[collector:] client ino-rut-fp01.powershell powershell XymonPS [date] Wed 10 Dec 21:28:48 2025 [clock] epoch: 1765362528 local: Wed 10 Dec 21:28:48 2025 UTC: Wed 10 Dec 10:28:48 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 5 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0074001s Root Dispersion: 0.1021708s ReferenceId: 0x0A023F2F (source IP: 10.2.63.47) Last Successful Sync Time: 10/12/2025 9:14:56 PM Source: INO-RUT-DC02.inside.inoxihp.com.au Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows Server 2022 Datacenter (build 20348) [cpu] up: 0 days, 0 users, 113 procs, load=19.95% CPU states: total 19.95% cores: 4 CPU PID Image Name Pri Time MemUsage 17.2% 5820 idwutil_600 8 00:03:29 115588k 0.7% 1256 SVC:EventLog 8 00:03:56 46700k 0.5% 3424 SVC:WinDefend 8 00:09:47 288168k 0.4% 4 System 8 00:01:54 144k 0.4% 4448 powershell 8 00:02:29 88472k 0.2% 2832 SVC:BASupportExpressStandalone 13 00:02:53 29188k 0.2% 2776 SVC:BASupportExpressSrvcUpdate 8 00:00:04 22936k 0.2% 3020 SVC:Mesh Agent 8 00:01:57 141336k 0.0% 3272 SVC:Winmgmt 8 00:00:32 29492k 0.0% 2952 SVC:LTService 8 00:00:33 33596k 0.0% 4672 WmiPrvSE 8 00:00:22 27848k 0.0% 8452 SVC:IDriveService 8 00:15:51 545148k 0.0% 976 SVC:RpcEptMapper/RpcSs 8 00:00:15 11804k 0.0% 716 services 9 00:00:10 10516k 0.0% 2204 SVC:WSearch 8 00:00:08 23456k 0.0% 1208 SVC:Dnscache 8 00:00:05 9988k 0.0% 2188 WmiPrvSE 8 00:00:08 20124k 0.0% 768 WmiPrvSE 8 00:00:08 20464k 0.0% 728 SVC:KeyIso/Netlogon/SamSs 9 00:11:38 25364k 0.0% 8268 SVC:DPS 8 00:00:02 23068k 0.0% 3956 SVC:RasMan 8 00:00:00 13404k 0.0% 3452 SVC:WpnService 8 00:00:00 11124k 0.0% 3440 SVC:Windows Agent Service 8 00:00:42 258672k 0.0% 3636 SVC:VeeamEndpointBackupSvc 8 00:00:02 93368k 0.0% 3644 SVC:XymonPSClient 8 00:00:00 6480k 0.0% 3432 SVC:WinRM 8 00:00:00 13304k 0.0% 2968 SVC:LTSvcMon 8 00:00:00 12280k 0.0% 3000 SVC:LanmanServer 8 00:00:00 12928k 0.0% 2916 SVC:HelpDeskService 8 00:00:00 8352k 0.0% 8944 SVC:AppXSvc 8 00:00:00 11560k 0.0% 2848 SVC:DiagTrack 8 00:00:01 33456k 0.0% 3076 SVC:SstpSvc 8 00:00:00 7544k 0.0% 3212 SVC:TrkWks 8 00:00:00 5984k 0.0% 3220 SVC:UsoSvc 8 00:00:00 12112k 0.0% 3164 SVC:SysMain 8 00:00:00 6944k 0.0% 3084 SVC:SrmSvc 8 00:00:01 26440k 0.0% 3124 SVC:MSDTC 8 00:00:00 11212k 0.0% 3980 SVC:VeeamTransportSvc 8 00:00:00 10884k 0.0% 6440 SVC:msiserver 8 00:00:00 17044k 0.0% 6488 SVC:StorSvc 8 00:00:00 14860k 0.0% 7052 SVC:WdNisSvc 8 00:00:30 13112k 0.0% 6252 conhost 8 00:00:00 10064k 0.0% 6344 NableSixtyFourBitManager 8 00:00:00 62352k 0.0% 6428 conhost 8 00:00:00 10072k 0.0% 8380 SVC:UALSVC 8 00:00:00 14704k 0.0% 8780 SVC:PcaSvc 8 00:00:00 11560k 0.0% 8880 SVC:SolarWinds.MSP.CacheServic 8 00:00:00 51548k 0.0% 7156 BASupSysInf 6 00:00:00 19976k 0.0% 7684 conhost 8 00:00:00 10212k 0.0% 8324 SVC:SolarWinds.MSP.RpcServerSe 8 00:00:04 72772k 0.0% 4476 conhost 8 00:00:01 13196k 0.0% 4684 AggregatorHost 8 00:00:00 7740k 0.0% 4728 SVC:StateRepository 8 00:00:00 10944k 0.0% 3992 SVC:VeeamDeploySvc 8 00:00:00 14804k 0.0% 4332 conhost 6 00:00:00 10172k 0.0% 4372 WmiPrvSE 8 00:00:01 14036k 0.0% 5248 SVC:PME.Agent.PmeService 8 00:00:00 33164k 0.0% 5256 SVC:WdiSystemHost 8 00:00:00 6296k 0.0% 5796 NableReactiveManagement 8 00:00:00 45800k 0.0% 4772 Veeam.Guest.Interaction.Proxy 8 00:00:00 10748k 0.0% 5048 BackupFP 8 00:01:46 268912k 0.0% 5228 conhost 8 00:00:00 10020k 0.0% 1016 SVC:LSM 8 00:00:00 9568k 0.0% 1036 SVC:NcbService 8 00:00:00 8592k 0.0% 1048 SVC:TimeBrokerSvc 8 00:00:00 6288k 0.0% 896 fontdrvhost 8 00:00:00 3576k 0.0% 904 fontdrvhost 8 00:00:00 3432k 0.0% 992 SVC:W32Time 8 00:00:00 8672k 0.0% 1272 dwm 13 00:00:00 44960k 0.0% 1384 SVC:BFE/mpssvc 8 00:00:01 19540k 0.0% 1452 SVC:ScreenConnect Client (69e7 8 00:00:00 39296k 0.0% 1128 SVC:ShellHWDetection 8 00:00:00 8944k 0.0% 1144 SVC:Dhcp 8 00:00:01 8108k 0.0% 1192 LogonUI 13 00:00:00 48932k 0.0% 860 SVC:BrokerInfrastructure/DcomL 8 00:00:00 14660k 0.0% 444 SVC:nsi 8 00:00:00 8148k 0.0% 484 csrss 13 00:00:02 6652k 0.0% 528 SVC:TermService 8 00:00:00 13324k 0.0% 0 Idle 0 8k 0.0% 124 Registry 8 00:00:01 19416k 0.0% 380 smss 11 00:00:00 1300k 0.0% 760 SVC:lmhosts 8 00:00:00 5688k 0.0% 804 SVC:CDPSvc 8 00:00:00 11920k 0.0% 832 SVC:Windows Agent Maintenance 8 00:00:00 32460k 0.0% 572 wininit 13 00:00:00 7248k 0.0% 580 csrss 13 00:00:00 5960k 0.0% 644 winlogon 13 00:00:00 10092k 0.0% 1484 SVC:NlaSvc 8 00:00:00 13720k 0.0% 2416 SVC:UserManager 8 00:00:00 7852k 0.0% 2532 SVC:iphlpsvc 8 00:00:00 10772k 0.0% 2580 SVC:PolicyAgent 8 00:00:00 7864k 0.0% 2124 SVC:WinHttpAutoProxySvc 8 00:00:00 7928k 0.0% 2132 SVC:SessionEnv 8 00:00:00 10232k 0.0% 2360 SVC:DispBrokerDesktopSvc 8 00:00:00 7324k 0.0% 2728 SVC:Backup Service Controller 8 00:00:00 10408k 0.0% 2788 SVC:CryptSvc 8 00:00:17 19740k 0.0% 2824 SVC:DHCPServer 8 00:00:00 54660k 0.0% 2588 SVC:IKEEXT 8 00:00:00 8608k 0.0% 2604 SVC:Spooler 8 00:00:01 28200k 0.0% 2716 SVC:AutomationManagerAgent 8 00:00:07 106544k 0.0% 2036 SVC:LanmanWorkstation 8 00:00:00 10656k 0.0% 1608 SVC:Themes 8 00:00:00 6052k 0.0% 1616 SVC:EventSystem 8 00:00:00 8312k 0.0% 1624 SVC:FontCache 8 00:00:00 7316k 0.0% 1556 SVC:gpsvc 8 00:00:00 13212k 0.0% 1572 SVC:UmRdpService 8 00:00:00 6928k 0.0% 1600 SVC:ProfSvc 8 00:00:00 6900k 0.0% 1860 SVC:SENS 8 00:00:00 9440k 0.0% 1872 SVC:CertPropSvc 8 00:00:00 6532k 0.0% 2000 SVC:Wcmsvc 8 00:00:00 9204k 0.0% 1796 SVC:netprofm 8 00:00:00 11028k 0.0% 1820 SVC:CoreMessagingRegistrar 8 00:00:00 6252k 0.0% 1840 SVC:Schedule 8 00:00:01 15368k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 209074172 38044696 171029476 18% /FIXED/C:\ 199.39\163.11 D 4194285564 1985908336 2208377228 47% /FIXED/D:\ data 3999.98\2106.07 [memory] memory Total Used physical: 32767 4865 virtual: 4864 0 page: 37631 4362 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 31230 Security Circular 20971520 62151 System Circular 20971520 48976 Application [msgs:eventlog_Security] [msgs:eventlog_System] [msgs:eventlog_Application] Information - 12/10/2025 21:23:38 - [10001] - Microsoft-Windows-RestartManager - Ending session 0 started ?2025?-?12?-?10T10:23:38.315294000Z. Information - 12/10/2025 21:23:38 - [10000] - Microsoft-Windows-RestartManager - Starting session 0 - ?2025?-?12?-?10T10:23:38.315294000Z. Information - 12/10/2025 21:23:38 - [1042] - MsiInstaller - Ending a Windows Installer transaction: {ED85AD79-E341-4F87-A796-F36B9F6C91C8}. Client Process Id: 5672. Information - 12/10/2025 21:23:38 - [1034] - MsiInstaller - Windows Installer removed the product. Product Name: MSP Core Agent. Product Version: 1.0.65.0. Product Language: 1033. Manufacturer: N-able Technologies Ltd.. Removal success or error status: 0. Information - 12/10/2025 21:23:38 - [11724] - MsiInstaller - Product: MSP Core Agent -- Removal completed successfully. Information - 12/10/2025 21:23:38 - [1040] - MsiInstaller - Beginning a Windows Installer transaction: {ED85AD79-E341-4F87-A796-F36B9F6C91C8}. Client Process Id: 5672. [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 5820 NT AUTHORITY\SYSTEM 115588/115680 539828/547708 110292/110564 16 246 17.2 2025-12-10 21:19:43 9 idwutil_600 "C:\Program Files (x86)\IDriveWindows\cmd_sdutil\idwutil_600.exe" --utf8-cmd="/C/ProgramData/IDrive360/BackupTemp_Sch/argsD"--password-file="MzIttqksIumLpqZKgpSZv9dKlvfDwhy7JGfYIMZap3h/dKM"--pvt-key="MTYtASHHnHViPYSaWX6tvO930g" 1256 NT AUTHORITY\LOCAL SERVICE 46700/77080 4194304/4194304 57168/69900 20 1631 0.7 2025-12-10 15:22:26 366 SVC:EventLog 3424 Unknown 288168/1056976 4194304/4194304 607128/1114124 303 890 0.5 2025-12-10 15:22:27 366 SVC:WinDefend 4 Unknown 144/1880 3968/15292 40/64 0 2070 0.4 2025-12-10 15:22:22 366 System 4448 NT AUTHORITY\SYSTEM 88472/120052 331368/349988 71860/103976 38 561 0.4 2025-12-10 15:22:28 366 powershell "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 2832 NT AUTHORITY\SYSTEM 29188/29564 152556/162544 15316/15752 38 414 0.2 2025-12-10 15:22:27 366 SVC:BASupportExpressStandaloneService_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvc.exe" 2776 NT AUTHORITY\SYSTEM 22936/39932 129668/155868 9492/27148 23 426 0.2 2025-12-10 15:22:27 366 SVC:BASupportExpressSrvcUpdater_N_Central "C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\BASupSrvcUpdater.exe" 3020 NT AUTHORITY\SYSTEM 141336/141612 4194304/4194304 129636/129680 21 325 0.2 2025-12-10 15:22:27 366 SVC:Mesh Agent 3272 NT AUTHORITY\SYSTEM 29492/41824 4194304/4194304 16764/34720 20 484 0.0 2025-12-10 15:22:27 366 SVC:Winmgmt 2952 NT AUTHORITY\SYSTEM 33596/234176 4194304/4194304 88740/257612 55 2073 0.0 2025-12-10 15:22:27 366 SVC:LTService 4672 NT AUTHORITY\NETWORK SERVICE 27848/32832 4194304/4194304 13164/15820 20 774 0.0 2025-12-10 15:22:30 366 WmiPrvSE 8452 NT AUTHORITY\SYSTEM 545148/1105572 4194304/4194304 527880/1118028 55 1042 0.0 2025-12-10 15:24:29 364 SVC:IDriveService 976 NT AUTHORITY\NETWORK SERVICE 11804/11984 4194304/4194304 5320/5588 17 833 0.0 2025-12-10 15:22:26 366 SVC:RpcEptMapper/RpcSs 716 Unknown 10516/10820 4194304/4194304 5544/7896 12 612 0.0 2025-12-10 15:22:25 366 services 2204 NT AUTHORITY\SYSTEM 23456/23688 4194304/4194304 20080/20520 37 725 0.0 2025-12-10 15:24:31 364 SVC:WSearch 1208 NT AUTHORITY\NETWORK SERVICE 9988/10140 4194304/4194304 3616/3900 18 311 0.0 2025-12-10 15:22:26 366 SVC:Dnscache 2188 NT AUTHORITY\SYSTEM 20124/39756 109936/154240 11380/32784 17 299 0.0 2025-12-10 15:55:09 333 WmiPrvSE C:\Windows\sysWOW64\wbem\wmiprvse.exe -Embedding 768 NT AUTHORITY\SYSTEM 20464/42916 4194304/4194304 13056/35412 15 288 0.0 2025-12-10 15:55:10 333 WmiPrvSE 728 NT AUTHORITY\SYSTEM 25364/25816 4194304/4194304 9912/10592 31 2181 0.0 2025-12-10 15:22:25 366 SVC:KeyIso/Netlogon/SamSs 8268 NT AUTHORITY\LOCAL SERVICE 23068/23516 4194304/4194304 16292/16700 17 303 0.0 2025-12-10 15:24:29 364 SVC:DPS 3956 NT AUTHORITY\SYSTEM 13404/13480 4194304/4194304 3368/3776 24 417 0.0 2025-12-10 15:22:27 366 SVC:RasMan 3452 NT AUTHORITY\SYSTEM 11124/11232 4194304/4194304 1388/1764 8 126 0.0 2025-12-10 15:22:27 366 SVC:WpnService 3440 NT AUTHORITY\SYSTEM 258672/272284 816476/839544 229492/253192 112 1770 0.0 2025-12-10 15:22:27 366 SVC:Windows Agent Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\agent.exe" 3636 NT AUTHORITY\SYSTEM 93368/96472 4194304/4194304 50736/53152 65 1005 0.0 2025-12-10 15:22:27 366 SVC:VeeamEndpointBackupSvc 3644 NT AUTHORITY\SYSTEM 6480/6732 4194304/4194304 1864/2164 8 124 0.0 2025-12-10 15:22:27 366 SVC:XymonPSClient 3432 NT AUTHORITY\NETWORK SERVICE 13304/13416 4194304/4194304 3008/3668 14 252 0.0 2025-12-10 15:22:27 366 SVC:WinRM 2968 NT AUTHORITY\SYSTEM 12280/42672 4194304/4194304 34720/34996 27 496 0.0 2025-12-10 15:22:27 366 SVC:LTSvcMon 3000 NT AUTHORITY\SYSTEM 12928/13016 4194304/4194304 3360/3732 14 261 0.0 2025-12-10 15:22:27 366 SVC:LanmanServer 2916 NT AUTHORITY\SYSTEM 8352/8428 4194304/4194304 2220/2380 11 225 0.0 2025-12-10 15:22:27 366 SVC:HelpDeskService 8944 Unknown 11560/11616 4194304/4194304 3488/3668 10 159 0.0 2025-12-10 21:22:30 6 SVC:AppXSvc 2848 NT AUTHORITY\SYSTEM 33456/50348 4194304/4194304 15704/39764 24 553 0.0 2025-12-10 15:22:27 366 SVC:DiagTrack 3076 NT AUTHORITY\LOCAL SERVICE 7544/7604 4194304/4194304 1648/1912 42 160 0.0 2025-12-10 15:22:27 366 SVC:SstpSvc 3212 NT AUTHORITY\SYSTEM 5984/6012 4194304/4194304 1288/1440 8 144 0.0 2025-12-10 15:22:27 366 SVC:TrkWks 3220 NT AUTHORITY\SYSTEM 12112/12668 4194304/4194304 2632/3384 14 237 0.0 2025-12-10 15:22:27 366 SVC:UsoSvc 3164 NT AUTHORITY\SYSTEM 6944/6992 4194304/4194304 1540/1800 9 144 0.0 2025-12-10 15:22:27 366 SVC:SysMain 3084 NT AUTHORITY\SYSTEM 26440/28516 4194304/4194304 12332/15056 47 382 0.0 2025-12-10 15:22:27 366 SVC:SrmSvc 3124 NT AUTHORITY\NETWORK SERVICE 11212/12500 4194304/4194304 2884/4092 14 242 0.0 2025-12-10 15:24:29 364 SVC:MSDTC 3980 NT AUTHORITY\SYSTEM 10884/10936 54120/61800 2172/2612 18 241 0.0 2025-12-10 15:22:27 366 SVC:VeeamTransportSvc "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe" 6440 NT AUTHORITY\SYSTEM 17044/23280 4194304/4194304 7368/10964 14 246 0.0 7 SVC:msiserver 6488 NT AUTHORITY\SYSTEM 14860/15508 4194304/4194304 2996/3996 14 259 0.0 2025-12-10 15:22:30 366 SVC:StorSvc 7052 Unknown 13112/14028 4194304/4194304 4980/6280 10 209 0.0 2025-12-10 15:22:33 366 SVC:WdNisSvc 6252 NT AUTHORITY\SYSTEM 10064/10108 4194304/4194304 6176/6244 7 86 0.0 2025-12-10 15:22:33 366 conhost 6344 NT AUTHORITY\SYSTEM 62352/62428 4194304/4194304 51612/59724 26 409 0.0 2025-12-10 15:22:33 366 NableSixtyFourBitManager 6428 NT AUTHORITY\SYSTEM 10072/10116 4194304/4194304 6192/6260 7 86 0.0 2025-12-10 15:22:33 366 conhost 8380 NT AUTHORITY\SYSTEM 14704/16240 4194304/4194304 8092/12036 20 270 0.0 2025-12-10 15:24:30 364 SVC:UALSVC 8780 NT AUTHORITY\SYSTEM 11560/12508 4194304/4194304 3692/4528 13 249 0.0 2025-12-10 15:22:53 366 SVC:PcaSvc 8880 NT AUTHORITY\LOCAL SERVICE 51548/52352 4194304/4194304 41500/42432 34 613 0.0 2025-12-10 15:22:53 366 SVC:SolarWinds.MSP.CacheService 7156 NT AUTHORITY\SYSTEM 19976/49084 107860/129076 7024/29428 18 268 0.0 2025-12-10 15:22:34 366 BASupSysInf C:\PROGRA~2\BEANYW~1\GETSUP~1\BASupSysInf.exe -pldpipeid dgs7WDodgo3aCPFTaJncxhNBvhrx3XnkTUhhdGX5MkGyUbAjf0co8qx6khFA9Vdf 7684 NT AUTHORITY\SYSTEM 10212/10248 4194304/4194304 6188/6260 7 86 0.0 2025-12-10 21:19:43 9 conhost 8324 NT AUTHORITY\SYSTEM 72772/109052 291220/355156 47072/90452 66 610 0.0 2025-12-10 15:22:55 366 SVC:SolarWinds.MSP.RpcServerService "C:\Program Files (x86)\MspPlatform\RequestHandlerAgent\RequestHandlerAgent.exe" 4476 NT AUTHORITY\SYSTEM 13196/13196 4194304/4194304 6600/6604 10 148 0.0 2025-12-10 15:22:28 366 conhost 4684 NT AUTHORITY\SYSTEM 7740/16424 4194304/4194304 2492/4736 8 125 0.0 2025-12-10 15:22:28 366 AggregatorHost 4728 NT AUTHORITY\SYSTEM 10944/12420 4194304/4194304 3700/5104 9 135 0.0 2025-12-10 15:24:32 364 SVC:StateRepository 3992 NT AUTHORITY\SYSTEM 14804/14952 68760/75160 3176/3944 22 312 0.0 2025-12-10 15:22:27 366 SVC:VeeamDeploySvc "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160 4332 NT AUTHORITY\SYSTEM 10172/10212 4194304/4194304 6208/6264 8 86 0.0 2025-12-10 15:22:34 366 conhost 4372 NT AUTHORITY\LOCAL SERVICE 14036/24412 4194304/4194304 4868/15528 13 193 0.0 2025-12-10 19:27:53 121 WmiPrvSE 5248 NT AUTHORITY\SYSTEM 33164/33216 4194304/4194304 25792/25916 19 426 0.0 2025-12-10 15:22:57 366 SVC:PME.Agent.PmeService 5256 NT AUTHORITY\SYSTEM 6296/6332 4194304/4194304 1476/1752 8 126 0.0 2025-12-10 21:22:00 7 SVC:WdiSystemHost 5796 NT AUTHORITY\SYSTEM 45800/47640 4194304/4194304 37496/38808 23 688 0.0 2025-12-10 15:22:33 366 NableReactiveManagement 4772 NT AUTHORITY\SYSTEM 10748/10904 51416/59096 2032/2468 18 251 0.0 2025-12-10 15:22:28 366 Veeam.Guest.Interaction.Proxy "C:\Program Files (x86)\Veeam\Backup Transport\GuestInteraction\Veeam.Guest.Interaction.Proxy.exe" 5048 NT AUTHORITY\SYSTEM 268912/400080 4194304/4194304 249312/369744 51 795 0.0 2025-12-10 15:22:28 366 BackupFP 5228 NT AUTHORITY\SYSTEM 10020/10080 4194304/4194304 6188/6276 7 86 0.0 2025-12-10 15:22:28 366 conhost 1016 NT AUTHORITY\SYSTEM 9568/9620 4194304/4194304 2500/2732 12 296 0.0 2025-12-10 15:22:26 366 SVC:LSM 1036 NT AUTHORITY\SYSTEM 8592/8752 4194304/4194304 1812/2316 11 192 0.0 2025-12-10 15:22:26 366 SVC:NcbService 1048 NT AUTHORITY\LOCAL SERVICE 6288/6404 4194304/4194304 1280/1692 8 140 0.0 2025-12-10 15:22:26 366 SVC:TimeBrokerSvc 896 Font Driver Host\UMFD-0 3576/3612 4194304/4194304 1328/1412 6 39 0.0 2025-12-10 15:22:26 366 fontdrvhost 904 Font Driver Host\UMFD-1 3432/3472 4194304/4194304 1260/1344 6 39 0.0 2025-12-10 15:22:26 366 fontdrvhost 992 NT AUTHORITY\LOCAL SERVICE 8672/8736 4194304/4194304 1768/2136 13 228 0.0 2025-12-10 15:22:26 366 SVC:W32Time 1272 Window Manager\DWM-1 44960/50604 4194304/4194304 22488/33276 27 626 0.0 2025-12-10 15:22:26 366 dwm 1384 NT AUTHORITY\LOCAL SERVICE 19540/23884 4194304/4194304 9604/14040 33 421 0.0 2025-12-10 15:22:26 366 SVC:BFE/mpssvc 1452 NT AUTHORITY\SYSTEM 39296/39432 197860/206820 25048/25368 33 596 0.0 2025-12-10 15:22:27 366 SVC:ScreenConnect Client (69e7721040ec1250) "C:\Program Files (x86)\ScreenConnect Client (69e7721040ec1250)\ScreenConnect.ClientService.exe" "?e=Access&y=Guest&h=sc.viatek.com.au&p=8041&s=81f1fb2d-e971-4151-9233-026a4e5aab3f&k=BgIAAACkAABSU0ExAAgAAAEAAQCpFbFNTaYP9amF8McjmZ%2bQ8kLvvhOdthUPFJ78pr76tgUjzgIRnjzFiPwsqi3KH%2bAEGdBbu140Eu8gE8DXpk8y0v9cshavNO51TVuWILGYq54M%2bBpwafW1VRm7r8nJ%2fbpM58Hbc%2fArVsmsigBtGQ03Sse8wIfZ8ZkcfpiApbfZ94oT2gRUGDhLOh%2bbMDJXXzL%2bkCr5oO14ZoU9GzOu1GIPVuArDftfmD9D5O53gdE9njSXgqArzh%2bu06zB9Elvwke8PCvQTLHUpLHkYIOkCt1xNBIihW7ixPWPxb%2f0ZxzZ3sepeYefPryGzmthvqVHmX%2bOysNHAeTxvjOLuUYoCtKt&v=AQAAANCMnd8BFdERjHoAwE%2fCl%2bsBAAAALGJBS5pIdke3EzdSnWrobAAAAAACAAAAAAAQZgAAAAEAACAAAAB7kvEKnYW8uqUU%2fjSEpvV9HnnX9HqO%2fVbMDPZKo08AlAAAAAAOgAAAAAIAACAAAAACVNoR2QgbMpsEqXLIQ0GFhvqbkTLxbaow2RVrUSYoiqAEAADVYrkpnxJhBn%2bNjU%2freLqtP25RBcML1geBWFf9U2yr1vICIQn4iqQcTYcrWlLC2YUvJ98TvMu%2be40xwmZWGI0O9WZgdVjzC31EBrXka0F0UcXnG6KwDBMgTy2pABmanplouzpilrFxb4NoAM8RZFXE4NZL8jQszoOdyENLZnWMAx4ap8IoenNovusq2vK8Pdge5zHrtcEAHNOUx3UqWiZ8ZWoV4EW%2bqmGcnmBRTJXijFflRugBWs1t%2f9pp%2felDh%2fNCsqZuRRwp6mASD93D8h4MtZtEcSE2usqbpb8k5lwxxAzr5rNZswpp4lz1mWruFyjWDf99tbK%2bN80fP2r2W67%2bCGWAoOafafHSxKzFWCqVaDitLyuvRH%2b1UUDOs%2bbGeCvCKBkPnTlBxoQg9Z%2fDiEjUAxWP4ETJx%2bbS5Pv54TLOAawgArwzAG03%2bMe7rNcyLHGORxR6zAMZ9CXMSh6JlbfPLXKZKPcW7tqxbpBIrtd5EnrFsDteXpFkVfEyhTbnWGWilLXzhikInqjBgUmK5OniZIUiFVtHSvNor%2bimXlIzpQBdjEff7Z8FNRViDsvidNINIxg48NcxhUMtbnX%2f7oiTKbp4334rXM7xA2WrgdwBUYUT91%2bhvc0JZv5U0lyV2b%2b3FAqMp8Fclx6R0vxTcbc1ChIiA3JgS22miGvF1Y3PFQ4c1afPhuGXcbK7ubsvWFTUsj4gSj0h%2b%2fSn52SUl8K5llc5fa8%2bmdDkNgEQcHgNs50FyVhhX05zvN9t0%2fu8x6mS3md1wjGMJEWfPVT5zzjaIFPso4v4YkiCtYxLSvCbvK4F%2fDTiPdyr0KuA82LEw6nQAs4qDGY8EJr47GvOc7bBtuzbYWq%2f44yQl8R5ry6T0OUuZnhtSZxqemqUlPOxNXZWaL1UjJVFUImUn8WM0f%2fQBQ2mKHLWRf0PVujzS%2bZiaSqeOh06Cs2LiTVbqSk8Q4qgN4v0sz0FNbfrQW8mbUCaKL%2bl94aJZPkSGtQWa%2f%2fdmz9o3S7fzhDAMfumxIBLP08BVg0H1oK%2fstjGzL04yBragx0QqpxSZROQVw27cGwAHdbpeFbv5cKf9H0hjYyJka2nyN%2bDNRFirzYnOe0%2bqzrrG9kA140UxQ%2bWM7hueZ5Nzhstptnxi0u3yBbn3GuAvF0YMITPwtbDbSRCO5H%2bb7UNC1WQLZDulfC5mnvDzsdN%2bM9s6G9mWcbebMhBC3q39s5zodA35JEHPW%2fxkruJXA9EbZjfiD7a%2bbkJA7uekYDSG2nmjyMvBcEE8MrGHT31O9074zFyB1TYQG9Pb8%2fS0pLy%2bWOK7uq%2fkRaK7mo3HNDxaZgzpJrWk5FvFZ6%2fmJXzSDkEqoiPB2FQKKu2%2fyStsx1MTfnOh7uC8uaqM08uNmM67sGvsfjSSMsNfFU4KQVUKSk%2fDENRhyMImBvSyFSVGmAO5sHuVCstKkOeV2LUCzmp%2b8m0wettXEMhcYu0U%2b9ZlzMKtpwX5lmdzD4moLleZCTmGjO2H8KKpEyqukPS1GQr3%2bLyNGaOHRN89ju2F2tYOt0ouC5eXzAGO%2feNx705eLEAMcMdoqbGpyXhiF0HoDw6IkAAAADanZNH4yCid%2b46xk3uOFQ6pWk%2b0okknzTyEeeAxSgjKVz%2fndDTJexk04K8kyjh7H2s2%2bRFgMYiEW8Wl61smHxO&c=Inorail%20Pty%20Ltd&c=INX%20-%20Servers&c=&c=&c=&c=&c=&c=" 1128 NT AUTHORITY\SYSTEM 8944/9008 4194304/4194304 1964/2320 12 184 0.0 2025-12-10 15:22:26 366 SVC:ShellHWDetection 1144 NT AUTHORITY\LOCAL SERVICE 8108/8352 4194304/4194304 2148/2580 11 233 0.0 2025-12-10 15:22:26 366 SVC:Dhcp 1192 NT AUTHORITY\SYSTEM 48932/55708 4194304/4194304 11652/23588 26 456 0.0 2025-12-10 15:22:26 366 LogonUI 860 NT AUTHORITY\SYSTEM 14660/14752 4194304/4194304 5468/5664 15 826 0.0 2025-12-10 15:22:26 366 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker 444 NT AUTHORITY\LOCAL SERVICE 8148/8228 4194304/4194304 3628/3928 18 136 0.0 2025-12-10 15:22:26 366 SVC:nsi 484 Unknown 6652/6780 4194304/4194304 2124/2336 24 678 0.0 2025-12-10 15:22:25 366 csrss 528 NT AUTHORITY\NETWORK SERVICE 13324/13364 4194304/4194304 4672/4832 20 542 0.0 2025-12-10 15:22:26 366 SVC:TermService 0 8/8 8/8 60/60 0 0 0.0 0 Idle 124 Unknown 19416/162760 83532/166604 2456/100960 12 0 0.0 2025-12-10 15:22:20 366 Registry 380 Unknown 1300/1324 4194304/4194304 1100/1164 3 57 0.0 2025-12-10 15:22:22 366 smss 760 NT AUTHORITY\LOCAL SERVICE 5688/5716 4194304/4194304 1260/1440 8 119 0.0 2025-12-10 15:22:26 366 SVC:lmhosts 804 NT AUTHORITY\LOCAL SERVICE 11920/11968 4194304/4194304 2228/2724 12 211 0.0 2025-12-10 15:24:29 364 SVC:CDPSvc 832 NT AUTHORITY\SYSTEM 32460/32876 160964/172828 19448/20860 25 452 0.0 2025-12-10 15:24:31 364 SVC:Windows Agent Maintenance Service "C:\Program Files (x86)\N-able Technologies\Windows Agent\bin\AgentMaint.exe" 572 Unknown 7248/7368 4194304/4194304 1368/1904 11 156 0.0 2025-12-10 15:22:25 366 wininit 580 Unknown 5960/11212 4194304/4194304 1752/2016 11 169 0.0 2025-12-10 15:22:25 366 csrss 644 NT AUTHORITY\SYSTEM 10092/15232 4194304/4194304 2512/6408 12 212 0.0 2025-12-10 15:22:25 366 winlogon 1484 NT AUTHORITY\NETWORK SERVICE 13720/14156 4194304/4194304 4276/5540 18 402 0.0 2025-12-10 15:22:26 366 SVC:NlaSvc 2416 NT AUTHORITY\SYSTEM 7852/7936 4194304/4194304 1536/1852 9 145 0.0 2025-12-10 15:22:26 366 SVC:UserManager 2532 NT AUTHORITY\SYSTEM 10772/11044 4194304/4194304 2656/3468 16 363 0.0 2025-12-10 15:22:27 366 SVC:iphlpsvc 2580 NT AUTHORITY\NETWORK SERVICE 7864/8996 4194304/4194304 1864/2964 13 173 0.0 2025-12-10 15:22:27 366 SVC:PolicyAgent 2124 NT AUTHORITY\LOCAL SERVICE 7928/8052 4194304/4194304 1836/2400 10 181 0.0 2025-12-10 15:22:26 366 SVC:WinHttpAutoProxySvc 2132 NT AUTHORITY\SYSTEM 10232/10268 4194304/4194304 2260/2472 16 246 0.0 2025-12-10 15:22:26 366 SVC:SessionEnv 2360 NT AUTHORITY\LOCAL SERVICE 7324/7424 4194304/4194304 1328/1668 8 124 0.0 2025-12-10 15:22:26 366 SVC:DispBrokerDesktopSvc 2728 NT AUTHORITY\SYSTEM 10408/10488 4194304/4194304 2172/2364 11 196 0.0 2025-12-10 15:22:27 366 SVC:Backup Service Controller 2788 NT AUTHORITY\NETWORK SERVICE 19740/78608 4194304/4194304 8960/68288 31 322 0.0 2025-12-10 15:22:27 366 SVC:CryptSvc 2824 NT AUTHORITY\NETWORK SERVICE 54660/55764 4194304/4194304 149792/150940 52 484 0.0 2025-12-10 15:22:27 366 SVC:DHCPServer 2588 NT AUTHORITY\SYSTEM 8608/8692 4194304/4194304 2592/2904 14 278 0.0 2025-12-10 15:22:27 366 SVC:IKEEXT 2604 NT AUTHORITY\SYSTEM 28200/29076 4194304/4194304 10460/11828 38 632 0.0 2025-12-10 15:22:27 366 SVC:Spooler 2716 NT AUTHORITY\SYSTEM 106544/108596 336936/397912 78732/103100 74 1152 0.0 2025-12-10 15:22:27 366 SVC:AutomationManagerAgent "C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\AutomationManager.AgentService.exe" 2036 NT AUTHORITY\NETWORK SERVICE 10656/10704 4194304/4194304 2304/2564 14 244 0.0 2025-12-10 15:22:26 366 SVC:LanmanWorkstation 1608 NT AUTHORITY\SYSTEM 6052/6096 4194304/4194304 1216/1420 8 121 0.0 2025-12-10 15:22:26 366 SVC:Themes 1616 NT AUTHORITY\LOCAL SERVICE 8312/8460 4194304/4194304 1984/2388 10 170 0.0 2025-12-10 15:22:26 366 SVC:EventSystem 1624 NT AUTHORITY\LOCAL SERVICE 7316/8468 4194304/4194304 1620/2056 10 142 0.0 2025-12-10 15:22:26 366 SVC:FontCache 1556 NT AUTHORITY\SYSTEM 13212/13308 4194304/4194304 2692/2960 16 262 0.0 2025-12-10 15:22:26 366 SVC:gpsvc 1572 NT AUTHORITY\SYSTEM 6928/6944 4194304/4194304 1348/1508 9 138 0.0 2025-12-10 15:22:26 366 SVC:UmRdpService 1600 NT AUTHORITY\SYSTEM 6900/6932 4194304/4194304 1408/1668 8 126 0.0 2025-12-10 15:22:26 366 SVC:ProfSvc 1860 NT AUTHORITY\SYSTEM 9440/9580 4194304/4194304 2016/2316 14 212 0.0 2025-12-10 15:22:26 366 SVC:SENS 1872 NT AUTHORITY\SYSTEM 6532/6568 4194304/4194304 1324/1476 8 145 0.0 2025-12-10 15:22:26 366 SVC:CertPropSvc 2000 NT AUTHORITY\LOCAL SERVICE 9204/9524 4194304/4194304 2024/3296 13 289 0.0 2025-12-10 15:22:26 366 SVC:Wcmsvc 1796 NT AUTHORITY\LOCAL SERVICE 11028/11668 4194304/4194304 2764/4236 13 430 0.0 2025-12-10 15:22:26 366 SVC:netprofm 1820 NT AUTHORITY\LOCAL SERVICE 6252/6284 4194304/4194304 1264/1408 8 126 0.0 2025-12-10 15:22:26 366 SVC:CoreMessagingRegistrar 1840 NT AUTHORITY\SYSTEM 15368/15620 4194304/4194304 4852/5456 18 365 0.0 2025-12-10 15:22:26 366 SVC:Schedule [netstat] PacketsReceived=2691638 ReceivedHeaderErrors=0 ReceivedAddressErrors=18330 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=503 ReceivedPacketsDelivered=2676863 OutputRequests=8075821 RoutingDiscards=0 DiscardedOutputPackets=255 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=9727 ReceivedHeaderErrors=0 ReceivedAddressErrors=0 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=353 ReceivedPacketsDelivered=9377 OutputRequests=168 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=36148 tcpPassiveOpens=3171 tcpFailedConnectionAttempts=284 tcpResetConnections=1693 tcpCurrentConnections=43 tcpSegmentsReceived=2686483 tcpSegmentsSent=7940513 tcpSegmentsRetransmitted=181797 tcpActiveOpens=29 tcpPassiveOpens=29 tcpFailedConnectionAttempts=0 tcpResetConnections=6 tcpCurrentConnections=0 tcpSegmentsReceived=3387 tcpSegmentsSent=3244 tcpSegmentsRetransmitted=0 udpDatagramsReceived=41489 udpNoPorts=469 udpReceiveErrors=0 udpDatagramsSent=6022 udpDatagramsReceived=8672 udpNoPorts=353 udpReceiveErrors=0 udpDatagramsSent=10 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5000 0.0.0.0:0 LISTENING TCP 0.0.0.0:5948 0.0.0.0:0 LISTENING TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING TCP 0.0.0.0:6160 0.0.0.0:0 LISTENING TCP 0.0.0.0:6162 0.0.0.0:0 LISTENING TCP 0.0.0.0:6183 0.0.0.0:0 LISTENING TCP 0.0.0.0:6184 0.0.0.0:0 LISTENING TCP 0.0.0.0:6190 0.0.0.0:0 LISTENING TCP 0.0.0.0:6290 0.0.0.0:0 LISTENING TCP 0.0.0.0:11731 0.0.0.0:0 LISTENING TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING TCP 0.0.0.0:49709 0.0.0.0:0 LISTENING TCP 0.0.0.0:49781 0.0.0.0:0 LISTENING TCP 10.2.63.46:135 10.2.62.108:56728 ESTABLISHED TCP 10.2.63.46:139 0.0.0.0:0 LISTENING TCP 10.2.63.46:445 10.2.62.10:60212 ESTABLISHED TCP 10.2.63.46:445 10.2.62.64:52714 ESTABLISHED TCP 10.2.63.46:445 10.2.62.66:59391 ESTABLISHED TCP 10.2.63.46:445 10.2.62.77:52869 ESTABLISHED TCP 10.2.63.46:445 10.2.62.84:64172 ESTABLISHED TCP 10.2.63.46:445 10.2.62.85:49813 ESTABLISHED TCP 10.2.63.46:445 10.2.62.99:61116 ESTABLISHED TCP 10.2.63.46:445 10.2.62.100:54159 ESTABLISHED TCP 10.2.63.46:445 10.2.62.108:55837 ESTABLISHED TCP 10.2.63.46:647 0.0.0.0:0 LISTENING TCP 10.2.63.46:647 10.2.63.21:57141 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.10:58363 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.64:53782 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.66:59399 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.77:49216 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.85:65258 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.99:63160 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.100:61868 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.108:56729 ESTABLISHED TCP 10.2.63.46:49670 10.2.62.108:62714 ESTABLISHED TCP 10.2.63.46:49670 10.2.63.21:57863 ESTABLISHED TCP 10.2.63.46:49839 206.148.0.34:443 ESTABLISHED TCP 10.2.63.46:49842 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:49916 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:49919 206.148.0.125:443 ESTABLISHED TCP 10.2.63.46:50012 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:50101 8.38.48.118:443 ESTABLISHED TCP 10.2.63.46:51295 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51296 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:51297 10.2.63.48:445 ESTABLISHED TCP 10.2.63.46:52783 66.129.107.58:4437 ESTABLISHED TCP 10.2.63.46:53464 10.2.63.47:389 ESTABLISHED TCP 10.2.63.46:53512 103.36.248.58:443 ESTABLISHED TCP 10.2.63.46:53569 10.2.63.47:135 TIME_WAIT TCP 10.2.63.46:53570 10.2.63.47:49690 TIME_WAIT TCP 10.2.63.46:53573 125.253.56.44:443 ESTABLISHED TCP 127.0.0.1:3389 127.0.0.1:53572 CLOSE_WAIT TCP 127.0.0.1:6290 127.0.0.1:49695 ESTABLISHED TCP 127.0.0.1:9395 0.0.0.0:0 LISTENING TCP 127.0.0.1:42000 0.0.0.0:0 LISTENING TCP 127.0.0.1:49695 127.0.0.1:6290 ESTABLISHED TCP 127.0.0.1:49742 127.0.0.1:49743 ESTABLISHED TCP 127.0.0.1:49743 127.0.0.1:49742 ESTABLISHED TCP 127.0.0.1:49758 127.0.0.1:49759 ESTABLISHED TCP 127.0.0.1:49759 127.0.0.1:49758 ESTABLISHED TCP 127.0.0.1:49763 0.0.0.0:0 LISTENING TCP 127.0.0.1:50093 127.0.0.1:51821 ESTABLISHED TCP 127.0.0.1:51821 0.0.0.0:0 LISTENING TCP 127.0.0.1:51821 127.0.0.1:50093 ESTABLISHED TCP 127.0.0.1:53552 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:53562 127.0.0.1:3389 TIME_WAIT TCP 127.0.0.1:53564 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:53566 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:53567 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:53571 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:53572 127.0.0.1:3389 FIN_WAIT_2 TCP 127.0.0.1:53574 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:53576 127.0.0.1:49763 TIME_WAIT TCP 127.0.0.1:53577 127.0.0.1:49763 TIME_WAIT TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:5985 [::]:0 LISTENING TCP [::]:6160 [::]:0 LISTENING TCP [::]:6162 [::]:0 LISTENING TCP [::]:6183 [::]:0 LISTENING TCP [::]:6184 [::]:0 LISTENING TCP [::]:6190 [::]:0 LISTENING TCP [::]:6290 [::]:0 LISTENING TCP [::]:11731 [::]:0 LISTENING TCP [::]:47001 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49669 [::]:0 LISTENING TCP [::]:49670 [::]:0 LISTENING TCP [::]:49672 [::]:0 LISTENING TCP [::]:49709 [::]:0 LISTENING TCP [::]:49781 [::]:0 LISTENING TCP [::1]:9395 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:500 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:4500 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:42000 *:* UDP 0.0.0.0:43212 *:* UDP 0.0.0.0:54990 *:* UDP 0.0.0.0:57296 *:* UDP 0.0.0.0:59052 *:* UDP 0.0.0.0:59053 *:* UDP 0.0.0.0:60236 *:* UDP 0.0.0.0:61234 *:* UDP 0.0.0.0:62074 *:* UDP 0.0.0.0:63032 *:* UDP 0.0.0.0:63034 *:* UDP 10.2.63.46:67 *:* UDP 10.2.63.46:68 *:* UDP 10.2.63.46:137 *:* UDP 10.2.63.46:138 *:* UDP 10.2.63.46:2535 *:* UDP 127.0.0.1:51979 127.0.0.1:51979 UDP 127.0.0.1:52610 127.0.0.1:52610 UDP 127.0.0.1:56482 127.0.0.1:56482 UDP 127.0.0.1:57689 127.0.0.1:57689 UDP 127.0.0.1:58960 127.0.0.1:58960 UDP 127.0.0.1:59435 127.0.0.1:59435 UDP 127.0.0.1:59437 127.0.0.1:59437 UDP 127.0.0.1:59439 127.0.0.1:59439 UDP 127.0.0.1:60839 127.0.0.1:60839 UDP 127.0.0.1:63055 127.0.0.1:63055 UDP [::]:123 *:* UDP [::]:500 *:* UDP [::]:3389 *:* UDP [::]:4500 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:54990 *:* UDP [::]:57296 *:* UDP [::]:59053 *:* UDP [::]:60236 *:* UDP [::]:61234 *:* UDP [::]:62074 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : INO-RUT-FP01 Primary Dns Suffix . . . . . . . : inside.inoxihp.com.au Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : inside.inoxihp.com.au Ethernet adapter Ethernet Instance 0: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Intel(R) 82574L Gigabit Network Connection Physical Address. . . . . . . . . : 52-54-00-7C-8E-B1 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::6c3a:be9b:60bb:3502%9(Preferred) IPv4 Address. . . . . . . . . . . : 10.2.63.46(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 10.2.63.1 DHCPv6 IAID . . . . . . . . . . . : 106058752 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-91-E4-AF-52-54-00-7C-8E-B1 DNS Servers . . . . . . . . . . . : 10.2.63.45 10.2.63.47 10.2.63.21 10.2.63.22 NetBIOS over Tcpip. . . . . . . . : Enabled [route] =========================================================================== Interface List 9...52 54 00 7c 8e b1 ......Intel(R) 82574L Gigabit Network Connection 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 10.2.63.1 10.2.63.46 281 10.2.63.0 255.255.255.0 On-link 10.2.63.46 281 10.2.63.46 255.255.255.255 On-link 10.2.63.46 281 10.2.63.255 255.255.255.255 On-link 10.2.63.46 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 10.2.63.46 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 10.2.63.46 281 =========================================================================== Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 10.2.63.1 Default =========================================================================== IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 9 281 fe80::/64 On-link 9 281 fe80::6c3a:be9b:60bb:3502/128 On-link 1 331 ff00::/8 On-link 9 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 10.2.63.46 1040038040 11341771024 [svcs] Name StartupType Status DisplayName AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual started AppX Deployment Service (AppXSVC) AudioEndpointBuilder manual stopped Windows Audio Endpoint Builder Audiosrv manual stopped Windows Audio AutomationManagerAgent automatic started Automation Manager Agent AxInstSV disabled stopped ActiveX Installer (AxInstSV) Backup_Service_Controller automatic started Backup Service Controller BASupportExpressSrvcUpdater_N_Central automatic started N-able Take Control Updater Service (N-Central) BASupportExpressStandaloneService_N_Central automatic started N-able Take Control Service (N-Central) BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service bthserv manual stopped Bluetooth Support Service camsvc manual stopped Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging CryptSvc automatic started Cryptographic Services CscService disabled stopped Offline Files DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService manual stopped Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual stopped DevQuery Background Discovery Broker Dhcp automatic started DHCP Client DHCPServer automatic started DHCP Server diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service DiagTrack automatic started Connected User Experiences and Telemetry DispBrokerDesktopSvc automatic started Display Policy Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice disabled stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc manual stopped Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual stopped Data Sharing Service EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService144.0.7547.0 automatic stopped Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) GoogleUpdaterService144.0.7547.0 automatic stopped Google Updater Service (GoogleUpdaterService144.0.7547.0) gpsvc automatic started Group Policy Client GraphicsPerfSvc disabled stopped GraphicsPerfSvc HelpDeskService automatic started HelpDeskService hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service IDriveService automatic started IDriveService IKEEXT automatic started IKE and AuthIP IPsec Keying Modules InstallService manual stopped Microsoft Store Install Service iphlpsvc automatic started IP Helper KeyIso manual started CNG Key Isolation KPSSVC manual stopped KDC Proxy Server service (KPS) KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc disabled stopped Geolocation Service LicenseManager manual stopped Windows License Manager Service lltdsvc disabled stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LSM automatic started Local Session Manager LTService automatic started Viatek Technology Monitoring Service LTSvcMon automatic started Viatek Technology Monitoring Service Watchdog Service MapsBroker disabled stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) mpssvc automatic started Windows Defender Firewall MSDTC automatic started Distributed Transaction Coordinator MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual started Windows Installer NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual stopped Microsoft Passport Container NgcSvc manual stopped Microsoft Passport NlaSvc automatic started Network Location Awareness nsi automatic started Network Store Interface Service PcaSvc automatic started Program Compatibility Assistant Service PerfHost manual stopped Performance Counter DLL Host pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PME.Agent.PmeService automatic started PME Agent PolicyAgent manual started IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall disabled stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan automatic started Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry automatic stopped Remote Registry RmSvc disabled stopped Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) RSoPProv manual stopped Resultant Set of Policy Provider sacsvr manual stopped Special Administration Console Helper SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum disabled stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy ScreenConnect_Client_(69e7721040ec1250) automatic started ScreenConnect Client (69e7721040ec1250) seclogon manual stopped Secondary Logon SecurityHealthService manual stopped Windows Security Service SEMgrSvc disabled stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService disabled stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess disabled stopped Internet Connection Sharing (ICS) ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SNMPTRAP manual stopped SNMP Trap SolarWinds.MSP.CacheService automatic started File Cache Service Agent SolarWinds.MSP.RpcServerService automatic started Request Handler Agent Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SrmReports manual stopped File Server Storage Reports Manager SrmSvc automatic started File Server Resource Manager SSDPSRV disabled stopped SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual started Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual stopped Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv automatic stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TabletInputService manual stopped Touch Keyboard and Handwriting Panel Service tapisrv manual stopped Telephony TermService manual started Remote Desktop Services Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual stopped Web Account Manager TrkWks automatic started Distributed Link Tracking Client TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UALSVC automatic started User Access Logging Service UevAgentService disabled stopped User Experience Virtualization Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost disabled stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VaultSvc manual stopped Credential Manager vds manual stopped Virtual Disk VeeamDeploySvc automatic started Veeam Installer Service VeeamEndpointBackupSvc automatic started Veeam Agent for Microsoft Windows VeeamTransportSvc automatic started Veeam Data Mover Service vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS automatic stopped Volume Shadow Copy W32Time automatic started Windows Time WaaSMedicSvc manual stopped Windows Update Medic Service WalletService disabled stopped WalletService WarpJITSvc manual stopped Warp JIT Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual started Diagnostic System Host WdNisSvc manual started Microsoft Defender Antivirus Network Inspection Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WiaRpc manual stopped Still Image Acquisition Events WinDefend automatic started Microsoft Defender Antivirus Service Windows_Agent_Maintenance_Service automatic started Windows Agent Maintenance Service Windows_Agent_Service automatic started Windows Agent Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM automatic started Windows Remote Management (WS-Management) wisvc disabled stopped Windows Insider Service wlidsvc manual stopped Microsoft Account Sign-in Assistant wmiApSrv manual stopped WMI Performance Adapter WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WSearch automatic started Windows Search wuauserv automatic stopped Windows Update XymonPSClient automatic started XymonPSClient [uptime] sec: 21973 0 days 6 hours 6 minutes 13 seconds Bootup: 20251210152220.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn 31c5ce94259d4... 65536 Listen rdp-tcp 65537 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [XymonConfig] XymonSettings serversList : xymon.twilightcomputer.au serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : ino-rut-fp01 clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : xymon.twilightcomputer.au clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname ino-rut-fp01 [XymonPSClientInfo] Collection number: 75 Last transmission method: TCP Id : 4448 Handles : 558 CPU : 154.21875 SI : 0 Name : powershell