System/Kernel
ps c:\Windows\system32> systeminfo ; Get-ComputerInfo
host name: AERO
os name: Microsoft Windows 11 Pro N
os version: 10.0.22000 N/A Build 22000
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Multiprocessor Free
registered owner: sam.emerson
registered organization:
product id: 00332-00332-83900-AA094
original install date: 9/18/2023, 12:06:55 PM
system boot time: 1/15/2024, 11:02:26 PM
system manufacturer: VMware, Inc.
system model: VMware7,1
system type: x64-based PC
processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
[02]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 8/7/2020
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume1
system locale: en-us;English (United States)
input locale: en-us;English (United States)
time zone: (UTC-08:00) Pacific Time (US & Canada)
total physical memory: 4,095 MB
available physical memory: 2,482 MB
virtual memory: Max Size: 5,503 MB
virtual memory: Available: 3,643 MB
virtual memory: In Use: 1,860 MB
page file location(s): C:\pagefile.sys
domain: WORKGROUP
logon server: \\AERO
hotfix(s): 7 Hotfix(s) Installed.
[01]: KB5004342
[02]: KB5010690
[03]: KB5012170
[04]: KB5026038
[05]: KB5026910
[06]: KB5023774
[07]: KB5029782
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.11.237
[02]: fe80::f370:3a1d:f4c0:2fa
[03]: dead:beef::9d34:25ac:aeff:695a
[04]: dead:beef::5aa2:a858:ac20:b1e7
[05]: dead:beef::177
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
windowsbuildlabex : 22000.1.amd64fre.co_release.210604-1628
windowscurrentversion : 6.3
windowseditionid : ProfessionalN
windowsinstallationtype : Client
windowsinstalldatefromregistry : 9/18/2023 8:06:55 PM
windowsproductid : 00332-00332-83900-AA094
windowsproductname : Windows 10 Pro N
windowsregisteredowner : sam.emerson
windowssystemroot : C:\Windows
windowsversion : 2009
osdisplayversion : 21H2
bioscharacteristics : {4, 7, 9, 11...}
biosbiosversion : {INTEL - 6040000, VMW71.00V.16707776.B64.2008070230,
VMware, Inc. - 10000}
bioscaption : VMW71.00V.16707776.B64.2008070230
biosdescription : VMW71.00V.16707776.B64.2008070230
biosembeddedcontrollermajorversion : 255
biosembeddedcontrollerminorversion : 255
biosfirmwaretype : Uefi
biosmanufacturer : VMware, Inc.
biosname : VMW71.00V.16707776.B64.2008070230
biosothertargetos :
biosprimarybios : True
biosreleasedate : 8/6/2020 5:00:00 PM
biosseralnumber : VMware-42 39 87 4f f0 f6 68 24-50 c5 f0 c1 72 e2 d8 a7
biossmbiosbiosversion : VMW71.00V.16707776.B64.2008070230
biossmbiosmajorversion : 2
biossmbiosminorversion : 7
biossmbiospresent : True
biossoftwareelementstate : Running
biosstatus : OK
biossystembiosmajorversion : 255
biossystembiosminorversion : 255
biostargetoperatingsystem : 0
biosversion : INTEL - 6040000
csadminpasswordstatus : Enabled
csautomaticmanagedpagefile : True
csautomaticresetbootoption : True
csautomaticresetcapability : True
csbootoptiononlimit : DoNotReboot
csbootoptiononwatchdog : DoNotReboot
csbootromsupported : True
csbootstatus : {0, 0, 0, 33...}
csbootupstate : Normal boot
cscaption : AERO
cschassisbootupstate : Safe
cscurrenttimezone : -480
csdaylightineffect : False
csdescription : AT/AT COMPATIBLE
csdnshostname : aero
csdomain : WORKGROUP
csdomainrole : StandaloneWorkstation
csenabledaylightsavingstime : True
csfrontpanelresetstatus : Unknown
cshypervisorpresent : True
csinfraredsupported : False
cskeyboardpasswordstatus : Unknown
csmanufacturer : VMware, Inc.
csmodel : VMware7,1
csname : AERO
csnetworkadapters : {Ethernet0 2}
csnetworkservermodeenabled : True
csnumberoflogicalprocessors : 2
csnumberofprocessors : 2
csprocessors : {AMD EPYC 7302P 16-Core Processor , AMD EPYC
7302P 16-Core Processor }
csoemstringarray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
cspartofdomain : False
cspauseafterreset : 3932100000
cspcsystemtype : Desktop
cspcsystemtypeex : Desktop
cspoweronpasswordstatus : Disabled
cspowerstate : Unknown
cspowersupplystate : Safe
csprimaryownername : sam.emerson
csresetcapability : Other
csresetcount : -1
csresetlimit : -1
csroles : {LM_Workstation, LM_Server, NT}
csstatus : OK
cssystemtype : x64-based PC
csthermalstate : Safe
cstotalphysicalmemory : 4293775360
csphyicallyinstalledmemory : 4194304
csusername : AERO\sam.emerson
cswakeuptype : PowerSwitch
csworkgroup : WORKGROUP
osname : Microsoft Windows 11 Pro N
ostype : WINNT
osoperatingsystemsku : 49
osversion : 10.0.22000
osbuildnumber : 22000
oshotfixes : {KB5004342, KB5010690, KB5012170, KB5026038...}
osbootdevice : \Device\HarddiskVolume1
ossystemdevice : \Device\HarddiskVolume3
ossystemdirectory : C:\Windows\system32
ossystemdrive : C:
oswindowsdirectory : C:\Windows
oscountrycode : 1
oscurrenttimezone : -480
oslocaleid : 0409
oslocale : en-US
oslocaldatetime : 1/16/2024 2:59:39 AM
oslastbootuptime : 1/15/2024 11:02:26 PM
osuptime : 03:57:12.9585284
osbuildtype : Multiprocessor Free
oscodeset : 1252
osdataexecutionpreventionavailable : True
osdataexecutionprevention32bitapplications : True
osdataexecutionpreventiondrivers : True
osdataexecutionpreventionsupportpolicy : OptIn
osdebug : False
osdistributed : False
osencryptionlevel : 256
osforegroundapplicationboost : Maximum
ostotalvisiblememorysize : 4193140
osfreephysicalmemory : 2521312
ostotalvirtualmemorysize : 5634932
osfreevirtualmemory : 3716880
osinusevirtualmemory : 1918052
ossizestoredinpagingfiles : 1441792
osfreespaceinpagingfiles : 1344316
ospagingfiles : {C:\pagefile.sys}
oshardwareabstractionlayer : 10.0.22000.1696
osinstalldate : 9/18/2023 1:06:55 PM
osmanufacturer : Microsoft Corporation
osmaxnumberofprocesses : 4294967295
osmaxprocessmemorysize : 137438953344
osmuilanguages : {en-US}
osnumberofprocesses : 134
osnumberofusers : 2
osarchitecture : 64-bit
oslanguage : en-US
osproductsuites : {TerminalServicesSingleSession}
osportableoperatingsystem : False
osprimary : True
osproducttype : WorkStation
osregistereduser : sam.emerson
osserialnumber : 00332-00332-83900-AA094
osservicepackmajorversion : 0
osservicepackminorversion : 0
osstatus : OK
ossuites : {TerminalServices, TerminalServicesSingleSession}
keyboardlayout : en-US
timezone : (UTC-08:00) Pacific Time (US & Canada)
logonserver : \\AERO
powerplatformrole : Desktop
hypervisorpresent : True
deviceguardsmartstatus : Off
ps c:\Windows\system32> cmd /c ver
Microsoft Windows [Version 10.0.22000.1761]Microsoft Windows 11 Pro N
10.0.22000.1761
x64-based PC
2 Processor(s)
7 Hotfix(s)
Networks
PS C:\Windows\system32> ipconfig /all ; arp -a ; route print
Windows IP Configuration
Host Name . . . . . . . . . . . . : aero
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . : htb
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-B9-88-CA
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : dead:beef::177(Preferred)
Lease Obtained. . . . . . . . . . : Monday, January 15, 2024 11:02:40 PM
Lease Expires . . . . . . . . . . : Tuesday, January 16, 2024 4:02:40 AM
IPv6 Address. . . . . . . . . . . : dead:beef::5aa2:a858:ac20:b1e7(Preferred)
Temporary IPv6 Address. . . . . . : dead:beef::9d34:25ac:aeff:695a(Preferred)
Link-local IPv6 Address . . . . . : fe80::f370:3a1d:f4c0:2fa%14(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.11.237(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::250:56ff:feb9:6c92%14
10.10.10.2
DHCPv6 IAID . . . . . . . . . . . : 134238294
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-9A-74-0C-00-0C-29-8F-5E-08
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
htb
Interface: 10.10.11.237 --- 0xe
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-6c-92 dynamic
10.10.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
===========================================================================
Interface List
14...00 50 56 b9 88 ca ......vmxnet3 Ethernet Adapter
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.10.10.2 10.10.11.237 271
10.10.10.0 255.255.254.0 On-link 10.10.11.237 271
10.10.11.237 255.255.255.255 On-link 10.10.11.237 271
10.10.11.255 255.255.255.255 On-link 10.10.11.237 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 10.10.11.237 271
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 10.10.11.237 271
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.10.10.2 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 271 ::/0 fe80::250:56ff:feb9:6c92
1 331 ::1/128 On-link
14 271 dead:beef::/64 On-link
14 271 dead:beef::177/128 On-link
14 271 dead:beef::5aa2:a858:ac20:b1e7/128
On-link
14 271 dead:beef::9d34:25ac:aeff:695a/128
On-link
14 271 fe80::/64 On-link
14 271 fe80::f370:3a1d:f4c0:2fa/128
On-link
1 331 ff00::/8 On-link
14 271 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
PS C:\Windows\system32> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 944
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 5072
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 700
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 556
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1280
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1612
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 692
TCP 10.10.11.237:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:5000 0.0.0.0:0 LISTENING 5448
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 944
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 700
TCP [::]:49665 [::]:0 LISTENING 556
TCP [::]:49666 [::]:0 LISTENING 1280
TCP [::]:49667 [::]:0 LISTENING 1612
TCP [::]:49668 [::]:0 LISTENING 692
TCP [::1]:5000 [::]:0 LISTENING 5448dead:beef::177
dead:beef::5aa2:a858:ac20:b1e7
dead:beef::9d34:25ac:aeff:695a
0.0.0.0:135
0.0.0.0:445
0.0.0.0:5040
10.10.11.237:139
127.0.0.1:5000
Users & Groups
ps c:\Windows\system32> NET USER ; ls C:\Users
User accounts for \\AERO
-------------------------------------------------------------------------------
Administrator aerosvc DefaultAccount
Guest sam.emerson WDAGUtilityAccount
The command completed successfully.
directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 9/20/2023 5:15 AM Administrator
d----- 9/18/2023 5:37 PM aerosvc
d----- 9/18/2023 3:31 PM DefaultAppPool
d-r--- 9/18/2023 1:12 PM Public
d----- 9/20/2023 5:08 AM sam.emersonaerosvc
ps c:\Windows\system32> NET LOCALGROUP
NET LOCALGROUP
Aliases for \\AERO
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.Processes
PS C:\Windows\system32> cmd /c tasklist /svc
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 100 N/A
smss.exe 356 N/A
csrss.exe 456 N/A
wininit.exe 556 N/A
csrss.exe 564 N/A
winlogon.exe 636 N/A
services.exe 692 N/A
lsass.exe 700 KeyIso, SamSs, VaultSvc
svchost.exe 820 BrokerInfrastructure, DcomLaunch, PlugPlay,
Power, SystemEventsBroker
fontdrvhost.exe 836 N/A
fontdrvhost.exe 844 N/A
svchost.exe 944 RpcEptMapper, RpcSs
svchost.exe 1004 LSM
dwm.exe 416 N/A
svchost.exe 764 DsmSvc
svchost.exe 884 CoreMessagingRegistrar
svchost.exe 1080 NcbService
svchost.exe 1092 TimeBrokerSvc
svchost.exe 1192 nsi
svchost.exe 1220 netprofm
svchost.exe 1280 EventLog
svchost.exe 1376 ProfSvc
svchost.exe 1392 EventSystem
svchost.exe 1412 SysMain
svchost.exe 1436 Themes
Memory Compression 1572 N/A
svchost.exe 1604 SENS
svchost.exe 1612 Schedule
svchost.exe 1664 AudioEndpointBuilder
svchost.exe 1684 FontCache
svchost.exe 1700 Dnscache
svchost.exe 1780 Audiosrv
svchost.exe 1896 Dhcp
svchost.exe 1904 DusmSvc
svchost.exe 1916 Wcmsvc
svchost.exe 2000 ShellHWDetection
svchost.exe 1716 BFE, mpssvc
svchost.exe 2092 LanmanWorkstation
svchost.exe 2132 UserManager
svchost.exe 2192 WinHttpAutoProxySvc
svchost.exe 2372 CryptSvc
svchost.exe 2380 AppHostSvc
svchost.exe 2392 DiagTrack
svchost.exe 2400 DPS
svchost.exe 2408 IKEEXT
svchost.exe 2428 iphlpsvc
svchost.exe 2496 StateRepository
svchost.exe 2508 LanmanServer
svchost.exe 2536 TrkWks
VGAuthService.exe 2548 VGAuthService
vm3dservice.exe 2560 vm3dservice
vmtoolsd.exe 2576 VMTools
MsMpEng.exe 2620 WinDefend
svchost.exe 2636 Winmgmt
svchost.exe 2648 WpnService
svchost.exe 2704 W3SVC, WAS
vm3dservice.exe 2860 N/A
AggregatorHost.exe 3292 N/A
dllhost.exe 3480 COMSysApp
svchost.exe 3656 DispBrokerDesktopSvc
WmiPrvSE.exe 3736 N/A
msdtc.exe 4004 MSDTC
vm3dservice.exe 4044 N/A
svchost.exe 4296 StorSvc
svchost.exe 4352 RmSvc
sihost.exe 4656 N/A
svchost.exe 4708 CDPUserSvc_50dbd
svchost.exe 4732 WpnUserService_50dbd
taskhostw.exe 4784 N/A
svchost.exe 4828 TokenBroker
powershell.exe 4836 N/A
svchost.exe 4952 TabletInputService
ctfmon.exe 5020 N/A
svchost.exe 5072 CDPSvc
explorer.exe 4504 N/A
svchost.exe 5140 cbdhsvc_50dbd
svchost.exe 5208 Appinfo
conhost.exe 5272 N/A
Widgets.exe 5440 N/A
Aero.exe 5448 N/A
SearchHost.exe 5540 N/A
StartMenuExperienceHost.e 5564 N/A
RuntimeBroker.exe 5680 N/A
svchost.exe 5796 UdkUserSvc_50dbd
RuntimeBroker.exe 5812 N/A
dllhost.exe 6024 N/A
svchost.exe 6260 camsvc
conhost.exe 6360 N/A
svchost.exe 6780 BITS
svchost.exe 6816 SSDPSRV
SearchIndexer.exe 7096 WSearch
svchost.exe 2172 UsoSvc
MoUsoCoreWorker.exe 6504 N/A
vmtoolsd.exe 6624 N/A
MoNotificationUx.exe 6516 N/A
svchost.exe 7328 lmhosts
ApplicationFrameHost.exe 7728 N/A
MicrosoftEdgeUpdate.exe 6832 N/A
svchost.exe 7312 PcaSvc
SgrmBroker.exe 7544 SgrmBroker
svchost.exe 7192 wscsvc
svchost.exe 6856 OneSyncSvc_50dbd
SecurityHealthService.exe 5196 SecurityHealthService
ShellExperienceHost.exe 2568 N/A
RuntimeBroker.exe 3664 N/A
svchost.exe 1208 LicenseManager
svchost.exe 2600 InstallService
svchost.exe 8008 lfsvc
WidgetService.exe 7748 N/A
svchost.exe 6640 W32Time
svchost.exe 7388 DsSvc
Microsoft.Photos.exe 8044 N/A
RuntimeBroker.exe 3164 N/A
rundll32.exe 2208 N/A
rundll32.exe 3244 N/A
rundll32.exe 4844 N/A
svchost.exe 1052 NPSMSvc_50dbd
svchost.exe 5688 BthAvctpSvc
rundll32.exe 7784 N/A
rundll32.exe 4312 N/A
svchost.exe 4368 WdiSystemHost
w3wp.exe 7880 N/A
svchost.exe 3884 ClipSVC
rundll32.exe 5152 N/A
cmd.exe 1680 N/A
conhost.exe 4020 N/A
powershell.exe 8132 N/A
cmd.exe 3408 N/A
tasklist.exe 4552 N/AAero.exe
Microsoft.Photos.exe
Widgets.exe
Tasks
ps c:\Windows\system32> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
OneDrive Reporting Task-S-1-5-21-3555993375-1320373569-1431083245-1001 \ Disabled
OneDrive Standalone Update Task-S-1-5-21-3555993375-1320373569-1431083245-1001 \ Disabled
Theme Exec \ Running\Theme Exec
Firewall & AV
PS C:\Windows\system32> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .FW is enabled
PS C:\Windows\system32> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 0.0.0.0
AMProductVersion : 4.18.23080.2006
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.23080.2006
AntispywareEnabled : True
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0
AntivirusEnabled : True
AntivirusSignatureAge : 4294967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : 551A6BF7-E81E-413E-88E1-0B96B21301F7
ComputerState : 0
DefenderSignaturesOutOfDate : True
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 12/31/1600 4:00:00 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 524514
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanOverdue : True
QuickScanSignatureVersion :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : UI
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
ExclusionPath : {N/A: Must be an administrator to view exclusions}AV is partially enabled
Session Architecture
ps c:\Windows\system32> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Windows\system32> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Fra
mework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is C009-0DB2
Directory of C:\Windows\Microsoft.NET\Framework
06/05/2021 06:23 AM <DIR> .
01/15/2024 11:13 PM <DIR> ..
06/05/2021 06:23 AM <DIR> v1.0.3705
06/05/2021 06:23 AM <DIR> v1.1.4322
06/05/2021 04:10 AM <DIR> v2.0.50727
01/15/2024 11:13 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 6,358,093,824 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04161