System/Kernel
ps c:\windows\system32> Get-ComputerInfo
Get-ComputerInfo
windowsbuildlabex : 17763.107.amd64fre.rs
5_release_svc_prod2.1
81026-1406
windowscurrentversion : 6.3
windowseditionid : IoTUAP
windowsinstallationtype : IoTCore
windowsinstalldatefromregistry : 1/1/1970 12:00:00 AM
windowsproductid :
windowsproductname : IoTUAP
windowssystemroot : C:\windows
windowsversion : 1511
bioscharacteristics : {4, 7, 9, 11...}
biosbiosversion : {INTEL - 6040000, VM
W71.00V.16707776.B64.
2008070230, VMware,
Inc. - 10000}
biosbuildnumber :
bioscaption : VMW71.00V.16707776.B6
4.2008070230
biosdescription : VMW71.00V.16707776.B6
4.2008070230
biosembeddedcontrollermajorversion : 255
biosembeddedcontrollerminorversion : 255
biosfirmwaretype : Uefi
biosmanufacturer : VMware, Inc.
biosname : VMW71.00V.16707776.B6
4.2008070230
biosothertargetos :
biosprimarybios : True
biosreleasedate : 8/6/2020 5:00:00 PM
biosseralnumber : VMware-42 39 1b 32
fb 9c 3b 2e-60 2e d0
67 54 4d 19 53
biossmbiosbiosversion : VMW71.00V.16707776.B6
4.2008070230
biossmbiosmajorversion : 2
biossmbiosminorversion : 7
biossmbiospresent : True
biossoftwareelementstate : Running
biosstatus : OK
biossystembiosmajorversion : 255
biossystembiosminorversion : 255
biostargetoperatingsystem : 0
biosversion : INTEL - 6040000
csadminpasswordstatus : Enabled
csautomaticmanagedpagefile : False
csautomaticresetbootoption : True
csautomaticresetcapability : True
csbootoptiononlimit : DoNotReboot
csbootoptiononwatchdog : DoNotReboot
csbootromsupported : True
csbootstatus : {0, 0, 0, 33...}
csbootupstate : Normal boot
cscaption : omni
cschassisbootupstate : Safe
cschassisskunumber :
cscurrenttimezone : -480
csdaylightineffect : False
csdescription : AT/AT COMPATIBLE
csdnshostname : omni
csdomain : WORKGROUP
csdomainrole : StandaloneWorkstation
csenabledaylightsavingstime : True
csfrontpanelresetstatus : Unknown
cshypervisorpresent : True
csinfraredsupported : False
csinitialloadinfo :
csinstalldate :
cskeyboardpasswordstatus : Unknown
cslastloadinfo :
csmanufacturer : VMware, Inc.
csmodel : VMware7,1
csname : omni
csnetworkadapters : {}
csnetworkservermodeenabled : True
csnumberoflogicalprocessors : 4
csnumberofprocessors : 2
csprocessors : {AMD EPYC 7302P
16-Core Processor
, AMD
EPYC 7302P 16-Core
Processor
}
csoemstringarray : {[MS_VM_CERT/SHA1/27d
66596a61c48dd3dc7216f
d715126e33f59ae7],
Welcome to the
Virtual Machine}
cspartofdomain : False
cspauseafterreset : 3932100000
cspcsystemtype : Desktop
cspcsystemtypeex : Desktop
cspowermanagementcapabilities :
cspowermanagementsupported :
cspoweronpasswordstatus : Disabled
cspowerstate : Unknown
cspowersupplystate : Safe
csprimaryownercontact :
csprimaryownername :
csresetcapability : Other
csresetcount : -1
csresetlimit : -1
csroles : {LM_Workstation,
LM_Server, NT}
csstatus : OK
cssupportcontactdescription :
cssystemfamily :
cssystemskunumber :
cssystemtype : x64-based PC
csthermalstate : Safe
cstotalphysicalmemory : 4293775360
csphyicallyinstalledmemory : 4194304
csusername :
cswakeuptype : PowerSwitch
csworkgroup : WORKGROUP
osname : Windows Core System
ostype : WINNT
osoperatingsystemsku : WindowsIotCore
osversion : 10.0.17763
oscsdversion :
osbuildnumber : 17763
oshotfixes : {Intel.MBMx64.Customi
zation, Intel.MBMx64.
DeviceLayout,
Intel.MBMx64.GPIO,
Intel.MBMx64.GRFX...}
osbootdevice : \Device\HarddiskVolum
e2
ossystemdevice : \Device\HarddiskVolum
e1
ossystemdirectory : C:\windows\system32
ossystemdrive : C:
oswindowsdirectory : C:\windows
oscountrycode : 1
oscurrenttimezone : -480
oslocaleid : 0409
oslocale : en-US
oslocaldatetime : 2/3/2023 3:42:11 PM
oslastbootuptime : 2/3/2023 1:42:23 PM
osuptime : 01:59:47.1454514
osbuildtype : Multiprocessor Free
oscodeset : 1252
osdataexecutionpreventionavailable : True
osdataexecutionprevention32bitapplications : True
osdataexecutionpreventiondrivers : True
osdataexecutionpreventionsupportpolicy : OptIn
osdebug : False
osdistributed : False
ostotalvisiblememorysize : 4193140
osfreephysicalmemory : 3528436
ostotalvirtualmemorysize : 4193140
osfreevirtualmemory : 3639400
osinusevirtualmemory : 553740
ossizestoredinpagingfiles : 0
osfreespaceinpagingfiles : 0
ospagingfiles : {}
oshardwareabstractionlayer : 10.0.17763.107
osinstalldate : 12/31/1969 4:00:00 PM
osmanufacturer : Microsoft Corporation
osmaxnumberofprocesses : 4294967295
osmaxprocessmemorysize : 137438953344
osmuilanguages : {en-US}
osnumberoflicensedusers : 0
osnumberofprocesses : 63
osnumberofusers : 1
osarchitecture : 64-bit
oslanguage : en-US
osproductsuites : {TerminalServices, Te
rminalServicesSingleS
ession}
osportableoperatingsystem : False
osprimary : True
osproducttype : WorkStation
osservicepackmajorversion : 0
osservicepackminorversion : 0
osstatus : OK
ossuites : {TerminalServices, Te
rminalServicesSingleS
ession}
timezone : (UTC-08:00) Pacific
Time (US & Canada)
powerplatformrole : Desktop
hypervisorpresent : True
deviceguardsmartstatus : OffWindowsIoTCore
17763.107.amd64fre.rs
5_release_svc_prod2.1
x64-based PC
Networks
PS C:\windows\system32> netstat -ano
netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 736
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 968
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:29817 0.0.0.0:0 LISTENING 1820
TCP 0.0.0.0:29819 0.0.0.0:0 LISTENING 1820
TCP 0.0.0.0:29820 0.0.0.0:0 LISTENING 1820
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 456
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 860
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 496
TCP 10.10.10.204:29820 10.10.14.5:33706 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:37138 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:38206 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:40454 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:41038 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:47762 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:52638 CLOSE_WAIT 1820
TCP 10.10.10.204:29820 10.10.14.5:53602 CLOSE_WAIT 1820
TCP 10.10.10.204:49672 10.10.14.5:9999 ESTABLISHED 2844
TCP [::]:135 [::]:0 LISTENING 736
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:8080 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 456
TCP [::]:49665 [::]:0 LISTENING 860
TCP [::]:49666 [::]:0 LISTENING 496
UDP 0.0.0.0:123 *:* 1792
UDP 0.0.0.0:5050 *:* 968
UDP 0.0.0.0:5353 *:* 336
UDP 0.0.0.0:5355 *:* 336
UDP 0.0.0.0:29819 *:* 1820
UDP 0.0.0.0:49788 *:* 1820
UDP 10.10.10.204:6 *:* 1688
UDP [::]:123 *:* 1792
UDP [::]:5353 *:* 336
UDP [::]:5355 *:* 3360.0.0.0:135
0.0.0.0:445
0.0.0.0:5040
Users & Groups
ps c:\windows\system32> net user
net user
User accounts for \\
-------------------------------------------------------------------------------
Administrator app DefaultAccount
DevToolsUser Guest sshd
WDAGUtilityAccount
The command completed with one or more errors.app
DevToolsUser
sshd
ps c:\windows\system32> net localgroup
net localgroup
Aliases for \\omni
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Power Users
*Remote Management Users
*Replicator
*Ssh Users
*System Managed Accounts Group
*Users
The command completed successfully.Ssh Users
Processes
PS C:\windows\system32> ps
ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
0 32 8440 27036 0.91 2896 0 backgroundTaskHost
0 5 1976 3192 0.03 1324 0 cmd
0 5 3036 4072 26.88 1652 0 cmd
0 5 1972 3192 0.02 2488 0 cmd
0 5 1968 3192 0.02 3020 0 cmd
0 5 1976 3184 0.02 3368 0 cmd
0 5 1972 3192 0.02 3556 0 cmd
0 5 1968 3192 0.02 3600 0 cmd
0 5 1968 3192 0.00 3732 0 cmd
0 5 908 3772 0.06 964 0 conhost
0 5 936 3724 0.00 1300 0 conhost
0 5 920 3716 0.00 1380 0 conhost
0 5 904 3636 0.16 1708 0 conhost
0 5 920 3716 0.02 1804 0 conhost
0 5 916 3716 0.02 2264 0 conhost
0 5 920 3724 0.02 2464 0 conhost
0 5 1168 3896 20.52 2516 0 conhost
0 5 924 3716 0.00 2680 0 conhost
0 5 904 3648 0.00 2720 0 conhost
0 5 928 3720 0.00 3136 0 conhost
0 14 1056 2808 5.47 388 0 csrss
0 30 24712 40532 0.94 624 0 dwm
0 256 812 3440 0.09 1688 0 ebootpinger
0 0 56 8 0 0 Idle
0 44 32500 75808 3.25 2336 0 IoTCoreDefaultApp
0 16 10740 27028 0.48 2712 0 IoTShell
0 18 3608 11900 37.45 516 0 lsass
0 6 800 3188 0.02 2844 0 nc64
0 5 852 2976 0.00 1236 0 PING
0 49 62036 85576 6.02 752 0 powershell
0 9 852 2944 0.95 104 0 Registry
0 13 3604 19280 0.34 3048 0 RuntimeBroker
0 14 3476 19184 0.36 3424 0 RuntimeBroker
0 6 1560 6536 0.03 3804 0 RuntimeBroker
0 34 5812 11132 0.20 1420 0 SearchIndexer
0 10 2808 6828 0.92 496 0 services
0 15 4180 21820 0.50 2204 0 sihost
0 3 504 1172 0.16 308 0 smss
0 23 6988 18136 0.77 336 0 svchost
0 8 4484 12236 0.72 392 0 svchost
0 18 5080 19168 0.52 616 0 svchost
0 16 3424 9372 1.69 736 0 svchost
0 39 15612 45024 13.27 828 0 svchost
0 11 4160 11804 0.09 836 0 svchost
0 24 10996 21068 0.83 860 0 svchost
0 25 7056 21012 1.03 944 0 svchost
0 32 7576 26264 2.64 968 0 svchost
0 9 1980 7656 0.23 1256 0 svchost
0 9 1604 5896 0.02 1384 0 svchost
0 13 2408 8948 0.38 1400 0 svchost
0 29 6424 14444 1.30 1496 0 svchost
0 17 7052 20284 1.44 1784 0 svchost
0 11 1668 6800 0.02 1792 0 svchost
0 18 3304 6388 0.16 1820 0 svchost
0 15 4696 16332 0.72 1832 0 svchost
0 14 3752 19960 0.39 2224 0 svchost
0 12 3056 15968 0.06 3228 0 svchost
0 0 148 92 41.42 4 0 System
0 13 3692 13520 239.89 1808 0 WebManagement
0 20 8132 36848 1.25 2964 0 WindowsInternal.Co...
0 9 1052 4848 0.08 456 0 wininit
0 9 1628 6612 0.14 664 0 WUDFHost IoTCoreDefaultApp
IoTShell
Tasks
ps c:\windows\system32> schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
revert N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
device census gather 2/3/2023 4:00:00 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AikCertEnrollTask N/A Ready
CryptoPolicyTask N/A Ready
KeyPreGenTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
refreshcache 2/4/2023 12:35:40 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scanforupdates 2/4/2023 1:12:33 PM Ready
ScanForUpdatesAsUser N/A Ready
SmartRetry N/A Ready
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
IoTStartupOnBoot N/A Ready
OEMCustomization N/A Ready
PrepareForServicing N/A Ready
StartEbootPinger N/A Running
StartProvTool N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TempSignedLicenseExchange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Logon N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Secure-Boot-Update N/A Ready
Sqm-Tasks N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LoginCheck N/A Disabled
registration 2/4/2023 12:51:38 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
speechmodeldownloadtask 2/4/2023 2:13:10 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Tpm-HASCertRetr N/A Ready
Tpm-Maintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
schedule scan 2/4/2023 4:51:48 AM Ready
Schedule Scan Static Task N/A Ready
UpdateResults N/A Ready
uso_uxbroker 2/4/2023 2:24:32 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
performremediation 2/5/2023 6:13:17 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 2/3/2023 4:30:18 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Data Migration Manager N/A Ready
scheduled start 2/4/2023 12:50:04 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CDSSync N/A Ready Firewall & AV
PS C:\windows\system32> netsh firewall show config
netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Network Discovery
IMPORTANT: "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .Firewall is enabled
PS C:\windows\system32> Get-MpComputerStatus
Get-MpComputerStatus
Get-MpComputerStatus : The term 'Get-MpComputerStatus' is not recognized as
the name of a cmdlet, function, script file, or operable program. Check the
spelling of the name, or if a path was included, verify that the path is
correct and try again.
At line:1 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Get-MpComputerStatus:String) []
, CommandNotFoundException
+ FullyQualifiedErrorId : CommandNotFoundExceptionInstalled .NET Frameworks
ps c:\windows\system32> cmd /c dir /s C:\Windows\Microsoft.NET\Framework\msbuild
cmd /c dir /s c:\Windows\Microsoft.NET\Framework\msbuild
The system cannot find the path specified.
ps c:\windows\system32> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework
cmd /c dir /a:D C:\Windows\Microsoft.NET\Framework
The system cannot find the file specified.
ps c:\windows\system32> reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
error: The system was unable to find the specified registry key or value.
ps c:\windows\system32> cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP"
error: The system was unable to find the specified registry key or value.
ps c:\windows\system32> cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
error: The system was unable to find the specified registry key or value.