[collector:] client ino-rut-fp01.powershell powershell XymonPS [date] Wed 10 Dec 20:08:33 2025 [clock] epoch: 1765357713 local: Wed 10 Dec 20:08:33 2025 UTC: Wed 10 Dec 09:08:33 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 5 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0073558s Root Dispersion: 0.1033246s ReferenceId: 0x0A023F2F (source IP: 10.2.63.47) Last Successful Sync Time: 10/12/2025 8:06:40 PM Source: INO-RUT-DC02.inside.inoxihp.com.au Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter (build 20348) [cpu] up: 0 days, 0 users, 122 procs, load=13.97% CPU states: total 13.97% cores: 4 CPU PID Image Name Pri Time MemUsage 5.9% 728 SVC:KeyIso/Netlogon/SamSs 9 00:01:46 24524k 2.3% 8452 SVC:IDriveService 8 00:13:50 570448k 1.6% 5048 BackupFP 8 00:01:45 268780k 1.5% 3424 SVC:WinDefend 8 00:07:03 278200k 0.5% 4 System 8 00:01:23 144k 0.4% 2788 SVC:CryptSvc 8 00:00:17 19776k 0.3% 1256 SVC:EventLog 8 00:02:25 46364k 0.2% 2832 SVC:BASupportExpressStandalone 13 00:02:15 28764k 0.2% 4448 powershell 8 00:01:34 86240k 0.1% 3232 idwutil_600 8 00:00:01 12688k 0.1% 8460 idwutil_600 8 00:00:01 12680k 0.1% 8680 idwutil_600 8 00:00:01 12660k 0.1% 2056 idwutil_600 8 00:00:01 12680k 0.1% 3020 SVC:Mesh Agent 8 00:01:29 119776k 0.1% 7052 SVC:WdNisSvc 8 00:00:03 12960k 0.0% 3272 SVC:Winmgmt 8 00:00:26 29524k 0.0% 6520 SVC:VSS 8 00:00:00 17672k 0.0% 976 SVC:RpcEptMapper/RpcSs 8 00:00:07 11640k 0.0% 2204 SVC:WSearch 8 00:00:06 23448k 0.0% 2952 SVC:LTService 8 00:00:26 31996k 0.0% 4672 WmiPrvSE 8 00:00:18 27952k 0.0% 496 SVC:swprv 8 00:00:00 9020k 0.0% 6616 SVC:msiserver 8 00:00:00 16852k 0.0% 716 services 9 00:00:08 10480k 0.0% 5192 SVC:SrmReports 8 00:00:00 20300k 0.0% 7952 SVC:AppXSvc 8 00:00:00 11488k 0.0% 2188 WmiPrvSE 8 00:00:05 19956k 0.0% 8268 SVC:DPS 8 00:00:01 21972k 0.0% 8324 SVC:SolarWinds.MSP.RpcServerSe 8 00:00:04 72792k 0.0% 768 WmiPrvSE 8 00:00:05 21264k 0.0% 3440 SVC:Windows Agent Service 8 00:00:42 258640k 0.0% 124 Registry 8 00:00:01 22704k 0.0% 2824 SVC:DHCPServer 8 00:00:00 54660k 0.0% 3084 SVC:SrmSvc 8 00:00:01 26448k 0.0% 1208 SVC:Dnscache 8 00:00:03 9948k 0.0% 8880 SVC:SolarWinds.MSP.CacheServic 8 00:00:00 51424k 0.0% 3452 SVC:WpnService 8 00:00:00 11124k 0.0% 3432 SVC:WinRM 8 00:00:00 13352k 0.0% 2968 SVC:LTSvcMon 8 00:00:00 14436k 0.0% 3076 SVC:SstpSvc 8 00:00:00 7544k 0.0% 3000 SVC:LanmanServer 8 00:00:00 12928k 0.0% 3008 conhost 8 00:00:00 10216k 0.0% 3124 SVC:MSDTC 8 00:00:00 11212k 0.0% 3220 SVC:UsoSvc 8 00:00:00 12108k 0.0% 3212 SVC:TrkWks 8 00:00:00 5980k 0.0% 3164 SVC:SysMain 8 00:00:00 6944k 0.0% 6028 conhost 8 00:00:00 10220k 0.0% 6252 conhost 8 00:00:00 10064k 0.0% 5796 NableReactiveManagement 8 00:00:00 45796k 0.0% 5228 conhost 8 00:00:00 10020k 0.0% 5248 SVC:PME.Agent.PmeService 8 00:00:00 32688k 0.0% 6344 NableSixtyFourBitManager 8 00:00:00 61884k 0.0% 8380 SVC:UALSVC 8 00:00:00 14684k 0.0% 8780 SVC:PcaSvc 8 00:00:00 11528k 0.0% 7156 BASupSysInf 6 00:00:00 19976k 0.0% 6428 conhost 8 00:00:00 10072k 0.0% 6488 SVC:StorSvc 8 00:00:00 14860k 0.0% 4772 Veeam.Guest.Interaction.Proxy 8 00:00:00 10748k 0.0% 3980 SVC:VeeamTransportSvc 8 00:00:00 10884k 0.0% 3992 SVC:VeeamDeploySvc 8 00:00:00 14804k 0.0% 3956 SVC:RasMan 8 00:00:00 13420k 0.0% 3636 SVC:VeeamEndpointBackupSvc 8 00:00:02 93400k 0.0% 3644 SVC:XymonPSClient 8 00:00:00 6476k 0.0% 4220 SVC:WdiSystemHost 8 00:00:00 6272k 0.0% 4684 AggregatorHost 8 00:00:00 7668k 0.0% 4728 SVC:StateRepository 8 00:00:00 10900k 0.0% 4476 conhost 8 00:00:01 13152k 0.0% 4332 conhost 6 00:00:00 10172k 0.0% 4372 WmiPrvSE 8 00:00:00 12044k 0.0% 1036 SVC:NcbService 8 00:00:00 8584k 0.0% 1048 SVC:TimeBrokerSvc 8 00:00:00 6300k 0.0% 1128 SVC:ShellHWDetection 8 00:00:00 8956k 0.0% 904 fontdrvhost 8 00:00:00 3432k 0.0% 992 SVC:W32Time 8 00:00:00 8672k 0.0% 1016 SVC:LSM 8 00:00:00 9544k 0.0% 1144 SVC:Dhcp 8 00:00:00 8232k 0.0% 1452 SVC:ScreenConnect Client (69e7 8 00:00:00 39296k 0.0% 1484 SVC:NlaSvc 8 00:00:00 13720k 0.0% 1556 SVC:gpsvc 8 00:00:00 13204k 0.0% 1192 LogonUI 13 00:00:00 48932k 0.0% 1272 dwm 13 00:00:00 44960k 0.0% 1384 SVC:BFE/mpssvc 8 00:00:00 19572k 0.0% 484 csrss 13 00:00:01 6640k 0.0% 528 SVC:TermService 8 00:00:00 13304k 0.0% 572 wininit 13 00:00:00 7248k 0.0% 0 Idle 0 8k 0.0% 380 smss 11 00:00:00 1300k 0.0% 444 SVC:nsi 8 00:00:00 8040k 0.0% 580 csrss 13 00:00:00 5960k 0.0% 832 SVC:Windows Agent Maintenance 8 00:00:00 32432k 0.0% 860 SVC:BrokerInfrastructure/DcomL 8 00:00:00 14676k 0.0% 896 fontdrvhost 8 00:00:00 3576k 0.0% 644 winlogon 13 00:00:00 10092k 0.0% 760 SVC:lmhosts 8 00:00:00 5684k 0.0% 804 SVC:CDPSvc 8 00:00:00 11920k 0.0% 1572 SVC:UmRdpService 8 00:00:00 6928k 0.0% 2416 SVC:UserManager 8 00:00:00 7852k 0.0% 2532 SVC:iphlpsvc 8 00:00:00 10772k 0.0% 2580 SVC:PolicyAgent 8 00:00:00 7864k 0.0% 2156 conhost 8 00:00:00 10216k 0.0% 2224 conhost 8 00:00:00 10224k 0.0% 2360 SVC:DispBrokerDesktopSvc 8 00:00:00 7324k 0.0% 2588 SVC:IKEEXT 8 00:00:00 8624k 0.0% 2776 SVC:BASupportExpressSrvcUpdate 8 00:00:02 22760k 0.0% 2848 SVC:DiagTrack 8 00:00:01 33380k 0.0% 2916 SVC:HelpDeskService 8 00:00:00 8352k 0.0% 2604 SVC:Spooler 8 00:00:01 28168k 0.0% 2716 SVC:AutomationManagerAgent 8 00:00:07 106544k 0.0% 2728 SVC:Backup Service Controller 8 00:00:00 10408k 0.0% 1624 SVC:FontCache 8 00:00:00 7308k 0.0% 1796 SVC:netprofm 8 00:00:00 11056k 0.0% 1820 SVC:CoreMessagingRegistrar 8 00:00:00 6248k 0.0% 1600 SVC:ProfSvc 8 00:00:00 6896k 0.0% 1608 SVC:Themes 8 00:00:00 6048k 0.0% 1616 SVC:EventSystem 8 00:00:00 8340k 0.0% 1840 SVC:Schedule 8 00:00:00 15432k 0.0% 2036 SVC:LanmanWorkstation 8 00:00:00 10656k 0.0% 2124 SVC:WinHttpAutoProxySvc 8 00:00:00 7932k 0.0% 2132 SVC:SessionEnv 8 00:00:00 10232k 0.0% 1860 SVC:SENS 8 00:00:00 9448k 0.0% 1872 SVC:CertPropSvc 8 00:00:00 6532k 0.0% 2000 SVC:Wcmsvc 8 00:00:00 9240k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 209074172 37854104 171220068 18% /FIXED/C:\ 199.39\163.29 D 4194285564 1985908336 2208377228 47% /FIXED/D:\ data 3999.98\2106.07 [memory] memory Total Used physical: 32767 4711 virtual: 4864 0 page: 37631 4291 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 32568 Security Circular 20971520 62071 System Circular 20971520 48894 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 12/10/2025 20:06:31 - [4] - Virtual Disk Service - Service stopped. Information - 12/10/2025 20:06:22 - [98] - Microsoft-Windows-Ntfs - Volume System Reserved (\Device\HarddiskVolumeShadowCopy11) is healthy. No action is needed. Information - 12/10/2025 20:06:22 - [98] - Microsoft-Windows-Ntfs - Volume ?? (\Device\HarddiskVolumeShadowCopy10) is healthy. No action is needed. Information - 12/10/2025 20:06:08 - [3] - Virtual Disk Service - Service started. Information - 12/10/2025 19:11:18 - [12] - Microsoft-Windows-UserModePowerService - Process C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Manager.exe (process ID:5112) reset policy scheme from {381b4222-f694-41f0-9685-ff5bb260df2e} to {381b4222-f694-41f0-9685-ff5bb260df2e} [msgs:eventlog_Application] Information - 12/10/2025 20:06:32 - [105] - Backup Manager - Backup finished for data source SystemStateBackupPlugin with session status Completed. Selected size: 17.6G; Selected count: 118846; Processed size: 221M; Processed count: 292; Sent size: 3.25M; Errors count: 0; Removed files count: 0. [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 728 NT AUTHORITY\SYSTEM 24524/24804 4194304/4194304 9236/9756 32 1776 5.9 2025-12-10 15:22:25 286 SVC:KeyIso/Netlogon/SamSs 8452 NT AUTHORITY\SYSTEM 570448/1105572 4194304/4194304 552944/1118028 56 1068 2.3 2025-12-10 15:24:29 284 SVC:IDriveService 5048 NT AUTHORITY\SYSTEM 268780/400080 4194304/4194304 248068/369744 53 887 1.6 2025-12-10 15:22:28 286 BackupFP 3424 Unknown 278200/1056976 4194304/4194304 603212/1114124 303 908 1.5 2025-12-10 15:22:27 286 SVC:WinDefend 4 Unknown 144/1880 3968/15292 40/64 0 2173 0.5 2025-12-10 15:22:22 286 System 2788 NT AUTHORITY\NETWORK SERVICE 19776/78608 4194304/4194304 9028/68288 31 419 0.4 2025-12-10 15:22:27 286 SVC:CryptSvc 1256 NT AUTHORITY\LOCAL SERVICE 46364/77080 4194304/4194304 57084/69900 20 1636 0.3 2025-12-10 15:22:26 286 SVC:EventLog 2832 NT AUTHORITY\SYSTEM 28764/29564 152556/162544 14832/15752 38 415 0.2 2025-12-10 15:22:27 286 SVC:BASupportExpressStandaloneService_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe" 4448 NT AUTHORITY\SYSTEM 86240/97316 315496/322216 69476/80752 38 555 0.2 2025-12-10 15:22:28 286 powershell "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 3232 NT AUTHORITY\SYSTEM 12688/12688 450520/450524 7668/7668 17 255 0.1 2025-12-10 20:08:12 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsD"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 8460 NT AUTHORITY\SYSTEM 12680/12680 450520/450524 7656/7656 17 257 0.1 2025-12-10 20:08:12 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsC"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 8680 NT AUTHORITY\SYSTEM 12660/12660 450520/450524 7648/7648 17 257 0.1 2025-12-10 20:08:11 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsA"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 2056 NT AUTHORITY\SYSTEM 12680/12680 450520/450524 7660/7660 17 257 0.1 2025-12-10 20:08:11 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsB"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 3020 NT AUTHORITY\SYSTEM 119776/120064 4194304/4194304 107912/107984 21 325 0.1 2025-12-10 15:22:27 286 SVC:Mesh Agent 7052 Unknown 12960/13880 4194304/4194304 5200/5964 14 219 0.1 2025-12-10 15:22:33 286 SVC:WdNisSvc 3272 NT AUTHORITY\SYSTEM 29524/41824 4194304/4194304 16868/34720 20 504 0.0 2025-12-10 15:22:27 286 SVC:Winmgmt 6520 NT AUTHORITY\SYSTEM 17672/28844 4194304/4194304 7520/13588 17 344 0.0 2025-12-10 20:06:00 2 SVC:VSS 976 NT AUTHORITY\NETWORK SERVICE 11640/11680 4194304/4194304 5184/5224 20 857 0.0 2025-12-10 15:22:26 286 SVC:RpcEptMapper/RpcSs 2204 NT AUTHORITY\SYSTEM 23448/23588 4194304/4194304 20148/20520 37 745 0.0 2025-12-10 15:24:31 284 SVC:WSearch 2952 NT AUTHORITY\SYSTEM 31996/234176 4194304/4194304 89304/257612 56 2045 0.0 2025-12-10 15:22:27 286 SVC:LTService 4672 NT AUTHORITY\NETWORK SERVICE 27952/32832 4194304/4194304 13024/15820 21 700 0.0 2025-12-10 15:22:30 286 WmiPrvSE 496 NT AUTHORITY\SYSTEM 9020/21584 4194304/4194304 1968/14880 11 150 0.0 2025-12-10 20:06:20 2 SVC:swprv 6616 NT AUTHORITY\SYSTEM 16852/22672 4194304/4194304 7280/10872 14 244 0.0 2025-12-10 20:03:43 5 SVC:msiserver 716 Unknown 10480/10820 4194304/4194304 5520/7896 12 626 0.0 2025-12-10 15:22:25 286 services 5192 NT AUTHORITY\SYSTEM 20300/20424 4194304/4194304 20032/20224 16 292 0.0 2025-12-10 20:06:00 2 SVC:SrmReports 7952 Unknown 11488/11612 4194304/4194304 3424/3688 10 157 0.0 2025-12-10 20:04:14 4 SVC:AppXSvc 2188 NT AUTHORITY\SYSTEM 19956/39756 109936/154240 11136/32784 17 299 0.0 2025-12-10 15:55:09 253 WmiPrvSE C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding 8268 NT AUTHORITY\LOCAL SERVICE 21972/22580 4194304/4194304 15180/16100 17 306 0.0 2025-12-10 15:24:29 284 SVC:DPS 8324 NT AUTHORITY\SYSTEM 72792/109052 291732/355156 47148/90452 66 607 0.0 2025-12-10 15:22:55 286 SVC:SolarWinds.MSP.RpcServerService "C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe" 768 NT AUTHORITY\SYSTEM 21264/41940 4194304/4194304 14812/35412 18 313 0.0 2025-12-10 15:55:10 253 WmiPrvSE 3440 NT AUTHORITY\SYSTEM 258640/272284 816476/839544 229492/253192 113 1987 0.0 2025-12-10 15:22:27 286 SVC:Windows Agent Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" 124 Unknown 22704/162760 87628/166604 2468/100960 12 0 0.0 2025-12-10 15:22:20 286 Registry 2824 NT AUTHORITY\NETWORK SERVICE 54660/55764 4194304/4194304 149792/150940 52 496 0.0 2025-12-10 15:22:27 286 SVC:DHCPServer 3084 NT AUTHORITY\SYSTEM 26448/28516 4194304/4194304 12308/15056 47 394 0.0 2025-12-10 15:22:27 286 SVC:SrmSvc 1208 NT AUTHORITY\NETWORK SERVICE 9948/9964 4194304/4194304 3660/3684 18 322 0.0 2025-12-10 15:22:26 286 SVC:Dnscache 8880 NT AUTHORITY\LOCAL SERVICE 51424/51484 4194304/4194304 41432/41556 34 565 0.0 2025-12-10 15:22:53 286 SVC:SolarWinds.MSP.CacheService 3452 NT AUTHORITY\SYSTEM 11124/11232 4194304/4194304 1388/1764 8 126 0.0 2025-12-10 15:22:27 286 SVC:WpnService 3432 NT AUTHORITY\NETWORK SERVICE 13352/13416 4194304/4194304 3088/3668 14 252 0.0 2025-12-10 15:22:27 286 SVC:WinRM 2968 NT AUTHORITY\SYSTEM 14436/42672 4194304/4194304 34136/34832 27 476 0.0 2025-12-10 15:22:27 286 SVC:LTSvcMon 3076 NT AUTHORITY\LOCAL SERVICE 7544/7604 4194304/4194304 1648/1912 42 160 0.0 2025-12-10 15:22:27 286 SVC:SstpSvc 3000 NT AUTHORITY\SYSTEM 12928/13016 4194304/4194304 3328/3732 14 261 0.0 2025-12-10 15:22:27 286 SVC:LanmanServer 3008 NT AUTHORITY\SYSTEM 10216/10216 4194304/4194304 6252/6252 8 86 0.0 0 conhost 3124 NT AUTHORITY\NETWORK SERVICE 11212/12500 4194304/4194304 2884/4092 14 242 0.0 2025-12-10 15:24:29 284 SVC:MSDTC 3220 NT AUTHORITY\SYSTEM 12108/12668 4194304/4194304 2628/3384 14 237 0.0 2025-12-10 15:22:27 286 SVC:UsoSvc 3212 NT AUTHORITY\SYSTEM 5980/6012 4194304/4194304 1284/1440 8 144 0.0 2025-12-10 15:22:27 286 SVC:TrkWks 3164 NT AUTHORITY\SYSTEM 6944/6992 4194304/4194304 1540/1800 9 144 0.0 2025-12-10 15:22:27 286 SVC:SysMain 6028 NT AUTHORITY\SYSTEM 10220/10220 4194304/4194304 6256/6256 8 86 0.0 0 conhost 6252 NT AUTHORITY\SYSTEM 10064/10108 4194304/4194304 6176/6244 7 86 0.0 2025-12-10 15:22:33 286 conhost 5796 NT AUTHORITY\SYSTEM 45796/47640 4194304/4194304 37508/38808 23 715 0.0 2025-12-10 15:22:33 286 NableReactiveManagement 5228 NT AUTHORITY\SYSTEM 10020/10080 4194304/4194304 6188/6276 7 86 0.0 2025-12-10 15:22:28 286 conhost 5248 NT AUTHORITY\SYSTEM 32688/32736 4194304/4194304 25308/25424 19 396 0.0 2025-12-10 15:22:57 285 SVC:PME.Agent.PmeService 6344 NT AUTHORITY\SYSTEM 61884/62428 4194304/4194304 51220/59724 26 409 0.0 2025-12-10 15:22:33 286 NableSixtyFourBitManager 8380 NT AUTHORITY\SYSTEM 14684/16240 4194304/4194304 8040/12036 20 272 0.0 2025-12-10 15:24:30 284 SVC:UALSVC 8780 NT AUTHORITY\SYSTEM 11528/12508 4194304/4194304 3660/4528 13 249 0.0 2025-12-10 15:22:53 286 SVC:PcaSvc 7156 NT AUTHORITY\SYSTEM 19976/49084 107860/129076 7024/29428 18 268 0.0 2025-12-10 15:22:34 286 BASupSysInf C:\PROGRA~2\BEANYW~1\GETSUP~1\BASupSysInf.exe -pldpipeid dgs7WDodgo3aCPFTaJncxhNBvhrx3XnkTUhhdGX5MkGyUbAjf0co8qx6khFA9Vdf 6428 NT AUTHORITY\SYSTEM 10072/10116 4194304/4194304 6192/6260 7 86 0.0 2025-12-10 15:22:33 286 conhost 6488 NT AUTHORITY\SYSTEM 14860/15508 4194304/4194304 2996/3996 14 259 0.0 2025-12-10 15:22:30 286 SVC:StorSvc 4772 NT AUTHORITY\SYSTEM 10748/10904 51416/59096 2032/2468 18 251 0.0 2025-12-10 15:22:28 286 Veeam.Guest.Interaction.Proxy "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe" 3980 NT AUTHORITY\SYSTEM 10884/10936 54120/61800 2172/2612 18 241 0.0 2025-12-10 15:22:27 286 SVC:VeeamTransportSvc "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe" 3992 NT AUTHORITY\SYSTEM 14804/14952 68760/75160 3176/3944 22 312 0.0 2025-12-10 15:22:27 286 SVC:VeeamDeploySvc "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160 3956 NT AUTHORITY\SYSTEM 13420/13480 4194304/4194304 3424/3776 24 419 0.0 2025-12-10 15:22:27 286 SVC:RasMan 3636 NT AUTHORITY\SYSTEM 93400/96472 4194304/4194304 50764/53152 65 974 0.0 2025-12-10 15:22:27 286 SVC:VeeamEndpointBackupSvc 3644 NT AUTHORITY\SYSTEM 6476/6732 4194304/4194304 1864/2164 8 124 0.0 2025-12-10 15:22:27 286 SVC:XymonPSClient 4220 NT AUTHORITY\SYSTEM 6272/6344 4194304/4194304 1372/1824 8 126 0.0 2025-12-10 19:53:04 15 SVC:WdiSystemHost 4684 NT AUTHORITY\SYSTEM 7668/16424 4194304/4194304 2416/4736 8 127 0.0 2025-12-10 15:22:28 286 AggregatorHost 4728 NT AUTHORITY\SYSTEM 10900/12420 4194304/4194304 3628/5104 9 133 0.0 2025-12-10 15:24:32 284 SVC:StateRepository 4476 NT AUTHORITY\SYSTEM 13152/13152 4194304/4194304 6568/6604 10 148 0.0 2025-12-10 15:22:28 286 conhost 4332 NT AUTHORITY\SYSTEM 10172/10212 4194304/4194304 6208/6264 8 86 0.0 2025-12-10 15:22:34 286 conhost 4372 NT AUTHORITY\LOCAL SERVICE 12044/12236 4194304/4194304 3484/3652 12 180 0.0 2025-12-10 19:27:53 41 WmiPrvSE 1036 NT AUTHORITY\SYSTEM 8584/8752 4194304/4194304 1812/2316 11 192 0.0 2025-12-10 15:22:26 286 SVC:NcbService 1048 NT AUTHORITY\LOCAL SERVICE 6300/6404 4194304/4194304 1364/1692 8 140 0.0 2025-12-10 15:22:26 286 SVC:TimeBrokerSvc 1128 NT AUTHORITY\SYSTEM 8956/9008 4194304/4194304 2020/2320 12 185 0.0 2025-12-10 15:22:26 286 SVC:ShellHWDetection 904 Font Driver Host\UMFD-1 3432/3472 4194304/4194304 1260/1344 6 39 0.0 2025-12-10 15:22:26 286 fontdrvhost 992 NT AUTHORITY\LOCAL SERVICE 8672/8736 4194304/4194304 1768/2136 13 228 0.0 2025-12-10 15:22:26 286 SVC:W32Time 1016 NT AUTHORITY\SYSTEM 9544/9612 4194304/4194304 2540/2732 12 295 0.0 2025-12-10 15:22:26 286 SVC:LSM 1144 NT AUTHORITY\LOCAL SERVICE 8232/8248 4194304/4194304 2396/2500 11 241 0.0 2025-12-10 15:22:26 286 SVC:Dhcp 1452 NT AUTHORITY\SYSTEM 39296/39432 197860/206820 25048/25368 32 546 0.0 2025-12-10 15:22:27 286 SVC:ScreenConnect Client (69e7721040ec1250) "C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=sc.viatek.com.au&p=8041&s=81f1fb2d-e971-4151-9233-026a4e5aab3f&k=BgIAAACkAABSU0ExAAgAAAEAAQCpFbFNTaYP9amF8McjmZ%2bQ8kLvvhOdthUPFJ78pr76tgUjzgIRnjzFiPwsqi3KH%2bAEGdBbu140Eu8gE8DXpk8y0v9cshavNO51TVuWILGYq54M%2bBpwafW1VRm7r8nJ%2fbpM58Hbc%2fArVsmsigBtGQ03Sse8wIfZ8ZkcfpiApbfZ94oT2gRUGDhLOh%2bbMDJXXzL%2bkCr5oO14ZoU9GzOu1GIPVuArDftfmD9D5O53gdE9njSXgqArzh%2bu06zB9Elvwke8PCvQTLHUpLHkYIOkCt1xNBIihW7ixPWPxb%2f0ZxzZ3sepeYefPryGzmthvqVHmX%2bOysNHAeTxvjOLuUYoCtKt&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAALGJBS5pIdke3EzdSnWrobAAAAAACAAAAAAAQZgAAAAEAACAAAAB7kvEKnYW8uqUU%2fjSEpvV9HnnX9HqO%2fVbMDPZKo08AlAAAAAAOgAAAAAIAACAAAAACVNoR2QgbMpsEqXLIQ0GFhvqbkTLxbaow2RVrUSYoiqAEAADVYrkpnxJhBn%2bNjU%2freLqtP25RBcML1geBWFf9U2yr1vICIQn4iqQcTYcrWlLC2YUvJ98TvMu%2be40xwmZWGI0O9WZgdVjzC31EBrXka0F0UcXnG6KwDBMgTy2pABmanplouzpilrFxb4NoAM8RZFXE4NZL8jQszoOdyENLZnWMAx4ap8IoenNovusq2vK8Pdge5zHrtcEAHNOUx3UqWiZ8ZWoV4EW%2bqmGcnmBRTJXijFflRugBWs1t%2f9pp%2felDh%2fNCsqZuRRwp6mASD93D8h4MtZtEcSE2usqbpb8k5lwxxAzr5rNZswpp4lz1mWruFyjWDf99tbK%2bN80fP2r2W67%2bCGWAoOafafHSxKzFWCqVaDitLyuvRH%2b1UUDOs%2bbGeCvCKBkPnTlBxoQg9Z%2fDiEjUAxWP4ETJx%2bbS5Pv54TLOAawgArwzAG03%2bMe7rNcyLHGORxR6zAMZ9CXMSh6JlbfPLXKZKPcW7tqxbpBIrtd5EnrFsDteXpFkVfEyhTbnWGWilLXzhikInqjBgUmK5OniZIUiFVtHSvNor%2bimXlIzpQBdjEff7Z8FNRViDsvidNINIxg48NcxhUMtbnX%2f7oiTKbp4334rXM7xA2WrgdwBUYUT91%2bhvc0JZv5U0lyV2b%2b3FAqMp8Fclx6R0vxTcbc1ChIiA3JgS22miGvF1Y3PFQ4c1afPhuGXcbK7ubsvWFTUsj4gSj0h%2b%2fSn52SUl8K5llc5fa8%2bmdDkNgEQcHgNs50FyVhhX05zvN9t0%2fu8x6mS3md1wjGMJEWfPVT5zzjaIFPso4v4YkiCtYxLSvCbvK4F%2fDTiPdyr0KuA82LEw6nQAs4qDGY8EJr47GvOc7bBtuzbYWq%2f44yQl8R5ry6T0OUuZnhtSZxqemqUlPOxNXZWaL1UjJVFUImUn8WM0f%2fQBQ2mKHLWRf0PVujzS%2bZiaSqeOh06Cs2LiTVbqSk8Q4qgN4v0sz0FNbfrQW8mbUCaKL%2bl94aJZPkSGtQWa%2f%2fdmz9o3S7fzhDAMfumxIBLP08BVg0H1oK%2fstjGzL04yBragx0QqpxSZROQVw27cGwAHdbpeFbv5cKf9H0hjYyJka2nyN%2bDNRFirzYnOe0%2bqzrrG9kA140UxQ%2bWM7hueZ5Nzhstptnxi0u3yBbn3GuAvF0YMITPwtbDbSRCO5H%2bb7UNC1WQLZDulfC5mnvDzsdN%2bM9s6G9mWcbebMhBC3q39s5zodA35JEHPW%2fxkruJXA9EbZjfiD7a%2bbkJA7uekYDSG2nmjyMvBcEE8MrGHT31O9074zFyB1TYQG9Pb8%2fS0pLy%2bWOK7uq%2fkRaK7mo3HNDxaZgzpJrWk5FvFZ6%2fmJXzSDkEqoiPB2FQKKu2%2fyStsx1MTfnOh7uC8uaqM08uNmM67sGvsfjSSMsNfFU4KQVUKSk%2fDENRhyMImBvSyFSVGmAO5sHuVCstKkOeV2LUCzmp%2b8m0wettXEMhcYu0U%2b9ZlzMKtpwX5lmdzD4moLleZCTmGjO2H8KKpEyqukPS1GQr3%2bLyNGaOHRN89ju2F2tYOt0ouC5eXzAGO%2feNx705eLEAMcMdoqbGpyXhiF0HoDw6IkAAAADanZNH4yCid%2b46xk3uOFQ6pWk%2b0okknzTyEeeAxSgjKVz%2fndDTJexk04K8kyjh7H2s2%2bRFgMYiEW8Wl61smHxO&c=Inorail%20Pty%20Ltd&c=INX%20-%20Servers&c=&c=&c=&c=&c=&c=" 1484 NT AUTHORITY\NETWORK SERVICE 13720/14156 4194304/4194304 4276/5540 18 402 0.0 2025-12-10 15:22:26 286 SVC:NlaSvc 1556 NT AUTHORITY\SYSTEM 13204/13304 4194304/4194304 2684/2928 16 262 0.0 2025-12-10 15:22:26 286 SVC:gpsvc 1192 NT AUTHORITY\SYSTEM 48932/55708 4194304/4194304 11652/23588 26 456 0.0 2025-12-10 15:22:26 286 LogonUI 1272 Window Manager\DWM-1 44960/50604 4194304/4194304 22488/33276 27 626 0.0 2025-12-10 15:22:26 286 dwm 1384 NT AUTHORITY\LOCAL SERVICE 19572/23884 4194304/4194304 9700/14040 33 428 0.0 2025-12-10 15:22:26 286 SVC:BFE/mpssvc 484 Unknown 6640/6780 4194304/4194304 2080/2336 25 710 0.0 2025-12-10 15:22:25 286 csrss 528 NT AUTHORITY\NETWORK SERVICE 13304/13364 4194304/4194304 4620/4832 20 541 0.0 2025-12-10 15:22:26 286 SVC:TermService 572 Unknown 7248/7368 4194304/4194304 1368/1904 11 156 0.0 2025-12-10 15:22:25 286 wininit 0 8/8 8/8 60/60 0 0 0.0 0 Idle 380 Unknown 1300/1324 4194304/4194304 1100/1164 3 57 0.0 2025-12-10 15:22:22 286 smss 444 NT AUTHORITY\LOCAL SERVICE 8040/8060 4194304/4194304 3648/3700 19 144 0.0 2025-12-10 15:22:26 286 SVC:nsi 580 Unknown 5960/11212 4194304/4194304 1752/2016 11 169 0.0 2025-12-10 15:22:25 286 csrss 832 NT AUTHORITY\SYSTEM 32432/32876 160964/172828 19444/20860 25 447 0.0 2025-12-10 15:24:31 284 SVC:Windows Agent Maintenance Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" 860 NT AUTHORITY\SYSTEM 14676/14752 4194304/4194304 5428/5664 15 833 0.0 2025-12-10 15:22:26 286 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker 896 Font Driver Host\UMFD-0 3576/3612 4194304/4194304 1328/1412 6 39 0.0 2025-12-10 15:22:26 286 fontdrvhost 644 NT AUTHORITY\SYSTEM 10092/15232 4194304/4194304 2512/6408 12 212 0.0 2025-12-10 15:22:25 286 winlogon 760 NT AUTHORITY\LOCAL SERVICE 5684/5716 4194304/4194304 1256/1440 8 119 0.0 2025-12-10 15:22:26 286 SVC:lmhosts 804 NT AUTHORITY\LOCAL SERVICE 11920/11968 4194304/4194304 2228/2724 12 211 0.0 2025-12-10 15:24:29 284 SVC:CDPSvc 1572 NT AUTHORITY\SYSTEM 6928/6944 4194304/4194304 1348/1508 9 138 0.0 2025-12-10 15:22:26 286 SVC:UmRdpService 2416 NT AUTHORITY\SYSTEM 7852/7936 4194304/4194304 1536/1852 9 145 0.0 2025-12-10 15:22:26 286 SVC:UserManager 2532 NT AUTHORITY\SYSTEM 10772/11044 4194304/4194304 2656/3468 16 363 0.0 2025-12-10 15:22:27 286 SVC:iphlpsvc 2580 NT AUTHORITY\NETWORK SERVICE 7864/8996 4194304/4194304 1864/2964 13 173 0.0 2025-12-10 15:22:27 286 SVC:PolicyAgent 2156 NT AUTHORITY\SYSTEM 10216/10216 4194304/4194304 6248/6248 8 86 0.0 0 conhost 2224 NT AUTHORITY\SYSTEM 10224/10224 4194304/4194304 6256/6256 8 86 0.0 0 conhost 2360 NT AUTHORITY\LOCAL SERVICE 7324/7424 4194304/4194304 1328/1668 8 124 0.0 2025-12-10 15:22:26 286 SVC:DispBrokerDesktopSvc 2588 NT AUTHORITY\SYSTEM 8624/8692 4194304/4194304 2644/2904 14 278 0.0 2025-12-10 15:22:27 286 SVC:IKEEXT 2776 NT AUTHORITY\SYSTEM 22760/39932 128348/155868 9392/27148 23 323 0.0 2025-12-10 15:22:27 286 SVC:BASupportExpressSrvcUpdater_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe" 2848 NT AUTHORITY\SYSTEM 33380/50348 4194304/4194304 15868/39764 25 595 0.0 2025-12-10 15:22:27 286 SVC:DiagTrack 2916 NT AUTHORITY\SYSTEM 8352/8428 4194304/4194304 2220/2380 11 225 0.0 2025-12-10 15:22:27 286 SVC:HelpDeskService 2604 NT AUTHORITY\SYSTEM 28168/29076 4194304/4194304 11004/11828 41 632 0.0 2025-12-10 15:22:27 286 SVC:Spooler 2716 NT AUTHORITY\SYSTEM 106544/108596 336936/397912 78732/103100 74 1112 0.0 2025-12-10 15:22:27 286 SVC:AutomationManagerAgent "C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe" 2728 NT AUTHORITY\SYSTEM 10408/10488 4194304/4194304 2172/2364 11 196 0.0 2025-12-10 15:22:27 286 SVC:Backup Service Controller 1624 NT AUTHORITY\LOCAL SERVICE 7308/8468 4194304/4194304 1616/2056 10 142 0.0 2025-12-10 15:22:26 286 SVC:FontCache 1796 NT AUTHORITY\LOCAL SERVICE 11056/11668 4194304/4194304 2868/4236 14 430 0.0 2025-12-10 15:22:26 286 SVC:netprofm 1820 NT AUTHORITY\LOCAL SERVICE 6248/6284 4194304/4194304 1260/1408 8 126 0.0 2025-12-10 15:22:26 286 SVC:CoreMessagingRegistrar 1600 NT AUTHORITY\SYSTEM 6896/6932 4194304/4194304 1404/1668 8 126 0.0 2025-12-10 15:22:26 286 SVC:ProfSvc 1608 NT AUTHORITY\SYSTEM 6048/6096 4194304/4194304 1212/1420 8 121 0.0 2025-12-10 15:22:26 286 SVC:Themes 1616 NT AUTHORITY\LOCAL SERVICE 8340/8460 4194304/4194304 2120/2388 10 189 0.0 2025-12-10 15:22:26 286 SVC:EventSystem 1840 NT AUTHORITY\SYSTEM 15432/15532 4194304/4194304 4984/5456 18 369 0.0 2025-12-10 15:22:26 286 SVC:Schedule 2036 NT AUTHORITY\NETWORK SERVICE 10656/10704 4194304/4194304 2304/2564 14 253 0.0 2025-12-10 15:22:26 286 SVC:LanmanWorkstation 2124 NT AUTHORITY\LOCAL SERVICE 7932/8052 4194304/4194304 1904/2400 10 185 0.0 2025-12-10 15:22:26 286 SVC:WinHttpAutoProxySvc 2132 NT AUTHORITY\SYSTEM 10232/10268 4194304/4194304 2260/2472 16 246 0.0 2025-12-10 15:22:26 286 SVC:SessionEnv 1860 NT AUTHORITY\SYSTEM 9448/9580 4194304/4194304 2016/2316 14 212 0.0 2025-12-10 15:22:26 286 SVC:SENS 1872 NT AUTHORITY\SYSTEM 6532/6568 4194304/4194304 1324/1476 8 145 0.0 2025-12-10 15:22:26 286 SVC:CertPropSvc 2000 NT AUTHORITY\LOCAL SERVICE 9240/9524 4194304/4194304 2172/3296 13 290 0.0 2025-12-10 15:22:26 286 SVC:Wcmsvc [netstat] PacketsReceived=1847660 ReceivedHeaderErrors=0 ReceivedAddressErrors=14021 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=404 ReceivedPacketsDelivered=1837007 OutputRequests=5172157 RoutingDiscards=0 DiscardedOutputPackets=230 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=8415 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=294 ReceivedPacketsDelivered=8124 OutputRequests=168 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=6323 tcpPassiveOpens=2666 tcpFailedConnectionAttempts=277 tcpResetConnections=853 tcpCurrentConnections=55 tcpSegmentsReceived=1844647 tcpSegmentsSent=5034693 tcpSegmentsRetransmitted=175732 tcpActiveOpens=26 tcpPassiveOpens=26 tcpFailedConnectionAttempts=0 tcpResetConnections=4 tcpCurrentConnections=0 tcpSegmentsReceived=3213 tcpSegmentsSent=3070 tcpSegmentsRetransmitted=0 udpDatagramsReceived=33157 udpNoPorts=375 udpReceiveErrors=0 udpDatagramsSent=4750 udpDatagramsReceived=7559 udpNoPorts=294 udpReceiveErrors=0 udpDatagramsSent=10 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING TCP 0.0.0.0:6183 0.0.0.0:0 LISTENING TCP 0.0.0.0:6184 0.0.0.0:0 LISTENING TCP 0.0.0.0:6190 0.0.0.0:0 LISTENING TCP 0.0.0.0:6290 0.0.0.0:0 LISTENING TCP 0.0.0.0:11731 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING TCP 0.0.0.0:49709 0.0.0.0:0 LISTENING TCP 0.0.0.0:49781 0.0.0.0:0 LISTENING TCP 10.2.63.46:135 10.2.62.101:63037 ESTABLISHED TCP 10.2.63.46:135 10.2.62.101:63038 ESTABLISHED TCP 10.2.63.46:135 10.2.62.108:56728 ESTABLISHED TCP 10.2.63.46:135 10.2.68.2:56967 ESTABLISHED TCP 10.2.63.46:139 0.0.0.0:0 LISTENING TCP 10.2.63.46:445 10.2.62.10:60212 ESTABLISHED TCP 10.2.63.46:445 10.2.62.64:52714 ESTABLISHED TCP 10.2.63.46:445 10.2.62.66:59391 ESTABLISHED TCP 10.2.63.46:445 10.2.62.77:52869 ESTABLISHED TCP 10.2.63.46:445 10.2.62.84:64172 ESTABLISHED TCP 10.2.63.46:445 10.2.62.85:49813 ESTABLISHED TCP 10.2.63.46:445 10.2.62.99:61116 ESTABLISHED TCP 10.2.63.46:445 10.2.62.100:62922 ESTABLISHED TCP 10.2.63.46:445 10.2.62.108:55837 ESTABLISHED TCP 10.2.63.46:445 10.2.68.2:50878 ESTABLISHED TCP 10.2.63.46:647 0.0.0.0:0 LISTENING TCP 10.2.63.46:647 10.2.63.21:57141 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.10:58363 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.64:53782 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.66:59399 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.77:49216 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.85:65258 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.99:63160 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.100:61868 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.101:63039 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.101:63046 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.101:63048 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.101:63051 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.108:56729 ESTABLISHED TCP 10.2.63.46:49670 10.2.63.21:57863 ESTABLISHED TCP 10.2.63.46:49670 10.2.68.2:56968 ESTABLISHED TCP 10.2.63.46:49839 206.148.0.34:443 ESTABLISHED TCP 10.2.63.46:49842 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:49916 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:49919 206.148.0.125:443 ESTABLISHED TCP 10.2.63.46:50012 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:50101 8.38.48.118:443 ESTABLISHED TCP 10.2.63.46:51295 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51296 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51297 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:55886 10.2.63.47:135 TIME_WAIT TCP 10.2.63.46:55887 10.2.63.47:49690 TIME_WAIT TCP 10.2.63.46:55897 10.2.63.47:49669 ESTABLISHED TCP 10.2.63.46:55941 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:55945 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:55949 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:55951 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56015 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56016 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56017 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56018 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56061 38.91.40.105:443 TIME_WAIT TCP 10.2.63.46:56064 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56066 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56067 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56110 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56111 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56112 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56113 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56157 20.42.65.91:443 TIME_WAIT TCP 10.2.63.46:56158 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56159 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56160 125.253.56.44:443 ESTABLISHED TCP 10.2.63.46:56161 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56162 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56205 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56206 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56207 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56208 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56250 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56251 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56253 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56254 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:56297 206.148.0.124:443 TIME_WAIT TCP 10.2.63.46:56300 66.129.107.58:443 ESTABLISHED TCP 10.2.63.46:56301 66.129.107.58:443 ESTABLISHED TCP 10.2.63.46:56302 66.129.107.58:443 ESTABLISHED TCP 10.2.63.46:56303 66.129.107.58:443 ESTABLISHED TCP 127.0.0.1:445 127.0.0.1:54066 ESTABLISHED TCP 127.0.0.1:3389 127.0.0.1:56299 CLOSE_WAIT TCP 127.0.0.1:6290 127.0.0.1:49695 ESTABLISHED TCP 127.0.0.1:9395 0.0.0.0:0 LISTENING TCP 127.0.0.1:42000 0.0.0.0:0 LISTENING TCP 127.0.0.1:49695 127.0.0.1:6290 ESTABLISHED TCP 127.0.0.1:49742 127.0.0.1:49743 ESTABLISHED TCP 127.0.0.1:49743 127.0.0.1:49742 ESTABLISHED TCP 127.0.0.1:49758 127.0.0.1:49759 ESTABLISHED TCP 127.0.0.1:49759 127.0.0.1:49758 ESTABLISHED TCP 127.0.0.1:49763 0.0.0.0:0 LISTENING TCP 127.0.0.1:50093 127.0.0.1:51821 ESTABLISHED TCP 127.0.0.1:51821 0.0.0.0:0 LISTENING TCP 127.0.0.1:51821 127.0.0.1:50093 ESTABLISHED TCP 127.0.0.1:54066 127.0.0.1:445 ESTABLISHED TCP 127.0.0.1:55933 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:56014 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56063 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56109 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56154 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:56155 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56204 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56249 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56298 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:56299 127.0.0.1:3389 FIN_WAIT_2 TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:5985 [::]:0 LISTENING TCP [::]:6160 [::]:0 LISTENING TCP [::]:6162 [::]:0 LISTENING TCP [::]:6183 [::]:0 LISTENING TCP [::]:6184 [::]:0 LISTENING TCP [::]:6190 [::]:0 LISTENING TCP [::]:6290 [::]:0 LISTENING TCP [::]:11731 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49669 [::]:0 LISTENING TCP [::]:49670 [::]:0 LISTENING TCP [::]:49672 [::]:0 LISTENING TCP [::]:49709 [::]:0 LISTENING TCP [::]:49781 [::]:0 LISTENING TCP [::1]:9395 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:42000 *:* UDP 0.0.0.0:43212 *:* UDP 0.0.0.0:51529 *:* UDP 0.0.0.0:54990 *:* UDP 0.0.0.0:57296 *:* UDP 0.0.0.0:59052 *:* UDP 0.0.0.0:59053 *:* UDP 0.0.0.0:60236 *:* UDP 0.0.0.0:61234 *:* UDP 0.0.0.0:63032 *:* UDP 0.0.0.0:63034 *:* UDP 10.2.63.46:67 *:* UDP 10.2.63.46:68 *:* UDP 10.2.63.46:137 *:* UDP 10.2.63.46:138 *:* UDP 10.2.63.46:2535 *:* UDP 127.0.0.1:51634 127.0.0.1:51634 UDP 127.0.0.1:51635 127.0.0.1:51635 UDP 127.0.0.1:51636 127.0.0.1:51636 UDP 127.0.0.1:51637 127.0.0.1:51637 UDP 127.0.0.1:51979 127.0.0.1:51979 UDP 127.0.0.1:52610 127.0.0.1:52610 UDP 127.0.0.1:56482 127.0.0.1:56482 UDP 127.0.0.1:57689 127.0.0.1:57689 UDP 127.0.0.1:59435 127.0.0.1:59435 UDP 127.0.0.1:59437 127.0.0.1:59437 UDP 127.0.0.1:59439 127.0.0.1:59439 UDP 127.0.0.1:60839 127.0.0.1:60839 UDP 127.0.0.1:63055 127.0.0.1:63055 UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:3389 *:* UDP [::]:4500 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:51529 *:* UDP [::]:54990 *:* UDP [::]:57296 *:* UDP [::]:59053 *:* UDP [::]:60236 *:* UDP [::]:61234 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : INO-RUT-FP01 Primary Dns Suffix . . . . . . . : inside.inoxihp.com.au Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : inside.inoxihp.com.au Ethernet adapter Ethernet Instance 0: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 52-54-00-7C-8E-B1 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6c3a:be9b:60bb:3502%9(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.63.46(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.2.63.1 DHCPv6 IAID . . . . . . . . . . . : 106058752 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-91-E4-AF-52-54-00-7C-8E-B1 DNS Servers . . . . . . . . . . . : 10.2.63.45 10.2.63.47 10.2.63.21 10.2.63.22 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 9...52 54 00 7c 8e b1 ......Intel(R) 82574L Gigabit Network Connection 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.2.63.1 10.2.63.46 281 10.2.63.0 255.255.255.0 On-link 10.2.63.46 281 10.2.63.46 255.255.255.255 On-link 10.2.63.46 281 10.2.63.255 255.255.255.255 On-link 10.2.63.46 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.2.63.46 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.2.63.46 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.2.63.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 9 281 fe80::/64 On-link 9 281 fe80::6c3a:be9b:60bb:3502/128 On-link 1 331 ff00::/8 On-link 9 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.2.63.46 533020019 7538663692 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual started AppX Deployment Service (AppXSVC) AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AutomationManagerAgent automatic started Automation Manager Agent AxInstSV disabled stopped ActiveX Installer (AxInstSV) Backup_Service_Controller automatic started Backup Service Controller BASupportExpressSrvcUpdater_N_Central automatic started N-able Take Control Updater Service (N-Central) BASupportExpressStandaloneService_N_Central automatic started N-able Take Control Service (N-Central) BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client DHCPServer automatic started DHCP Server diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual stopped Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService144.0.7547.0 automatic stopped Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) GoogleUpdaterService144.0.7547.0 automatic stopped Google Updater Service (GoogleUpdaterService144.0.7547.0) gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc HelpDeskService automatic started HelpDeskService hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service IDriveService automatic started IDriveService IKEEXT automatic started IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager LTService automatic started Viatek Technology Monitoring Service LTSvcMon automatic started Viatek Technology Monitoring Service Watchdog Service MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSDTC automatic started Distributed Transaction Coordinator MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual started Windows Installer NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PME.Agent.PmeService automatic started PME Agent PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual stopped Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy ScreenConnect_Client_(69e7721040ec1250) automatic started ScreenConnect Client (69e7721040ec1250) seclogon manual stopped Secondary Logon SecurityHealthService manual stopped Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap SolarWinds.MSP.CacheService automatic started File Cache Service Agent SolarWinds.MSP.RpcServerService automatic started Request Handler Agent Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SrmReports manual started File Server Storage Reports Manager SrmSvc automatic started File Server Resource Manager SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv automatic started Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual stopped Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual stopped Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk VeeamDeploySvc automatic started Veeam Installer Service VeeamEndpointBackupSvc automatic started Veeam Agent for Microsoft Windows VeeamTransportSvc automatic started Veeam Data Mover Service vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS automatic started Volume Shadow Copy W32Time automatic started Windows Time WaaSMedicSvc manual stopped Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual started Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service Windows_Agent_Maintenance_Service automatic started Windows Agent Maintenance Service Windows_Agent_Service automatic started Windows Agent Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WSearch automatic started Windows Search wuauserv automatic stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 17167 0 days 4 hours 46 minutes 6 seconds Bootup: 20251210152220.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [XymonConfig] XymonSettings serversList : xymon.twilightcomputer.au serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : ino-rut-fp01 clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : xymon.twilightcomputer.au clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname ino-rut-fp01 [XymonPSClientInfo] Collection number: 59 Last transmission method: TCP Id : 4448 Handles : 558 CPU : 95.59375 SI : 0 Name : powershell