[collector:] client tcs-dt-workshop.powershell powershell XymonPS [date] Wed 10 Dec 21:40:35 2025 [clock] epoch: 1765363236 local: Wed 10 Dec 21:40:35 2025 UTC: Wed 10 Dec 10:40:35 2025 Time Synchronisation type: NT5DS Leap Indicator: 0(no warning) Stratum: 2 (secondary reference - syncd by (S)NTP) Precision: -23 (119.209ns per tick) Root Delay: 0.0036985s Root Dispersion: 10.7842933s ReferenceId: 0xC0A80505 (source IP: 192.168.5.5) Last Successful Sync Time: 10/12/2025 9:25:30 PM Source: DC01.twilight.inside Poll Interval: 10 (1024s) [clientversion] 2.42 [uname] Microsoft Windows 11 Pro (build 22631) [cpu] up: 24 days, 0 users, 120 procs, load=0.36% CPU states: total 0.36% cores: 4 CPU PID Image Name Pri Time MemUsage 0.1% 16148 SVC:Mesh Agent 8 00:42:04 2249228k 0.1% 5384 powershell 8 01:01:34 137884k 0.1% 2944 SVC:SysMain 8 00:27:13 10156k 0.0% 672 SVC:EventLog 8 00:50:22 19296k 0.0% 4 System 8 00:44:59 9292k 0.0% 2764 SVC:WRSVC 8 01:01:48 21144k 0.0% 10496 WmiPrvSE 8 00:00:31 21864k 0.0% 4200 SVC:Winmgmt 8 00:33:43 24256k 0.0% 852 SVC:RpcEptMapper/RpcSs 8 00:09:00 21340k 0.0% 1588 SVC:Dnscache 8 00:14:54 27928k 0.0% 4512 WmiPrvSE 8 00:00:10 41584k 0.0% 3948 SVC:HCLAUTService 8 00:00:00 10724k 0.0% 3968 SVC:igccservice 8 00:00:00 41768k 0.0% 3992 SVC:LanmanServer 8 00:00:09 10936k 0.0% 13064 WmiPrvSE 8 00:00:00 11988k 0.0% 3876 SVC:CxUtilSvc 8 00:00:00 8152k 0.0% 3896 SVC:DispBrokerDesktopSvc 8 00:00:00 7420k 0.0% 4008 SVC:jhi_service 8 00:00:00 6908k 0.0% 4192 SVC:LNSUSvc 8 00:00:00 8220k 0.0% 8856 SVC:wlidsvc 8 00:00:00 21760k 0.0% 4208 SVC:wgsslvpnsrc 8 00:00:00 7272k 0.0% 4132 SVC:ONLYOFFICE Update Service 8 00:00:00 6784k 0.0% 4168 AggregatorHost 8 00:00:01 10396k 0.0% 4184 SVC:TrkWks 8 00:00:00 5944k 0.0% 3548 SVC:seclogon 8 00:00:02 6548k 0.0% 3560 SVC:Spooler 8 00:00:01 19732k 0.0% 3676 SVC:CoreMessagingRegistrar 8 00:00:02 6656k 0.0% 3460 SVC:DusmSvc 8 00:00:00 7056k 0.0% 3468 SVC:Wcmsvc 8 00:00:00 10932k 0.0% 3524 SVC:ShellHWDetection 8 00:00:00 10284k 0.0% 3688 SVC:CryptSvc 8 00:01:10 22128k 0.0% 3728 SVC:CxAudioSvc 8 00:00:00 22672k 0.0% 3816 SVC:DiagTrack 8 00:01:00 57332k 0.0% 3856 SVC:DPS 8 00:00:53 32988k 0.0% 3696 SVC:Bonjour Service 8 00:00:01 7500k 0.0% 3708 SVC:AdobeARMservice 8 00:00:00 7124k 0.0% 0 Idle 0 8k 0.0% 7700 SVC:StorSvc 8 00:00:02 13592k 0.0% 5408 conhost 8 00:00:49 14168k 0.0% 6172 SVC:wscsvc 8 00:00:00 12244k 0.0% 5192 SVC:WRCoreService 8 00:00:44 12688k 0.0% 5224 SVC:UsoSvc 8 00:00:03 18064k 0.0% 5244 SVC:DoSvc 8 01:11:09 29632k 0.0% 6192 WRSkyCommandsClient 8 00:00:07 54716k 0.0% 6804 WRYES.x64 8 00:24:10 24668k 0.0% 7364 SVC:webthreatdefsvc 8 00:00:08 18856k 0.0% 7180 SVC:LicenseManager 8 00:00:00 11324k 0.0% 6212 conhost 8 00:00:04 15624k 0.0% 6392 SVC:NgcCtnrSvc 8 00:00:00 15272k 0.0% 6704 WREDRS.x64 8 00:01:15 11696k 0.0% 4412 SVC:XTU3SERVICE 8 00:00:01 67036k 0.0% 4436 SVC:XymonPSClient 8 00:00:00 6332k 0.0% 7712 SVC:WRWTSSvc 8 00:00:02 14196k 0.0% 4260 SVC:SDScannerService 8 00:02:46 39488k 0.0% 4292 SVC:WpnService 8 00:00:05 19924k 0.0% 4404 SVC:PcaSvc 8 00:00:06 13268k 0.0% 4448 SVC:SDUpdateService 8 00:01:08 22132k 0.0% 4740 SVC:InstallService 8 00:00:27 34392k 0.0% 4808 SVC:WRSkyClient 8 00:02:28 32236k 0.0% 4960 SVC:RmSvc 8 00:00:00 9264k 0.0% 4456 SVC:WSearch 8 00:00:33 28044k 0.0% 4496 SVC:WMIRegistrationService 8 00:00:00 15468k 0.0% 7704 SVC:TokenBroker 8 00:00:01 10860k 0.0% 3432 SVC:TextInputManagementService 8 00:00:00 6460k 0.0% 1348 SVC:nsi 8 00:00:02 8632k 0.0% 1356 SVC:BthAvctpSvc 8 00:00:00 16944k 0.0% 1364 SVC:BTAGService 8 00:00:00 10716k 0.0% 1316 SVC:NcbService 8 00:00:00 9552k 0.0% 1172 dwm 13 00:00:13 50092k 0.0% 1200 SVC:cphs 8 00:00:00 7884k 0.0% 1220 SVC:TermService 8 00:00:14 13624k 0.0% 1536 SVC:Dhcp 8 00:01:25 9416k 0.0% 1580 SVC:Schedule 8 00:00:13 17616k 0.0% 1628 SVC:ProfSvc 8 00:00:00 7476k 0.0% 1400 SVC:TimeBrokerSvc 8 00:00:00 6684k 0.0% 1376 SVC:W32Time 8 00:00:00 8748k 0.0% 1384 SVC:bthserv 8 00:00:00 14524k 0.0% 1392 SVC:lmhosts 8 00:00:00 6884k 0.0% 628 fontdrvhost 8 00:00:00 4524k 0.0% 684 csrss 13 00:01:05 6240k 0.0% 696 SVC:camsvc 8 00:00:01 14328k 0.0% 616 fontdrvhost 8 00:00:00 4160k 0.0% 112 Registry 8 00:00:05 28844k 0.0% 508 smss 11 00:00:00 1296k 0.0% 576 SVC:BrokerInfrastructure/DcomL 8 00:00:14 20144k 0.0% 940 SVC:KeyIso/Netlogon/SamSs/Vaul 9 00:07:51 25996k 0.0% 1068 SVC:LSM 8 00:00:43 11100k 0.0% 1148 LogonUI 13 00:00:06 73820k 0.0% 920 services 9 00:10:04 14688k 0.0% 776 wininit 13 00:00:00 7712k 0.0% 784 csrss 13 00:00:11 5560k 0.0% 876 winlogon 13 00:00:00 10792k 0.0% 2924 SVC:DsSvc 8 00:00:00 11224k 0.0% 2980 dasHost 8 00:00:00 5724k 0.0% 3068 SVC:SSDPSRV 8 00:00:45 8328k 0.0% 2824 SVC:iphlpsvc 8 00:00:00 11636k 0.0% 2704 dasHost 8 00:00:04 18176k 0.0% 2744 SVC:StateRepository 8 00:01:52 17828k 0.0% 2792 SVC:WinHttpAutoProxySvc 8 00:00:14 7936k 0.0% 3140 Memory Compression 8 00:00:01 72436k 0.0% 3348 SVC:StiSvc 8 00:00:00 11556k 0.0% 3400 SVC:Audiosrv 8 00:00:01 17724k 0.0% 3120 SVC:FontCache 8 00:00:00 8624k 0.0% 3076 SVC:Themes 8 00:00:00 5992k 0.0% 3092 SVC:CDPSvc 8 00:00:00 19168k 0.0% 3112 SVC:AudioEndpointBuilder 8 00:00:00 9864k 0.0% 1928 SVC:UserManager 8 00:00:03 9804k 0.0% 1956 SVC:SENS 8 00:00:00 5892k 0.0% 1972 SVC:BFE/mpssvc 8 00:00:13 26852k 0.0% 1884 SVC:netprofm 8 00:00:28 18488k 0.0% 1644 SVC:cplspcon 8 00:00:00 8300k 0.0% 1676 SVC:EventSystem 8 00:00:00 8668k 0.0% 1776 SVC:NgcSvc 8 00:00:00 8608k 0.0% 2428 SVC:DevQueryBroker 8 00:00:00 6128k 0.0% 2556 SVC:SessionEnv 8 00:00:00 11264k 0.0% 2564 SVC:DeviceAssociationService 8 00:00:00 8100k 0.0% 2380 SVC:LanmanWorkstation 8 00:00:05 10184k 0.0% 2012 SVC:UmRdpService 8 00:00:00 8384k 0.0% 2064 SVC:igfxCUIService2.0.0.0 8 00:00:00 9384k 0.0% 2272 SVC:CertPropSvc 8 00:00:00 6772k [disk] Filesystem 1K-blocks Used Avail Capacity Mounted Label Summary(Total\Avail GB) C 974872572 125321844 849550728 13% /FIXED/C:\ Windows 929.71\810.19 [memory] memory Total Used physical: 16263 4742 virtual: 2432 8 page: 18695 5199 [msgs:EventlogSummary] LogMode MaximumSizeInBytes RecordCount LogName ------- ------------------ ----------- ------- Circular 20971520 25828 Security Circular 20971520 68643 System Circular 20971520 56975 Application [msgs:eventlog_Security] [msgs:eventlog_System] Information - 12/10/2025 21:39:37 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:38:32 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:37:26 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:36:21 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:35:15 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:34:10 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:33:06 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. Information - 12/10/2025 21:32:01 - [17] - TPM - The Trusted Platform Module (TPM) hardware failed to execute a TPM command. [msgs:eventlog_Application] [procs] PID User WorkingSet/Peak VirtualMem/Peak PagedMem/Peak NPS Handles %CPU Start Time Elapsed Name Command 16148 NT AUTHORITY\SYSTEM 2249228/2249264 6625700/6631156 2289180/2289248 51 435 0.1 2025-12-04 16:08:57 8972 SVC:Mesh Agent "C:\Program Files\Mesh Agent\MeshAgent.exe" --installedByUser="S-1-5-21-1738527551-407844408-2392181978-1002" 5384 NT AUTHORITY\SYSTEM 137884/164392 2152370684/2152423700 88524/137412 37 556 0.1 2025-11-16 06:29:42 35471 powershell "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -ExecutionPolicy RemoteSigned -NoLogo -NonInteractive -NoProfile -WindowStyle Hidden -File "C:\Program Files\xymon\xymonclient.ps1" 2944 NT AUTHORITY\SYSTEM 10156/12124 2155971440/2155984292 2188/5504 11 198 0.1 2025-11-16 06:29:40 35471 SVC:SysMain C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s SysMain 672 NT AUTHORITY\LOCAL SERVICE 19296/23552 2151786708/2151832684 14272/21540 14 378 0.0 2025-11-16 06:29:40 35471 SVC:EventLog C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog 4 Unknown 9292/306032 13640/310472 80/652 0 2562 0.0 2025-11-16 06:29:31 35471 System 2764 Unknown 21144/806000 490856/4182544 226008/945764 661 993 0.0 2025-11-16 06:29:39 35471 SVC:WRSVC 10496 NT AUTHORITY\NETWORK SERVICE 21864/26168 2151797620/2151810544 9288/13896 66 1637 0.0 2025-12-10 10:13:40 687 WmiPrvSE C:\windows\system32\wbem\wmiprvse.exe -secured -Embedding 4200 NT AUTHORITY\SYSTEM 24256/40124 2151850048/2151864304 10832/32832 19 461 0.0 2025-11-16 06:29:41 35471 SVC:Winmgmt C:\windows\system32\svchost.exe -k netsvcs -p -s Winmgmt 852 NT AUTHORITY\NETWORK SERVICE 21340/21380 2151765652/2151769528 14156/14264 16 1061 0.0 2025-11-16 06:29:38 35471 SVC:RpcEptMapper/RpcSs C:\windows\system32\svchost.exe -k RPCSS -p 1588 NT AUTHORITY\NETWORK SERVICE 27928/28200 2151783528/2151795148 21340/21812 18 318 0.0 2025-11-16 06:29:38 35471 SVC:Dnscache C:\windows\system32\svchost.exe -k NetworkService -p 4512 NT AUTHORITY\SYSTEM 41584/61948 2151844388/2151876544 34024/50672 21 394 0.0 2025-11-16 06:29:46 35471 WmiPrvSE C:\windows\system32\wbem\wmiprvse.exe -Embedding 3948 NT AUTHORITY\SYSTEM 10724/10860 68528/77488 2232/2724 15 227 0.0 2025-11-16 06:29:41 35471 SVC:HCLAUTService "C:\Program Files\Common Files\HCL\AutoUpdate\AutoUpdate.exe" /svc 3968 NT AUTHORITY\SYSTEM 41768/42120 4837372/4867988 32948/33116 24 346 0.0 2025-11-16 06:29:41 35471 SVC:igccservice C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c18e9c8eed547b01\OneApp.IGCC.WinService.exe 3992 NT AUTHORITY\SYSTEM 10936/11032 2151763184/2151765748 2520/2664 12 219 0.0 2025-11-16 06:29:41 35471 SVC:LanmanServer C:\windows\system32\svchost.exe -k netsvcs -p -s LanmanServer 13064 NT AUTHORITY\LOCAL SERVICE 11988/12096 2151758876/2151758900 3132/3356 12 192 0.0 2025-12-10 21:39:39 1 WmiPrvSE C:\windows\system32\wbem\wmiprvse.exe -secured -Embedding 3876 NT AUTHORITY\SYSTEM 8152/8232 47064/57304 1408/1992 10 186 0.0 2025-11-16 06:29:41 35471 SVC:CxUtilSvc "C:\windows\CxSvc\CxUtilSvc.exe" 3896 NT AUTHORITY\LOCAL SERVICE 7420/7420 2151745976/2151750072 1368/1604 8 130 0.0 2025-11-16 06:29:41 35471 SVC:DispBrokerDesktopSvc C:\windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc 4008 NT AUTHORITY\SYSTEM 6908/6944 2151755968/2151761088 1384/1512 9 149 0.0 2025-11-16 06:29:41 35471 SVC:jhi_service C:\windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe 4192 NT AUTHORITY\SYSTEM 8220/8300 4292444/4297564 1604/1752 9 169 0.0 2025-11-16 06:29:41 35471 SVC:LNSUSvc "C:\Program Files\HCL\Notes\SUService.exe" 8856 NT AUTHORITY\SYSTEM 21760/22880 2151801328/2151811148 4068/5716 17 314 0.0 2025-12-10 21:38:35 2 SVC:wlidsvc C:\windows\system32\svchost.exe -k netsvcs -p -s wlidsvc 4208 NT AUTHORITY\SYSTEM 7272/7456 49060/56684 1440/1828 11 169 0.0 2025-11-16 06:29:41 35471 SVC:wgsslvpnsrc "C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe" 4132 NT AUTHORITY\SYSTEM 6784/6796 4275228/4278300 1428/1496 9 144 0.0 2025-11-16 06:29:41 35471 SVC:ONLYOFFICE Update Service "C:\Program Files\ONLYOFFICE\DesktopEditors\updatesvc.exe" 4168 NT AUTHORITY\SYSTEM 10396/10536 2151744852/2151764196 2700/2796 9 147 0.0 2025-11-16 06:29:46 35471 AggregatorHost AggregatorHost.exe 4184 NT AUTHORITY\SYSTEM 5944/6000 2151745144/2151747192 1248/1404 8 139 0.0 2025-11-16 06:29:41 35471 SVC:TrkWks C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks 3548 NT AUTHORITY\SYSTEM 6548/6636 2151743784/2151748392 1232/1492 8 114 0.0 2025-11-16 10:15:11 35245 SVC:seclogon C:\windows\system32\svchost.exe -k netsvcs -p -s seclogon 3560 NT AUTHORITY\SYSTEM 19732/19772 2151796596/2151807516 5980/6660 24 468 0.0 2025-11-16 06:29:41 35471 SVC:Spooler C:\windows\System32\spoolsv.exe 3676 NT AUTHORITY\LOCAL SERVICE 6656/6656 2151754624/2151756672 1340/1440 8 129 0.0 2025-11-16 06:29:41 35471 SVC:CoreMessagingRegistrar C:\windows\system32\svchost.exe -k LocalServiceNoNetwork -p 3460 NT AUTHORITY\LOCAL SERVICE 7056/7060 2151748408/2151752200 1516/1820 9 153 0.0 2025-11-16 06:29:41 35471 SVC:DusmSvc C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3468 NT AUTHORITY\LOCAL SERVICE 10932/10992 2151754976/2151766776 2408/3424 13 456 0.0 2025-11-16 06:29:41 35471 SVC:Wcmsvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p 3524 NT AUTHORITY\SYSTEM 10284/10376 2151757520/2151763664 2388/2960 20 276 0.0 2025-11-16 06:29:41 35471 SVC:ShellHWDetection C:\windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection 3688 NT AUTHORITY\NETWORK SERVICE 22128/82876 2151953500/2152469480 7552/70332 29 403 0.0 2025-11-16 06:29:41 35471 SVC:CryptSvc C:\windows\system32\svchost.exe -k NetworkService -p 3728 NT AUTHORITY\SYSTEM 22672/23176 4793248/4796640 23280/23612 18 497 0.0 2025-11-16 06:29:41 35471 SVC:CxAudioSvc "C:\windows\CxSvc\CxAudioSvc.exe" 3816 NT AUTHORITY\SYSTEM 57332/90084 2151921576/2152276296 28864/57452 29 641 0.0 2025-11-16 06:29:41 35471 SVC:DiagTrack C:\windows\System32\svchost.exe -k utcsvc -p 3856 NT AUTHORITY\LOCAL SERVICE 32988/46248 2151852844/2151994452 26352/39916 18 366 0.0 2025-11-16 06:29:41 35471 SVC:DPS C:\windows\System32\svchost.exe -k LocalServiceNoNetwork -p -s DPS 3696 NT AUTHORITY\SYSTEM 7500/7640 4269484/4275628 1892/2028 14 187 0.0 2025-11-16 06:29:41 35471 SVC:Bonjour Service "C:\Program Files\Bonjour\mDNSResponder.exe" 3708 NT AUTHORITY\SYSTEM 7124/7248 71280/78904 1816/2196 10 146 0.0 2025-11-16 06:29:41 35471 SVC:AdobeARMservice "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 0 8/8 8/8 60/60 0 0 0.0 0 Idle 7700 NT AUTHORITY\SYSTEM 13592/16060 2151773600/2151787424 2656/5724 11 216 0.0 2025-11-16 06:30:04 35470 SVC:StorSvc C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p 5408 NT AUTHORITY\SYSTEM 14168/14168 2151769572/2151771108 5836/5864 10 165 0.0 2025-11-16 06:29:42 35471 conhost \??\C:\windows\system32\conhost.exe 0x4 6172 Unknown 12244/12912 2151766400/2151798312 3188/4224 13 233 0.0 2025-11-16 06:31:49 35469 SVC:wscsvc 5192 Unknown 12688/48244 2151846868/2151858928 21708/22992 953 257 0.0 2025-11-16 06:29:42 35471 SVC:WRCoreService 5224 NT AUTHORITY\SYSTEM 18064/18312 2151787196/2151794216 4200/6064 15 294 0.0 2025-11-16 06:31:49 35469 SVC:UsoSvc C:\windows\system32\svchost.exe -k netsvcs -p -s UsoSvc 5244 Unknown 29632/217240 2152009488/2152070180 21760/206628 23 597 0.0 2025-11-17 05:51:14 34069 SVC:DoSvc 6192 NT AUTHORITY\SYSTEM 54716/56012 2152419936/2152432736 38756/40372 669 631 0.0 2025-11-16 06:29:43 35471 WRSkyCommandsClient C:\ProgramData\WRCore\CoreService\Component\SkyCommandsClient\WRSkyCommandsClient.exe 6804 NT AUTHORITY\SYSTEM 24668/38264 2151863448/2151867544 39260/42376 635 222 0.0 2025-11-16 06:29:45 35471 WRYES.x64 C:\ProgramData\WRCore\CoreService\Component\YARA\WRYES.x64.exe 7364 NT AUTHORITY\LOCAL SERVICE 18856/19096 2151771388/2151773948 11512/11752 12 245 0.0 2025-12-04 05:26:41 9614 SVC:webthreatdefsvc C:\windows\system32\svchost.exe -k WebThreatDefense -p -s webthreatdefsvc 7180 NT AUTHORITY\LOCAL SERVICE 11324/11348 2151759188/2151765852 2068/2464 10 174 0.0 2025-11-17 05:51:14 34069 SVC:LicenseManager C:\windows\System32\svchost.exe -k LocalService -p -s LicenseManager 6212 NT AUTHORITY\SYSTEM 15624/15624 2151770592/2151771104 7336/7364 10 166 0.0 2025-11-16 06:29:43 35471 conhost \??\C:\windows\system32\conhost.exe 0x4 6392 NT AUTHORITY\LOCAL SERVICE 15272/15272 2151777592/2151780152 2232/2416 12 201 0.0 2025-11-16 06:29:44 35471 SVC:NgcCtnrSvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc 6704 NT AUTHORITY\SYSTEM 11696/11928 2151782608/2151785680 3624/4072 627 183 0.0 2025-11-16 06:29:45 35471 WREDRS.x64 C:\ProgramData\WRCore\CoreService\Component\EDR\WREDRS.x64.exe 4412 NT AUTHORITY\SYSTEM 67036/127020 4854836/4900172 110224/123408 34 475 0.0 2025-11-16 06:29:41 35471 SVC:XTU3SERVICE C:\windows\SysWOW64\XtuService.exe 4436 NT AUTHORITY\SYSTEM 6332/6988 4271232/4277376 1908/2188 8 133 0.0 2025-11-16 06:29:41 35471 SVC:XymonPSClient "C:\Program Files\xymon\nssm.exe" 7712 NT AUTHORITY\SYSTEM 14196/14268 2151774896/2151776952 4264/4324 16 342 0.0 2025-11-16 06:29:49 35471 SVC:WRWTSSvc "c:\Program Files\Webroot\WebThreatShield\WRWTSSvc.exe" 4260 NT AUTHORITY\SYSTEM 39488/90780 113716/217544 23084/26900 28 473 0.0 2025-11-16 06:29:41 35471 SVC:SDScannerService "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" 4292 NT AUTHORITY\SYSTEM 19924/20364 2151785420/2151794932 4260/4820 17 383 0.0 2025-11-16 06:29:41 35471 SVC:WpnService C:\windows\system32\svchost.exe -k netsvcs -p -s WpnService 4404 NT AUTHORITY\SYSTEM 13268/14720 2151777336/2151787360 3872/4668 14 275 0.0 2025-11-16 06:31:47 35469 SVC:PcaSvc C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s PcaSvc 4448 NT AUTHORITY\SYSTEM 22132/22344 94292/105172 7440/8092 24 409 0.0 2025-11-16 06:29:41 35471 SVC:SDUpdateService "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" 4740 NT AUTHORITY\SYSTEM 34392/40648 2151815872/2151850528 15668/19372 19 752 0.0 2025-11-16 06:45:43 35455 SVC:InstallService C:\windows\System32\svchost.exe -k netsvcs -p 4808 Unknown 32236/45972 2151874376/2151889744 21920/23948 2591 614 0.0 2025-11-16 06:29:42 35471 SVC:WRSkyClient 4960 NT AUTHORITY\LOCAL SERVICE 9264/9360 2151755560/2151761836 1984/2528 11 227 0.0 2025-11-16 06:29:43 35471 SVC:RmSvc C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc 4456 NT AUTHORITY\SYSTEM 28044/29228 2151832352/2151839016 16196/19236 20 748 0.0 2025-11-16 06:31:49 35469 SVC:WSearch C:\windows\system32\SearchIndexer.exe /Embedding 4496 NT AUTHORITY\SYSTEM 15468/16332 92632/107872 2884/3780 15 293 0.0 2025-11-16 06:29:41 35471 SVC:WMIRegistrationService C:\windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe 7704 NT AUTHORITY\SYSTEM 10860/10872 2151754012/2151758316 1712/1920 9 157 0.0 2025-11-17 05:49:35 34071 SVC:TokenBroker C:\windows\system32\svchost.exe -k netsvcs -p -s TokenBroker 3432 NT AUTHORITY\SYSTEM 6460/6460 2151746516/2151748564 1348/1468 8 134 0.0 2025-11-16 06:29:41 35471 SVC:TextInputManagementService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TextInputManagementService 1348 NT AUTHORITY\LOCAL SERVICE 8632/8764 2151746324/2151749908 4092/4392 19 143 0.0 2025-11-16 06:29:38 35471 SVC:nsi C:\windows\system32\svchost.exe -k LocalService -p -s nsi 1356 NT AUTHORITY\LOCAL SERVICE 16944/16944 2151764712/2151771708 2824/3256 19 237 0.0 2025-11-16 06:29:38 35471 SVC:BthAvctpSvc C:\windows\system32\svchost.exe -k LocalService -p -s BthAvctpSvc 1364 NT AUTHORITY\LOCAL SERVICE 10716/10716 2151753752/2151757848 1872/2308 14 186 0.0 2025-11-16 06:29:38 35471 SVC:BTAGService C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -s BTAGService 1316 NT AUTHORITY\SYSTEM 9552/9568 2151752280/2151755864 1944/2248 11 210 0.0 2025-11-16 06:29:38 35471 SVC:NcbService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService 1172 Window Manager\DWM-1 50092/59268 2152017664/2152050916 16328/18900 26 748 0.0 2025-11-16 06:29:38 35471 dwm "dwm.exe" 1200 NT AUTHORITY\SYSTEM 7884/8020 2151750824/2151757992 1488/1704 8 160 0.0 2025-11-16 06:29:39 35471 SVC:cphs C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fe9e4d6552ab1bbe\IntelCpHeciSvc.exe 1220 NT AUTHORITY\NETWORK SERVICE 13624/13672 2151788004/2151793016 4252/4436 18 486 0.0 2025-11-16 06:29:38 35471 SVC:TermService C:\windows\System32\svchost.exe -k NetworkService -s TermService 1536 NT AUTHORITY\LOCAL SERVICE 9416/9416 2151755288/2151761944 2984/3224 11 245 0.0 2025-11-16 06:29:38 35471 SVC:Dhcp C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp 1580 NT AUTHORITY\SYSTEM 17616/17896 2151789552/2151800788 6224/7064 19 390 0.0 2025-11-16 06:29:38 35471 SVC:Schedule C:\windows\System32\svchost.exe -k netsvcs -s Schedule 1628 NT AUTHORITY\SYSTEM 7476/7476 2151747980/2151752720 1500/1676 8 133 0.0 2025-11-16 06:29:38 35471 SVC:ProfSvc C:\windows\system32\svchost.exe -k UserProfileService -p -s ProfSvc 1400 NT AUTHORITY\LOCAL SERVICE 6684/6732 2151748304/2151750816 1732/1932 8 318 0.0 2025-11-16 06:29:38 35471 SVC:TimeBrokerSvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc 1376 NT AUTHORITY\LOCAL SERVICE 8748/8820 2151756252/2151758812 1932/2120 13 218 0.0 2025-11-16 06:29:38 35471 SVC:W32Time C:\windows\system32\svchost.exe -k LocalService -s W32Time 1384 NT AUTHORITY\LOCAL SERVICE 14524/14548 2151764116/2151768724 2856/3092 15 259 0.0 2025-11-16 06:29:38 35471 SVC:bthserv C:\windows\system32\svchost.exe -k LocalService -p -s bthserv 1392 NT AUTHORITY\LOCAL SERVICE 6884/6884 2151751924/2151752948 1584/1680 9 146 0.0 2025-11-16 06:29:38 35471 SVC:lmhosts C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts 628 Font Driver Host\UMFD-0 4524/4528 2151748244/2151749936 1548/1608 6 42 0.0 2025-11-16 06:29:37 35471 fontdrvhost "fontdrvhost.exe" 684 Unknown 6240/6500 2151772628/2151774228 2056/2384 25 630 0.0 2025-11-16 06:29:36 35471 csrss 696 NT AUTHORITY\SYSTEM 14328/14344 2151755784/2151761416 2160/2536 10 183 0.0 2025-11-16 10:15:00 35246 SVC:camsvc C:\windows\system32\svchost.exe -k osprivacy -p -s camsvc 616 Font Driver Host\UMFD-1 4160/4164 2151745900/2151747436 1304/1380 6 42 0.0 2025-11-16 06:29:37 35471 fontdrvhost "fontdrvhost.exe" 112 Unknown 28844/278844 105152/392516 4308/93872 8 0 0.0 2025-11-16 06:29:29 35471 Registry 508 Unknown 1296/1372 2151718656/2151727980 1116/1216 3 58 0.0 2025-11-16 06:29:31 35471 smss 576 NT AUTHORITY\SYSTEM 20144/20272 2151780804/2151790464 7248/7568 16 1324 0.0 2025-11-16 06:29:37 35471 SVC:BrokerInfrastructure/DcomLaunch/PlugPlay/Power/SystemEventsBroker C:\windows\system32\svchost.exe -k DcomLaunch -p 940 Unknown 25996/26848 2151806192/2151810320 7756/8704 32 1257 0.0 2025-11-16 06:29:37 35471 SVC:KeyIso/Netlogon/SamSs/VaultSvc 1068 NT AUTHORITY\SYSTEM 11100/11128 2151759924/2151761972 2720/2792 12 300 0.0 2025-11-16 06:29:38 35471 SVC:LSM C:\windows\system32\svchost.exe -k DcomLaunch -p -s LSM 1148 NT AUTHORITY\SYSTEM 73820/88580 2152140628/2152147756 26116/39768 38 773 0.0 2025-11-16 06:29:38 35471 LogonUI "LogonUI.exe" /flags:0x2 /state0:0xa3bcf055 /state1:0x41c64e6d 920 Unknown 14688/17284 2151765492/2152038452 6256/13496 15 726 0.0 2025-11-16 06:29:37 35471 services 776 Unknown 7712/7832 2151751144/2151767056 1416/1964 11 157 0.0 2025-11-16 06:29:36 35471 wininit 784 Unknown 5560/5692 2151762124/2151763404 1868/2596 10 158 0.0 2025-11-16 06:29:36 35471 csrss 876 NT AUTHORITY\SYSTEM 10792/15760 2151812800/2151826116 2260/6348 12 214 0.0 2025-11-16 06:29:37 35471 winlogon winlogon.exe 2924 NT AUTHORITY\SYSTEM 11224/11712 2152036740/2152042372 6348/6676 15 206 0.0 2025-11-16 06:41:14 35459 SVC:DsSvc C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc 2980 NT AUTHORITY\NETWORK SERVICE 5724/5836 2151737164/2151740748 1108/1336 7 113 0.0 2025-11-16 06:29:40 35471 dasHost dashost.exe {cd7a5525-f361-4cff-9d50fc61ee5c4045} 3068 NT AUTHORITY\LOCAL SERVICE 8328/8540 2151758132/2151774516 2264/3204 15 253 0.0 2025-11-16 06:29:40 35471 SVC:SSDPSRV C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV 2824 NT AUTHORITY\SYSTEM 11636/11652 2152810584/2152820404 2636/3444 16 373 0.0 2025-11-16 06:29:39 35471 SVC:iphlpsvc C:\windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc 2704 NT AUTHORITY\LOCAL SERVICE 18176/19504 2151783188/2151789844 6584/8268 15 297 0.0 2025-11-16 06:29:39 35471 dasHost dashost.exe {ea559576-958b-4433-87b60382b56c03f1} 2744 NT AUTHORITY\SYSTEM 17828/26596 2151774032/2151778704 10212/19568 10 271 0.0 2025-11-16 06:29:39 35471 SVC:StateRepository C:\windows\system32\svchost.exe -k appmodel -p -s StateRepository 2792 NT AUTHORITY\LOCAL SERVICE 7936/8332 2151751256/2151757400 1788/2836 10 180 0.0 2025-11-16 06:29:39 35471 SVC:WinHttpAutoProxySvc C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc 3140 Unknown 72436/101256 80384/108928 228/280 0 0 0.0 2025-11-16 06:29:40 35471 Memory Compression 3348 NT AUTHORITY\LOCAL SERVICE 11556/11560 2151767912/2151774188 2444/2820 13 228 0.0 2025-11-16 06:29:40 35471 SVC:StiSvc C:\windows\system32\svchost.exe -k imgsvc 3400 NT AUTHORITY\LOCAL SERVICE 17724/17728 2151773196/2151777292 2988/3340 13 353 0.0 2025-11-16 06:29:40 35471 SVC:Audiosrv C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p 3120 NT AUTHORITY\LOCAL SERVICE 8624/8800 2151782116/2151786484 1928/2120 11 173 0.0 2025-11-16 06:29:40 35471 SVC:FontCache C:\windows\system32\svchost.exe -k LocalService -p -s FontCache 3076 NT AUTHORITY\SYSTEM 5992/6004 2151749056/2151750592 1280/1348 8 123 0.0 2025-11-16 06:29:40 35471 SVC:Themes C:\windows\System32\svchost.exe -k netsvcs -p -s Themes 3092 NT AUTHORITY\LOCAL SERVICE 19168/19184 2151793996/2151802188 4496/4940 22 359 0.0 2025-11-16 06:31:46 35469 SVC:CDPSvc C:\windows\system32\svchost.exe -k LocalService -p -s CDPSvc 3112 NT AUTHORITY\SYSTEM 9864/9872 2151757032/2151761640 2048/2352 11 227 0.0 2025-11-16 06:29:40 35471 SVC:AudioEndpointBuilder C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder 1928 NT AUTHORITY\SYSTEM 9804/9848 2151755208/2151760748 1944/2260 9 163 0.0 2025-11-16 06:29:39 35471 SVC:UserManager C:\windows\system32\svchost.exe -k netsvcs -p -s UserManager 1956 NT AUTHORITY\SYSTEM 5892/5892 2151744848/2151746828 1256/1376 10 132 0.0 2025-11-16 06:29:39 35471 SVC:SENS C:\windows\system32\svchost.exe -k netsvcs -p -s SENS 1972 NT AUTHORITY\LOCAL SERVICE 26852/32804 2151800368/2151808432 16092/21476 33 437 0.0 2025-11-16 06:29:39 35471 SVC:BFE/mpssvc C:\windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p 1884 NT AUTHORITY\NETWORK SERVICE 18488/18548 2151779616/2151806752 5256/7260 21 819 0.0 2025-11-16 06:29:39 35471 SVC:netprofm C:\windows\System32\svchost.exe -k netprofm -p -s netprofm 1644 NT AUTHORITY\SYSTEM 8300/8368 2151757128/2151764296 1600/1780 9 184 0.0 2025-11-16 06:29:38 35471 SVC:cplspcon C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_fe9e4d6552ab1bbe\IntelCpHDCPSvc.exe 1676 NT AUTHORITY\LOCAL SERVICE 8668/8800 2151755244/2151760356 1968/2284 10 179 0.0 2025-11-16 06:29:38 35471 SVC:EventSystem C:\windows\system32\svchost.exe -k LocalService -p -s EventSystem 1776 NT AUTHORITY\SYSTEM 8608/8612 2151749832/2151752444 1660/1836 9 148 0.0 2025-11-16 06:29:38 35471 SVC:NgcSvc C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc 2428 NT AUTHORITY\SYSTEM 6128/6172 2151748108/2151751180 1304/1488 8 119 0.0 2025-11-16 06:29:39 35471 SVC:DevQueryBroker C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DevQueryBroker 2556 NT AUTHORITY\SYSTEM 11264/11272 2151764412/2151765948 2404/2504 16 242 0.0 2025-11-16 06:29:39 35471 SVC:SessionEnv C:\windows\System32\svchost.exe -k netsvcs -p -s SessionEnv 2564 NT AUTHORITY\SYSTEM 8100/8168 2151750076/2151763388 1744/2396 9 188 0.0 2025-11-16 06:29:39 35471 SVC:DeviceAssociationService C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService 2380 NT AUTHORITY\NETWORK SERVICE 10184/10240 2151761096/2151765192 2164/2292 12 233 0.0 2025-11-16 06:29:39 35471 SVC:LanmanWorkstation C:\windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation 2012 NT AUTHORITY\SYSTEM 8384/8472 2151759432/2151761480 1720/1880 11 184 0.0 2025-11-16 06:29:39 35471 SVC:UmRdpService C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s UmRdpService 2064 NT AUTHORITY\SYSTEM 9384/9428 2151755740/2151761884 1736/1944 10 183 0.0 2025-11-16 06:29:39 35471 SVC:igfxCUIService2.0.0.0 C:\windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_c36cd6406677db45\igfxCUIService.exe 2272 NT AUTHORITY\SYSTEM 6772/6772 2151747224/2151749272 1412/1512 8 149 0.0 2025-11-16 06:29:39 35471 SVC:CertPropSvc C:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc [netstat] PacketsReceived=10184389 ReceivedHeaderErrors=0 ReceivedAddressErrors=609 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=2765058 ReceivedPacketsDelivered=9256081 OutputRequests=3355439 RoutingDiscards=0 DiscardedOutputPackets=33509 OutputPacketNoRoute=5 ReassemblyRequired=26 ReassemblySuccessful=13 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 PacketsReceived=1188363 ReceivedHeaderErrors=0 ReceivedAddressErrors=441 DatagramsForwarded=0 UnknownProtocolsReceived=0 ReceivedPacketsDiscarded=5365 ReceivedPacketsDelivered=1183965 OutputRequests=779 RoutingDiscards=0 DiscardedOutputPackets=0 OutputPacketNoRoute=0 ReassemblyRequired=0 ReassemblySuccessful=0 ReassemblyFailures=0 DatagramsSuccessfullyFragmented=0 DatagramsFailingFragmentation=0 FragmentsCreated=0 tcpActiveOpens=262490 tcpPassiveOpens=21025 tcpFailedConnectionAttempts=4555 tcpResetConnections=27317 tcpCurrentConnections=3 tcpSegmentsReceived=2649783 tcpSegmentsSent=3377937 tcpSegmentsRetransmitted=23001 tcpActiveOpens=12 tcpPassiveOpens=0 tcpFailedConnectionAttempts=12 tcpResetConnections=0 tcpCurrentConnections=0 tcpSegmentsReceived=72 tcpSegmentsSent=48 tcpSegmentsRetransmitted=24 udpDatagramsReceived=6680089 udpNoPorts=981075 udpReceiveErrors=61 udpDatagramsSent=48632 udpDatagramsReceived=1186786 udpNoPorts=4177 udpReceiveErrors=0 udpDatagramsSent=666 [ports] Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING TCP 0.0.0.0:445 0.0.0.0:0 LISTENING TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING TCP 0.0.0.0:49672 0.0.0.0:0 LISTENING TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING TCP 0.0.0.0:49683 0.0.0.0:0 LISTENING TCP 127.0.0.1:623 0.0.0.0:0 LISTENING TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING TCP 127.0.0.1:16992 0.0.0.0:0 LISTENING TCP 127.0.0.1:21320 0.0.0.0:0 LISTENING TCP 127.0.0.1:21321 0.0.0.0:0 LISTENING TCP 127.0.0.1:21322 0.0.0.0:0 LISTENING TCP 127.0.0.1:21323 0.0.0.0:0 LISTENING TCP 127.0.0.1:27019 0.0.0.0:0 LISTENING TCP 192.168.5.74:139 0.0.0.0:0 LISTENING TCP 192.168.5.74:49956 192.168.6.5:445 ESTABLISHED TCP 192.168.5.74:50015 125.253.56.44:443 ESTABLISHED TCP 192.168.5.74:50020 54.76.196.229:443 ESTABLISHED TCP [::]:135 [::]:0 LISTENING TCP [::]:445 [::]:0 LISTENING TCP [::]:3389 [::]:0 LISTENING TCP [::]:7680 [::]:0 LISTENING TCP [::]:49664 [::]:0 LISTENING TCP [::]:49665 [::]:0 LISTENING TCP [::]:49666 [::]:0 LISTENING TCP [::]:49667 [::]:0 LISTENING TCP [::]:49668 [::]:0 LISTENING TCP [::]:49672 [::]:0 LISTENING TCP [::]:49673 [::]:0 LISTENING TCP [::]:49683 [::]:0 LISTENING TCP [::1]:49674 [::]:0 LISTENING UDP 0.0.0.0:123 *:* UDP 0.0.0.0:3389 *:* UDP 0.0.0.0:5050 *:* UDP 0.0.0.0:5353 *:* UDP 0.0.0.0:5355 *:* UDP 0.0.0.0:54247 *:* UDP 0.0.0.0:56053 *:* UDP 0.0.0.0:58687 *:* UDP 0.0.0.0:58688 *:* UDP 0.0.0.0:64182 *:* UDP 0.0.0.0:65057 *:* UDP 127.0.0.1:1900 *:* UDP 127.0.0.1:12011 *:* UDP 127.0.0.1:50296 *:* UDP 127.0.0.1:61034 127.0.0.1:61034 UDP 127.0.0.1:65059 127.0.0.1:65059 UDP 192.168.5.74:137 *:* UDP 192.168.5.74:138 *:* UDP 192.168.5.74:1900 *:* UDP 192.168.5.74:5353 *:* UDP 192.168.5.74:50295 *:* UDP [::]:123 *:* UDP [::]:3389 *:* UDP [::]:5353 *:* UDP [::]:5355 *:* UDP [::]:54247 *:* UDP [::]:56053 *:* UDP [::]:58688 *:* UDP [::]:64182 *:* UDP [::]:65058 *:* UDP [::1]:1900 *:* UDP [::1]:5353 *:* UDP [::1]:50294 *:* UDP [fe80::89dc:c42:1b76:f272%13]:1900 *:* UDP [fe80::89dc:c42:1b76:f272%13]:50293 *:* [ipconfig] Windows IP Configuration Host Name . . . . . . . . . . . . : TCS-DT-Workshop Primary Dns Suffix . . . . . . . : twilight.inside Node Type . . . . . . . . . . . . : Hybrid IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : twilight.inside Unknown adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : TAP-Windows Adapter V9 Physical Address. . . . . . . . . : 00-FF-ED-66-59-69 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Ethernet: Connection-specific DNS Suffix . : twilight.inside Description . . . . . . . . . . . : Intel(R) Ethernet Connection (5) I219-LM Physical Address. . . . . . . . . : 18-60-24-26-42-D8 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::89dc:c42:1b76:f272%13(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.5.74(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.252.0 Lease Obtained. . . . . . . . . . : Sunday, 16 November 2025 10:14:56 AM Lease Expires . . . . . . . . . . : Thursday, 18 December 2025 10:15:35 AM Default Gateway . . . . . . . . . : 192.168.5.1 DHCP Server . . . . . . . . . . . : 192.168.5.5 DHCPv6 IAID . . . . . . . . . . . : 116668681 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2E-5D-D6-F1-18-60-24-26-42-D8 DNS Servers . . . . . . . . . . . : 192.168.5.5 8.8.8.8 1.1.1.1 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Bluetooth Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) #3 Physical Address. . . . . . . . . : 00-1A-7D-DA-71-15 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes [route] =========================================================================== Interface List 17...00 ff ed 66 59 69 ......TAP-Windows Adapter V9 13...18 60 24 26 42 d8 ......Intel(R) Ethernet Connection (5) I219-LM 18...00 1a 7d da 71 15 ......Bluetooth Device (Personal Area Network) #3 1...........................Software Loopback Interface 1 =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.5.1 192.168.5.74 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.4.0 255.255.252.0 On-link 192.168.5.74 281 192.168.5.74 255.255.255.255 On-link 192.168.5.74 281 192.168.7.255 255.255.255.255 On-link 192.168.5.74 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 331 224.0.0.0 240.0.0.0 On-link 192.168.5.74 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.5.74 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 1 331 ::1/128 On-link 13 281 fe80::/64 On-link 13 281 fe80::89dc:c42:1b76:f272/128 On-link 1 331 ff00::/8 On-link 13 281 ff00::/8 On-link =========================================================================== Persistent Routes: None [ifstat] 192.168.5.74 7362730039 1530258674 [svcs] Name StartupType Status DisplayName AdobeARMservice automatic started Adobe Acrobat Update Service afcdpsrv automatic stopped Acronis Nonstop Backup Service AJRouter manual stopped AllJoyn Router Service ALG manual stopped Application Layer Gateway Service AppIDSvc manual stopped Application Identity Appinfo manual stopped Application Information AppMgmt manual stopped Application Management AppReadiness manual stopped App Readiness AppVClient disabled stopped Microsoft App-V Client AppXSvc manual stopped AppX Deployment Service (AppXSVC) AssignedAccessManagerSvc manual stopped AssignedAccessManager Service AudioEndpointBuilder automatic started Windows Audio Endpoint Builder Audiosrv automatic started Windows Audio autotimesvc manual stopped Cellular Time AxInstSV manual stopped ActiveX Installer (AxInstSV) BDESVC manual stopped BitLocker Drive Encryption Service BFE automatic started Base Filtering Engine BITS manual stopped Background Intelligent Transfer Service Bonjour_Service automatic started Bonjour Service BrokerInfrastructure automatic started Background Tasks Infrastructure Service BTAGService manual started Bluetooth Audio Gateway Service BthAvctpSvc manual started AVCTP service bthserv manual started Bluetooth Support Service camsvc manual started Capability Access Manager Service CDPSvc automatic started Connected Devices Platform Service CertPropSvc manual started Certificate Propagation ClipSVC manual stopped Client License Service (ClipSVC) cloudidsvc manual stopped Microsoft Cloud Identity Service COMSysApp manual stopped COM+ System Application CoreMessagingRegistrar automatic started CoreMessaging cphs manual started Intel(R) Content Protection HECI Service cplspcon automatic started Intel(R) Content Protection HDCP Service CryptSvc automatic started Cryptographic Services CscService manual stopped Offline Files CxAudioSvc automatic started CxAudioSvc CxUtilSvc automatic started CxUtilSvc DcomLaunch automatic started DCOM Server Process Launcher dcsvc manual stopped Declared Configuration(DC) service defragsvc manual stopped Optimize drives DeviceAssociationService automatic started Device Association Service DeviceInstall manual stopped Device Install Service DevQueryBroker manual started DevQuery Background Discovery Broker Dhcp automatic started DHCP Client diagnosticshub.standardcollector.service manual stopped Microsoft (R) Diagnostics Hub Standard Collector Service diagsvc manual stopped Diagnostic Execution Service DiagTrack automatic started Connected User Experiences and Telemetry DialogBlockingService disabled stopped DialogBlockingService DispBrokerDesktopSvc automatic started Display Policy Service DisplayEnhancementService manual stopped Display Enhancement Service DmEnrollmentSvc manual stopped Device Management Enrollment Service dmwappushservice manual stopped Device Management Wireless Application Protocol (WAP) Push message Routing Service Dnscache automatic started DNS Client DoSvc automatic started Delivery Optimization dot3svc manual stopped Wired AutoConfig DPS automatic started Diagnostic Policy Service DsmSvc manual stopped Device Setup Manager DsSvc manual started Data Sharing Service DusmSvc automatic started Data Usage EapHost manual stopped Extensible Authentication Protocol edgeupdate automatic stopped Microsoft Edge Update Service (edgeupdate) edgeupdatem manual stopped Microsoft Edge Update Service (edgeupdatem) EFS manual stopped Encrypting File System (EFS) embeddedmode manual stopped Embedded Mode EntAppSvc manual stopped Enterprise App Management Service EventLog automatic started Windows Event Log EventSystem automatic started COM+ Event System fdPHost manual stopped Function Discovery Provider Host FDResPub manual stopped Function Discovery Resource Publication fhsvc manual stopped File History Service FontCache automatic started Windows Font Cache Service FontCache3.0.0.0 manual stopped Windows Presentation Foundation Font Cache 3.0.0.0 FrameServer manual stopped Windows Camera Frame Server FrameServerMonitor manual stopped Windows Camera Frame Server Monitor GameInputSvc manual stopped GameInput Service GoogleChromeElevationService manual stopped Google Chrome Elevation Service (GoogleChromeElevationService) GoogleUpdaterInternalService144.0.7547.0 automatic stopped Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) GoogleUpdaterService144.0.7547.0 automatic stopped Google Updater Service (GoogleUpdaterService144.0.7547.0) gpsvc automatic stopped Group Policy Client GraphicsPerfSvc manual stopped GraphicsPerfSvc HCLAUTService automatic started HCL Auto Update Service hidserv manual stopped Human Interface Device Service HvHost manual stopped HV Host Service icssvc manual stopped Windows Mobile Hotspot Service igccservice automatic started Intel(R) Graphics Command Center Service igfxCUIService2.0.0.0 automatic started Intel(R) HD Graphics Control Panel Service IKEEXT manual stopped IKE and AuthIP IPsec Keying Modules InstallService manual started Microsoft Store Install Service Intel(R)_Capability_Licensing_Service_TCP_IP_Interface manual stopped Intel(R) Capability Licensing Service TCP IP Interface Intel(R)_TPM_Provisioning_Service automatic stopped Intel(R) TPM Provisioning Service InventorySvc manual stopped Inventory and Compatibility Appraisal service iphlpsvc automatic started IP Helper IpxlatCfgSvc manual stopped IP Translation Configuration Service jhi_service automatic started Intel(R) Dynamic Application Loader Host Interface Service KeyIso manual started CNG Key Isolation KtmRm manual stopped KtmRm for Distributed Transaction Coordinator LanmanServer automatic started Server LanmanWorkstation automatic started Workstation lfsvc manual stopped Geolocation Service LicenseManager manual started Windows License Manager Service lltdsvc manual stopped Link-Layer Topology Discovery Mapper lmhosts manual started TCP/IP NetBIOS Helper LNSUSvc automatic started HCL Notes Smart Upgrade Service LSM automatic started Local Session Manager LxpSvc manual stopped Language Experience Service MapsBroker automatic stopped Downloaded Maps Manager McpManagementService manual stopped McpManagementService MDCoreSvc manual stopped Microsoft Defender Core Service Mesh_Agent automatic started Mesh Agent MicrosoftEdgeElevationService manual stopped Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) MixedRealityOpenXRSvc manual stopped Windows Mixed Reality OpenXR Service MozillaMaintenance manual stopped Mozilla Maintenance Service mpssvc automatic started Windows Defender Firewall MSDTC manual stopped Distributed Transaction Coordinator MSiSCSI manual stopped Microsoft iSCSI Initiator Service msiserver manual stopped Windows Installer MsKeyboardFilter disabled stopped Microsoft Keyboard Filter NaturalAuthentication manual stopped Natural Authentication NcaSvc manual stopped Network Connectivity Assistant NcbService manual started Network Connection Broker NcdAutoSetup manual stopped Network Connected Devices Auto-Setup Netlogon automatic started Netlogon Netman manual stopped Network Connections netprofm manual started Network List Service NetSetupSvc manual stopped Network Setup Service NetTcpPortSharing disabled stopped Net.Tcp Port Sharing Service NgcCtnrSvc manual started Microsoft Passport Container NgcSvc manual started Microsoft Passport NlaSvc manual stopped Network Location Awareness nsi automatic started Network Store Interface Service ONLYOFFICE_Update_Service automatic started ONLYOFFICE Update Service p2pimsvc manual stopped Peer Networking Identity Manager p2psvc manual stopped Peer Networking Grouping PcaSvc automatic started Program Compatibility Assistant Service PeerDistSvc manual stopped BranchCache perceptionsimulation manual stopped Windows Perception Simulation Service PerfHost manual stopped Performance Counter DLL Host PhoneSvc manual stopped Phone Service pla manual stopped Performance Logs & Alerts PlugPlay manual started Plug and Play PNRPAutoReg manual stopped PNRP Machine Name Publication Service PNRPsvc manual stopped Peer Name Resolution Protocol PolicyAgent manual stopped IPsec Policy Agent Power automatic started Power PrintNotify manual stopped Printer Extensions and Notifications ProfSvc automatic started User Profile Service PushToInstall manual stopped Windows PushToInstall Service QWAVE manual stopped Quality Windows Audio Video Experience RasAuto manual stopped Remote Access Auto Connection Manager RasMan manual stopped Remote Access Connection Manager RemoteAccess disabled stopped Routing and Remote Access RemoteRegistry disabled stopped Remote Registry RetailDemo manual stopped Retail Demo Service RmSvc manual started Radio Management Service RpcEptMapper automatic started RPC Endpoint Mapper RpcLocator manual stopped Remote Procedure Call (RPC) Locator RpcSs automatic started Remote Procedure Call (RPC) SamSs automatic started Security Accounts Manager SCardSvr manual stopped Smart Card ScDeviceEnum manual stopped Smart Card Device Enumeration Service Schedule automatic started Task Scheduler SCPolicySvc manual stopped Smart Card Removal Policy SDRSVC manual stopped Windows Backup SDScannerService automatic started Spybot-S&D 2 Scanner Service SDUpdateService automatic started Spybot-S&D 2 Updating Service seclogon manual started Secondary Logon SecurityHealthService manual stopped Windows Security Service SEMgrSvc manual stopped Payments and NFC/SE Manager SENS automatic started System Event Notification Service Sense manual stopped Windows Defender Advanced Threat Protection Service SensorDataService manual stopped Sensor Data Service SensorService manual stopped Sensor Service SensrSvc manual stopped Sensor Monitoring Service SessionEnv manual started Remote Desktop Configuration SharedAccess manual stopped Internet Connection Sharing (ICS) SharedRealitySvc manual stopped Spatial Data Service ShellHWDetection automatic started Shell Hardware Detection shpamsvc disabled stopped Shared PC Account Manager smphost manual stopped Microsoft Storage Spaces SMP SmsRouter manual stopped Microsoft Windows SMS Router Service. SNMPTrap manual stopped SNMP Trap spectrum manual stopped Windows Perception Service Spooler automatic started Print Spooler sppsvc automatic stopped Software Protection SSDPSRV manual started SSDP Discovery ssh-agent disabled stopped OpenSSH Authentication Agent SstpSvc manual stopped Secure Socket Tunneling Protocol Service StateRepository automatic started State Repository Service StiSvc manual started Windows Image Acquisition (WIA) StorSvc automatic started Storage Service svsvc manual stopped Spot Verifier swprv manual stopped Microsoft Software Shadow Copy Provider SysMain automatic started SysMain SystemEventsBroker automatic started System Events Broker TapiSrv manual stopped Telephony TermService manual started Remote Desktop Services TextInputManagementService automatic started Text Input Management Service Themes automatic started Themes TieringEngineService manual stopped Storage Tiers Management TimeBrokerSvc manual started Time Broker TokenBroker manual started Web Account Manager TrkWks automatic started Distributed Link Tracking Client TroubleshootingSvc manual stopped Recommended Troubleshooting Service TrustedInstaller manual stopped Windows Modules Installer tzautoupdate disabled stopped Auto Time Zone Updater UevAgentService disabled stopped User Experience Virtualization Service uhssvc disabled stopped Microsoft Update Health Service UmRdpService manual started Remote Desktop Services UserMode Port Redirector upnphost manual stopped UPnP Device Host UserManager automatic started User Manager UsoSvc automatic started Update Orchestrator Service VacSvc manual stopped Volumetric Audio Compositor Service VaultSvc manual started Credential Manager vds manual stopped Virtual Disk vmicguestinterface manual stopped Hyper-V Guest Service Interface vmicheartbeat manual stopped Hyper-V Heartbeat Service vmickvpexchange manual stopped Hyper-V Data Exchange Service vmicrdv manual stopped Hyper-V Remote Desktop Virtualization Service vmicshutdown manual stopped Hyper-V Guest Shutdown Service vmictimesync manual stopped Hyper-V Time Synchronization Service vmicvmsession manual stopped Hyper-V PowerShell Direct Service vmicvss manual stopped Hyper-V Volume Shadow Copy Requestor VSS manual stopped Volume Shadow Copy W32Time automatic started Windows Time WaaSMedicSvc manual stopped WaaSMedicSvc WalletService manual stopped WalletService WarpJITSvc manual stopped Warp JIT Service wbengine manual stopped Block Level Backup Engine Service WbioSrvc manual stopped Windows Biometric Service Wcmsvc automatic started Windows Connection Manager wcncsvc manual stopped Windows Connect Now - Config Registrar WdiServiceHost manual stopped Diagnostic Service Host WdiSystemHost manual stopped Diagnostic System Host WdNisSvc manual stopped Microsoft Defender Antivirus Network Inspection Service WebClient manual stopped WebClient webthreatdefsvc manual started Web Threat Defense Service Wecsvc manual stopped Windows Event Collector WEPHOSTSVC manual stopped Windows Encryption Provider Host Service wercplsupport manual stopped Problem Reports Control Panel Support WerSvc manual stopped Windows Error Reporting Service WFDSConMgrSvc manual stopped Wi-Fi Direct Services Connection Manager Service wgsslvpnsrc automatic started WatchGuard SSLVPN Service WiaRpc manual stopped Still Image Acquisition Events WinDefend manual stopped Microsoft Defender Antivirus Service WinHttpAutoProxySvc manual started WinHTTP Web Proxy Auto-Discovery Service Winmgmt automatic started Windows Management Instrumentation WinRM manual stopped Windows Remote Management (WS-Management) wisvc manual stopped Windows Insider Service WlanSvc manual stopped WLAN AutoConfig wlidsvc manual started Microsoft Account Sign-in Assistant wlpasvc manual stopped Local Profile Assistant Service WManSvc manual stopped Windows Management Service wmiApSrv manual stopped WMI Performance Adapter WMIRegistrationService automatic started Intel(R) Management Engine WMI Provider Registration WMPNetworkSvc manual stopped Windows Media Player Network Sharing Service workfolderssvc manual stopped Work Folders WpcMonSvc manual stopped Parental Controls WPDBusEnum manual stopped Portable Device Enumerator Service WpnService automatic started Windows Push Notifications System Service WRCoreService automatic started WRCoreService WRSkyClient automatic started WRSkyClient WRSVC automatic started WRSVC WRWTSSvc manual started Web Threat Shield Service wscsvc automatic started Security Center WSearch automatic started Windows Search wuauserv manual stopped Windows Update WwanSvc manual stopped WWAN AutoConfig XblAuthManager manual stopped Xbox Live Auth Manager XblGameSave manual stopped Xbox Live Game Save XboxGipSvc manual stopped Xbox Accessory Management Service XboxNetApiSvc manual stopped Xbox Live Networking Service XTU3SERVICE automatic started XTUOCDriverService XymonPSClient automatic started XymonPSClient [uptime] sec: 2128264 24 days 15 hours 11 minutes 4 seconds Bootup: 20251116062929.500000+660 [who] SESSIONNAME USERNAME ID STATE TYPE DEVICE >services 0 Disc console 1 Conn rdp-tcp 65536 Listen Total sessions created: 2 Total sessions disconnected: 0 Total sessions reconnected: 0 [users] [XymonConfig] XymonSettings serversList : xymon.twilight.inside serverUrl : serverHttpUsername : serverHttpTimeoutMs : 100000 wanteddisksList : {3} clientname : tcs-dt-workshop clientbbwinmembug : 1 clientsoftware : powershell clientclass : powershell loopinterval : 300 maxlogage : 60 MaxEvents : 5000 slowscanrate : 72 reportevt : 1 EnableWin32_Product : 0 EnableWin32_QuickFixEngineering : 0 EnableWMISections : 0 EnableDiskPart : 0 ClientProcessPriority : Normal clientlogpath : c:\program files\xymon\logs XymonAcceptUTF8 : 0 GetProcessInfoCommandLine : 1 GetProcessInfoOwner : 1 localdatalocation : C:\Program Files\xymon\local servergiflocation : /xymon/gifs/ servers : xymon.twilight.inside clientlogfile : c:\program files\xymon\logs\xymonclient.log clientlogretain : 3 clientconfigfile : c:\program files\xymon\clientconfig.cfg clientfqdn : 0 clientlower : 1 clientremotecfgexec : 1 enableiissection : 1 externalscriptlocation : c:\program files\xymon\ext externaldatalocation : c:\program files\xymon\tmp HaveCmd Name Value ---- ----- qwinsta True query True XymonClientVersion : xymonclient.ps1 2.42 2019-03-11 zak.beck@accenture.com clientname tcs-dt-workshop [XymonPSClientInfo] Collection number: 7086 Last transmission method: TCP Id : 5384 Handles : 550 CPU : 3694.875 SI : 0 Name : powershell