System/Kernel
ps c:\tmp> systeminfo
host name: SECNOTES
os name: Microsoft Windows 10 Enterprise
os version: 10.0.17134 N/A Build 17134
os manufacturer: Microsoft Corporation
os configuration: Standalone Workstation
os build type: Multiprocessor Free
registered owner: wayne
registered organization:
product id: 00329-10280-00000-AA051
original install date: 6/21/2018, 1:52:26 PM
system boot time: 1/24/2023, 1:29:43 PM
system manufacturer: VMware, Inc.
system model: VMware Virtual Platform
system type: x64-based PC
processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
[02]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: Phoenix Technologies LTD 6.00, 12/12/2018
windows directory: C:\WINDOWS
system directory: C:\WINDOWS\system32
boot device: \Device\HarddiskVolume1
system locale: en-us;English (United States)
input locale: en-us;English (United States)
time zone: (UTC-08:00) Pacific Time (US & Canada)
total physical memory: 4,095 MB
available physical memory: 2,497 MB
virtual memory: Max Size: 4,799 MB
virtual memory: Available: 3,025 MB
virtual memory: In Use: 1,774 MB
page file location(s): C:\pagefile.sys
domain: HTB
logon server: N/A
hotfix(s): 2 Hotfix(s) Installed.
[01]: KB4343669
[02]: KB4343909
network card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
connection name: Ethernet0 2
dhcp enabled: No
IP address(es)
[01]: 10.10.10.97
[02]: fe80::6832:cf76:958b:2105
[03]: dead:beef::2d54:dd95:22b0:d056
[04]: dead:beef::6832:cf76:958b:2105
[05]: dead:beef::250
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.Microsoft Windows 10 Enterprise
10.0.17134 N/A Build 17134
x64-based PC
2 Processor(s)
[01]: KB4343669
[02]: KB4343909
Networks
PS C:\tmp> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 884
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 3092
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 6436
TCP 0.0.0.0:8808 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:33060 0.0.0.0:0 LISTENING 3092
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 520
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1076
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1388
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1596
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 636
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 644
TCP 10.10.10.97:139 0.0.0.0:0 LISTENING 4
TCP 10.10.10.97:445 10.10.14.10:51126 ESTABLISHED 4
TCP 10.10.10.97:59038 10.10.14.10:9998 ESTABLISHED 1868
TCP 127.0.0.1:80 127.0.0.1:49674 ESTABLISHED 4
TCP 127.0.0.1:80 127.0.0.1:49681 ESTABLISHED 4
TCP 127.0.0.1:49670 127.0.0.1:49671 ESTABLISHED 3092
TCP 127.0.0.1:49671 127.0.0.1:49670 ESTABLISHED 3092
TCP 127.0.0.1:49674 127.0.0.1:80 ESTABLISHED 8124
TCP 127.0.0.1:49681 127.0.0.1:80 ESTABLISHED 8124
UDP 0.0.0.0:123 *:* 5640
UDP 0.0.0.0:5050 *:* 6436
UDP 0.0.0.0:5353 *:* 1936
UDP 0.0.0.0:5355 *:* 1936
UDP 10.10.10.97:137 *:* 4
UDP 10.10.10.97:138 *:* 4
UDP 10.10.10.97:1900 *:* 7036
UDP 10.10.10.97:57106 *:* 7036
UDP 127.0.0.1:1900 *:* 7036
UDP 127.0.0.1:57107 *:* 7036
UDP 127.0.0.1:61583 *:* 29440.0.0.0:135
0.0.0.0:3306
0.0.0.0:5040
Users & Groups
ps c:\tmp> net user
User accounts for \\
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
tyler WDAGUtilityAccount
The command completed with one or more errors.tyler
ps c:\tmp> net localgroup
Aliases for \\SECNOTES
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.Processes
PS C:\tmp> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
432 24 15236 29732 6412 1 ApplicationFrameHost
162 10 1940 9084 7104 1 browser_broker
135 9 5656 9868 3136 0 conhost
140 9 3160 8280 0.09 6004 0 conhost
243 13 6212 16452 8032 1 conhost
241 13 6764 17188 8160 1 conhost
548 20 1632 4988 396 0 csrss
384 14 1640 4824 500 1 csrss
366 14 3192 13364 3228 1 ctfmon
243 13 3872 13188 3756 0 dllhost
683 41 33540 54164 996 1 dwm
1700 61 22304 79604 5176 1 explorer
45 6 1484 4004 768 0 fontdrvhost
45 6 1740 4704 776 1 fontdrvhost
0 0 56 8 0 0 Idle
1144 22 5224 15336 644 0 lsass
0 0 64 5516 1604 0 Memory Compression
803 46 39632 34136 6024 1 Microsoft.Photos
883 46 19856 55356 6860 1 MicrosoftEdge
393 17 5172 21652 5528 1 MicrosoftEdgeCP
508 21 5924 24112 6240 1 MicrosoftEdgeCP
206 13 3092 10100 4340 0 msdtc
388 14 3520 12864 2712 0 MsMpEng
131 8 6224 7636 2588 0 mysqld
638 26 367460 144616 3092 0 mysqld
572 38 14916 47416 6428 1 OneDrive
101 9 5744 10108 6352 0 php-cgi
642 31 117652 127636 1.56 1868 0 powershell
607 28 66336 73108 8000 1 powershell
722 37 123756 138112 8124 1 powershell
0 14 448 5468 88 0 Registry
251 15 4804 15468 176 1 RuntimeBroker
127 9 2076 7956 1416 1 RuntimeBroker
422 20 6056 19496 6044 1 RuntimeBroker
141 8 1760 6944 6100 1 RuntimeBroker
268 15 5068 19548 6356 1 RuntimeBroker
398 18 5968 20352 7360 1 RuntimeBroker
710 41 18000 27620 3824 0 SearchIndexer
1003 70 55332 114924 5920 1 SearchUI
249 14 3136 12768 2596 0 SecurityHealthService
609 11 4784 9428 636 0 services
65 5 2168 4532 5752 0 SgrmBroker
989 36 22472 69884 5772 1 ShellExperienceHost
561 17 5484 23992 4896 1 sihost
177 9 2100 10916 6732 1 SkypeBackgroundHost
52 3 508 1136 300 0 smss
415 22 5120 14172 1596 0 spoolsv
274 13 3336 10660 60 0 svchost
465 32 11736 21444 352 0 svchost
180 11 2012 9312 628 0 svchost
84 5 996 3940 748 0 svchost
1034 20 10948 25668 820 0 svchost
1060 18 6404 13632 884 0 svchost
149 9 1904 11268 900 0 svchost
254 10 2456 7876 932 0 svchost
408 13 13848 16796 1076 0 svchost
130 18 3764 7864 1156 0 svchost
205 9 2100 7384 1236 0 svchost
376 18 5784 14676 1388 0 svchost
353 13 4152 11392 1400 0 svchost
193 11 2276 12256 1476 0 svchost
165 7 1352 5792 1484 0 svchost
232 12 2504 10532 1496 0 svchost
435 9 3036 9064 1524 0 svchost
358 10 2672 8604 1640 0 svchost
164 9 1836 7988 1660 0 svchost
143 9 1636 7364 1708 0 svchost
164 10 1944 8384 1716 0 svchost
195 10 2056 8440 1844 0 svchost
229 10 2496 9140 1880 0 svchost
232 13 2960 7976 1936 0 svchost
123 9 1524 6260 1960 0 svchost
309 12 2200 9076 1968 0 svchost
171 12 1992 11240 2036 0 svchost
181 11 1960 9820 2076 0 svchost
181 11 2000 8076 2132 0 svchost
167 9 1888 7080 2140 0 svchost
263 12 2348 11772 2340 0 svchost
261 25 3520 12112 2480 0 svchost
333 19 24480 29936 2488 0 svchost
381 15 8396 17856 2496 0 svchost
504 20 8856 21784 2504 0 svchost
160 11 4092 10600 2512 0 svchost
201 12 2432 8980 2536 0 svchost
125 9 1620 6492 2568 0 svchost
122 7 1312 5584 2632 0 svchost
243 15 4436 11432 2696 0 svchost
232 13 3080 16056 2732 0 svchost
190 11 1976 6912 2848 0 svchost
445 16 3180 11788 2944 0 svchost
103 7 1348 5400 3048 0 svchost
385 25 3560 12676 3116 0 svchost
160 9 1768 7800 3808 0 svchost
135 14 1644 6888 3920 0 svchost
145 10 1848 7092 3972 0 svchost
166 9 4340 12220 4444 0 svchost
240 12 3256 14136 4920 1 svchost
378 19 6344 27720 4956 1 svchost
211 11 2624 11224 5344 0 svchost
108 7 1512 5888 5580 0 svchost
197 12 1672 7168 5640 0 svchost
212 12 2636 10616 5668 0 svchost
256 16 3540 13928 6436 0 svchost
177 11 2248 13888 6500 0 svchost
444 29 9596 19364 6876 0 svchost
206 14 2056 7252 7036 0 svchost
140 8 1612 6556 7124 0 svchost
195 11 2148 8672 7448 0 svchost
496 26 5544 21412 7728 1 svchost
340 19 9184 26716 7844 0 svchost
198 12 2120 11552 8072 0 svchost
162 9 3240 6496 8568 0 svchost
187 15 6108 9420 8636 0 svchost
118 8 1432 5648 8700 0 svchost
2638 0 192 148 4 0 System
777 37 14668 41800 3500 1 SystemSettings
269 28 5088 14484 5068 1 taskhostw
165 12 3260 10384 2640 0 VGAuthService
128 8 1568 6024 1288 0 vm3dservice
128 8 1652 6764 6404 1 vm3dservice
368 21 9980 20352 2672 0 vmtoolsd
250 18 5332 15576 5076 1 vmtoolsd
259 20 5348 14124 0.08 788 0 w3wp
253 20 6120 14612 8312 0 w3wp
98 6 1148 4936 6284 0 Windows.WARP.JITService
151 10 1308 6460 520 0 wininit
246 11 2432 11276 564 1 winlogon
2242 50 28264 56752 9124 1 WinStore.App
339 16 8704 18260 1872 0 WmiPrvSE mysqld
Tasks
ps c:\tmp> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
SmartScreenSpecific N/A Ready
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 1/25/2023 3:23:59 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
License Validation N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 1/24/2023 6:00:00 PM Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 2/12/2023 10:39:29 AM Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 1/25/2023 4:02:52 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scanforupdates 1/26/2023 6:44:13 AM Ready
ScanForUpdatesAsUser N/A Ready
SmartRetry N/A Ready
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TempSignedLicenseExchange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
BindingWorkItemQueueHandler N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Plug and Play Cleanup N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EduPrintProv N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LoginCheck N/A Disabled
registration 1/25/2023 1:35:55 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
NetworkStateChangeTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyMonitorToastTask N/A Disabled
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Ready
WsSwapAssessmentTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
runupdatenotificationmgr 1/25/2023 3:04:14 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Usb-Notifications N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 1/24/2023 5:36:24 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scheduled start 1/25/2023 1:29:06 PM Ready
sih 1/25/2023 10:10:03 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Recovery-Check N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready
folder: \MySQL
TaskName Next Run Time Status
======================================== ====================== ===============Firewall & AV
PS C:\tmp> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
7680 TCP Disable Inbound port 7680
445 TCP Enable Inbound SMB (TCP-In)
3306 TCP Disable Inbound Port 3306
49667 TCP Disable Inbound port 49667
ICMP configuration for Domain profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
7680 TCP Disable Inbound port 7680
445 TCP Enable Inbound SMB (TCP-In)
3306 TCP Disable Inbound Port 3306
49667 TCP Disable Inbound port 49667
ICMP configuration for Standard profile:
Mode Type Description
-------------------------------------------------------------------
Enable 2 Allow outbound packet too big
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .Ports 7680, 3306, and 49667 has inbound traffics disabled
PS C:\tmp> Get-MpComputerStatus
AMEngineVersion : 0.0.0.0
AMProductVersion : 4.18.1807.18075
AMServiceEnabled : True
AMServiceVersion : 4.18.1807.18075
AntispywareEnabled : True
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0
AntivirusEnabled : True
AntivirusSignatureAge : 4294967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : 45A87BA9-A691-4D34-BB3A-E5706CC4C98F
ComputerState : 0
FullScanAge : 4294967295
FullScanEndTime :
FullScanStartTime :
IoavProtectionEnabled : False
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
PSComputerName : Windows Defender is partially enabled
PS C:\tmp> Get-MpPreference | Select-Object -Property ExclusionPath
ExclusionPath
-------------
No exclusion
Session Architecture
ps c:\tmp> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\tmp> PS C:\tmp> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework
Volume in drive C has no label.
Volume Serial Number is 1E7B-9B76
Directory of C:\Windows\Microsoft.NET\Framework
04/11/2018 03:38 PM <DIR> .
04/11/2018 03:38 PM <DIR> ..
06/21/2018 05:47 PM <DIR> v1.0.3705
06/21/2018 05:47 PM <DIR> v1.1.4322
04/11/2018 03:38 PM <DIR> v2.0.50727
01/24/2023 01:40 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 13,664,481,280 bytes free
PS C:\tmp> cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf0
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03056
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf0
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03056
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf0
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03056
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf0
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03056
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03056