System/Kernel
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> cmd /c ver
Microsoft Windows [Version 10.0.18362.719]
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> systeminfo ; Get-ComputerInfo
Host Name: BILLYBOSS
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.18362 N/A Build 18362
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: nathan
Registered Organization:
Product ID: 00331-10000-00001-AA492
Original Install Date: 5/25/2020, 7:59:14 AM
System Boot Time: 8/2/2024, 11:47:21 AM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2650 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21100432.B64.2301110304, 1/11/2023
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 2,047 MB
Available Physical Memory: 216 MB
Virtual Memory: Max Size: 4,849 MB
Virtual Memory: Available: 564 MB
Virtual Memory: In Use: 4,285 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: N/A
Hotfix(s): 6 Hotfix(s) Installed.
[01]: KB4552931
[02]: KB4497165
[03]: KB4497727
[04]: KB4537759
[05]: KB4552152
[06]: KB4540673
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0
DHCP Enabled: No
IP address(es)
[01]: 192.168.148.61
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 18362.1.amd64fre.19h1_release.190318-1202
WindowsCurrentVersion : 6.3
WindowsEditionId : Professional
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 5/25/2020 3:59:14 PM
WindowsProductId : 00331-10000-00001-AA492
WindowsProductName : Windows 10 Pro
WindowsRegisteredOrganization :
WindowsRegisteredOwner : nathan
WindowsSystemRoot : C:\Windows
WindowsVersion : 1903
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21100432.B64.2301110304,
VMware, Inc. - 10000}
BiosBuildNumber :
BiosCaption : VMW71.00V.21100432.B64.2301110304
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : VMW71.00V.21100432.B64.2301110304
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : VMware, Inc.
BiosName : VMW71.00V.21100432.B64.2301110304
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 1/10/2023 4:00:00 PM
BiosSeralNumber : VMware-42 1e ac 24 8a ee 9e 31-d4 93 f5 27 a4 7d c1 f1
BiosSMBIOSBIOSVersion : VMW71.00V.21100432.B64.2301110304
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : BILLYBOSS
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -480
CsDaylightInEffect : False
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : billyboss
CsDomain : WORKGROUP
CsDomainRole : StandaloneWorkstation
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : BILLYBOSS
CsNetworkAdapters : {Ethernet0}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 1
CsNumberOfProcessors : 1
CsProcessors : {AMD EPYC 7413 24-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : False
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : nathan
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 2146459648
CsPhyicallyInstalledMemory : 2097152
CsUserName :
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows 10 Pro
OsType : WINNT
OsOperatingSystemSKU : 48
OsVersion : 10.0.18362
OsCSDVersion :
OsBuildNumber : 18362
OsHotFixes : {KB4552931, KB4497165, KB4497727, KB4537759...}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume4
OsSystemDirectory : C:\Windows\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\Windows
OsCountryCode : 1
OsCurrentTimeZone : -480
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 3/1/2025 11:12:54 AM
OsLastBootUpTime : 8/2/2024 12:47:21 PM
OsUptime : 210.22:25:32.8576775
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptIn
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 2096152
OsFreePhysicalMemory : 208836
OsTotalVirtualMemorySize : 4965184
OsFreeVirtualMemory : 564120
OsInUseVirtualMemory : 4401064
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 2869032
OsFreeSpaceInPagingFiles : 2813196
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.18362.628
OsInstallDate : 5/25/2020 8:59:14 AM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 64
OsNumberOfUsers : 1
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : WorkStation
OsRegisteredUser : nathan
OsSerialNumber : 00331-10000-00001-AA492
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel :
KeyboardLayout : en-US
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
LogonServer :
PowerPlatformRole : Desktop
HyperVisorPresent : True
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus : Microsoft Windows [Version 10.0.18362.719]Microsoft Windows 10 Prox64-based1 Processor(s)- `6 Hotfix(s) Installed.
[01]: KB4552931[02]: KB4497165[03]: KB4497727[04]: KB4537759[05]: KB4552152[06]: KB4540673
Networks
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : billyboss
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-4F-AA
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.148.61(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.148.254
DNS Servers . . . . . . . . . . . : 192.168.148.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.148.61 --- 0x9
Internet Address Physical Address Type
192.168.148.254 00-50-56-9e-fc-4d dynamic
192.168.148.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\Users\nathan\Nexus\nexus-3.21.0-05> netstat -ano #| Select-String LIST
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1692
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 840
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 388
TCP 0.0.0.0:8081 0.0.0.0:0 LISTENING 2120
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 520
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 8
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 972
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 612
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 1804
TCP 127.0.0.1:49670 0.0.0.0:0 LISTENING 2120
TCP 127.0.0.1:49674 127.0.0.1:49675 ESTABLISHED 2120
TCP 127.0.0.1:49675 127.0.0.1:49674 ESTABLISHED 2120
TCP 192.168.148.61:139 0.0.0.0:0 LISTENING 4
TCP 192.168.148.61:5040 192.168.45.245:748 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:33218 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:33226 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:33440 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:33450 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:37136 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:37142 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:37250 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:37260 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:37498 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:38998 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:39008 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:40446 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:40452 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:43230 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:43236 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:43774 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:44540 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:44758 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:44772 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:45682 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:45694 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:46812 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:46854 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:46870 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:49158 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:49160 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:50138 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:50346 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:53330 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:53340 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:55416 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:55564 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:55574 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:57996 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:58494 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:58498 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:59892 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:59908 CLOSE_WAIT 388
TCP 192.168.148.61:5040 192.168.45.245:59920 CLOSE_WAIT 388
TCP 192.168.148.61:63055 192.168.45.245:8081 ESTABLISHED 5084
TCP [::]:21 [::]:0 LISTENING 1692
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 840
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 620
TCP [::]:49665 [::]:0 LISTENING 520
TCP [::]:49666 [::]:0 LISTENING 8
TCP [::]:49667 [::]:0 LISTENING 972
TCP [::]:49668 [::]:0 LISTENING 612
TCP [::]:49669 [::]:0 LISTENING 1804
UDP 0.0.0.0:123 *:* 4128
UDP 0.0.0.0:500 *:* 972
UDP 0.0.0.0:4500 *:* 972
UDP 0.0.0.0:5050 *:* 388
UDP 0.0.0.0:5353 *:* 1036
UDP 0.0.0.0:5355 *:* 1036
UDP 127.0.0.1:1900 *:* 3764
UDP 127.0.0.1:49212 *:* 972
UDP 127.0.0.1:54918 *:* 3764
UDP 192.168.148.61:137 *:* 4
UDP 192.168.148.61:138 *:* 4
UDP 192.168.148.61:1900 *:* 3764
UDP 192.168.148.61:54917 *:* 3764
UDP [::]:123 *:* 4128
UDP [::]:500 *:* 972
UDP [::]:4500 *:* 972
UDP [::1]:1900 *:* 3764
UDP [::1]:54916 *:* 3764Users & Groups
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> net users ; ls C:\Users
User accounts for \\BILLYBOSS
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
nathan WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 7/9/2020 12:19 PM Administrator
d----- 3/1/2025 9:42 AM BaGet
d----- 7/9/2020 12:19 PM nathan
d-r--- 5/25/2020 9:06 AM Public BaGet
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> net localgroup ; net group /DOMAIN
Aliases for \\BILLYBOSS
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.Processes
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 68 N/A
smss.exe 324 N/A
csrss.exe 424 N/A
wininit.exe 520 N/A
csrss.exe 528 N/A
winlogon.exe 588 N/A
services.exe 612 N/A
lsass.exe 620 KeyIso, SamSs
svchost.exe 732 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
fontdrvhost.exe 740 N/A
fontdrvhost.exe 748 N/A
svchost.exe 840 RpcEptMapper, RpcSs
dwm.exe 928 N/A
svchost.exe 972 BITS, DsmSvc, gpsvc, IKEEXT, iphlpsvc,
LanmanServer, ProfSvc, Schedule, SENS,
ShellHWDetection, Themes, UserManager,
Winmgmt, WpnService
svchost.exe 980 CoreMessagingRegistrar, DPS
svchost.exe 392 AudioEndpointBuilder, DsSvc, NcbService,
Netman, PcaSvc, StorSvc, SysMain, TrkWks
svchost.exe 8 Dhcp, EventLog, lmhosts, TimeBrokerSvc,
WinHttpAutoProxySvc
svchost.exe 388 CDPSvc, DispBrokerDesktopSvc, EventSystem,
FontCache, netprofm, nsi, SstpSvc,
WdiServiceHost
svchost.exe 1036 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
Memory Compression 1252 N/A
svchost.exe 1364 Audiosrv
svchost.exe 1464 DusmSvc
svchost.exe 1472 Wcmsvc
svchost.exe 1540 BFE, mpssvc
svchost.exe 1640 AppHostSvc
svchost.exe 1660 DiagTrack
svchost.exe 1692 ftpsvc
svchost.exe 1804 PolicyAgent
VGAuthService.exe 1836 VGAuthService
vmtoolsd.exe 1852 VMTools
vm3dservice.exe 1860 vm3dservice
svchost.exe 1940 W3SVC, WAS
MsMpEng.exe 1948 WinDefend
vm3dservice.exe 1132 N/A
svchost.exe 1676 RasMan
nexus.exe 2084 Sonatype Nexus
nexus.exe 2120 N/A
dllhost.exe 2720 COMSysApp
WmiPrvSE.exe 2772 N/A
LogonUI.exe 1716 N/A
msdtc.exe 3580 MSDTC
svchost.exe 3764 N/A
SgrmBroker.exe 3284 SgrmBroker
svchost.exe 536 wscsvc
SearchIndexer.exe 1656 WSearch
svchost.exe 2744 StateRepository
taskhostw.exe 3424 N/A
svchost.exe 4152 InstallService
svchost.exe 4128 W32Time
SecurityHealthService.exe 4852 SecurityHealthService
svchost.exe 4884 WbioSrvc
cmd.exe 4872 N/A
conhost.exe 4468 N/A
shell.exe 5084 N/A
cmd.exe 4860 N/A
conhost.exe 4916 N/A
powershell.exe 3152 N/A
cmd.exe 2396 N/A
tasklist.exe 3316 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
80 5 3312 3724 0.02 4860 0 cmd
73 5 2372 3464 0.02 4872 0 cmd
118 8 6160 10424 0.00 4468 0 conhost
134 9 6320 11132 0.03 4916 0 conhost
435 15 1632 2228 424 0 csrss
170 10 1480 1144 528 1 csrss
255 14 3804 9116 2720 0 dllhost
640 24 24116 22136 928 1 dwm
32 5 1464 1484 740 1 fontdrvhost
32 5 1356 1952 748 0 fontdrvhost
0 0 60 8 0 0 Idle
596 34 17188 53148 1716 1 LogonUI
969 22 4944 10468 620 0 lsass
0 0 844 190104 1252 0 Memory Compression
221 13 3188 7096 3580 0 msdtc
588 75 161208 19192 1948 0 MsMpEng
92 6 1208 2532 0.00 2084 0 nexus
1648 45 3244824 829492 62.98 2120 0 nexus
838 30 75076 85288 0.80 3152 0 powershell
0 12 2528 13032 68 0 Registry
707 69 30560 20068 1656 0 SearchIndexer
262 12 2868 11756 4852 0 SecurityHealthService
350 10 3424 5448 612 0 services
89 7 2860 5600 3284 0 SgrmBroker
50 245 516 2216 0.00 5084 0 shell
53 3 1148 336 324 0 smss
549 18 13612 16280 8 0 svchost
943 62 10316 21276 388 0 svchost
602 32 46736 52460 392 0 svchost
220 12 2408 8876 536 0 svchost
626 18 6776 10768 732 0 svchost
667 16 4076 8808 840 0 svchost
1788 62 30900 38012 972 0 svchost
362 19 12076 15416 980 0 svchost
884 1139 43560 22972 1036 0 svchost
193 10 1812 6716 1364 0 svchost
126 9 1492 5384 1464 0 svchost
355 13 2172 7684 1472 0 svchost
413 32 7780 12000 1540 0 svchost
172 11 3900 7912 1640 0 svchost
489 24 13964 25080 1660 0 svchost
377 23 3256 7204 1676 0 svchost
337 15 4696 9172 1692 0 svchost
166 12 1668 6328 1804 0 svchost
234 14 4376 7612 1940 0 svchost
174 12 5108 13996 2744 0 svchost
213 14 2032 6264 3764 0 svchost
213 12 1768 7280 4128 0 svchost
241 14 4360 14912 4152 0 svchost
207 12 2564 10788 4884 0 svchost
1490 0 196 76 4 0 System
485 30 22160 27316 3424 0 taskhostw
165 11 2892 6872 1836 0 VGAuthService
134 9 1700 4020 1132 1 vm3dservice
138 8 1604 5788 1860 0 vm3dservice
405 24 10148 15576 1852 0 vmtoolsd
156 11 1300 2056 520 0 wininit
239 12 2644 17148 588 1 winlogon
392 18 10076 19864 2772 0 WmiPrvSE Tasks
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
OneDrive Standalone Update Task-S-1-5-21-2389609380-2620298947-1153829925-1001 \ Ready Services
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
Name PathName StartName
AppHostSvc C:\Windows\system32\svchost.exe -k apphost localSystem
AudioEndpointBuilder C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Audiosrv C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
BFE C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BITS C:\Windows\System32\svchost.exe -k netsvcs -p LocalSystem
BrokerInfrastructure C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
COMSysApp C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LocalSystem
CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
DiagTrack C:\Windows\System32\svchost.exe -k utcsvc -p LocalSystem
DispBrokerDesktopSvc C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
DusmSvc C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
ftpsvc C:\Windows\system32\svchost.exe -k ftpsvc localSystem
gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
IKEEXT C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
InstallService C:\Windows\System32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\Windows\system32\lsass.exe LocalSystem
LanmanServer C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\Windows\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Netman C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\Windows\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\Windows\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PcaSvc C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
PlugPlay C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
RasMan C:\Windows\System32\svchost.exe -k netsvcs localSystem
RpcEptMapper C:\Windows\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\Windows\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\Windows\system32\lsass.exe LocalSystem
Schedule C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
SecurityHealthService C:\Windows\system32\SecurityHealthService.exe LocalSystem
SENS C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
SgrmBroker C:\Windows\system32\SgrmBroker.exe LocalSystem
ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p LocalSystem
Sonatype Nexus "C:\Users\nathan\Nexus\nexus-3.21.0-05\bin\nexus.exe" .\nathan
SstpSvc C:\Windows\system32\svchost.exe -k LocalService -p NT Authority\LocalService
StateRepository C:\Windows\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
Themes C:\Windows\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
UserManager C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
VGAuthService "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" LocalSystem
vm3dservice C:\Windows\system32\vm3dservice.exe LocalSystem
VMTools "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" LocalSystem
W32Time C:\Windows\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
W3SVC C:\Windows\system32\svchost.exe -k iissvcs localSystem
WAS C:\Windows\system32\svchost.exe -k iissvcs localSystem
WbioSrvc C:\Windows\system32\svchost.exe -k WbioSvcGroup LocalSystem
Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiServiceHost C:\Windows\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
WinDefend "C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2203.5-0\MsMpEng.exe" LocalSystem
WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p localSystem
WpnService C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
wscsvc C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
WSearch C:\Windows\system32\SearchIndexer.exe /Embedding LocalSystem `
Installed Programs
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
Microsoft .NET Core 3.1 Templates 3.1.300 (x64)
Microsoft .NET Core 3.1.4 - Windows Server Hosting
Microsoft .NET Core AppHost Pack - 3.1.4 (x64)
Microsoft .NET Core AppHost Pack - 3.1.4 (x64_arm)
Microsoft .NET Core AppHost Pack - 3.1.4 (x64_arm64)
Microsoft .NET Core AppHost Pack - 3.1.4 (x64_x86)
Microsoft .NET Core Host - 3.1.4 (x64)
Microsoft .NET Core Host - 3.1.4 (x86)
Microsoft .NET Core Host FX Resolver - 3.1.4 (x64)
Microsoft .NET Core Host FX Resolver - 3.1.4 (x86)
Microsoft .NET Core Runtime - 3.1.4 (x64)
Microsoft .NET Core Runtime - 3.1.4 (x86)
Microsoft .NET Core SDK 3.1.300 (x64)
Microsoft .NET Core Targeting Pack - 3.1.0 (x64)
Microsoft .NET Core Toolset 3.1.300 (x64)
Microsoft .NET Standard Targeting Pack - 2.1.0 (x64)
Microsoft ASP.NET Core 3.1.2 Targeting Pack (x64)
Microsoft ASP.NET Core 3.1.4 Shared Framework (x64)
Microsoft ASP.NET Core 3.1.4 Shared Framework (x86)
Microsoft ASP.NET Core Module V2
Microsoft OneDrive
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016
Microsoft Windows Desktop Runtime - 3.1.4 (x64)
Microsoft Windows Desktop Targeting Pack - 3.1.0 (x64)
VMware ToolsFirewall & AV
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\Users\nathan\Nexus\nexus-3.21.0-05> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 1.1.19200.5
AMProductVersion : 4.18.2203.5
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2203.5
AntispywareEnabled : True
AntispywareSignatureAge : 1027
AntispywareSignatureLastUpdated : 5/8/2022 7:35:36 PM
AntispywareSignatureVersion : 1.363.1657.0
AntivirusEnabled : True
AntivirusSignatureAge : 1027
AntivirusSignatureLastUpdated : 5/8/2022 7:35:36 PM
AntivirusSignatureVersion : 1.363.1657.0
BehaviorMonitorEnabled : False
ComputerID : C22D55B8-C691-48F6-BC45-6EE585DF9FF3
ComputerState : 0
DefenderSignaturesOutOfDate : True
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 3/1/2025 9:47:32 AM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 524384
QuickScanAge : 0
QuickScanEndTime : 3/1/2025 9:47:31 AM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.363.1657.0
QuickScanStartTime : 3/1/2025 9:46:14 AM
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
RebootRequired : False
TamperProtectionSource : N/A
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
PSComputerName :
ExclusionPath : {N/A: Must be and administrator to view exclusions}AV is only partially enabled
Session Architecture
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Users\nathan\Nexus\nexus-3.21.0-05> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is EACB-9845
Directory of C:\Windows\Microsoft.NET\Framework
03/18/2019 08:52 PM <DIR> .
03/18/2019 08:52 PM <DIR> ..
03/18/2019 08:52 PM <DIR> v1.0.3705
03/18/2019 08:52 PM <DIR> v1.1.4322
03/18/2019 08:52 PM <DIR> v2.0.50727
03/01/2025 09:44 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 8,942,452,736 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.03752