[collector:] client ino-rut-fp01.powershell powershell XymonPS [date] Wed 10 Dec 16:43:22 2025 [clock] epoch: 1765345403 local: Wed 10 Dec 16:43:22 2025 UTC: Wed 10 Dec 05:43:22 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 5 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0074584s Root Dispersion: 2.1175994s ReferenceId: 0x0A023F2F (source IP: 10.2.63.47) Last Successful Sync Time: 10/12/2025 4:41:35 PM Source: INO-RUT-DC02.inside.inoxihp.com.au Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter (build 20348) [cpu] up: 0 days, 0 users, 113 procs, load=7.16% CPU states: total 7.16% cores: 4 CPU PID Image Name Pri Time MemUsage 5.6% 8452 SVC:IDriveService 8 00:11:27 594768k 0.3% 1256 SVC:EventLog 8 00:01:02 43920k 0.3% 3424 SVC:WinDefend 8 00:03:32 259992k 0.2% 5600 SVC:wuauserv 8 00:00:02 41308k 0.2% 2832 SVC:BASupportExpressStandalone 13 00:00:37 27984k 0.2% 4448 powershell 8 00:00:37 83580k 0.2% 4 System 8 00:00:50 144k 0.1% 3020 SVC:Mesh Agent 8 00:00:25 63512k 0.0% 2952 SVC:LTService 8 00:00:15 27376k 0.0% 3272 SVC:Winmgmt 8 00:00:11 29324k 0.0% 4672 WmiPrvSE 8 00:00:07 28036k 0.0% 2312 SVC:sppsvc 8 00:00:00 12612k 0.0% 1208 SVC:Dnscache 8 00:00:01 9740k 0.0% 728 SVC:KeyIso/Netlogon/SamSs 9 00:00:03 23028k 0.0% 7052 SVC:WdNisSvc 8 00:00:01 12780k 0.0% 716 services 9 00:00:03 10348k 0.0% 976 SVC:RpcEptMapper/RpcSs 8 00:00:02 11248k 0.0% 3212 SVC:TrkWks 8 00:00:00 5984k 0.0% 3220 SVC:UsoSvc 8 00:00:00 12120k 0.0% 3440 SVC:Windows Agent Service 8 00:00:41 257848k 0.0% 3452 SVC:WpnService 8 00:00:00 11140k 0.0% 3636 SVC:VeeamEndpointBackupSvc 8 00:00:00 74540k 0.0% 3432 SVC:WinRM 8 00:00:00 13300k 0.0% 2824 SVC:DHCPServer 8 00:00:00 53956k 0.0% 2848 SVC:DiagTrack 8 00:00:01 30808k 0.0% 2916 SVC:HelpDeskService 8 00:00:00 8352k 0.0% 2728 SVC:Backup Service Controller 8 00:00:00 10400k 0.0% 2776 SVC:BASupportExpressSrvcUpdate 8 00:00:02 22760k 0.0% 2788 SVC:CryptSvc 8 00:00:05 19404k 0.0% 3084 SVC:SrmSvc 8 00:00:00 26216k 0.0% 3124 SVC:MSDTC 8 00:00:00 11216k 0.0% 3164 SVC:SysMain 8 00:00:00 6960k 0.0% 2968 SVC:LTSvcMon 8 00:00:00 10440k 0.0% 3000 SVC:LanmanServer 8 00:00:00 12912k 0.0% 3076 SVC:SstpSvc 8 00:00:00 7556k 0.0% 3644 SVC:XymonPSClient 8 00:00:00 6480k 0.0% 6428 conhost 8 00:00:00 10076k 0.0% 6488 SVC:StorSvc 8 00:00:00 14876k 0.0% 7156 BASupSysInf 6 00:00:00 20008k 0.0% 5980 SVC:TrustedInstaller 8 00:00:00 7764k 0.0% 6252 conhost 8 00:00:00 10068k 0.0% 6344 NableSixtyFourBitManager 8 00:00:00 61128k 0.0% 8380 SVC:UALSVC 8 00:00:00 14672k 0.0% 8780 SVC:PcaSvc 8 00:00:00 11440k 0.0% 8880 SVC:SolarWinds.MSP.CacheServic 8 00:00:00 51132k 0.0% 7876 WmiPrvSE 8 00:00:01 14280k 0.0% 8268 SVC:DPS 8 00:00:00 19800k 0.0% 8324 SVC:SolarWinds.MSP.RpcServerSe 8 00:00:03 72912k 0.0% 4332 conhost 6 00:00:00 10176k 0.0% 4476 conhost 8 00:00:00 13128k 0.0% 4684 AggregatorHost 8 00:00:00 7660k 0.0% 3956 SVC:RasMan 8 00:00:00 13424k 0.0% 3980 SVC:VeeamTransportSvc 8 00:00:00 10880k 0.0% 3992 SVC:VeeamDeploySvc 8 00:00:00 14104k 0.0% 5228 conhost 8 00:00:00 10024k 0.0% 5248 SVC:PME.Agent.PmeService 8 00:00:00 31600k 0.0% 5796 NableReactiveManagement 8 00:00:00 45576k 0.0% 4728 SVC:StateRepository 8 00:00:00 10812k 0.0% 4772 Veeam.Guest.Interaction.Proxy 8 00:00:00 10752k 0.0% 5048 BackupFP 8 00:01:08 245116k 0.0% 992 SVC:W32Time 8 00:00:00 8680k 0.0% 1016 SVC:LSM 8 00:00:00 9556k 0.0% 1036 SVC:NcbService 8 00:00:00 8596k 0.0% 860 SVC:BrokerInfrastructure/DcomL 8 00:00:00 14676k 0.0% 896 fontdrvhost 8 00:00:00 3576k 0.0% 904 fontdrvhost 8 00:00:00 3432k 0.0% 1048 SVC:TimeBrokerSvc 8 00:00:00 6304k 0.0% 1272 dwm 13 00:00:00 44964k 0.0% 1384 SVC:BFE/mpssvc 8 00:00:00 19420k 0.0% 1452 SVC:ScreenConnect Client (69e7 8 00:00:00 39192k 0.0% 1128 SVC:ShellHWDetection 8 00:00:00 8980k 0.0% 1144 SVC:Dhcp 8 00:00:00 8124k 0.0% 1192 LogonUI 13 00:00:00 48868k 0.0% 444 SVC:nsi 8 00:00:00 8004k 0.0% 484 csrss 13 00:00:00 6644k 0.0% 528 SVC:TermService 8 00:00:00 13304k 0.0% 0 Idle 0 8k 0.0% 124 Registry 8 00:00:01 22788k 0.0% 380 smss 11 00:00:00 1300k 0.0% 572 wininit 13 00:00:00 7252k 0.0% 768 WmiPrvSE 8 00:00:02 20016k 0.0% 804 SVC:CDPSvc 8 00:00:00 11924k 0.0% 832 SVC:Windows Agent Maintenance 8 00:00:00 32224k 0.0% 580 csrss 13 00:00:00 5964k 0.0% 644 winlogon 13 00:00:00 10096k 0.0% 760 SVC:lmhosts 8 00:00:00 5700k 0.0% 1484 SVC:NlaSvc 8 00:00:00 13740k 0.0% 2188 WmiPrvSE 8 00:00:02 20160k 0.0% 2204 SVC:WSearch 8 00:00:01 22756k 0.0% 2360 SVC:DispBrokerDesktopSvc 8 00:00:00 7340k 0.0% 2036 SVC:LanmanWorkstation 8 00:00:00 10644k 0.0% 2124 SVC:WinHttpAutoProxySvc 8 00:00:00 7944k 0.0% 2132 SVC:SessionEnv 8 00:00:00 10252k 0.0% 2416 SVC:UserManager 8 00:00:00 7872k 0.0% 2604 SVC:Spooler 8 00:00:01 28228k 0.0% 2612 SVC:WdiSystemHost 8 00:00:00 6220k 0.0% 2716 SVC:AutomationManagerAgent 8 00:00:07 106580k 0.0% 2532 SVC:iphlpsvc 8 00:00:00 10776k 0.0% 2580 SVC:PolicyAgent 8 00:00:00 7876k 0.0% 2588 SVC:IKEEXT 8 00:00:00 8620k 0.0% 1608 SVC:Themes 8 00:00:00 6060k 0.0% 1616 SVC:EventSystem 8 00:00:00 8344k 0.0% 1624 SVC:FontCache 8 00:00:00 7304k 0.0% 1556 SVC:gpsvc 8 00:00:00 11608k 0.0% 1572 SVC:UmRdpService 8 00:00:00 6928k 0.0% 1600 SVC:ProfSvc 8 00:00:00 6912k 0.0% 1776 TiWorker 8 00:00:00 13176k 0.0% 1860 SVC:SENS 8 00:00:00 9444k 0.0% 1872 SVC:CertPropSvc 8 00:00:00 6544k 0.0% 2000 SVC:Wcmsvc 8 00:00:00 9216k 0.0% 1796 SVC:netprofm 8 00:00:00 11080k 0.0% 1820 SVC:CoreMessagingRegistrar 8 00:00:00 6252k 0.0% 1840 SVC:Schedule 8 00:00:00 15316k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 209074172 37624216 171449956 18% /FIXED/C:\ 199.39\163.51 D 4194285564 1985908324 2208377240 47% /FIXED/D:\ data 3999.98\2106.07 [memory] memory Total Used physical: 32767 4381 virtual: 4864 0 page: 37631 4132 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 32621 Security Circular 20971520 62215 System Circular 20971520 48643 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 12/10/2025 16:07:40 - [4] - Virtual Disk Service - Service stopped. Information - 12/10/2025 16:06:18 - [98] - Microsoft-Windows-Ntfs - Volume System Reserved (\Device\HarddiskVolumeShadowCopy2) is healthy. No action is needed. Information - 12/10/2025 16:06:18 - [98] - Microsoft-Windows-Ntfs - Volume ?? (\Device\HarddiskVolumeShadowCopy1) is healthy. No action is needed. Information - 12/10/2025 15:55:09 - [16] - Microsoft-Windows-Kernel-General - The access history in hive \??\C:\Users\neweraadmin\NTUSER.DAT was cleared updating 1387 keys and creating 122 modified pages. Information - 12/10/2025 15:55:09 - [16] - Microsoft-Windows-Kernel-General - The access history in hive \??\C:\Users\administrator.INOXIHP\NTUSER.DAT was cleared updating 1041 keys and creating 129 modified pages. [msgs:eventlog_Application] Information - 12/10/2025 16:43:04 - [16394] - Microsoft-Windows-Security-SPP - Offline downlevel migration succeeded. Information - 12/10/2025 16:33:39 - [20] - ScreenConnect - System.Net.Sockets.SocketException (0x80004005): A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 13.70.180.10:8041 at ScreenConnect.ClientNetworkExtensions.ConnectTcpSocket(Uri endPointUri) at ScreenConnect.WindowsClientToolkit.ConnectNetworkConnection(Uri endPointUri, Uri httpProxyUri) at ScreenConnect.SocketEndPointManager.RunThread(ThreadRunContext runContext) Version: 25.6.9.9400 Executable Path: C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 8452 NT AUTHORITY\SYSTEM 594768/1105572 4194304/4194304 590584/1118028 55 1040 5.6 2025-12-10 15:24:29 79 SVC:IDriveService 1256 NT AUTHORITY\LOCAL SERVICE 43920/77080 4194304/4194304 54012/69900 20 1631 0.3 2025-12-10 15:22:26 81 SVC:EventLog 3424 Unknown 259992/1056976 4194304/4194304 595584/1114124 302 890 0.3 2025-12-10 15:22:27 81 SVC:WinDefend 5600 NT AUTHORITY\SYSTEM 41308/62020 4194304/4194304 21072/41532 80 751 0.2 2025-12-10 16:43:04 0 SVC:wuauserv 2832 NT AUTHORITY\SYSTEM 27984/28328 152556/162544 14360/15696 38 415 0.2 2025-12-10 15:22:27 81 SVC:BASupportExpressStandaloneService_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe" 4448 NT AUTHORITY\SYSTEM 83580/97316 314984/322216 66788/80752 37 567 0.2 2025-12-10 15:22:28 81 powershell "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 4 Unknown 144/1880 3968/15292 40/64 0 2179 0.2 2025-12-10 15:22:22 81 System 3020 NT AUTHORITY\SYSTEM 63512/63804 4194304/4194304 50476/50548 20 325 0.1 2025-12-10 15:22:27 81 SVC:Mesh Agent 2952 NT AUTHORITY\SYSTEM 27376/234176 4194304/4194304 87964/257612 57 2013 0.0 2025-12-10 15:22:27 81 SVC:LTService 3272 NT AUTHORITY\SYSTEM 29324/41824 4194304/4194304 16680/34720 20 502 0.0 2025-12-10 15:22:27 81 SVC:Winmgmt 4672 NT AUTHORITY\NETWORK SERVICE 28036/32832 4194304/4194304 13300/15820 23 532 0.0 2025-12-10 15:22:30 81 WmiPrvSE 2312 Unknown 12612/12792 4194304/4194304 4244/6048 11 228 0.0 2025-12-10 16:43:04 0 SVC:sppsvc 1208 NT AUTHORITY\NETWORK SERVICE 9740/9840 4194304/4194304 3380/3580 18 315 0.0 2025-12-10 15:22:26 81 SVC:Dnscache 728 NT AUTHORITY\SYSTEM 23028/23324 4194304/4194304 7856/8360 32 1483 0.0 2025-12-10 15:22:25 81 SVC:KeyIso/Netlogon/SamSs 7052 Unknown 12780/13188 4194304/4194304 4960/5340 14 217 0.0 2025-12-10 15:22:33 81 SVC:WdNisSvc 716 Unknown 10348/10820 4194304/4194304 5420/7896 12 619 0.0 2025-12-10 15:22:25 81 services 976 NT AUTHORITY\NETWORK SERVICE 11248/11388 4194304/4194304 4720/4960 19 837 0.0 2025-12-10 15:22:26 81 SVC:RpcEptMapper/RpcSs 3212 NT AUTHORITY\SYSTEM 5984/6012 4194304/4194304 1284/1440 8 144 0.0 2025-12-10 15:22:27 81 SVC:TrkWks 3220 NT AUTHORITY\SYSTEM 12120/12668 4194304/4194304 2676/3384 14 237 0.0 2025-12-10 15:22:27 81 SVC:UsoSvc 3440 NT AUTHORITY\SYSTEM 257848/272284 814796/838328 228204/253192 112 2072 0.0 2025-12-10 15:22:27 81 SVC:Windows Agent Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" 3452 NT AUTHORITY\SYSTEM 11140/11232 4194304/4194304 1440/1764 8 126 0.0 2025-12-10 15:22:27 81 SVC:WpnService 3636 NT AUTHORITY\SYSTEM 74540/75124 4194304/4194304 42972/43564 57 857 0.0 2025-12-10 15:22:27 81 SVC:VeeamEndpointBackupSvc 3432 NT AUTHORITY\NETWORK SERVICE 13300/13416 4194304/4194304 2996/3668 14 252 0.0 2025-12-10 15:22:27 81 SVC:WinRM 2824 NT AUTHORITY\NETWORK SERVICE 53956/55020 4194304/4194304 149608/150748 52 477 0.0 2025-12-10 15:22:27 81 SVC:DHCPServer 2848 NT AUTHORITY\SYSTEM 30808/50348 4194304/4194304 15300/39764 24 573 0.0 2025-12-10 15:22:27 81 SVC:DiagTrack 2916 NT AUTHORITY\SYSTEM 8352/8428 4194304/4194304 2220/2380 11 225 0.0 2025-12-10 15:22:27 81 SVC:HelpDeskService 2728 NT AUTHORITY\SYSTEM 10400/10488 4194304/4194304 2164/2364 11 196 0.0 2025-12-10 15:22:27 81 SVC:Backup Service Controller 2776 NT AUTHORITY\SYSTEM 22760/39932 128348/155868 9388/27148 23 323 0.0 2025-12-10 15:22:27 81 SVC:BASupportExpressSrvcUpdater_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe" 2788 NT AUTHORITY\NETWORK SERVICE 19404/77320 4194304/4194304 8676/65620 31 322 0.0 2025-12-10 15:22:27 81 SVC:CryptSvc 3084 NT AUTHORITY\SYSTEM 26216/28516 4194304/4194304 12048/15056 46 382 0.0 2025-12-10 15:22:27 81 SVC:SrmSvc 3124 NT AUTHORITY\NETWORK SERVICE 11216/12500 4194304/4194304 2884/4092 14 242 0.0 2025-12-10 15:24:29 79 SVC:MSDTC 3164 NT AUTHORITY\SYSTEM 6960/6992 4194304/4194304 1592/1800 9 144 0.0 2025-12-10 15:22:27 81 SVC:SysMain 2968 NT AUTHORITY\SYSTEM 10440/42672 4194304/4194304 33744/34248 27 488 0.0 2025-12-10 15:22:27 81 SVC:LTSvcMon 3000 NT AUTHORITY\SYSTEM 12912/13016 4194304/4194304 3268/3732 14 259 0.0 2025-12-10 15:22:27 81 SVC:LanmanServer 3076 NT AUTHORITY\LOCAL SERVICE 7556/7604 4194304/4194304 1700/1912 42 160 0.0 2025-12-10 15:22:27 81 SVC:SstpSvc 3644 NT AUTHORITY\SYSTEM 6480/6732 4194304/4194304 1864/2164 8 124 0.0 2025-12-10 15:22:27 81 SVC:XymonPSClient 6428 NT AUTHORITY\SYSTEM 10076/10116 4194304/4194304 6192/6260 7 86 0.0 2025-12-10 15:22:33 81 conhost 6488 NT AUTHORITY\SYSTEM 14876/15508 4194304/4194304 3048/3996 14 259 0.0 2025-12-10 15:22:30 81 SVC:StorSvc 7156 NT AUTHORITY\SYSTEM 20008/49084 109140/129076 7104/29428 18 268 0.0 2025-12-10 15:22:34 81 BASupSysInf C:\PROGRA~2\BEANYW~1\GETSUP~1\BASupSysInf.exe -pldpipeid dgs7WDodgo3aCPFTaJncxhNBvhrx3XnkTUhhdGX5MkGyUbAjf0co8qx6khFA9Vdf 5980 NT AUTHORITY\SYSTEM 7764/9928 4194304/4194304 2200/3304 10 146 0.0 2025-12-10 16:43:05 0 SVC:TrustedInstaller 6252 NT AUTHORITY\SYSTEM 10068/10108 4194304/4194304 6176/6244 7 86 0.0 2025-12-10 15:22:33 81 conhost 6344 NT AUTHORITY\SYSTEM 61128/62428 4194304/4194304 50472/59724 26 409 0.0 2025-12-10 15:22:33 81 NableSixtyFourBitManager 8380 NT AUTHORITY\SYSTEM 14672/16240 4194304/4194304 8040/12036 20 269 0.0 2025-12-10 15:24:30 79 SVC:UALSVC 8780 NT AUTHORITY\SYSTEM 11440/12396 4194304/4194304 3636/4408 13 248 0.0 2025-12-10 15:22:53 80 SVC:PcaSvc 8880 NT AUTHORITY\LOCAL SERVICE 51132/51164 4194304/4194304 41128/41240 34 582 0.0 2025-12-10 15:22:53 80 SVC:SolarWinds.MSP.CacheService 7876 NT AUTHORITY\LOCAL SERVICE 14280/24272 4194304/4194304 5780/15288 13 199 0.0 2025-12-10 15:22:38 81 WmiPrvSE 8268 NT AUTHORITY\LOCAL SERVICE 19800/20232 4194304/4194304 13260/13676 17 303 0.0 2025-12-10 15:24:29 79 SVC:DPS 8324 NT AUTHORITY\SYSTEM 72912/109052 293012/355156 47328/90452 67 606 0.0 2025-12-10 15:22:55 80 SVC:SolarWinds.MSP.RpcServerService "C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe" 4332 NT AUTHORITY\SYSTEM 10176/10212 4194304/4194304 6208/6264 8 86 0.0 2025-12-10 15:22:34 81 conhost 4476 NT AUTHORITY\SYSTEM 13128/13152 4194304/4194304 6544/6604 10 148 0.0 2025-12-10 15:22:28 81 conhost 4684 NT AUTHORITY\SYSTEM 7660/16424 4194304/4194304 2396/4736 8 212 0.0 2025-12-10 15:22:28 81 AggregatorHost 3956 NT AUTHORITY\SYSTEM 13424/13480 4194304/4194304 3424/3776 24 419 0.0 2025-12-10 15:22:27 81 SVC:RasMan 3980 NT AUTHORITY\SYSTEM 10880/10936 54120/61800 2172/2612 18 241 0.0 2025-12-10 15:22:27 81 SVC:VeeamTransportSvc "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe" 3992 NT AUTHORITY\SYSTEM 14104/14408 65656/74616 2916/3944 21 291 0.0 2025-12-10 15:22:27 81 SVC:VeeamDeploySvc "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160 5228 NT AUTHORITY\SYSTEM 10024/10080 4194304/4194304 6188/6276 7 86 0.0 2025-12-10 15:22:28 81 conhost 5248 NT AUTHORITY\SYSTEM 31600/31636 4194304/4194304 24252/25096 19 326 0.0 2025-12-10 15:22:57 80 SVC:PME.Agent.PmeService 5796 NT AUTHORITY\SYSTEM 45576/47640 4194304/4194304 37324/38808 23 558 0.0 2025-12-10 15:22:33 81 NableReactiveManagement 4728 NT AUTHORITY\SYSTEM 10812/12420 4194304/4194304 3468/5104 9 131 0.0 2025-12-10 15:24:32 79 SVC:StateRepository 4772 NT AUTHORITY\SYSTEM 10752/10904 51416/59096 2032/2468 18 251 0.0 2025-12-10 15:22:28 81 Veeam.Guest.Interaction.Proxy "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe" 5048 NT AUTHORITY\SYSTEM 245116/377904 4194304/4194304 215200/359512 50 780 0.0 2025-12-10 15:22:28 81 BackupFP 992 NT AUTHORITY\LOCAL SERVICE 8680/8736 4194304/4194304 1808/2136 13 228 0.0 2025-12-10 15:22:26 81 SVC:W32Time 1016 NT AUTHORITY\SYSTEM 9556/9556 4194304/4194304 2528/2732 12 297 0.0 2025-12-10 15:22:26 81 SVC:LSM 1036 NT AUTHORITY\SYSTEM 8596/8752 4194304/4194304 1848/2316 11 192 0.0 2025-12-10 15:22:26 81 SVC:NcbService 860 NT AUTHORITY\SYSTEM 14676/14704 4194304/4194304 5504/5664 15 829 0.0 2025-12-10 15:22:26 81 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker 896 Font Driver Host\UMFD-0 3576/3612 4194304/4194304 1328/1412 6 39 0.0 2025-12-10 15:22:26 81 fontdrvhost 904 Font Driver Host\UMFD-1 3432/3472 4194304/4194304 1260/1344 6 39 0.0 2025-12-10 15:22:26 81 fontdrvhost 1048 NT AUTHORITY\LOCAL SERVICE 6304/6404 4194304/4194304 1364/1692 8 144 0.0 2025-12-10 15:22:26 81 SVC:TimeBrokerSvc 1272 Window Manager\DWM-1 44964/50604 4194304/4194304 22488/33276 27 626 0.0 2025-12-10 15:22:26 81 dwm 1384 NT AUTHORITY\LOCAL SERVICE 19420/23884 4194304/4194304 9372/14040 33 423 0.0 2025-12-10 15:22:26 81 SVC:BFE/mpssvc 1452 NT AUTHORITY\SYSTEM 39192/39296 199140/206820 25064/25304 34 654 0.0 2025-12-10 15:22:27 81 SVC:ScreenConnect Client (69e7721040ec1250) "C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=sc.viatek.com.au&p=8041&s=81f1fb2d-e971-4151-9233-026a4e5aab3f&k=BgIAAACkAABSU0ExAAgAAAEAAQCpFbFNTaYP9amF8McjmZ%2bQ8kLvvhOdthUPFJ78pr76tgUjzgIRnjzFiPwsqi3KH%2bAEGdBbu140Eu8gE8DXpk8y0v9cshavNO51TVuWILGYq54M%2bBpwafW1VRm7r8nJ%2fbpM58Hbc%2fArVsmsigBtGQ03Sse8wIfZ8ZkcfpiApbfZ94oT2gRUGDhLOh%2bbMDJXXzL%2bkCr5oO14ZoU9GzOu1GIPVuArDftfmD9D5O53gdE9njSXgqArzh%2bu06zB9Elvwke8PCvQTLHUpLHkYIOkCt1xNBIihW7ixPWPxb%2f0ZxzZ3sepeYefPryGzmthvqVHmX%2bOysNHAeTxvjOLuUYoCtKt&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAALGJBS5pIdke3EzdSnWrobAAAAAACAAAAAAAQZgAAAAEAACAAAAB7kvEKnYW8uqUU%2fjSEpvV9HnnX9HqO%2fVbMDPZKo08AlAAAAAAOgAAAAAIAACAAAAACVNoR2QgbMpsEqXLIQ0GFhvqbkTLxbaow2RVrUSYoiqAEAADVYrkpnxJhBn%2bNjU%2freLqtP25RBcML1geBWFf9U2yr1vICIQn4iqQcTYcrWlLC2YUvJ98TvMu%2be40xwmZWGI0O9WZgdVjzC31EBrXka0F0UcXnG6KwDBMgTy2pABmanplouzpilrFxb4NoAM8RZFXE4NZL8jQszoOdyENLZnWMAx4ap8IoenNovusq2vK8Pdge5zHrtcEAHNOUx3UqWiZ8ZWoV4EW%2bqmGcnmBRTJXijFflRugBWs1t%2f9pp%2felDh%2fNCsqZuRRwp6mASD93D8h4MtZtEcSE2usqbpb8k5lwxxAzr5rNZswpp4lz1mWruFyjWDf99tbK%2bN80fP2r2W67%2bCGWAoOafafHSxKzFWCqVaDitLyuvRH%2b1UUDOs%2bbGeCvCKBkPnTlBxoQg9Z%2fDiEjUAxWP4ETJx%2bbS5Pv54TLOAawgArwzAG03%2bMe7rNcyLHGORxR6zAMZ9CXMSh6JlbfPLXKZKPcW7tqxbpBIrtd5EnrFsDteXpFkVfEyhTbnWGWilLXzhikInqjBgUmK5OniZIUiFVtHSvNor%2bimXlIzpQBdjEff7Z8FNRViDsvidNINIxg48NcxhUMtbnX%2f7oiTKbp4334rXM7xA2WrgdwBUYUT91%2bhvc0JZv5U0lyV2b%2b3FAqMp8Fclx6R0vxTcbc1ChIiA3JgS22miGvF1Y3PFQ4c1afPhuGXcbK7ubsvWFTUsj4gSj0h%2b%2fSn52SUl8K5llc5fa8%2bmdDkNgEQcHgNs50FyVhhX05zvN9t0%2fu8x6mS3md1wjGMJEWfPVT5zzjaIFPso4v4YkiCtYxLSvCbvK4F%2fDTiPdyr0KuA82LEw6nQAs4qDGY8EJr47GvOc7bBtuzbYWq%2f44yQl8R5ry6T0OUuZnhtSZxqemqUlPOxNXZWaL1UjJVFUImUn8WM0f%2fQBQ2mKHLWRf0PVujzS%2bZiaSqeOh06Cs2LiTVbqSk8Q4qgN4v0sz0FNbfrQW8mbUCaKL%2bl94aJZPkSGtQWa%2f%2fdmz9o3S7fzhDAMfumxIBLP08BVg0H1oK%2fstjGzL04yBragx0QqpxSZROQVw27cGwAHdbpeFbv5cKf9H0hjYyJka2nyN%2bDNRFirzYnOe0%2bqzrrG9kA140UxQ%2bWM7hueZ5Nzhstptnxi0u3yBbn3GuAvF0YMITPwtbDbSRCO5H%2bb7UNC1WQLZDulfC5mnvDzsdN%2bM9s6G9mWcbebMhBC3q39s5zodA35JEHPW%2fxkruJXA9EbZjfiD7a%2bbkJA7uekYDSG2nmjyMvBcEE8MrGHT31O9074zFyB1TYQG9Pb8%2fS0pLy%2bWOK7uq%2fkRaK7mo3HNDxaZgzpJrWk5FvFZ6%2fmJXzSDkEqoiPB2FQKKu2%2fyStsx1MTfnOh7uC8uaqM08uNmM67sGvsfjSSMsNfFU4KQVUKSk%2fDENRhyMImBvSyFSVGmAO5sHuVCstKkOeV2LUCzmp%2b8m0wettXEMhcYu0U%2b9ZlzMKtpwX5lmdzD4moLleZCTmGjO2H8KKpEyqukPS1GQr3%2bLyNGaOHRN89ju2F2tYOt0ouC5eXzAGO%2feNx705eLEAMcMdoqbGpyXhiF0HoDw6IkAAAADanZNH4yCid%2b46xk3uOFQ6pWk%2b0okknzTyEeeAxSgjKVz%2fndDTJexk04K8kyjh7H2s2%2bRFgMYiEW8Wl61smHxO&c=Inorail%20Pty%20Ltd&c=INX%20-%20Servers&c=&c=&c=&c=&c=&c=" 1128 NT AUTHORITY\SYSTEM 8980/8996 4194304/4194304 2116/2320 12 187 0.0 2025-12-10 15:22:26 81 SVC:ShellHWDetection 1144 NT AUTHORITY\LOCAL SERVICE 8124/8144 4194304/4194304 2264/2500 11 239 0.0 2025-12-10 15:22:26 81 SVC:Dhcp 1192 NT AUTHORITY\SYSTEM 48868/55708 4194304/4194304 11404/23588 26 456 0.0 2025-12-10 15:22:26 81 LogonUI 444 NT AUTHORITY\LOCAL SERVICE 8004/8024 4194304/4194304 3572/3628 18 140 0.0 2025-12-10 15:22:26 81 SVC:nsi 484 Unknown 6644/6780 4194304/4194304 2104/2336 24 672 0.0 2025-12-10 15:22:25 81 csrss 528 NT AUTHORITY\NETWORK SERVICE 13304/13332 4194304/4194304 4608/4832 20 542 0.0 2025-12-10 15:22:26 81 SVC:TermService 0 8/8 8/8 60/60 0 0 0.0 0 Idle 124 Unknown 22788/162760 87628/166604 2544/100960 12 0 0.0 2025-12-10 15:22:20 81 Registry 380 Unknown 1300/1324 4194304/4194304 1100/1164 3 57 0.0 2025-12-10 15:22:22 81 smss 572 Unknown 7252/7368 4194304/4194304 1368/1904 11 156 0.0 2025-12-10 15:22:25 81 wininit 768 NT AUTHORITY\SYSTEM 20016/41940 4194304/4194304 13076/35412 15 287 0.0 2025-12-10 15:55:10 48 WmiPrvSE 804 NT AUTHORITY\LOCAL SERVICE 11924/11968 4194304/4194304 2228/2724 12 211 0.0 2025-12-10 15:24:29 79 SVC:CDPSvc 832 NT AUTHORITY\SYSTEM 32224/32876 160196/172828 19436/20860 25 454 0.0 2025-12-10 15:24:31 79 SVC:Windows Agent Maintenance Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" 580 Unknown 5964/11212 4194304/4194304 1752/2016 11 169 0.0 2025-12-10 15:22:25 81 csrss 644 NT AUTHORITY\SYSTEM 10096/15232 4194304/4194304 2512/6408 12 212 0.0 2025-12-10 15:22:25 81 winlogon 760 NT AUTHORITY\LOCAL SERVICE 5700/5716 4194304/4194304 1340/1440 8 119 0.0 2025-12-10 15:22:26 81 SVC:lmhosts 1484 NT AUTHORITY\NETWORK SERVICE 13740/14156 4194304/4194304 4292/5540 18 402 0.0 2025-12-10 15:22:26 81 SVC:NlaSvc 2188 NT AUTHORITY\SYSTEM 20160/39756 109936/154240 11380/32784 17 299 0.0 2025-12-10 15:55:09 48 WmiPrvSE C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding 2204 NT AUTHORITY\SYSTEM 22756/22860 4194304/4194304 19300/19656 37 734 0.0 2025-12-10 15:24:31 79 SVC:WSearch 2360 NT AUTHORITY\LOCAL SERVICE 7340/7424 4194304/4194304 1384/1668 8 124 0.0 2025-12-10 15:22:26 81 SVC:DispBrokerDesktopSvc 2036 NT AUTHORITY\NETWORK SERVICE 10644/10704 4194304/4194304 2288/2564 14 244 0.0 2025-12-10 15:22:26 81 SVC:LanmanWorkstation 2124 NT AUTHORITY\LOCAL SERVICE 7944/8052 4194304/4194304 1956/2400 10 183 0.0 2025-12-10 15:22:26 81 SVC:WinHttpAutoProxySvc 2132 NT AUTHORITY\SYSTEM 10252/10268 4194304/4194304 2312/2472 16 246 0.0 2025-12-10 15:22:26 81 SVC:SessionEnv 2416 NT AUTHORITY\SYSTEM 7872/7936 4194304/4194304 1588/1852 9 145 0.0 2025-12-10 15:22:26 81 SVC:UserManager 2604 NT AUTHORITY\SYSTEM 28228/29076 4194304/4194304 11168/11828 46 667 0.0 2025-12-10 15:22:27 81 SVC:Spooler 2612 NT AUTHORITY\SYSTEM 6220/6340 4194304/4194304 1384/2056 8 126 0.0 2025-12-10 15:24:29 79 SVC:WdiSystemHost 2716 NT AUTHORITY\SYSTEM 106580/108596 338216/397912 78808/103100 74 1009 0.0 2025-12-10 15:22:27 81 SVC:AutomationManagerAgent "C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe" 2532 NT AUTHORITY\SYSTEM 10776/11044 4194304/4194304 2656/3468 16 363 0.0 2025-12-10 15:22:27 81 SVC:iphlpsvc 2580 NT AUTHORITY\NETWORK SERVICE 7876/8996 4194304/4194304 1916/2964 13 173 0.0 2025-12-10 15:22:27 81 SVC:PolicyAgent 2588 NT AUTHORITY\SYSTEM 8620/8692 4194304/4194304 2644/2904 14 278 0.0 2025-12-10 15:22:27 81 SVC:IKEEXT 1608 NT AUTHORITY\SYSTEM 6060/6096 4194304/4194304 1264/1420 8 121 0.0 2025-12-10 15:22:26 81 SVC:Themes 1616 NT AUTHORITY\LOCAL SERVICE 8344/8444 4194304/4194304 2048/2388 10 170 0.0 2025-12-10 15:22:26 81 SVC:EventSystem 1624 NT AUTHORITY\LOCAL SERVICE 7304/8468 4194304/4194304 1660/2056 10 142 0.0 2025-12-10 15:22:26 81 SVC:FontCache 1556 NT AUTHORITY\SYSTEM 11608/11700 4194304/4194304 2372/2800 15 241 0.0 2025-12-10 15:22:26 81 SVC:gpsvc 1572 NT AUTHORITY\SYSTEM 6928/6944 4194304/4194304 1404/1508 9 138 0.0 2025-12-10 15:22:26 81 SVC:UmRdpService 1600 NT AUTHORITY\SYSTEM 6912/6932 4194304/4194304 1456/1668 9 126 0.0 2025-12-10 15:22:26 81 SVC:ProfSvc 1776 NT AUTHORITY\SYSTEM 13176/13380 4194304/4194304 3260/3516 14 223 0.0 2025-12-10 16:43:05 0 TiWorker 1860 NT AUTHORITY\SYSTEM 9444/9580 4194304/4194304 2016/2316 14 212 0.0 2025-12-10 15:22:26 81 SVC:SENS 1872 NT AUTHORITY\SYSTEM 6544/6568 4194304/4194304 1376/1476 8 145 0.0 2025-12-10 15:22:26 81 SVC:CertPropSvc 2000 NT AUTHORITY\LOCAL SERVICE 9216/9524 4194304/4194304 2036/3296 13 289 0.0 2025-12-10 15:22:26 81 SVC:Wcmsvc 1796 NT AUTHORITY\LOCAL SERVICE 11080/11668 4194304/4194304 2896/4236 14 442 0.0 2025-12-10 15:22:26 81 SVC:netprofm 1820 NT AUTHORITY\LOCAL SERVICE 6252/6284 4194304/4194304 1300/1408 8 126 0.0 2025-12-10 15:22:26 81 SVC:CoreMessagingRegistrar 1840 NT AUTHORITY\SYSTEM 15316/15440 4194304/4194304 4864/5456 18 365 0.0 2025-12-10 15:22:26 81 SVC:Schedule [netstat] PacketsReceived=202887 ReceivedHeaderErrors=0 ReceivedAddressErrors=4316 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=142 ReceivedPacketsDelivered=201463 OutputRequests=439567 RoutingDiscards=0 DiscardedOutputPackets=155 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=6857 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=89 ReceivedPacketsDelivered=6771 OutputRequests=24 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=2325 tcpPassiveOpens=1216 tcpFailedConnectionAttempts=255 tcpResetConnections=364 tcpCurrentConnections=62 tcpSegmentsReceived=192413 tcpSegmentsSent=446213 tcpSegmentsRetransmitted=1977 tcpActiveOpens=7 tcpPassiveOpens=7 tcpFailedConnectionAttempts=0 tcpResetConnections=2 tcpCurrentConnections=0 tcpSegmentsReceived=282 tcpSegmentsSent=282 tcpSegmentsRetransmitted=0 udpDatagramsReceived=14369 udpNoPorts=135 udpReceiveErrors=0 udpDatagramsSent=1549 udpDatagramsReceived=6411 udpNoPorts=89 udpReceiveErrors=0 udpDatagramsSent=10 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING TCP 0.0.0.0:6183 0.0.0.0:0 LISTENING TCP 0.0.0.0:6184 0.0.0.0:0 LISTENING TCP 0.0.0.0:6190 0.0.0.0:0 LISTENING TCP 0.0.0.0:6290 0.0.0.0:0 LISTENING TCP 0.0.0.0:11731 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING TCP 0.0.0.0:49709 0.0.0.0:0 LISTENING TCP 0.0.0.0:49781 0.0.0.0:0 LISTENING TCP 10.2.63.46:135 10.2.62.108:56728 ESTABLISHED TCP 10.2.63.46:135 10.2.62.114:59011 ESTABLISHED TCP 10.2.63.46:135 10.2.62.114:59012 ESTABLISHED TCP 10.2.63.46:135 10.2.68.2:50901 ESTABLISHED TCP 10.2.63.46:139 0.0.0.0:0 LISTENING TCP 10.2.63.46:445 10.2.62.64:52714 ESTABLISHED TCP 10.2.63.46:445 10.2.62.65:53951 ESTABLISHED TCP 10.2.63.46:445 10.2.62.66:59391 ESTABLISHED TCP 10.2.63.46:445 10.2.62.70:49760 ESTABLISHED TCP 10.2.63.46:445 10.2.62.77:52869 ESTABLISHED TCP 10.2.63.46:445 10.2.62.84:64172 ESTABLISHED TCP 10.2.63.46:445 10.2.62.85:49813 ESTABLISHED TCP 10.2.63.46:445 10.2.62.99:61116 ESTABLISHED TCP 10.2.63.46:445 10.2.62.100:62922 ESTABLISHED TCP 10.2.63.46:445 10.2.62.108:55837 ESTABLISHED TCP 10.2.63.46:445 10.2.62.109:51472 ESTABLISHED TCP 10.2.63.46:445 10.2.62.117:60370 ESTABLISHED TCP 10.2.63.46:445 10.2.68.2:50878 ESTABLISHED TCP 10.2.63.46:647 0.0.0.0:0 LISTENING TCP 10.2.63.46:647 10.2.63.21:57141 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.10:58363 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.65:61979 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.66:59399 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.69:64333 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.70:51818 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.77:49216 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.80:55367 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.84:64179 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.85:65258 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.87:56732 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.99:63160 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.100:61868 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.108:56729 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.109:52085 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.114:59013 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.114:59014 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.116:59225 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.117:65142 ESTABLISHED TCP 10.2.63.46:49670 10.2.63.21:57863 ESTABLISHED TCP 10.2.63.46:49670 10.2.68.2:50902 ESTABLISHED TCP 10.2.63.46:49670 10.2.68.2:50903 ESTABLISHED TCP 10.2.63.46:49839 206.148.0.34:443 ESTABLISHED TCP 10.2.63.46:49842 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:49916 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:49919 206.148.0.125:443 ESTABLISHED TCP 10.2.63.46:50012 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:50101 8.38.48.118:443 ESTABLISHED TCP 10.2.63.46:51295 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51296 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51297 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:52067 10.2.63.47:135 TIME_WAIT TCP 10.2.63.46:52068 10.2.63.47:49669 TIME_WAIT TCP 10.2.63.46:52085 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:52103 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:52104 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:52105 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:52116 10.2.63.47:135 ESTABLISHED TCP 10.2.63.46:52117 10.2.63.47:49669 ESTABLISHED TCP 10.2.63.46:52126 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:52134 125.253.56.44:443 ESTABLISHED TCP 10.2.63.46:52139 104.18.109.87:443 TIME_WAIT TCP 10.2.63.46:52142 104.18.110.87:443 TIME_WAIT TCP 10.2.63.46:52145 206.148.0.124:443 TIME_WAIT TCP 10.2.63.46:52147 132.196.74.212:443 TIME_WAIT TCP 10.2.63.46:52148 123.253.148.9:80 TIME_WAIT TCP 10.2.63.46:52149 13.95.31.18:443 TIME_WAIT TCP 10.2.63.46:52153 20.42.73.24:443 TIME_WAIT TCP 127.0.0.1:445 127.0.0.1:51245 ESTABLISHED TCP 127.0.0.1:3389 127.0.0.1:52154 CLOSE_WAIT TCP 127.0.0.1:6290 127.0.0.1:49695 ESTABLISHED TCP 127.0.0.1:9395 0.0.0.0:0 LISTENING TCP 127.0.0.1:42000 0.0.0.0:0 LISTENING TCP 127.0.0.1:49695 127.0.0.1:6290 ESTABLISHED TCP 127.0.0.1:49742 127.0.0.1:49743 ESTABLISHED TCP 127.0.0.1:49743 127.0.0.1:49742 ESTABLISHED TCP 127.0.0.1:49758 127.0.0.1:49759 ESTABLISHED TCP 127.0.0.1:49759 127.0.0.1:49758 ESTABLISHED TCP 127.0.0.1:49763 0.0.0.0:0 LISTENING TCP 127.0.0.1:50093 127.0.0.1:51821 ESTABLISHED TCP 127.0.0.1:51245 127.0.0.1:445 ESTABLISHED TCP 127.0.0.1:51821 0.0.0.0:0 LISTENING TCP 127.0.0.1:51821 127.0.0.1:50093 ESTABLISHED TCP 127.0.0.1:52082 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:52083 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52102 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52125 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52129 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:52132 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52133 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52136 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52151 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:52154 127.0.0.1:3389 FIN_WAIT_2 TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:5985 [::]:0 LISTENING TCP [::]:6160 [::]:0 LISTENING TCP [::]:6162 [::]:0 LISTENING TCP [::]:6183 [::]:0 LISTENING TCP [::]:6184 [::]:0 LISTENING TCP [::]:6190 [::]:0 LISTENING TCP [::]:6290 [::]:0 LISTENING TCP [::]:11731 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49669 [::]:0 LISTENING TCP [::]:49670 [::]:0 LISTENING TCP [::]:49672 [::]:0 LISTENING TCP [::]:49709 [::]:0 LISTENING TCP [::]:49781 [::]:0 LISTENING TCP [::1]:9395 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:42000 *:* UDP 0.0.0.0:43212 *:* UDP 0.0.0.0:54990 *:* UDP 0.0.0.0:57296 *:* UDP 0.0.0.0:58924 *:* UDP 0.0.0.0:59052 *:* UDP 0.0.0.0:59053 *:* UDP 0.0.0.0:60236 *:* UDP 0.0.0.0:61234 *:* UDP 0.0.0.0:63032 *:* UDP 0.0.0.0:63034 *:* UDP 10.2.63.46:67 *:* UDP 10.2.63.46:68 *:* UDP 10.2.63.46:137 *:* UDP 10.2.63.46:138 *:* UDP 10.2.63.46:2535 *:* UDP 127.0.0.1:51979 127.0.0.1:51979 UDP 127.0.0.1:52610 127.0.0.1:52610 UDP 127.0.0.1:56482 127.0.0.1:56482 UDP 127.0.0.1:57689 127.0.0.1:57689 UDP 127.0.0.1:59435 127.0.0.1:59435 UDP 127.0.0.1:59437 127.0.0.1:59437 UDP 127.0.0.1:59439 127.0.0.1:59439 UDP 127.0.0.1:60839 127.0.0.1:60839 UDP 127.0.0.1:63055 127.0.0.1:63055 UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:3389 *:* UDP [::]:4500 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:54990 *:* UDP [::]:57296 *:* UDP [::]:58924 *:* UDP [::]:59053 *:* UDP [::]:60236 *:* UDP [::]:61234 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : INO-RUT-FP01 Primary Dns Suffix . . . . . . . : inside.inoxihp.com.au Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : inside.inoxihp.com.au Ethernet adapter Ethernet Instance 0: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 52-54-00-7C-8E-B1 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6c3a:be9b:60bb:3502%9(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.63.46(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.2.63.1 DHCPv6 IAID . . . . . . . . . . . : 106058752 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-91-E4-AF-52-54-00-7C-8E-B1 DNS Servers . . . . . . . . . . . : 10.2.63.45 10.2.63.47 10.2.63.21 10.2.63.22 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 9...52 54 00 7c 8e b1 ......Intel(R) 82574L Gigabit Network Connection 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.2.63.1 10.2.63.46 281 10.2.63.0 255.255.255.0 On-link 10.2.63.46 281 10.2.63.46 255.255.255.255 On-link 10.2.63.46 281 10.2.63.255 255.255.255.255 On-link 10.2.63.46 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.2.63.46 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.2.63.46 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.2.63.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 9 281 fe80::/64 On-link 9 281 fe80::6c3a:be9b:60bb:3502/128 On-link 1 331 ff00::/8 On-link 9 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.2.63.46 163954712 505828689 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AutomationManagerAgent automatic started Automation Manager Agent AxInstSV disabled stopped ActiveX Installer (AxInstSV) Backup_Service_Controller automatic started Backup Service Controller BASupportExpressSrvcUpdater_N_Central automatic started N-able Take Control Updater Service (N-Central) BASupportExpressStandaloneService_N_Central automatic started N-able Take Control Service (N-Central) BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client DHCPServer automatic started DHCP Server diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual stopped Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService144.0.7547.0 automatic stopped Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) GoogleUpdaterService144.0.7547.0 automatic stopped Google Updater Service (GoogleUpdaterService144.0.7547.0) gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc HelpDeskService automatic started HelpDeskService hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service IDriveService automatic started IDriveService IKEEXT automatic started IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager LTService automatic started Viatek Technology Monitoring Service LTSvcMon automatic started Viatek Technology Monitoring Service Watchdog Service MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSDTC automatic started Distributed Transaction Coordinator MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PME.Agent.PmeService automatic started PME Agent PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual stopped Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy ScreenConnect_Client_(69e7721040ec1250) automatic started ScreenConnect Client (69e7721040ec1250) seclogon manual stopped Secondary Logon SecurityHealthService manual stopped Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap SolarWinds.MSP.CacheService automatic started File Cache Service Agent SolarWinds.MSP.RpcServerService automatic started Request Handler Agent Spooler automatic started Print Spooler sppsvc automatic started Software Protection SrmReports manual stopped File Server Storage Reports Manager SrmSvc automatic started File Server Resource Manager SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv automatic stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual stopped Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual stopped Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual started Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk VeeamDeploySvc automatic started Veeam Installer Service VeeamEndpointBackupSvc automatic started Veeam Agent for Microsoft Windows VeeamTransportSvc automatic started Veeam Data Mover Service vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS automatic stopped Volume Shadow Copy W32Time automatic started Windows Time WaaSMedicSvc manual stopped Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual started Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service Windows_Agent_Maintenance_Service automatic started Windows Agent Maintenance Service Windows_Agent_Service automatic started Windows Agent Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WSearch automatic started Windows Search wuauserv automatic started Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 4856 0 days 1 hours 20 minutes 56 seconds Bootup: 20251210152220.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [XymonConfig] XymonSettings serversList : xymon.twilightcomputer.au serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : ino-rut-fp01 clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : xymon.twilightcomputer.au clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname ino-rut-fp01 [XymonPSClientInfo] Collection number: 18 Last transmission method: TCP Id : 4448 Handles : 558 CPU : 39.921875 SI : 0 Name : powershell