[collector:] client ino-rut-fp01.powershell powershell XymonPS [date] Wed 10 Dec 20:28:34 2025 [clock] epoch: 1765358914 local: Wed 10 Dec 20:28:34 2025 UTC: Wed 10 Dec 09:28:34 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 5 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0072587s Root Dispersion: 0.1040240s ReferenceId: 0x0A023F2F (source IP: 10.2.63.47) Last Successful Sync Time: 10/12/2025 8:23:44 PM Source: INO-RUT-DC02.inside.inoxihp.com.au Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter (build 20348) [cpu] up: 0 days, 0 users, 122 procs, load=8.5% CPU states: total 8.5% cores: 4 CPU PID Image Name Pri Time MemUsage 4.4% 728 SVC:KeyIso/Netlogon/SamSs 9 00:04:00 24608k 1.3% 3424 SVC:WinDefend 8 00:07:44 282240k 0.7% 8452 SVC:IDriveService 8 00:14:19 545372k 0.3% 1256 SVC:EventLog 8 00:02:36 46364k 0.2% 2832 SVC:BASupportExpressStandalone 13 00:02:24 28896k 0.2% 4 System 8 00:01:30 144k 0.1% 3020 SVC:Mesh Agent 8 00:01:36 125348k 0.1% 4448 powershell 8 00:01:40 83964k 0.1% 2868 idwutil_600 8 00:00:01 12872k 0.1% 7328 idwutil_600 8 00:00:01 12876k 0.1% 8140 idwutil_600 8 00:00:01 12856k 0.1% 2164 idwutil_600 8 00:00:01 12900k 0.1% 3272 SVC:Winmgmt 8 00:00:28 30552k 0.1% 2952 SVC:LTService 8 00:00:29 51320k 0.1% 2188 WmiPrvSE 8 00:00:07 20140k 0.1% 768 WmiPrvSE 8 00:00:07 42516k 0.1% 7872 WmiPrvSE 8 13140k 0.1% 7052 SVC:WdNisSvc 8 00:00:06 13048k 0.1% 4672 WmiPrvSE 8 00:00:19 27844k 0.0% 976 SVC:RpcEptMapper/RpcSs 8 00:00:08 11812k 0.0% 716 services 9 00:00:08 10528k 0.0% 2204 SVC:WSearch 8 00:00:06 23380k 0.0% 484 csrss 13 00:00:02 6660k 0.0% 1384 SVC:BFE/mpssvc 8 00:00:00 19564k 0.0% 1208 SVC:Dnscache 8 00:00:03 9840k 0.0% 8268 SVC:DPS 8 00:00:01 22252k 0.0% 3636 SVC:VeeamEndpointBackupSvc 8 00:00:02 93348k 0.0% 3980 SVC:VeeamTransportSvc 8 00:00:00 10884k 0.0% 3992 SVC:VeeamDeploySvc 8 00:00:00 14804k 0.0% 3956 SVC:RasMan 8 00:00:00 13436k 0.0% 3644 SVC:XymonPSClient 8 00:00:00 6480k 0.0% 3760 conhost 8 00:00:00 10240k 0.0% 3084 SVC:SrmSvc 8 00:00:01 26372k 0.0% 3124 SVC:MSDTC 8 00:00:00 11212k 0.0% 3076 SVC:SstpSvc 8 00:00:00 7544k 0.0% 9024 conhost 8 00:00:00 10228k 0.0% 3000 SVC:LanmanServer 8 00:00:00 12944k 0.0% 3164 SVC:SysMain 8 00:00:00 6944k 0.0% 3440 SVC:Windows Agent Service 8 00:00:42 258608k 0.0% 3452 SVC:WpnService 8 00:00:00 11124k 0.0% 3432 SVC:WinRM 8 00:00:00 13308k 0.0% 3212 SVC:TrkWks 8 00:00:00 5980k 0.0% 3220 SVC:UsoSvc 8 00:00:00 12112k 0.0% 6488 SVC:StorSvc 8 00:00:00 14860k 0.0% 6692 conhost 8 00:00:00 10224k 0.0% 7156 BASupSysInf 6 00:00:00 19976k 0.0% 6252 conhost 8 00:00:00 10064k 0.0% 6344 NableSixtyFourBitManager 8 00:00:00 62016k 0.0% 6428 conhost 8 00:00:00 10072k 0.0% 8748 SVC:wmiApSrv 8 00:00:00 9248k 0.0% 8780 SVC:PcaSvc 8 00:00:00 11544k 0.0% 8880 SVC:SolarWinds.MSP.CacheServic 8 00:00:00 51580k 0.0% 7592 SVC:BITS 8 00:00:00 19820k 0.0% 8324 SVC:SolarWinds.MSP.RpcServerSe 8 00:00:04 72796k 0.0% 8380 SVC:UALSVC 8 00:00:00 14684k 0.0% 5916 SVC:AppXSvc 8 00:00:00 11500k 0.0% 4372 WmiPrvSE 8 00:00:00 13776k 0.0% 4476 conhost 8 00:00:01 13168k 0.0% 4684 AggregatorHost 8 00:00:00 7572k 0.0% 4068 conhost 8 00:00:00 10236k 0.0% 4220 SVC:WdiSystemHost 8 00:00:00 6272k 0.0% 4332 conhost 6 00:00:00 10172k 0.0% 5228 conhost 8 00:00:00 10020k 0.0% 5248 SVC:PME.Agent.PmeService 8 00:00:00 32840k 0.0% 5796 NableReactiveManagement 8 00:00:00 45796k 0.0% 4728 SVC:StateRepository 8 00:00:00 10888k 0.0% 4772 Veeam.Guest.Interaction.Proxy 8 00:00:00 10748k 0.0% 5048 BackupFP 8 00:01:45 268884k 0.0% 2968 SVC:LTSvcMon 8 00:00:00 9956k 0.0% 1036 SVC:NcbService 8 00:00:00 8584k 0.0% 1048 SVC:TimeBrokerSvc 8 00:00:00 6288k 0.0% 1128 SVC:ShellHWDetection 8 00:00:00 8944k 0.0% 904 fontdrvhost 8 00:00:00 3432k 0.0% 992 SVC:W32Time 8 00:00:00 8672k 0.0% 1016 SVC:LSM 8 00:00:00 9556k 0.0% 1144 SVC:Dhcp 8 00:00:00 8196k 0.0% 1484 SVC:NlaSvc 8 00:00:00 13720k 0.0% 1556 SVC:gpsvc 8 00:00:00 13204k 0.0% 1572 SVC:UmRdpService 8 00:00:00 6928k 0.0% 1192 LogonUI 13 00:00:00 48932k 0.0% 1272 dwm 13 00:00:00 44960k 0.0% 1452 SVC:ScreenConnect Client (69e7 8 00:00:00 39296k 0.0% 444 SVC:nsi 8 00:00:00 8040k 0.0% 528 SVC:TermService 8 00:00:00 13324k 0.0% 572 wininit 13 00:00:00 7248k 0.0% 0 Idle 0 8k 0.0% 124 Registry 8 00:00:01 19484k 0.0% 380 smss 11 00:00:00 1300k 0.0% 580 csrss 13 00:00:00 5960k 0.0% 832 SVC:Windows Agent Maintenance 8 00:00:00 32432k 0.0% 860 SVC:BrokerInfrastructure/DcomL 8 00:00:00 14692k 0.0% 896 fontdrvhost 8 00:00:00 3576k 0.0% 644 winlogon 13 00:00:00 10092k 0.0% 760 SVC:lmhosts 8 00:00:00 5684k 0.0% 804 SVC:CDPSvc 8 00:00:00 11920k 0.0% 1600 SVC:ProfSvc 8 00:00:00 6896k 0.0% 2588 SVC:IKEEXT 8 00:00:00 8608k 0.0% 2604 SVC:Spooler 8 00:00:01 28296k 0.0% 2616 SVC:msiserver 8 00:00:00 17220k 0.0% 2416 SVC:UserManager 8 00:00:00 7852k 0.0% 2532 SVC:iphlpsvc 8 00:00:00 10772k 0.0% 2580 SVC:PolicyAgent 8 00:00:00 7864k 0.0% 2716 SVC:AutomationManagerAgent 8 00:00:07 106544k 0.0% 2824 SVC:DHCPServer 8 00:00:00 54648k 0.0% 2848 SVC:DiagTrack 8 00:00:01 33124k 0.0% 2916 SVC:HelpDeskService 8 00:00:00 8352k 0.0% 2728 SVC:Backup Service Controller 8 00:00:00 10408k 0.0% 2776 SVC:BASupportExpressSrvcUpdate 8 00:00:02 22760k 0.0% 2788 SVC:CryptSvc 8 00:00:17 19684k 0.0% 1796 SVC:netprofm 8 00:00:00 11028k 0.0% 1820 SVC:CoreMessagingRegistrar 8 00:00:00 6248k 0.0% 1840 SVC:Schedule 8 00:00:01 15376k 0.0% 1608 SVC:Themes 8 00:00:00 6048k 0.0% 1616 SVC:EventSystem 8 00:00:00 8344k 0.0% 1624 SVC:FontCache 8 00:00:00 7308k 0.0% 1860 SVC:SENS 8 00:00:00 9472k 0.0% 2124 SVC:WinHttpAutoProxySvc 8 00:00:00 7956k 0.0% 2132 SVC:SessionEnv 8 00:00:00 10232k 0.0% 2360 SVC:DispBrokerDesktopSvc 8 00:00:00 7324k 0.0% 1872 SVC:CertPropSvc 8 00:00:00 6532k 0.0% 2000 SVC:Wcmsvc 8 00:00:00 9216k 0.0% 2036 SVC:LanmanWorkstation 8 00:00:00 10656k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 209074172 37905588 171168584 18% /FIXED/C:\ 199.39\163.24 D 4194285564 1985908336 2208377228 47% /FIXED/D:\ data 3999.98\2106.07 [memory] memory Total Used physical: 32767 4813 virtual: 4864 0 page: 37631 4299 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 32606 Security Circular 20971520 62096 System Circular 20971520 48912 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 12/10/2025 20:06:31 - [4] - Virtual Disk Service - Service stopped. Information - 12/10/2025 20:06:22 - [98] - Microsoft-Windows-Ntfs - Volume System Reserved (\Device\HarddiskVolumeShadowCopy11) is healthy. No action is needed. Information - 12/10/2025 20:06:22 - [98] - Microsoft-Windows-Ntfs - Volume ?? (\Device\HarddiskVolumeShadowCopy10) is healthy. No action is needed. Information - 12/10/2025 20:06:08 - [3] - Virtual Disk Service - Service started. [msgs:eventlog_Application] Information - 12/10/2025 20:23:39 - [10001] - Microsoft-Windows-RestartManager - Ending session 0 started ?2025?-?12?-?10T09:23:39.225822400Z. Information - 12/10/2025 20:23:39 - [1042] - MsiInstaller - Ending a Windows Installer transaction: {ED85AD79-E341-4F87-A796-F36B9F6C91C8}. Client Process Id: 3684. Information - 12/10/2025 20:23:39 - [1034] - MsiInstaller - Windows Installer removed the product. Product Name: MSP Core Agent. Product Version: 1.0.65.0. Product Language: 1033. Manufacturer: N-able Technologies Ltd.. Removal success or error status: 0. [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 728 NT AUTHORITY\SYSTEM 24608/24804 4194304/4194304 9292/9756 32 1726 4.4 2025-12-10 15:22:25 306 SVC:KeyIso/Netlogon/SamSs 3424 Unknown 282240/1056976 4194304/4194304 607964/1114124 303 910 1.3 2025-12-10 15:22:27 306 SVC:WinDefend 8452 NT AUTHORITY\SYSTEM 545372/1105572 4194304/4194304 539352/1118028 56 1103 0.7 2025-12-10 15:24:29 304 SVC:IDriveService 1256 NT AUTHORITY\LOCAL SERVICE 46364/77080 4194304/4194304 56908/69900 20 1632 0.3 2025-12-10 15:22:26 306 SVC:EventLog 2832 NT AUTHORITY\SYSTEM 28896/29564 149996/162544 14916/15752 38 412 0.2 2025-12-10 15:22:27 306 SVC:BASupportExpressStandaloneService_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe" 4 Unknown 144/1880 3968/15292 40/64 0 2164 0.2 2025-12-10 15:22:22 306 System 3020 NT AUTHORITY\SYSTEM 125348/125624 4194304/4194304 113364/113408 21 325 0.1 2025-12-10 15:22:27 306 SVC:Mesh Agent 4448 NT AUTHORITY\SYSTEM 83964/97316 314984/322216 66940/80752 37 560 0.1 2025-12-10 15:22:28 306 powershell "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 2868 NT AUTHORITY\SYSTEM 12872/12872 450520/450524 7916/7916 17 257 0.1 2025-12-10 20:28:22 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsB"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 7328 NT AUTHORITY\SYSTEM 12876/12876 450520/450524 7908/7908 17 255 0.1 2025-12-10 20:28:22 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsC"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 8140 NT AUTHORITY\SYSTEM 12856/12856 450520/450524 7900/7900 17 257 0.1 2025-12-10 20:28:22 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsD"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 2164 NT AUTHORITY\SYSTEM 12900/12900 450520/450524 7920/7920 17 257 0.1 2025-12-10 20:28:22 0 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsA"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 3272 NT AUTHORITY\SYSTEM 30552/41824 4194304/4194304 17724/34720 20 514 0.1 2025-12-10 15:22:27 306 SVC:Winmgmt 2952 NT AUTHORITY\SYSTEM 51320/234176 4194304/4194304 88552/257612 56 2025 0.1 2025-12-10 15:22:27 306 SVC:LTService 2188 NT AUTHORITY\SYSTEM 20140/39756 109936/154240 11380/32784 17 299 0.1 2025-12-10 15:55:09 273 WmiPrvSE C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding 768 NT AUTHORITY\SYSTEM 42516/42916 4194304/4194304 32576/35412 26 456 0.1 2025-12-10 15:55:10 273 WmiPrvSE 7872 NT AUTHORITY\SYSTEM 13140/16300 4194304/4194304 5452/8024 13 415 0.1 2 WmiPrvSE 7052 Unknown 13048/13880 4194304/4194304 5192/5964 13 219 0.1 2025-12-10 15:22:33 306 SVC:WdNisSvc 4672 NT AUTHORITY\NETWORK SERVICE 27844/32832 4194304/4194304 13040/15820 21 723 0.1 2025-12-10 15:22:30 306 WmiPrvSE 976 NT AUTHORITY\NETWORK SERVICE 11812/11888 4194304/4194304 5360/5488 18 864 0.0 2025-12-10 15:22:26 306 SVC:RpcEptMapper/RpcSs 716 Unknown 10528/10820 4194304/4194304 5544/7896 12 619 0.0 2025-12-10 15:22:25 306 services 2204 NT AUTHORITY\SYSTEM 23380/23688 4194304/4194304 19996/20520 37 731 0.0 2025-12-10 15:24:31 304 SVC:WSearch 484 Unknown 6660/6780 4194304/4194304 2104/2336 25 713 0.0 2025-12-10 15:22:25 306 csrss 1384 NT AUTHORITY\LOCAL SERVICE 19564/23884 4194304/4194304 9560/14040 33 425 0.0 2025-12-10 15:22:26 306 SVC:BFE/mpssvc 1208 NT AUTHORITY\NETWORK SERVICE 9840/10028 4194304/4194304 3476/3756 18 318 0.0 2025-12-10 15:22:26 306 SVC:Dnscache 8268 NT AUTHORITY\LOCAL SERVICE 22252/22868 4194304/4194304 15448/16100 17 304 0.0 2025-12-10 15:24:29 304 SVC:DPS 3636 NT AUTHORITY\SYSTEM 93348/96472 4194304/4194304 50696/53152 65 984 0.0 2025-12-10 15:22:27 306 SVC:VeeamEndpointBackupSvc 3980 NT AUTHORITY\SYSTEM 10884/10936 54120/61800 2172/2612 18 241 0.0 2025-12-10 15:22:27 306 SVC:VeeamTransportSvc "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe" 3992 NT AUTHORITY\SYSTEM 14804/14952 68760/75160 3176/3944 22 312 0.0 2025-12-10 15:22:27 306 SVC:VeeamDeploySvc "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160 3956 NT AUTHORITY\SYSTEM 13436/13480 4194304/4194304 3476/3776 24 419 0.0 2025-12-10 15:22:27 306 SVC:RasMan 3644 NT AUTHORITY\SYSTEM 6480/6732 4194304/4194304 1864/2164 8 124 0.0 2025-12-10 15:22:27 306 SVC:XymonPSClient 3760 NT AUTHORITY\SYSTEM 10240/10240 4194304/4194304 6252/6252 8 86 0.0 2025-12-10 20:28:22 0 conhost 3084 NT AUTHORITY\SYSTEM 26372/28516 4194304/4194304 12220/15056 46 382 0.0 2025-12-10 15:22:27 306 SVC:SrmSvc 3124 NT AUTHORITY\NETWORK SERVICE 11212/12500 4194304/4194304 2884/4092 14 242 0.0 2025-12-10 15:24:29 304 SVC:MSDTC 3076 NT AUTHORITY\LOCAL SERVICE 7544/7604 4194304/4194304 1648/1912 42 160 0.0 2025-12-10 15:22:27 306 SVC:SstpSvc 9024 NT AUTHORITY\SYSTEM 10228/10228 4194304/4194304 6244/6244 8 86 0.0 2025-12-10 20:28:22 0 conhost 3000 NT AUTHORITY\SYSTEM 12944/13016 4194304/4194304 3380/3732 14 261 0.0 2025-12-10 15:22:27 306 SVC:LanmanServer 3164 NT AUTHORITY\SYSTEM 6944/6992 4194304/4194304 1540/1800 9 144 0.0 2025-12-10 15:22:27 306 SVC:SysMain 3440 NT AUTHORITY\SYSTEM 258608/272284 815964/839544 229416/253192 112 1804 0.0 2025-12-10 15:22:27 306 SVC:Windows Agent Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" 3452 NT AUTHORITY\SYSTEM 11124/11232 4194304/4194304 1388/1764 8 126 0.0 2025-12-10 15:22:27 306 SVC:WpnService 3432 NT AUTHORITY\NETWORK SERVICE 13308/13416 4194304/4194304 3008/3668 14 252 0.0 2025-12-10 15:22:27 306 SVC:WinRM 3212 NT AUTHORITY\SYSTEM 5980/6012 4194304/4194304 1284/1440 8 144 0.0 2025-12-10 15:22:27 306 SVC:TrkWks 3220 NT AUTHORITY\SYSTEM 12112/12668 4194304/4194304 2632/3384 14 237 0.0 2025-12-10 15:22:27 306 SVC:UsoSvc 6488 NT AUTHORITY\SYSTEM 14860/15508 4194304/4194304 2996/3996 14 259 0.0 2025-12-10 15:22:30 306 SVC:StorSvc 6692 NT AUTHORITY\SYSTEM 10224/10224 4194304/4194304 6248/6248 8 86 0.0 2025-12-10 20:28:22 0 conhost 7156 NT AUTHORITY\SYSTEM 19976/49084 107860/129076 7024/29428 18 268 0.0 2025-12-10 15:22:34 306 BASupSysInf C:\PROGRA~2\BEANYW~1\GETSUP~1\BASupSysInf.exe -pldpipeid dgs7WDodgo3aCPFTaJncxhNBvhrx3XnkTUhhdGX5MkGyUbAjf0co8qx6khFA9Vdf 6252 NT AUTHORITY\SYSTEM 10064/10108 4194304/4194304 6176/6244 7 86 0.0 2025-12-10 15:22:33 306 conhost 6344 NT AUTHORITY\SYSTEM 62016/62428 4194304/4194304 51288/59724 26 409 0.0 2025-12-10 15:22:33 306 NableSixtyFourBitManager 6428 NT AUTHORITY\SYSTEM 10072/10116 4194304/4194304 6192/6260 7 86 0.0 2025-12-10 15:22:33 306 conhost 8748 NT AUTHORITY\SYSTEM 9248/9348 4194304/4194304 1740/1924 12 177 0.0 2025-12-10 20:25:06 3 SVC:wmiApSrv 8780 NT AUTHORITY\SYSTEM 11544/12508 4194304/4194304 3672/4528 13 249 0.0 2025-12-10 15:22:53 306 SVC:PcaSvc 8880 NT AUTHORITY\LOCAL SERVICE 51580/52352 4194304/4194304 41548/42432 34 598 0.0 2025-12-10 15:22:53 306 SVC:SolarWinds.MSP.CacheService 7592 NT AUTHORITY\SYSTEM 19820/20924 4194304/4194304 8924/9752 27 366 0.0 2025-12-10 20:23:05 5 SVC:BITS 8324 NT AUTHORITY\SYSTEM 72796/109052 291732/355156 47148/90452 66 606 0.0 2025-12-10 15:22:55 306 SVC:SolarWinds.MSP.RpcServerService "C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe" 8380 NT AUTHORITY\SYSTEM 14684/16240 4194304/4194304 8040/12036 20 271 0.0 2025-12-10 15:24:30 304 SVC:UALSVC 5916 Unknown 11500/11604 4194304/4194304 3436/3660 10 157 0.0 2025-12-10 20:23:34 5 SVC:AppXSvc 4372 NT AUTHORITY\LOCAL SERVICE 13776/24412 4194304/4194304 4612/15528 13 190 0.0 2025-12-10 19:27:53 61 WmiPrvSE 4476 NT AUTHORITY\SYSTEM 13168/13168 4194304/4194304 6568/6604 10 148 0.0 2025-12-10 15:22:28 306 conhost 4684 NT AUTHORITY\SYSTEM 7572/16424 4194304/4194304 2300/4736 8 121 0.0 2025-12-10 15:22:28 306 AggregatorHost 4068 NT AUTHORITY\SYSTEM 10236/10236 4194304/4194304 6252/6252 8 86 0.0 2025-12-10 20:28:22 0 conhost 4220 NT AUTHORITY\SYSTEM 6272/6344 4194304/4194304 1372/1824 8 126 0.0 2025-12-10 19:53:04 35 SVC:WdiSystemHost 4332 NT AUTHORITY\SYSTEM 10172/10212 4194304/4194304 6208/6264 8 86 0.0 2025-12-10 15:22:34 306 conhost 5228 NT AUTHORITY\SYSTEM 10020/10080 4194304/4194304 6188/6276 7 86 0.0 2025-12-10 15:22:28 306 conhost 5248 NT AUTHORITY\SYSTEM 32840/32876 4194304/4194304 25500/25596 19 406 0.0 2025-12-10 15:22:57 306 SVC:PME.Agent.PmeService 5796 NT AUTHORITY\SYSTEM 45796/47640 4194304/4194304 37492/38808 23 433 0.0 2025-12-10 15:22:33 306 NableReactiveManagement 4728 NT AUTHORITY\SYSTEM 10888/12420 4194304/4194304 3584/5104 9 131 0.0 2025-12-10 15:24:32 304 SVC:StateRepository 4772 NT AUTHORITY\SYSTEM 10748/10904 51416/59096 2032/2468 18 251 0.0 2025-12-10 15:22:28 306 Veeam.Guest.Interaction.Proxy "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe" 5048 NT AUTHORITY\SYSTEM 268884/400080 4194304/4194304 249284/369744 51 797 0.0 2025-12-10 15:22:28 306 BackupFP 2968 NT AUTHORITY\SYSTEM 9956/42672 4194304/4194304 34356/34832 27 476 0.0 2025-12-10 15:22:27 306 SVC:LTSvcMon 1036 NT AUTHORITY\SYSTEM 8584/8752 4194304/4194304 1812/2316 11 192 0.0 2025-12-10 15:22:26 306 SVC:NcbService 1048 NT AUTHORITY\LOCAL SERVICE 6288/6404 4194304/4194304 1280/1692 8 140 0.0 2025-12-10 15:22:26 306 SVC:TimeBrokerSvc 1128 NT AUTHORITY\SYSTEM 8944/9008 4194304/4194304 1964/2320 12 184 0.0 2025-12-10 15:22:26 306 SVC:ShellHWDetection 904 Font Driver Host\UMFD-1 3432/3472 4194304/4194304 1260/1344 6 39 0.0 2025-12-10 15:22:26 306 fontdrvhost 992 NT AUTHORITY\LOCAL SERVICE 8672/8736 4194304/4194304 1768/2136 13 228 0.0 2025-12-10 15:22:26 306 SVC:W32Time 1016 NT AUTHORITY\SYSTEM 9556/9620 4194304/4194304 2488/2732 12 296 0.0 2025-12-10 15:22:26 306 SVC:LSM 1144 NT AUTHORITY\LOCAL SERVICE 8196/8272 4194304/4194304 2316/2520 11 235 0.0 2025-12-10 15:22:26 306 SVC:Dhcp 1484 NT AUTHORITY\NETWORK SERVICE 13720/14156 4194304/4194304 4276/5540 18 402 0.0 2025-12-10 15:22:26 306 SVC:NlaSvc 1556 NT AUTHORITY\SYSTEM 13204/13304 4194304/4194304 2684/2928 16 262 0.0 2025-12-10 15:22:26 306 SVC:gpsvc 1572 NT AUTHORITY\SYSTEM 6928/6944 4194304/4194304 1348/1508 9 138 0.0 2025-12-10 15:22:26 306 SVC:UmRdpService 1192 NT AUTHORITY\SYSTEM 48932/55708 4194304/4194304 11652/23588 26 456 0.0 2025-12-10 15:22:26 306 LogonUI 1272 Window Manager\DWM-1 44960/50604 4194304/4194304 22488/33276 27 626 0.0 2025-12-10 15:22:26 306 dwm 1452 NT AUTHORITY\SYSTEM 39296/39432 197860/206820 25048/25368 32 546 0.0 2025-12-10 15:22:27 306 SVC:ScreenConnect Client (69e7721040ec1250) "C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=sc.viatek.com.au&p=8041&s=81f1fb2d-e971-4151-9233-026a4e5aab3f&k=BgIAAACkAABSU0ExAAgAAAEAAQCpFbFNTaYP9amF8McjmZ%2bQ8kLvvhOdthUPFJ78pr76tgUjzgIRnjzFiPwsqi3KH%2bAEGdBbu140Eu8gE8DXpk8y0v9cshavNO51TVuWILGYq54M%2bBpwafW1VRm7r8nJ%2fbpM58Hbc%2fArVsmsigBtGQ03Sse8wIfZ8ZkcfpiApbfZ94oT2gRUGDhLOh%2bbMDJXXzL%2bkCr5oO14ZoU9GzOu1GIPVuArDftfmD9D5O53gdE9njSXgqArzh%2bu06zB9Elvwke8PCvQTLHUpLHkYIOkCt1xNBIihW7ixPWPxb%2f0ZxzZ3sepeYefPryGzmthvqVHmX%2bOysNHAeTxvjOLuUYoCtKt&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAALGJBS5pIdke3EzdSnWrobAAAAAACAAAAAAAQZgAAAAEAACAAAAB7kvEKnYW8uqUU%2fjSEpvV9HnnX9HqO%2fVbMDPZKo08AlAAAAAAOgAAAAAIAACAAAAACVNoR2QgbMpsEqXLIQ0GFhvqbkTLxbaow2RVrUSYoiqAEAADVYrkpnxJhBn%2bNjU%2freLqtP25RBcML1geBWFf9U2yr1vICIQn4iqQcTYcrWlLC2YUvJ98TvMu%2be40xwmZWGI0O9WZgdVjzC31EBrXka0F0UcXnG6KwDBMgTy2pABmanplouzpilrFxb4NoAM8RZFXE4NZL8jQszoOdyENLZnWMAx4ap8IoenNovusq2vK8Pdge5zHrtcEAHNOUx3UqWiZ8ZWoV4EW%2bqmGcnmBRTJXijFflRugBWs1t%2f9pp%2felDh%2fNCsqZuRRwp6mASD93D8h4MtZtEcSE2usqbpb8k5lwxxAzr5rNZswpp4lz1mWruFyjWDf99tbK%2bN80fP2r2W67%2bCGWAoOafafHSxKzFWCqVaDitLyuvRH%2b1UUDOs%2bbGeCvCKBkPnTlBxoQg9Z%2fDiEjUAxWP4ETJx%2bbS5Pv54TLOAawgArwzAG03%2bMe7rNcyLHGORxR6zAMZ9CXMSh6JlbfPLXKZKPcW7tqxbpBIrtd5EnrFsDteXpFkVfEyhTbnWGWilLXzhikInqjBgUmK5OniZIUiFVtHSvNor%2bimXlIzpQBdjEff7Z8FNRViDsvidNINIxg48NcxhUMtbnX%2f7oiTKbp4334rXM7xA2WrgdwBUYUT91%2bhvc0JZv5U0lyV2b%2b3FAqMp8Fclx6R0vxTcbc1ChIiA3JgS22miGvF1Y3PFQ4c1afPhuGXcbK7ubsvWFTUsj4gSj0h%2b%2fSn52SUl8K5llc5fa8%2bmdDkNgEQcHgNs50FyVhhX05zvN9t0%2fu8x6mS3md1wjGMJEWfPVT5zzjaIFPso4v4YkiCtYxLSvCbvK4F%2fDTiPdyr0KuA82LEw6nQAs4qDGY8EJr47GvOc7bBtuzbYWq%2f44yQl8R5ry6T0OUuZnhtSZxqemqUlPOxNXZWaL1UjJVFUImUn8WM0f%2fQBQ2mKHLWRf0PVujzS%2bZiaSqeOh06Cs2LiTVbqSk8Q4qgN4v0sz0FNbfrQW8mbUCaKL%2bl94aJZPkSGtQWa%2f%2fdmz9o3S7fzhDAMfumxIBLP08BVg0H1oK%2fstjGzL04yBragx0QqpxSZROQVw27cGwAHdbpeFbv5cKf9H0hjYyJka2nyN%2bDNRFirzYnOe0%2bqzrrG9kA140UxQ%2bWM7hueZ5Nzhstptnxi0u3yBbn3GuAvF0YMITPwtbDbSRCO5H%2bb7UNC1WQLZDulfC5mnvDzsdN%2bM9s6G9mWcbebMhBC3q39s5zodA35JEHPW%2fxkruJXA9EbZjfiD7a%2bbkJA7uekYDSG2nmjyMvBcEE8MrGHT31O9074zFyB1TYQG9Pb8%2fS0pLy%2bWOK7uq%2fkRaK7mo3HNDxaZgzpJrWk5FvFZ6%2fmJXzSDkEqoiPB2FQKKu2%2fyStsx1MTfnOh7uC8uaqM08uNmM67sGvsfjSSMsNfFU4KQVUKSk%2fDENRhyMImBvSyFSVGmAO5sHuVCstKkOeV2LUCzmp%2b8m0wettXEMhcYu0U%2b9ZlzMKtpwX5lmdzD4moLleZCTmGjO2H8KKpEyqukPS1GQr3%2bLyNGaOHRN89ju2F2tYOt0ouC5eXzAGO%2feNx705eLEAMcMdoqbGpyXhiF0HoDw6IkAAAADanZNH4yCid%2b46xk3uOFQ6pWk%2b0okknzTyEeeAxSgjKVz%2fndDTJexk04K8kyjh7H2s2%2bRFgMYiEW8Wl61smHxO&c=Inorail%20Pty%20Ltd&c=INX%20-%20Servers&c=&c=&c=&c=&c=&c=" 444 NT AUTHORITY\LOCAL SERVICE 8040/8068 4194304/4194304 3608/3716 18 145 0.0 2025-12-10 15:22:26 306 SVC:nsi 528 NT AUTHORITY\NETWORK SERVICE 13324/13364 4194304/4194304 4680/4832 20 541 0.0 2025-12-10 15:22:26 306 SVC:TermService 572 Unknown 7248/7368 4194304/4194304 1368/1904 11 156 0.0 2025-12-10 15:22:25 306 wininit 0 8/8 8/8 60/60 0 0 0.0 0 Idle 124 Unknown 19484/162760 83532/166604 2448/100960 12 0 0.0 2025-12-10 15:22:20 306 Registry 380 Unknown 1300/1324 4194304/4194304 1100/1164 3 57 0.0 2025-12-10 15:22:22 306 smss 580 Unknown 5960/11212 4194304/4194304 1752/2016 11 169 0.0 2025-12-10 15:22:25 306 csrss 832 NT AUTHORITY\SYSTEM 32432/32876 160964/172828 19444/20860 25 452 0.0 2025-12-10 15:24:31 304 SVC:Windows Agent Maintenance Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" 860 NT AUTHORITY\SYSTEM 14692/14752 4194304/4194304 5480/5664 15 836 0.0 2025-12-10 15:22:26 306 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker 896 Font Driver Host\UMFD-0 3576/3612 4194304/4194304 1328/1412 6 39 0.0 2025-12-10 15:22:26 306 fontdrvhost 644 NT AUTHORITY\SYSTEM 10092/15232 4194304/4194304 2512/6408 12 212 0.0 2025-12-10 15:22:25 306 winlogon 760 NT AUTHORITY\LOCAL SERVICE 5684/5716 4194304/4194304 1256/1440 8 119 0.0 2025-12-10 15:22:26 306 SVC:lmhosts 804 NT AUTHORITY\LOCAL SERVICE 11920/11968 4194304/4194304 2228/2724 12 211 0.0 2025-12-10 15:24:29 304 SVC:CDPSvc 1600 NT AUTHORITY\SYSTEM 6896/6932 4194304/4194304 1404/1668 8 126 0.0 2025-12-10 15:22:26 306 SVC:ProfSvc 2588 NT AUTHORITY\SYSTEM 8608/8692 4194304/4194304 2592/2904 14 278 0.0 2025-12-10 15:22:27 306 SVC:IKEEXT 2604 NT AUTHORITY\SYSTEM 28296/29076 4194304/4194304 11112/11828 39 634 0.0 2025-12-10 15:22:27 306 SVC:Spooler 2616 NT AUTHORITY\SYSTEM 17220/22648 4194304/4194304 8044/10636 14 244 0.0 2025-12-10 20:23:03 5 SVC:msiserver 2416 NT AUTHORITY\SYSTEM 7852/7936 4194304/4194304 1536/1852 9 146 0.0 2025-12-10 15:22:26 306 SVC:UserManager 2532 NT AUTHORITY\SYSTEM 10772/11044 4194304/4194304 2656/3468 16 363 0.0 2025-12-10 15:22:27 306 SVC:iphlpsvc 2580 NT AUTHORITY\NETWORK SERVICE 7864/8996 4194304/4194304 1864/2964 13 173 0.0 2025-12-10 15:22:27 306 SVC:PolicyAgent 2716 NT AUTHORITY\SYSTEM 106544/108596 336936/397912 78732/103100 74 1122 0.0 2025-12-10 15:22:27 306 SVC:AutomationManagerAgent "C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe" 2824 NT AUTHORITY\NETWORK SERVICE 54648/55764 4194304/4194304 149792/150940 52 480 0.0 2025-12-10 15:22:27 306 SVC:DHCPServer 2848 NT AUTHORITY\SYSTEM 33124/50348 4194304/4194304 15540/39764 24 553 0.0 2025-12-10 15:22:27 306 SVC:DiagTrack 2916 NT AUTHORITY\SYSTEM 8352/8428 4194304/4194304 2220/2380 11 225 0.0 2025-12-10 15:22:27 306 SVC:HelpDeskService 2728 NT AUTHORITY\SYSTEM 10408/10488 4194304/4194304 2172/2364 11 196 0.0 2025-12-10 15:22:27 306 SVC:Backup Service Controller 2776 NT AUTHORITY\SYSTEM 22760/39932 128348/155868 9392/27148 23 323 0.0 2025-12-10 15:22:27 306 SVC:BASupportExpressSrvcUpdater_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe" 2788 NT AUTHORITY\NETWORK SERVICE 19684/78608 4194304/4194304 8904/68288 31 318 0.0 2025-12-10 15:22:27 306 SVC:CryptSvc 1796 NT AUTHORITY\LOCAL SERVICE 11028/11668 4194304/4194304 2764/4236 14 442 0.0 2025-12-10 15:22:26 306 SVC:netprofm 1820 NT AUTHORITY\LOCAL SERVICE 6248/6284 4194304/4194304 1260/1408 8 126 0.0 2025-12-10 15:22:26 306 SVC:CoreMessagingRegistrar 1840 NT AUTHORITY\SYSTEM 15376/15620 4194304/4194304 4864/5456 18 365 0.0 2025-12-10 15:22:26 306 SVC:Schedule 1608 NT AUTHORITY\SYSTEM 6048/6096 4194304/4194304 1212/1420 8 121 0.0 2025-12-10 15:22:26 306 SVC:Themes 1616 NT AUTHORITY\LOCAL SERVICE 8344/8460 4194304/4194304 2060/2388 10 175 0.0 2025-12-10 15:22:26 306 SVC:EventSystem 1624 NT AUTHORITY\LOCAL SERVICE 7308/8468 4194304/4194304 1616/2056 10 142 0.0 2025-12-10 15:22:26 306 SVC:FontCache 1860 NT AUTHORITY\SYSTEM 9472/9580 4194304/4194304 2124/2316 15 212 0.0 2025-12-10 15:22:26 306 SVC:SENS 2124 NT AUTHORITY\LOCAL SERVICE 7956/8052 4194304/4194304 1876/2400 10 177 0.0 2025-12-10 15:22:26 306 SVC:WinHttpAutoProxySvc 2132 NT AUTHORITY\SYSTEM 10232/10268 4194304/4194304 2260/2472 16 246 0.0 2025-12-10 15:22:26 306 SVC:SessionEnv 2360 NT AUTHORITY\LOCAL SERVICE 7324/7424 4194304/4194304 1328/1668 8 124 0.0 2025-12-10 15:22:26 306 SVC:DispBrokerDesktopSvc 1872 NT AUTHORITY\SYSTEM 6532/6568 4194304/4194304 1324/1476 8 145 0.0 2025-12-10 15:22:26 306 SVC:CertPropSvc 2000 NT AUTHORITY\LOCAL SERVICE 9216/9524 4194304/4194304 2036/3296 13 289 0.0 2025-12-10 15:22:26 306 SVC:Wcmsvc 2036 NT AUTHORITY\NETWORK SERVICE 10656/10704 4194304/4194304 2304/2564 14 244 0.0 2025-12-10 15:22:26 306 SVC:LanmanWorkstation [netstat] PacketsReceived=2000651 ReceivedHeaderErrors=0 ReceivedAddressErrors=14961 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=426 ReceivedPacketsDelivered=1989108 OutputRequests=6174378 RoutingDiscards=0 DiscardedOutputPackets=235 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=8548 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=295 ReceivedPacketsDelivered=8256 OutputRequests=168 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=8365 tcpPassiveOpens=2791 tcpFailedConnectionAttempts=278 tcpResetConnections=923 tcpCurrentConnections=47 tcpSegmentsReceived=1997527 tcpSegmentsSent=6037232 tcpSegmentsRetransmitted=177448 tcpActiveOpens=29 tcpPassiveOpens=29 tcpFailedConnectionAttempts=0 tcpResetConnections=6 tcpCurrentConnections=0 tcpSegmentsReceived=3387 tcpSegmentsSent=3244 tcpSegmentsRetransmitted=0 udpDatagramsReceived=35013 udpNoPorts=396 udpReceiveErrors=0 udpDatagramsSent=5066 udpDatagramsReceived=7687 udpNoPorts=295 udpReceiveErrors=0 udpDatagramsSent=10 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING TCP 0.0.0.0:6183 0.0.0.0:0 LISTENING TCP 0.0.0.0:6184 0.0.0.0:0 LISTENING TCP 0.0.0.0:6190 0.0.0.0:0 LISTENING TCP 0.0.0.0:6290 0.0.0.0:0 LISTENING TCP 0.0.0.0:11731 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING TCP 0.0.0.0:49709 0.0.0.0:0 LISTENING TCP 0.0.0.0:49781 0.0.0.0:0 LISTENING TCP 10.2.63.46:135 10.2.62.108:56728 ESTABLISHED TCP 10.2.63.46:135 10.2.68.2:56967 ESTABLISHED TCP 10.2.63.46:139 0.0.0.0:0 LISTENING TCP 10.2.63.46:445 10.2.62.10:60212 ESTABLISHED TCP 10.2.63.46:445 10.2.62.64:52714 ESTABLISHED TCP 10.2.63.46:445 10.2.62.66:59391 ESTABLISHED TCP 10.2.63.46:445 10.2.62.77:52869 ESTABLISHED TCP 10.2.63.46:445 10.2.62.84:64172 ESTABLISHED TCP 10.2.63.46:445 10.2.62.85:49813 ESTABLISHED TCP 10.2.63.46:445 10.2.62.99:61116 ESTABLISHED TCP 10.2.63.46:445 10.2.62.100:62922 ESTABLISHED TCP 10.2.63.46:445 10.2.62.108:55837 ESTABLISHED TCP 10.2.63.46:647 0.0.0.0:0 LISTENING TCP 10.2.63.46:647 10.2.63.21:57141 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.10:58363 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.64:53782 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.66:59399 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.77:49216 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.85:65258 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.99:63160 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.100:61868 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.108:56729 ESTABLISHED TCP 10.2.63.46:49670 10.2.63.21:57863 ESTABLISHED TCP 10.2.63.46:49670 10.2.68.2:56968 ESTABLISHED TCP 10.2.63.46:49839 206.148.0.34:443 ESTABLISHED TCP 10.2.63.46:49842 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:49916 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:49919 206.148.0.125:443 ESTABLISHED TCP 10.2.63.46:50012 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:50101 8.38.48.118:443 ESTABLISHED TCP 10.2.63.46:51295 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51296 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51297 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:57578 10.2.63.47:49669 ESTABLISHED TCP 10.2.63.46:57640 10.2.63.47:389 ESTABLISHED TCP 10.2.63.46:57999 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58104 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58122 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58135 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58147 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58158 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58159 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58182 10.2.63.47:135 TIME_WAIT TCP 10.2.63.46:58183 10.2.63.47:49690 TIME_WAIT TCP 10.2.63.46:58184 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58196 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58207 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58208 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58233 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58234 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58257 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58258 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58280 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58281 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58303 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58304 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58305 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58306 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58348 125.253.56.44:443 ESTABLISHED TCP 10.2.63.46:58350 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58351 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58352 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58353 66.129.107.58:443 TIME_WAIT TCP 10.2.63.46:58396 66.129.107.58:443 ESTABLISHED TCP 10.2.63.46:58397 66.129.107.58:443 ESTABLISHED TCP 10.2.63.46:58398 66.129.107.58:443 ESTABLISHED TCP 10.2.63.46:58399 66.129.107.58:443 ESTABLISHED TCP 127.0.0.1:3389 127.0.0.1:58395 CLOSE_WAIT TCP 127.0.0.1:6290 127.0.0.1:49695 ESTABLISHED TCP 127.0.0.1:9395 0.0.0.0:0 LISTENING TCP 127.0.0.1:42000 0.0.0.0:0 LISTENING TCP 127.0.0.1:49695 127.0.0.1:6290 ESTABLISHED TCP 127.0.0.1:49742 127.0.0.1:49743 ESTABLISHED TCP 127.0.0.1:49743 127.0.0.1:49742 ESTABLISHED TCP 127.0.0.1:49758 127.0.0.1:49759 ESTABLISHED TCP 127.0.0.1:49759 127.0.0.1:49758 ESTABLISHED TCP 127.0.0.1:49763 0.0.0.0:0 LISTENING TCP 127.0.0.1:50093 127.0.0.1:51821 ESTABLISHED TCP 127.0.0.1:51821 0.0.0.0:0 LISTENING TCP 127.0.0.1:51821 127.0.0.1:50093 ESTABLISHED TCP 127.0.0.1:58121 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:58180 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:58231 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:58235 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:58256 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:58302 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:58347 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:58394 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:58395 127.0.0.1:3389 FIN_WAIT_2 TCP 127.0.0.1:58440 127.0.0.1:49763 TIME_WAIT TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:5985 [::]:0 LISTENING TCP [::]:6160 [::]:0 LISTENING TCP [::]:6162 [::]:0 LISTENING TCP [::]:6183 [::]:0 LISTENING TCP [::]:6184 [::]:0 LISTENING TCP [::]:6190 [::]:0 LISTENING TCP [::]:6290 [::]:0 LISTENING TCP [::]:11731 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49669 [::]:0 LISTENING TCP [::]:49670 [::]:0 LISTENING TCP [::]:49672 [::]:0 LISTENING TCP [::]:49709 [::]:0 LISTENING TCP [::]:49781 [::]:0 LISTENING TCP [::1]:9395 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:42000 *:* UDP 0.0.0.0:43212 *:* UDP 0.0.0.0:54614 *:* UDP 0.0.0.0:54990 *:* UDP 0.0.0.0:57296 *:* UDP 0.0.0.0:59052 *:* UDP 0.0.0.0:59053 *:* UDP 0.0.0.0:60236 *:* UDP 0.0.0.0:61234 *:* UDP 0.0.0.0:63032 *:* UDP 0.0.0.0:63034 *:* UDP 10.2.63.46:67 *:* UDP 10.2.63.46:68 *:* UDP 10.2.63.46:137 *:* UDP 10.2.63.46:138 *:* UDP 10.2.63.46:2535 *:* UDP 127.0.0.1:51979 127.0.0.1:51979 UDP 127.0.0.1:52610 127.0.0.1:52610 UDP 127.0.0.1:54644 127.0.0.1:54644 UDP 127.0.0.1:54645 127.0.0.1:54645 UDP 127.0.0.1:54646 127.0.0.1:54646 UDP 127.0.0.1:54647 127.0.0.1:54647 UDP 127.0.0.1:56482 127.0.0.1:56482 UDP 127.0.0.1:57689 127.0.0.1:57689 UDP 127.0.0.1:59435 127.0.0.1:59435 UDP 127.0.0.1:59437 127.0.0.1:59437 UDP 127.0.0.1:59439 127.0.0.1:59439 UDP 127.0.0.1:60839 127.0.0.1:60839 UDP 127.0.0.1:63055 127.0.0.1:63055 UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:3389 *:* UDP [::]:4500 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:54614 *:* UDP [::]:54990 *:* UDP [::]:57296 *:* UDP [::]:59053 *:* UDP [::]:60236 *:* UDP [::]:61234 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : INO-RUT-FP01 Primary Dns Suffix . . . . . . . : inside.inoxihp.com.au Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : inside.inoxihp.com.au Ethernet adapter Ethernet Instance 0: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 52-54-00-7C-8E-B1 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6c3a:be9b:60bb:3502%9(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.63.46(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.2.63.1 DHCPv6 IAID . . . . . . . . . . . : 106058752 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-91-E4-AF-52-54-00-7C-8E-B1 DNS Servers . . . . . . . . . . . : 10.2.63.45 10.2.63.47 10.2.63.21 10.2.63.22 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 9...52 54 00 7c 8e b1 ......Intel(R) 82574L Gigabit Network Connection 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.2.63.1 10.2.63.46 281 10.2.63.0 255.255.255.0 On-link 10.2.63.46 281 10.2.63.46 255.255.255.255 On-link 10.2.63.46 281 10.2.63.255 255.255.255.255 On-link 10.2.63.46 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.2.63.46 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.2.63.46 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.2.63.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 9 281 fe80::/64 On-link 9 281 fe80::6c3a:be9b:60bb:3502/128 On-link 1 331 ff00::/8 On-link 9 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.2.63.46 620396573 8942801409 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual started AppX Deployment Service (AppXSVC) AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AutomationManagerAgent automatic started Automation Manager Agent AxInstSV disabled stopped ActiveX Installer (AxInstSV) Backup_Service_Controller automatic started Backup Service Controller BASupportExpressSrvcUpdater_N_Central automatic started N-able Take Control Updater Service (N-Central) BASupportExpressStandaloneService_N_Central automatic started N-able Take Control Service (N-Central) BFE automatic started Base Filtering Engine BITS automatic started Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client DHCPServer automatic started DHCP Server diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual stopped Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService144.0.7547.0 automatic stopped Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) GoogleUpdaterService144.0.7547.0 automatic stopped Google Updater Service (GoogleUpdaterService144.0.7547.0) gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc HelpDeskService automatic started HelpDeskService hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service IDriveService automatic started IDriveService IKEEXT automatic started IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager LTService automatic started Viatek Technology Monitoring Service LTSvcMon automatic started Viatek Technology Monitoring Service Watchdog Service MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSDTC automatic started Distributed Transaction Coordinator MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual started Windows Installer NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PME.Agent.PmeService automatic started PME Agent PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual stopped Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy ScreenConnect_Client_(69e7721040ec1250) automatic started ScreenConnect Client (69e7721040ec1250) seclogon manual stopped Secondary Logon SecurityHealthService manual stopped Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap SolarWinds.MSP.CacheService automatic started File Cache Service Agent SolarWinds.MSP.RpcServerService automatic started Request Handler Agent Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SrmReports manual stopped File Server Storage Reports Manager SrmSvc automatic started File Server Resource Manager SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv automatic stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual stopped Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual stopped Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk VeeamDeploySvc automatic started Veeam Installer Service VeeamEndpointBackupSvc automatic started Veeam Agent for Microsoft Windows VeeamTransportSvc automatic started Veeam Data Mover Service vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS automatic stopped Volume Shadow Copy W32Time automatic started Windows Time WaaSMedicSvc manual stopped Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual started Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service Windows_Agent_Maintenance_Service automatic started Windows Agent Maintenance Service Windows_Agent_Service automatic started Windows Agent Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual started WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WSearch automatic started Windows Search wuauserv automatic stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 18369 0 days 5 hours 6 minutes 9 seconds Bootup: 20251210152220.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [XymonConfig] XymonSettings serversList : xymon.twilightcomputer.au serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : ino-rut-fp01 clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : xymon.twilightcomputer.au clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname ino-rut-fp01 [XymonPSClientInfo] Collection number: 63 Last transmission method: TCP Id : 4448 Handles : 558 CPU : 101.65625 SI : 0 Name : powershell