Test
Test
Test
exe
5760
TCP
50726
10.104.16.13
10123
10.50.144.94
cvgwpsccm02.ga.afginc.com
Established
C:\WINDOWS\CCM\C
cmExec.exe
System Center 2012 Configuration Manager
Host Process for
Microsoft Configuration Manager
5.00.7958.1000 (SCCM.130911-1354)
Microsoft Corporation 2/6/2015 7:59:18 AM
NT AUTHORITY\SYSTEM
CcmExec
A
2/6/2015 10:13:50 AM
CcmExec.exe
5760
UDP
61937
127.0.0.1
C:\WINDOWS\CCM\CcmExec.exe
System Center 2012 Configuration Manager
Host Process for Microsoft Configuration Manager
5.00.7958.1000 (SCCM.130
911-1354)
Microsoft Corporation 2/6/2015 7:59:18 AM
NT AUTHORITY\SYS
TEM
CcmExec A
2/6/2015 10:13:50 AM
chrome.exe
4400
TCP
52333
10.104.16.13
443
https
216.58.216.68 ord30s21-in-f4.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
52347
10.104.16.13
443
https
199.16.156.21
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52427
10.104.16.13
443
https
74.125.228.6
iad23s05-in-f6.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
52426
10.104.16.13
80
http
23.235.46.130
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52245
10.104.16.13
443
https
74.125.228.14 iad23s05-in-f14.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
51830
10.104.16.13
443
https
173.194.68.189 qa-in-f189.1e100.net
Established
C:\Program Files (x86)\G
oogle\Chrome\Application\chrome.exe
Google Chrome Google Chrome 38.0.212
5.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP network con
nections on Windows - Google Chrome
chrome.exe
4400
TCP
52419
10.104.16.13
80
http
8.21.198.139
alb54.clearspring.com Established
C:\Program Files (x86)\G
oogle\Chrome\Application\chrome.exe
Google Chrome Google Chrome 38.0.212
5.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP network con
nections on Windows - Google Chrome
chrome.exe
4400
TCP
50920
10.104.16.13
443
https
173.194.204.188
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52413
10.104.16.13
80
http
74.125.228.24 iad23s05-in-f24.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
chrome.exe
4400
TCP
52411
10.104.16.13
80
http
23.235.39.184
Established
C:\Program Files (x86)\Google\Chrome\App
lication\chrome.exe
Google Chrome Google Chrome 38.0.2125.104 Google I
nc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
CurrPorts: Monitoring TCP/IP network connections on Wind
ows - Google Chrome
chrome.exe
4400
TCP
52409
10.104.16.13
80
http
50.22.232.74
50.22.232.74-static.reverse.softlayer.com
Established
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Google Chrome
Google Chrome 38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrod
gers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monit
oring TCP/IP network connections on Windows - Google Chrome
chrome.exe
4400
TCP
52392
10.104.16.13
443
https
198.252.206.149 stackoverflow.com
Established
C:\Program Files (x86)\G
oogle\Chrome\Application\chrome.exe
Google Chrome Google Chrome 38.0.212
5.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP network con
nections on Windows - Google Chrome
chrome.exe
4400
TCP
52417
10.104.16.13
80
http
74.125.228.5
iad23s05-in-f5.1e100.net
Established
C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
Google Chrome Google Chrome
38.0.2125.104 Google Inc.
2/6/2015 7:58:17 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CurrPorts: Monitoring TCP/IP net
work connections on Windows - Google Chrome
CmRcService.exe 3172
TCP
2701
sms-rcinfo
::
::
Listening
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe System C
enter 2012 Configuration Manager
Configuration Manager Remote Control Ser
vice
5.00.7958.1401 (hermbld.140904-1713)
Microsoft Corporation 2/6/2015
7:59:23 AM
NT AUTHORITY\SYSTEM
CmRcService
A
2/6/2015 10:13:5
0 AM
CmRcService.exe 3172
TCP
2701
sms-rcinfo
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\CCM\RemCtrl\CmRcService.exe System C
enter 2012 Configuration Manager
Configuration Manager Remote Control Ser
vice
5.00.7958.1401 (hermbld.140904-1713)
Microsoft Corporation 2/6/2015
7:59:23 AM
NT AUTHORITY\SYSTEM
CmRcService
A
2/6/2015 10:13:5
0 AM
communicator.exe
2236
UDP
51941
127.0.0.1
C:\Program Files (x86)\Microsoft Lync\communicator.exe Microsoft Lync 2010
Microsoft Lync 2010
4.0.7577.0 built by: lcs_se_w14_main(rtbldlab) Microsof
t Corporation 2/6/2015 7:58:23 AM
AAG\jrodgers2
A
2/6/2015
10:13:50 AM
Microsoft Lync
communicator.exe
2236
TCP
50641
10.104.16.13
5061
10.50.144.228 cvgwp19802.ga.afginc.com
Established
C:\Program Files
(x86)\Microsoft Lync\communicator.exe Microsoft Lync 2010
Microsoft Lync 2
010
4.0.7577.0 built by: lcs_se_w14_main(rtbldlab) Microsoft Corporation
2/6/2015 7:58:23 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Lync
EXCEL.EXE
7320
UDP
62913
127.0.0.1
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
Microsoft Office
2010 Microsoft Excel 14.0.6126.5003 Microsoft Corporation 2/6/2015 8:23:37
AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Excel - Installed Applications (Master List)
FrameworkService.exe
1428
TCP
8081
::
::
Listening
C:\Program Files (x86)\McAfee\Common Framework\F
rameworkService.exe
McAfee Agent
Framework Service
4.8.0.887
McAfee, Inc.
2/6/2015 7:57:04 AM
NT AUTHORITY\SYSTEM
McAfeeFramework
A
2/6/2015 10:13:50 AM
FrameworkService.exe
1428
TCP
8081
0.0.0.0
0.0.0.0
Listening
C:\Program Files (x86)\McAfee\Common Framework\F
rameworkService.exe
McAfee Agent
Framework Service
4.8.0.887
McAfee, Inc.
2/6/2015 7:57:04 AM
NT AUTHORITY\SYSTEM
McAfeeFramework
A
2/6/2015 10:13:50 AM
iexplore.exe
11056 UDP
59043
127.0.0.1
C:\Program Files (x86)\Internet Explorer\iexplore.exe Windows Internet Explorer
Internet Explorer
8.00.7600.16385 (win7_rtm.090713-1255) Microsoft Corpor
ation 2/6/2015 9:29:41 AM
AAG\jrodgers2
A
2/6/2015 10:13:5
0 AM
LpSystemsMonitorService.exe
1988
TCP
65329
0.0.0.0
0.0.0.0
Listening
C:\Program Files\GAFRI\LpsystemMonitorServiceV1\
LpSystemsMonitorService.exe
LpSystemsMonitorService LpSystemsMonitorService
1.0.0.0 GAFRI 2/6/2015 7:57:03 AM
NT AUTHORITY\SYSTEM
LpSystemsMonitor
Service A
2/6/2015 10:13:50 AM
LpSystemsMonitorService.exe
1988
TCP
65329
::
::
Listening
C:\Program Files\GAFRI\LpsystemMonitorServiceV1\
LpSystemsMonitorService.exe
LpSystemsMonitorService LpSystemsMonitorService
1.0.0.0 GAFRI 2/6/2015 7:57:03 AM
NT AUTHORITY\SYSTEM
LpSystemsMonitor
Service A
2/6/2015 10:13:50 AM
lsass.exe
788
TCP
49155
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\lsass.exe Microsoft Windows Operating System
Local Security Authority Process
6.1.7601.18443 (win7sp1_gdr.140411-1533)
Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
KeyIso,
Netlogon, ProtectedStorage, SamSs
A
2/6/2015 10:13:50 AM
lsass.exe
788
UDP
65368
127.0.0.1
C:\WINDOWS\system32\lsass.exe Microsoft Windows Operating System
Local Se
curity Authority Process
6.1.7601.18443 (win7sp1_gdr.140411-1533)
Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
KeyIso,
Netlogon, ProtectedStorage, SamSs
A
2/6/2015 10:13:50 AM
lsass.exe
788
TCP
49155
::
::
Listening
C:\WINDOWS\system32\lsass.exe Microsoft Windows Operating System
Local Security Authority Process
6.1.7601.18443 (win7sp1_gdr.140411-1533)
Microsoft Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
KeyIso,
Netlogon, ProtectedStorage, SamSs
A
2/6/2015 10:13:50 AM
msaccess.exe
6368
TCP
52212
10.104.16.13
80
http
137.117.85.146
Close Wait
c:\program files (x86)\microsoft office\
office14\msaccess.exe Microsoft Office 2010 Microsoft Access
14.0.602
4.1000 Microsoft Corporation 2/6/2015 9:47:59 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Access - HyenaDB : Dat
abase (Access 2007 - 2010)
msaccess.exe
6368
TCP
52211
10.104.16.13
80
http
137.116.64.35
Close Wait
c:\program files (x86)\microsoft office\
office14\msaccess.exe Microsoft Office 2010 Microsoft Access
14.0.602
4.1000 Microsoft Corporation 2/6/2015 9:47:59 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Microsoft Access - HyenaDB : Dat
abase (Access 2007 - 2010)
mstsc.exe
6624
TCP
52401
10.104.16.13
443
https
10.50.16.64
cinrdpgw01.aag.gfrinc.net
Established
C:\WINDOWS\syste
m32\mstsc.exe Microsoft Windows Operating System
Remote Desktop Connectio
n
6.3.9600.16415 (winblue_gdr_oob.131001-0952)
Microsoft Corporation
2/6/2015 10:08:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
CINAPP106D - Remote Desktop Connection
mstsc.exe
6624
TCP
52400
10.104.16.13
443
https
10.50.16.64
cinrdpgw01.aag.gfrinc.net
Established
C:\WINDOWS\syste
m32\mstsc.exe Microsoft Windows Operating System
Remote Desktop Connectio
n
6.3.9600.16415 (winblue_gdr_oob.131001-0952)
Microsoft Corporation
2/6/2015 10:08:55 AM
AAG\jrodgers2
A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52377
10.104.16.13
80
http
103.31.6
.36
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52338
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52421
10.104.16.13
80
http
8.21.198
.139
alb54.clearspring.com Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52376
10.104.16.13
80
http
190.93.2
46.58
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52391
10.104.16.13
80
http
190.93.2
47.58
Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52340
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52344
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52343
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52342
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52341
10.104.16.13
80
http
92.53.24
1.180 orion-sysinternals.webwiz.co.uk Time Wait
N/A
2/6/2015 10:13:50 AM
Unknown 0
TCP
52420
10.104.16.13
80
http
8.21.198
.139
alb54.clearspring.com Time Wait
N/A
2/6/2015 10:13:50 AM
vpnagent.exe
1388
TCP
62522
127.0.0.1
49157
127.0.0.1
GFR-CVG-0012098.ga.afginc.com Established
C:\Program Files
(x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
Cisco An
yConnect Secure Mobility Client VPN Agent Service
3, 0, 5080
Cisco Sy
stems, Inc.
2/6/2015 7:57:01 AM
NT AUTHORITY\SYSTEM
vpnagent
A
2/6/2015 10:13:50 AM
vpnagent.exe
1388
TCP
62522
127.0.0.1
0.0.0.0
Listening
C:\Program Files (x86)\Cisco\Cisco AnyConnect Se
cure Mobility Client\vpnagent.exe
Cisco AnyConnect Secure Mobility Client
VPN Agent Service
3, 0, 5080
Cisco Systems, Inc.
2/6/2015 7:57:01
AM
NT AUTHORITY\SYSTEM
vpnagent
A
2/6/2015 10:13:50 AM
vpnui.exe
4544
TCP
49157
127.0.0.1
62522
127.0.0.1
GFR-CVG-0012098.ga.afginc.com Established
C:\Program Files
(x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe Cisco AnyConnect
Secure Mobility Client Cisco AnyConnect User Interface 3, 0, 5080
Cisco Sy
stems, Inc.
2/6/2015 7:58:23 AM
AAG\jrodgers2
A
2/6/2015
10:13:50 AM
wininit.exe
708
TCP
49152
0.0.0.0
0.0.0.0
Listening
C:\WINDOWS\system32\wininit.exe Microsoft Windows Operating System
Windows Start-Up Application
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
A
2/6/2015 10:13:50 AM
wininit.exe
708
TCP
49152
::
::
Listening
C:\WINDOWS\system32\wininit.exe Microsoft Windows Operating System
Windows Start-Up Application
6.1.7600.16385 (win7_rtm.090713-1255) Microsof
t Corporation 2/6/2015 7:56:53 AM
NT AUTHORITY\SYSTEM
A
2/6/2015 10:13:50 AM
wmiprvse.exe
2492
UDP
49865
127.0.0.1
C:\WINDOWS\system32\wbem\wmiprvse.exe Microsoft Windows Operating System
WMI Provider Host
6.2.9200.16398 (win8_gdr_oobssr.120820-1900)
Microsof
t Corporation 2/6/2015 7:57:09 AM
NT AUTHORITY\NETWORK SERVICE
A
2/6/2015 10:13:50 AM