[collector:] client ino-rut-vlt01.powershell powershell XymonPS [date] Wed 10 Dec 22:15:19 2025 [clock] epoch: 1765365319 local: Wed 10 Dec 22:15:19 2025 UTC: Wed 10 Dec 11:15:19 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 5 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0067883s Root Dispersion: 0.0915387s ReferenceId: 0x0A023F2F (source IP: 10.2.63.47) Last Successful Sync Time: 10/12/2025 10:04:08 PM Source: INO-RUT-DC02.inside.inoxihp.com.au Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter (build 20348) [cpu] up: 13 days, 0 users, 141 procs, load=2.12% CPU states: total 2.12% cores: 6 CPU PID Image Name Pri Time MemUsage 0.5% 4068 SVC:MBAMService 8 11:56:01 279568k 0.5% 3820 SVC:WinDefend 8 08:07:30 325456k 0.2% 8572 AdskIdentityManager 8 02:52:08 20432k 0.1% 4228 SVC:BASupportExpressStandalone 13 01:03:58 55384k 0.1% 3384 SVC:Mesh Agent 8 02:14:41 5792844k 0.1% 1392 SVC:EventLog 8 02:10:34 45476k 0.1% 6148 SVC:IDriveService 8 10:08:48 518880k 0.1% 4 System 8 02:10:52 144k 0.1% 7084 powershell 8 01:27:56 164008k 0.0% 3280 SVC:Winmgmt 8 00:42:40 34880k 0.0% 5368 SVC:WSearch 8 00:06:50 26624k 0.0% 10524 SVC:LTService 8 00:05:17 34648k 0.0% 12668 WmiPrvSE 8 00:03:26 34544k 0.0% 3784 SVC:Windows Agent Service 8 00:21:43 323848k 0.0% 10404 w3wp 8 00:01:04 187496k 0.0% 12084 BASupSysInf 6 00:01:34 19548k 0.0% 2180 BackupFP 8 02:25:38 592292k 0.0% 1684 SVC:msiserver 8 00:00:00 17252k 0.0% 2732 SVC:AdskLicensingService 8 00:28:49 25164k 0.0% 768 SVC:KeyIso/Netlogon/SamSs 9 00:53:40 28944k 0.0% 1228 SVC:Dnscache 8 00:07:21 10048k 0.0% 760 services 9 00:15:18 16896k 0.0% 2788 SVC:Autodesk CER Service 8 00:12:48 28664k 0.0% 7492 SVC:DPS 8 00:11:48 22912k 0.0% 1304 SVC:MSSQL$AUTODESKVAULT 8 02:32:39 19414440k 0.0% 520 csrss 13 00:04:19 7048k 0.0% 1008 SVC:RpcEptMapper/RpcSs 8 00:10:06 33220k 0.0% 11900 WmiPrvSE 8 00:00:00 14336k 0.0% 5548 w3wp 8 00:01:42 449388k 0.0% 4372 SVC:NetSetupSvc 8 00:00:00 6868k 0.0% 4992 Veeam.Guest.Interaction.Proxy 8 00:00:00 10168k 0.0% 4304 SVC:RasMan 8 00:00:12 13648k 0.0% 4420 fdhost 8 00:00:07 7524k 0.0% 5244 dllhost 8 00:00:00 12924k 0.0% 3964 SVC:W3SVC/WAS 8 00:00:08 13588k 0.0% 5132 AggregatorHost 8 00:00:19 11060k 0.0% 5060 conhost 8 00:00:00 10784k 0.0% 14216 SVC:LTSvcMon 8 00:00:11 14532k 0.0% 4024 SVC:VeeamTransportSvc 8 00:00:01 10728k 0.0% 4048 SVC:VeeamDeploySvc 8 00:00:07 20172k 0.0% 3952 SVC:WinRM 8 00:00:06 12780k 0.0% 3844 SVC:XymonPSClient 8 00:00:00 6596k 0.0% 3720 SVC:TrkWks 8 00:00:03 6080k 0.0% 3600 SVC:SysMain 8 00:00:01 7244k 0.0% 3512 SVC:LanmanServer 8 00:01:00 9448k 0.0% 3504 SVC:SQLWriter 8 00:03:15 55860k 0.0% 3552 SVC:SQLBrowser 8 00:00:00 6228k 0.0% 4056 SVC:WpnService 8 00:00:00 11196k 0.0% 3756 SVC:UsoSvc 8 00:00:12 13948k 0.0% 5348 SVC:VeeamEndpointBackupSvc 8 00:01:01 96960k 0.0% 8992 SVC:MSSQLFDLauncher$AUTODESKVA 8 00:00:00 4604k 0.0% 9168 SVC:SolarWinds.MSP.RpcServerSe 8 00:01:38 77392k 0.0% 9332 SVC:StateRepository 8 00:00:10 12216k 0.0% 8136 NableReactiveManagement 8 00:00:14 45624k 0.0% 8556 SVC:WdNisSvc 8 00:01:49 13860k 0.0% 8836 SVC:CDPSvc 8 00:00:00 12028k 0.0% 9492 conhost 8 00:00:00 10864k 0.0% 10308 SVC:DsSvc 8 00:00:00 11144k 0.0% 13080 SVC:WdiSystemHost 8 00:00:00 6368k 0.0% 13352 conhost 6 00:00:00 11012k 0.0% 9588 SVC:MSDTC 8 00:00:00 11380k 0.0% 9908 SVC:UALSVC 8 00:00:02 21152k 0.0% 9960 SVC:ScreenConnect Client (69e7 8 00:00:01 41420k 0.0% 7964 SVC:PcaSvc 8 00:00:05 13336k 0.0% 6620 SVC:DispBrokerDesktopSvc 8 00:00:00 7472k 0.0% 6720 SVC:AppXSvc 8 00:00:00 11596k 0.0% 6756 conhost 8 00:00:00 10788k 0.0% 5880 adsk_hive_host 8 00:00:43 26440k 0.0% 6068 SVC:SQLTELEMETRY$AUTODESKVAULT 6 00:02:50 70576k 0.0% 6152 SVC:WaaSMedicSvc 8 00:00:00 8304k 0.0% 6932 AdskLicensingAgent 8 00:00:01 23836k 0.0% 7324 SVC:StorSvc 8 00:00:01 15516k 0.0% 7432 conhost 8 00:00:00 10784k 0.0% 7712 w3wp 8 00:00:03 47720k 0.0% 7064 SVC:BASupportExpressSrvcUpdate 8 00:01:56 25508k 0.0% 7092 conhost 8 00:03:10 15292k 0.0% 7188 NableSixtyFourBitManager 8 00:00:04 67188k 0.0% 3472 SVC:SstpSvc 8 00:00:00 7652k 0.0% 1172 SVC:SolarWinds.MSP.CacheServic 8 00:01:31 54956k 0.0% 1324 LogonUI 13 00:00:16 53796k 0.0% 1464 dwm 13 00:01:27 51888k 0.0% 1152 SVC:TimeBrokerSvc 8 00:00:00 6488k 0.0% 1096 SVC:SecurityHealthService 8 00:00:00 11656k 0.0% 1136 SVC:Dhcp 8 00:00:39 8408k 0.0% 1144 SVC:NcbService 8 00:00:00 8680k 0.0% 1480 SVC:BFE/mpssvc 8 00:01:01 19272k 0.0% 1740 SVC:CertPropSvc 8 00:00:00 6644k 0.0% 1768 SVC:netprofm 8 00:00:10 11720k 0.0% 1800 SVC:UmRdpService 8 00:00:00 7028k 0.0% 1700 SVC:gpsvc 8 00:00:06 18612k 0.0% 1556 SVC:ProfSvc 8 00:00:00 11672k 0.0% 1572 SVC:NlaSvc 8 00:00:00 13112k 0.0% 1656 SVC:UserManager 8 00:00:00 8172k 0.0% 1048 SVC:W32Time 8 00:00:13 8896k 0.0% 616 wininit 13 00:00:00 7296k 0.0% 624 csrss 13 00:00:01 6040k 0.0% 688 winlogon 13 00:00:00 10588k 0.0% 472 SVC:LSM 8 00:01:20 9736k 0.0% 0 Idle 0 8k 0.0% 148 Registry 8 00:01:01 110740k 0.0% 408 smss 11 00:00:00 1256k 0.0% 732 SVC:TermService 8 00:00:47 16168k 0.0% 948 SVC:SSDPSRV 8 00:01:05 8460k 0.0% 1028 SVC:nsi 8 00:00:15 9032k 0.0% 1040 SVC:lmhosts 8 00:00:00 5760k 0.0% 936 fontdrvhost 8 00:00:00 4560k 0.0% 848 SVC:Backup Service Controller 8 00:00:26 10744k 0.0% 900 SVC:BrokerInfrastructure/DcomL 8 00:01:01 17460k 0.0% 928 fontdrvhost 8 00:00:02 7544k 0.0% 1840 SVC:Schedule 8 00:01:08 16904k 0.0% 2872 SVC:AutomationManagerAgent 8 00:01:02 164248k 0.0% 2892 SVC:AzureAttestService 8 00:00:00 6256k 0.0% 2988 SVC:MsDtsServer160 8 00:00:00 24204k 0.0% 2844 SVC:Autodesk Access Service Ho 8 00:00:58 55908k 0.0% 2752 SVC:AppHostSvc 8 00:00:12 15364k 0.0% 2824 SVC:Autodesk Data Management J 8 00:00:29 30636k 0.0% 2836 SVC:Autodesk Data Management S 8 00:00:03 38972k 0.0% 3076 SVC:CryptSvc 8 00:31:13 24084k 0.0% 3128 SVC:IISADMIN 8 00:01:04 28836k 0.0% 3204 SVC:SSISTELEMETRY160 6 00:00:16 52948k 0.0% 3332 SVC:MDCoreSvc 8 00:00:16 24640k 0.0% 3120 SVC:HelpDeskService 8 00:00:37 8556k 0.0% 3100 SVC:DiagTrack 8 00:01:36 44048k 0.0% 3108 SVC:FlexNet Licensing Service 8 00:00:29 14132k 0.0% 3116 SVC:FOSWindowsService 8 00:00:52 65364k 0.0% 2620 SVC:Spooler 8 00:00:21 30548k 0.0% 2164 SVC:Wcmsvc 8 00:00:01 9232k 0.0% 2192 SVC:WinHttpAutoProxySvc 8 00:00:09 8196k 0.0% 2224 SVC:ShellHWDetection 8 00:00:00 8956k 0.0% 2124 SVC:LanmanWorkstation 8 00:00:36 9932k 0.0% 1896 SVC:EventSystem 8 00:00:16 8656k 0.0% 1964 SVC:Themes 8 00:00:00 6024k 0.0% 2056 SVC:SENS 8 00:00:01 9580k 0.0% 2272 SVC:CoreMessagingRegistrar 8 00:00:16 6400k 0.0% 2524 SVC:IKEEXT 8 00:00:01 8752k 0.0% 2536 SVC:PolicyAgent 8 00:00:09 7788k 0.0% 2548 SVC:iphlpsvc 8 00:00:01 10936k 0.0% 2416 SVC:SessionEnv 8 00:00:00 10376k 0.0% 2296 SVC:FontCache 8 00:00:00 7112k 0.0% 2324 SVC:Windows Agent Maintenance 8 00:00:11 33104k 0.0% 2364 SVC:PME.Agent.PmeService 8 00:00:02 34876k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 209074172 91721600 117352572 44% /FIXED/C:\ 199.39\111.92 E 3145709564 1818978192 1326731372 58% /FIXED/E:\ Vault_Data 2999.98\1265.27 [memory] memory Total Used physical: 65535 32279 virtual: 9728 79 page: 75263 32531 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 32283 Security Circular 20971520 61960 System Circular 20971520 43459 Application [msgs:eventlog_Security] [msgs:eventlog_System] [msgs:eventlog_Application] Information - 12/10/2025 22:14:23 - [10001] - Microsoft-Windows-RestartManager - Ending session 0 started ?2025?-?12?-?10T11:14:22.424869200Z. Information - 12/10/2025 22:14:23 - [1042] - MsiInstaller - Ending a Windows Installer transaction: {ED85AD79-E341-4F87-A796-F36B9F6C91C8}. Client Process Id: 2616. Information - 12/10/2025 22:14:23 - [1034] - MsiInstaller - Windows Installer removed the product. Product Name: MSP Core Agent. Product Version: 1.0.65.0. Product Language: 1033. Manufacturer: N-able Technologies Ltd.. Removal success or error status: 0. Information - 12/10/2025 22:14:23 - [11724] - MsiInstaller - Product: MSP Core Agent -- Removal completed successfully. Information - 12/10/2025 22:14:22 - [10000] - Microsoft-Windows-RestartManager - Starting session 0 - ?2025?-?12?-?10T11:14:22.424869200Z. Information - 12/10/2025 22:14:22 - [1040] - MsiInstaller - Beginning a Windows Installer transaction: {ED85AD79-E341-4F87-A796-F36B9F6C91C8}. Client Process Id: 2616. [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 4068 Unknown 279568/1026096 5167772/6188724 438256/1261556 69 4351 0.5 2025-11-27 02:12:52 19922 SVC:MBAMService 3820 Unknown 325456/1168636 2152943520/2154002512 346776/1152004 246 993 0.5 2025-11-27 02:12:52 19922 SVC:WinDefend 8572 IIS APPPOOL\AutodeskFSPool 20432/20856 4318400/4333436 5920/6584 20 278 0.2 2025-11-28 07:15:37 18180 AdskIdentityManager "C:\Program Files\Autodesk\AdskIdentityManager\1.14.0.3/AdskIdentityManager.exe" --process_name Autodesk.IDSDK.DefaultProcess-v2 --server_name Autodesk.IDSDK.DefaultServer-v2 4228 NT AUTHORITY\SYSTEM 55384/57684 183000/187572 41424/41600 43 437 0.1 2025-12-05 00:10:20 8525 SVC:BASupportExpressStandaloneService_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe" 3384 NT AUTHORITY\SYSTEM 5792844/5793144 10196688/10202744 5897392/5897496 68 330 0.1 2025-11-27 02:12:51 19922 SVC:Mesh Agent "C:\Program Files\Mesh Agent\MeshAgent.exe" 1392 NT AUTHORITY\LOCAL SERVICE 45476/79468 2151836508/2152517252 55696/72208 20 1642 0.1 2025-11-27 02:12:51 19922 SVC:EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 6148 NT AUTHORITY\SYSTEM 518880/890100 5277224/5774012 486368/920576 61 4110 0.1 2025-11-27 02:15:17 19920 SVC:IDriveService "C:\Program Files (x86)\IDriveWindows\id_service.exe" 4 Unknown 144/5960 3968/19008 44/72 0 2520 0.1 2025-11-27 02:12:49 19922 System 7084 NT AUTHORITY\SYSTEM 164008/187156 2152408980/2152448944 118112/141392 39 580 0.1 2025-11-27 02:12:54 19922 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\XYMON\xymonclient.ps1" 3280 NT AUTHORITY\SYSTEM 34880/43812 2151848700/2151873852 19896/28972 22 502 0.0 2025-11-27 02:12:51 19922 SVC:Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 5368 NT AUTHORITY\SYSTEM 26624/27284 2152389180/2152393280 21728/23088 44 670 0.0 2025-11-27 04:48:36 19767 SVC:WSearch C:\Windows\system32\SearchIndexer.exe /Embedding 10524 NT AUTHORITY\SYSTEM 34648/256184 5000272/5192540 135268/320132 65 2318 0.0 2025-12-09 08:50:19 2245 SVC:LTService C:\Windows\LTSvc\LTSVC.exe -sLTService 12668 NT AUTHORITY\NETWORK SERVICE 34544/43176 2151827160/2151855116 15656/21744 24 1660 0.0 2025-12-10 00:17:36 1318 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding 3784 NT AUTHORITY\SYSTEM 323848/358096 947084/997520 294976/337048 119 2560 0.0 2025-11-27 02:12:51 19922 SVC:Windows Agent Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" 10404 IIS APPPOOL\AutodeskFSPool 187496/256756 2166426840/2166522060 301096/327316 76 1378 0.0 2025-12-10 09:23:20 772 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "AutodeskFSPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipm91164642-f5fd-41f1-9659-e460c84e8212 -h "C:\inetpub\temp\apppools\AutodeskFSPool\AutodeskFSPool.config" -w "" -m 0 -t 20 -ta 0 12084 NT AUTHORITY\SYSTEM 19548/48940 108056/129340 6344/29444 18 271 0.0 2025-12-10 02:41:24 1174 BASupSysInf C:\PROGRA~2\BEANYW~1\GETSUP~1\BASupSysInf.exe -pldpipeid 2WoCsuA0MvLT9DJbSyfdowXH7rGdfArriE9SwlPBm5OKO2Nf0G7SJbUQGqSywkCd 2180 NT AUTHORITY\SYSTEM 592292/932548 5394112/5637984 578332/924928 60 860 0.0 2025-11-29 11:44:54 16470 BackupFP "C:\Program Files\Backup Manager\BackupFP.exe" 1684 NT AUTHORITY\SYSTEM 17252/22984 2151806072/2151837452 7800/11216 14 253 0.0 2025-12-10 22:13:45 2 SVC:msiserver C:\Windows\system32\msiexec.exe /V 2732 NT AUTHORITY\LOCAL SERVICE 25164/27544 5448196/5452628 23224/24760 16 214 0.0 2025-11-27 02:12:51 19922 SVC:AdskLicensingService "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe" 768 NT AUTHORITY\SYSTEM 28944/30604 2151781208/2151785912 12548/14472 32 1829 0.0 2025-11-27 02:12:50 19922 SVC:KeyIso/Netlogon/SamSs C:\Windows\system32\lsass.exe 1228 NT AUTHORITY\NETWORK SERVICE 10048/10280 2151769280/2151771328 3700/3984 16 328 0.0 2025-11-27 02:12:51 19922 SVC:Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache 760 Unknown 16896/61516 2151768788/2152835076 8444/15628 16 789 0.0 2025-11-27 02:12:50 19922 services 2788 NT AUTHORITY\LOCAL SERVICE 28664/29324 5483444/5487544 24540/25340 18 343 0.0 2025-11-27 02:12:51 19922 SVC:Autodesk CER Service "C:\Program Files\Autodesk\Autodesk CER\service\cer_service.exe" 7492 NT AUTHORITY\LOCAL SERVICE 22912/26088 2151832784/2152364968 19172/21696 17 312 0.0 2025-11-27 02:14:53 19920 SVC:DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 1304 NT SERVICE\MSSQL$AUTODESKVAULT 19414440/19415892 131384740/131422504 19776936/19791972 353 1235 0.0 2025-11-27 02:15:18 19920 SVC:MSSQL$AUTODESKVAULT "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\sqlservr.exe" -sAUTODESKVAULT 520 Unknown 7048/7148 2151785120/2151786404 2424/2532 29 910 0.0 2025-11-27 02:12:50 19922 csrss 1008 NT AUTHORITY\NETWORK SERVICE 33220/33324 2151781512/2151794984 25888/26172 18 1429 0.0 2025-11-27 02:12:51 19922 SVC:RpcEptMapper/RpcSs C:\Windows\system32\svchost.exe -k RPCSS -p 11900 NT AUTHORITY\LOCAL SERVICE 14336/26412 2151773992/2151778628 4904/17388 13 192 0.0 2025-12-10 21:20:02 55 WmiPrvSE C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding 5548 IIS APPPOOL\AutodeskDMPool 449388/799336 2166356988/2166369140 591672/955604 74 1300 0.0 2025-12-10 09:18:39 777 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "AutodeskDMPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipmeeb64098-1596-42d7-890f-5755ae7b006b -h "C:\inetpub\temp\apppools\AutodeskDMPool\AutodeskDMPool.config" -w "" -m 0 -t 20 -ta 0 4372 NT AUTHORITY\SYSTEM 6868/7248 2151749312/2151751308 1692/1764 9 128 0.0 2025-12-10 22:15:04 0 SVC:NetSetupSvc C:\Windows\System32\svchost.exe -k netsvcs -p -s NetSetupSvc 4992 NT AUTHORITY\SYSTEM 10168/10260 51428/60392 1948/2396 17 239 0.0 2025-11-27 02:12:52 19922 Veeam.Guest.Interaction.Proxy "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe" 4304 NT AUTHORITY\SYSTEM 13648/13700 2151778448/2151781548 3648/3852 24 428 0.0 2025-11-27 02:12:52 19922 SVC:RasMan C:\Windows\System32\svchost.exe -k netsvcs 4420 NT SERVICE\MSSQLFDLauncher$AUTOD 7524/7796 4317324/4389264 39120/39600 12 259 0.0 2025-11-27 02:15:22 19920 fdhost "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\fdhost.exe" "MSSQL16.AUTODESKVAULTG9a3ed1f2fd7b8f4546fa39bfc933bebf90169ml6" "MSSQL16.AUTODESKVAULT" "MSSQL16.AUTODESKVAULT" "12" "" "16384" "M" "0" "" "" "" 5244 NT AUTHORITY\SYSTEM 12924/12996 2152300188/2152306988 3768/3988 18 211 0.0 2025-11-27 02:12:53 19922 dllhost C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} 3964 NT AUTHORITY\SYSTEM 13588/13628 2151775648/2151778212 5872/6152 16 260 0.0 2025-11-27 02:12:52 19922 SVC:W3SVC/WAS C:\Windows\system32\svchost.exe -k iissvcs 5132 NT AUTHORITY\SYSTEM 11060/22324 2151747420/2151760024 6296/8984 8 123 0.0 2025-11-27 02:12:52 19922 AggregatorHost AggregatorHost.exe 5060 NT AUTHORITY\SYSTEM 10784/10820 2151756576/2151758116 6192/6276 7 86 0.0 2025-11-27 02:12:52 19922 conhost \??\C:\Windows\system32\conhost.exe 0x4 14216 NT AUTHORITY\SYSTEM 14532/43936 4815720/4821852 35940/36288 29 516 0.0 2025-12-09 07:43:46 2311 SVC:LTSvcMon C:\Windows\LTSvc\LTSvcMon.exe -sLTService 4024 NT AUTHORITY\SYSTEM 10728/11516 55196/61600 2396/2684 17 237 0.0 2025-11-27 02:12:52 19922 SVC:VeeamTransportSvc "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe" 4048 NT AUTHORITY\SYSTEM 20172/20876 86884/97264 4660/5404 26 404 0.0 2025-11-27 02:12:52 19922 SVC:VeeamDeploySvc "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160 3952 NT AUTHORITY\NETWORK SERVICE 12780/12960 2151781748/2151783288 3256/3900 13 240 0.0 2025-11-27 02:12:52 19922 SVC:WinRM C:\Windows\System32\svchost.exe -k NetworkService -p -s WinRM 3844 NT AUTHORITY\SYSTEM 6596/6780 4267956/4272496 1880/2180 8 124 0.0 2025-11-27 02:12:52 19922 SVC:XymonPSClient "C:\Program Files\XYMON\nssm.exe" 3720 NT AUTHORITY\SYSTEM 6080/6100 2151744788/2151746840 1328/1456 8 143 0.0 2025-11-27 02:12:51 19922 SVC:TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 3600 NT AUTHORITY\SYSTEM 7244/7264 2155941260/2155944336 1920/2000 9 144 0.0 2025-11-27 02:12:51 19922 SVC:SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 3512 NT AUTHORITY\SYSTEM 9448/9500 2151755412/2151760044 2548/2700 11 213 0.0 2025-11-27 02:12:51 19922 SVC:LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs -s LanmanServer 3504 NT AUTHORITY\SYSTEM 55860/57960 4375080/4460772 44568/50240 22 391 0.0 2025-11-27 02:12:51 19922 SVC:SQLWriter "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" 3552 NT AUTHORITY\LOCAL SERVICE 6228/6316 32640/37764 1744/1968 12 160 0.0 2025-11-27 02:12:51 19922 SVC:SQLBrowser "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe" 4056 NT AUTHORITY\SYSTEM 11196/11264 2151753564/2151758688 1404/1716 8 127 0.0 2025-11-27 02:12:52 19922 SVC:WpnService C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService 3756 NT AUTHORITY\SYSTEM 13948/13996 2151769292/2151771344 3504/3612 15 254 0.0 2025-11-27 02:12:51 19922 SVC:UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 5348 NT AUTHORITY\SYSTEM 96960/119216 4985412/5043648 54744/56092 66 1019 0.0 2025-11-27 02:12:53 19922 SVC:VeeamEndpointBackupSvc "C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe" 8992 NT SERVICE\MSSQLFDLauncher$AUTOD 4604/4748 4249168/4254160 888/1004 6 78 0.0 2025-11-27 02:15:22 19920 SVC:MSSQLFDLauncher$AUTODESKVAULT "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\fdlauncher.exe" -s MSSQL16.AUTODESKVAULT 9168 NT AUTHORITY\SYSTEM 77392/139924 300840/376620 48672/123284 67 671 0.0 2025-11-27 02:13:24 19922 SVC:SolarWinds.MSP.RpcServerService "C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe" 9332 NT AUTHORITY\SYSTEM 12216/14184 2151757788/2151759328 4688/6604 9 136 0.0 2025-11-27 02:14:55 19920 SVC:StateRepository C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository 8136 NT AUTHORITY\SYSTEM 45624/50272 4815092/4873300 34932/39852 25 699 0.0 2025-11-27 02:12:57 19922 NableReactiveManagement "C:\Program Files (x86)\N-able Technologies\Reactive\bin\NableReactiveManagement.exe" 8556 Unknown 13860/15008 2151783424/2151785248 6088/7388 11 215 0.0 2025-11-27 02:13:05 19922 SVC:WdNisSvc 8836 NT AUTHORITY\LOCAL SERVICE 12028/12056 2151773452/2151779600 2332/2772 12 211 0.0 2025-11-27 02:14:53 19920 SVC:CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc 9492 NT SERVICE\MSSQLFDLauncher$AUTOD 10864/10900 2151756576/2151757604 6196/6252 7 86 0.0 2025-11-27 02:15:22 19920 conhost \??\C:\Windows\system32\conhost.exe 0x4 10308 NT AUTHORITY\SYSTEM 11144/11180 2152821396/2152827032 6388/6688 15 193 0.0 2025-11-27 06:12:52 19682 SVC:DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 13080 NT AUTHORITY\SYSTEM 6368/6372 2151748540/2151748540 1584/1764 9 132 0.0 2025-12-10 22:13:46 2 SVC:WdiSystemHost C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s WdiSystemHost 13352 NT AUTHORITY\SYSTEM 11012/11048 2151756584/2151757612 6196/6268 7 86 0.0 2025-12-10 02:41:25 1174 conhost \??\C:\Windows\system32\conhost.exe 0x4 9588 NT AUTHORITY\NETWORK SERVICE 11380/12580 2151764472/2151767432 3016/4140 14 242 0.0 2025-11-27 02:15:17 19920 SVC:MSDTC C:\Windows\System32\msdtc.exe 9908 NT AUTHORITY\SYSTEM 21152/24496 2152872424/2152884992 9720/12708 24 372 0.0 2025-11-27 02:15:22 19920 SVC:UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s UALSVC 9960 NT AUTHORITY\SYSTEM 41420/41588 203336/214856 25688/26084 34 574 0.0 2025-12-10 17:56:02 259 SVC:ScreenConnect Client (69e7721040ec1250) "C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=sc.viatek.com.au&p=8041&s=e5ed623a-911a-49b7-9d28-108e87e42822&k=BgIAAACkAABSU0ExAAgAAAEAAQCpFbFNTaYP9amF8McjmZ%2bQ8kLvvhOdthUPFJ78pr76tgUjzgIRnjzFiPwsqi3KH%2bAEGdBbu140Eu8gE8DXpk8y0v9cshavNO51TVuWILGYq54M%2bBpwafW1VRm7r8nJ%2fbpM58Hbc%2fArVsmsigBtGQ03Sse8wIfZ8ZkcfpiApbfZ94oT2gRUGDhLOh%2bbMDJXXzL%2bkCr5oO14ZoU9GzOu1GIPVuArDftfmD9D5O53gdE9njSXgqArzh%2bu06zB9Elvwke8PCvQTLHUpLHkYIOkCt1xNBIihW7ixPWPxb%2f0ZxzZ3sepeYefPryGzmthvqVHmX%2bOysNHAeTxvjOLuUYoCtKt&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAAvNPXVaZ1lUKV0pdTHBSWzQAAAAACAAAAAAAQZgAAAAEAACAAAAALTxgR0FAU1S7Mw9BsZwIsttAG%2b5QOTYHJ2bxHdh5JYQAAAAAOgAAAAAIAACAAAAD%2fvPeS8yjVbZIad5RKpudGqQpuFrOFTURIUZNLQN9zU6AEAAB3gGj3NJzsTdjTdUKwEs1sxwl7C5yB3mi%2f1RTBy6DIvWryJSLC5PSv8I4b5Nhyv4AbNlqU9dSSU%2bsdirfSYBlq%2fSe%2fSRuh2N6xBY87CVPXCn7nqE0Cal7AasSjunc9w7xoBfCuH3cEURtIoMCIbBYbET2NUqK9hG%2bx4d718kLEigTsHjf4JBuLRZyEbZeDVqloEg7zhm2DXfovF48AEClhGpxiaMacX2wYHxlL258jwzlxRC6upO3IQM2NQl1GWylJH1%2f5bXwYwoE%2fDWZQ2zu5CB8dcxXYJPk%2fHkwnPwtL74Ej5QP3y6YAsJqSxr7wjBgYi1Nw94e9Ar3yyj5%2bQ%2bX3E5HubTIQbb3DssmOlHZoVR7vbgGbHy3sze7%2b0qtW6n6lnUzBS%2bm2nWZgbJOlI6q2cjpj2hnc6lwMS%2bdU%2b5D10vIGwyqSHf2ZmI%2bHlmZu4UnPdz8SwztRW%2btS5rdxJPHmifOrkca8Dsn5lwGccrlFIA172%2fb3TQ1Ohv3ay1dDIN%2fSxnt4pcv9qdTqZYCdlvrz7xyr7gEMW8VesqYeZ19SAfk%2bC0NflqKOo1eG6Osgq4l35TX2Ps2GBytm9d5Cb3%2fB29ivtq8sSF4YEXBhl6Sh7auZFixfqxiXFq31NIN5ChBWmwsg5wEf%2bLE9A0qlKCVmIYpXntfpm30t43DWw8IcsjRr8%2fopFVqcDpuitL0SxGsHspEfDIPTa7c0ecdzLFfLnfIT6RDjI%2fffDPhxAIiD1kHfVA672exdPnhTwMyuEvjo0j3PNgmUvEYQwd8HE%2bgYU4ZMh3Fb0tp7tQETxQamV8l7tk07UnN00YNInazxXfQ%2fG2eDl%2bBAZyXQXhcFjZ%2bZJRiQs17JpZhSJzJw%2fS1vgvPptzYVBwE5VMFxHraJTXAP6fC68pLZPnFk1xZjf87MVTlQzoKw2buBZrkaj%2fp1peb3d5i9vOP%2b5O5pRPpwigx1CgUA5D9N0iFAI61VlvVW9ZVSExTGPh1%2fCk8XhhEd3mNKzAlbjpHm9JmdkrDeED8GfuJts%2bID%2fVNm1MkcLkXVjOQPPiQS4yU6zIA8hsIoyv%2bl%2fodA%2fyjFeCZACLe8BOrmiNAvYPo89gx%2f%2fQ3uHElvVy8Uy%2fVngv%2fvIEMwOl%2f%2f722JIKMIzwpY642lUOI0rrMr%2ffMv4EjmEm6jx6SC1C3taeqbagkHTM1sp%2bUrQXJwqI%2bgMOQp99yGFa4RwNUJ4W9SwRFxgS09%2baQlFA6kkPlwafC%2bTr%2fPezOinCTMSKgO5lk98KuRkLHg29L6thgltjoPg1LR9ZBwjL1DDw1b5VIeS5z8cTfzYyyw%2fhKxMz8pQKUMrL2cgEM6caSGliJn3FHFQ521qlMk0svUCwzW1H6i7LIfqXfKvyHwRvKxbIpEE3YXKnTN62HcD%2bSAagUunfg4dj9byaOBchuY04o5lpOiYFgUAmkRfg8mtEgqr0teXCJX1063Fxe%2fTy8sr2vMCUJMYcdibYXB7PXL9LC9AP0tV1vtwBLaby5jmB6xe4%2fgdcn8ZzAmKtNvEG06UI0XCKvxgahfc68NrU7t7QorjzMNgEz7eRqxcBPU%2bK4wngZTPkAAAACqn2nW%2bddJBZ3FJJ3H7iJM81aYPBuZ78EOwB8KOXGkjmtuMHDuq0lmkw6EpF%2bd7tDd86c43z%2bx3AQUkPY%2fCROp&c=Inorail%20Pty%20Ltd&c=INX%20-%20Servers&c=&c=&c=&c=&c=&c=" 7964 NT AUTHORITY\SYSTEM 13336/14232 2151770548/2151777040 4400/5132 13 257 0.0 2025-11-27 02:13:18 19922 SVC:PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 6620 NT AUTHORITY\LOCAL SERVICE 7472/7516 2151745608/2151751244 1384/1692 8 124 0.0 2025-11-27 02:12:54 19922 SVC:DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 6720 Unknown 11596/11652 2151761780/2151762844 3612/3712 10 166 0.0 2025-12-10 22:14:17 1 SVC:AppXSvc 6756 NT AUTHORITY\SYSTEM 10788/10824 2151756576/2151757604 6204/6260 7 86 0.0 2025-11-27 02:12:57 19922 conhost \??\C:\Windows\system32\conhost.exe 0x4 5880 NT AUTHORITY\SYSTEM 26440/36796 4352228/4365456 8180/8376 19 260 0.0 2025-11-27 02:12:53 19922 adsk_hive_host "C:\Program Files\Common Files\Autodesk Shared\Interoperability Engine Manager\1.3.2.2\bin\adsk_hive_host.exe" --duplexpipe fe0c2e5c-d8d5-4b4b-af54-346b6d9c285d 6068 NT SERVICE\SQLTELEMETRY$AUTODESK 70576/120444 4833204/4848276 54404/116384 34 650 0.0 2025-11-27 02:15:22 19920 SVC:SQLTELEMETRY$AUTODESKVAULT "C:\VaultData\Microsoft SQL Server\MSSQL16.AUTODESKVAULT\MSSQL\Binn\sqlceip.exe" -Service AUTODESKVAULT 6152 Unknown 8304/8336 2151749248/2151755396 1632/1960 9 176 0.0 2025-11-27 02:12:53 19922 SVC:WaaSMedicSvc 6932 IIS APPPOOL\AutodeskFSPool 23836/24216 2151829228/2151841516 7424/8340 22 346 0.0 2025-12-10 09:23:22 772 AdskLicensingAgent "C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\15.5.0.13374\AdskLicensingAgent/AdskLicensingAgent.exe" -r 0 -n /analytics/v1/connect?analyticsagentid=analytics-5b02e78e-172c-489f-a4a6-d66651a98cb6 --no-gui -c 2 -i analytics-5b02e78e-172c-489f-a4a6-d66651a98cb6 7324 NT AUTHORITY\SYSTEM 15516/16116 2151777640/2151788632 3216/4036 14 261 0.0 2025-11-27 02:13:22 19922 SVC:StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 7432 NT AUTHORITY\SYSTEM 10784/10824 2151756576/2151758112 6200/6284 7 86 0.0 2025-11-27 02:12:57 19922 conhost \??\C:\Windows\system32\conhost.exe 0x4 7712 IIS APPPOOL\DefaultAppPool 47720/47720 2166205596/2166209692 184896/184908 38 562 0.0 2025-12-10 09:14:37 781 w3wp c:\windows\system32\inetsrv\w3wp.exe -ap "DefaultAppPool" -v "v4.0" -l "webengine4.dll" -a \\.\pipe\iisipma5db5358-5da6-48ba-9aa8-cde775673e5b -h "C:\inetpub\temp\apppools\DefaultAppPool\DefaultAppPool.config" -w "" -m 0 -t 20 -ta 0 7064 NT AUTHORITY\SYSTEM 25508/42932 131256/154888 10532/28148 24 358 0.0 2025-12-05 00:09:54 8525 SVC:BASupportExpressSrvcUpdater_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe" 7092 NT AUTHORITY\SYSTEM 15292/16296 2151770448/2151771624 9608/10280 10 148 0.0 2025-11-27 02:12:54 19922 conhost \??\C:\Windows\system32\conhost.exe 0x4 7188 NT AUTHORITY\SYSTEM 67188/71976 4909324/4964248 56452/69920 28 572 0.0 2025-11-27 02:12:57 19922 NableSixtyFourBitManager "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\NableSixtyFourBitManager.exe" 3472 NT AUTHORITY\LOCAL SERVICE 7652/7684 2151752948/2151756028 1724/1868 42 160 0.0 2025-11-27 02:12:51 19922 SVC:SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p -s SstpSvc 1172 NT AUTHORITY\LOCAL SERVICE 54956/58460 4834344/4840748 43812/47648 33 625 0.0 2025-11-27 02:13:22 19922 SVC:SolarWinds.MSP.CacheService "C:\Program Files (x86)\MspPlatform\FileCacheServiceAgent\FileCacheServiceAgent.exe" 1324 NT AUTHORITY\SYSTEM 53796/65676 2151981104/2151988964 11964/32876 27 454 0.0 2025-11-27 02:12:51 19922 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3b19855 /state1:0x41c64e6d 1464 Window Manager\DWM-1 51888/60620 2151947536/2151964852 29192/46208 28 626 0.0 2025-11-27 02:12:51 19922 dwm "dwm.exe" 1152 NT AUTHORITY\LOCAL SERVICE 6488/6528 2151746972/2151750512 1452/1700 8 142 0.0 2025-11-27 02:12:51 19922 SVC:TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1096 Unknown 11656/12028 2151756720/2151758260 2580/2716 11 196 0.0 2025-12-03 20:13:02 10202 SVC:SecurityHealthService 1136 NT AUTHORITY\LOCAL SERVICE 8408/8596 2151753908/2151758536 2380/2956 11 237 0.0 2025-11-27 02:12:51 19922 SVC:Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 1144 NT AUTHORITY\SYSTEM 8680/8820 2151748136/2151755308 1836/2320 11 194 0.0 2025-11-27 02:12:51 19922 SVC:NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1480 NT AUTHORITY\LOCAL SERVICE 19272/21932 2151785592/2151794664 9156/11472 33 433 0.0 2025-11-27 02:12:51 19922 SVC:BFE/mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 1740 NT AUTHORITY\SYSTEM 6644/6672 2151745800/2151747852 1416/1524 8 145 0.0 2025-11-27 02:12:51 19922 SVC:CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs -s CertPropSvc 1768 NT AUTHORITY\LOCAL SERVICE 11720/11800 2151763396/2151777736 3480/4144 14 453 0.0 2025-11-27 02:12:51 19922 SVC:netprofm C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm 1800 NT AUTHORITY\SYSTEM 7028/7064 2151751312/2151753984 1384/1568 8 138 0.0 2025-11-27 02:12:51 19922 SVC:UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 1700 NT AUTHORITY\SYSTEM 18612/19200 2151793108/2151802612 4072/4568 20 376 0.0 2025-11-27 02:12:51 19922 SVC:gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc 1556 NT AUTHORITY\SYSTEM 11672/11700 2151773224/2151776300 2308/2476 11 210 0.0 2025-11-27 02:12:51 19922 SVC:ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc 1572 NT AUTHORITY\NETWORK SERVICE 13112/13412 2151779272/2151791636 4036/5104 17 399 0.0 2025-11-27 02:12:51 19922 SVC:NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc 1656 NT AUTHORITY\SYSTEM 8172/8376 2151751572/2151756012 1880/2044 9 179 0.0 2025-11-27 02:12:51 19922 SVC:UserManager C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager 1048 NT AUTHORITY\LOCAL SERVICE 8896/8952 2151755832/2151758396 2008/2184 13 232 0.0 2025-11-27 02:12:51 19922 SVC:W32Time C:\Windows\system32\svchost.exe -k LocalService -s W32Time 616 Unknown 7296/7368 2151748948/2151761376 1372/1912 11 156 0.0 2025-11-27 02:12:50 19922 wininit 624 Unknown 6040/14252 2151765944/2151775328 1780/2040 11 169 0.0 2025-11-27 02:12:50 19922 csrss 688 NT AUTHORITY\SYSTEM 10588/16448 2151811900/2151825220 2472/7344 12 214 0.0 2025-11-27 02:12:50 19922 winlogon winlogon.exe 472 NT AUTHORITY\SYSTEM 9736/9824 2151758520/2151763132 2600/2780 12 302 0.0 2025-11-27 02:12:51 19922 SVC:LSM C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM 0 8/8 8/8 60/60 0 0 0.0 0 Idle 148 Unknown 110740/331616 118720/335808 3284/106692 10 0 0.0 2025-11-27 02:12:47 19922 Registry 408 Unknown 1256/1284 2151718576/2151726612 1072/1140 3 57 0.0 2025-11-27 02:12:49 19922 smss 732 NT AUTHORITY\NETWORK SERVICE 16168/16964 2151812408/2151822996 6044/7364 23 645 0.0 2025-11-27 02:12:51 19922 SVC:TermService C:\Windows\System32\svchost.exe -k termsvcs -s TermService 948 NT AUTHORITY\LOCAL SERVICE 8460/8520 2151756720/2151761332 2484/2608 15 227 0.0 2025-11-27 02:13:22 19922 SVC:SSDPSRV C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV 1028 NT AUTHORITY\LOCAL SERVICE 9032/9104 2151745976/2151749564 4448/4684 20 147 0.0 2025-11-27 02:12:51 19922 SVC:nsi C:\Windows\system32\svchost.exe -k LocalService -p -s nsi 1040 NT AUTHORITY\LOCAL SERVICE 5760/5796 2151745296/2151746836 1292/1460 8 119 0.0 2025-11-27 02:12:51 19922 SVC:lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 936 Font Driver Host\UMFD-1 4560/39176 2151748520/2151784512 1868/2900 6 39 0.0 2025-11-27 02:12:50 19922 fontdrvhost "fontdrvhost.exe" 848 NT AUTHORITY\SYSTEM 10744/69764 4292508/4359792 2320/2448 11 196 0.0 2025-11-29 11:44:52 16470 SVC:Backup Service Controller "C:\Program Files\Backup Manager\ProcessController.exe" serve 900 NT AUTHORITY\SYSTEM 17460/17484 2151775608/2151779536 7620/7636 17 934 0.0 2025-11-27 02:12:50 19922 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p 928 Font Driver Host\UMFD-0 7544/39204 2151886672/2151889928 4140/4196 8 39 0.0 2025-11-27 02:12:50 19922 fontdrvhost "fontdrvhost.exe" 1840 NT AUTHORITY\SYSTEM 16904/22600 2151787192/2151801112 5964/6648 18 376 0.0 2025-11-27 02:12:51 19922 SVC:Schedule C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule 2872 NT AUTHORITY\SYSTEM 164248/190520 424716/501144 135940/173992 82 1221 0.0 2025-11-27 02:12:51 19922 SVC:AutomationManagerAgent "C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe" 2892 NT AUTHORITY\SYSTEM 6256/6284 2151744900/2151746952 1284/1392 8 113 0.0 2025-11-27 02:12:51 19922 SVC:AzureAttestService C:\Windows\system32\svchost.exe -k AzureAttestService -s AzureAttestService 2988 NT SERVICE\MsDtsServer160 24204/24240 18693128/18730252 55868/56276 23 283 0.0 2025-11-27 02:15:18 19920 SVC:MsDtsServer160 "C:\VaultData\Microsoft SQL Server\160\DTS\Binn\MsDtsSrvr.exe" 2844 NT AUTHORITY\SYSTEM 55908/67108 2151851064/2151878072 27132/27196 503 339 0.0 2025-11-27 02:12:51 19922 SVC:Autodesk Access Service Host "C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe" 2752 NT AUTHORITY\SYSTEM 15364/15680 2151800448/2151805572 7192/7824 14 195 0.0 2025-11-27 02:12:51 19922 SVC:AppHostSvc C:\Windows\system32\svchost.exe -k apphost -s AppHostSvc 2824 NT AUTHORITY\SYSTEM 30636/30852 4817496/4839312 31952/32372 22 612 0.0 2025-11-27 02:12:51 19922 SVC:Autodesk Data Management Job Dispatch "C:\Program Files\Autodesk\Vault Server 2026\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe" 2836 NT AUTHORITY\SYSTEM 38972/39020 4826560/4892356 32492/32772 27 365 0.0 2025-11-27 02:12:51 19922 SVC:Autodesk Data Management Server Revit Dynamo Extension Service "C:\Program Files\Autodesk\Vault Server 2026\DynamoHelperService\Connectivity.DynamoHelperService.exe" 3076 NT AUTHORITY\NETWORK SERVICE 24084/84064 2152398120/2152442560 13340/72300 31 357 0.0 2025-11-27 02:12:51 19922 SVC:CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc 3128 NT AUTHORITY\SYSTEM 28836/29048 2151792260/2151798920 17412/17936 18 231 0.0 2025-11-27 02:12:51 19922 SVC:IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe 3204 NT SERVICE\SSISTELEMETRY160 52948/53104 4814912/4828952 36556/36880 32 650 0.0 2025-11-27 02:15:22 19920 SVC:SSISTELEMETRY160 "C:\VaultData\Microsoft SQL Server\160\DTS\Binn\sqlceip.exe" -Service default MSIS 3332 Unknown 24640/25336 2151793928/2151800108 11064/11816 17 526 0.0 2025-11-27 02:12:51 19922 SVC:MDCoreSvc 3120 NT AUTHORITY\SYSTEM 8556/8592 4291876/4299052 2320/2388 11 225 0.0 2025-11-27 02:12:51 19922 SVC:HelpDeskService "C:\Program Files (x86)\HelpDeskHost\HelpDesk\\RPCHelpDeskServiceUAC.exe" 3100 NT AUTHORITY\SYSTEM 44048/73668 2151865612/2151913576 24580/54568 25 559 0.0 2025-11-27 02:12:51 19922 SVC:DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p 3108 NT AUTHORITY\SYSTEM 14132/16060 4307204/4314224 4688/4916 15 265 0.0 2025-11-27 02:12:51 19922 SVC:FlexNet Licensing Service 64 "C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe" 3116 NT AUTHORITY\SYSTEM 65364/66908 4881840/5235560 43848/46628 37 926 0.0 2025-11-27 02:14:54 19920 SVC:FOSWindowsService "C:\Program Files\Autodesk\File Operations System\WindowsService\FOS.WindowsService.exe" 2620 NT AUTHORITY\SYSTEM 30548/31460 2151851560/2151894132 10012/12324 29 581 0.0 2025-11-27 02:12:51 19922 SVC:Spooler C:\Windows\System32\spoolsv.exe 2164 NT AUTHORITY\LOCAL SERVICE 9232/9368 2151751388/2151759072 2028/2784 13 289 0.0 2025-11-27 02:12:51 19922 SVC:Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 2192 NT AUTHORITY\LOCAL SERVICE 8196/8344 2151752176/2151755476 2292/2556 10 191 0.0 2025-11-27 02:12:51 19922 SVC:WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 2224 NT AUTHORITY\SYSTEM 8956/8988 2151754664/2151761836 1932/2376 13 191 0.0 2025-11-27 02:12:51 19922 SVC:ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 2124 NT AUTHORITY\NETWORK SERVICE 9932/10056 2151761016/2151765116 2256/2484 12 232 0.0 2025-11-27 02:12:51 19922 SVC:LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 1896 NT AUTHORITY\LOCAL SERVICE 8656/9440 2151753876/2151760536 2268/3244 10 176 0.0 2025-11-27 02:12:51 19922 SVC:EventSystem C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem 1964 NT AUTHORITY\SYSTEM 6024/6056 2151747576/2151749628 1260/1380 8 121 0.0 2025-11-27 02:12:51 19922 SVC:Themes C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes 2056 NT AUTHORITY\SYSTEM 9580/9784 2151759120/2151762212 2176/2412 14 209 0.0 2025-11-27 02:12:51 19922 SVC:SENS C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS 2272 NT AUTHORITY\LOCAL SERVICE 6400/6428 2151753176/2151756252 1344/1472 7 126 0.0 2025-11-27 02:12:51 19922 SVC:CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p 2524 NT AUTHORITY\SYSTEM 8752/8768 2151755492/2151759080 2732/2900 14 278 0.0 2025-11-27 02:12:51 19922 SVC:IKEEXT C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT 2536 NT AUTHORITY\NETWORK SERVICE 7788/7888 2151746656/2151751680 1776/2036 13 173 0.0 2025-11-27 02:12:51 19922 SVC:PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent 2548 NT AUTHORITY\SYSTEM 10936/11148 2152810972/2152821308 2780/3516 16 358 0.0 2025-11-27 02:12:51 19922 SVC:iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 2416 NT AUTHORITY\SYSTEM 10376/10416 2151759332/2151762408 2340/2500 16 246 0.0 2025-11-27 02:12:51 19922 SVC:SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 2296 NT AUTHORITY\LOCAL SERVICE 7112/7284 2151777660/2151781572 1816/1960 9 142 0.0 2025-11-27 02:12:51 19922 SVC:FontCache C:\Windows\system32\svchost.exe -k LocalService -p -s FontCache 2324 NT AUTHORITY\SYSTEM 33104/33288 163628/175024 19984/20944 25 452 0.0 2025-11-27 02:15:27 19920 SVC:Windows Agent Maintenance Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" 2364 NT AUTHORITY\SYSTEM 34876/35132 4764024/4770940 27144/27512 19 378 0.0 2025-11-27 02:13:26 19922 SVC:PME.Agent.PmeService "C:\Program Files (x86)\MspPlatform\PME\PME.Agent.exe" [netstat] PacketsReceived=287018040 ReceivedHeaderErrors=0 ReceivedAddressErrors=1114757 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=216598 ReceivedPacketsDelivered=285967715 OutputRequests=835720136 RoutingDiscards=0 DiscardedOutputPackets=53559 OutputPacketNoRoute=6 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=679506 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=83166 ReceivedPacketsDelivered=596585 OutputRequests=13741 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=481454 tcpPassiveOpens=297919 tcpFailedConnectionAttempts=75107 tcpResetConnections=48530 tcpCurrentConnections=23 tcpSegmentsReceived=288305171 tcpSegmentsSent=821968287 tcpSegmentsRetransmitted=18499024 tcpActiveOpens=3009 tcpPassiveOpens=2981 tcpFailedConnectionAttempts=28 tcpResetConnections=242 tcpCurrentConnections=6 tcpSegmentsReceived=772422 tcpSegmentsSent=759122 tcpSegmentsRetransmitted=112 udpDatagramsReceived=2667905 udpNoPorts=206036 udpReceiveErrors=0 udpDatagramsSent=263397 udpDatagramsReceived=484077 udpNoPorts=83166 udpReceiveErrors=0 udpDatagramsSent=310 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:80 0.0.0.0:0 LISTENING TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING TCP 0.0.0.0:6183 0.0.0.0:0 LISTENING TCP 0.0.0.0:6184 0.0.0.0:0 LISTENING TCP 0.0.0.0:6190 0.0.0.0:0 LISTENING TCP 0.0.0.0:6290 0.0.0.0:0 LISTENING TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING TCP 0.0.0.0:11731 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 0.0.0.0:49676 0.0.0.0:0 LISTENING TCP 0.0.0.0:49683 0.0.0.0:0 LISTENING TCP 0.0.0.0:49810 0.0.0.0:0 LISTENING TCP 0.0.0.0:61885 0.0.0.0:0 LISTENING TCP 10.2.63.49:139 0.0.0.0:0 LISTENING TCP 10.2.63.49:52607 206.148.0.39:443 ESTABLISHED TCP 10.2.63.49:55982 103.36.248.58:443 ESTABLISHED TCP 10.2.63.49:55992 103.36.248.58:443 ESTABLISHED TCP 10.2.63.49:60092 8.38.48.118:443 ESTABLISHED TCP 10.2.63.49:60341 206.148.0.209:443 ESTABLISHED TCP 10.2.63.49:62312 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:62422 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:62426 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:62427 10.2.63.48:445 ESTABLISHED TCP 10.2.63.49:64433 142.250.195.163:80 TIME_WAIT TCP 10.2.63.49:64434 184.31.253.138:80 TIME_WAIT TCP 10.2.63.49:64470 206.148.0.135:443 TIME_WAIT TCP 10.2.63.49:64472 125.253.56.44:443 ESTABLISHED TCP 10.2.63.49:64490 206.148.0.208:443 TIME_WAIT TCP 127.0.0.1:3389 127.0.0.1:64484 CLOSE_WAIT TCP 127.0.0.1:6290 127.0.0.1:49677 ESTABLISHED TCP 127.0.0.1:9395 0.0.0.0:0 LISTENING TCP 127.0.0.1:42000 0.0.0.0:0 LISTENING TCP 127.0.0.1:43227 0.0.0.0:0 LISTENING TCP 127.0.0.1:49565 127.0.0.1:49566 ESTABLISHED TCP 127.0.0.1:49566 127.0.0.1:49565 ESTABLISHED TCP 127.0.0.1:49571 127.0.0.1:49572 ESTABLISHED TCP 127.0.0.1:49572 127.0.0.1:49571 ESTABLISHED TCP 127.0.0.1:49674 0.0.0.0:0 LISTENING TCP 127.0.0.1:49674 127.0.0.1:64451 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:64458 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:64461 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:64463 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:64483 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:64491 TIME_WAIT TCP 127.0.0.1:49674 127.0.0.1:64493 TIME_WAIT TCP 127.0.0.1:49677 127.0.0.1:6290 ESTABLISHED TCP 127.0.0.1:50086 0.0.0.0:0 LISTENING TCP 127.0.0.1:50086 127.0.0.1:62149 ESTABLISHED TCP 127.0.0.1:50086 127.0.0.1:62151 ESTABLISHED TCP 127.0.0.1:50147 127.0.0.1:62781 ESTABLISHED TCP 127.0.0.1:50154 0.0.0.0:0 LISTENING TCP 127.0.0.1:62149 127.0.0.1:50086 ESTABLISHED TCP 127.0.0.1:62151 127.0.0.1:50086 ESTABLISHED TCP 127.0.0.1:62781 0.0.0.0:0 LISTENING TCP 127.0.0.1:62781 127.0.0.1:50147 ESTABLISHED TCP 127.0.0.1:64425 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:64451 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64457 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:64459 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64462 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64465 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64466 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64473 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64475 127.0.0.1:80 TIME_WAIT TCP 127.0.0.1:64479 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64481 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64483 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64484 127.0.0.1:3389 FIN_WAIT_2 TCP 127.0.0.1:64485 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64486 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64492 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64494 127.0.0.1:49674 TIME_WAIT TCP 127.0.0.1:64495 127.0.0.1:64902 TIME_WAIT TCP 127.0.0.1:64902 0.0.0.0:0 LISTENING TCP [::]:80 [::]:0 LISTENING TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:5985 [::]:0 LISTENING TCP [::]:6160 [::]:0 LISTENING TCP [::]:6162 [::]:0 LISTENING TCP [::]:6183 [::]:0 LISTENING TCP [::]:6184 [::]:0 LISTENING TCP [::]:6190 [::]:0 LISTENING TCP [::]:6290 [::]:0 LISTENING TCP [::]:8000 [::]:0 LISTENING TCP [::]:11731 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49669 [::]:0 LISTENING TCP [::]:49670 [::]:0 LISTENING TCP [::]:49676 [::]:0 LISTENING TCP [::]:49683 [::]:0 LISTENING TCP [::]:49810 [::]:0 LISTENING TCP [::]:61885 [::]:0 LISTENING TCP [::1]:80 [::1]:49969 ESTABLISHED TCP [::1]:9395 [::]:0 LISTENING TCP [::1]:49969 [::1]:80 ESTABLISHED TCP [::1]:50154 [::]:0 LISTENING TCP [fe80::c02a:7289:617b:f4c8%9]:80 [fe80::c02a:7289:617b:f4c8%9]:62148 ESTABLISHED TCP [fe80::c02a:7289:617b:f4c8%9]:80 [fe80::c02a:7289:617b:f4c8%9]:64436 ESTABLISHED TCP [fe80::c02a:7289:617b:f4c8%9]:62148 [fe80::c02a:7289:617b:f4c8%9]:80 ESTABLISHED TCP [fe80::c02a:7289:617b:f4c8%9]:64436 [fe80::c02a:7289:617b:f4c8%9]:80 ESTABLISHED UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:1434 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:42000 *:* UDP 0.0.0.0:43212 *:* UDP 0.0.0.0:60348 *:* UDP 0.0.0.0:60796 *:* UDP 0.0.0.0:62298 *:* UDP 0.0.0.0:62299 *:* UDP 10.2.63.49:137 *:* UDP 10.2.63.49:138 *:* UDP 10.2.63.49:1900 *:* UDP 10.2.63.49:62303 *:* UDP 127.0.0.1:1900 *:* UDP 127.0.0.1:50201 127.0.0.1:50201 UDP 127.0.0.1:51641 127.0.0.1:51641 UDP 127.0.0.1:59507 127.0.0.1:59507 UDP 127.0.0.1:61790 127.0.0.1:61790 UDP 127.0.0.1:61792 127.0.0.1:61792 UDP 127.0.0.1:62300 127.0.0.1:62300 UDP 127.0.0.1:62304 *:* UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:1434 *:* UDP [::]:3389 *:* UDP [::]:4500 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:60796 *:* UDP [::]:62299 *:* UDP [::1]:1900 *:* UDP [::1]:62302 *:* UDP [fe80::c02a:7289:617b:f4c8%9]:1900 *:* UDP [fe80::c02a:7289:617b:f4c8%9]:62301 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : INO-RUT-VLT01 Primary Dns Suffix . . . . . . . : inside.inoxihp.com.au Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : inside.inoxihp.com.au Ethernet adapter Ethernet Instance 0: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 52-54-00-B7-FB-29 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::c02a:7289:617b:f4c8%9(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.63.49(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.2.63.1 DHCPv6 IAID . . . . . . . . . . . : 106058752 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-B6-8E-1E-52-54-00-B7-FB-29 DNS Servers . . . . . . . . . . . : 10.2.63.45 10.2.63.47 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 9...52 54 00 b7 fb 29 ......Intel(R) 82574L Gigabit Network Connection 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.2.63.1 10.2.63.49 281 10.2.63.0 255.255.255.0 On-link 10.2.63.49 281 10.2.63.49 255.255.255.255 On-link 10.2.63.49 281 10.2.63.255 255.255.255.255 On-link 10.2.63.49 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.2.63.49 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.2.63.49 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.2.63.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 9 281 fe80::/64 On-link 9 281 fe80::c02a:7289:617b:f4c8/128 On-link 1 331 ff00::/8 On-link 9 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.2.63.49 73007716155 1242969084179 [svcs] Name StartupType Status DisplayName AdskLicensingService automatic started Autodesk Desktop Licensing Service AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppHostSvc automatic started Application Host Helper Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient automatic stopped Microsoft App-V Client AppXSvc manual started AppX Deployment Service (AppXSVC) aspnet_state manual stopped ASP.NET State Service AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio Autodesk_Access_Service_Host automatic started Autodesk Access Service Host Autodesk_CER_Service automatic started Autodesk CER Service Autodesk_Data_Management_Job_Dispatch automatic started Autodesk Data Management Job Dispatch Autodesk_Data_Management_Server_Revit_Dynamo_Extension_Service automatic started Autodesk Data Management Server Revit Dynamo Extension Service AutomationManagerAgent automatic started Automation Manager Agent AxInstSV manual stopped ActiveX Installer (AxInstSV) AzureAttestService automatic started AzureAttestService Backup_Service_Controller automatic started Backup Service Controller BASupportExpressSrvcUpdater_N_Central automatic started N-able Take Control Updater Service (N-Central) BASupportExpressStandaloneService_N_Central automatic started N-able Take Control Service (N-Central) BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FlexNet_Licensing_Service_64 automatic started FlexNet Licensing Service 64 FontCache automatic started Windows Font Cache Service FOSWindowsService automatic started Autodesk File Operations System Service FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService143.0.7482.0 disabled stopped Google Updater Internal Service (GoogleUpdaterInternalService143.0.7482.0) GoogleUpdaterService143.0.7482.0 disabled stopped Google Updater Service (GoogleUpdaterService143.0.7482.0) gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc HelpDeskService automatic started HelpDeskService hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service IDriveService automatic started IDriveService IISADMIN automatic started IIS Admin Service IKEEXT automatic started IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc manual stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager LTService automatic started Viatek Technology Monitoring Service LTSvcMon automatic started Viatek Technology Monitoring Service Watchdog Service MapsBroker disabled stopped Downloaded Maps Manager MBAMService automatic started Malwarebytes Service MBVpnTunnelService manual stopped MBVpnTunnelService McpManagementService manual stopped McpManagementService MDCoreSvc automatic started Microsoft Defender Core Service Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSDTC automatic started Distributed Transaction Coordinator MsDtsServer160 automatic started SQL Server Integration Services 16.0 MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual started Windows Installer MSSQL$AUTODESKVAULT automatic started SQL Server (AUTODESKVAULT) MSSQLFDLauncher$AUTODESKVAULT manual started SQL Full-text Filter Daemon Launcher (AUTODESKVAULT) NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm automatic started Network List Service NetSetupSvc manual started Network Setup Service NetTcpPortSharing manual stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PME.Agent.PmeService automatic started PME Agent PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual stopped Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy ScreenConnect_Client_(69e7721040ec1250) automatic started ScreenConnect Client (69e7721040ec1250) seclogon manual stopped Secondary Logon SecurityHealthService manual started Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess manual stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc manual stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap SolarWinds.MSP.CacheService automatic started File Cache Service Agent SolarWinds.MSP.RpcServerService automatic started Request Handler Agent Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SQLAgent$AUTODESKVAULT manual stopped SQL Server Agent (AUTODESKVAULT) SQLBrowser automatic started SQL Server Browser SQLTELEMETRY$AUTODESKVAULT automatic started SQL Server CEIP service (AUTODESKVAULT) SQLWriter automatic started SQL Server VSS Writer SSDPSRV manual started SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SSISTELEMETRY160 automatic started SQL Server Integration Services CEIP service 16.0 SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv automatic stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual stopped Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual stopped Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate manual stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost manual stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk VeeamDeploySvc automatic started Veeam Installer Service VeeamEndpointBackupSvc automatic started Veeam Agent for Microsoft Windows VeeamTransportSvc automatic started Veeam Data Mover Service VG.LocalAgent manual stopped Autodesk Vault Gateway Local Agent vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSInstallerElevationService manual stopped Visual Studio Installer Elevation Service VSS automatic stopped Volume Shadow Copy VSStandardCollectorService150 manual stopped Visual Studio Standard Collector Service 150 W32Time automatic started Windows Time w3logsvc manual stopped W3C Logging Service W3SVC automatic started World Wide Web Publishing Service WaaSMedicSvc manual started Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WAS manual started Windows Process Activation Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual started Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service Windows_Agent_Maintenance_Service automatic started Windows Agent Maintenance Service Windows_Agent_Service automatic started Windows Agent Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc manual stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WSearch manual started Windows Search wuauserv automatic stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 1195349 13 days 20 hours 2 minutes 29 seconds Bootup: 20251127021247.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [iis_sites] Default Web Site IIS://localhost/W3SVC/1 SiteID: 1 LogFileDirectory C:\inetpub\logs\LogFiles ServerBindings :80: ServerState 2 [XymonConfig] XymonSettings serversList : xymon.twilightcomputer.au serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : ino-rut-vlt01 clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\XYMON\local servergiflocation : /xymon/gifs/ servers : xymon.twilightcomputer.au clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname ino-rut-vlt01 [XymonPSClientInfo] Collection number: 3983 Last transmission method: TCP Id : 7084 Handles : 563 CPU : 5277.265625 SI : 0 Name : powershell