System/Kernel
PS C:\xampp\htdocs> cmd /c ver
Microsoft Windows [Version 10.0.19042.1387]
PS C:\xampp\htdocs> systeminfo ; Get-ComputerInfo
Host Name: MEDJED
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19042 N/A Build 19042
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: Ela Arwel
Registered Organization:
Product ID: 00331-10000-00001-AA424
Original Install Date: 12/2/2021, 12:46:03 PM
System Boot Time: 8/1/2024, 10:47:54 PM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2650 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21100432.B64.2301110304, 1/11/2023
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory: 4,095 MB
Available Physical Memory: 2,426 MB
Virtual Memory: Max Size: 4,799 MB
Virtual Memory: Available: 2,830 MB
Virtual Memory: In Use: 1,969 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\MEDJED
Hotfix(s): 5 Hotfix(s) Installed.
[01]: KB5007289
[02]: KB4562830
[03]: KB5007253
[04]: KB5006753
[05]: KB5007273
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0
DHCP Enabled: No
IP address(es)
[01]: 192.168.156.127
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406
WindowsCurrentVersion : 6.3
WindowsEditionId : Professional
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 12/2/2021 5:46:03 PM
WindowsProductId : 00331-10000-00001-AA424
WindowsProductName : Windows 10 Pro
WindowsRegisteredOrganization :
WindowsRegisteredOwner : Ela Arwel
WindowsSystemRoot : C:\WINDOWS
WindowsVersion : 2009
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21100432.B64.2301110304,
VMware, Inc. - 10000}
BiosBuildNumber :
BiosCaption : VMW71.00V.21100432.B64.2301110304
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : VMW71.00V.21100432.B64.2301110304
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : VMware, Inc.
BiosName : VMW71.00V.21100432.B64.2301110304
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 1/10/2023 7:00:00 PM
BiosSeralNumber : VMware-42 1e 9c e8 17 c1 39 eb-67 8d 24 d0 3f 0b 77 22
BiosSMBIOSBIOSVersion : VMW71.00V.21100432.B64.2301110304
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : MEDJED
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -300
CsDaylightInEffect :
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : medjed
CsDomain : WORKGROUP
CsDomainRole : StandaloneWorkstation
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : MEDJED
CsNetworkAdapters : {Ethernet0}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 1
CsProcessors : {AMD EPYC 7413 24-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : False
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : Ela Arwel
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 4293943296
CsPhyicallyInstalledMemory : 4194304
CsUserName : MEDJED\Jerren
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows 10 Pro
OsType : WINNT
OsOperatingSystemSKU : 48
OsVersion : 10.0.19042
OsCSDVersion :
OsBuildNumber : 19042
OsHotFixes : {KB5007289, KB4562830, KB5007253, KB5006753...}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume4
OsSystemDirectory : C:\WINDOWS\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\WINDOWS
OsCountryCode : 1
OsCurrentTimeZone : -300
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 4/11/2025 2:50:18 PM
OsLastBootUpTime : 8/1/2024 10:47:54 PM
OsUptime : 252.16:02:23.9866005
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptIn
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 4193304
OsFreePhysicalMemory : 2475672
OsTotalVirtualMemorySize : 4914200
OsFreeVirtualMemory : 2885012
OsInUseVirtualMemory : 2029188
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 720896
OsFreeSpaceInPagingFiles : 720896
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.19041.1151
OsInstallDate : 12/2/2021 12:46:03 PM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 145
OsNumberOfUsers : 5
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : WorkStation
OsRegisteredUser : Ela Arwel
OsSerialNumber : 00331-10000-00001-AA424
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel :
KeyboardLayout : en-US
TimeZone : (UTC-05:00) Eastern Time (US & Canada)
LogonServer : \\MEDJED
PowerPlatformRole : Desktop
HyperVisorPresent : True
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus : Microsoft Windows [Version 10.0.19042.1387]OS Name: Microsoft Windows 10 ProSystem Type: x64-based PCProcessor(s): 1 Processor(s) Installed.Hotfix(s): 5 Hotfix(s) Installed.[01]: KB5007289[02]: KB4562830[03]: KB5007253[04]: KB5006753[05]: KB5007273
Networks
PS C:\xampp\htdocs> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : medjed
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-45-DF
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.156.127(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.156.254
DNS Servers . . . . . . . . . . . : 192.168.156.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.156.127 --- 0x2
Internet Address Physical Address Type
192.168.156.254 00-50-56-9e-65-67 dynamic
192.168.156.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\xampp\htdocs> netstat -ano | Select-String LIST
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 868
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 6372
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 4720
TCP 0.0.0.0:8000 0.0.0.0:0 LISTENING 2504
TCP 0.0.0.0:30021 0.0.0.0:0 LISTENING 6368
TCP 0.0.0.0:33033 0.0.0.0:0 LISTENING 5060
TCP 0.0.0.0:44330 0.0.0.0:0 LISTENING 2504
TCP 0.0.0.0:45332 0.0.0.0:0 LISTENING 6360
TCP 0.0.0.0:45443 0.0.0.0:0 LISTENING 6360
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 656
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1600
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 636
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2444
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 6368
TCP 192.168.156.127:139 0.0.0.0:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 868
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3306 [::]:0 LISTENING 6372
TCP [::]:8000 [::]:0 LISTENING 2504
TCP [::]:30021 [::]:0 LISTENING 6368
TCP [::]:44330 [::]:0 LISTENING 2504
TCP [::]:45332 [::]:0 LISTENING 6360
TCP [::]:45443 [::]:0 LISTENING 6360
TCP [::]:49664 [::]:0 LISTENING 656
TCP [::]:49665 [::]:0 LISTENING 500
TCP [::]:49666 [::]:0 LISTENING 676
TCP [::]:49667 [::]:0 LISTENING 1600
TCP [::]:49668 [::]:0 LISTENING 636
TCP [::]:49669 [::]:0 LISTENING 2444
TCP [::1]:14147 [::]:0 LISTENING 6368Users & Groups
PS C:\xampp\htdocs> net users ; ls C:\Users
User accounts for \\MEDJED
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
Jerren WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 12/2/2021 12:51 PM Administrator
d----- 12/2/2021 12:46 PM Jerren
d-r--- 12/2/2021 3:33 PM Public PS C:\xampp\htdocs> net localgroup ; net group /DOMAIN
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.
group /DOMAIN
Aliases for \\MEDJED
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.Processes
PS C:\xampp\htdocs> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 92 N/A
smss.exe 324 N/A
csrss.exe 428 N/A
wininit.exe 500 N/A
csrss.exe 512 N/A
winlogon.exe 596 N/A
services.exe 636 N/A
lsass.exe 656 KeyIso, SamSs, VaultSvc
svchost.exe 752 BrokerInfrastructure, DcomLaunch, PlugPlay,
Power, SystemEventsBroker
fontdrvhost.exe 760 N/A
fontdrvhost.exe 768 N/A
svchost.exe 868 RpcEptMapper, RpcSs
svchost.exe 920 LSM
dwm.exe 988 N/A
svchost.exe 996 DsmSvc
svchost.exe 396 NcbService
svchost.exe 344 TimeBrokerSvc
svchost.exe 676 EventLog
svchost.exe 968 nsi
svchost.exe 1032 CoreMessagingRegistrar
svchost.exe 1080 Dhcp
svchost.exe 1212 DispBrokerDesktopSvc
svchost.exe 1236 SEMgrSvc
svchost.exe 1320 ProfSvc
svchost.exe 1340 EventSystem
svchost.exe 1376 SysMain
svchost.exe 1408 Themes
svchost.exe 1444 NlaSvc
Memory Compression 1572 N/A
svchost.exe 1600 Schedule
svchost.exe 1652 SENS
svchost.exe 1708 netprofm
svchost.exe 1772 AudioEndpointBuilder
svchost.exe 1784 FontCache
svchost.exe 1876 Audiosrv
svchost.exe 1956 WinHttpAutoProxySvc
svchost.exe 2012 UserManager
svchost.exe 2032 Dnscache
svchost.exe 1360 DusmSvc
svchost.exe 1508 Wcmsvc
svchost.exe 2112 ShellHWDetection
svchost.exe 2232 BFE, mpssvc
svchost.exe 2244 LanmanWorkstation
svchost.exe 2436 IKEEXT
svchost.exe 2444 PolicyAgent
bd.exe 2504 bd
svchost.exe 2512 CryptSvc
svchost.exe 2520 DiagTrack
svchost.exe 2528 DPS
svchost.exe 2540 Winmgmt
svchost.exe 2620 LanmanServer
svchost.exe 2640 SstpSvc
svchost.exe 2648 TrkWks
VGAuthService.exe 2656 VGAuthService
svchost.exe 2668 WpnService
vmtoolsd.exe 2696 VMTools
svchost.exe 2748 WdiServiceHost
svchost.exe 2820 iphlpsvc
svchost.exe 2916 RasMan
dllhost.exe 3132 COMSysApp
WmiPrvSE.exe 3344 N/A
msdtc.exe 3524 MSDTC
svchost.exe 3048 StorSvc
svchost.exe 3720 StateRepository
svchost.exe 2412 wlidsvc
svchost.exe 3996 RmSvc
sihost.exe 4224 N/A
svchost.exe 4236 CDPUserSvc_4bbfd
svchost.exe 4288 WpnUserService_4bbfd
taskhostw.exe 4360 N/A
MicrosoftEdgeUpdate.exe 4380 N/A
svchost.exe 4420 TokenBroker
svchost.exe 4476 TabletInputService
ctfmon.exe 4544 N/A
svchost.exe 4720 CDPSvc
explorer.exe 4888 N/A
svchost.exe 5096 cbdhsvc_4bbfd
StartMenuExperienceHost.e 5180 N/A
RuntimeBroker.exe 5248 N/A
SearchApp.exe 5396 N/A
SearchIndexer.exe 5508 WSearch
RuntimeBroker.exe 5524 N/A
svchost.exe 5752 LicenseManager
YourPhone.exe 5904 N/A
RuntimeBroker.exe 5028 N/A
RuntimeBroker.exe 6256 N/A
vmtoolsd.exe 6464 N/A
msedge.exe 6508 N/A
msedge.exe 6524 N/A
msedge.exe 6676 N/A
msedge.exe 6688 N/A
msedge.exe 6808 N/A
cmd.exe 6844 N/A
conhost.exe 6880 N/A
svchost.exe 6984 Appinfo
ruby.exe 7044 N/A
xampp-control.exe 7116 N/A
ruby.exe 5060 N/A
svchost.exe 3804 BITS
svchost.exe 3740 SSDPSRV
httpd.exe 6360 N/A
mysqld.exe 6372 N/A
FileZillaServer.exe 6368 N/A
conhost.exe 3304 N/A
httpd.exe 7208 N/A
SystemSettings.exe 2792 N/A
ApplicationFrameHost.exe 4044 N/A
svchost.exe 5304 UsoSvc
svchost.exe 6516 PcaSvc
SgrmBroker.exe 3156 SgrmBroker
svchost.exe 3276 wscsvc
svchost.exe 4568 OneSyncSvc_4bbfd,
PimIndexMaintenanceSvc_4bbfd,
UnistoreSvc_4bbfd, UserDataSvc_4bbfd
svchost.exe 7936 Netman
CompatTelRunner.exe 5672 N/A
svchost.exe 2288 lmhosts
conhost.exe 4768 N/A
svchost.exe 5016 InstallService
CompatTelRunner.exe 2816 N/A
SecurityHealthService.exe 368 SecurityHealthService
ShellExperienceHost.exe 5860 N/A
RuntimeBroker.exe 6952 N/A
svchost.exe 8576 W32Time
svchost.exe 8584 DsSvc
UserOOBEBroker.exe 1368 N/A
svchost.exe 3660 WaaSMedicSvc
svchost.exe 1484 WdiSystemHost
taskhostw.exe 4392 N/A
svchost.exe 9076 ClipSVC
svchost.exe 6452 AppXSvc
svchost.exe 3664 wuauserv
svchost.exe 2980 smphost
svchost.exe 1500 WbioSrvc
Microsoft.Photos.exe 4208 N/A
RuntimeBroker.exe 940 N/A
cmd.exe 1792 N/A
conhost.exe 8344 N/A
cmd.exe 5244 N/A
powershell.exe 3444 N/A
WmiPrvSE.exe 3052 N/A
TrustedInstaller.exe 896 TrustedInstaller
TiWorker.exe 4204 N/A
cmd.exe 2976 N/A
tasklist.exe 2088 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
320 19 7192 25744 0.05 4044 1 ApplicationFrameHost
242 44 4684 10412 2504 0 bd
73 5 2216 3664 0.03 1792 1 cmd
79 5 2252 3924 0.00 5244 1 cmd
71 5 2584 3944 0.00 6844 1 cmd
581 25 37896 6940 2816 0 CompatTelRunner
116 6 1064 1404 5672 0 CompatTelRunner
125 10 6648 14156 0.02 3304 1 conhost
159 10 6680 844 4768 0 conhost
192 12 6980 17508 0.05 6880 1 conhost
104 7 6300 10520 0.02 8344 1 conhost
539 21 1732 5264 428 0 csrss
476 17 1816 5400 512 1 csrss
396 15 3516 14868 0.14 4544 1 ctfmon
255 14 3772 13808 3132 0 dllhost
837 36 30812 61296 988 1 dwm
1709 65 25976 95940 1.42 4888 1 explorer
123 14 1764 6752 0.03 6368 1 FileZillaServer
37 6 1532 4160 760 0 fontdrvhost
37 7 2036 6012 768 1 fontdrvhost
154 28 9504 18916 0.25 6360 1 httpd
490 50 18092 24140 0.30 7208 1 httpd
0 0 60 8 0 0 Idle
1152 25 6508 18712 656 0 lsass
0 0 136 17372 1572 0 Memory Compression
712 42 42820 9556 0.50 4208 1 Microsoft.Photos
212 13 1916 240 4380 0 MicrosoftEdgeUpdate
224 13 2756 10284 3524 0 msdtc
1003 43 23968 75416 0.53 6508 1 msedge
137 9 1888 7176 0.02 6524 1 msedge
303 18 101212 28364 0.02 6676 1 msedge
278 17 9008 29724 0.11 6688 1 msedge
202 14 6796 17820 0.05 6808 1 msedge
154 15 210404 28420 0.09 6372 1 mysqld
1041 31 87792 100296 0.81 3444 1 powershell
0 14 4772 16500 92 0 Registry
303 26 124392 88492 1.58 5060 1 ruby
93 10 44952 20644 0.42 7044 1 ruby
267 16 4996 16932 0.09 940 1 RuntimeBroker
243 14 3080 19640 0.03 5028 1 RuntimeBroker
266 16 5380 22464 0.28 5248 1 RuntimeBroker
313 16 5508 22172 0.22 5524 1 RuntimeBroker
269 15 2816 15956 0.19 6256 1 RuntimeBroker
211 11 2548 16868 0.03 6952 1 RuntimeBroker
1042 68 51228 112672 1.17 5396 1 SearchApp
694 37 16980 25316 5508 0 SearchIndexer
285 13 3016 12668 368 0 SecurityHealthService
642 12 4824 9924 636 0 services
105 7 3696 6940 3156 0 SgrmBroker
544 25 9656 42288 0.16 5860 1 ShellExperienceHost
510 18 5652 25208 1.06 4224 1 sihost
53 3 1060 1136 324 0 smss
604 28 17012 56916 0.38 5180 1 StartMenuExperienceHost
291 10 2044 11792 344 0 svchost
215 12 2076 9784 396 0 svchost
411 14 13680 16840 676 0 svchost
1624 21 10564 27048 752 0 svchost
1123 17 6652 13752 868 0 svchost
261 10 2172 8012 920 0 svchost
132 18 4360 8544 968 0 svchost
340 16 4204 13500 996 0 svchost
149 7 1364 6068 1032 0 svchost
217 9 1988 7356 1080 0 svchost
123 8 1384 7292 1212 0 svchost
232 12 2268 11372 1236 0 svchost
247 13 3220 13736 1320 0 svchost
435 9 2892 9000 1340 0 svchost
127 9 1508 6444 1360 0 svchost
236 16 51184 55156 1376 0 svchost
180 7 1232 5840 1408 0 svchost
404 14 4272 12356 1444 0 svchost
121 8 1432 5908 1484 0 svchost
219 13 2900 11880 1500 0 svchost
364 12 2188 9716 1508 0 svchost
409 18 6020 15524 1600 0 svchost
175 10 1836 8416 1652 0 svchost
401 12 2712 9280 1708 0 svchost
142 9 1464 7296 1772 0 svchost
165 10 1888 8388 1784 0 svchost
207 11 2112 8812 1876 0 svchost
171 9 1840 7404 1956 0 svchost
317 13 3124 18280 2012 0 svchost
259 12 2580 7984 2032 0 svchost
191 12 1976 12340 2112 0 svchost
410 32 8476 17724 2232 0 svchost
185 11 2008 8260 2244 0 svchost
109 7 1224 5556 2288 0 svchost
420 16 4864 16156 2412 0 svchost
261 13 2576 8040 2436 0 svchost
167 12 1640 7416 2444 0 svchost
344 29 3868 13124 2512 0 svchost
529 26 19104 35348 2520 0 svchost
327 16 14520 19408 2528 0 svchost
479 16 11736 21380 2540 0 svchost
214 12 2332 9292 2620 0 svchost
130 9 1520 6804 2640 0 svchost
125 7 1224 5680 2648 0 svchost
316 15 4060 18492 2668 0 svchost
103 7 1220 5496 2748 0 svchost
368 15 2728 10928 2820 0 svchost
385 24 3328 12856 2916 0 svchost
225 15 3944 13724 2980 0 svchost
218 12 2732 11512 3048 0 svchost
214 12 2396 9708 3276 0 svchost
142 8 1540 7444 3660 0 svchost
457 35 10532 19552 3664 0 svchost
179 10 5476 14244 3720 0 svchost
217 13 1980 7532 3740 0 svchost
447 28 9288 19132 3804 0 svchost
199 11 1864 8532 3996 0 svchost
298 14 4328 17320 0.09 4236 1 svchost
424 22 7880 32576 0.34 4288 1 svchost
271 12 3188 18624 4420 0 svchost
168 9 1764 8208 4476 0 svchost
438 24 5140 20276 0.19 4568 1 svchost
312 18 4036 16120 4720 0 svchost
235 14 4720 21028 5016 0 svchost
233 12 3044 16608 0.02 5096 1 svchost
197 11 2292 9324 5304 0 svchost
190 12 2840 15480 5752 0 svchost
155 10 3596 11536 6452 0 svchost
240 12 3952 9656 6516 0 svchost
141 9 1612 7796 6984 0 svchost
197 12 2172 10780 7936 0 svchost
201 12 1704 7624 8576 0 svchost
189 15 6024 9656 8584 0 svchost
124 7 2608 7776 9076 0 svchost
2321 0 196 136 4 0 System
815 38 19472 2264 0.28 2792 1 SystemSettings
251 27 5376 14828 0.09 4360 1 taskhostw
335 19 5288 16448 0.06 4392 1 taskhostw
176 11 3100 10472 4204 0 TiWorker
135 8 1808 7300 896 0 TrustedInstaller
140 10 1920 9352 0.02 1368 1 UserOOBEBroker
173 11 3144 10428 2656 0 VGAuthService
393 21 9220 22204 2696 0 vmtoolsd
260 18 3880 16268 0.38 6464 1 vmtoolsd
162 11 1332 6964 500 0 wininit
279 13 2724 13260 596 1 winlogon
164 11 2516 9640 3052 0 WmiPrvSE
372 18 9716 20128 3344 0 WmiPrvSE
281 18 6016 20880 0.36 7116 1 xampp-control
585 41 26204 14120 0.31 5904 1 YourPhone bd.exeexplorer.exeSearchApp.exeSearchIndexer.exeYourPhone.exeruby.exexampp-control.exehttpd.exemysqld.exeFileZillaServer.exeSystemSettings.exeMicrosoft.Photos.exe
Tasks
PS C:\xampp\htdocs> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
PS C:\xampp\htdocs> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\OneCore
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 4/12/2025 4:00:36 AM Running
PcaPatchDbTask 4/11/2025 3:41:22 PM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 4/11/2025 6:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Check And Scan 4/11/2025 11:48:04 PM Ready
Data Integrity Scan N/A Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 4/12/2025 3:28:34 AM Ready
Device User N/A Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
RecommendedTroubleshootingScanner N/A Ready
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DirectXDatabaseUpdater N/A Ready
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\DUSM
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Feedback
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Feedback\Siuf
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\FileHistory
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
UsageDataFlushing N/A Ready
UsageDataReporting N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 4/11/2025 5:07:17 PM Ready
Folder: \Microsoft\Windows\Input
TaskName Next Run Time Status
======================================== ====================== ===============
LocalUserSyncDataAvailable N/A Ready
MouseSyncDataAvailable N/A Ready
PenSyncDataAvailable N/A Ready
TouchpadSyncDataAvailable N/A Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates 4/12/2025 5:09:50 PM Ready
ScanForUpdatesAsUser N/A Ready
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\International
TaskName Next Run Time Status
======================================== ====================== ===============
Synchronize Language Settings N/A Ready
Folder: \Microsoft\Windows\LanguageComponentsInstaller
TaskName Next Run Time Status
======================================== ====================== ===============
Installation N/A Ready
ReconcileLanguageResources N/A Ready
Folder: \Microsoft\Windows\Live
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Management
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Management\Provisioning
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
Retry N/A Disabled
RunOnReboot N/A Disabled
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Running
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\NlaSvc
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
Folder: \Microsoft\Windows\Printing
TaskName Next Run Time Status
======================================== ====================== ===============
EduPrintProv N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Ready
Folder: \Microsoft\Windows\Registry
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SettingSync
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
NetworkStateChangeTask N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Disabled
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
Folder: \Microsoft\Windows\StateRepository
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\Subscription
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
Folder: \Microsoft\Windows\Sysmain
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Ready
WsSwapAssessmentTask N/A Ready
Folder: \Microsoft\Windows\SystemRestore
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Ready
Folder: \Microsoft\Windows\Task Manager
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
Folder: \Microsoft\Windows\termsrv
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\termsrv\RemoteFX
TaskName Next Run Time Status
======================================== ====================== ===============
RemoteFXvGPUDisableTask N/A Ready
RemoteFXWarningTask 5/3/2025 1:00:00 PM Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UNP
TaskName Next Run Time Status
======================================== ====================== ===============
RunUpdateNotificationMgr N/A Disabled
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\USB
TaskName Next Run Time Status
======================================== ====================== ===============
Usb-Notifications N/A Ready
Folder: \Microsoft\Windows\WCM
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\WDI
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Running
Folder: \Microsoft\Windows\Windows Defender
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 4/11/2025 3:10:10 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 4/12/2025 2:17:57 PM Ready
Folder: \Microsoft\Windows\WindowsUpdate\RUXIM
TaskName Next Run Time Status
======================================== ====================== ===============
RUXIMDisplay 4/12/2025 11:58:17 AM Ready
RUXIMSync 4/14/2025 9:32:03 AM Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Folder: \Microsoft\Windows\WlanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
CDSSync N/A Ready
Folder: \Microsoft\Windows\Work Folders
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Device-Sync N/A Disabled
Recovery-Check N/A Disabled
Folder: \Microsoft\Windows\WwanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
OobeDiscovery N/A Ready
Folder: \Microsoft\XblGameSave
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready Services
PS C:\xampp\htdocs> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
Name PathName StartName
Appinfo C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
AppXSvc C:\WINDOWS\system32\svchost.exe -k wsappx -p LocalSystem
AudioEndpointBuilder C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Audiosrv C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
bd "C:\bd\bd.exe" LocalSystem
BFE C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BITS C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
BrokerInfrastructure C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
CDPSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
ClipSVC C:\WINDOWS\System32\svchost.exe -k wsappx -p LocalSystem
COMSysApp C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LocalSystem
CoreMessagingRegistrar C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
DiagTrack C:\WINDOWS\System32\svchost.exe -k utcsvc -p LocalSystem
DispBrokerDesktopSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
Dnscache C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DPS C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
DsSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
DusmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
EventLog C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
IKEEXT C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
InstallService C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\WINDOWS\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\WINDOWS\system32\lsass.exe LocalSystem
LanmanServer C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
LanmanWorkstation C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
LicenseManager C:\WINDOWS\System32\svchost.exe -k LocalService -p NT Authority\LocalService
lmhosts C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\WINDOWS\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Netman C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PcaSvc C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
PlugPlay C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
RasMan C:\WINDOWS\System32\svchost.exe -k netsvcs localSystem
RmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted NT AUTHORITY\LocalService
RpcEptMapper C:\WINDOWS\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\WINDOWS\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\WINDOWS\system32\lsass.exe LocalSystem
Schedule C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe LocalSystem
SEMgrSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
SENS C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe LocalSystem
ShellHWDetection C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
smphost C:\WINDOWS\System32\svchost.exe -k smphost NT AUTHORITY\NetworkService
sppsvc C:\WINDOWS\system32\sppsvc.exe NT AUTHORITY\NetworkService
SSDPSRV C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p NT AUTHORITY\LocalService
SstpSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
StateRepository C:\WINDOWS\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SysMain C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
TabletInputService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Themes C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TokenBroker C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
TrkWks C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
UserManager C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
UsoSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
VaultSvc C:\WINDOWS\system32\lsass.exe LocalSystem
VGAuthService "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" LocalSystem
VMTools "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" LocalSystem
W32Time C:\WINDOWS\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
WaaSMedicSvc C:\WINDOWS\system32\svchost.exe -k wusvcs -p LocalSystem
WbioSrvc C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup LocalSystem
Wcmsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiServiceHost C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
WdiSystemHost C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
WinHttpAutoProxySvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\WINDOWS\system32\svchost.exe -k netsvcs -p localSystem
wlidsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
WpnService C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wscsvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
WSearch C:\WINDOWS\system32\SearchIndexer.exe /Embedding LocalSystem
wuauserv C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
cbdhsvc_4bbfd C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
CDPUserSvc_4bbfd C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
OneSyncSvc_4bbfd C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
PimIndexMaintenanceSvc_4bbfd C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
UnistoreSvc_4bbfd C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
UserDataSvc_4bbfd C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
WpnUserService_4bbfd C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup bd "C:\bd\bd.exe" LocalSystem
Installed Programs
PS C:\xampp\htdocs> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
BarracudaDrive
Microsoft Edge
Microsoft Edge Update
Microsoft Update Health Tools
Microsoft Visual C++ 2017 Redistributable (x64) - 14.12.25810
Microsoft Visual C++ 2017 Redistributable (x86) - 14.12.25810
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.12.25810
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.12.25810
Node.js
Ruby 2.6.6-2-x64 with MSYS2
Update for Windows 10 for x64-based Systems (KB5001716)
VMware Tools
Windows PC Health Check
XAMPP
YarnBarracudaDriveNode.jsRuby 2.6.6-2-x64 with MSYS2XAMPPYarn
Firewall & AV
PS C:\xampp\htdocs> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
8000 TCP Disable Inbound Disallow port 8000
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound FileZilla Server / C:\xampp\filezillaftp\filezillaserver.exe
Enable Inbound Ruby interpreter (CUI) 2.3.3p222 [i386-mingw32] / C:\railsinstaller\ruby2.3.3\bin\ruby.exe
Enable Inbound mysqld / C:\xampp\mysql\bin\mysqld.exe
Enable Inbound Ruby interpreter (CUI) 2.6.6p146 [x64-mingw32] / C:\ruby26-x64\bin\ruby.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
8000 TCP Disable Inbound Disallow port 8000
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\xampp\htdocs> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Get-MpComputerStatus : A general error occurred that is not covered by a more specific error code.
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (MSFT_MpComputerStatus:ROOT\Microsoft\...pComputerStatus) [Get-MpComputerS
tatus], CimException
+ FullyQualifiedErrorId : HRESULT 0x800106ba,Get-MpComputerStatus
ExclusionPath
-------------
Session Architecture
PS C:\xampp\htdocs> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\xampp\htdocs> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is A41E-B108
Directory of C:\Windows\Microsoft.NET\Framework
12/07/2019 04:31 AM <DIR> .
12/07/2019 04:31 AM <DIR> ..
12/02/2021 03:35 PM <DIR> v1.0.3705
12/02/2021 03:35 PM <DIR> v1.1.4322
12/07/2019 04:14 AM <DIR> v2.0.50727
04/11/2025 02:21 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 16,487,002,112 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04084