System/Kernel
PS C:\Users\divine> cmd /c ver
Microsoft Windows [Version 10.0.19042.1348]
PS C:\Users\divine> systeminfo ; Get-ComputerInfo
Host Name: REMOTE-PC
OS Name: Microsoft Windows 10 Pro
OS Version: 10.0.19042 N/A Build 19042
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Workstation
OS Build Type: Multiprocessor Free
Registered Owner: admin
Registered Organization:
Product ID: 00331-10000-00001-AA213
Original Install Date: 6/18/2021, 4:06:17 AM
System Boot Time: 3/26/2025, 11:46:22 PM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 25 Model 17 Stepping 1 AuthenticAMD ~3000 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21100432.B64.2301110304, 1/11/2023
Windows Directory: C:\WINDOWS
System Directory: C:\WINDOWS\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 2,047 MB
Available Physical Memory: 545 MB
Virtual Memory: Max Size: 3,199 MB
Virtual Memory: Available: 1,503 MB
Virtual Memory: In Use: 1,696 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\REMOTE-PC
Hotfix(s): 6 Hotfix(s) Installed.
[01]: KB5007289
[02]: KB4562830
[03]: KB4580325
[04]: KB5007186
[05]: KB5006753
[06]: KB5005699
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0 2
DHCP Enabled: No
IP address(es)
[01]: 192.168.239.199
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 19041.1.amd64fre.vb_release.191206-1406
WindowsCurrentVersion : 6.3
WindowsEditionId : Professional
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 6/18/2021 12:06:17 PM
WindowsProductId : 00331-10000-00001-AA213
WindowsProductName : Windows 10 Pro
WindowsRegisteredOrganization :
WindowsRegisteredOwner : admin
WindowsSystemRoot : C:\WINDOWS
WindowsVersion : 2009
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21100432.B64.2301110304,
VMware, Inc. - 10000}
BiosBuildNumber :
BiosCaption : VMW71.00V.21100432.B64.2301110304
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : VMW71.00V.21100432.B64.2301110304
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : VMware, Inc.
BiosName : VMW71.00V.21100432.B64.2301110304
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 1/10/2023 4:00:00 PM
BiosSeralNumber : VMware-42 1e 4d b1 09 7a 0e 7e-b1 a2 90 8c 79 e1 a7 be
BiosSMBIOSBIOSVersion : VMW71.00V.21100432.B64.2301110304
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : REMOTE-PC
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -420
CsDaylightInEffect : True
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : Remote-PC
CsDomain : WORKGROUP
CsDomainRole : StandaloneWorkstation
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : REMOTE-PC
CsNetworkAdapters : {Ethernet0 2}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 1
CsProcessors : {AMD EPYC 9124 16-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : False
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : admin
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 2146459648
CsPhyicallyInstalledMemory : 2097152
CsUserName : REMOTE-PC\divine
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows 10 Pro
OsType : WINNT
OsOperatingSystemSKU : 48
OsVersion : 10.0.19042
OsCSDVersion :
OsBuildNumber : 19042
OsHotFixes : {KB5007289, KB4562830, KB4580325, KB5007186...}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume4
OsSystemDirectory : C:\WINDOWS\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\WINDOWS
OsCountryCode : 1
OsCurrentTimeZone : -420
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 4/17/2025 12:51:13 PM
OsLastBootUpTime : 3/26/2025 11:46:22 PM
OsUptime : 21.13:04:50.9498676
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptIn
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 2096152
OsFreePhysicalMemory : 548276
OsTotalVirtualMemorySize : 3275800
OsFreeVirtualMemory : 1529456
OsInUseVirtualMemory : 1746344
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 1179648
OsFreeSpaceInPagingFiles : 1131704
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.19041.1151
OsInstallDate : 6/18/2021 5:06:17 AM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 104
OsNumberOfUsers : 1
OsOrganization :
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : WorkStation
OsRegisteredUser : admin
OsSerialNumber : 00331-10000-00001-AA213
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel :
KeyboardLayout : en-US
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
LogonServer : \\REMOTE-PC
PowerPlatformRole : Desktop
HyperVisorPresent : True
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus : Microsoft Windows [Version 10.0.19042.1348]OS Name: Microsoft Windows 10 ProSystem Type: x64-based PCProcessor(s): 1 Processor(s) Installed.Hotfix(s): 6 Hotfix(s) Installed.[01]: KB5007289[02]: KB4562830[03]: KB4580325[04]: KB5007186[05]: KB5006753[06]: KB5005699
Networks
PS C:\Users\divine> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : Remote-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-64-EC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.239.199(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.239.254
DNS Servers . . . . . . . . . . . : 192.168.239.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.239.199 --- 0x7
Internet Address Physical Address Type
192.168.239.254 00-50-56-9e-ad-80 dynamic
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\Users\divine> netstat -ano | Select-String LIST
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 912
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1978 0.0.0.0:0 LISTENING 2548
TCP 0.0.0.0:1979 0.0.0.0:0 LISTENING 2548
TCP 0.0.0.0:1980 0.0.0.0:0 LISTENING 2548
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 540
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 1132
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 3852
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 700
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1088
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 464
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1952
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 656
TCP 192.168.239.199:139 0.0.0.0:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 912
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 540
TCP [::]:7680 [::]:0 LISTENING 3852
TCP [::]:49664 [::]:0 LISTENING 700
TCP [::]:49665 [::]:0 LISTENING 544
TCP [::]:49666 [::]:0 LISTENING 1088
TCP [::]:49667 [::]:0 LISTENING 464
TCP [::]:49668 [::]:0 LISTENING 1952
TCP [::]:49669 [::]:0 LISTENING 656Users & Groups
PS C:\Users\divine> net users ; ls C:\Users
User accounts for \\REMOTE-PC
-------------------------------------------------------------------------------
Administrator DefaultAccount divine
Guest WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 6/21/2021 3:48 AM Administrator
d----- 4/17/2025 12:44 PM divine
d-r--- 6/18/2021 5:55 AM Public PS C:\Users\divine> net localgroup ; net group /DOMAIN
Aliases for \\REMOTE-PC
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.Processes
PS C:\Users\divine> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 92 N/A
smss.exe 340 N/A
csrss.exe 444 N/A
wininit.exe 544 N/A
csrss.exe 556 N/A
winlogon.exe 640 N/A
services.exe 656 N/A
lsass.exe 700 KeyIso, SamSs, VaultSvc
svchost.exe 796 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
fontdrvhost.exe 820 N/A
fontdrvhost.exe 828 N/A
svchost.exe 912 RpcEptMapper, RpcSs
dwm.exe 1016 N/A
svchost.exe 464 DsmSvc, iphlpsvc, LanmanServer, lfsvc,
ProfSvc, Schedule, SENS, SessionEnv,
ShellHWDetection, Themes, TokenBroker,
UserManager, UsoSvc, Winmgmt, wisvc,
wlidsvc, WpnService, wuauserv
svchost.exe 540 TermService
svchost.exe 408 CoreMessagingRegistrar, DPS
svchost.exe 1080 AudioEndpointBuilder, DsSvc, NcbService,
Netman, PcaSvc, StorSvc, SysMain,
TabletInputService, TrkWks, UmRdpService,
WdiSystemHost
svchost.exe 1088 Dhcp, EventLog, lmhosts, TimeBrokerSvc,
WinHttpAutoProxySvc
svchost.exe 1132 CDPSvc, DispBrokerDesktopSvc, EventSystem,
FontCache, LicenseManager, netprofm, nsi,
WdiServiceHost
svchost.exe 1248 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
svchost.exe 1256 AppXSvc, ClipSVC
svchost.exe 1416 CertPropSvc
Memory Compression 1592 N/A
svchost.exe 1680 Audiosrv
svchost.exe 1788 DusmSvc
svchost.exe 1812 Wcmsvc
spoolsv.exe 1952 Spooler
svchost.exe 2000 BFE, mpssvc
svchost.exe 2080 SEMgrSvc
svchost.exe 2144 DiagTrack
RemoteMouseService.exe 2204 RemoteMouseService
VGAuthService.exe 2216 VGAuthService
vm3dservice.exe 2260 VM3DService
vmtoolsd.exe 2268 VMTools
MsMpEng.exe 2312 WinDefend
vm3dservice.exe 2472 N/A
RemoteMouseCore.exe 2540 N/A
RemoteMouse.exe 2548 N/A
dllhost.exe 2692 COMSysApp
svchost.exe 2824 PolicyAgent
WmiPrvSE.exe 2992 N/A
msdtc.exe 2240 MSDTC
svchost.exe 3852 DoSvc
svchost.exe 3932 StateRepository
svchost.exe 3376 RmSvc
sihost.exe 3592 N/A
svchost.exe 3672 CDPUserSvc_6078b, OneSyncSvc_6078b,
PimIndexMaintenanceSvc_6078b,
UnistoreSvc_6078b, UserDataSvc_6078b,
WpnUserService_6078b
taskhostw.exe 4100 N/A
MicrosoftEdgeUpdate.exe 4156 N/A
ctfmon.exe 4292 N/A
explorer.exe 4468 N/A
NisSrv.exe 4960 WdNisSvc
svchost.exe 4132 cbdhsvc_6078b
StartMenuExperienceHost.e 2172 N/A
RuntimeBroker.exe 4944 N/A
SearchApp.exe 5216 N/A
RuntimeBroker.exe 5396 N/A
SearchIndexer.exe 5500 WSearch
RuntimeBroker.exe 3312 N/A
vmtoolsd.exe 5056 N/A
svchost.exe 5864 SSDPSRV
OneDrive.exe 5932 N/A
dllhost.exe 6580 N/A
SgrmBroker.exe 3432 SgrmBroker
MoUsoCoreWorker.exe 5576 N/A
svchost.exe 6560 W32Time
svchost.exe 5564 wscsvc
SecurityHealthService.exe 6808 SecurityHealthService
YourPhone.exe 6844 N/A
RuntimeBroker.exe 5952 N/A
CompatTelRunner.exe 7160 N/A
conhost.exe 2864 N/A
svchost.exe 3764 InstallService
CompatTelRunner.exe 7064 N/A
TextInputHost.exe 7468 N/A
cmd.exe 4572 N/A
conhost.exe 280 N/A
ShellExperienceHost.exe 8836 N/A
RuntimeBroker.exe 8316 N/A
cmd.exe 6500 N/A
conhost.exe 2028 N/A
cmd.exe 8852 N/A
conhost.exe 5264 N/A
cmd.exe 7552 N/A
conhost.exe 8120 N/A
cmd.exe 9188 N/A
conhost.exe 3940 N/A
cmd.exe 6712 N/A
conhost.exe 6748 N/A
cmd.exe 9212 N/A
conhost.exe 2980 N/A
cmd.exe 8688 N/A
conhost.exe 8996 N/A
nc64.exe 3004 N/A
cmd.exe 5296 N/A
powershell.exe 1424 N/A
backgroundTaskHost.exe 3128 N/A
RuntimeBroker.exe 4028 N/A
WmiPrvSE.exe 2324 N/A
TrustedInstaller.exe 4820 TrustedInstaller
TiWorker.exe 3172 N/A
BackgroundTransferHost.ex 7532 N/A
taskhostw.exe 8948 N/A
taskhostw.exe 1732 N/A
taskhostw.exe 8396 N/A
VSSVC.exe 9072 VSS
svchost.exe 9060 swprv
cmd.exe 1696 N/A
tasklist.exe 8504 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
1382 34 23544 45712 2.78 3128 1 backgroundTaskHost
783 26 7680 24316 0.64 7532 1 BackgroundTransferHost
73 5 2136 3868 0.00 4572 1 cmd
79 5 3288 3916 0.00 5296 1 cmd
73 5 2328 3932 0.02 6500 1 cmd
73 5 2336 3932 0.02 6712 1 cmd
73 5 2332 3924 0.00 7552 1 cmd
77 5 3388 4088 0.00 8688 1 cmd
73 5 2324 3924 0.00 8852 1 cmd
76 5 2360 4088 0.02 9188 1 cmd
73 5 3364 3948 0.02 9212 1 cmd
469 17 4248 4144 7064 0 CompatTelRunner
116 6 1052 1284 7160 0 CompatTelRunner
268 14 7352 16144 0.06 280 1 conhost
268 14 7412 20736 0.09 2028 1 conhost
159 10 6508 792 2864 0 conhost
268 15 7340 20700 0.09 2980 1 conhost
268 14 7460 20824 0.06 3940 1 conhost
268 14 7408 20772 0.13 5264 1 conhost
268 14 7416 20784 0.06 6748 1 conhost
268 14 7380 20772 0.13 8120 1 conhost
275 14 7468 20884 0.08 8996 1 conhost
461 16 1748 4652 444 0 csrss
433 18 1740 4588 556 1 csrss
453 16 3956 17716 0.31 4292 1 ctfmon
259 14 3952 11624 2692 0 dllhost
240 22 4640 12524 0.22 6580 1 dllhost
927 39 42516 73564 1016 1 dwm
1953 72 37836 92852 5.06 4468 1 explorer
32 6 1752 2900 820 1 fontdrvhost
32 5 1376 2604 828 0 fontdrvhost
0 0 60 8 0 0 Idle
1170 26 6768 17472 700 0 lsass
0 0 368 71352 1592 0 Memory Compression
212 13 2148 284 4156 0 MicrosoftEdgeUpdate
713 22 16328 24132 5576 0 MoUsoCoreWorker
224 13 2688 7840 2240 0 msdtc
1576 83 193352 86232 2312 0 MsMpEng
117 34 976 4452 0.00 3004 1 nc64
213 13 5284 10800 4960 0 NisSrv
680 45 17376 29788 0.52 5932 1 OneDrive
1111 31 85284 96868 0.88 1424 1 powershell
0 17 4664 53816 92 0 Registry
474 35 25584 25520 2548 1 RemoteMouse
327 24 14336 8684 2540 1 RemoteMouseCore
217 14 17008 13356 2204 0 RemoteMouseService
223 12 2436 12824 0.73 3312 1 RuntimeBroker
502 24 11380 33828 5.89 4028 1 RuntimeBroker
355 18 6276 21768 0.97 4944 1 RuntimeBroker
632 26 12328 37204 3.28 5396 1 RuntimeBroker
133 8 1508 7652 0.00 5952 1 RuntimeBroker
211 11 2548 16840 0.08 8316 1 RuntimeBroker
1630 118 110052 74768 10.33 5216 1 SearchApp
710 39 23540 22628 5500 0 SearchIndexer
287 13 3064 12592 6808 0 SecurityHealthService
406 11 3756 7472 656 0 services
105 7 3812 6644 3432 0 SgrmBroker
567 26 10452 46276 0.14 8836 1 ShellExperienceHost
557 19 6444 24760 3.03 3592 1 sihost
53 3 1060 892 340 0 smss
485 25 6064 15524 1952 0 spoolsv
610 30 19740 49640 1.50 2172 1 StartMenuExperienceHost
386 16 10784 13124 408 0 svchost
2467 113 54500 73780 464 0 svchost
468 18 4316 9780 540 0 svchost
1512 27 11504 28124 796 0 svchost
1028 19 7876 14256 912 0 svchost
756 40 56040 68208 1080 0 svchost
884 22 21768 25804 1088 0 svchost
1032 45 11532 25596 1132 0 svchost
1013 38 20004 31160 1248 0 svchost
779 28 27100 24476 1256 0 svchost
220 11 2024 8996 1416 0 svchost
208 10 1976 8184 1680 0 svchost
132 9 1680 5968 1788 0 svchost
384 13 2476 9196 1812 0 svchost
414 32 12272 14064 2000 0 svchost
233 12 2448 9948 2080 0 svchost
592 26 19472 32892 2144 0 svchost
163 10 1900 6560 2824 0 svchost
199 11 1880 7392 3376 0 svchost
927 39 13096 43600 1.22 3672 1 svchost
359 19 6776 25732 3764 0 svchost
348 18 4492 15464 3852 0 svchost
250 15 8572 20880 3932 0 svchost
252 13 3224 16752 0.08 4132 1 svchost
218 13 2528 9620 5564 0 svchost
203 13 1944 6808 5864 0 svchost
205 12 1724 7036 6560 0 svchost
145 10 1800 8300 9060 0 svchost
2650 0 200 132 4 0 System
210 12 2416 14268 0.03 1732 1 taskhostw
284 33 6792 15876 0.55 4100 1 taskhostw
385 18 5036 16296 8396 0 taskhostw
138 9 1616 10764 0.00 8948 1 taskhostw
530 22 8700 36400 0.25 7468 1 TextInputHost
1012 60 66900 74264 3172 0 TiWorker
146 9 2016 7556 4820 0 TrustedInstaller
171 11 3076 6956 2216 0 VGAuthService
113 7 1424 5232 2260 0 vm3dservice
116 9 1556 5776 2472 1 vm3dservice
381 21 9348 15796 2268 0 vmtoolsd
257 18 5204 13704 0.08 5056 1 vmtoolsd
176 11 1936 9128 9072 0 VSSVC
162 11 1328 6196 544 0 wininit
278 13 2712 12608 640 1 winlogon
162 11 2572 9588 2324 0 WmiPrvSE
362 17 8552 17296 2992 0 WmiPrvSE
565 41 24296 1168 0.34 6844 1 YourPhone spoolsv.exeRemoteMouseService.exeRemoteMouseCore.exeRemoteMouse.exe
Tasks
PS C:\Users\divine> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
OneDrive Standalone Update Task-S-1-5-21-2619112490-2635448554-1147358759-1002 \ Ready
PS C:\Users\divine> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
OneDrive Standalone Update Task-S-1-5-21 4/17/2025 9:51:51 PM Ready
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\OneCore
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 4/18/2025 4:45:06 AM Running
PcaPatchDbTask 4/17/2025 3:24:33 PM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 4/17/2025 6:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Check And Scan 4/17/2025 11:07:46 PM Ready
Data Integrity Scan N/A Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 4/18/2025 3:24:54 AM Ready
Device User N/A Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
RecommendedTroubleshootingScanner N/A Ready
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DirectXDatabaseUpdater N/A Ready
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\DUSM
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Feedback
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Feedback\Siuf
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\FileHistory
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
UsageDataFlushing N/A Ready
UsageDataReporting N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 4/17/2025 5:09:34 PM Running
Folder: \Microsoft\Windows\Input
TaskName Next Run Time Status
======================================== ====================== ===============
LocalUserSyncDataAvailable N/A Ready
MouseSyncDataAvailable N/A Ready
PenSyncDataAvailable N/A Ready
TouchpadSyncDataAvailable N/A Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates 4/17/2025 8:27:26 PM Ready
ScanForUpdatesAsUser N/A Running
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\International
TaskName Next Run Time Status
======================================== ====================== ===============
Synchronize Language Settings N/A Ready
Folder: \Microsoft\Windows\LanguageComponentsInstaller
TaskName Next Run Time Status
======================================== ====================== ===============
Installation N/A Ready
ReconcileLanguageResources N/A Ready
Folder: \Microsoft\Windows\Live
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Management
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Management\Provisioning
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
Retry N/A Disabled
RunOnReboot N/A Disabled
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Running
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\NlaSvc
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Queued
Folder: \Microsoft\Windows\Printing
TaskName Next Run Time Status
======================================== ====================== ===============
EduPrintProv N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\Registry
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SettingSync
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
NetworkStateChangeTask N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Ready
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
Folder: \Microsoft\Windows\StateRepository
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\Subscription
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
Folder: \Microsoft\Windows\Sysmain
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Queued
WsSwapAssessmentTask N/A Queued
Folder: \Microsoft\Windows\SystemRestore
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Queued
Folder: \Microsoft\Windows\Task Manager
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UNP
TaskName Next Run Time Status
======================================== ====================== ===============
RunUpdateNotificationMgr N/A Disabled
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\USB
TaskName Next Run Time Status
======================================== ====================== ===============
Usb-Notifications N/A Ready
Folder: \Microsoft\Windows\WCM
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\WDI
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Ready
Folder: \Microsoft\Windows\Windows Defender
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 4/17/2025 1:43:42 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start N/A Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Folder: \Microsoft\Windows\WlanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
CDSSync N/A Ready
Folder: \Microsoft\Windows\Work Folders
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Device-Sync N/A Disabled
Recovery-Check N/A Disabled
Folder: \Microsoft\Windows\WwanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
OobeDiscovery N/A Ready
Folder: \Microsoft\XblGameSave
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A Ready Services
PS C:\Users\divine> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
Name PathName StartName
AppXSvc C:\WINDOWS\system32\svchost.exe -k wsappx -p LocalSystem
AudioEndpointBuilder C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Audiosrv C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
BFE C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BrokerInfrastructure C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
CDPSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
CertPropSvc C:\WINDOWS\system32\svchost.exe -k netsvcs LocalSystem
ClipSVC C:\WINDOWS\System32\svchost.exe -k wsappx -p LocalSystem
COMSysApp C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} LocalSystem
CoreMessagingRegistrar C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
DiagTrack C:\WINDOWS\System32\svchost.exe -k utcsvc -p LocalSystem
DispBrokerDesktopSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
Dnscache C:\WINDOWS\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DoSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DPS C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
DsSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
DusmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
EventLog C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
InstallService C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\WINDOWS\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\WINDOWS\system32\lsass.exe LocalSystem
LanmanServer C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
LanmanWorkstation C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
lfsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
LicenseManager C:\WINDOWS\System32\svchost.exe -k LocalService -p NT Authority\LocalService
lmhosts C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\WINDOWS\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
Netman C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\WINDOWS\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\WINDOWS\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PcaSvc C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
PlugPlay C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
RemoteMouseService C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe LocalSystem
RmSvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted NT AUTHORITY\LocalService
RpcEptMapper C:\WINDOWS\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\WINDOWS\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\WINDOWS\system32\lsass.exe LocalSystem
Schedule C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SecurityHealthService C:\WINDOWS\system32\SecurityHealthService.exe LocalSystem
SEMgrSvc C:\WINDOWS\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
SENS C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
SessionEnv C:\WINDOWS\System32\svchost.exe -k netsvcs -p localSystem
SgrmBroker C:\WINDOWS\system32\SgrmBroker.exe LocalSystem
ShellHWDetection C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
smphost C:\WINDOWS\System32\svchost.exe -k smphost NT AUTHORITY\NetworkService
Spooler C:\WINDOWS\System32\spoolsv.exe LocalSystem
SSDPSRV C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation -p NT AUTHORITY\LocalService
StateRepository C:\WINDOWS\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
swprv C:\WINDOWS\System32\svchost.exe -k swprv LocalSystem
SysMain C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p LocalSystem
TabletInputService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
TermService C:\WINDOWS\System32\svchost.exe -k NetworkService NT Authority\NetworkService
Themes C:\WINDOWS\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TokenBroker C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
TrkWks C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
TrustedInstaller C:\WINDOWS\servicing\TrustedInstaller.exe localSystem
UmRdpService C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p localSystem
UserManager C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
UsoSvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
VaultSvc C:\WINDOWS\system32\lsass.exe LocalSystem
VGAuthService "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe" LocalSystem
VM3DService C:\WINDOWS\system32\vm3dservice.exe LocalSystem
VMTools "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" LocalSystem
W32Time C:\WINDOWS\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
WbioSrvc C:\WINDOWS\system32\svchost.exe -k WbioSvcGroup LocalSystem
Wcmsvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiServiceHost C:\WINDOWS\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
WdiSystemHost C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
WdNisSvc "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe" NT AUTHORITY\LocalService
WinDefend "C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe" LocalSystem
WinHttpAutoProxySvc C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\WINDOWS\system32\svchost.exe -k netsvcs -p localSystem
wlidsvc C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
WpnService C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
wscsvc C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
WSearch C:\WINDOWS\system32\SearchIndexer.exe /Embedding LocalSystem
wuauserv C:\WINDOWS\system32\svchost.exe -k netsvcs -p LocalSystem
cbdhsvc_6078b C:\WINDOWS\system32\svchost.exe -k ClipboardSvcGroup -p
CDPUserSvc_6078b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
OneSyncSvc_6078b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
PimIndexMaintenanceSvc_6078b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
UnistoreSvc_6078b C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup
UserDataSvc_6078b C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup RemoteMouseService C:\Program Files (x86)\Remote Mouse\RemoteMouseService.exe LocalSystem
Installed Programs
PS C:\Users\divine> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
FileZilla Client 3.54.1
Microsoft Edge
Microsoft Edge Update
Microsoft OneDrive
Microsoft Update Health Tools
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.24.28127
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.24.28127
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.24.28127
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.24.28127
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.24.28127
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.24.28127
Remote Mouse version 3.008
VMware ToolsFileZilla Client 3.54.1Remote Mouse version 3.008
Firewall & AV
PS C:\Users\divine> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\WINDOWS\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\Users\divine> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 1.1.19100.5
AMProductVersion : 4.18.2203.5
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2203.5
AntispywareEnabled : True
AntispywareSignatureAge : 1093
AntispywareSignatureLastUpdated : 4/19/2022 6:56:58 PM
AntispywareSignatureVersion : 1.363.675.0
AntivirusEnabled : True
AntivirusSignatureAge : 1093
AntivirusSignatureLastUpdated : 4/19/2022 6:56:57 PM
AntivirusSignatureVersion : 1.363.675.0
BehaviorMonitorEnabled : True
ComputerID : E8DBB1B1-1B19-4662-90CA-21BF56C4B4DC
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 4/17/2025 12:40:11 PM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : True
IsTamperProtected : True
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : True
NISEngineVersion : 1.1.19100.5
NISSignatureAge : 1093
NISSignatureLastUpdated : 4/19/2022 6:56:57 PM
NISSignatureVersion : 1.363.675.0
OnAccessProtectionEnabled : True
ProductStatus : 524288
QuickScanAge : 0
QuickScanEndTime : 4/17/2025 12:35:14 PM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.363.675.0
QuickScanStartTime : 4/17/2025 12:34:20 PM
RealTimeProtectionEnabled : True
RealTimeScanDirection : 0
RebootRequired : False
TamperProtectionSource : Signatures
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
PSComputerName :
ExclusionPath : {N/A: Must be and administrator to view exclusions}Session Architecture
PS C:\Users\divine> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Users\divine> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 08DF-534D
Directory of C:\Windows\Microsoft.NET\Framework
12/07/2019 02:31 AM <DIR> .
12/07/2019 02:31 AM <DIR> ..
06/18/2021 05:57 AM <DIR> v1.0.3705
06/18/2021 05:57 AM <DIR> v1.1.4322
12/07/2019 02:14 AM <DIR> v2.0.50727
04/17/2025 12:40 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 6,196,994,048 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04084