/2015
7:59:23 AM
NT AUTHORITY\SYSTEM
CmRcService
A
2/6/2015 10:13:5
0 AM
communicator.exe
2236
UDP
51941
127.0.0.1
C:\Program Files (x86)\Microsoft Lync\communicator.exe Microsoft Lync 2010
Microsoft Lync 2010
4.0.7577.0 built by: lcs_se_w14_main(rtbldlab) Microsof
t Corporation 2/6/2015 7:58:23 AM
AAG\jrodgers2
A
2/6/2015
10:13:50 AM
Microsoft Lync
communicator.exe
2236
TCP
50641
10.104.16.13
5061
10.50.144.228 cvgwp19802.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Lync\communicator.exe Microsoft Lync 2010
Microsoft Lync 2
010
4.0.7577.0 built by: lcs_se_w14_main(rtbldlab) Microsoft Corporation
2/6/2015 7:58:23 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Lync
EXCEL.EXE
7320
UDP
62913
127.0.0.1
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Microsoft Office
2010 Microsoft Excel 14.0.6126.5003 Microsoft Corporation 2/6/2015 8:23:37
AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Excel - Installed Applications (Master List)
FrameworkService.exe
1428
TCP
8081
::
::
Listening
C:\Program Files (x86)\McAfee\Common Framework\F
rameworkService.exe
McAfee Agent
Framework Service
4.8.0.887

McAfee, Inc.
2/6/2015 7:57:04 AM
NT AUTHORITY\SYSTEM
McAfeeFramework
A
2/6/2015 10:13:50 AM
FrameworkService.exe
1428
TCP
8081
0.0.0.0
0.0.0.0
Listening
C:\Program Files (x86)\McAfee\Common Framework\F
rameworkService.exe
McAfee Agent
Framework Service
4.8.0.887
McAfee, Inc.
2/6/2015 7:57:04 AM
NT AUTHORITY\SYSTEM
McAfeeFramework
A
2/6/2015 10:13:50 AM
iexplore.exe
11056 UDP
59043
127.0.0.1
C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows Internet Explorer
Internet Explorer
8.00.7600.16385 (win7_rtm.090713-1255) Microsoft Corpor
ation 2/6/2015 9:29:41 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
LpSystemsMonitorService.exe
1988
TCP
65329
0.0.0.0
0.0.0.0
Listening
C:\Program Files\GAFRI\LpsystemMonitorServiceV1\
LpSystemsMonitorService.exe
LpSystemsMonitorService LpSystemsMonitorService
1.0.0.0 GAFRI 2/6/2015 7:57:03 AM
NT AUTHORITY\SYSTEM
LpSystemsMonitor
Service A
2/6/2015 10:13:50 AM
LpSystemsMonitorService.exe
1988
TCP
65329
::
::
Listening
C:\Program Files\GAFRI\LpsystemMonitorServiceV1\
LpSystemsMonitorService.exe
LpSystemsMonitorService LpSystemsMonitorService
1.0.0.0 GAFRI 2/6/2015 7:57:03 AM
NT AUTHORITY\SYSTEM
LpSystemsMonitor
Service A
2/6/2015 10:13:50 AM
lsass.exe
788
TCP
49155
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\lsass.exe Microsoft Windows Operating System
Local Security Authority Process
6.1.7601.18443 (win7sp1_gdr.140411-1533)
Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
KeyIso,
Netlogon, ProtectedStorage, SamSs
A
2/6/2015 10:13:50 AM
lsass.exe
788
UDP
65368
127.0.0.1
C:\WINDOWS\system32\lsass.exe Microsoft Windows Operating System
Local Se
curity Authority Process
6.1.7601.18443 (win7sp1_gdr.140411-1533)
Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
KeyIso,
Netlogon, ProtectedStorage, SamSs
A
2/6/2015 10:13:50 AM
lsass.exe
788
TCP
49155
::
::
Listening
C:\WINDOWS\system32\lsass.exe Microsoft Windows Operating System
Local Security Authority Process
6.1.7601.18443 (win7sp1_gdr.140411-1533)
Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
KeyIso,
Netlogon, ProtectedStorage, SamSs
A
2/6/2015 10:13:50 AM
msaccess.exe
6368
TCP
52212
10.104.16.13
80
http
137.117.85.146
Close Wait
c:\program files (x86)\microsoft office\
office14\msaccess.exe Microsoft Office 2010 Microsoft Access
14.0.602
4.1000 Microsoft Corporation 2/6/2015 9:47:59 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Access - HyenaDB : Dat
abase (Access 2007 - 2010)
msaccess.exe
6368
TCP
52211
10.104.16.13
80
http
137.116.64.35
Close Wait
c:\program files (x86)\microsoft office\
office14\msaccess.exe Microsoft Office 2010 Microsoft Access
14.0.602
4.1000 Microsoft Corporation 2/6/2015 9:47:59 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Access - HyenaDB : Dat
abase (Access 2007 - 2010)
mstsc.exe
6624
TCP
52401
10.104.16.13
443
https
10.50.16.64
cinrdpgw01.aag.gfrinc.net
Established
C:\WINDOWS\syste
m32\mstsc.exe Microsoft Windows Operating System
Remote Desktop Connectio
n
6.3.9600.16415 (winblue_gdr_oob.131001-0952)
Microsoft Corporation
2/6/2015 10:08:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CINAPP106D - Remote Desktop Connection
mstsc.exe
6624
TCP
52400
10.104.16.13
443
https
10.50.16.64
cinrdpgw01.aag.gfrinc.net
Established
C:\WINDOWS\syste
m32\mstsc.exe Microsoft Windows Operating System
Remote Desktop Connectio
n
6.3.9600.16415 (winblue_gdr_oob.131001-0952)
Microsoft Corporation
2/6/2015 10:08:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM

CINAPP106D - Remote Desktop Connection


OUTLOOK.EXE
5928
TCP
52322
10.104.16.13
59533
10.50.136.28
autodiscover.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft Outlook
Microsof
t Outlook
14.0.6131.5000 Microsoft Corporation 2/6/2015 8:03:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Sent Ite
ms - jrodgers2@GAIG.COM - Microsoft Outlook
OUTLOOK.EXE
5928
UDP
51825
127.0.0.1
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft Outloo
k
Microsoft Outlook
14.0.6131.5000 Microsoft Corporation 2/6/2015
8:03:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Sent Items - jrodgers2@GAIG.COM - Microsoft Outlook
OUTLOOK.EXE
5928
UDP
53258
127.0.0.1
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft Outloo
k
Microsoft Outlook
14.0.6131.5000 Microsoft Corporation 2/6/2015
8:03:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Sent Items - jrodgers2@GAIG.COM - Microsoft Outlook
OUTLOOK.EXE
5928
TCP
50647
10.104.16.13
59532
10.50.136.28
autodiscover.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft Outlook
Microsof
t Outlook
14.0.6131.5000 Microsoft Corporation 2/6/2015 8:03:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Sent Ite
ms - jrodgers2@GAIG.COM - Microsoft Outlook
OUTLOOK.EXE
5928
TCP
50653
10.104.16.13
59532
10.50.144.178 cvgwp19931.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft Outlook
Microsof
t Outlook
14.0.6131.5000 Microsoft Corporation 2/6/2015 8:03:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Sent Ite
ms - jrodgers2@GAIG.COM - Microsoft Outlook
OUTLOOK.EXE
5928
TCP
50693
10.104.16.13
59532
10.50.136.28
autodiscover.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Office\Office14\OUTLOOK.EXE
Microsoft Outlook
Microsof
t Outlook
14.0.6131.5000 Microsoft Corporation 2/6/2015 8:03:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Sent Ite
ms - jrodgers2@GAIG.COM - Microsoft Outlook
SCNotification.exe
6796
TCP
49158
127.0.0.1
0.0.0.0
Listening
C:\WINDOWS\CCM\SCNotification.exe
System C
enter Configuration Manager
SCNotification 5.0.7958.1000 Microsoft Corpor
ation 2/6/2015 7:59:57 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
services.exe
764
TCP
49156
::
::
Listening
C:\WINDOWS\system32\services.exe
Microsoft Windows Operatin
g System
Services and Controller app
6.1.7600.16385 (win7_rtm.0907131255) Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
A
2/6/2015 10:13:50 AM
services.exe
764
TCP
49156
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\services.exe
Microsoft Windows Operatin
g System
Services and Controller app
6.1.7600.16385 (win7_rtm.0907131255) Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
A
2/6/2015 10:13:50 AM
svchost.exe
1480
TCP
3389
ms-wbt-server ::
::
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows
Operating System
Host Process for Windows Services
6.1.7600.16385 (
win7_rtm.090713-1255) Microsoft Corporation 2/6/2015 7:57:01 AM
NT AUTHO
RITY\NETWORK SERVICE
CryptSvc, Dnscache, LanmanWorkstation, NlaSvc, TermServi
ce, WinRM
A
2/6/2015 10:13:50 AM
C:\WINDOWS\system32\svchost.exe
svchost.exe
428
TCP
49153
::
::
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\LOCAL SERVICE

AudioSrv, Dhcp, eventlog, lmhosts, wscsvc


A
2/6/2015 10:13:50 AM
svchost.exe
1100
TCP
49154
::
::
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\SYSTEM
AeLookup
Svc, BDESVC, BITS, Browser, CertPropSvc, EapHost, IKEEXT, iphlpsvc, LanmanServer
, MMCSS, ProfSvc, Schedule, seclogon, SENS, SessionEnv A
2/6/2015 10:13:5
0 AM
svchost.exe
1100
UDP
500
isakmp ::
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\SYSTEM
AeLookupSvc, BDE
SVC, BITS, Browser, CertPropSvc, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, seclogon, SENS, SessionEnv A
2/6/2015 10:13:50 AM
svchost.exe
6252
TCP
49176
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 8:02:13 AM
NT AUTHORITY\NETWORK SERVICE
PolicyAgent
A
2/6/2015 10:13:50 AM
svchost.exe
436
TCP
135
epmap ::
::
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\NETWORK SERVICE
RpcEptMapper, RpcSs
A
2/6/2015 10:13:50 AM
svchost.exe
1648
UDP
1900
ssdp
::1
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:02 AM
NT AUTHORITY\LOCAL SERVICE
SCardSvr
, SSDPSRV, TBS A
2/6/2015 10:13:50 AM
svchost.exe
1064
UDP
123
ntp
::
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\LOCAL SERVICE
EventSys
tem, FontCache, netprofm, nsi, W32Time, WdiServiceHost, WebClient
A
2/6/2015 10:13:50 AM
svchost.exe
1648
UDP
53267
::1
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:02 AM
NT AUTHORITY\LOCAL SERVICE
SCardSvr
, SSDPSRV, TBS A
2/6/2015 10:13:50 AM
svchost.exe
1212
UDP
60867
127.0.0.1
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:01 AM
NT AUTHORITY\SYSTEM
gpsvc A
2/6/2015 10:13:50 AM
svchost.exe
1100
TCP
49154
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\SYSTEM
AeLookup
Svc, BDESVC, BITS, Browser, CertPropSvc, EapHost, IKEEXT, iphlpsvc, LanmanServer
, MMCSS, ProfSvc, Schedule, seclogon, SENS, SessionEnv A
2/6/2015 10:13:5
0 AM
svchost.exe
428
TCP
49153
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\LOCAL SERVICE
AudioSrv, Dhcp, eventlog, lmhosts, wscsvc
A
2/6/2015 10:13:50 AM
svchost.exe
1100
UDP
4500
ipsec-msft
::
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof

t Corporation 2/6/2015 7:57:00 AM


NT AUTHORITY\SYSTEM
AeLookupSvc, BDE
SVC, BITS, Browser, CertPropSvc, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, seclogon, SENS, SessionEnv A
2/6/2015 10:13:50 AM
svchost.exe
1648
UDP
53269
127.0.0.1
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:02 AM
NT AUTHORITY\LOCAL SERVICE
SCardSvr
, SSDPSRV, TBS A
2/6/2015 10:13:50 AM
svchost.exe
1648
UDP
53268
10.104.16.13
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:02 AM
NT AUTHORITY\LOCAL SERVICE
SCardSvr
, SSDPSRV, TBS A
2/6/2015 10:13:50 AM
svchost.exe
1480
TCP
3389
ms-wbt-server 0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows
Operating System
Host Process for Windows Services
6.1.7600.16385 (
win7_rtm.090713-1255) Microsoft Corporation 2/6/2015 7:57:01 AM
NT AUTHO
RITY\NETWORK SERVICE
CryptSvc, Dnscache, LanmanWorkstation, NlaSvc, TermServi
ce, WinRM
A
2/6/2015 10:13:50 AM
svchost.exe
6252
TCP
49176
::
::
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 8:02:13 AM
NT AUTHORITY\NETWORK SERVICE
PolicyAgent
A
2/6/2015 10:13:50 AM
svchost.exe
1480
UDP
65104
127.0.0.1
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:01 AM
NT AUTHORITY\NETWORK SERVICE
CryptSvc
, Dnscache, LanmanWorkstation, NlaSvc, TermService, WinRM
A
2/6/2015
10:13:50 AM
svchost.exe
436
TCP
135
epmap 0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
Microsoft Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\NETWORK SERVICE
RpcEptMapper, RpcSs
A
2/6/2015 10:13:50 AM
svchost.exe
1480
UDP
5355
llmnr 0.0.0.0
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:01 AM
NT AUTHORITY\NETWORK SERVICE
CryptSvc
, Dnscache, LanmanWorkstation, NlaSvc, TermService, WinRM
A
2/6/2015
10:13:50 AM
svchost.exe
1064
UDP
123
ntp
0.0.0.0
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\LOCAL SERVICE
EventSys
tem, FontCache, netprofm, nsi, W32Time, WdiServiceHost, WebClient
A
2/6/2015 10:13:50 AM
svchost.exe
1100
UDP
500
isakmp 0.0.0.0
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\SYSTEM
AeLookupSvc, BDE
SVC, BITS, Browser, CertPropSvc, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, seclogon, SENS, SessionEnv A
2/6/2015 10:13:50 AM
svchost.exe
1648
UDP
1900
ssdp
10.104.16.13
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:02 AM
NT AUTHORITY\LOCAL SERVICE
SCardSvr
, SSDPSRV, TBS A
2/6/2015 10:13:50 AM
svchost.exe
1648
UDP
1900
ssdp
127.0.0.1
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro

cess for Windows Services


6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:02 AM
NT AUTHORITY\LOCAL SERVICE
SCardSvr
, SSDPSRV, TBS A
2/6/2015 10:13:50 AM
svchost.exe
1100
UDP
4500
ipsec-msft
0.0.0.0
C:\WINDOWS\system32\svchost.exe Microsoft Windows Operating System
Host Pro
cess for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:57:00 AM
NT AUTHORITY\SYSTEM
AeLookupSvc, BDE
SVC, BITS, Browser, CertPropSvc, EapHost, IKEEXT, iphlpsvc, LanmanServer, MMCSS,
ProfSvc, Schedule, seclogon, SENS, SessionEnv A
2/6/2015 10:13:50 AM
System 4
TCP
47001
0.0.0.0
0.0.0.0
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
8000
::
::
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
8000
0.0.0.0
0.0.0.0
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
5986
0.0.0.0
0.0.0.0
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
445
microsoft-ds
0.0.0.0
0.0.0.0
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
50757
10.104.16.13
445
microsoft-ds
10.50.73.61
cinfile01.aag.gfrinc.net
Established
N/A
2/6/2015 10:13:50 AM
System 4
TCP
5986
::
::
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
445
microsoft-ds
::
::
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
47001
::
::
Listening
N/A
2/6/2015 10:13:50 AM
System 4
TCP
52406
10.104.16.13
445
microsoft-ds
10.50.16.50
cinmgt12.aag.gfrinc.net Established
N/A
2/6/2015 10:13:50 AM
UcMapi.exe
3064
TCP
50639
10.104.16.13
59532
10.50.136.28
autodiscover.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Lync\UcMapi.exe
Microsoft Lync 2010
Microsoft Lync 2
010 MAPI COM Server
4.0.7577.0 built by: lcs_se_w14_main(rtbldlab) Microsof
t Corporation 2/6/2015 8:03:46 AM
AAG\jrodgers2
A
2/6/2015
10:13:50 AM
Unknown 0
TCP
52390
10.104.16.13
80
http
190.93.2
47.58
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52387
10.104.16.13
80
http
216.68.1
0.161 akamai-216-68-10-161.fuse.net Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52385
10.104.16.13
80
http
104.16.1
3.8
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52422
10.104.16.13
80
http
74.125.2
28.13 iad23s05-in-f13.1e100.net
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52384
10.104.16.13
80
http
103.31.6
.36
Time Wait
N/A
2/6/2015 10:13:50 AM

Unknown 0
TCP
52377
10.104.16.13
80
http
103.31.6
.36
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52338
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52421
10.104.16.13
80
http
8.21.198
.139
alb54.clearspring.com Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52376
10.104.16.13
80
http
190.93.2
46.58
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52391
10.104.16.13
80
http
190.93.2
47.58
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52340
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52344
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52343
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52342
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52341
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52420
10.104.16.13
80
http
8.21.198
.139
alb54.clearspring.com Time Wait
N/A
2/6/2015 10:13:50 AM
vpnagent.exe
1388
TCP
62522
127.0.0.1
49157
127.0.0.1
GFR-CVG-0012098.ga.afginc.com Established
C:\Program Files
(x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
Cisco An
yConnect Secure Mobility Client VPN Agent Service
3, 0, 5080
Cisco Sy
stems, Inc.
2/6/2015 7:57:01 AM
NT AUTHORITY\SYSTEM
vpnagent
A
2/6/2015 10:13:50 AM
vpnagent.exe
1388
TCP
62522
127.0.0.1
0.0.0.0
Listening
C:\Program Files (x86)\Cisco\Cisco AnyConnect Se
cure Mobility Client\vpnagent.exe
Cisco AnyConnect Secure Mobility Client
VPN Agent Service
3, 0, 5080
Cisco Systems, Inc.
2/6/2015 7:57:01
AM
NT AUTHORITY\SYSTEM
vpnagent
A
2/6/2015 10:13:50 AM
vpnui.exe
4544
TCP
49157
127.0.0.1
62522
127.0.0.1
GFR-CVG-0012098.ga.afginc.com Established
C:\Program Files
(x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe Cisco AnyConnect
Secure Mobility Client Cisco AnyConnect User Interface 3, 0, 5080
Cisco Sy
stems, Inc.
2/6/2015 7:58:23 AM
AAG\jrodgers2
A
2/6/2015
10:13:50 AM
wininit.exe
708
TCP
49152
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\wininit.exe Microsoft Windows Operating System
Windows Start-Up Application
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
A
2/6/2015 10:13:50 AM
wininit.exe
708
TCP
49152
::
::
Listening
C:\WINDOWS\system32\wininit.exe Microsoft Windows Operating System
Windows Start-Up Application
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
A
2/6/2015 10:13:50 AM

wmiprvse.exe
2492
UDP
49865
127.0.0.1
C:\WINDOWS\system32\wbem\wmiprvse.exe Microsoft Windows Operating System
WMI Provider Host
6.2.9200.16398 (win8_gdr_oobssr.120820-1900)
Microsof
t Corporation 2/6/2015 7:57:09 AM
NT AUTHORITY\NETWORK SERVICE
A
2/6/2015 10:13:50 AM