System/Kernel
ps c:\Windows\SysWOW64\inetsrv> systeminfo
host name: CONCEAL
os name: Microsoft Windows 10 Enterprise
os version: 10.0.15063 N/A Build 15063
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Multiprocessor Free
registered owner: Windows User
registered organization:
product id: 00329-00000-00003-AA343
original install date: 12/10/2018, 20:04:27
system boot time: 20/01/2023, 05:28:45
system manufacturer: VMware, Inc.
system model: VMware Virtual Platform
system type: x64-based PC
processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: Phoenix Technologies LTD 6.00, 12/12/2018
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume1
system locale: en-gb;English (United Kingdom)
input locale: en-gb;English (United Kingdom)
time zone: (UTC+00:00) Dublin, Edinburgh, Lisbon, London
total physical memory: 2,047 MB
available physical memory: 1,170 MB
virtual memory: Max Size: 3,199 MB
virtual memory: Available: 2,264 MB
virtual memory: In Use: 935 MB
page file location(s): C:\pagefile.sys
domain: WORKGROUP
logon server: N/A
hotfix(s): N/A
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.10.116
[02]: fe80::3d73:e77b:9e2f:732d
[03]: dead:beef::8132:4c8a:f844:c799
[04]: dead:beef::3d73:e77b:9e2f:732d
[05]: dead:beef::243
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Microsoft Windows 10 Enterprise
10.0.15063 N/A Build 15063
x64-based PC
Networks
PS C:\Windows\SysWOW64\inetsrv> netstat -anot -p tcp
Active Connections
Proto Local Address Foreign Address State PID Offload State
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1784 InHost
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 InHost
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 840 InHost
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4 InHost
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 484 InHost
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1000 InHost
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 976 InHost
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1536 InHost
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 2456 InHost
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 636 InHost
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 628 InHost
TCP 10.10.10.116:139 0.0.0.0:0 LISTENING 4 InHost
TCP 10.10.10.116:49818 10.10.14.10:9999 ESTABLISHED 1016 InHost Users & Groups
ps c:\Windows\SysWOW64\inetsrv> net user
User accounts for \\CONCEAL
-------------------------------------------------------------------------------
Administrator DefaultAccount Destitute
Guest
The command completed successfully.ps c:\Windows\SysWOW64\inetsrv> net localgroup
Aliases for \\CONCEAL
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.Processes
PS C:\Windows\SysWOW64\inetsrv> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
134 9 3200 8704 0.06 4320 0 conhost
457 13 1552 3844 400 0 csrss
156 8 1388 3276 496 1 csrss
226 13 3788 9852 2516 0 dllhost
444 19 12808 19196 924 1 dwm
45 6 1420 2568 744 1 fontdrvhost
45 6 1584 3160 752 0 fontdrvhost
0 0 52 8 0 0 Idle
613 30 14008 46876 2772 1 LogonUI
858 20 4468 10684 636 0 lsass
162 15 4528 6960 1948 0 ManagementAgentHost
0 0 212 15660 1252 0 Memory Compression
196 13 2948 7408 2956 0 msdtc
644 70 157540 122188 1980 0 MsMpEng
281 18 6596 188 3284 0 NisSrv
796 45 48952 65508 5.42 1652 0 powershell
606 32 14996 15000 2944 0 SearchIndexer
242 13 3356 11244 1856 0 SecurityHealthService
293 9 3120 6420 628 0 services
52 3 444 952 320 0 smss
209 14 3236 6124 1848 0 snmp
492 28 8844 11364 1536 0 spoolsv
449 24 9824 15264 308 0 svchost
943 35 9964 21472 500 0 svchost
576 40 17368 22012 696 0 svchost
512 17 5352 12508 724 0 svchost
567 15 3596 8820 840 0 svchost
1700 62 26356 41484 976 0 svchost
532 20 12256 16368 1000 0 svchost
570 35 6752 13732 1060 0 svchost
149 9 1736 6392 1344 0 svchost
111 8 1408 5472 1416 0 svchost
235 10 1900 6048 1424 0 svchost
167 10 3308 11960 1636 0 svchost
154 12 4092 8124 1736 0 svchost
380 20 6704 16552 1744 0 svchost
326 16 4852 9604 1784 0 svchost
227 15 4608 9320 1956 0 svchost
139 12 1648 6536 2456 0 svchost
121 7 1360 5672 3140 0 svchost
190 14 1904 6964 4884 0 svchost
1287 0 136 72 4 0 System
169 12 4584 6644 1932 0 VGAuthService
111 7 1376 5280 1120 0 vmacthlp
384 24 8808 13012 1924 0 vmtoolsd
227 27 4716 12276 0.05 4624 0 w3wp
141 10 1268 5364 484 0 wininit
205 10 2268 13332 552 1 winlogon
346 17 9628 18024 2880 0 WmiPrvSE Tasks
ps c:\Windows\SysWOW64\inetsrv> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
cleanup 20/01/2023 09:14:12 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 21/01/2023 04:24:21 Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily 21/01/2023 03:00:00 Ready
appuriverifierinstall 21/01/2023 03:00:00 Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 20/01/2023 12:00:00 Ready
KernelCeipTask N/A Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 14/02/2023 07:51:16 Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 21/01/2023 04:30:29 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
BackupTask N/A Ready
NetworkStateChangeTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyMonitorToastTask N/A Disabled
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Ready
WsSwapAssessmentTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Combined Scan Download Install N/A Disabled
Maintenance Install N/A Disabled
Policy Install N/A Disabled
Reboot N/A Ready
refresh settings 20/01/2023 17:44:15 Ready
Resume On Boot N/A Disabled
Schedule Retry Scan N/A Ready
schedule scan 21/01/2023 05:09:55 Ready
USO_UxBroker_Display N/A Ready
USO_UxBroker_ReadyToReboot N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 20/01/2023 12:48:09 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
automatic app update 20/01/2023 12:01:39 Ready
scheduled start 21/01/2023 05:28:08 Ready
sih 20/01/2023 19:57:36 Ready
sihboot N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready
CleanUp
Firewall & AV
PS C:\Windows\SysWOW64\inetsrv> Get-NetFirewallProfile | Format-Table Name, Enabled
Name Enabled
---- -------
Domain True
Private True
Public True
PS C:\Windows\SysWOW64\inetsrv> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .Session Architecture
ps c:\Windows\SysWOW64\inetsrv> [Environment]::Is64BitProcess
FalseInitial session was 32-bit due to the parent process architecture. Migrated to a 64 PS session.
Installed .NET Frameworks
PS C:\Windows\SysWOW64\inetsrv> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
PS C:\Windows\SysWOW64\inetsrv> reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x707fe
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.02046
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x707fe
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.02046
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x707fe
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.02046
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x707fe
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.02046
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0