System/Kernel
c:\xampp\htdocs> systeminfo
host name: BANKROBBER
os name: Microsoft Windows 10 Pro
os version: 10.0.14393 N/A Build 14393
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Multiprocessor Free
registered owner: Windows-gebruiker
registered organization:
product id: 00330-80128-99179-AA272
original install date: 24-4-2019, 14:50:48
system boot time: 25-10-2022, 21:07:20
system manufacturer: VMware, Inc.
system model: VMware7,1
system type: x64-based PC
processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
[02]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: VMware, Inc. VMW71.00V.16707776.B64.2008070230, 7-8-2020
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume2
system locale: nl;Nederlands (Nederland)
input locale: en-us;Engels (Verenigde Staten)
time zone: (UTC-01:00) Cabo Verde
total physical memory: 4.095 MB
available physical memory: 3.336 MB
virtual memory: Max Size: 4.799 MB
virtual memory: Available: 3.872 MB
virtual memory: In Use: 927 MB
page file location(s): C:\pagefile.sys
domain: WORKGROUP
logon server: N/A
hotfix(s): N/A
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.10.154
[02]: fe80::cc7d:d4ff:4dbc:c1a1
[03]: dead:beef::71fc:35ae:d850:5e4d
[04]: dead:beef::cc7d:d4ff:4dbc:c1a1
[05]: dead:beef::1de
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Microsoft Windows 10 Pro
10.0.14393 N/A Build 14393
x64-based PC
2 Processor(s)
Networks
C:\Users\Cortin> netstat -ano
netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 3580
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 752
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 3580
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:910 0.0.0.0:0 LISTENING 1588
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 3600
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 472
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 924
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 860
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1420
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 600
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 608
TCP 10.10.10.154:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.154:49709 10.10.14.10:9999 ESTABLISHED 496
TCP 127.0.0.1:49904 127.0.0.1:3306 TIME_WAIT 0
UDP 0.0.0.0:123 *:* 368
UDP 0.0.0.0:500 *:* 860
UDP 0.0.0.0:4500 *:* 860
UDP 0.0.0.0:5050 *:* 368
UDP 0.0.0.0:5353 *:* 824
UDP 0.0.0.0:5355 *:* 824
UDP 0.0.0.0:57960 *:* 824
UDP 10.10.10.154:137 *:* 4
UDP 10.10.10.154:138 *:* 4
UDP 10.10.10.154:1900 *:* 3380
UDP 10.10.10.154:59521 *:* 3380
UDP 127.0.0.1:1900 *:* 3380
UDP 127.0.0.1:49664 *:* 860
UDP 127.0.0.1:59522 *:* 33800.0.0.0:135
0.0.0.0:910
Users & Groups
c:\xampp\htdocs> net user
Gebruikersaccounts voor \\BANKROBBER
-------------------------------------------------------------------------------
admin Administrator Cortin
DefaultAccount Gast
De opdracht is voltooid.admin
Gast
c:\xampp\htdocs> net localgroup
Aliassen voor \\BANKROBBER
-------------------------------------------------------------------------------
*Administrators
*Back-upoperators
*Cryptografie-operators
*DCOM-gebruikers
*Externe bureaubladgebruikers
*Gasten
*Gebruikers
*Gebruikers van extern beheer
*Hoofdgebruikers
*Hyper-V-administrators
*IIS_IUSRS
*Lezers van gebeurtenislogboeken
*Netwerkconfiguratieoperators
*Ondersteuningsoperators voor toegangsbeheer
*Prestatielogboekgebruikers
*Prestatiemetergebruikers
*Replicatie
*System Managed Accounts Group
De opdracht is voltooid.Processes
C:\Users\Cortin>Powershell -C ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
58 5 624 292 1588 0 bankv2
68 5 2008 2484 0,23 968 0 cmd
50 3 1596 1148 0,02 5112 0 cmd
94 8 5024 2356 0,20 2328 0 conhost
89 7 1304 600 3248 0 conhost
92 8 4952 224 0,02 3588 0 conhost
92 8 4952 252 0,03 3636 0 conhost
83 7 4796 1868 0,00 5104 0 conhost
398 19 1584 8088 372 0 csrss
126 12 1184 4108 480 1 csrss
211 13 3608 12980 2296 0 dllhost
318 17 10500 26228 844 1 dwm
139 29 9316 188 0,33 3580 0 httpd
491 53 36108 6404 1,50 3752 0 httpd
0 0 0 4 0 0 Idle
545 30 13872 47444 2648 1 LogonUI
720 20 3792 12524 608 0 lsass
0 0 0 8 1972 0 Memory Compression
187 12 2712 10164 2580 0 msdtc
190 13 199856 12424 0,53 3600 0 mysqld
505 37 44268 52440 3,05 1808 0 powershell
91 7 1200 6308 2460 0 SearchFilterHost
599 60 25884 26500 2720 0 SearchIndexer
335 12 3136 9532 2176 0 SearchProtocolHost
192 11 2788 10684 3456 0 sedsvc
240 9 2956 6888 600 0 services
77 6 708 1540 0,00 496 0 shell
51 2 352 1188 300 0 smss
395 23 5400 15488 1420 0 spoolsv
788 28 6912 16600 368 0 svchost
509 17 5360 14592 692 0 svchost
467 15 3040 8944 752 0 svchost
522 34 6408 16724 824 0 svchost
1736 57 20964 48588 860 0 svchost
466 24 9540 15692 908 0 svchost
470 20 10248 16572 924 0 svchost
508 38 14688 23748 992 0 svchost
157 10 1732 7860 1216 0 svchost
173 11 1716 7128 1296 0 svchost
131 9 4368 11652 1564 0 svchost
362 20 6920 21020 1660 0 svchost
138 9 1748 8384 1724 0 svchost
186 14 1736 7028 3380 0 svchost
850 0 128 140 4 0 System
138 11 3048 10580 1748 0 VGAuthService
105 7 1368 6012 1028 0 vm3dservice
322 21 11932 22824 1796 0 vmtoolsd
86 8 904 5264 472 0 wininit
161 9 1920 12324 548 1 winlogon
331 17 9280 19232 2352 0 WmiPrvSE
201 16 5368 2848 1,59 2156 0 xampp-control bankv2
Tasks
c:\xampp\apache\conf> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
onedrive standalone update task-s-1-5-21 24-1-2023 15:23:54 Ready
folder: \bankrobber
TaskName Next Run Time Status
======================================== ====================== ===============
XAMPP start on boot N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
SmartScreenSpecific N/A Ready
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 24-1-2023 03:30:00 Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily 24-1-2023 03:00:00 Ready
appuriverifierinstall 28-1-2023 03:00:00 Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
culauncher 24-1-2023 04:04:14 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 24-1-2023 06:00:00 Ready
KernelCeipTask N/A Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 12-2-2023 08:09:58 Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 24-1-2023 04:19:23 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EnableErrorDetailsUpdate N/A Disabled
ErrorDetailsUpdate N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Logon N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Plug and Play Cleanup N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
shell 24-1-2023 12:39:03 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
BackupTask N/A Ready
NetworkStateChangeTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyMonitorToastTask N/A Disabled
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Ready
WsSwapAssessmentTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateAssistant N/A Ready
UpdateAssistantAllUsersRun N/A Ready
updateassistantcalendarrun 24-1-2023 16:00:47 Ready
updateassistantwakeuprun 25-1-2023 03:54:37 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Maintenance Install N/A Disabled
MusUx_UpdateInterval N/A Ready
Policy Install N/A Disabled
Reboot N/A Ready
refresh settings 24-1-2023 09:03:54 Ready
Resume On Boot N/A Disabled
schedule scan 24-1-2023 23:20:58 Ready
USO_UxBroker_Display N/A Ready
USO_UxBroker_ReadyToReboot N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 24-1-2023 03:22:42 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
automatic app update 24-1-2023 05:44:27 Ready
Scheduled Start N/A Ready
sih 24-1-2023 21:17:36 Ready
sihboot N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready
XblGameSaveTaskLogon N/A Ready
Firewall & AV
C:\xampp\apache\conf> netsh firewall show config
netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
Enable Inbound bankv3.exe / C:\users\admin\desktop\bankv3.exe
Enable Inbound bankvv2.exe / C:\users\admin\desktop\bankvv2.exe
Enable Inbound bank.exe / C:\users\admin\desktop\bank.exe
Enable Inbound mysqld / C:\xampp\mysql\bin\mysqld.exe
Enable Inbound Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
Enable Inbound bof.exe / C:\users\cortin\desktop\bof.exe
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Netwerk detecteren
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
Enable Inbound bankv3.exe / C:\users\admin\desktop\bankv3.exe
Enable Inbound bankvv2.exe / C:\users\admin\desktop\bankvv2.exe
Enable Inbound bank.exe / C:\users\admin\desktop\bank.exe
Enable Inbound mysqld / C:\xampp\mysql\bin\mysqld.exe
Enable Inbound Apache HTTP Server / C:\xampp\apache\bin\httpd.exe
Enable Inbound bof.exe / C:\users\cortin\desktop\bof.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Enable 8 Allow inbound echo request
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at http://go.microsoft.com/fwlink/?linkid=121488 .Firewall is enabled and the following binaries are set allowed for inbound traffic
C:\xampp\apache\bin\httpd.exe
C:\users\admin\desktop\bankv3.exe
C:\users\admin\desktop\bankvv2.exe
C:\users\admin\desktop\bank.exe
C:\xampp\mysql\bin\mysqld.exe
C:\xampp\apache\bin\httpd.exe
C:\users\cortin\desktop\bof.exe
Installed .NET Frameworks
c:\xampp\apache\conf> dir /A:D C:\Windows\Microsoft.NET\Framework
dir /a:D C:\Windows\Microsoft.NET\Framework
Volume in drive C has no label.
Volume Serial Number is 3307-A1DE
directory of c:\Windows\Microsoft.NET\Framework
16-07-2016 10:47 <DIR> .
16-07-2016 10:47 <DIR> ..
16-07-2016 10:47 <DIR> v1.0.3705
16-07-2016 10:47 <DIR> v1.1.4322
16-07-2016 10:47 <DIR> v2.0.50727
24-01-2023 01:10 <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 5.207.588.864 bytes free
c:\xampp\apache\conf> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0