System/Kernel
PS C:\Windows\system32> cmd /c ver
Microsoft Windows [Version 10.0.20348.2582]
PS C:\Windows\system32> systeminfo ; Get-ComputerInfo
Host Name: PRIMARY
OS Name: Microsoft Windows Server 2022 Datacenter
OS Version: 10.0.20348 N/A Build 20348
OS Manufacturer: Microsoft Corporation
OS Configuration: Primary Domain Controller
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00454-70295-72962-AA521
Original Install Date: 1/30/2024, 7:27:30 PM
System Boot Time: 7/16/2024, 9:37:33 AM
System Manufacturer: Microsoft Corporation
System Model: Virtual Machine
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2445 Mhz
BIOS Version: Microsoft Corporation Hyper-V UEFI Release v4.1, 12/3/2020
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 849 MB
Available Physical Memory: 161 MB
Virtual Memory: Max Size: 1,873 MB
Virtual Memory: Available: 677 MB
Virtual Memory: In Use: 1,196 MB
Page File Location(s): C:\pagefile.sys
Domain: corp.ghost.htb
Logon Server: N/A
Hotfix(s): N/A
Network Card(s): 1 NIC(s) Installed.
[01]: Microsoft Hyper-V Network Adapter
Connection Name: Ethernet
DHCP Enabled: No
IP address(es)
[01]: 10.0.0.10
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 20348.2582.x86fre.fe_release_svc_prod1.240701-2006
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerDatacenter
WindowsInstallationType : Server Core
WindowsInstallDateFromRegistry : 1/1/1970 12:00:00 AM
WindowsProductId :
WindowsProductName : Windows Server 2022 Datacenter
WindowsRegisteredOrganization :
WindowsRegisteredOwner : Windows User
WindowsSystemRoot : C:\Windows
WindowsVersion : 2009
OSDisplayVersion : 21H2
BiosCharacteristics : {3, 9, 15, 16...}
BiosBIOSVersion : {VRTUAL - 1, Hyper-V UEFI Release v4.1, Microsoft - 100032}
BiosBuildNumber :
BiosCaption : Hyper-V UEFI Release v4.1
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : Hyper-V UEFI Release v4.1
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : Microsoft Corporation
BiosName : Hyper-V UEFI Release v4.1
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 12/2/2020 4:00:00 PM
BiosSeralNumber : 8503-1897-2067-9804-4013-0944-00
BiosSMBIOSBIOSVersion : Hyper-V UEFI Release v4.1
BiosSMBIOSMajorVersion : 3
BiosSMBIOSMinorVersion : 1
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 4
BiosSystemBiosMinorVersion : 1
BiosTargetOperatingSystem : 0
BiosVersion : VRTUAL - 1
CsAdminPasswordStatus : Unknown
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit :
CsBootOptionOnWatchDog :
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 127...}
CsBootupState : Normal boot
CsCaption : PRIMARY
CsChassisBootupState : Safe
CsChassisSKUNumber : Virtual Machine
CsCurrentTimeZone : -420
CsDaylightInEffect : True
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : PRIMARY
CsDomain : corp.ghost.htb
CsDomainRole : PrimaryDomainController
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : Microsoft Corporation
CsModel : Virtual Machine
CsName : PRIMARY
CsNetworkAdapters : {Ethernet}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 1
CsNumberOfProcessors : 1
CsProcessors : {AMD EPYC 7763 64-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/9b80ca0d5dd061ec9da4e494f4c3fd1196270c22],
00000000000000000000000000000000, To be filled by OEM}
CsPartOfDomain : True
CsPauseAfterReset : -1
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Unknown
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : Windows User
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, SQLServer,
Primary_Domain_Controller...}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily : Virtual Machine
CsSystemSKUNumber : None
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 890183680
CsPhyicallyInstalledMemory : 1048576
CsUserName :
CsWakeUpType : PowerSwitch
CsWorkgroup :
OsName : Microsoft Windows Server 2022 Datacenter
OsType : WINNT
OsOperatingSystemSKU : DatacenterServerEdition
OsVersion : 10.0.20348
OsCSDVersion :
OsBuildNumber : 20348
OsHotFixes : {}
OsBootDevice : \Device\HarddiskVolume1
OsSystemDevice : \Device\HarddiskVolume3
OsSystemDirectory : C:\Windows\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\Windows
OsCountryCode : 1
OsCurrentTimeZone : -420
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 7/16/2024 9:51:01 AM
OsLastBootUpTime : 7/16/2024 9:37:33 AM
OsUptime : 00:13:26.0068804
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptOut
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 869320
OsFreePhysicalMemory : 120600
OsTotalVirtualMemorySize : 1917896
OsFreeVirtualMemory : 664220
OsInUseVirtualMemory : 1253676
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 1048576
OsFreeSpaceInPagingFiles : 632640
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.20348.2031
OsInstallDate : 1/30/2024 7:27:30 PM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 65
OsNumberOfUsers : 5
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServices, DatacenterEdition,
TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : DomainController
OsRegisteredUser : Windows User
OsSerialNumber : 00454-70295-72962-AA521
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, DatacenterEdition,
TerminalServicesSingleSession}
KeyboardLayout : en-US
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
PowerPlatformRole : Desktop
HyperVisorPresent : True
DeviceGuardSmartStatus : OffMicrosoft Windows Server 2022 Datacenter
Microsoft Windows [Version 10.0.20348.2582]
Primary Domain Controller
x64-based
corp.ghost.htb
Virtual Machine (Hyper-V)
Networks
PS C:\Windows\system32> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : PRIMARY
Primary Dns Suffix . . . . . . . : corp.ghost.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : corp.ghost.htb
ghost.htb
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-44-3C-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.0.0.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.254
DNS Servers . . . . . . . . . . . : 127.0.0.1
10.0.0.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 10.0.0.10 --- 0x5
Internet Address Physical Address Type
10.0.0.254 00-15-5d-44-3c-00 dynamic
10.0.0.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
Unable to initialize device PRNPRIMARY
corp.ghost.htb
Microsoft Hyper-V Network Adapter
10.0.0.10
This machine is a virtual host is running off Hyper-V
PS C:\Windows\system32> netstat -ano | Select-String LIST
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 3632
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 1648
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1012
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 624
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:58281 0.0.0.0:0 LISTENING 616
TCP 0.0.0.0:58286 0.0.0.0:0 LISTENING 604
TCP 0.0.0.0:58312 0.0.0.0:0 LISTENING 2056
TCP 0.0.0.0:58364 0.0.0.0:0 LISTENING 1416
TCP 10.0.0.10:53 0.0.0.0:0 LISTENING 2056
TCP 10.0.0.10:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2056
TCP [::]:88 [::]:0 LISTENING 616
TCP [::]:135 [::]:0 LISTENING 888
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 616
TCP [::]:593 [::]:0 LISTENING 888
TCP [::]:1433 [::]:0 LISTENING 3632
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 1648
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 616
TCP [::]:49665 [::]:0 LISTENING 500
TCP [::]:49666 [::]:0 LISTENING 1012
TCP [::]:49667 [::]:0 LISTENING 624
TCP [::]:49668 [::]:0 LISTENING 616
TCP [::]:49670 [::]:0 LISTENING 616
TCP [::]:58281 [::]:0 LISTENING 616
TCP [::]:58286 [::]:0 LISTENING 604
TCP [::]:58312 [::]:0 LISTENING 2056
TCP [::]:58364 [::]:0 LISTENING 1416
TCP [::1]:53 [::]:0 LISTENING 2056Users & Groups
PS C:\Windows\system32> net users ; ls C:\Users
User accounts for \\PRIMARY
-------------------------------------------------------------------------------
Administrator Guest krbtgt
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 7/3/2024 8:55 AM Administrator
d-r--- 1/30/2024 7:28 PM Public Administrator
PS C:\Windows\system32> net localgroup ; net group /DOMAIN
Aliases for \\PRIMARY
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*SQLServer2005SQLBrowserUser$PRIMARY
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
Group Accounts for \\PRIMARY
-------------------------------------------------------------------------------
*Cloneable Domain Controllers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Group Policy Creator Owners
*Key Admins
*Protected Users
*Read-only Domain Controllers
The command completed successfully.Processes
PS C:\Windows\system32> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 76 N/A
smss.exe 316 N/A
csrss.exe 412 N/A
csrss.exe 484 N/A
wininit.exe 500 N/A
winlogon.exe 536 N/A
services.exe 604 N/A
lsass.exe 616 EFS, Kdc, KeyIso, Netlogon, SamSs
svchost.exe 796 DcomLaunch, LSM, PlugPlay, Power,
SystemEventsBroker
fontdrvhost.exe 812 N/A
fontdrvhost.exe 820 N/A
svchost.exe 888 RpcEptMapper, RpcSs
svchost.exe 1012 Dhcp, EventLog, lmhosts, TimeBrokerSvc,
vmictimesync, WinHttpAutoProxySvc
svchost.exe 356 EventSystem, netprofm, nsi
svchost.exe 344 W32Time
svchost.exe 376 vmicheartbeat
svchost.exe 480 SysMain, UALSVC, UmRdpService,
vmickvpexchange, vmicshutdown, vmicvss
svchost.exe 720 TermService
svchost.exe 624 gpsvc, iphlpsvc, ProfSvc, Schedule, SENS,
SessionEnv, UserManager, UsoSvc, Winmgmt,
wuauserv
LogonUI.exe 576 N/A
svchost.exe 1048 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc, WinRM
svchost.exe 1140 BFE, mpssvc
VSSVC.exe 1240 VSS
conhost.exe 1252 N/A
svchost.exe 1620 CertPropSvc
svchost.exe 1876 PolicyAgent
svchost.exe 1044 LanmanServer
svchost.exe 1572 AzureAttestService
svchost.exe 1664 CoreMessagingRegistrar, DPS
svchost.exe 1692 DiagTrack
Microsoft.ActiveDirectory 1648 ADWS
ismserv.exe 352 IsmServ
dfsrs.exe 1416 DFSR
dns.exe 2056 DNS
sqlwriter.exe 2064 SQLWriter
MsMpEng.exe 2084 WinDefend
dfssvc.exe 2132 Dfs
vds.exe 2524 vds
AggregatorHost.exe 2740 N/A
WmiPrvSE.exe 2536 N/A
svchost.exe 3008 WaaSMedicSvc
NisSrv.exe 3108 WdNisSvc
msdtc.exe 3556 MSDTC
sqlservr.exe 3632 MSSQLSERVER
sqlceip.exe 3892 SQLTELEMETRY
cmd.exe 1996 N/A
conhost.exe 3476 N/A
nc.exe 2716 N/A
powershell.exe 3300 N/A
taskhostw.exe 668 N/A
conhost.exe 3104 N/A
ngentask.exe 804 N/A
ngentask.exe 3900 N/A
conhost.exe 4072 N/A
conhost.exe 1496 N/A
ngen.exe 3092 N/A
ngen.exe 3276 N/A
mscorsvw.exe 3052 N/A
cmd.exe 3524 N/A
tasklist.exe 544 N/A
WmiPrvSE.exe 1944 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
74 6 852 600 2740 0 AggregatorHost
83 6 2320 972 0.02 1996 0 cmd
157 11 6764 4812 1252 1 conhost
147 10 6536 3836 1496 0 conhost
143 10 6532 632 3104 0 conhost
121 8 6344 2344 0.47 3476 0 conhost
147 10 6540 12708 4072 0 conhost
435 17 1952 2000 412 0 csrss
198 11 1768 776 484 1 csrss
403 33 15744 10252 1416 0 dfsrs
190 12 2212 1472 2132 0 dfssvc
5396 3658 68252 6132 2056 0 dns
39 6 1204 884 812 1 fontdrvhost
39 6 1120 820 820 0 fontdrvhost
0 0 60 8 0 0 Idle
158 13 1984 1672 352 0 ismserv
305 17 3164 1724 576 1 LogonUI
1683 110 61828 27312 616 0 lsass
436 43 22868 8756 1648 0 Microsoft.ActiveDirectory.WebServices
233 34 53240 58088 3052 0 mscorsvw
236 13 2828 3820 3556 0 msdtc
667 188 236668 120752 2084 0 MsMpEng
135 19 1292 4856 0.08 2716 0 nc
233 11 8612 9248 3092 0 ngen
137 11 3768 6400 3276 0 ngen
262 19 4220 15272 804 0 ngentask
245 17 7052 14804 3900 0 ngentask
215 40 3532 2528 3108 0 NisSrv
671 50 42184 45124 4.30 3300 0 powershell
0 5 492 30892 76 0 Registry
414 14 3800 3512 604 0 services
57 4 1112 316 316 0 smss
535 43 28224 26364 3892 0 sqlceip
781 54 245584 43160 64.63 3632 0 sqlservr
152 10 1816 684 2064 0 sqlwriter
214 14 1756 2080 344 0 svchost
425 20 4384 4568 356 0 svchost
194 12 2228 2936 376 0 svchost
377 24 8632 5156 480 0 svchost
1197 74 24328 24748 624 0 svchost
376 14 3000 1892 720 0 svchost
446 17 3172 5280 796 0 svchost
450 22 3224 5608 888 0 svchost
491 19 14068 8864 1012 0 svchost
203 11 2128 2820 1044 0 svchost
733 38 7540 6880 1048 0 svchost
387 31 6772 4028 1140 0 svchost
112 8 1176 632 1572 0 svchost
144 8 1340 624 1620 0 svchost
256 15 7160 6316 1664 0 svchost
472 24 12904 14748 1692 0 svchost
163 10 1652 632 1876 0 svchost
141 9 1460 1568 3008 0 svchost
1216 0 40 112 4 0 System
238 17 7044 12296 668 0 taskhostw
207 16 2372 1052 2524 0 vds
161 10 1712 936 1240 0 VSSVC
151 11 1316 640 500 0 wininit
199 11 2308 1424 536 1 winlogon
178 12 3616 10112 1944 0 WmiPrvSE
176 10 2208 924 2536 0 WmiPrvSE Tasks
PS C:\Windows\system32> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
PS C:\Windows\system32> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Running
.NET Framework NGEN v4.0.30319 64 N/A Running
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 7/16/2024 12:00:00 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Check And Scan 7/16/2024 11:31:37 PM Ready
Data Integrity Scan N/A Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Device 7/17/2024 3:16:39 AM Ready
Device User N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
UsageDataFlushing N/A Ready
UsageDataReporting N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 7/16/2024 1:09:29 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan 7/17/2024 2:19:42 AM Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 7/16/2024 1:30:59 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready Firewall & AV
PS C:\Windows\system32> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
1433 TCP Enable Inbound mssql
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
1433 TCP Enable Inbound mssql
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .1433 TCP Enable Inbound mssql
PS C:\Windows\system32> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 1.1.24060.5
AMProductVersion : 4.18.24050.7
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.24050.7
AntispywareEnabled : True
AntispywareSignatureAge : 6
AntispywareSignatureLastUpdated : 7/9/2024 11:10:32 PM
AntispywareSignatureVersion : 1.415.24.0
AntivirusEnabled : True
AntivirusSignatureAge : 6
AntivirusSignatureLastUpdated : 7/9/2024 11:10:32 PM
AntivirusSignatureVersion : 1.415.24.0
BehaviorMonitorEnabled : True
ComputerID : FF6276EC-3E20-488B-9790-889025CE0E4C
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement :
DeviceControlPoliciesLastUpdated : 12/31/1600 4:00:00 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : True
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.24060.5
NISSignatureAge : 6
NISSignatureLastUpdated : 7/9/2024 11:10:32 PM
NISSignatureVersion : 1.415.24.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 6
QuickScanEndTime : 7/10/2024 3:56:10 AM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.415.23.0
QuickScanStartTime : 7/10/2024 3:49:00 AM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState : Off
TamperProtectionSource : Signatures
TDTCapable : N/A
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
ExclusionPath : {N/A: Must be an administrator to view exclusions}AV is enabled
Session Architecture
PS C:\Windows\system32> [Environment]::Is64BitProcess
Falsex64 PC, but the process is x86
Installed .NET Frameworks
PS C:\Windows\system32> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 161D-1BB7
Directory of C:\Windows\Microsoft.NET\Framework
05/08/2021 01:27 AM <DIR> .
07/16/2024 09:48 AM <DIR> ..
05/08/2021 01:27 AM <DIR> v1.0.3705
05/08/2021 01:27 AM <DIR> v1.1.4322
05/08/2021 01:15 AM <DIR> v2.0.50727
07/16/2024 09:48 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 3,060,891,648 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04161