[collector:] client tcs-dt-workshop.powershell powershell XymonPS [date] Wed 10 Dec 22:35:40 2025 [clock] epoch: 1765366540 local: Wed 10 Dec 22:35:40 2025 UTC: Wed 10 Dec 11:35:40 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 2 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0039588s Root Dispersion: 10.8305287s ReferenceId: 0xC0A80505 (source IP: 192.168.5.5) Last Successful Sync Time: 10/12/2025 10:33:46 PM Source: DC01.twilight.inside Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows 11 Pro (build 22631) [cpu] up: 24 days, 0 users, 119 procs, load=0.35% CPU states: total 0.35% cores: 4 CPU PID Image Name Pri Time MemUsage 0.1% 16148 SVC:Mesh Agent 8 00:42:20 2263304k 0.0% 5384 powershell 8 01:01:39 137532k 0.0% 4 System 8 00:45:04 9292k 0.0% 2764 SVC:WRSVC 8 01:01:52 6332k 0.0% 672 SVC:EventLog 8 00:50:27 19260k 0.0% 14572 WmiPrvSE 8 00:00:01 20040k 0.0% 4200 SVC:Winmgmt 8 00:33:45 24228k 0.0% 940 SVC:KeyIso/Netlogon/SamSs/Vaul 9 00:07:52 26132k 0.0% 6804 WRYES.x64 8 00:24:11 25616k 0.0% 5244 SVC:DoSvc 8 01:11:10 29788k 0.0% 1588 SVC:Dnscache 8 00:14:55 28024k 0.0% 3876 SVC:CxUtilSvc 8 00:00:00 8152k 0.0% 3948 SVC:HCLAUTService 8 00:00:00 10724k 0.0% 3896 SVC:DispBrokerDesktopSvc 8 00:00:00 7404k 0.0% 3968 SVC:igccservice 8 00:00:00 41848k 0.0% 4184 SVC:TrkWks 8 00:00:00 5944k 0.0% 4192 SVC:LNSUSvc 8 00:00:00 8220k 0.0% 4208 SVC:wgsslvpnsrc 8 00:00:00 7272k 0.0% 4168 AggregatorHost 8 00:00:01 10396k 0.0% 3992 SVC:LanmanServer 8 00:00:09 10968k 0.0% 4008 SVC:jhi_service 8 00:00:00 6908k 0.0% 4132 SVC:ONLYOFFICE Update Service 8 00:00:00 6784k 0.0% 3524 SVC:ShellHWDetection 8 00:00:00 10300k 0.0% 3548 SVC:seclogon 8 00:00:02 6556k 0.0% 3560 SVC:Spooler 8 00:00:01 19732k 0.0% 3432 SVC:TextInputManagementService 8 00:00:00 6444k 0.0% 3460 SVC:DusmSvc 8 00:00:00 7044k 0.0% 3468 SVC:Wcmsvc 8 00:00:00 10916k 0.0% 3676 SVC:CoreMessagingRegistrar 8 00:00:02 6640k 0.0% 3728 SVC:CxAudioSvc 8 00:00:00 22864k 0.0% 3816 SVC:DiagTrack 8 00:01:00 57372k 0.0% 3856 SVC:DPS 8 00:00:53 33136k 0.0% 3688 SVC:CryptSvc 8 00:01:11 21956k 0.0% 3696 SVC:Bonjour Service 8 00:00:01 7500k 0.0% 3708 SVC:AdobeARMservice 8 00:00:00 7124k 0.0% 4260 SVC:SDScannerService 8 00:02:46 39488k 0.0% 6212 conhost 8 00:00:04 15624k 0.0% 6392 SVC:NgcCtnrSvc 8 00:00:00 15256k 0.0% 6704 WREDRS.x64 8 00:01:15 11708k 0.0% 5408 conhost 8 00:00:49 14168k 0.0% 6172 SVC:wscsvc 8 00:00:00 12248k 0.0% 6192 WRSkyCommandsClient 8 00:00:07 55104k 0.0% 7180 SVC:LicenseManager 8 00:00:00 11328k 0.0% 7712 SVC:WRWTSSvc 8 00:00:02 14200k 0.0% 16084 WmiPrvSE 8 00:00:00 12120k 0.0% 0 Idle 0 8k 0.0% 7364 SVC:webthreatdefsvc 8 00:00:08 18880k 0.0% 7700 SVC:StorSvc 8 00:00:02 13592k 0.0% 7704 SVC:TokenBroker 8 00:00:01 10836k 0.0% 4436 SVC:XymonPSClient 8 00:00:00 6332k 0.0% 4448 SVC:SDUpdateService 8 00:01:08 22132k 0.0% 4456 SVC:WSearch 8 00:00:33 28060k 0.0% 4292 SVC:WpnService 8 00:00:05 19924k 0.0% 4404 SVC:PcaSvc 8 00:00:06 13304k 0.0% 4412 SVC:XTU3SERVICE 8 00:00:01 67032k 0.0% 4496 SVC:WMIRegistrationService 8 00:00:00 15468k 0.0% 4960 SVC:RmSvc 8 00:00:00 9248k 0.0% 5192 SVC:WRCoreService 8 00:00:44 12688k 0.0% 5224 SVC:UsoSvc 8 00:00:03 17772k 0.0% 4512 WmiPrvSE 8 00:00:11 41620k 0.0% 4740 SVC:InstallService 8 00:00:27 34392k 0.0% 4808 SVC:WRSkyClient 8 00:02:28 33244k 0.0% 3400 SVC:Audiosrv 8 00:00:01 17708k 0.0% 1348 SVC:nsi 8 00:00:02 8636k 0.0% 1356 SVC:BthAvctpSvc 8 00:00:00 16944k 0.0% 1364 SVC:BTAGService 8 00:00:00 10700k 0.0% 1316 SVC:NcbService 8 00:00:00 9528k 0.0% 1172 dwm 13 00:00:13 50096k 0.0% 1200 SVC:cphs 8 00:00:00 7884k 0.0% 1220 SVC:TermService 8 00:00:14 13544k 0.0% 1536 SVC:Dhcp 8 00:01:25 9376k 0.0% 1580 SVC:Schedule 8 00:00:13 17608k 0.0% 1628 SVC:ProfSvc 8 00:00:00 7460k 0.0% 1400 SVC:TimeBrokerSvc 8 00:00:00 6668k 0.0% 1376 SVC:W32Time 8 00:00:00 8708k 0.0% 1384 SVC:bthserv 8 00:00:00 14528k 0.0% 1392 SVC:lmhosts 8 00:00:00 6868k 0.0% 628 fontdrvhost 8 00:00:00 4524k 0.0% 684 csrss 13 00:01:05 6236k 0.0% 696 SVC:camsvc 8 00:00:01 14328k 0.0% 616 fontdrvhost 8 00:00:00 4160k 0.0% 112 Registry 8 00:00:05 28732k 0.0% 508 smss 11 00:00:00 1296k 0.0% 576 SVC:BrokerInfrastructure/DcomL 8 00:00:14 20148k 0.0% 920 services 9 00:10:05 14896k 0.0% 1068 SVC:LSM 8 00:00:43 10988k 0.0% 1148 LogonUI 13 00:00:06 73836k 0.0% 876 winlogon 13 00:00:00 10792k 0.0% 776 wininit 13 00:00:00 7712k 0.0% 784 csrss 13 00:00:11 5560k 0.0% 852 SVC:RpcEptMapper/RpcSs 8 00:09:01 21472k 0.0% 2924 SVC:DsSvc 8 00:00:00 11224k 0.0% 2944 SVC:SysMain 8 00:27:14 10176k 0.0% 2980 dasHost 8 00:00:00 5724k 0.0% 2824 SVC:iphlpsvc 8 00:00:00 11636k 0.0% 2704 dasHost 8 00:00:04 18472k 0.0% 2744 SVC:StateRepository 8 00:01:52 17816k 0.0% 2792 SVC:WinHttpAutoProxySvc 8 00:00:14 7968k 0.0% 3120 SVC:FontCache 8 00:00:00 8608k 0.0% 3140 Memory Compression 8 00:00:01 72308k 0.0% 3348 SVC:StiSvc 8 00:00:00 11540k 0.0% 3112 SVC:AudioEndpointBuilder 8 00:00:00 9852k 0.0% 3068 SVC:SSDPSRV 8 00:00:45 8332k 0.0% 3076 SVC:Themes 8 00:00:00 5976k 0.0% 3092 SVC:CDPSvc 8 00:00:00 19168k 0.0% 1928 SVC:UserManager 8 00:00:03 9780k 0.0% 1956 SVC:SENS 8 00:00:00 5892k 0.0% 1972 SVC:BFE/mpssvc 8 00:00:13 26852k 0.0% 1884 SVC:netprofm 8 00:00:28 18464k 0.0% 1644 SVC:cplspcon 8 00:00:00 8300k 0.0% 1676 SVC:EventSystem 8 00:00:00 8652k 0.0% 1776 SVC:NgcSvc 8 00:00:00 8588k 0.0% 2428 SVC:DevQueryBroker 8 00:00:00 6112k 0.0% 2556 SVC:SessionEnv 8 00:00:00 11248k 0.0% 2564 SVC:DeviceAssociationService 8 00:00:00 8096k 0.0% 2380 SVC:LanmanWorkstation 8 00:00:05 10192k 0.0% 2012 SVC:UmRdpService 8 00:00:00 8364k 0.0% 2064 SVC:igfxCUIService2.0.0.0 8 00:00:00 9384k 0.0% 2272 SVC:CertPropSvc 8 00:00:00 6756k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 974872572 125322916 849549656 13% /FIXED/C:\ Windows 929.71\810.19 [memory] memory Total Used physical: 16263 4754 virtual: 2432 8 page: 18695 5206 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 25834 Security Circular 20971520 68694 System Circular 20971520 56975 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 12/10/2025 22:35:17 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:34:13 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:33:08 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:32:03 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:30:57 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:29:53 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:28:48 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 22:27:43 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 16148 NT AUTHORITY\SYSTEM 2263304/2263312 6627748/6631156 2303608/2303608 51 438 0.1 2025-12-04 16:08:57 9027 SVC:Mesh Agent "C:\Program Files\Mesh Agent\MeshAgent.exe" --installedByUser="S-1-5-21-1738527551-407844408-2392181978-1002" 5384 NT AUTHORITY\SYSTEM 137532/164392 2152370684/2152423700 87908/137412 37 556 0.0 2025-11-16 06:29:42 35526 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 4 Unknown 9292/306032 13640/310472 80/652 0 2547 0.0 2025-11-16 06:29:31 35526 System 2764 Unknown 6332/806000 493416/4182544 226168/945764 662 996 0.0 2025-11-16 06:29:39 35526 SVC:WRSVC 672 NT AUTHORITY\LOCAL SERVICE 19260/23552 2151786708/2151832684 14204/21540 14 378 0.0 2025-11-16 06:29:40 35526 SVC:EventLog C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 14572 NT AUTHORITY\NETWORK SERVICE 20040/22444 2151791584/2151797552 7752/10660 20 436 0.0 2025-12-10 22:13:34 22 WmiPrvSE C:\windows\system32\wbem\wmiprvse.exe -secured -Embedding 4200 NT AUTHORITY\SYSTEM 24228/40124 2151851072/2151864304 10816/32832 19 471 0.0 2025-11-16 06:29:41 35526 SVC:Winmgmt C:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 940 Unknown 26132/26848 2151807216/2151810320 7976/8704 32 1273 0.0 2025-11-16 06:29:37 35526 SVC:KeyIso/Netlogon/SamSs/VaultSvc 6804 NT AUTHORITY\SYSTEM 25616/38264 2151863448/2151867544 39260/42376 636 222 0.0 2025-11-16 06:29:45 35526 WRYES.x64 C:\ProgramData\WRCore\CoreService\Component\YARA\WRYES.x64.exe 5244 Unknown 29788/217240 2152011024/2152070180 21948/206628 25 612 0.0 2025-11-17 05:51:14 34124 SVC:DoSvc 1588 NT AUTHORITY\NETWORK SERVICE 28024/28204 2151783528/2151795148 21468/21812 18 322 0.0 2025-11-16 06:29:38 35526 SVC:Dnscache C:\windows\system32\svchost.exe -k NetworkService -p 3876 NT AUTHORITY\SYSTEM 8152/8232 47064/57304 1408/1992 10 186 0.0 2025-11-16 06:29:41 35526 SVC:CxUtilSvc "C:\windows\CxSvc\CxUtilSvc.exe" 3948 NT AUTHORITY\SYSTEM 10724/10860 68528/77488 2232/2724 15 227 0.0 2025-11-16 06:29:41 35526 SVC:HCLAUTService "C:\Program Files\Common Files\HCL\AutoUpdate\AutoUpdate.exe" /svc 3896 NT AUTHORITY\LOCAL SERVICE 7404/7420 2151744952/2151750072 1312/1604 8 130 0.0 2025-11-16 06:29:41 35526 SVC:DispBrokerDesktopSvc C:\windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 3968 NT AUTHORITY\SYSTEM 41848/42120 4837372/4867988 32948/33116 24 521 0.0 2025-11-16 06:29:41 35526 SVC:igccservice C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c18e9c8eed547b01\OneApp.IGCC.WinService.exe 4184 NT AUTHORITY\SYSTEM 5944/6000 2151745144/2151747192 1248/1404 8 139 0.0 2025-11-16 06:29:41 35526 SVC:TrkWks C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 4192 NT AUTHORITY\SYSTEM 8220/8300 4292444/4297564 1604/1752 9 169 0.0 2025-11-16 06:29:41 35526 SVC:LNSUSvc "C:\Program Files\HCL\Notes\SUService.exe" 4208 NT AUTHORITY\SYSTEM 7272/7456 49060/56684 1440/1828 11 169 0.0 2025-11-16 06:29:41 35526 SVC:wgsslvpnsrc "C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe" 4168 NT AUTHORITY\SYSTEM 10396/10536 2151744852/2151764196 2700/2796 9 147 0.0 2025-11-16 06:29:46 35526 AggregatorHost AggregatorHost.exe 3992 NT AUTHORITY\SYSTEM 10968/11032 2151763696/2151765748 2584/2664 13 219 0.0 2025-11-16 06:29:41 35526 SVC:LanmanServer C:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer 4008 NT AUTHORITY\SYSTEM 6908/6944 2151755968/2151761088 1384/1512 9 149 0.0 2025-11-16 06:29:41 35526 SVC:jhi_service C:\windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe 4132 NT AUTHORITY\SYSTEM 6784/6796 4275228/4278300 1428/1496 9 144 0.0 2025-11-16 06:29:41 35526 SVC:ONLYOFFICE Update Service "C:\Program Files\ONLYOFFICE\DesktopEditors\updatesvc.exe" 3524 NT AUTHORITY\SYSTEM 10300/10380 2151756496/2151763664 2364/2960 20 276 0.0 2025-11-16 06:29:41 35526 SVC:ShellHWDetection C:\windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 3548 NT AUTHORITY\SYSTEM 6556/6636 2151743784/2151748392 1240/1492 8 114 0.0 2025-11-16 10:15:11 35300 SVC:seclogon C:\windows\system32\svchost.exe -k netsvcs -p -s seclogon 3560 NT AUTHORITY\SYSTEM 19732/19772 2151796596/2151807516 5980/6660 24 468 0.0 2025-11-16 06:29:41 35526 SVC:Spooler C:\windows\System32\spoolsv.exe 3432 NT AUTHORITY\SYSTEM 6444/6460 2151745492/2151748564 1296/1468 8 134 0.0 2025-11-16 06:29:41 35526 SVC:TextInputManagementService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TextInputManagementService 3460 NT AUTHORITY\LOCAL SERVICE 7044/7060 2151747896/2151752200 1432/1820 9 153 0.0 2025-11-16 06:29:41 35526 SVC:DusmSvc C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3468 NT AUTHORITY\LOCAL SERVICE 10916/10992 2151754464/2151766776 2324/3424 13 456 0.0 2025-11-16 06:29:41 35526 SVC:Wcmsvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3676 NT AUTHORITY\LOCAL SERVICE 6640/6656 2151753600/2151756672 1288/1440 7 129 0.0 2025-11-16 06:29:41 35526 SVC:CoreMessagingRegistrar C:\windows\system32\svchost.exe -k LocalServiceNoNetwork -p 3728 NT AUTHORITY\SYSTEM 22864/23176 4793248/4796640 23476/23612 18 686 0.0 2025-11-16 06:29:41 35526 SVC:CxAudioSvc "C:\windows\CxSvc\CxAudioSvc.exe" 3816 NT AUTHORITY\SYSTEM 57372/90084 2151921064/2152276296 28792/57452 29 641 0.0 2025-11-16 06:29:41 35526 SVC:DiagTrack C:\windows\System32\svchost.exe -k utcsvc -p 3856 NT AUTHORITY\LOCAL SERVICE 33136/46248 2151851784/2151994452 26456/39916 18 361 0.0 2025-11-16 06:29:41 35526 SVC:DPS C:\windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 3688 NT AUTHORITY\NETWORK SERVICE 21956/82876 2151954524/2152469480 7312/70332 29 315 0.0 2025-11-16 06:29:41 35526 SVC:CryptSvc C:\windows\system32\svchost.exe -k NetworkService -p 3696 NT AUTHORITY\SYSTEM 7500/7640 4269484/4275628 1892/2028 14 187 0.0 2025-11-16 06:29:41 35526 SVC:Bonjour Service "C:\Program Files\Bonjour\mDNSResponder.exe" 3708 NT AUTHORITY\SYSTEM 7124/7248 71280/78904 1816/2196 10 146 0.0 2025-11-16 06:29:41 35526 SVC:AdobeARMservice "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 4260 NT AUTHORITY\SYSTEM 39488/90780 113716/217544 23084/26900 28 473 0.0 2025-11-16 06:29:41 35526 SVC:SDScannerService "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" 6212 NT AUTHORITY\SYSTEM 15624/15624 2151770592/2151771104 7336/7364 10 166 0.0 2025-11-16 06:29:43 35526 conhost \??\C:\windows\system32\conhost.exe 0x4 6392 NT AUTHORITY\LOCAL SERVICE 15256/15272 2151777080/2151780152 2144/2416 12 201 0.0 2025-11-16 06:29:44 35526 SVC:NgcCtnrSvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc 6704 NT AUTHORITY\SYSTEM 11708/11928 2151783632/2151785680 3648/4072 627 185 0.0 2025-11-16 06:29:45 35526 WREDRS.x64 C:\ProgramData\WRCore\CoreService\Component\EDR\WREDRS.x64.exe 5408 NT AUTHORITY\SYSTEM 14168/14168 2151769572/2151771108 5836/5864 10 165 0.0 2025-11-16 06:29:42 35526 conhost \??\C:\windows\system32\conhost.exe 0x4 6172 Unknown 12248/12912 2151766400/2151798312 3192/4224 13 233 0.0 2025-11-16 06:31:49 35524 SVC:wscsvc 6192 NT AUTHORITY\SYSTEM 55104/56012 2152412256/2152432736 38584/40372 667 699 0.0 2025-11-16 06:29:43 35526 WRSkyCommandsClient C:\ProgramData\WRCore\CoreService\Component\SkyCommandsClient\WRSkyCommandsClient.exe 7180 NT AUTHORITY\LOCAL SERVICE 11328/11348 2151759188/2151765852 2064/2464 10 174 0.0 2025-11-17 05:51:14 34124 SVC:LicenseManager C:\windows\System32\svchost.exe -k LocalService -p -s LicenseManager 7712 NT AUTHORITY\SYSTEM 14200/14268 2151774896/2151776952 4264/4324 16 342 0.0 2025-11-16 06:29:49 35526 SVC:WRWTSSvc "c:\Program Files\Webroot\WebThreatShield\WRWTSSvc.exe" 16084 NT AUTHORITY\LOCAL SERVICE 12120/12160 2151758884/2151758900 3320/3400 12 193 0.0 2025-12-10 22:35:19 0 WmiPrvSE C:\windows\system32\wbem\wmiprvse.exe -secured -Embedding 0 8/8 8/8 60/60 0 0 0.0 0 Idle 7364 NT AUTHORITY\LOCAL SERVICE 18880/19096 2151771388/2151773948 11536/11752 12 245 0.0 2025-12-04 05:26:41 9669 SVC:webthreatdefsvc C:\windows\system32\svchost.exe -k WebThreatDefense -p -s webthreatdefsvc 7700 NT AUTHORITY\SYSTEM 13592/16060 2151773600/2151787424 2656/5724 11 216 0.0 2025-11-16 06:30:04 35526 SVC:StorSvc C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 7704 NT AUTHORITY\SYSTEM 10836/10872 2151752988/2151758316 1652/1920 9 157 0.0 2025-11-17 05:49:35 34126 SVC:TokenBroker C:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker 4436 NT AUTHORITY\SYSTEM 6332/6988 4271232/4277376 1908/2188 8 133 0.0 2025-11-16 06:29:41 35526 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe" 4448 NT AUTHORITY\SYSTEM 22132/22344 94292/105172 7440/8092 24 409 0.0 2025-11-16 06:29:41 35526 SVC:SDUpdateService "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" 4456 NT AUTHORITY\SYSTEM 28060/29228 2151832864/2151839016 16248/19236 20 748 0.0 2025-11-16 06:31:49 35524 SVC:WSearch C:\windows\system32\SearchIndexer.exe /Embedding 4292 NT AUTHORITY\SYSTEM 19924/20364 2151785420/2151794932 4260/4820 17 383 0.0 2025-11-16 06:29:41 35526 SVC:WpnService C:\windows\system32\svchost.exe -k netsvcs -p -s WpnService 4404 NT AUTHORITY\SYSTEM 13304/14720 2151777848/2151787360 3940/4668 14 275 0.0 2025-11-16 06:31:47 35524 SVC:PcaSvc C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 4412 NT AUTHORITY\SYSTEM 67032/127020 4854836/4900172 110224/123408 34 473 0.0 2025-11-16 06:29:41 35526 SVC:XTU3SERVICE C:\windows\SysWOW64\XtuService.exe 4496 NT AUTHORITY\SYSTEM 15468/16332 92632/107872 2884/3780 15 293 0.0 2025-11-16 06:29:41 35526 SVC:WMIRegistrationService C:\windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe 4960 NT AUTHORITY\LOCAL SERVICE 9248/9360 2151755048/2151761836 1900/2528 11 227 0.0 2025-11-16 06:29:43 35526 SVC:RmSvc C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc 5192 Unknown 12688/48244 2151846868/2151858928 21708/22992 953 257 0.0 2025-11-16 06:29:42 35526 SVC:WRCoreService 5224 NT AUTHORITY\SYSTEM 17772/18312 2151785916/2151794216 4040/6064 15 286 0.0 2025-11-16 06:31:49 35524 SVC:UsoSvc C:\windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 4512 NT AUTHORITY\SYSTEM 41620/61948 2151844388/2151876544 34024/50672 21 394 0.0 2025-11-16 06:29:46 35526 WmiPrvSE C:\windows\system32\wbem\wmiprvse.exe -Embedding 4740 NT AUTHORITY\SYSTEM 34392/40648 2151815872/2151850528 15668/19372 19 752 0.0 2025-11-16 06:45:43 35510 SVC:InstallService C:\windows\System32\svchost.exe -k netsvcs -p 4808 Unknown 33244/45972 2151874376/2151889744 21920/23948 2591 614 0.0 2025-11-16 06:29:42 35526 SVC:WRSkyClient 3400 NT AUTHORITY\LOCAL SERVICE 17708/17728 2151772684/2151777292 2904/3340 13 353 0.0 2025-11-16 06:29:40 35526 SVC:Audiosrv C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p 1348 NT AUTHORITY\LOCAL SERVICE 8636/8764 2151745812/2151749908 4100/4392 19 143 0.0 2025-11-16 06:29:38 35526 SVC:nsi C:\windows\system32\svchost.exe -k LocalService -p -s nsi 1356 NT AUTHORITY\LOCAL SERVICE 16944/16944 2151764712/2151771708 2824/3256 19 237 0.0 2025-11-16 06:29:38 35526 SVC:BthAvctpSvc C:\windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc 1364 NT AUTHORITY\LOCAL SERVICE 10700/10716 2151753240/2151757848 1788/2308 14 186 0.0 2025-11-16 06:29:38 35526 SVC:BTAGService C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -s BTAGService 1316 NT AUTHORITY\SYSTEM 9528/9568 2151751256/2151755864 1884/2248 11 210 0.0 2025-11-16 06:29:38 35526 SVC:NcbService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1172 Window Manager\DWM-1 50096/59268 2152017664/2152050916 16328/18900 26 748 0.0 2025-11-16 06:29:38 35526 dwm "dwm.exe" 1200 NT AUTHORITY\SYSTEM 7884/8020 2151750824/2151757992 1488/1704 8 160 0.0 2025-11-16 06:29:39 35526 SVC:cphs C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fe9e4d6552ab1bbe\IntelCpHeciSvc.exe 1220 NT AUTHORITY\NETWORK SERVICE 13544/13672 2151788004/2151793016 4164/4436 18 489 0.0 2025-11-16 06:29:38 35526 SVC:TermService C:\windows\System32\svchost.exe -k NetworkService -s TermService 1536 NT AUTHORITY\LOCAL SERVICE 9376/9416 2151754776/2151761944 2884/3224 11 241 0.0 2025-11-16 06:29:38 35526 SVC:Dhcp C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 1580 NT AUTHORITY\SYSTEM 17608/17896 2151788016/2151800788 6140/7064 18 392 0.0 2025-11-16 06:29:38 35526 SVC:Schedule C:\windows\System32\svchost.exe -k netsvcs -s Schedule 1628 NT AUTHORITY\SYSTEM 7460/7476 2151746956/2151752720 1448/1676 8 133 0.0 2025-11-16 06:29:38 35526 SVC:ProfSvc C:\windows\system32\svchost.exe -k UserProfileService -p -s ProfSvc 1400 NT AUTHORITY\LOCAL SERVICE 6668/6732 2151747792/2151750816 1648/1932 8 318 0.0 2025-11-16 06:29:38 35526 SVC:TimeBrokerSvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1376 NT AUTHORITY\LOCAL SERVICE 8708/8820 2151756252/2151758812 1892/2120 13 218 0.0 2025-11-16 06:29:38 35526 SVC:W32Time C:\windows\system32\svchost.exe -k LocalService -s W32Time 1384 NT AUTHORITY\LOCAL SERVICE 14528/14548 2151764116/2151768724 2856/3092 15 259 0.0 2025-11-16 06:29:38 35526 SVC:bthserv C:\windows\system32\svchost.exe -k LocalService -p -s bthserv 1392 NT AUTHORITY\LOCAL SERVICE 6868/6884 2151751412/2151752948 1500/1680 9 146 0.0 2025-11-16 06:29:38 35526 SVC:lmhosts C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 628 Font Driver Host\UMFD-0 4524/4528 2151748244/2151749936 1548/1608 6 42 0.0 2025-11-16 06:29:37 35526 fontdrvhost "fontdrvhost.exe" 684 Unknown 6236/6500 2151772564/2151774228 2064/2384 25 626 0.0 2025-11-16 06:29:36 35526 csrss 696 NT AUTHORITY\SYSTEM 14328/14344 2151755784/2151761416 2160/2536 10 183 0.0 2025-11-16 10:15:00 35301 SVC:camsvc C:\windows\system32\svchost.exe -k osprivacy -p -s camsvc 616 Font Driver Host\UMFD-1 4160/4164 2151745900/2151747436 1304/1380 6 42 0.0 2025-11-16 06:29:37 35526 fontdrvhost "fontdrvhost.exe" 112 Unknown 28732/278844 105152/392516 4108/93872 8 0 0.0 2025-11-16 06:29:29 35526 Registry 508 Unknown 1296/1372 2151718656/2151727980 1116/1216 3 58 0.0 2025-11-16 06:29:31 35526 smss 576 NT AUTHORITY\SYSTEM 20148/20272 2151780804/2151790464 7248/7568 16 1324 0.0 2025-11-16 06:29:37 35526 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\windows\system32\svchost.exe -k DcomLaunch -p 920 Unknown 14896/17284 2151765492/2152038452 6484/13496 15 721 0.0 2025-11-16 06:29:37 35526 services 1068 NT AUTHORITY\SYSTEM 10988/11128 2151759924/2151761972 2612/2792 12 303 0.0 2025-11-16 06:29:38 35526 SVC:LSM C:\windows\system32\svchost.exe -k DcomLaunch -p -s LSM 1148 NT AUTHORITY\SYSTEM 73836/88580 2152141140/2152147756 26144/39768 38 773 0.0 2025-11-16 06:29:38 35526 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3bcf055 /state1:0x41c64e6d 876 NT AUTHORITY\SYSTEM 10792/15760 2151812800/2151826116 2260/6348 12 214 0.0 2025-11-16 06:29:37 35526 winlogon winlogon.exe 776 Unknown 7712/7832 2151751144/2151767056 1416/1964 11 157 0.0 2025-11-16 06:29:36 35526 wininit 784 Unknown 5560/5692 2151762124/2151763404 1868/2596 10 158 0.0 2025-11-16 06:29:36 35526 csrss 852 NT AUTHORITY\NETWORK SERVICE 21472/21488 2151766676/2151769528 14308/14372 17 1057 0.0 2025-11-16 06:29:38 35526 SVC:RpcEptMapper/RpcSs C:\windows\system32\svchost.exe -k RPCSS -p 2924 NT AUTHORITY\SYSTEM 11224/11712 2152036740/2152042372 6348/6676 15 206 0.0 2025-11-16 06:41:14 35514 SVC:DsSvc C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 2944 NT AUTHORITY\SYSTEM 10176/12124 2155970416/2155984292 2124/5504 11 198 0.0 2025-11-16 06:29:40 35526 SVC:SysMain C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 2980 NT AUTHORITY\NETWORK SERVICE 5724/5836 2151737164/2151740748 1108/1336 7 113 0.0 2025-11-16 06:29:40 35526 dasHost dashost.exe {cd7a5525-f361-4cff-9d50fc61ee5c4045} 2824 NT AUTHORITY\SYSTEM 11636/11652 2152810584/2152820404 2636/3444 16 373 0.0 2025-11-16 06:29:39 35526 SVC:iphlpsvc C:\windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 2704 NT AUTHORITY\LOCAL SERVICE 18472/19504 2151783188/2151789844 7456/8268 15 297 0.0 2025-11-16 06:29:39 35526 dasHost dashost.exe {ea559576-958b-4433-87b60382b56c03f1} 2744 NT AUTHORITY\SYSTEM 17816/26596 2151773008/2151778704 10156/19568 10 270 0.0 2025-11-16 06:29:39 35526 SVC:StateRepository C:\windows\system32\svchost.exe -k appmodel -p -s StateRepository 2792 NT AUTHORITY\LOCAL SERVICE 7968/8332 2151752280/2151757400 1904/2836 10 180 0.0 2025-11-16 06:29:39 35526 SVC:WinHttpAutoProxySvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 3120 NT AUTHORITY\LOCAL SERVICE 8608/8800 2151781092/2151786484 1876/2120 11 173 0.0 2025-11-16 06:29:40 35526 SVC:FontCache C:\windows\system32\svchost.exe -k LocalService -p -s FontCache 3140 Unknown 72308/101256 80256/108928 228/280 0 0 0.0 2025-11-16 06:29:40 35526 Memory Compression 3348 NT AUTHORITY\LOCAL SERVICE 11540/11560 2151766888/2151774188 2392/2820 12 228 0.0 2025-11-16 06:29:40 35526 SVC:StiSvc C:\windows\system32\svchost.exe -k imgsvc 3112 NT AUTHORITY\SYSTEM 9852/9872 2151756008/2151761640 1996/2352 11 227 0.0 2025-11-16 06:29:40 35526 SVC:AudioEndpointBuilder C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder 3068 NT AUTHORITY\LOCAL SERVICE 8332/8540 2151758132/2151774516 2264/3204 15 253 0.0 2025-11-16 06:29:40 35526 SVC:SSDPSRV C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV 3076 NT AUTHORITY\SYSTEM 5976/6004 2151748032/2151750592 1228/1348 8 123 0.0 2025-11-16 06:29:40 35526 SVC:Themes C:\windows\System32\svchost.exe -k netsvcs -p -s Themes 3092 NT AUTHORITY\LOCAL SERVICE 19168/19184 2151793996/2151802188 4496/4940 22 359 0.0 2025-11-16 06:31:46 35524 SVC:CDPSvc C:\windows\system32\svchost.exe -k LocalService -p -s CDPSvc 1928 NT AUTHORITY\SYSTEM 9780/9848 2151754184/2151760748 1888/2260 9 163 0.0 2025-11-16 06:29:39 35526 SVC:UserManager C:\windows\system32\svchost.exe -k netsvcs -p -s UserManager 1956 NT AUTHORITY\SYSTEM 5892/5892 2151744848/2151746828 1256/1376 10 132 0.0 2025-11-16 06:29:39 35526 SVC:SENS C:\windows\system32\svchost.exe -k netsvcs -p -s SENS 1972 NT AUTHORITY\LOCAL SERVICE 26852/32804 2151800368/2151808432 16092/21476 33 437 0.0 2025-11-16 06:29:39 35526 SVC:BFE/mpssvc C:\windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 1884 NT AUTHORITY\NETWORK SERVICE 18464/18548 2151779616/2151806752 5248/7260 21 814 0.0 2025-11-16 06:29:39 35526 SVC:netprofm C:\windows\System32\svchost.exe -k netprofm -p -s netprofm 1644 NT AUTHORITY\SYSTEM 8300/8368 2151757128/2151764296 1600/1780 9 184 0.0 2025-11-16 06:29:38 35526 SVC:cplspcon C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fe9e4d6552ab1bbe\IntelCpHDCPSvc.exe 1676 NT AUTHORITY\LOCAL SERVICE 8652/8800 2151754220/2151760356 1912/2284 10 179 0.0 2025-11-16 06:29:38 35526 SVC:EventSystem C:\windows\system32\svchost.exe -k LocalService -p -s EventSystem 1776 NT AUTHORITY\SYSTEM 8588/8612 2151748808/2151752444 1604/1836 9 148 0.0 2025-11-16 06:29:38 35526 SVC:NgcSvc C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc 2428 NT AUTHORITY\SYSTEM 6112/6172 2151747084/2151751180 1248/1488 8 119 0.0 2025-11-16 06:29:39 35526 SVC:DevQueryBroker C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DevQueryBroker 2556 NT AUTHORITY\SYSTEM 11248/11272 2151763388/2151765948 2352/2504 16 242 0.0 2025-11-16 06:29:39 35526 SVC:SessionEnv C:\windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 2564 NT AUTHORITY\SYSTEM 8096/8172 2151749052/2151763388 1700/2396 9 188 0.0 2025-11-16 06:29:39 35526 SVC:DeviceAssociationService C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService 2380 NT AUTHORITY\NETWORK SERVICE 10192/10240 2151761096/2151765192 2164/2292 12 233 0.0 2025-11-16 06:29:39 35526 SVC:LanmanWorkstation C:\windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 2012 NT AUTHORITY\SYSTEM 8364/8472 2151758408/2151761480 1648/1880 11 184 0.0 2025-11-16 06:29:39 35526 SVC:UmRdpService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 2064 NT AUTHORITY\SYSTEM 9384/9428 2151755740/2151761884 1736/1944 10 183 0.0 2025-11-16 06:29:39 35526 SVC:igfxCUIService2.0.0.0 C:\windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_c36cd6406677db45\igfxCUIService.exe 2272 NT AUTHORITY\SYSTEM 6756/6772 2151746200/2151749272 1356/1512 8 149 0.0 2025-11-16 06:29:39 35526 SVC:CertPropSvc C:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc [netstat] PacketsReceived=10197837 ReceivedHeaderErrors=0 ReceivedAddressErrors=609 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=2768773 ReceivedPacketsDelivered=9268218 OutputRequests=3360204 RoutingDiscards=0 DiscardedOutputPackets=33572 OutputPacketNoRoute=5 ReassemblyRequired=26 ReassemblySuccessful=13 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=1190223 ReceivedHeaderErrors=0 ReceivedAddressErrors=441 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=5365 ReceivedPacketsDelivered=1185825 OutputRequests=779 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=263008 tcpPassiveOpens=21034 tcpFailedConnectionAttempts=4573 tcpResetConnections=27337 tcpCurrentConnections=3 tcpSegmentsReceived=2653138 tcpSegmentsSent=3382552 tcpSegmentsRetransmitted=23080 tcpActiveOpens=12 tcpPassiveOpens=0 tcpFailedConnectionAttempts=12 tcpResetConnections=0 tcpCurrentConnections=0 tcpSegmentsReceived=72 tcpSegmentsSent=48 tcpSegmentsRetransmitted=24 udpDatagramsReceived=6688858 udpNoPorts=982420 udpReceiveErrors=61 udpDatagramsSent=48704 udpDatagramsReceived=1188646 udpNoPorts=4177 udpReceiveErrors=0 udpDatagramsSent=666 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING TCP 0.0.0.0:49683 0.0.0.0:0 LISTENING TCP 127.0.0.1:623 0.0.0.0:0 LISTENING TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING TCP 127.0.0.1:16992 0.0.0.0:0 LISTENING TCP 127.0.0.1:21320 0.0.0.0:0 LISTENING TCP 127.0.0.1:21321 0.0.0.0:0 LISTENING TCP 127.0.0.1:21322 0.0.0.0:0 LISTENING TCP 127.0.0.1:21323 0.0.0.0:0 LISTENING TCP 127.0.0.1:27019 0.0.0.0:0 LISTENING TCP 192.168.5.74:139 0.0.0.0:0 LISTENING TCP 192.168.5.74:50541 72.145.35.116:443 ESTABLISHED TCP 192.168.5.74:50542 23.221.133.182:443 ESTABLISHED TCP 192.168.5.74:50547 125.253.56.44:443 ESTABLISHED TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:7680 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49672 [::]:0 LISTENING TCP [::]:49673 [::]:0 LISTENING TCP [::]:49683 [::]:0 LISTENING TCP [::1]:49674 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:5050 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:54247 *:* UDP 0.0.0.0:58259 *:* UDP 0.0.0.0:58687 *:* UDP 0.0.0.0:58688 *:* UDP 0.0.0.0:64182 *:* UDP 0.0.0.0:65057 *:* UDP 127.0.0.1:1900 *:* UDP 127.0.0.1:12011 *:* UDP 127.0.0.1:50296 *:* UDP 127.0.0.1:61034 127.0.0.1:61034 UDP 127.0.0.1:65059 127.0.0.1:65059 UDP 192.168.5.74:137 *:* UDP 192.168.5.74:138 *:* UDP 192.168.5.74:1900 *:* UDP 192.168.5.74:5353 *:* UDP 192.168.5.74:50295 *:* UDP [::]:123 *:* UDP [::]:3389 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:54247 *:* UDP [::]:58259 *:* UDP [::]:58688 *:* UDP [::]:64182 *:* UDP [::]:65058 *:* UDP [::1]:1900 *:* UDP [::1]:5353 *:* UDP [::1]:50294 *:* UDP [fe80::89dc:c42:1b76:f272%13]:1900 *:* UDP [fe80::89dc:c42:1b76:f272%13]:50293 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : TCS-DT-Workshop Primary Dns Suffix . . . . . . . : twilight.inside Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : twilight.inside Unknown adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-ED-66-59-69 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Ethernet: Connection-specific DNS Suffix . : twilight.inside Description . . . . . . . . . . . : Intel(R) Ethernet Connection (5) I219-LM Physical Address. . . . . . . . . : 18-60-24-26-42-D8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::89dc:c42:1b76:f272%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.5.74(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.252.0 Lease Obtained. . . . . . . . . . : Sunday, 16 November 2025 10:14:56 AM Lease Expires . . . . . . . . . . : Thursday, 18 December 2025 10:15:34 AM Default Gateway . . . . . . . . . : 192.168.5.1 DHCP Server . . . . . . . . . . . : 192.168.5.5 DHCPv6 IAID . . . . . . . . . . . : 116668681 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2E-5D-D6-F1-18-60-24-26-42-D8 DNS Servers . . . . . . . . . . . : 192.168.5.5 8.8.8.8 1.1.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Bluetooth Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #3 Physical Address. . . . . . . . . : 00-1A-7D-DA-71-15 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes [route] =========================================================================== Interface List 17...00 ff ed 66 59 69 ......TAP-Windows Adapter V9 13...18 60 24 26 42 d8 ......Intel(R) Ethernet Connection (5) I219-LM 18...00 1a 7d da 71 15 ......Bluetooth Device (Personal Area Network) #3 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.5.1 192.168.5.74 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.4.0 255.255.252.0 On-link 192.168.5.74 281 192.168.5.74 255.255.255.255 On-link 192.168.5.74 281 192.168.7.255 255.255.255.255 On-link 192.168.5.74 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.5.74 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.5.74 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 13 281 fe80::/64 On-link 13 281 fe80::89dc:c42:1b76:f272/128 On-link 1 331 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 192.168.5.74 7366151678 1532201164 [svcs] Name StartupType Status DisplayName AdobeARMservice automatic started Adobe Acrobat Update Service afcdpsrv automatic stopped Acronis Nonstop Backup Service AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) AssignedAccessManagerSvc manual stopped AssignedAccessManager Service AudioEndpointBuilder automatic started Windows Audio Endpoint Builder Audiosrv automatic started Windows Audio autotimesvc manual stopped Cellular Time AxInstSV manual stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service Bonjour_Service automatic started Bonjour Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service BTAGService manual started Bluetooth Audio Gateway Service BthAvctpSvc manual started AVCTP service bthserv manual started Bluetooth Support Service camsvc manual started Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) cloudidsvc manual stopped Microsoft Cloud Identity Service COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging cphs manual started Intel(R) Content Protection HECI Service cplspcon automatic started Intel(R) Content Protection HDCP Service CryptSvc automatic started Cryptographic Services CscService manual stopped Offline Files CxAudioSvc automatic started CxAudioSvc CxUtilSvc automatic started CxUtilSvc DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService automatic started Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual started DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service diagsvc manual stopped Diagnostic Execution Service DiagTrack automatic started Connected User Experiences and Telemetry DialogBlockingService disabled stopped DialogBlockingService DispBrokerDesktopSvc automatic started Display Policy Service DisplayEnhancementService manual stopped Display Enhancement Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice manual stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc automatic started Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service DusmSvc automatic started Data Usage EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication fhsvc manual stopped File History Service FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GameInputSvc manual stopped GameInput Service GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService144.0.7547.0 automatic stopped Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) GoogleUpdaterService144.0.7547.0 automatic stopped Google Updater Service (GoogleUpdaterService144.0.7547.0) gpsvc automatic stopped Group Policy Client GraphicsPerfSvc manual stopped GraphicsPerfSvc HCLAUTService automatic started HCL Auto Update Service hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service icssvc manual stopped Windows Mobile Hotspot Service igccservice automatic started Intel(R) Graphics Command Center Service igfxCUIService2.0.0.0 automatic started Intel(R) HD Graphics Control Panel Service IKEEXT manual stopped IKE and AuthIP IPsec Keying Modules InstallService manual started Microsoft Store Install Service Intel(R)_Capability_Licensing_Service_TCP_IP_Interface manual stopped Intel(R) Capability Licensing Service TCP IP Interface Intel(R)_TPM_Provisioning_Service automatic stopped Intel(R) TPM Provisioning Service InventorySvc manual stopped Inventory and Compatibility Appraisal service iphlpsvc automatic started IP Helper IpxlatCfgSvc manual stopped IP Translation Configuration Service jhi_service automatic started Intel(R) Dynamic Application Loader Host Interface Service KeyIso manual started CNG Key Isolation KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc manual stopped Geolocation Service LicenseManager manual started Windows License Manager Service lltdsvc manual stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LNSUSvc automatic started HCL Notes Smart Upgrade Service LSM automatic started Local Session Manager LxpSvc manual stopped Language Experience Service MapsBroker automatic stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService MDCoreSvc manual stopped Microsoft Defender Core Service Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) MixedRealityOpenXRSvc manual stopped Windows Mixed Reality OpenXR Service MozillaMaintenance manual stopped Mozilla Maintenance Service mpssvc automatic started Windows Defender Firewall MSDTC manual stopped Distributed Transaction Coordinator MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MsKeyboardFilter disabled stopped Microsoft Keyboard Filter NaturalAuthentication manual stopped Natural Authentication NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker NcdAutoSetup manual stopped Network Connected Devices Auto-Setup Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual started Microsoft Passport Container NgcSvc manual started Microsoft Passport NlaSvc manual stopped Network Location Awareness nsi automatic started Network Store Interface Service ONLYOFFICE_Update_Service automatic started ONLYOFFICE Update Service p2pimsvc manual stopped Peer Networking Identity Manager p2psvc manual stopped Peer Networking Grouping PcaSvc automatic started Program Compatibility Assistant Service PeerDistSvc manual stopped BranchCache perceptionsimulation manual stopped Windows Perception Simulation Service PerfHost manual stopped Performance Counter DLL Host PhoneSvc manual stopped Phone Service pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PNRPAutoReg manual stopped PNRP Machine Name Publication Service PNRPsvc manual stopped Peer Name Resolution Protocol PolicyAgent manual stopped IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall manual stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan manual stopped Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry disabled stopped Remote Registry RetailDemo manual stopped Retail Demo Service RmSvc manual started Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum manual stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy SDRSVC manual stopped Windows Backup SDScannerService automatic started Spybot-S&D 2 Scanner Service SDUpdateService automatic started Spybot-S&D 2 Updating Service seclogon manual started Secondary Logon SecurityHealthService manual stopped Windows Security Service SEMgrSvc manual stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService manual stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess manual stopped Internet Connection Sharing (ICS) SharedRealitySvc manual stopped Spatial Data Service ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SmsRouter manual stopped Microsoft Windows SMS Router Service. SNMPTrap manual stopped SNMP Trap spectrum manual stopped Windows Perception Service Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SSDPSRV manual started SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual stopped Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual started Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv manual stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TapiSrv manual stopped Telephony TermService manual started Remote Desktop Services TextInputManagementService automatic started Text Input Management Service Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual started Web Account Manager TrkWks automatic started Distributed Link Tracking Client TroubleshootingSvc manual stopped Recommended Troubleshooting Service TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UevAgentService disabled stopped User Experience Virtualization Service uhssvc disabled stopped Microsoft Update Health Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost manual stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VacSvc manual stopped Volumetric Audio Compositor Service VaultSvc manual started Credential Manager vds manual stopped Virtual Disk vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicrdv manual stopped Hyper-V Remote Desktop Virtualization Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS manual stopped Volume Shadow Copy W32Time automatic started Windows Time WaaSMedicSvc manual stopped WaaSMedicSvc WalletService manual stopped WalletService WarpJITSvc manual stopped Warp JIT Service wbengine manual stopped Block Level Backup Engine Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager wcncsvc manual stopped Windows Connect Now - Config Registrar WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host WdNisSvc manual stopped Microsoft Defender Antivirus Network Inspection Service WebClient manual stopped WebClient webthreatdefsvc manual started Web Threat Defense Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WFDSConMgrSvc manual stopped Wi-Fi Direct Services Connection Manager Service wgsslvpnsrc automatic started WatchGuard SSLVPN Service WiaRpc manual stopped Still Image Acquisition Events WinDefend manual stopped Microsoft Defender Antivirus Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM manual stopped Windows Remote Management (WS-Management) wisvc manual stopped Windows Insider Service WlanSvc manual stopped WLAN AutoConfig wlidsvc manual stopped Microsoft Account Sign-in Assistant wlpasvc manual stopped Local Profile Assistant Service WManSvc manual stopped Windows Management Service wmiApSrv manual stopped WMI Performance Adapter WMIRegistrationService automatic started Intel(R) Management Engine WMI Provider Registration WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service workfolderssvc manual stopped Work Folders WpcMonSvc manual stopped Parental Controls WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WRCoreService automatic started WRCoreService WRSkyClient automatic started WRSkyClient WRSVC automatic started WRSVC WRWTSSvc manual started Web Threat Shield Service wscsvc automatic started Security Center WSearch automatic started Windows Search wuauserv manual stopped Windows Update WwanSvc manual stopped WWAN AutoConfig XblAuthManager manual stopped Xbox Live Auth Manager XblGameSave manual stopped Xbox Live Game Save XboxGipSvc manual stopped Xbox Accessory Management Service XboxNetApiSvc manual stopped Xbox Live Networking Service XTU3SERVICE automatic started XTUOCDriverService XymonPSClient automatic started XymonPSClient [uptime] sec: 2131569 24 days 16 hours 6 minutes 9 seconds Bootup: 20251116062929.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn rdp-tcp 65536 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [XymonConfig] XymonSettings serversList : xymon.twilight.inside serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : tcs-dt-workshop clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : xymon.twilight.inside clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname tcs-dt-workshop [XymonPSClientInfo] Collection number: 7097 Last transmission method: TCP Id : 5384 Handles : 550 CPU : 3700.15625 SI : 0 Name : powershell