SHARE
TWEET

Untitled

a guest Jan 24th, 2020 75 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. DateTime,RequestId,MajorVersion,MinorVersion,BuildVersion,RevisionVersion,Ring,ClientRequestId,AuthenticationType,IsAuthenticated,AuthenticatedUser,Organization,UserAgent,VersionInfo,ClientIpAddress,ServerHostName,FrontEndServer,SoapAction,HttpStatus,RequestSize,ResponseSize,ErrorCode,ImpersonatedUser,ProxyAsUser,ActAsUser,Cookie,CorrelationGuid,PrimaryOrProxyServer,TaskType,RemoteBackendCount,LocalMailboxCount,RemoteMailboxCount,LocalIdCount,RemoteIdCount,BeginBudgetConnections,EndBudgetConnections,BeginBudgetHangingConnections,EndBudgetHangingConnections,BeginBudgetAD,EndBudgetAD,BeginBudgetCAS,EndBudgetCAS,BeginBudgetRPC,EndBudgetRPC,BeginBudgetFindCount,EndBudgetFindCount,BeginBudgetSubscriptions,EndBudgetSubscriptions,MDBResource,MDBHealth,MDBHistoricalLoad,ThrottlingPolicy,ThrottlingDelay,ThrottlingRequestType,TotalDCRequestCount,TotalDCRequestLatency,TotalMBXRequestCount,TotalMBXRequestLatency,RecipientLookupLatency,ExchangePrincipalLatency,HttpPipelineLatency,CheckAccessCoreLatency,AuthModuleLatency,CallContextInitLatency,PreExecutionLatency,CoreExecutionLatency,TotalRequestTime,DetailedExchangePrincipalLatency,ClientStatistics,GenericInfo,AuthenticationErrors,GenericErrors,Puid,StartTime,ProcessId,TimeInGC,StartTotalMemory,EndTotalMemory,StartGCCounts,EndGCCounts,TokenBasedThrottlingPolicy,BudgetKey,CoinsCharged,CoinsChargedMethod,SidBudgetInfo,AppBudgetInfo,TenantBudgetInfo,ResourceAccessed,ResourceHealthBasedThreshold,ThrottledBy,BackoffHint,WorkClassification
  2. #Software: Microsoft Exchange Server
  3. #Version: 15.01.1591.008
  4. #Log-type: EWS Logs
  5. #Date: 2020-01-25T00:01:33.954Z
  6. #Fields: DateTime,RequestId,MajorVersion,MinorVersion,BuildVersion,RevisionVersion,Ring,ClientRequestId,AuthenticationType,IsAuthenticated,AuthenticatedUser,Organization,UserAgent,VersionInfo,ClientIpAddress,ServerHostName,FrontEndServer,SoapAction,HttpStatus,RequestSize,ResponseSize,ErrorCode,ImpersonatedUser,ProxyAsUser,ActAsUser,Cookie,CorrelationGuid,PrimaryOrProxyServer,TaskType,RemoteBackendCount,LocalMailboxCount,RemoteMailboxCount,LocalIdCount,RemoteIdCount,BeginBudgetConnections,EndBudgetConnections,BeginBudgetHangingConnections,EndBudgetHangingConnections,BeginBudgetAD,EndBudgetAD,BeginBudgetCAS,EndBudgetCAS,BeginBudgetRPC,EndBudgetRPC,BeginBudgetFindCount,EndBudgetFindCount,BeginBudgetSubscriptions,EndBudgetSubscriptions,MDBResource,MDBHealth,MDBHistoricalLoad,ThrottlingPolicy,ThrottlingDelay,ThrottlingRequestType,TotalDCRequestCount,TotalDCRequestLatency,TotalMBXRequestCount,TotalMBXRequestLatency,RecipientLookupLatency,ExchangePrincipalLatency,HttpPipelineLatency,CheckAccessCoreLatency,AuthModuleLatency,CallContextInitLatency,PreExecutionLatency,CoreExecutionLatency,TotalRequestTime,DetailedExchangePrincipalLatency,ClientStatistics,GenericInfo,AuthenticationErrors,GenericErrors,Puid,StartTime,ProcessId,TimeInGC,StartTotalMemory,EndTotalMemory,StartGCCounts,EndGCCounts,TokenBasedThrottlingPolicy,BudgetKey,CoinsCharged,CoinsChargedMethod,SidBudgetInfo,AppBudgetInfo,TenantBudgetInfo,ResourceAccessed,ResourceHealthBasedThreshold,ThrottledBy,BackoffHint,WorkClassification
  7. 2020-01-25T00:01:33.954Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,,false,,,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;,fe80::9d06:ac4b:ecd0:8d76%12,EXCHANGE-DC5,,,401,915,,,,,,e37ea9c564054861b72f4f47da4cb7eb,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;cpn=RUM_ABR/RUM_ABRC/ABR/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/0/0/1/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:AspDispatchLatency.EndRequest=0;Dbl:WLM.TS=0,,,,2020-01-25T00:01:33.954Z,4676,,169963360,170119008,23_9_3,23_9_3,,,,,,,,,,,,
  8. 2020-01-25T00:01:33.970Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,Negotiate,false,,,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;,172.17.129.7,EXCHANGE-DC5,,,401,0,,,,,,a02604f9483746d0a5cec92ec0024fff,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;cpn=RUM_ABR/RUM_ABRC/ABR/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/0/0/0/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:AspDispatchLatency.EndRequest=0;Dbl:WLM.TS=0,,,,2020-01-25T00:01:33.970Z,4676,,170315664,170323856,23_9_3,23_9_3,,,,,,,,,,,,
  9. 2020-01-25T00:01:34.079Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,Negotiate,true,NT AUTHORITY\NETWORK SERVICE,evilcorp.com,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.7,EXCHANGE-DC5,,GetFolder,200,915,,,SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}@evilcorp.com,,,336a6f7416b04c0b94cdf2ccaf3e40e0,f6b4ee31-e9b1-4dfc-96ca-ad27e31b1be5,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,7,0,4,,2,6,,3,25,25,65,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=0;RequestHandler=Wcf;GetHandler_End=1;TotalBERehydrationModuleLatency=0;CSCWILatency=0;ADIdentityCache=Miss;CSCWILatency=0;AuthzFlags=AuthzSkipTokenGroups;CSCMissLatency=1;BudgetType=2;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/26/52/60/65/65/65/65/65/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:ADRS.InclI=1;S:AspDispatchLatency.BeginRequest=0;S:cmv=10;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:ServiceTaskMetadata.ServiceCommandBegin=26;S:ServiceTaskMetadata.ServiceCommandEnd=52;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=65;I32:ADS.C[exchange-dc5]=2;F:ADS.AL[exchange-dc5]=2.002445;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=5226;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=288;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=5;I32:ADR.C[exchange-dc5]=2;F:ADR.AL[exchange-dc5]=0.8086157;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=3;Dbl:CCpu.T[CMD]=31.25;I32:ATE.C[exchange-dc5.evilcorp.com]=3;F:ATE.AL[exchange-dc5.evilcorp.com]=0;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=5;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=0.6;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=4;I32:VCGS.C[EXCHANGE-DC5]=2;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:BudgUse.T[]=46.875599861145,,,,2020-01-25T00:01:34.017Z,4676,,170356624,172996992,23_9_3,23_9_3,,,,,,,,,,,,
  10. 2020-01-25T00:01:34.564Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,Negotiate,false,,,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;,fe80::9d06:ac4b:ecd0:8d76%12,EXCHANGE-DC5,,,401,0,,,,,,2a98b8017d324db18c2d3559f4c71e0c,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;cpn=RUM_ABR/RUM_ABRC/ABR/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/0/0/0/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:AspDispatchLatency.EndRequest=0;Dbl:WLM.TS=0,,,,2020-01-25T00:01:34.564Z,4676,,173062528,173070720,23_9_3,23_9_3,,,,,,,,,,,,
  11. 2020-01-25T00:01:34.579Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,Negotiate,true,NT AUTHORITY\NETWORK SERVICE,evilcorp.com,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;Req=Exchange2013/Exchange2013;,fe80::9d06:ac4b:ecd0:8d76%12,EXCHANGE-DC5,,GetFolder,200,909,,,SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}@evilcorp.com,,,e080580a28de444cbfc9273f13903f0a,532001c5-ded6-4175-907f-b6f3f015beea,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,1,0,,3,8,2,15,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=0;RequestHandler=Wcf;GetHandler_End=0;TotalBERehydrationModuleLatency=0;CSCWILatency=0;CSCWILatency=0;AuthzFlags=AuthzSkipTokenGroups;CSCMissLatency=2;BudgetType=2;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/8/11/11/15/15/15/15/15/;MailboxTypeCacheSize=0;S:ADRS.InclI=1;S:AspDispatchLatency.BeginRequest=0;S:cmn=ID_CDFMS.T;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:ServiceTaskMetadata.ServiceCommandBegin=8;S:ServiceTaskMetadata.ServiceCommandEnd=10;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=15;I32:ATE.C[exchange-dc5.evilcorp.com]=2;F:ATE.AL[exchange-dc5.evilcorp.com]=0;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1052;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:ADR.C[exchange-dc5]=2;F:ADR.AL[exchange-dc5]=0.9334321;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:01:34.564Z,4676,,173103488,174348400,23_9_3,23_9_3,,,,,,,,,,,,
  12. 2020-01-25T00:01:34.673Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,Negotiate,false,,,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;,172.17.129.7,EXCHANGE-DC5,,,401,0,,,,,,535e8a25d2804439af31fbca2e50eaeb,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;cpn=RUM_ABR/RUM_ABRC/ABR/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/0/0/0/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:AspDispatchLatency.EndRequest=0;Dbl:WLM.TS=0,,,,2020-01-25T00:01:34.673Z,4676,,174405744,174413936,23_9_3,23_9_3,,,,,,,,,,,,
  13. 2020-01-25T00:01:38.095Z,e3c3af97-9435-4129-a8e7-2bad6c7a9f55,15,1,1591,10,Unknown,,Negotiate,true,NT AUTHORITY\NETWORK SERVICE,evilcorp.com,ExchangeInternalEwsClient-AuditLog-ComplianceAuditService-AdminAuditWriter,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.7,EXCHANGE-DC5,,CreateItem,200,2085,,,SystemMailbox{e0dc1c29-89c3-4034-b678-e6c29d823ed9}@evilcorp.com,,,635902b43aa04c7e9393f6b74c9d741c,772ba73e-7f07-4f76-99c7-c448df0f15e8,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],2,10,11,265,,,1,0,,3,1085,2133,3424,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=0;RequestHandler=Wcf;GetHandler_End=1;TotalBERehydrationModuleLatency=0;CSCWILatency=0;CSCWILatency=0;AuthzFlags=AuthzSkipTokenGroups;CSCMissLatency=2;BudgetType=2;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/0/1086/3219/3291/3424/3424/3424/3424/3424/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:CUI.MD=SaveOnly;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:CUI.TNR=1;S:ADRS.ExclI=1;S:CUI.TBS=515;S:ADRS.Check=00;S:CUI.TNM=1;S:ServiceTaskMetadata.WatsonReportCount=0;S:ServiceTaskMetadata.ServiceCommandBegin=1086;S:ServiceTaskMetadata.ServiceCommandEnd=3219;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;S:CUI.ACT=MessageType;S:CUI.LIRL=0;S:CUI.LICL=0;Dbl:WLM.TS=3424;Dbl:MBMC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MBLB.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=29562;I32:ADS.C[exchange-dc5]=1;F:ADS.AL[exchange-dc5]=10.1924;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=8536;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=24;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=276;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=11;I32:ADR.C[exchange-dc5]=3;F:ADR.AL[exchange-dc5]=0.8191239;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=286;Dbl:CCpu.T[CMD]=1046.875;I32:ATE.C[exchange-dc5.evilcorp.com]=4;F:ATE.AL[exchange-dc5.evilcorp.com]=0.25;Dbl:STCPU.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=46;I32:STPR.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=8;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=11;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=26;Dbl:ST.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=181;I32:VCGS.C[EXCHANGE-DC5]=3;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=286;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:BudgUse.T[]=2140.63256835938,,,,2020-01-25T00:01:34.673Z,4676,,174454896,180426136,23_9_3,26_11_3,,,,,,,,,,,,
  14. 2020-01-25T00:03:38.501Z,8216e02d-5316-4ead-a947-37d0d6c708b8,15,1,1591,10,Unknown,,,false,,,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;,::1,EXCHANGE-DC5,,,401,666,,,,,,905590ace3904165ae6ef0da8e8381db,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;cpn=RUM_ABR/RUM_ABRC/ABR/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/1/1/1/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:AspDispatchLatency.EndRequest=0;Dbl:WLM.TS=0,,,,2020-01-25T00:03:38.486Z,4676,,214050816,214206464,31_12_3,31_12_3,,,,,,,,,,,,
  15. 2020-01-25T00:03:40.345Z,60e3d607-f06b-4fd9-aed1-180c9ad6cb98,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,127.0.0.1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,905590ace3904165ae6ef0da8e8381db,7761d4a3-aa26-431c-a085-f381863928a0,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,33,1031,4,7,32,5,,12,60,1137,1467,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=30;RequestHandler=Wcf;GetHandler_End=31;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=29;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/30/60/1198/1199/1467/1467/1467/1467/1467/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=1137;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299578.1;S:ServiceTaskMetadata.ServiceCommandBegin=60;S:ServiceTaskMetadata.ServiceCommandEnd=1198;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=1467;Dbl:CCpu.T[CMD]=31.25;I32:RPCDB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=26;F:RPCDB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1033;I32:RPCSVR.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=26;F:RPCSVR.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MBLB.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=147;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=38413;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=290;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=28;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1033;I32:VCGS.C[EXCHANGE-DC5]=3;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=978;I32:ADS.C[exchange-dc5]=5;F:ADS.AL[exchange-dc5]=1.214846;I32:ADR.C[exchange-dc5]=2;F:ADR.AL[exchange-dc5]=0.8934498;Dbl:STCPU.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=108;Dbl:BudgUse.T[]=1125.0009765625;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=28;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=36.89286;Dbl:ST.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=100;I32:ATE.C[exchange-dc5.evilcorp.com]=6;F:ATE.AL[exchange-dc5.evilcorp.com]=0.3333333,,,,2020-01-25T00:03:38.876Z,4676,,214267288,217273856,31_12_3,31_12_3,,,,,,,,,,,,
  16. 2020-01-25T00:06:59.048Z,84e4961b-9f24-490c-85c6-fcbab58d7e22,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600956,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600956;I32:ATE.C[UNINSTR]=18;F:ATE.AL[UNINSTR]=20.5;I32:ADR.C[UNINSTR]=6;F:ADR.AL[UNINSTR]=1.070465;Dbl:ADB.T[UNINSTR]=6;I32:ADS.C[UNINSTR]=18;F:ADS.AL[UNINSTR]=1.407638,,,,,,,,,,,,,,,,,,,,,,
  17. 2020-01-25T00:07:35.757Z,6a3e1d4b-4100-4d4c-bd87-62c14876ff41,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,127.0.0.1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,dcec89432d1943ac890d56dda1cf683e,9c6daf86-4703-4a00-b497-f9c2798f0cfe,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,3,0,,0,7,2,43,,MessageId_0=60e3d607-f06b-4fd9-aed1-180c9ad6cb98;ResponseTime_0=1765;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/8/10/11/43/43/43/43/43/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=8;S:ServiceTaskMetadata.ServiceCommandEnd=10;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=43;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1893;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:07:35.710Z,4676,,219539864,220833208,32_13_3,32_13_3,,,,,,,,,,,,
  18. 2020-01-25T00:11:35.845Z,34b1afd2-0218-47c4-83fd-5c600d53b3fc,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,a6f4d35e70904ccb928602dc3d0ed02b,45338f66-0260-440e-b9f2-ae99cf00fa17,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,3,0,,0,8,2,14,,MessageId_0=6a3e1d4b-4100-4d4c-bd87-62c14876ff41;ResponseTime_0=15;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=2;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/2/9/11/12/14/14/14/14/15/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=9;S:ServiceTaskMetadata.ServiceCommandEnd=11;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=14;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2262;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:11:35.830Z,4676,,223336712,224605464,32_13_3,32_13_3,,,,,,,,,,,,
  19. 2020-01-25T00:11:59.048Z,edf5ba55-4736-496a-af86-acf5304d3c7c,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600007,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600007;I32:ATE.C[UNINSTR]=18;F:ATE.AL[UNINSTR]=0.05555556;I32:ADR.C[UNINSTR]=5;F:ADR.AL[UNINSTR]=0.8490593;I32:ADS.C[UNINSTR]=17;F:ADS.AL[UNINSTR]=0.9053903;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1,,,,,,,,,,,,,,,,,,,,,,
  20. 2020-01-25T00:15:35.921Z,2c919eef-1d24-4be0-b11b-308bedd74eb0,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,570bb3d1a6c248f7979c62555534a62e,bfb3e620-f6f2-40d5-8f82-e542b8ad2aee,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,2,14,,0,21,2,28,,MessageId_0=34b1afd2-0218-47c4-83fd-5c600d53b3fc;ResponseTime_0=31;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=1;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/22/24/25/28/28/28/28/28/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=22;S:ServiceTaskMetadata.ServiceCommandEnd=24;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=28;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2574;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:15:35.890Z,4676,,227509440,214822048,32_13_3,33_13_3,,,,,,,,,,,,
  21. 2020-01-25T00:16:59.050Z,7bc0ad23-e2e1-4c42-9319-019bcf560de4,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,599971,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=599971;I32:ADR.C[UNINSTR]=1;F:ADR.AL[UNINSTR]=0.9513729;I32:ADS.C[UNINSTR]=3;F:ADS.AL[UNINSTR]=0.8700414;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1;I32:ATE.C[UNINSTR]=3;F:ATE.AL[UNINSTR]=0,,,,,,,,,,,,,,,,,,,,,,
  22. 2020-01-25T00:19:36.410Z,6ca52185-f92e-4078-b606-6cff51a8d8ce,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,873c543edfc74a5daba80d03918dda3d,25ec52b5-c73c-4d0f-a8fc-35b0ac4bafb0,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,14,20,3,15,,21,43,3,59,,MessageId_0=2c919eef-1d24-4be0-b11b-308bedd74eb0;ResponseTime_0=46;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=2;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/2/47/50/51/59/59/59/59/59/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299992.2;S:ServiceTaskMetadata.ServiceCommandBegin=46;S:ServiceTaskMetadata.ServiceCommandEnd=50;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=59;I32:ADS.C[exchange-dc5]=7;F:ADS.AL[exchange-dc5]=2.169587;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2896;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:ADR.C[exchange-dc5]=2;F:ADR.AL[exchange-dc5]=0.8639758;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:CCpu.T[CMD]=15.625;I32:ATE.C[exchange-dc5.evilcorp.com]=8;F:ATE.AL[exchange-dc5.evilcorp.com]=0.25;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:BudgUse.T[]=15.6239004135132,,,,2020-01-25T00:19:36.348Z,4676,,218407920,221156240,33_13_3,33_13_3,,,,,,,,,,,,
  23. 2020-01-25T00:21:35.265Z,3d10622e-cd57-4e03-be32-2cd9bb37dead,15,1,1591,10,Unknown,,NTLM,true,antonio@evilcorp.com,evilcorp.com,ExchangeServicesClient/0.0.0.0,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.85,EXCHANGE-DC5,EXCHANGE-DC5.EVILCORP.COM,Subscribe,200,946,,,antonio@evilcorp.com,,,a799bf5ce1a94ef8bb1c1166ce4bdc3d,099c6961-97a3-4782-ab4d-739d1753d9e5,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,35,31,4,0,3,5,,0,48,132,193,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;SubscriptionType=Push;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/50/50/52/100/232/239/243/244/244/244/244/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299937.5;S:ServiceTaskMetadata.ServiceCommandBegin=49;S:ServiceTaskMetadata.ServiceCommandEnd=181;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=193;Dbl:MBLB.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=107;I32:ADS.C[exchange-dc5]=1;F:ADS.AL[exchange-dc5]=2.236956;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=86771;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=288;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=20;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=27;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=41;Dbl:CCpu.T[CMD]=78.125;I32:ATE.C[exchange-dc5.evilcorp.com]=1;F:ATE.AL[exchange-dc5.evilcorp.com]=1;Dbl:STCPU.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=15;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=27;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1.518519;Dbl:ST.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=15;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=42;I32:VCGS.C[EXCHANGE-DC5]=2;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:BudgUse.T[]=140.65299987793,,,,2020-01-25T00:21:35.015Z,4676,,224179480,226547840,33_13_3,33_13_3,,,,,,,,,,,,
  24. 2020-01-25T00:21:59.063Z,61a9fd8a-a4c1-4c8a-b025-270bd9cdda76,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600016,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600016;I32:ADS.C[UNINSTR]=2;F:ADS.AL[UNINSTR]=0.8316823;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1,,,,,,,,,,,,,,,,,,,,,,
  25. 2020-01-25T00:23:36.271Z,f47af63e-2ac0-4ac0-ac13-804fc7a45f95,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,127.0.0.1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,c861bc48478e425fab574537faea6a9f,94984387-ee6b-4889-8bc9-dbd4eb627102,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,15,,,2,0,,0,6,2,83,,MessageId_0=6ca52185-f92e-4078-b606-6cff51a8d8ce;ResponseTime_0=78;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/18/20/21/83/83/83/83/84/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=18;S:ServiceTaskMetadata.ServiceCommandEnd=20;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=83;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=3935;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:CCpu.T[CMD]=0;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:BudgUse.T[]=15.62380027771,,,,2020-01-25T00:23:36.178Z,4676,,229406376,230675128,33_13_3,33_13_3,,,,,,,,,,,,
  26. 2020-01-25T00:26:59.112Z,c8a259cd-9a49-4432-878e-bf253ee90b1e,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600060,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600060;I32:ATE.C[UNINSTR]=10;F:ATE.AL[UNINSTR]=0.2;I32:ADR.C[UNINSTR]=3;F:ADR.AL[UNINSTR]=0.9342864;I32:ADS.C[UNINSTR]=9;F:ADS.AL[UNINSTR]=2.02554;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1,,,,,,,,,,,,,,,,,,,,,,
  27. 2020-01-25T00:27:36.273Z,7b003735-b2bd-449c-9e01-a0a4f33a584f,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,66a37f0b7b6f47ed9091e89cebbce805,99758a98-2d08-466a-ade8-5b91251a9821,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,3,0,,0,7,2,13,,MessageId_0=f47af63e-2ac0-4ac0-ac13-804fc7a45f95;ResponseTime_0=46;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/8/10/11/13/13/13/13/14/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=7;S:ServiceTaskMetadata.ServiceCommandEnd=10;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=13;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=4756;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:27:36.258Z,4676,,217950544,219243872,34_13_3,34_13_3,,,,,,,,,,,,
  28. 2020-01-25T00:28:39.076Z,faf96dbc-2b63-4ee4-9a38-8760524da9e1,15,1,1591,10,Unknown,,NTLM,true,antonio@evilcorp.com,evilcorp.com,ExchangeServicesClient/0.0.0.0,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.85,EXCHANGE-DC5,EXCHANGE-DC5.EVILCORP.COM,Subscribe,200,945,,,antonio@evilcorp.com,,,15016eed4dce4dca9835a654fcc4a462,28472955-0034-4886-9956-bfeac5d1e7cd,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,33,15,5,,2,5,,0,11,37,53,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=1;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;SubscriptionType=Push;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/12/49/50/53/53/53/53/54/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299984.4;S:ServiceTaskMetadata.ServiceCommandBegin=11;S:ServiceTaskMetadata.ServiceCommandEnd=49;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=53;Dbl:MBLB.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=159;I32:ADS.C[exchange-dc5]=1;F:ADS.AL[exchange-dc5]=2.92947;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=122001;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=286;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=6;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=25;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=23;Dbl:CCpu.T[CMD]=15.625;I32:ATE.C[exchange-dc5.evilcorp.com]=1;F:ATE.AL[exchange-dc5.evilcorp.com]=1;Dbl:STCPU.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=15;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=25;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=0.92;Dbl:ST.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=5;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=23;I32:VCGS.C[EXCHANGE-DC5]=2;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:BudgUse.T[]=31.2399997711182,,,,2020-01-25T00:28:39.029Z,4676,,220224088,222647136,34_13_3,34_13_3,,,,,,,,,,,,
  29. 2020-01-25T00:28:41.639Z,60799b69-ea62-4e84-9bb9-0fb9f887b673,15,1,1591,10,Unknown,,NTLM,true,antonio@evilcorp.com,evilcorp.com,ExchangeServicesClient/0.0.0.0,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.85,EXCHANGE-DC5,EXCHANGE-DC5.EVILCORP.COM,Subscribe,200,945,,,antonio@evilcorp.com,,,e0977765a5494474914ec7ecbd09a505,93bbc296-9828-46ca-a329-7a28917c843f,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,1,0,,0,5,1,9,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=0;RequestHandler=Wcf;GetHandler_End=1;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;SubscriptionType=Push;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/6/7/7/9/9/9/9/9/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=5;S:ServiceTaskMetadata.ServiceCommandEnd=6;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=9;Dbl:CCpu.T[CMD]=0,,,,2020-01-25T00:28:41.623Z,4676,,222998288,224103936,34_13_3,34_13_3,,,,,,,,,,,,
  30. 2020-01-25T00:28:47.059Z,d862cfa1-1788-4b80-addd-9aaa717d0a39,15,1,1591,10,Unknown,,NTLM,true,antonio@evilcorp.com,evilcorp.com,ExchangeServicesClient/0.0.0.0,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.85,EXCHANGE-DC5,EXCHANGE-DC5.EVILCORP.COM,Subscribe,200,945,,,antonio@evilcorp.com,,,f5de2d87c32b46f1b38f814218cd9399,71a19007-73fd-4d89-8692-620d29de16bb,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,2,0,,0,5,1,9,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=1;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;SubscriptionType=Push;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/5/6/7/9/9/9/9/9/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=5;S:ServiceTaskMetadata.ServiceCommandEnd=6;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=9;Dbl:CCpu.T[CMD]=0,,,,2020-01-25T00:28:47.043Z,4676,,224471472,225585312,34_13_3,34_13_3,,,,,,,,,,,,
  31. 2020-01-25T00:31:36.456Z,16cfd8fb-b16b-4aa2-85a5-b91dd631f2a7,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,796aebace47c48e29825004848ee8050,9ae2c3a5-059d-45e9-bd1f-99cd9111feee,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,2,0,,0,6,2,14,,MessageId_0=7b003735-b2bd-449c-9e01-a0a4f33a584f;ResponseTime_0=15;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/7/9/10/14/14/14/14/14/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=7;S:ServiceTaskMetadata.ServiceCommandEnd=9;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=14;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=6557;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:31:36.440Z,4676,,239666872,240952008,35_13_3,35_13_3,,,,,,,,,,,,
  32. 2020-01-25T00:31:59.102Z,2d4c7763-31f7-4c39-b2cf-073f59bf8436,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600037,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600037;I32:ADR.C[UNINSTR]=4;F:ADR.AL[UNINSTR]=0.8016956;I32:ADS.C[UNINSTR]=15;F:ADS.AL[UNINSTR]=1.171446;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1;I32:ATE.C[UNINSTR]=15;F:ATE.AL[UNINSTR]=0.1333333,,,,,,,,,,,,,,,,,,,,,,
  33. 2020-01-25T00:35:36.643Z,52f00919-9ff5-46a6-a5e3-af10d2e32a6e,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,2ef92b92ef0f4137911c3c7195be994b,3dc6ae8d-893b-4a1b-a8a4-4886dc2eca4e,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,5,16,2,6,,16,28,2,40,,MessageId_0=16cfd8fb-b16b-4aa2-85a5-b91dd631f2a7;ResponseTime_0=31;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/29/31/33/40/40/40/40/40/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=28;S:ServiceTaskMetadata.ServiceCommandEnd=31;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=40;I32:ADS.C[exchange-dc5]=7;F:ADS.AL[exchange-dc5]=0.9818355;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=6898;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:ADR.C[exchange-dc5]=1;F:ADR.AL[exchange-dc5]=0.8083594;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:CCpu.T[CMD]=0;I32:ATE.C[exchange-dc5.evilcorp.com]=7;F:ATE.AL[exchange-dc5.evilcorp.com]=0.1428571;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:35:36.596Z,4676,,245261600,247895176,35_13_3,35_13_3,,,,,,,,,,,,
  34. 2020-01-25T00:36:59.116Z,2429ffeb-be26-493f-981b-e8cae63af787,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600005,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600005;I32:ADS.C[UNINSTR]=2;F:ADS.AL[UNINSTR]=1.480882;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1,,,,,,,,,,,,,,,,,,,,,,
  35. 2020-01-25T00:39:36.850Z,ee595ab7-f333-42a4-9889-fd0219278e39,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,7de4fd46d35948668df07ae0f74ad07e,e2217f24-db05-4fa7-871c-f9db2320f3c3,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,3,0,,0,7,4,18,,MessageId_0=52f00919-9ff5-46a6-a5e3-af10d2e32a6e;ResponseTime_0=46;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/2/8/12/13/18/18/18/18/18/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=7;S:ServiceTaskMetadata.ServiceCommandEnd=12;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=18;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=7260;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:39:36.834Z,4676,,251882544,253151296,35_13_3,35_13_3,,,,,,,,,,,,
  36. 2020-01-25T00:41:59.154Z,722da2a0-d85b-41fa-83fb-9ad6eec06f07,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600055,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600055;I32:ADR.C[UNINSTR]=2;F:ADR.AL[UNINSTR]=0.787343;I32:ADS.C[UNINSTR]=5;F:ADS.AL[UNINSTR]=0.7764761;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1;I32:ATE.C[UNINSTR]=6;F:ATE.AL[UNINSTR]=0,,,,,,,,,,,,,,,,,,,,,,
  37. 2020-01-25T00:43:36.952Z,13935bb5-c371-4d34-ba93-c4b95d05d63f,15,1,1591,10,Unknown,,Logon,true,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,evilcorp.com,Ews_AM_Probe/Local (ExchangeServicesClient/15.01.1591.008),Target=None;Req=Exchange2010_SP1/Exchange2010_SP1;,::1,EXCHANGE-DC5,,GetFolder,200,666,,,HealthMailbox41c842b629ac437aa3064e1f8deefdcb@evilcorp.com,,,01adec0339da49fb8790bdf2d6972e14,b5f7fe83-ee8c-4c79-a1c8-0fdd7d79d640,PrimaryServer,LocalTask,0,1,0,1,0,,,,,,,,,,,,,,,,,,,,[C],0,0,1,0,,,3,0,,0,6,2,11,,MessageId_0=ee595ab7-f333-42a4-9889-fd0219278e39;ResponseTime_0=31;SoapAction_0=GetFolder;,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;CSCWTI=0;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/1/1/2/8/10/10/12/12/12/12/12/;MailboxTypeCacheSize=0;S:cmn=ID_CDFMS.T;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:cmv=0;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=300000;S:ServiceTaskMetadata.ServiceCommandBegin=6;S:ServiceTaskMetadata.ServiceCommandEnd=9;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.ParticipantResolveLatency=0;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=11;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=7714;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:CCpu.T[CMD]=0;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=1,,,,2020-01-25T00:43:36.937Z,4676,,217957408,219258928,36_14_3,36_14_3,,,,,,,,,,,,
  38. 2020-01-25T00:46:05.474Z,3455f4c3-64da-411a-9359-a9edfd899fbb,15,1,1591,10,Unknown,,NTLM,true,antonio@evilcorp.com,evilcorp.com,ExchangeServicesClient/0.0.0.0,Target=None;Req=Exchange2013/Exchange2013;,172.17.129.85,EXCHANGE-DC5,EXCHANGE-DC5.EVILCORP.COM,Subscribe,200,945,,,antonio@evilcorp.com,,,a39a764c3dea46a7bd5d13d8bb6de13c,cb70d3bd-e2e0-4b61-a86b-249b2559c8d6,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,33,46,7,15,2,8,,16,30,70,104,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;SubscriptionType=Push;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/30/101/102/104/104/104/104/105/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=0;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299976.6;S:ServiceTaskMetadata.ServiceCommandBegin=30;S:ServiceTaskMetadata.ServiceCommandEnd=101;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=0;Dbl:WLM.TS=104;Dbl:MBLB.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=107;I32:ADS.C[exchange-dc5]=6;F:ADS.AL[exchange-dc5]=1.340858;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=201651;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=286;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=37;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=25;I32:ADR.C[exchange-dc5]=1;F:ADR.AL[exchange-dc5]=0.8001579;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=55;Dbl:CCpu.T[CMD]=15.625;I32:ATE.C[exchange-dc5.evilcorp.com]=6;F:ATE.AL[exchange-dc5.evilcorp.com]=0.3333333;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=25;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2.2;Dbl:ST.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=29;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=55;I32:VCGS.C[EXCHANGE-DC5]=2;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:BudgUse.T[]=62.4995002746582,,,,2020-01-25T00:46:05.365Z,4676,,103283144,106868688,37_15_4,37_15_4,,,,,,,,,,,,
  39. 2020-01-25T00:46:36.389Z,6d29c51c-46c4-4435-b9ce-0394d9c82325,15,1,1591,10,Unknown,,NTLM,true,NT AUTHORITY\SYSTEM,evilcorp.com,ExchangeServicesClient/0.0.0.0,Target=None;Req=Exchange2016/Exchange2016;,172.17.129.85,EXCHANGE-DC5,EXCHANGE-DC5.EVILCORP.COM,UpdateInboxRules,200,1615,,,ico@evilcorp.com,,ico@evilcorp.com,a89fa4ea10cd4bdbbc6640210f73570f,75ff7eeb-eb0c-47c5-96d6-60042a1f40c2,PrimaryServer,LocalTask,0,0,0,0,0,,,,,,,,,,,,,,,,,,,,[C],0,0,68,249,8,0,3,5,,37,133,665,855,,,SKU=Unknown;App_BeginReq_Start=0;App_BeginReq_End=0;GetHandler_Start=1;RequestHandler=Wcf;GetHandler_End=2;BackEndAuthenticator=WindowsAuthenticator;TotalBERehydrationModuleLatency=0;CSCWTI=0;ADIdentityCache=Miss;CSCWTI=0;CSCMissLatency=0;ADIdentityCache=Miss;cpn=RUM_ABR/RUM_ABRC/ABR/APAR/EWS_CE/EWS_CEC/APSRH/APRHE/RUM_AER/RUM_AERC/AER/AERC/;cpv=0/0/0/1/133/798/804/853/853/853/853/855/;MailboxTypeCacheSize=0;S:AspDispatchLatency.BeginRequest=0;S:ADRS.InclI=1;S:AspDispatchLatency.EndRequest=1;S:ADRS.Check=00;S:ServiceTaskMetadata.WatsonReportCount=0;S:WLM.Bal=299687.5;S:ServiceTaskMetadata.ServiceCommandBegin=133;S:ServiceTaskMetadata.ServiceCommandEnd=798;S:ActivityStandardMetadata.Component=Ews;S:WLM.BT=Ews;S:EwsMetadata.HttpHandlerGetterLatency=1;Dbl:WLM.TS=855;Dbl:MBMC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;Dbl:MBLB.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=33337;I32:ROP.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=376164;I32:ADS.C[exchange-dc5]=3;F:ADS.AL[exchange-dc5]=1.843456;I32:MAPI.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=339;I32:RPC.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=61;Dbl:EXR.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=181;Dbl:RPC.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=375;I32:ADR.C[exchange-dc5]=1;F:ADR.AL[exchange-dc5]=0.9098528;Dbl:CCpu.T[CMD]=109.375;I32:ATE.C[exchange-dc5.evilcorp.com]=3;F:ATE.AL[exchange-dc5.evilcorp.com]=0.6666667;Dbl:STCPU.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=75;I32:STPR.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=2;I32:MB.C[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=61;F:MB.AL[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=6.147541;Dbl:ST.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=176;I32:VCGS.C[EXCHANGE-DC5]=3;Dbl:MAPI.T[exchange-dc5.39bb1067-4707-4acf-a7c8-6ac724f94de2]=376;Dbl:VCGS.T[EXCHANGE-DC5]=0;Dbl:BudgUse.T[]=671.875793457031,,,,2020-01-25T00:46:35.546Z,4676,,108323912,115385384,37_15_4,37_15_4,,,,,,,,,,,,
  40. 2020-01-25T00:46:59.169Z,2a5d5ac4-0fc3-4e78-9e34-2eaa8c8fa9ff,15,1,1591,10,,,,,,,,,,EXCHANGE-DC5,,GlobalActivity,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,600051,,,MailboxTypeCacheSize=0;Dbl:WLM.TS=600051;I32:ADR.C[UNINSTR]=4;F:ADR.AL[UNINSTR]=0.7750408;I32:ADS.C[UNINSTR]=10;F:ADS.AL[UNINSTR]=0.9200022;Dbl:VCGS.T[MISSED]=0;I32:VCGS.C[MISSED]=1;I32:ATE.C[UNINSTR]=11;F:ATE.AL[UNINSTR]=0.09090909,,,,,,,,,,,,,,,,,,,,,,
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top