System/Kernel
PS C:\Users\ariah> cmd /c ver
Microsoft Windows [Version 10.0.18362.1016]
PS C:\Users\ariah> systeminfo ; Get-ComputerInfo
ERROR: Access denied
WindowsBuildLabEx : 18362.1.amd64fre.19h1_release.190318-1202
WindowsCurrentVersion : 6.3
WindowsEditionId : Professional
WindowsInstallationType : Client
WindowsInstallDateFromRegistry : 9/2/2020 1:25:15 AM
WindowsProductId : 00331-10000-00001-AA007
WindowsProductName : Windows 10 Pro
WindowsRegisteredOrganization :
WindowsRegisteredOwner : setup
WindowsSystemRoot : C:\Windows
WindowsVersion : 1903
BiosCharacteristics :
BiosBIOSVersion :
BiosBuildNumber :
BiosCaption :
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription :
BiosEmbeddedControllerMajorVersion :
BiosEmbeddedControllerMinorVersion :
BiosFirmwareType :
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer :
BiosName :
BiosOtherTargetOS :
BiosPrimaryBIOS :
BiosReleaseDate :
BiosSeralNumber :
BiosSMBIOSBIOSVersion :
BiosSMBIOSMajorVersion :
BiosSMBIOSMinorVersion :
BiosSMBIOSPresent :
BiosSoftwareElementState :
BiosStatus :
BiosSystemBiosMajorVersion :
BiosSystemBiosMinorVersion :
BiosTargetOperatingSystem :
BiosVersion :
CsAdminPasswordStatus :
CsAutomaticManagedPagefile :
CsAutomaticResetBootOption :
CsAutomaticResetCapability :
CsBootOptionOnLimit :
CsBootOptionOnWatchDog :
CsBootROMSupported :
CsBootStatus :
CsBootupState :
CsCaption :
CsChassisBootupState :
CsChassisSKUNumber :
CsCurrentTimeZone :
CsDaylightInEffect :
CsDescription :
CsDNSHostName :
CsDomain :
CsDomainRole :
CsEnableDaylightSavingsTime :
CsFrontPanelResetStatus :
CsHypervisorPresent :
CsInfraredSupported :
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus :
CsLastLoadInfo :
CsManufacturer :
CsModel :
CsName :
CsNetworkAdapters :
CsNetworkServerModeEnabled :
CsNumberOfLogicalProcessors :
CsNumberOfProcessors :
CsProcessors :
CsOEMStringArray :
CsPartOfDomain :
CsPauseAfterReset :
CsPCSystemType :
CsPCSystemTypeEx :
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus :
CsPowerState :
CsPowerSupplyState :
CsPrimaryOwnerContact :
CsPrimaryOwnerName :
CsResetCapability :
CsResetCount :
CsResetLimit :
CsRoles :
CsStatus :
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType :
CsThermalState :
CsTotalPhysicalMemory :
CsPhyicallyInstalledMemory :
CsUserName :
CsWakeUpType :
CsWorkgroup :
OsName :
OsType :
OsOperatingSystemSKU :
OsVersion :
OsCSDVersion :
OsBuildNumber :
OsHotFixes :
OsBootDevice :
OsSystemDevice :
OsSystemDirectory :
OsSystemDrive :
OsWindowsDirectory :
OsCountryCode :
OsCurrentTimeZone :
OsLocaleID :
OsLocale :
OsLocalDateTime :
OsLastBootUpTime :
OsUptime :
OsBuildType :
OsCodeSet :
OsDataExecutionPreventionAvailable :
OsDataExecutionPrevention32BitApplications :
OsDataExecutionPreventionDrivers :
OsDataExecutionPreventionSupportPolicy :
OsDebug :
OsDistributed :
OsEncryptionLevel :
OsForegroundApplicationBoost :
OsTotalVisibleMemorySize :
OsFreePhysicalMemory :
OsTotalVirtualMemorySize :
OsFreeVirtualMemory :
OsInUseVirtualMemory :
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles :
OsFreeSpaceInPagingFiles :
OsPagingFiles :
OsHardwareAbstractionLayer :
OsInstallDate :
OsManufacturer :
OsMaxNumberOfProcesses :
OsMaxProcessMemorySize :
OsMuiLanguages :
OsNumberOfLicensedUsers :
OsNumberOfProcesses :
OsNumberOfUsers :
OsOrganization :
OsArchitecture :
OsLanguage :
OsProductSuites :
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem :
OsPrimary :
OsProductType :
OsRegisteredUser :
OsSerialNumber :
OsServicePackMajorVersion :
OsServicePackMinorVersion :
OsStatus :
OsSuites :
OsServerLevel :
KeyboardLayout :
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
LogonServer :
PowerPlatformRole : Desktop
HyperVisorPresent :
HyperVRequirementDataExecutionPreventionAvailable :
HyperVRequirementSecondLevelAddressTranslation :
HyperVRequirementVirtualizationFirmwareEnabled :
HyperVRequirementVMMonitorModeExtensions :
DeviceGuardSmartStatus : Off
DeviceGuardRequiredSecurityProperties :
DeviceGuardAvailableSecurityProperties :
DeviceGuardSecurityServicesConfigured :
DeviceGuardSecurityServicesRunning :
DeviceGuardCodeIntegrityPolicyEnforcementStatus :
DeviceGuardUserModeCodeIntegrityPolicyEnforcementStatus :Microsoft Windows [Version 10.0.18362.1016]Windows 10 Pro
Networks
PS C:\Users\ariah> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : nickel
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-A8-B2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.219.99(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.219.254
DNS Servers . . . . . . . . . . . : 192.168.219.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.219.99 --- 0x4
Internet Address Physical Address Type
192.168.219.254 00-50-56-9e-59-95 dynamic
192.168.219.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\Users\ariah> netstat -ano | Select-String LIST
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 2000
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 1224
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 832
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 104
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 880
TCP 0.0.0.0:8089 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:33333 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 648
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 520
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 292
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1016
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 612
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 1924
TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 2000
TCP 192.168.219.99:139 0.0.0.0:0 LISTENING 4
TCP [::]:21 [::]:0 LISTENING 2000
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 832
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 104
TCP [::]:8089 [::]:0 LISTENING 4
TCP [::]:33333 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 648
TCP [::]:49665 [::]:0 LISTENING 520
TCP [::]:49666 [::]:0 LISTENING 292
TCP [::]:49667 [::]:0 LISTENING 1016
TCP [::]:49668 [::]:0 LISTENING 612
TCP [::]:49669 [::]:0 LISTENING 1924
TCP [::1]:14147 [::]:0 LISTENING 2000 TCP 127.0.0.1:14147 0.0.0.0:0 LISTENING 2000
Users & Groups
PS C:\Users\ariah> net users ; ls C:\Users
User accounts for \\NICKEL
-------------------------------------------------------------------------------
Administrator ariah DefaultAccount
Guest WDAGUtilityAccount
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 4/14/2022 4:51 AM Administrator
d----- 10/15/2020 7:23 AM ariah
d-r--- 9/1/2020 6:28 PM PublicPS C:\Users\ariah> net localgroup ; net group /DOMAIN
Aliases for \\NICKEL
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*ssh
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.ssh
Processes
PS C:\Users\ariah> cmd /c tasklist /svc ; ps
ERROR: Access denied
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
72 5 2044 168 1628 0 cmd
78 5 2336 3720 0.00 3736 0 cmd
119 6 1036 1184 2480 0 CompatTelRunner
610 25 36016 11052 3508 0 CompatTelRunner
156 10 6492 664 656 0 conhost
156 10 6524 640 660 0 conhost
156 10 6496 664 908 0 conhost
156 10 6480 620 1424 0 conhost
113 6 1140 4976 0.11 3076 0 conhost
156 10 6500 644 4476 0 conhost
463 16 1592 4660 424 0 csrss
170 10 1472 4432 528 1 csrss
254 14 3880 11532 2520 0 dllhost
639 23 22356 40180 924 1 dwm
139 15 6124 8112 2000 0 FileZilla Server
32 5 1452 3056 744 1 fontdrvhost
32 5 1368 3212 752 0 fontdrvhost
0 0 60 8 0 0 Idle
594 33 16496 56912 3016 1 LogonUI
995 22 4812 13580 648 0 lsass
0 0 156 4780 1484 0 Memory Compression
221 13 2556 8608 2820 0 msdtc
476 24 59816 2432 1496 0 powershell
530 26 61508 2588 1636 0 powershell
622 27 68336 3680 1644 0 powershell
797 29 96100 105408 0.75 4308 0 powershell
0 12 2660 9124 68 0 Registry
685 36 16156 17200 1212 0 SearchIndexer
370 11 3512 7416 612 0 services
89 6 2380 5512 3180 0 SgrmBroker
53 3 1148 1040 324 0 smss
112 11 2140 6192 1224 0 sshd
128 9 2456 7292 0.03 4040 0 sshd
119 9 2480 7416 4456 0 sshd
548 20 4544 13472 104 0 svchost
214 12 2352 9316 272 0 svchost
554 18 14836 19568 292 0 svchost
211 12 2592 11076 432 0 svchost
138 9 1672 7436 664 0 svchost
651 33 41980 51700 732 0 svchost
639 18 6440 16360 736 0 svchost
690 16 3944 10088 832 0 svchost
899 37 9872 24968 880 0 svchost
382 21 9108 13172 992 0 svchost
2086 74 34840 61324 1016 0 svchost
654 35 6884 18472 1160 0 svchost
425 24 3412 11088 1200 0 svchost
191 10 1788 7608 1588 0 svchost
126 9 1492 6172 1704 0 svchost
355 12 2180 9284 1716 0 svchost
413 32 6472 14956 1796 0 svchost
166 12 1672 7160 1924 0 svchost
533 24 14064 28172 1976 0 svchost
211 12 1804 7596 2948 0 svchost
223 13 5072 12660 3248 0 svchost
176 12 4120 13528 3480 0 svchost
219 14 2064 7356 3620 0 svchost
226 16 3964 13512 4500 0 svchost
265 15 4160 20400 4580 0 svchost
1583 0 192 128 4 0 System
165 11 2884 8320 1608 0 VGAuthService
138 8 1596 6328 1908 0 vm3dservice
134 9 1692 6708 2192 1 vm3dservice
404 24 10008 19192 2072 0 vmtoolsd
162 10 1792 8152 4784 0 VSSVC
156 11 1312 6484 520 0 wininit
239 12 2648 18788 588 1 winlogon
0 20 816 60 344 0 WmiApSrv
146 8 1456 7044 4492 0 WmiApSrv
486 18 9788 20228 2608 0 WmiPrvSE
391 19 15816 26112 3572 0 WmiPrvSETasks
PS C:\Users\ariah> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
Get-ScheduledTask : Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask
PS C:\Users\ariah> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\OneCore
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 3/6/2025 3:11:49 AM Running
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Ready
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 3/5/2025 12:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 3/11/2025 11:32:23 AM Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 3/6/2025 4:33:45 AM Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
RecommendedTroubleshootingScanner N/A Ready
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DirectXDatabaseUpdater N/A Ready
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\DUSM
TaskName Next Run Time Status
======================================== ====================== ===============
dusmtask N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Feedback
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Feedback\Siuf
TaskName Next Run Time Status
======================================== ====================== ===============
DmClient N/A Ready
DmClientOnScenarioDownload N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\FileHistory
TaskName Next Run Time Status
======================================== ====================== ===============
File History (maintenance mode) N/A Ready
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 3/5/2025 12:19:47 PM Ready
Folder: \Microsoft\Windows\HelloFace
TaskName Next Run Time Status
======================================== ====================== ===============
FODCleanupTask N/A Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates 3/5/2025 6:55:18 PM Ready
ScanForUpdatesAsUser N/A Ready
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\Live
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Management
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Management\Provisioning
TaskName Next Run Time Status
======================================== ====================== ===============
Cellular N/A Ready
Logon N/A Ready
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Ready
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Ready
RunFullMemoryDiagnostic N/A Ready
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Ready
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\NlaSvc
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
Folder: \Microsoft\Windows\Printing
TaskName Next Run Time Status
======================================== ====================== ===============
EduPrintProv N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\RetailDemo
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOfflineContent N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SettingSync
TaskName Next Run Time Status
======================================== ====================== ===============
BackgroundUploadTask N/A Ready
NetworkStateChangeTask N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
FamilySafetyMonitor N/A Ready
FamilySafetyRefreshTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
SpeechModelDownloadTask 3/6/2025 12:32:45 AM Ready
Folder: \Microsoft\Windows\StateRepository
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\Subscription
TaskName Next Run Time Status
======================================== ====================== ===============
EnableLicenseAcquisition N/A Ready
LicenseAcquisition N/A Disabled
Folder: \Microsoft\Windows\Sysmain
TaskName Next Run Time Status
======================================== ====================== ===============
HybridDriveCachePrepopulate N/A Disabled
HybridDriveCacheRebalance N/A Disabled
ResPriStaticDbSync N/A Ready
WsSwapAssessmentTask N/A Ready
Folder: \Microsoft\Windows\SystemRestore
TaskName Next Run Time Status
======================================== ====================== ===============
SR N/A Ready
Folder: \Microsoft\Windows\termsrv
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\termsrv\RemoteFX
TaskName Next Run Time Status
======================================== ====================== ===============
RemoteFXvGPUDisableTask N/A Ready
RemoteFXWarningTask 4/3/2025 1:00:00 PM Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UNP
TaskName Next Run Time Status
======================================== ====================== ===============
RunUpdateNotificationMgr 3/6/2025 1:56:18 PM Ready
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Ready
Folder: \Microsoft\Windows\USB
TaskName Next Run Time Status
======================================== ====================== ===============
Usb-Notifications N/A Ready
Folder: \Microsoft\Windows\WCM
TaskName Next Run Time Status
======================================== ====================== ===============
WiFiTask N/A Ready
Folder: \Microsoft\Windows\Windows Defender
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan N/A Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 3/5/2025 12:25:08 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start N/A Disabled
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
Folder: \Microsoft\Windows\WlanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
CDSSync N/A Ready
Folder: \Microsoft\Windows\Work Folders
TaskName Next Run Time Status
======================================== ====================== ===============
Work Folders Logon Synchronization N/A Ready
Work Folders Maintenance Work N/A Ready
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Device-Sync N/A Disabled
Recovery-Check N/A Disabled
Folder: \Microsoft\Windows\WwanSvc
TaskName Next Run Time Status
======================================== ====================== ===============
NotificationTask N/A Ready
Folder: \Microsoft\XblGameSave
TaskName Next Run Time Status
======================================== ====================== ===============
XblGameSaveTask N/A ReadyInstalled Programs
PS C:\Users\ariah> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft
\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Sele
FileZilla Server
Microsoft Edge
Microsoft Edge Update
Microsoft Update Health Tools
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.27.29016
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.27.29016
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.27.29016
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.27.29016
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.27.29016
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.27.29016
VMware ToolsFirewall & AV
PS C:\Users\ariah> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .Firewall is disabled
PS C:\Users\ariah> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Get-MpComputerStatus : Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpComputerStatus:String) [Get-MpComputerStatus], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpComputerStatus
Get-MpPreference : Cannot connect to CIM server. Access denied
At line:1 char:24
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpPreference:String) [Get-MpPreference], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpPreferenceSession Architecture
PS C:\Users\ariah> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Users\ariah> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 9451-68F7
Directory of C:\Windows\Microsoft.NET\Framework
03/18/2019 08:52 PM <DIR> .
03/18/2019 08:52 PM <DIR> ..
03/18/2019 08:52 PM <DIR> v1.0.3705
03/18/2019 08:52 PM <DIR> v1.1.4322
03/18/2019 08:52 PM <DIR> v2.0.50727
03/05/2025 11:39 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 7,662,829,568 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ea8
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03752
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.03752