[collector:] client ino-rut-vlt01.powershell powershell XymonPS [date] Wed 10 Dec 16:30:05 2025 [clock] epoch: 1765344606 local: Wed 10 Dec 16:30:05 2025 UTC: Wed 10 Dec 05:30:05 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 5 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0069522s Root Dispersion: 4.5359367s ReferenceId: 0x0A023F2F (source IP: 10.2.63.47) Last Successful Sync Time: 10/12/2025 4:22:48 PM Source: INO-RUT-DC02.inside.inoxihp.com.au Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter (build 20348) [cpu] up: 13 days, 0 users, 141 procs, load=8.04% CPU states: total 8.04% cores: 6 CPU PID Image Name Pri Time MemUsage 2.3% 2180 BackupFP 8 02:23:42 592152k 1.7% 6148 SVC:IDriveService 8 10:05:32 517088k 0.9% 4 System 8 02:08:48 144k 0.6% 3076 SVC:CryptSvc 8 00:30:48 23364k 0.5% 3820 SVC:WinDefend 8 08:00:15 313856k 0.5% 4068 SVC:MBAMService 8 11:45:09 312212k 0.2% 1304 SVC:MSSQL$AUTODESKVAULT 8 02:32:07 19414740k 0.2% 5964 SVC:swprv 8 00:00:03 14324k 0.2% 8572 AdskIdentityManager 8 02:48:35 20432k 0.1% 4228 SVC:BASupportExpressStandalone 13 01:01:23 54140k 0.1% 768 SVC:KeyIso/Netlogon/SamSs 9 00:53:04 29136k 0.1% 3384 SVC:Mesh Agent 8 02:12:22 5692988k 0.1% 13056 SVC:VSS 8 00:00:01 23116k 0.1% 1392 SVC:EventLog 8 02:08:09 45616k 0.1% 3504 SVC:SQLWriter 8 00:03:12 55612k 0.1% 10524 SVC:LTService 8 00:04:30 12460k 0.1% 7084 powershell 8 01:26:20 163120k 0.1% 760 services 9 00:15:01 16708k 0.0% 3280 SVC:Winmgmt 8 00:41:57 33708k 0.0% 12668 WmiPrvSE 8 00:02:40 37068k 0.0% 2732 SVC:AdskLicensingService 8 00:28:15 25484k 0.0% 12084 BASupSysInf 6 00:01:07 19548k 0.0% 5548 w3wp 8 00:01:34 561464k 0.0% 1228 SVC:Dnscache 8 00:07:13 10064k 0.0% 2788 SVC:Autodesk CER Service 8 00:12:35 28908k 0.0% 7492 SVC:DPS 8 00:11:36 22888k 0.0% 1008 SVC:RpcEptMapper/RpcSs 8 00:09:56 32888k 0.0% 3784 SVC:Windows Agent Service 8 00:21:25 325132k 0.0% 10404 w3wp 8 00:00:45 203748k 0.0% 5368 SVC:WSearch 8 00:06:40 26716k 0.0% 8556 SVC:WdNisSvc 8 00:01:47 13956k 0.0% 5244 dllhost 8 00:00:00 12912k 0.0% 5132 AggregatorHost 8 00:00:19 10704k 0.0% 4420 fdhost 8 00:00:07 7516k 0.0% 4992 Veeam.Guest.Interaction.Proxy 8 00:00:00 10168k 0.0% 4304 SVC:RasMan 8 00:00:11 13652k 0.0% 5060 conhost 8 00:00:00 10784k 0.0% 3600 SVC:SysMain 8 00:00:01 7224k 0.0% 3720 SVC:TrkWks 8 00:00:03 6080k 0.0% 3756 SVC:UsoSvc 8 00:00:12 13940k 0.0% 3472 SVC:SstpSvc 8 00:00:00 7652k 0.0% 3512 SVC:LanmanServer 8 00:00:59 9448k 0.0% 3552 SVC:SQLBrowser 8 00:00:00 6228k 0.0% 4024 SVC:VeeamTransportSvc 8 00:00:01 10724k 0.0% 4048 SVC:VeeamDeploySvc 8 00:00:07 20048k 0.0% 4056 SVC:WpnService 8 00:00:00 11196k 0.0% 3844 SVC:XymonPSClient 8 00:00:00 6596k 0.0% 3952 SVC:WinRM 8 00:00:05 12884k 0.0% 3964 SVC:W3SVC/WAS 8 00:00:08 13552k 0.0% 9332 SVC:StateRepository 8 00:00:09 12140k 0.0% 9492 conhost 8 00:00:00 10864k 0.0% 9588 SVC:MSDTC 8 00:00:00 11380k 0.0% 9168 SVC:SolarWinds.MSP.RpcServerSe 8 00:01:37 77860k 0.0% 8136 NableReactiveManagement 8 00:00:13 45540k 0.0% 8836 SVC:CDPSvc 8 00:00:00 12012k 0.0% 8992 SVC:MSSQLFDLauncher$AUTODESKVA 8 00:00:00 4604k 0.0% 11824 WmiPrvSE 8 00:00:00 9880k 0.0% 13352 conhost 6 00:00:00 11012k 0.0% 14216 SVC:LTSvcMon 8 00:00:09 15796k 0.0% 10840 WmiPrvSE 8 00:00:01 12656k 0.0% 9908 SVC:UALSVC 8 00:00:02 21132k 0.0% 10308 SVC:DsSvc 8 00:00:00 11144k 0.0% 10344 SVC:WdiSystemHost 8 00:00:00 6332k 0.0% 6620 SVC:DispBrokerDesktopSvc 8 00:00:00 7472k 0.0% 6756 conhost 8 00:00:00 10788k 0.0% 6932 AdskLicensingAgent 8 00:00:00 23832k 0.0% 6152 SVC:WaaSMedicSvc 8 00:00:00 8288k 0.0% 5348 SVC:VeeamEndpointBackupSvc 8 00:00:59 96644k 0.0% 5880 adsk_hive_host 8 00:00:42 26440k 0.0% 6068 SVC:SQLTELEMETRY$AUTODESKVAULT 6 00:02:48 74580k 0.0% 7432 conhost 8 00:00:00 10784k 0.0% 7712 w3wp 8 00:00:01 44032k 0.0% 7964 SVC:PcaSvc 8 00:00:05 13236k 0.0% 7324 SVC:StorSvc 8 00:00:01 15512k 0.0% 7064 SVC:BASupportExpressSrvcUpdate 8 00:01:51 25452k 0.0% 7092 conhost 8 00:03:08 15284k 0.0% 7188 NableSixtyFourBitManager 8 00:00:04 66372k 0.0% 1172 SVC:SolarWinds.MSP.CacheServic 8 00:01:30 54012k 0.0% 1152 SVC:TimeBrokerSvc 8 00:00:00 6484k 0.0% 1464 dwm 13 00:01:26 51920k 0.0% 1324 LogonUI 13 00:00:15 53796k 0.0% 1096 SVC:SecurityHealthService 8 00:00:00 11648k 0.0% 1048 SVC:W32Time 8 00:00:12 8900k 0.0% 1144 SVC:NcbService 8 00:00:00 8680k 0.0% 1136 SVC:Dhcp 8 00:00:38 8416k 0.0% 1740 SVC:CertPropSvc 8 00:00:00 6640k 0.0% 1700 SVC:gpsvc 8 00:00:06 18632k 0.0% 1800 SVC:UmRdpService 8 00:00:00 7028k 0.0% 1768 SVC:netprofm 8 00:00:10 11740k 0.0% 1556 SVC:ProfSvc 8 00:00:00 11672k 0.0% 1480 SVC:BFE/mpssvc 8 00:01:01 19184k 0.0% 1656 SVC:UserManager 8 00:00:00 8168k 0.0% 1572 SVC:NlaSvc 8 00:00:00 13112k 0.0% 616 wininit 13 00:00:00 7296k 0.0% 520 csrss 13 00:04:15 7052k 0.0% 688 winlogon 13 00:00:00 10588k 0.0% 624 csrss 13 00:00:01 6052k 0.0% 148 Registry 8 00:01:01 115356k 0.0% 0 Idle 0 8k 0.0% 472 SVC:LSM 8 00:01:19 9780k 0.0% 408 smss 11 00:00:00 1256k 0.0% 948 SVC:SSDPSRV 8 00:01:04 8420k 0.0% 936 fontdrvhost 8 00:00:00 4560k 0.0% 1040 SVC:lmhosts 8 00:00:00 5760k 0.0% 1028 SVC:nsi 8 00:00:15 9040k 0.0% 848 SVC:Backup Service Controller 8 00:00:26 10744k 0.0% 732 SVC:TermService 8 00:00:47 16136k 0.0% 928 fontdrvhost 8 00:00:02 7544k 0.0% 900 SVC:BrokerInfrastructure/DcomL 8 00:01:00 17404k 0.0% 2872 SVC:AutomationManagerAgent 8 00:01:02 165128k 0.0% 2844 SVC:Autodesk Access Service Ho 8 00:00:57 55352k 0.0% 2988 SVC:MsDtsServer160 8 00:00:00 24204k 0.0% 2892 SVC:AzureAttestService 8 00:00:00 6256k 0.0% 2752 SVC:AppHostSvc 8 00:00:12 15372k 0.0% 2620 SVC:Spooler 8 00:00:21 30484k 0.0% 2836 SVC:Autodesk Data Management S 8 00:00:03 38956k 0.0% 2824 SVC:Autodesk Data Management J 8 00:00:28 30500k 0.0% 3204 SVC:SSISTELEMETRY160 6 00:00:16 52928k 0.0% 3128 SVC:IISADMIN 8 00:01:02 28852k 0.0% 3456 SVC:ScreenConnect Client (69e7 8 00:00:19 39984k 0.0% 3332 SVC:MDCoreSvc 8 00:00:16 24652k 0.0% 3108 SVC:FlexNet Licensing Service 8 00:00:28 14116k 0.0% 3100 SVC:DiagTrack 8 00:01:34 44004k 0.0% 3120 SVC:HelpDeskService 8 00:00:36 8556k 0.0% 3116 SVC:FOSWindowsService 8 00:00:51 65308k 0.0% 2164 SVC:Wcmsvc 8 00:00:01 9244k 0.0% 2124 SVC:LanmanWorkstation 8 00:00:36 9964k 0.0% 2224 SVC:ShellHWDetection 8 00:00:00 8956k 0.0% 2192 SVC:WinHttpAutoProxySvc 8 00:00:09 8148k 0.0% 1896 SVC:EventSystem 8 00:00:16 8708k 0.0% 1840 SVC:Schedule 8 00:01:07 16876k 0.0% 2056 SVC:SENS 8 00:00:01 9564k 0.0% 1964 SVC:Themes 8 00:00:00 6024k 0.0% 2524 SVC:IKEEXT 8 00:00:01 8736k 0.0% 2416 SVC:SessionEnv 8 00:00:00 10376k 0.0% 2548 SVC:iphlpsvc 8 00:00:01 10936k 0.0% 2536 SVC:PolicyAgent 8 00:00:09 7788k 0.0% 2296 SVC:FontCache 8 00:00:00 7084k 0.0% 2272 SVC:CoreMessagingRegistrar 8 00:00:16 6400k 0.0% 2364 SVC:PME.Agent.PmeService 8 00:00:02 35032k 0.0% 2324 SVC:Windows Agent Maintenance 8 00:00:11 33112k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 209074172 91701108 117373064 44% /FIXED/C:\ 199.39\111.94 E 3145709564 1818921188 1326788376 58% /FIXED/E:\ Vault_Data 2999.98\1265.32 [memory] memory Total Used physical: 65535 32305 virtual: 9728 81 page: 75263 32439 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 32459 Security Circular 20971520 61976 System Circular 20971520 43344 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 12/10/2025 16:27:48 - [98] - Microsoft-Windows-Ntfs - Volume Vault_Data (\Device\HarddiskVolumeShadowCopy1045) is healthy. No action is needed. Information - 12/10/2025 16:27:48 - [98] - Microsoft-Windows-Ntfs - Volume ?? (\Device\HarddiskVolumeShadowCopy1044) is healthy. No action is needed. Information - 12/10/2025 16:27:33 - [4] - Virtual Disk Service - Service stopped. Information - 12/10/2025 16:27:24 - [98] - Microsoft-Windows-Ntfs - Volume System Reserved (\Device\HarddiskVolumeShadowCopy1043) is healthy. No action is needed. Information - 12/10/2025 16:27:24 - [98] - Microsoft-Windows-Ntfs - Volume ?? (\Device\HarddiskVolumeShadowCopy1042) is healthy. No action is needed. Information - 12/10/2025 16:27:09 - [3] - Virtual Disk Service - Service started. Information - 12/10/2025 15:55:09 - [16] - Microsoft-Windows-Kernel-General - The access history in hive \??\C:\Users\.NET v4.5 Classic\NTUSER.DAT was cleared updating 6 keys and creating 3 modified pages. [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 2180 NT AUTHORITY\SYSTEM 592152/932548 5398848/5637984 577904/924928 60 912 2.3 2025-11-29 11:44:54 16125 BackupFP "C:\Program Files\Backup Manager\BackupFP.exe" 6148 NT AUTHORITY\SYSTEM 517088/890100 5279272/5774012 483956/920576 61 4074 1.7 2025-11-27 02:15:17 19575 SVC:IDriveService "C:\Program Files (x86)\IDriveWindows\id_service.exe" 4 Unknown 144/5960 3968/19008 44/72 0 2552 0.9 2025-11-27 02:12:49 19577 System 3076 NT AUTHORITY\NETWORK SERVICE 23364/84064 2152395480/2152442560 13064/72300 31 360 0.6 2025-11-27 02:12:51 19577 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc 3820 Unknown 313856/1168636 2152942496/2154002512 341936/1152004 246 993 0.5 2025-11-27 02:12:52 19577 SVC:WinDefend 4068 Unknown 312212/1026096 5167688/6188724 439088/1261556 69 4326 0.5 2025-11-27 02:12:52 19577 SVC:MBAMService 1304 NT SERVICE\MSSQL$AUTODESKVAULT 19414740/19415288 131392932/131422504 19785148/19788596 353 1241 0.2 2025-11-27 02:15:18 19575 SVC:MSSQL$AUTODESKVAULT "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT 5964 NT AUTHORITY\SYSTEM 14324/206280 2151802196/2151998292 3340/195920 15 359 0.2 2025-12-10 16:27:20 3 SVC:swprv C:\Windows\System32\svchost.exe -k swprv 8572 IIS APPPOOL\AutodeskFSPool 20432/20856 4318400/4333436 5920/6584 20 277 0.2 2025-11-28 07:15:37 17834 AdskIdentityManager "C:\Program Files\Autodesk\AdskIdentityManager\1.14.0.3/AdskIdentityManager.exe" --process_name Autodesk.IDSDK.DefaultProcess-v2 --server_name Autodesk.IDSDK.DefaultServer-v2 4228 NT AUTHORITY\SYSTEM 54140/57684 179416/187572 40096/40440 43 435 0.1 2025-12-05 00:10:20 8180 SVC:BASupportExpressStandaloneService_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe" 768 NT AUTHORITY\SYSTEM 29136/30604 2151782232/2151785912 12644/14472 32 2150 0.1 2025-11-27 02:12:50 19577 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe 3384 NT AUTHORITY\SYSTEM 5692988/5693272 10099536/10105592 5795324/5795424 67 330 0.1 2025-11-27 02:12:51 19577 SVC:Mesh Agent "C:\Program Files\Mesh Agent\MeshAgent.exe" 13056 NT AUTHORITY\SYSTEM 23116/33988 2151828976/2151843232 9880/15472 22 581 0.1 2025-12-10 16:27:00 3 SVC:VSS C:\Windows\system32\vssvc.exe 1392 NT AUTHORITY\LOCAL SERVICE 45616/79468 2151835484/2152517252 55620/72208 19 1637 0.1 2025-11-27 02:12:51 19577 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 3504 NT AUTHORITY\SYSTEM 55612/57492 4383272/4460772 44812/49828 23 413 0.1 2025-11-27 02:12:51 19577 SVC:SQLWriter "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" 10524 NT AUTHORITY\SYSTEM 12460/256184 4994624/5192540 134224/308932 63 2190 0.1 2025-12-09 08:50:19 1900 SVC:LTService C:\Windows\LTSvc\LTSVC.exe -sLTService 7084 NT AUTHORITY\SYSTEM 163120/186096 2152408980/2152448944 117580/141128 39 578 0.1 2025-11-27 02:12:54 19577 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\XYMON\xymonclient.ps1" 760 Unknown 16708/61516 2151769300/2152835076 8296/15628 16 783 0.1 2025-11-27 02:12:50 19577 services 3280 NT AUTHORITY\SYSTEM 33708/43812 2151846652/2151873852 18288/28972 22 507 0.0 2025-11-27 02:12:51 19577 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 12668 NT AUTHORITY\NETWORK SERVICE 37068/43176 2151827672/2151855116 18364/21744 23 1370 0.0 2025-12-10 00:17:36 972 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding 2732 NT AUTHORITY\LOCAL SERVICE 25484/27544 5448196/5452628 23552/24760 16 214 0.0 2025-11-27 02:12:51 19577 SVC:AdskLicensingService "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe" 12084 NT AUTHORITY\SYSTEM 19548/48940 108056/129340 6344/29444 18 271 0.0 2025-12-10 02:41:24 829 BASupSysInf C:\PROGRA~2\BEANYW~1\GETSUP~1\BASupSysInf.exe -pldpipeid 2WoCsuA0MvLT9DJbSyfdowXH7rGdfArriE9SwlPBm5OKO2Nf0G7SJbUQGqSywkCd 5548 IIS APPPOOL\AutodeskDMPool 561464/799336 2166361852/2166369140 690276/955604 75 1099 0.0 2025-12-10 09:18:39 431 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "AutodeskDMPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmeeb64098-1596-42d7-890f-5755ae7b006b -h "C:\inetpub\temp\apppools\AutodeskDMPool\AutodeskDMPool.config" -w "" -m 0 -t 20 -ta 0 1228 NT AUTHORITY\NETWORK SERVICE 10064/10280 2151768256/2151771328 3712/3984 16 325 0.0 2025-11-27 02:12:51 19577 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache 2788 NT AUTHORITY\LOCAL SERVICE 28908/29324 5483444/5487544 24804/25340 18 343 0.0 2025-11-27 02:12:51 19577 SVC:Autodesk CER Service "C:\Program Files\Autodesk\Autodesk CER\service\cer_service.exe" 7492 NT AUTHORITY\LOCAL SERVICE 22888/26088 2151832784/2152364968 19216/21696 17 316 0.0 2025-11-27 02:14:53 19575 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 1008 NT AUTHORITY\NETWORK SERVICE 32888/33048 2151781512/2151794984 25580/25800 18 1417 0.0 2025-11-27 02:12:51 19577 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p 3784 NT AUTHORITY\SYSTEM 325132/358096 948364/997520 296384/337048 119 1768 0.0 2025-11-27 02:12:51 19577 SVC:Windows Agent Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" 10404 IIS APPPOOL\AutodeskFSPool 203748/256756 2166429912/2166522060 315540/327316 77 1320 0.0 2025-12-10 09:23:20 427 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "AutodeskFSPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipm91164642-f5fd-41f1-9659-e460c84e8212 -h "C:\inetpub\temp\apppools\AutodeskFSPool\AutodeskFSPool.config" -w "" -m 0 -t 20 -ta 0 5368 NT AUTHORITY\SYSTEM 26716/27284 2152389180/2152393280 21868/23088 44 686 0.0 2025-11-27 04:48:36 19421 SVC:WSearch C:\Windows\system32\SearchIndexer.exe /Embedding 8556 Unknown 13956/15008 2151784488/2151785248 6192/7388 12 215 0.0 2025-11-27 02:13:05 19577 SVC:WdNisSvc 5244 NT AUTHORITY\SYSTEM 12912/12996 2152300188/2152306988 3708/3988 18 211 0.0 2025-11-27 02:12:53 19577 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} 5132 NT AUTHORITY\SYSTEM 10704/22256 2151746396/2151760024 5924/8984 8 119 0.0 2025-11-27 02:12:52 19577 AggregatorHost AggregatorHost.exe 4420 NT SERVICE\MSSQLFDLauncher$AUTOD 7516/7796 4316300/4389264 39100/39600 12 259 0.0 2025-11-27 02:15:22 19575 fdhost "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\fdhost.exe" "MSSQL16.AUTODESKVAULTG9a3ed1f2fd7b8f4546fa39bfc933bebf90169ml6" "MSSQL16.AUTODESKVAULT" "MSSQL16.AUTODESKVAULT" "12" "" "16384" "M" "0" "" "" "" 4992 NT AUTHORITY\SYSTEM 10168/10260 51428/60392 1948/2396 17 239 0.0 2025-11-27 02:12:52 19577 Veeam.Guest.Interaction.Proxy "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe" 4304 NT AUTHORITY\SYSTEM 13652/13700 2151779472/2151781548 3688/3852 25 430 0.0 2025-11-27 02:12:52 19577 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs 5060 NT AUTHORITY\SYSTEM 10784/10820 2151756576/2151758116 6192/6276 7 86 0.0 2025-11-27 02:12:52 19577 conhost \??\C:\Windows\system32\conhost.exe 0x4 3600 NT AUTHORITY\SYSTEM 7224/7264 2155941260/2155944336 1920/2000 9 144 0.0 2025-11-27 02:12:51 19577 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 3720 NT AUTHORITY\SYSTEM 6080/6100 2151744788/2151746840 1328/1456 8 143 0.0 2025-11-27 02:12:51 19577 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 3756 NT AUTHORITY\SYSTEM 13940/13976 2151769292/2151771344 3504/3612 15 254 0.0 2025-11-27 02:12:51 19577 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 3472 NT AUTHORITY\LOCAL SERVICE 7652/7684 2151752948/2151756028 1724/1868 42 160 0.0 2025-11-27 02:12:51 19577 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc 3512 NT AUTHORITY\SYSTEM 9448/9500 2151754900/2151760044 2500/2700 11 212 0.0 2025-11-27 02:12:51 19577 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer 3552 NT AUTHORITY\LOCAL SERVICE 6228/6316 32640/37764 1744/1968 12 160 0.0 2025-11-27 02:12:51 19577 SVC:SQLBrowser "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" 4024 NT AUTHORITY\SYSTEM 10724/11516 55196/61600 2396/2684 17 237 0.0 2025-11-27 02:12:52 19577 SVC:VeeamTransportSvc "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe" 4048 NT AUTHORITY\SYSTEM 20048/20876 86884/97264 4536/5404 26 404 0.0 2025-11-27 02:12:52 19577 SVC:VeeamDeploySvc "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160 4056 NT AUTHORITY\SYSTEM 11196/11264 2151753564/2151758688 1404/1716 8 127 0.0 2025-11-27 02:12:52 19577 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService 3844 NT AUTHORITY\SYSTEM 6596/6780 4267956/4272496 1880/2180 8 124 0.0 2025-11-27 02:12:52 19577 SVC:XymonPSClient "C:\Program Files\XYMON\nssm.exe" 3952 NT AUTHORITY\NETWORK SERVICE 12884/12956 2151781748/2151783288 3312/3900 13 240 0.0 2025-11-27 02:12:52 19577 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM 3964 NT AUTHORITY\SYSTEM 13552/13600 2151775648/2151778212 5840/6128 16 260 0.0 2025-11-27 02:12:52 19577 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs 9332 NT AUTHORITY\SYSTEM 12140/14184 2151755740/2151759328 4564/6604 9 131 0.0 2025-11-27 02:14:55 19575 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository 9492 NT SERVICE\MSSQLFDLauncher$AUTOD 10864/10900 2151756576/2151757604 6196/6252 7 86 0.0 2025-11-27 02:15:22 19575 conhost \??\C:\Windows\system32\conhost.exe 0x4 9588 NT AUTHORITY\NETWORK SERVICE 11380/12580 2151764472/2151767432 3016/4140 14 242 0.0 2025-11-27 02:15:17 19575 SVC:MSDTC C:\Windows\System32\msdtc.exe 9168 NT AUTHORITY\SYSTEM 77860/139924 300840/376620 49140/123284 67 666 0.0 2025-11-27 02:13:24 19577 SVC:SolarWinds.MSP.RpcServerService "C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe" 8136 NT AUTHORITY\SYSTEM 45540/50272 4816116/4873300 34852/39852 25 479 0.0 2025-11-27 02:12:57 19577 NableReactiveManagement "C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe" 8836 NT AUTHORITY\LOCAL SERVICE 12012/12056 2151772428/2151779600 2276/2772 11 211 0.0 2025-11-27 02:14:53 19575 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc 8992 NT SERVICE\MSSQLFDLauncher$AUTOD 4604/4748 4249168/4254160 888/1004 6 78 0.0 2025-11-27 02:15:22 19575 SVC:MSSQLFDLauncher$AUTODESKVAULT "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\fdlauncher.exe" -s MSSQL16.AUTODESKVAULT 11824 NT AUTHORITY\SYSTEM 9880/9880 2151753524/2151757268 2508/5968 12 182 0.0 2025-12-10 16:27:10 3 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -Embedding 13352 NT AUTHORITY\SYSTEM 11012/11048 2151756584/2151757612 6196/6268 7 86 0.0 2025-12-10 02:41:25 829 conhost \??\C:\Windows\system32\conhost.exe 0x4 14216 NT AUTHORITY\SYSTEM 15796/43936 4816744/4821852 35380/36228 29 521 0.0 2025-12-09 07:43:46 1966 SVC:LTSvcMon C:\Windows\LTSvc\LTSvcMon.exe -sLTService 10840 NT AUTHORITY\LOCAL SERVICE 12656/12840 2151758312/2151759984 3824/3960 12 186 0.0 2025-12-10 15:34:46 55 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding 9908 NT AUTHORITY\SYSTEM 21132/24496 2152872424/2152884992 9720/12708 24 370 0.0 2025-11-27 02:15:22 19575 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC 10308 NT AUTHORITY\SYSTEM 11144/11180 2152821396/2152827032 6388/6688 15 193 0.0 2025-11-27 06:12:52 19337 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 10344 NT AUTHORITY\SYSTEM 6332/6416 2151744956/2151749564 1392/1788 8 126 0.0 2025-12-10 16:13:45 16 SVC:WdiSystemHost C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost 6620 NT AUTHORITY\LOCAL SERVICE 7472/7516 2151745608/2151751244 1384/1692 8 124 0.0 2025-11-27 02:12:54 19577 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 6756 NT AUTHORITY\SYSTEM 10788/10824 2151756576/2151757604 6204/6260 7 86 0.0 2025-11-27 02:12:57 19577 conhost \??\C:\Windows\system32\conhost.exe 0x4 6932 IIS APPPOOL\AutodeskFSPool 23832/24216 2151829228/2151841516 7424/8340 22 346 0.0 2025-12-10 09:23:22 427 AdskLicensingAgent "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\15.5.0.13374\AdskLicensingAgent/AdskLicensingAgent.exe" -r 0 -n /analytics/v1/connect?analyticsagentid=analytics-5b02e78e-172c-489f-a4a6-d66651a98cb6 --no-gui -c 2 -i analytics-5b02e78e-172c-489f-a4a6-d66651a98cb6 6152 Unknown 8288/8336 2151749248/2151755396 1628/1960 9 176 0.0 2025-11-27 02:12:53 19577 SVC:WaaSMedicSvc 5348 NT AUTHORITY\SYSTEM 96644/119216 4985412/5043648 54704/56048 66 1098 0.0 2025-11-27 02:12:53 19577 SVC:VeeamEndpointBackupSvc "C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe" 5880 NT AUTHORITY\SYSTEM 26440/36796 4352228/4365456 8180/8376 19 260 0.0 2025-11-27 02:12:53 19577 adsk_hive_host "C:\Program Files\Common Files\Autodesk Shared\Interoperability Engine Manager\1.3.2.2\bin\adsk_hive_host.exe" --duplexpipe fe0c2e5c-d8d5-4b4b-af54-346b6d9c285d 6068 NT SERVICE\SQLTELEMETRY$AUTODESK 74580/120444 4832948/4848276 61188/116384 34 598 0.0 2025-11-27 02:15:22 19575 SVC:SQLTELEMETRY$AUTODESKVAULT "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\sqlceip.exe" -Service AUTODESKVAULT 7432 NT AUTHORITY\SYSTEM 10784/10824 2151756576/2151758112 6200/6284 7 86 0.0 2025-11-27 02:12:57 19577 conhost \??\C:\Windows\system32\conhost.exe 0x4 7712 IIS APPPOOL\DefaultAppPool 44032/44272 2166202524/2166209692 70480/70860 37 773 0.0 2025-12-10 09:14:37 435 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipma5db5358-5da6-48ba-9aa8-cde775673e5b -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20 -ta 0 7964 NT AUTHORITY\SYSTEM 13236/14232 2151767476/2151777040 4224/5132 12 248 0.0 2025-11-27 02:13:18 19577 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 7324 NT AUTHORITY\SYSTEM 15512/16116 2151777640/2151788632 3216/4036 14 261 0.0 2025-11-27 02:13:22 19577 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 7064 NT AUTHORITY\SYSTEM 25452/42904 131256/154888 10432/28104 24 357 0.0 2025-12-05 00:09:54 8180 SVC:BASupportExpressSrvcUpdater_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe" 7092 NT AUTHORITY\SYSTEM 15284/16296 2151770448/2151771624 9104/10280 10 148 0.0 2025-11-27 02:12:54 19577 conhost \??\C:\Windows\system32\conhost.exe 0x4 7188 NT AUTHORITY\SYSTEM 66372/71976 4909324/4964248 55632/69920 28 572 0.0 2025-11-27 02:12:57 19577 NableSixtyFourBitManager "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\NableSixtyFourBitManager.exe" 1172 NT AUTHORITY\LOCAL SERVICE 54012/58460 4834600/4840748 42872/47648 33 636 0.0 2025-11-27 02:13:22 19577 SVC:SolarWinds.MSP.CacheService "C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe" 1152 NT AUTHORITY\LOCAL SERVICE 6484/6520 2151746972/2151750512 1448/1700 8 142 0.0 2025-11-27 02:12:51 19577 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1464 Window Manager\DWM-1 51920/60620 2151948560/2151964852 29248/46208 29 626 0.0 2025-11-27 02:12:51 19577 dwm "dwm.exe" 1324 NT AUTHORITY\SYSTEM 53796/65676 2151981104/2151988964 11964/32876 27 454 0.0 2025-11-27 02:12:51 19577 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3b19855 /state1:0x41c64e6d 1096 Unknown 11648/12028 2151756720/2151758260 2584/2708 11 196 0.0 2025-12-03 20:13:02 9857 SVC:SecurityHealthService 1048 NT AUTHORITY\LOCAL SERVICE 8900/8952 2151755832/2151758396 2004/2184 13 232 0.0 2025-11-27 02:12:51 19577 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time 1144 NT AUTHORITY\SYSTEM 8680/8820 2151748136/2151755308 1836/2320 11 194 0.0 2025-11-27 02:12:51 19577 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1136 NT AUTHORITY\LOCAL SERVICE 8416/8596 2151754932/2151758536 2524/2956 11 241 0.0 2025-11-27 02:12:51 19577 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 1740 NT AUTHORITY\SYSTEM 6640/6672 2151745800/2151747852 1416/1524 8 145 0.0 2025-11-27 02:12:51 19577 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc 1700 NT AUTHORITY\SYSTEM 18632/19200 2151793108/2151802612 4096/4568 20 376 0.0 2025-11-27 02:12:51 19577 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc 1800 NT AUTHORITY\SYSTEM 7028/7064 2151751312/2151753984 1384/1568 8 138 0.0 2025-11-27 02:12:51 19577 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 1768 NT AUTHORITY\LOCAL SERVICE 11740/11800 2151764420/2151777736 3528/4144 14 455 0.0 2025-11-27 02:12:51 19577 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm 1556 NT AUTHORITY\SYSTEM 11672/11700 2151773224/2151776300 2308/2476 11 210 0.0 2025-11-27 02:12:51 19577 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc 1480 NT AUTHORITY\LOCAL SERVICE 19184/21932 2151786104/2151794664 9068/11472 33 435 0.0 2025-11-27 02:12:51 19577 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 1656 NT AUTHORITY\SYSTEM 8168/8376 2151751572/2151756012 1880/2044 9 177 0.0 2025-11-27 02:12:51 19577 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager 1572 NT AUTHORITY\NETWORK SERVICE 13112/13412 2151779272/2151791636 4036/5104 17 399 0.0 2025-11-27 02:12:51 19577 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc 616 Unknown 7296/7368 2151748948/2151761376 1372/1912 11 156 0.0 2025-11-27 02:12:50 19577 wininit 520 Unknown 7052/7148 2151785120/2151786404 2416/2532 29 914 0.0 2025-11-27 02:12:50 19577 csrss 688 NT AUTHORITY\SYSTEM 10588/16448 2151811900/2151825220 2472/7344 12 214 0.0 2025-11-27 02:12:50 19577 winlogon winlogon.exe 624 Unknown 6052/14252 2151766200/2151775328 1832/2040 11 172 0.0 2025-11-27 02:12:50 19577 csrss 148 Unknown 115356/331616 122816/335808 3256/106692 10 0 0.0 2025-11-27 02:12:47 19577 Registry 0 8/8 8/8 60/60 0 0 0.0 0 Idle 472 NT AUTHORITY\SYSTEM 9780/9824 2151758520/2151763132 2652/2780 12 299 0.0 2025-11-27 02:12:51 19577 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM 408 Unknown 1256/1284 2151718576/2151726612 1072/1140 3 57 0.0 2025-11-27 02:12:49 19577 smss 948 NT AUTHORITY\LOCAL SERVICE 8420/8512 2151756720/2151761332 2436/2608 15 225 0.0 2025-11-27 02:13:22 19577 SVC:SSDPSRV C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV 936 Font Driver Host\UMFD-1 4560/39176 2151748520/2151784512 1868/2900 6 39 0.0 2025-11-27 02:12:50 19577 fontdrvhost "fontdrvhost.exe" 1040 NT AUTHORITY\LOCAL SERVICE 5760/5796 2151745296/2151746836 1292/1460 8 119 0.0 2025-11-27 02:12:51 19577 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 1028 NT AUTHORITY\LOCAL SERVICE 9040/9104 2151747000/2151749564 4492/4684 20 149 0.0 2025-11-27 02:12:51 19577 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi 848 NT AUTHORITY\SYSTEM 10744/69764 4292508/4359792 2320/2448 11 196 0.0 2025-11-29 11:44:52 16125 SVC:Backup Service Controller "C:\Program Files\Backup Manager\ProcessController.exe" serve 732 NT AUTHORITY\NETWORK SERVICE 16136/16964 2151812408/2151822996 5980/7364 23 644 0.0 2025-11-27 02:12:51 19577 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService 928 Font Driver Host\UMFD-0 7544/39204 2151886672/2151889928 4140/4196 8 39 0.0 2025-11-27 02:12:50 19577 fontdrvhost "fontdrvhost.exe" 900 NT AUTHORITY\SYSTEM 17404/17472 2151773560/2151779536 7396/7636 16 932 0.0 2025-11-27 02:12:50 19577 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p 2872 NT AUTHORITY\SYSTEM 165128/190520 424716/501144 136988/173992 82 1310 0.0 2025-11-27 02:12:51 19577 SVC:AutomationManagerAgent "C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe" 2844 NT AUTHORITY\SYSTEM 55352/67096 2151850984/2151878072 27048/27128 500 339 0.0 2025-11-27 02:12:51 19577 SVC:Autodesk Access Service Host "C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe" 2988 NT SERVICE\MsDtsServer160 24204/24240 18693128/18730252 55868/56276 23 283 0.0 2025-11-27 02:15:18 19575 SVC:MsDtsServer160 "C:\VaultData\Microsoft SQL Server\160\DTS\Binn\MsDtsSrvr.exe" 2892 NT AUTHORITY\SYSTEM 6256/6284 2151744900/2151746952 1284/1392 8 113 0.0 2025-11-27 02:12:51 19577 SVC:AzureAttestService C:\Windows\system32\svchost.exe -k AzureAttestService -s AzureAttestService 2752 NT AUTHORITY\SYSTEM 15372/15680 2151803520/2151805572 7356/7824 14 209 0.0 2025-11-27 02:12:51 19577 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc 2620 NT AUTHORITY\SYSTEM 30484/31460 2151851560/2151894132 9932/12324 29 581 0.0 2025-11-27 02:12:51 19577 SVC:Spooler C:\Windows\System32\spoolsv.exe 2836 NT AUTHORITY\SYSTEM 38956/39004 4826560/4892356 32492/32772 27 365 0.0 2025-11-27 02:12:51 19577 SVC:Autodesk Data Management Server Revit Dynamo Extension Service "C:\Program Files\Autodesk\Vault Server 2026\DynamoHelperService\Connectivity.DynamoHelperService.exe" 2824 NT AUTHORITY\SYSTEM 30500/30852 4817496/4839312 31820/32372 22 347 0.0 2025-11-27 02:12:51 19577 SVC:Autodesk Data Management Job Dispatch "C:\Program Files\Autodesk\Vault Server 2026\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe" 3204 NT SERVICE\SSISTELEMETRY160 52928/53104 4814912/4828952 36492/36880 32 761 0.0 2025-11-27 02:15:22 19575 SVC:SSISTELEMETRY160 "C:\VaultData\Microsoft SQL Server\160\DTS\Binn\sqlceip.exe" -Service default MSIS 3128 NT AUTHORITY\SYSTEM 28852/29048 2151793284/2151798920 17488/17936 18 243 0.0 2025-11-27 02:12:51 19577 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe 3456 NT AUTHORITY\SYSTEM 39984/40224 199132/207072 25452/26016 33 600 0.0 2025-11-27 02:12:51 19577 SVC:ScreenConnect Client (69e7721040ec1250) "C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=sc.viatek.com.au&p=8041&s=e5ed623a-911a-49b7-9d28-108e87e42822&k=BgIAAACkAABSU0ExAAgAAAEAAQCpFbFNTaYP9amF8McjmZ%2bQ8kLvvhOdthUPFJ78pr76tgUjzgIRnjzFiPwsqi3KH%2bAEGdBbu140Eu8gE8DXpk8y0v9cshavNO51TVuWILGYq54M%2bBpwafW1VRm7r8nJ%2fbpM58Hbc%2fArVsmsigBtGQ03Sse8wIfZ8ZkcfpiApbfZ94oT2gRUGDhLOh%2bbMDJXXzL%2bkCr5oO14ZoU9GzOu1GIPVuArDftfmD9D5O53gdE9njSXgqArzh%2bu06zB9Elvwke8PCvQTLHUpLHkYIOkCt1xNBIihW7ixPWPxb%2f0ZxzZ3sepeYefPryGzmthvqVHmX%2bOysNHAeTxvjOLuUYoCtKt&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAAvNPXVaZ1lUKV0pdTHBSWzQAAAAACAAAAAAAQZgAAAAEAACAAAAALTxgR0FAU1S7Mw9BsZwIsttAG%2b5QOTYHJ2bxHdh5JYQAAAAAOgAAAAAIAACAAAAD%2fvPeS8yjVbZIad5RKpudGqQpuFrOFTURIUZNLQN9zU6AEAAB3gGj3NJzsTdjTdUKwEs1sxwl7C5yB3mi%2f1RTBy6DIvWryJSLC5PSv8I4b5Nhyv4AbNlqU9dSSU%2bsdirfSYBlq%2fSe%2fSRuh2N6xBY87CVPXCn7nqE0Cal7AasSjunc9w7xoBfCuH3cEURtIoMCIbBYbET2NUqK9hG%2bx4d718kLEigTsHjf4JBuLRZyEbZeDVqloEg7zhm2DXfovF48AEClhGpxiaMacX2wYHxlL258jwzlxRC6upO3IQM2NQl1GWylJH1%2f5bXwYwoE%2fDWZQ2zu5CB8dcxXYJPk%2fHkwnPwtL74Ej5QP3y6YAsJqSxr7wjBgYi1Nw94e9Ar3yyj5%2bQ%2bX3E5HubTIQbb3DssmOlHZoVR7vbgGbHy3sze7%2b0qtW6n6lnUzBS%2bm2nWZgbJOlI6q2cjpj2hnc6lwMS%2bdU%2b5D10vIGwyqSHf2ZmI%2bHlmZu4UnPdz8SwztRW%2btS5rdxJPHmifOrkca8Dsn5lwGccrlFIA172%2fb3TQ1Ohv3ay1dDIN%2fSxnt4pcv9qdTqZYCdlvrz7xyr7gEMW8VesqYeZ19SAfk%2bC0NflqKOo1eG6Osgq4l35TX2Ps2GBytm9d5Cb3%2fB29ivtq8sSF4YEXBhl6Sh7auZFixfqxiXFq31NIN5ChBWmwsg5wEf%2bLE9A0qlKCVmIYpXntfpm30t43DWw8IcsjRr8%2fopFVqcDpuitL0SxGsHspEfDIPTa7c0ecdzLFfLnfIT6RDjI%2fffDPhxAIiD1kHfVA672exdPnhTwMyuEvjo0j3PNgmUvEYQwd8HE%2bgYU4ZMh3Fb0tp7tQETxQamV8l7tk07UnN00YNInazxXfQ%2fG2eDl%2bBAZyXQXhcFjZ%2bZJRiQs17JpZhSJzJw%2fS1vgvPptzYVBwE5VMFxHraJTXAP6fC68pLZPnFk1xZjf87MVTlQzoKw2buBZrkaj%2fp1peb3d5i9vOP%2b5O5pRPpwigx1CgUA5D9N0iFAI61VlvVW9ZVSExTGPh1%2fCk8XhhEd3mNKzAlbjpHm9JmdkrDeED8GfuJts%2bID%2fVNm1MkcLkXVjOQPPiQS4yU6zIA8hsIoyv%2bl%2fodA%2fyjFeCZACLe8BOrmiNAvYPo89gx%2f%2fQ3uHElvVy8Uy%2fVngv%2fvIEMwOl%2f%2f722JIKMIzwpY642lUOI0rrMr%2ffMv4EjmEm6jx6SC1C3taeqbagkHTM1sp%2bUrQXJwqI%2bgMOQp99yGFa4RwNUJ4W9SwRFxgS09%2baQlFA6kkPlwafC%2bTr%2fPezOinCTMSKgO5lk98KuRkLHg29L6thgltjoPg1LR9ZBwjL1DDw1b5VIeS5z8cTfzYyyw%2fhKxMz8pQKUMrL2cgEM6caSGliJn3FHFQ521qlMk0svUCwzW1H6i7LIfqXfKvyHwRvKxbIpEE3YXKnTN62HcD%2bSAagUunfg4dj9byaOBchuY04o5lpOiYFgUAmkRfg8mtEgqr0teXCJX1063Fxe%2fTy8sr2vMCUJMYcdibYXB7PXL9LC9AP0tV1vtwBLaby5jmB6xe4%2fgdcn8ZzAmKtNvEG06UI0XCKvxgahfc68NrU7t7QorjzMNgEz7eRqxcBPU%2bK4wngZTPkAAAACqn2nW%2bddJBZ3FJJ3H7iJM81aYPBuZ78EOwB8KOXGkjmtuMHDuq0lmkw6EpF%2bd7tDd86c43z%2bx3AQUkPY%2fCROp&c=Inorail%20Pty%20Ltd&c=INX%20-%20Servers&c=&c=&c=&c=&c=&c=" 3332 Unknown 24652/25336 2151793928/2151800108 11528/11816 17 518 0.0 2025-11-27 02:12:51 19577 SVC:MDCoreSvc 3108 NT AUTHORITY\SYSTEM 14116/16060 4306180/4314224 4660/4916 15 265 0.0 2025-11-27 02:12:51 19577 SVC:FlexNet Licensing Service 64 "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe" 3100 NT AUTHORITY\SYSTEM 44004/73668 2151868684/2151913576 24616/54568 26 573 0.0 2025-11-27 02:12:51 19577 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p 3120 NT AUTHORITY\SYSTEM 8556/8592 4291876/4299052 2320/2388 11 225 0.0 2025-11-27 02:12:51 19577 SVC:HelpDeskService "C:\Program Files (x86)\HelpDeskHost\HelpDesk\\RPCHelpDeskServiceUAC.exe" 3116 NT AUTHORITY\SYSTEM 65308/66908 4881840/5235560 43848/46628 37 951 0.0 2025-11-27 02:14:54 19575 SVC:FOSWindowsService "C:\Program Files\Autodesk\File Operations System\WindowsService\FOS.WindowsService.exe" 2164 NT AUTHORITY\LOCAL SERVICE 9244/9368 2151751900/2151759072 2080/2784 13 290 0.0 2025-11-27 02:12:51 19577 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 2124 NT AUTHORITY\NETWORK SERVICE 9964/10056 2151760504/2151765116 2252/2484 12 234 0.0 2025-11-27 02:12:51 19577 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 2224 NT AUTHORITY\SYSTEM 8956/8988 2151754664/2151761836 1932/2376 13 191 0.0 2025-11-27 02:12:51 19577 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 2192 NT AUTHORITY\LOCAL SERVICE 8148/8344 2151751664/2151755476 2156/2556 10 186 0.0 2025-11-27 02:12:51 19577 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 1896 NT AUTHORITY\LOCAL SERVICE 8708/9440 2151756436/2151760536 2360/3244 10 197 0.0 2025-11-27 02:12:51 19577 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem 1840 NT AUTHORITY\SYSTEM 16876/22600 2151786168/2151801112 5904/6648 18 374 0.0 2025-11-27 02:12:51 19577 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule 2056 NT AUTHORITY\SYSTEM 9564/9784 2151760144/2151762212 2192/2412 14 209 0.0 2025-11-27 02:12:51 19577 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS 1964 NT AUTHORITY\SYSTEM 6024/6056 2151747576/2151749628 1260/1380 8 121 0.0 2025-11-27 02:12:51 19577 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes 2524 NT AUTHORITY\SYSTEM 8736/8768 2151754468/2151759080 2676/2900 14 278 0.0 2025-11-27 02:12:51 19577 SVC:IKEEXT C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT 2416 NT AUTHORITY\SYSTEM 10376/10416 2151759332/2151762408 2340/2500 16 246 0.0 2025-11-27 02:12:51 19577 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 2548 NT AUTHORITY\SYSTEM 10936/11148 2152810972/2152821308 2780/3516 16 358 0.0 2025-11-27 02:12:51 19577 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 2536 NT AUTHORITY\NETWORK SERVICE 7788/7888 2151746656/2151751680 1776/2036 13 173 0.0 2025-11-27 02:12:51 19577 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent 2296 NT AUTHORITY\LOCAL SERVICE 7084/7284 2151777660/2151781572 1816/1960 9 142 0.0 2025-11-27 02:12:51 19577 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache 2272 NT AUTHORITY\LOCAL SERVICE 6400/6428 2151753176/2151756252 1344/1472 7 126 0.0 2025-11-27 02:12:51 19577 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p 2364 NT AUTHORITY\SYSTEM 35032/35132 4764024/4770940 27380/27512 19 638 0.0 2025-11-27 02:13:26 19577 SVC:PME.Agent.PmeService "C:\Program Files (x86)\MspPlatform\PME\PME.Agent.exe" 2324 NT AUTHORITY\SYSTEM 33112/33288 163628/175024 19988/20944 25 454 0.0 2025-11-27 02:15:27 19575 SVC:Windows Agent Maintenance Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" [netstat] PacketsReceived=284324512 ReceivedHeaderErrors=0 ReceivedAddressErrors=1096501 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=214411 ReceivedPacketsDelivered=283293676 OutputRequests=828048829 RoutingDiscards=0 DiscardedOutputPackets=52605 OutputPacketNoRoute=6 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=672100 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=82102 ReceivedPacketsDelivered=590243 OutputRequests=13570 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=473953 tcpPassiveOpens=293259 tcpFailedConnectionAttempts=74377 tcpResetConnections=47784 tcpCurrentConnections=29 tcpSegmentsReceived=285584122 tcpSegmentsSent=814380131 tcpSegmentsRetransmitted=18335391 tcpActiveOpens=2949 tcpPassiveOpens=2921 tcpFailedConnectionAttempts=28 tcpResetConnections=234 tcpCurrentConnections=6 tcpSegmentsReceived=758611 tcpSegmentsSent=745480 tcpSegmentsRetransmitted=112 udpDatagramsReceived=2625731 udpNoPorts=204039 udpReceiveErrors=0 udpDatagramsSent=258817 udpDatagramsReceived=479132 udpNoPorts=82102 udpReceiveErrors=0 udpDatagramsSent=310 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING TCP 0.0.0.0:6183 0.0.0.0:0 LISTENING TCP 0.0.0.0:6184 0.0.0.0:0 LISTENING TCP 0.0.0.0:6190 0.0.0.0:0 LISTENING TCP 0.0.0.0:6290 0.0.0.0:0 LISTENING TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING TCP 0.0.0.0:11731 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 0.0.0.0:49676 0.0.0.0:0 LISTENING TCP 0.0.0.0:49683 0.0.0.0:0 LISTENING TCP 0.0.0.0:49810 0.0.0.0:0 LISTENING TCP 0.0.0.0:61885 0.0.0.0:0 LISTENING TCP 10.2.63.49:80 10.2.62.85:60023 ESTABLISHED TCP 10.2.63.49:80 10.2.62.85:60027 ESTABLISHED TCP 10.2.63.49:139 0.0.0.0:0 LISTENING TCP 10.2.63.49:52607 206.148.0.39:443 ESTABLISHED TCP 10.2.63.49:55982 103.36.248.58:443 ESTABLISHED TCP 10.2.63.49:55992 103.36.248.58:443 ESTABLISHED TCP 10.2.63.49:56430 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56431 206.148.0.208:443 CLOSE_WAIT TCP 10.2.63.49:56466 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56478 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56481 10.2.63.47:135 TIME_WAIT TCP 10.2.63.49:56482 10.2.63.47:49690 TIME_WAIT TCP 10.2.63.49:56486 206.148.0.208:443 CLOSE_WAIT TCP 10.2.63.49:56487 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56488 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56490 20.42.73.26:443 TIME_WAIT TCP 10.2.63.49:56491 20.42.73.26:443 TIME_WAIT TCP 10.2.63.49:56499 206.148.0.208:443 CLOSE_WAIT TCP 10.2.63.49:56500 206.148.0.208:443 CLOSE_WAIT TCP 10.2.63.49:56506 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56509 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56512 104.18.109.87:443 TIME_WAIT TCP 10.2.63.49:56516 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56520 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56523 206.148.0.208:443 TIME_WAIT TCP 10.2.63.49:56530 125.253.56.44:443 ESTABLISHED TCP 10.2.63.49:56534 38.91.40.105:443 TIME_WAIT TCP 10.2.63.49:60092 8.38.48.118:443 ESTABLISHED TCP 10.2.63.49:60341 206.148.0.209:443 ESTABLISHED TCP 10.2.63.49:62312 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:62422 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:62426 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:62427 10.2.63.48:445 ESTABLISHED TCP 127.0.0.1:3389 127.0.0.1:56546 CLOSE_WAIT TCP 127.0.0.1:6290 127.0.0.1:49677 ESTABLISHED TCP 127.0.0.1:9395 0.0.0.0:0 LISTENING TCP 127.0.0.1:42000 0.0.0.0:0 LISTENING TCP 127.0.0.1:43227 0.0.0.0:0 LISTENING TCP 127.0.0.1:49565 127.0.0.1:49566 ESTABLISHED TCP 127.0.0.1:49566 127.0.0.1:49565 ESTABLISHED TCP 127.0.0.1:49571 127.0.0.1:49572 ESTABLISHED TCP 127.0.0.1:49572 127.0.0.1:49571 ESTABLISHED TCP 127.0.0.1:49674 0.0.0.0:0 LISTENING TCP 127.0.0.1:49674 127.0.0.1:56498 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:56525 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:56526 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:56536 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:56538 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:56541 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:56547 TIME_WAIT TCP 127.0.0.1:49677 127.0.0.1:6290 ESTABLISHED TCP 127.0.0.1:50086 0.0.0.0:0 LISTENING TCP 127.0.0.1:50086 127.0.0.1:62149 ESTABLISHED TCP 127.0.0.1:50086 127.0.0.1:62151 ESTABLISHED TCP 127.0.0.1:50147 127.0.0.1:62781 ESTABLISHED TCP 127.0.0.1:50154 0.0.0.0:0 LISTENING TCP 127.0.0.1:56461 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:56480 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56484 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56492 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56494 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56513 127.0.0.1:80 TIME_WAIT TCP 127.0.0.1:56524 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56525 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56527 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:56528 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56529 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56536 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56537 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56539 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56540 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56542 127.0.0.1:80 TIME_WAIT TCP 127.0.0.1:56544 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:56545 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56546 127.0.0.1:3389 FIN_WAIT_2 TCP 127.0.0.1:56547 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:56548 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:62149 127.0.0.1:50086 ESTABLISHED TCP 127.0.0.1:62151 127.0.0.1:50086 ESTABLISHED TCP 127.0.0.1:62781 0.0.0.0:0 LISTENING TCP 127.0.0.1:62781 127.0.0.1:50147 ESTABLISHED TCP 127.0.0.1:64902 0.0.0.0:0 LISTENING TCP [::]:80 [::]:0 LISTENING TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:5985 [::]:0 LISTENING TCP [::]:6160 [::]:0 LISTENING TCP [::]:6162 [::]:0 LISTENING TCP [::]:6183 [::]:0 LISTENING TCP [::]:6184 [::]:0 LISTENING TCP [::]:6190 [::]:0 LISTENING TCP [::]:6290 [::]:0 LISTENING TCP [::]:8000 [::]:0 LISTENING TCP [::]:11731 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49669 [::]:0 LISTENING TCP [::]:49670 [::]:0 LISTENING TCP [::]:49676 [::]:0 LISTENING TCP [::]:49683 [::]:0 LISTENING TCP [::]:49810 [::]:0 LISTENING TCP [::]:61885 [::]:0 LISTENING TCP [::1]:80 [::1]:49969 ESTABLISHED TCP [::1]:9395 [::]:0 LISTENING TCP [::1]:49969 [::1]:80 ESTABLISHED TCP [::1]:50154 [::]:0 LISTENING TCP [fe80::c02a:7289:617b:f4c8%9]:80 [fe80::c02a:7289:617b:f4c8%9]:56263 ESTABLISHED TCP [fe80::c02a:7289:617b:f4c8%9]:80 [fe80::c02a:7289:617b:f4c8%9]:62148 ESTABLISHED TCP [fe80::c02a:7289:617b:f4c8%9]:56263 [fe80::c02a:7289:617b:f4c8%9]:80 ESTABLISHED TCP [fe80::c02a:7289:617b:f4c8%9]:62148 [fe80::c02a:7289:617b:f4c8%9]:80 ESTABLISHED UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:42000 *:* UDP 0.0.0.0:43212 *:* UDP 0.0.0.0:60348 *:* UDP 0.0.0.0:62080 *:* UDP 0.0.0.0:62298 *:* UDP 0.0.0.0:62299 *:* UDP 10.2.63.49:137 *:* UDP 10.2.63.49:138 *:* UDP 10.2.63.49:1900 *:* UDP 10.2.63.49:62303 *:* UDP 127.0.0.1:1900 *:* UDP 127.0.0.1:50201 127.0.0.1:50201 UDP 127.0.0.1:51641 127.0.0.1:51641 UDP 127.0.0.1:59507 127.0.0.1:59507 UDP 127.0.0.1:61790 127.0.0.1:61790 UDP 127.0.0.1:61792 127.0.0.1:61792 UDP 127.0.0.1:62300 127.0.0.1:62300 UDP 127.0.0.1:62304 *:* UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:1434 *:* UDP [::]:3389 *:* UDP [::]:4500 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:62080 *:* UDP [::]:62299 *:* UDP [::1]:1900 *:* UDP [::1]:62302 *:* UDP [fe80::c02a:7289:617b:f4c8%9]:1900 *:* UDP [fe80::c02a:7289:617b:f4c8%9]:62301 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : INO-RUT-VLT01 Primary Dns Suffix . . . . . . . : inside.inoxihp.com.au Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : inside.inoxihp.com.au Ethernet adapter Ethernet Instance 0: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 52-54-00-B7-FB-29 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c02a:7289:617b:f4c8%9(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.63.49(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.2.63.1 DHCPv6 IAID . . . . . . . . . . . : 106058752 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-B6-8E-1E-52-54-00-B7-FB-29 DNS Servers . . . . . . . . . . . : 10.2.63.45 10.2.63.47 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 9...52 54 00 b7 fb 29 ......Intel(R) 82574L Gigabit Network Connection 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.2.63.1 10.2.63.49 281 10.2.63.0 255.255.255.0 On-link 10.2.63.49 281 10.2.63.49 255.255.255.255 On-link 10.2.63.49 281 10.2.63.255 255.255.255.255 On-link 10.2.63.49 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.2.63.49 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.2.63.49 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.2.63.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 9 281 fe80::/64 On-link 9 281 fe80::c02a:7289:617b:f4c8/128 On-link 1 331 ff00::/8 On-link 9 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.2.63.49 72449128203 1231497294642 [svcs] Name StartupType Status DisplayName AdskLicensingService automatic started Autodesk Desktop Licensing Service AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient automatic stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) aspnet_state manual stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio Autodesk_Access_Service_Host automatic started Autodesk Access Service Host Autodesk_CER_Service automatic started Autodesk CER Service Autodesk_Data_Management_Job_Dispatch automatic started Autodesk Data Management Job Dispatch Autodesk_Data_Management_Server_Revit_Dynamo_Extension_Service automatic started Autodesk Data Management Server Revit Dynamo Extension Service AutomationManagerAgent automatic started Automation Manager Agent AxInstSV manual stopped ActiveX Installer (AxInstSV) AzureAttestService automatic started AzureAttestService Backup_Service_Controller automatic started Backup Service Controller BASupportExpressSrvcUpdater_N_Central automatic started N-able Take Control Updater Service (N-Central) BASupportExpressStandaloneService_N_Central automatic started N-able Take Control Service (N-Central) BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FlexNet_Licensing_Service_64 automatic started FlexNet Licensing Service 64 FontCache automatic started Windows Font Cache Service FOSWindowsService automatic started Autodesk File Operations System Service FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService143.0.7482.0 disabled stopped Google Updater Internal Service (GoogleUpdaterInternalService143.0.7482.0) GoogleUpdaterService143.0.7482.0 disabled stopped Google Updater Service (GoogleUpdaterService143.0.7482.0) gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc HelpDeskService automatic started HelpDeskService hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service IDriveService automatic started IDriveService IISADMIN automatic started IIS Admin Service IKEEXT automatic started IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc manual stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager LTService automatic started Viatek Technology Monitoring Service LTSvcMon automatic started Viatek Technology Monitoring Service Watchdog Service MapsBroker disabled stopped Downloaded Maps Manager MBAMService automatic started Malwarebytes Service MBVpnTunnelService manual stopped MBVpnTunnelService McpManagementService manual stopped McpManagementService MDCoreSvc automatic started Microsoft Defender Core Service Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSDTC automatic started Distributed Transaction Coordinator MsDtsServer160 automatic started SQL Server Integration Services 16.0 MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MSSQL$AUTODESKVAULT automatic started SQL Server (AUTODESKVAULT) MSSQLFDLauncher$AUTODESKVAULT manual started SQL Full-text Filter Daemon Launcher (AUTODESKVAULT) NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm automatic started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing manual stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PME.Agent.PmeService automatic started PME Agent PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual stopped Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy ScreenConnect_Client_(69e7721040ec1250) automatic started ScreenConnect Client (69e7721040ec1250) seclogon manual stopped Secondary Logon SecurityHealthService manual started Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess manual stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc manual stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap SolarWinds.MSP.CacheService automatic started File Cache Service Agent SolarWinds.MSP.RpcServerService automatic started Request Handler Agent Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SQLAgent$AUTODESKVAULT manual stopped SQL Server Agent (AUTODESKVAULT) SQLBrowser automatic started SQL Server Browser SQLTELEMETRY$AUTODESKVAULT automatic started SQL Server CEIP service (AUTODESKVAULT) SQLWriter automatic started SQL Server VSS Writer SSDPSRV manual started SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SSISTELEMETRY160 automatic started SQL Server Integration Services CEIP service 16.0 SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv automatic started Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual stopped Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual stopped Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate manual stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost manual stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk VeeamDeploySvc automatic started Veeam Installer Service VeeamEndpointBackupSvc automatic started Veeam Agent for Microsoft Windows VeeamTransportSvc automatic started Veeam Data Mover Service VG.LocalAgent manual stopped Autodesk Vault Gateway Local Agent vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSInstallerElevationService manual stopped Visual Studio Installer Elevation Service VSS automatic started Volume Shadow Copy VSStandardCollectorService150 manual stopped Visual Studio Standard Collector Service 150 W32Time automatic started Windows Time w3logsvc manual stopped W3C Logging Service W3SVC automatic started World Wide Web Publishing Service WaaSMedicSvc manual started Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WAS manual started Windows Process Activation Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual started Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service Windows_Agent_Maintenance_Service automatic started Windows Agent Maintenance Service Windows_Agent_Service automatic started Windows Agent Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc manual stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WSearch manual started Windows Search wuauserv automatic stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 1174634 13 days 14 hours 17 minutes 13 seconds Bootup: 20251127021247.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerBindings :80: ServerState 2 [XymonConfig] XymonSettings serversList : xymon.twilightcomputer.au serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : ino-rut-vlt01 clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\XYMON\local servergiflocation : /xymon/gifs/ servers : xymon.twilightcomputer.au clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname ino-rut-vlt01 [XymonPSClientInfo] Collection number: 3914 Last transmission method: TCP Id : 7084 Handles : 563 CPU : 5181.890625 SI : 0 Name : powershell