System/Kernel
PS C:\Program Files\LibreOffice\program> cmd /c ver
Microsoft Windows [Version 10.0.19042.1348]
PS C:\Program Files\LibreOffice\program> systeminfo ; Get-ComputerInfo
Host Name: HEPET
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19042 N/A Build 19042
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Ela Arwel
Registered Organization:
Product ID: 00331-10000-00001-AA737
Original Install Date: 12/1/2021, 3:06:58 PM
System Boot Time: 8/1/2024, 10:54:07 PM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2650 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21100432.B64.2301110304, 1/11/2023
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory: 4,095 MB
Available Physical Memory: 2,637 MB
Virtual Memory: Max Size: 4,799 MB
Virtual Memory: Available: 3,245 MB
Virtual Memory: In Use: 1,554 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\HEPET
Hotfix(s): 3 Hotfix(s) Installed.
[01]: KB4562830
[02]: KB5007186
[03]: KB5006753
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0
DHCP Enabled: No
IP address(es)
[01]: 192.168.159.140
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406
WindowsCurrentVersion : 6.3
WindowsEditionId : Enterprise
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 1/1/1970 12:00:00 AM
WindowsProductId :
WindowsProductName : Windows 10 Enterprise
WindowsRegisteredOrganization :
WindowsRegisteredOwner : Ela Arwel
WindowsSystemRoot : C:\WINDOWS
WindowsVersion : 2009
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21100432.B64.2301110304,
VMware, Inc. - 10000}
BiosBuildNumber :
BiosCaption : VMW71.00V.21100432.B64.2301110304
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : VMW71.00V.21100432.B64.2301110304
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : VMware, Inc.
BiosName : VMW71.00V.21100432.B64.2301110304
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 1/10/2023 7:00:00 PM
BiosSeralNumber : VMware-42 1e 07 fa 13 e7 f6 5d-4b cd 83 cd a5 4a 8c 22
BiosSMBIOSBIOSVersion : VMW71.00V.21100432.B64.2301110304
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : HEPET
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -300
CsDaylightInEffect : False
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : hepet
CsDomain : WORKGROUP
CsDomainRole : StandaloneWorkstation
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : HEPET
CsNetworkAdapters : {Ethernet0}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 1
CsProcessors : {AMD EPYC 7413 24-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : False
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : Ela Arwel
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 4293943296
CsPhyicallyInstalledMemory : 4194304
CsUserName : HEPET\Ela Arwel
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows 10 Pro
OsType : WINNT
OsOperatingSystemSKU : 48
OsVersion : 10.0.19042
OsCSDVersion :
OsBuildNumber : 19042
OsHotFixes : {KB4562830, KB5007186, KB5006753}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume4
OsSystemDirectory : C:\WINDOWS\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\WINDOWS
OsCountryCode : 1
OsCurrentTimeZone : -300
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 3/4/2025 1:34:13 PM
OsLastBootUpTime : 8/1/2024 11:54:07 PM
OsUptime : 214.13:40:05.6589402
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptIn
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 4193304
OsFreePhysicalMemory : 2690712
OsTotalVirtualMemorySize : 4914200
OsFreeVirtualMemory : 3311636
OsInUseVirtualMemory : 1602564
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 720896
OsFreeSpaceInPagingFiles : 720896
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.19041.1151
OsInstallDate : 12/1/2021 3:06:58 PM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 138
OsNumberOfUsers : 5
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : WorkStation
OsRegisteredUser : Ela Arwel
OsSerialNumber : 00331-10000-00001-AA737
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel :
KeyboardLayout : en-US
TimeZone : (UTC-05:00) Eastern Time (US & Canada)
LogonServer : \\HEPET
PowerPlatformRole : Desktop
HyperVisorPresent : True
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus : Microsoft Windows [Version 10.0.19042.1348]Microsoft Windows 10 Prox64-based PC1 Processor(s)3 Hotfix(s) Installed[01]: KB4562830[02]: KB5007186[03]: KB5006753
Networks
PS C:\Program Files\LibreOffice\program> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : hepet
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-A3-33
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.159.140(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.159.254
DNS Servers . . . . . . . . . . . : 192.168.159.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.159.140 --- 0x2
Internet Address Physical Address Type
192.168.159.254 00-50-56-9e-fc-4d dynamic
192.168.159.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\Program Files\LibreOffice\program> netstat -ano #| Select-String LIST
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:79 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:105 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:106 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 868
TCP 0.0.0.0:143 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 6640
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2224 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 4772
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 6640
TCP 0.0.0.0:11100 0.0.0.0:0 LISTENING 5216
TCP 0.0.0.0:20001 0.0.0.0:0 LISTENING 6656
TCP 0.0.0.0:33006 0.0.0.0:0 LISTENING 6648
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 504
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1044
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1572
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 640
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2384
TCP 127.0.0.1:11200 0.0.0.0:0 LISTENING 5216
TCP 127.0.0.1:11300 0.0.0.0:0 LISTENING 5216
TCP 127.0.0.1:11300 127.0.0.1:49672 ESTABLISHED 5216
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 6656
TCP 127.0.0.1:49672 127.0.0.1:11300 ESTABLISHED 3292
TCP 192.168.159.140:139 0.0.0.0:0 LISTENING 4
TCP 192.168.159.140:5040 192.168.45.153:38676 CLOSE_WAIT 4772
TCP 192.168.159.140:49759 192.168.45.153:443 ESTABLISHED 3284
TCP 192.168.159.140:49950 20.190.159.131:443 SYN_SENT 5332
TCP 192.168.159.140:49951 4.175.87.197:443 SYN_SENT 1104
TCP [::]:135 [::]:0 LISTENING 868
TCP [::]:443 [::]:0 LISTENING 6640
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:8000 [::]:0 LISTENING 6640
TCP [::]:11100 [::]:0 LISTENING 5216
TCP [::]:20001 [::]:0 LISTENING 6656
TCP [::]:33006 [::]:0 LISTENING 6648
TCP [::]:49664 [::]:0 LISTENING 660
TCP [::]:49665 [::]:0 LISTENING 504
TCP [::]:49666 [::]:0 LISTENING 1044
TCP [::]:49667 [::]:0 LISTENING 1572
TCP [::]:49668 [::]:0 LISTENING 640
TCP [::]:49669 [::]:0 LISTENING 2384
TCP [::1]:14147 [::]:0 LISTENING 6656
UDP 0.0.0.0:123 *:* 5680
UDP 0.0.0.0:500 *:* 2396
UDP 0.0.0.0:4500 *:* 2396
UDP 0.0.0.0:5050 *:* 4772
UDP 0.0.0.0:5353 *:* 2004
UDP 0.0.0.0:5355 *:* 2004
UDP 127.0.0.1:1900 *:* 7176
UDP 127.0.0.1:49513 *:* 7176
UDP 127.0.0.1:59577 *:* 2776
UDP 192.168.159.140:137 *:* 4
UDP 192.168.159.140:138 *:* 4
UDP 192.168.159.140:1900 *:* 7176
UDP 192.168.159.140:49512 *:* 7176
UDP [::]:123 *:* 5680
UDP [::]:500 *:* 2396
UDP [::]:4500 *:* 2396
UDP [::1]:1900 *:* 7176
UDP [::1]:49511 *:* 7176Users & Groups
C:\Program Files\LibreOffice\program> net users ; ls C:\Users
User accounts for \\HEPET
-------------------------------------------------------------------------------
Administrator DefaultAccount Ela Arwel
Guest WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 12/2/2021 8:39 AM Administrator
d----- 12/2/2021 8:44 AM Ela Arwel
d-r--- 12/1/2021 5:56 PM Public PS C:\Program Files\LibreOffice\program> net localgroup ; net group /DOMAIN
Aliases for \\HEPET
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.Processes
PS C:\Program Files\LibreOffice\program> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 92 N/A
smss.exe 324 N/A
csrss.exe 432 N/A
wininit.exe 504 N/A
csrss.exe 520 N/A
winlogon.exe 572 N/A
services.exe 640 N/A
lsass.exe 660 KeyIso, SamSs, VaultSvc
svchost.exe 752 BrokerInfrastructure, DcomLaunch, PlugPlay,
Power, SystemEventsBroker
fontdrvhost.exe 760 N/A
fontdrvhost.exe 768 N/A
svchost.exe 868 RpcEptMapper, RpcSs
svchost.exe 912 LSM
dwm.exe 984 N/A
svchost.exe 992 DsmSvc
svchost.exe 400 NcbService
svchost.exe 340 TimeBrokerSvc
svchost.exe 808 CoreMessagingRegistrar
svchost.exe 1044 EventLog
svchost.exe 1096 nsi
svchost.exe 1200 ProfSvc
svchost.exe 1232 EventSystem
svchost.exe 1252 SysMain
svchost.exe 1268 DispBrokerDesktopSvc
svchost.exe 1284 Themes
svchost.exe 1344 Dhcp
Memory Compression 1524 N/A
svchost.exe 1564 SENS
svchost.exe 1572 Schedule
svchost.exe 1620 NlaSvc
svchost.exe 1664 AudioEndpointBuilder
svchost.exe 1672 FontCache
svchost.exe 1780 Audiosrv
svchost.exe 1812 netprofm
svchost.exe 1980 WinHttpAutoProxySvc
svchost.exe 1996 DusmSvc
svchost.exe 2004 Dnscache
svchost.exe 2012 UserManager
svchost.exe 2024 Wcmsvc
svchost.exe 1988 ShellHWDetection
svchost.exe 2148 BFE, mpssvc
svchost.exe 2240 LanmanWorkstation
svchost.exe 2384 PolicyAgent
svchost.exe 2396 IKEEXT
svchost.exe 2488 CryptSvc
svchost.exe 2496 DiagTrack
svchost.exe 2508 DPS
svchost.exe 2516 Winmgmt
svchost.exe 2600 SstpSvc
svchost.exe 2612 LanmanServer
svchost.exe 2624 TrkWks
veyon-service.exe 2632 VeyonService
VGAuthService.exe 2644 VGAuthService
vmtoolsd.exe 2652 VMTools
svchost.exe 2672 WpnService
svchost.exe 2764 WdiServiceHost
svchost.exe 2776 iphlpsvc
svchost.exe 2864 RasMan
dllhost.exe 3204 COMSysApp
WmiPrvSE.exe 3440 N/A
msdtc.exe 3648 MSDTC
svchost.exe 1104 wuauserv
svchost.exe 3860 StorSvc
svchost.exe 3736 StateRepository
svchost.exe 4104 RmSvc
sihost.exe 4220 N/A
svchost.exe 4264 CDPUserSvc_488da
svchost.exe 4304 WpnUserService_488da
taskhostw.exe 4388 N/A
MicrosoftEdgeUpdate.exe 4412 N/A
svchost.exe 4480 TokenBroker
svchost.exe 4548 TabletInputService
ctfmon.exe 4632 N/A
svchost.exe 4772 CDPSvc
svchost.exe 4808 ClipSVC
explorer.exe 5008 N/A
svchost.exe 4300 cbdhsvc_488da
StartMenuExperienceHost.e 5316 N/A
svchost.exe 5332 wlidsvc
RuntimeBroker.exe 5476 N/A
SearchApp.exe 5612 N/A
SearchIndexer.exe 5652 WSearch
RuntimeBroker.exe 5924 N/A
veyon-server.exe 5216 N/A
veyon-worker.exe 3292 N/A
RuntimeBroker.exe 4048 N/A
vmtoolsd.exe 6404 N/A
xampp-control.exe 6496 N/A
jusched.exe 6556 N/A
httpd.exe 6640 N/A
mysqld.exe 6648 N/A
FileZillaServer.exe 6656 N/A
mercury.exe 6668 N/A
conhost.exe 6696 N/A
httpd.exe 6876 N/A
WmiPrvSE.exe 6204 N/A
svchost.exe 6720 BITS
svchost.exe 7176 SSDPSRV
ApplicationFrameHost.exe 7696 N/A
WinStore.App.exe 7720 N/A
RuntimeBroker.exe 7848 N/A
svchost.exe 8000 InstallService
SgrmBroker.exe 2680 SgrmBroker
svchost.exe 7456 UsoSvc
svchost.exe 5680 W32Time
svchost.exe 5668 wscsvc
svchost.exe 7396 OneSyncSvc_488da
svchost.exe 5444 Netman
svchost.exe 7844 LicenseManager
svchost.exe 5964 WdiSystemHost
svchost.exe 2212 PcaSvc
CompatTelRunner.exe 4648 N/A
svchost.exe 6764 lmhosts
conhost.exe 7968 N/A
CompatTelRunner.exe 1500 N/A
SecurityHealthService.exe 832 SecurityHealthService
ShellExperienceHost.exe 6192 N/A
RuntimeBroker.exe 3152 N/A
WmiApSrv.exe 976 wmiApSrv
powershell.exe 3284 N/A
conhost.exe 624 N/A
cmd.exe 7728 N/A
UserOOBEBroker.exe 5572 N/A
svchost.exe 7640 smphost
svchost.exe 4880 WbioSrvc
taskhostw.exe 364 N/A
powershell.exe 4240 N/A
cmd.exe 4204 N/A
tasklist.exe 4908 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
318 19 6888 25560 0.05 7696 1 ApplicationFrameHost
97 6 2556 848 0.00 7728 1 cmd
580 25 45536 5604 1500 0 CompatTelRunner
116 6 1104 1396 4648 0 CompatTelRunner
104 7 2816 1276 0.02 624 1 conhost
125 10 6648 14096 0.03 6696 1 conhost
159 10 6676 676 7968 0 conhost
505 20 1672 5120 432 0 csrss
494 16 1820 5120 520 1 csrss
389 15 3644 15332 0.14 4632 1 ctfmon
259 14 3812 13760 3204 0 dllhost
915 35 30820 60232 984 1 dwm
1755 69 29124 101176 2.17 5008 1 explorer
123 15 1760 6752 0.05 6656 1 FileZillaServer
32 8 3552 9864 760 1 fontdrvhost
32 5 1640 3808 768 0 fontdrvhost
154 27 9600 18868 0.25 6640 1 httpd
478 48 15324 22176 0.20 6876 1 httpd
0 0 60 8 0 0 Idle
362 18 2768 19164 0.09 6556 1 jusched
1148 25 6452 17984 660 0 lsass
0 0 144 33932 1524 0 Memory Compression
287 27 7176 16652 0.19 6668 1 mercury
212 13 1896 228 4412 0 MicrosoftEdgeUpdate
224 13 2708 10136 3648 0 msdtc
156 15 210552 28320 0.03 6648 1 mysqld
505 126 45080 620 1.63 3284 1 powershell
702 44 45052 40296 1.84 4240 1 powershell
0 13 13236 18692 92 0 Registry
208 11 2504 16832 0.06 3152 1 RuntimeBroker
259 14 2624 14064 0.11 4048 1 RuntimeBroker
263 16 5552 21752 0.17 5476 1 RuntimeBroker
315 17 6676 23496 0.22 5924 1 RuntimeBroker
134 9 1976 8536 0.00 7848 1 RuntimeBroker
1049 64 48996 110024 1.16 5612 1 SearchApp
682 34 16640 24032 5652 0 SearchIndexer
289 13 3056 12720 832 0 SecurityHealthService
617 12 4828 9888 640 0 services
105 7 4764 7228 2680 0 SgrmBroker
540 25 9592 42496 0.09 6192 1 ShellExperienceHost
496 18 5444 24816 0.97 4220 1 sihost
53 3 1068 1168 324 0 smss
602 28 16676 56160 0.47 5316 1 StartMenuExperienceHost
260 10 2012 12048 340 0 svchost
213 12 2112 9744 400 0 svchost
1455 21 9724 25464 752 0 svchost
146 7 1436 6036 808 0 svchost
1050 17 6456 13448 868 0 svchost
257 11 2172 7860 912 0 svchost
330 16 4268 13468 992 0 svchost
405 14 16684 19392 1044 0 svchost
135 18 4384 8548 1096 0 svchost
511 42 11328 20264 1104 0 svchost
247 14 3228 13324 1200 0 svchost
432 9 2920 8952 1232 0 svchost
245 15 36872 46728 1252 0 svchost
123 8 1440 7308 1268 0 svchost
172 7 1284 5812 1284 0 svchost
219 10 2024 7288 1344 0 svchost
172 10 1836 8324 1564 0 svchost
413 18 6028 14784 1572 0 svchost
441 15 4332 12184 1620 0 svchost
142 9 1536 7240 1664 0 svchost
163 11 2316 8912 1672 0 svchost
207 10 2032 8840 1780 0 svchost
383 11 2640 9100 1812 0 svchost
173 9 1804 7336 1980 0 svchost
191 12 2040 12464 1988 0 svchost
127 9 1512 6368 1996 0 svchost
258 12 2512 7856 2004 0 svchost
246 10 2560 9732 2012 0 svchost
365 12 2212 9648 2024 0 svchost
414 32 7928 16916 2148 0 svchost
231 12 3968 9132 2212 0 svchost
185 11 2028 8060 2240 0 svchost
167 12 1728 7336 2384 0 svchost
261 14 2576 7880 2396 0 svchost
254 25 3448 12756 2488 0 svchost
517 25 18792 34960 2496 0 svchost
327 16 11088 15464 2508 0 svchost
459 16 11628 21220 2516 0 svchost
130 9 1580 6688 2600 0 svchost
212 12 2348 9080 2612 0 svchost
125 8 1232 5644 2624 0 svchost
317 15 4076 19008 2672 0 svchost
123 8 1540 5940 2764 0 svchost
369 15 2684 10672 2776 0 svchost
383 24 3360 12740 2864 0 svchost
171 9 5816 13960 3736 0 svchost
222 12 2628 11108 3860 0 svchost
200 11 1972 8492 4104 0 svchost
305 15 7188 19836 0.25 4264 1 svchost
234 12 3064 16704 0.06 4300 1 svchost
391 19 7116 30012 0.28 4304 1 svchost
261 12 3184 18492 4480 0 svchost
167 9 1820 8196 4548 0 svchost
310 19 4420 15808 4772 0 svchost
122 7 2288 7392 4808 0 svchost
219 13 2876 11976 4880 0 svchost
393 16 4636 15592 5332 0 svchost
197 12 2180 10760 5444 0 svchost
213 12 2392 9656 5668 0 svchost
205 12 1720 7612 5680 0 svchost
122 8 1428 5968 5964 0 svchost
384 26 8700 18156 6720 0 svchost
109 7 1228 5592 6764 0 svchost
215 13 1976 7456 7176 0 svchost
251 14 2736 12144 0.02 7396 1 svchost
191 11 2252 9328 7456 0 svchost
225 15 3948 13960 7640 0 svchost
164 10 2016 9988 7844 0 svchost
247 14 4144 16528 8000 0 svchost
2221 0 196 144 4 0 System
339 19 5496 16128 0.09 364 1 taskhostw
260 32 6068 15048 0.13 4388 1 taskhostw
139 10 1928 9396 0.03 5572 1 UserOOBEBroker
319 25 5420 19376 5216 1 veyon-server
220 18 5040 17112 2632 0 veyon-service
238 21 13836 28204 0.11 3292 1 veyon-worker
173 11 3136 9968 2644 0 VGAuthService
394 22 9916 22204 2652 0 vmtoolsd
260 18 3936 15816 0.92 6404 1 vmtoolsd
162 11 1360 6844 504 0 wininit
281 13 2724 12916 572 1 winlogon
1470 52 29032 1328 0.31 7720 1 WinStore.App
139 8 1432 7276 976 0 WmiApSrv
363 17 9760 19960 3440 0 WmiPrvSE
268 13 13676 21092 6204 0 WmiPrvSE
281 18 5936 20876 0.14 6496 1 xampp-control
- ```
- `veyon-service.exe 2632 VeyonService`
- `veyon-server.exe 5216 N/A`
- `veyon-worker.exe 3292 N/A`
- `jusched.exe 6556 N/A`
# Tasks
---
```powershell
PS C:\Program Files\LibreOffice\program> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
Check Email \ Ready\Check Email
Services
PS C:\Program Files\LibreOffice\program> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
Name PathName StartName
AudioEndpointBuilder C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Audiosrv C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
BFE C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BITS C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
BrokerInfrastructure C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
CDPSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
ClipSVC C:\WINDOWS\System32\svchost.exe -k wsappx -p LocalSystem
COMSysApp C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LocalSystem
CoreMessagingRegistrar C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
DiagTrack C:\WINDOWS\System32\svchost.exe -k utcsvc -p LocalSystem
DispBrokerDesktopSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
Dnscache C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DPS C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
DusmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
EventLog C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
IKEEXT C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
InstallService C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\WINDOWS\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\WINDOWS\system32\lsass.exe LocalSystem
LanmanServer C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
LanmanWorkstation C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
LicenseManager C:\WINDOWS\System32\svchost.exe -k LocalService -p NT Authority\LocalService
lmhosts C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\WINDOWS\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Netman C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PcaSvc C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
PlugPlay C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
RasMan C:\WINDOWS\System32\svchost.exe -k netsvcs localSystem
RmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted NT AUTHORITY\LocalService
RpcEptMapper C:\WINDOWS\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\WINDOWS\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\WINDOWS\system32\lsass.exe LocalSystem
Schedule C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe LocalSystem
SENS C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe LocalSystem
ShellHWDetection C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
smphost C:\WINDOWS\System32\svchost.exe -k smphost NT AUTHORITY\NetworkService
SSDPSRV C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p NT AUTHORITY\LocalService
SstpSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
StateRepository C:\WINDOWS\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SysMain C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
TabletInputService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Themes C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TokenBroker C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
TrkWks C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
UserManager C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
UsoSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
VaultSvc C:\WINDOWS\system32\lsass.exe LocalSystem
VeyonService C:\Users\Ela Arwel\Veyon\veyon-service.exe LocalSystem
VGAuthService "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" LocalSystem
VMTools "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" LocalSystem
W32Time C:\WINDOWS\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
WbioSrvc C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup LocalSystem
Wcmsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiServiceHost C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
WdiSystemHost C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
WinHttpAutoProxySvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\WINDOWS\system32\svchost.exe -k netsvcs -p localSystem
wlidsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wmiApSrv C:\WINDOWS\system32\wbem\WmiApSrv.exe localSystem
WpnService C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wscsvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
WSearch C:\WINDOWS\system32\SearchIndexer.exe /Embedding LocalSystem
wuauserv C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
cbdhsvc_488da C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
CDPUserSvc_488da C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
OneSyncSvc_488da C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
WpnUserService_488da C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup VeyonService C:\Users\Ela Arwel\Veyon\veyon-service.exe LocalSystem
Installed Programs
PS C:\Program Files\LibreOffice\program> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
Java 8 Update 271
Java Auto Updater
Microsoft Edge
Microsoft Edge Update
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810
Mozilla Thunderbird 78.3.2 (x86 en-US)
VeyonJava 8 Update 271Java Auto UpdaterMozilla Thunderbird 78.3.2 (x86 en-US)Veyon
Firewall & AV
PS C:\Program Files\LibreOffice\program> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound FileZilla Server / C:\xampp\filezillaftp\filezillaserver.exe
Enable Inbound Mercury/32 Core Processing Module v4.62 / C:\xampp\mercurymail\mercury.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .Firewall is Diabled
PS C:\Program Files\LibreOffice\program> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Get-MpComputerStatus : A general error occurred that is not covered by a more specific error code.
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS
tatus], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus
ExclusionPath
-------------
AV doesn’t appear to be enabled
Session Architecture
PS C:\Program Files\LibreOffice\program> [Environment]::Is64BitProcess
FalseFalse
Installed .NET Frameworks
PS C:\Program Files\LibreOffice\program> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is A41E-B108
Directory of C:\Windows\Microsoft.NET\Framework
12/07/2019 04:31 AM <DIR> .
12/07/2019 04:31 AM <DIR> ..
12/01/2021 05:58 PM <DIR> v1.0.3705
12/01/2021 05:58 PM <DIR> v1.1.4322
12/07/2019 04:14 AM <DIR> v2.0.50727
12/06/2021 07:46 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 15,532,314,624 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04084