System/Kernel
PS C:\Users\tyler> cmd /c ver
Microsoft Windows [Version 10.0.17763.1821]
PS C:\Users\tyler> systeminfo ; Get-ComputerInfo
ERROR: Access denied
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerDatacenter
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 3/17/2021 2:59:06 PM
WindowsProductId : 00430-00000-00000-AA602
WindowsProductName : Windows Server 2019 Datacenter
WindowsRegisteredOrganization : Amazon.com
WindowsRegisteredOwner : EC2
WindowsSystemRoot : C:\Windows
WindowsVersion : 1809
OsServerLevel : FullServer
TimeZone : (UTC) Coordinated Universal Time
PowerPlatformRole : Desktop
DeviceGuardSmartStatus : OffMicrosoft Windows [Version 10.0.17763.1821]WindowsEditionId : ServerDatacenterWindowsInstallationType : ServerWindowsProductName : Windows Server 2019 DatacenterPowerPlatformRole : Desktop
Networks
PS C:\Users\tyler> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : hacksmartersec
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu-west-1.ec2-utilities.amazonaws.com
eu-west-1.compute.internal
Ethernet adapter Ethernet 3:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Description . . . . . . . . . . . : Amazon Elastic Network Adapter
Physical Address. . . . . . . . . : 02-E3-36-EF-BF-3D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d192:6b56:7251:3390%4(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.183.209(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Saturday, July 5, 2025 1:54:17 PM
Lease Expires . . . . . . . . . . : Saturday, July 5, 2025 4:24:17 PM
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 134353458
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-27-E3-D1-2B-0E-F8-30-D0-72-3F
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 10.10.183.209 --- 0x4
Internet Address Physical Address Type
10.10.0.1 02-c8-85-b5-5a-aa dynamic
10.10.255.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Can't find file routePS C:\Users\tyler> netstat -ano | Select-String LIST
TCP 0.0.0.0:21 0.0.0.0:0 LISTENING 1888
TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 2124
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 844
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1311 0.0.0.0:0 LISTENING 1956
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 964
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 512
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 664
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 956
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 1808
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 600
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 624
TCP 10.10.183.209:139 0.0.0.0:0 LISTENING 4
TCP [::]:21 [::]:0 LISTENING 1888
TCP [::]:22 [::]:0 LISTENING 2124
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 844
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:1311 [::]:0 LISTENING 1956
TCP [::]:3389 [::]:0 LISTENING 964
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 512
TCP [::]:49665 [::]:0 LISTENING 664
TCP [::]:49666 [::]:0 LISTENING 956
TCP [::]:49667 [::]:0 LISTENING 1808
TCP [::]:49670 [::]:0 LISTENING 600
TCP [::]:49673 [::]:0 LISTENING 624Users & Groups
PS C:\Users\tyler> net users ; net user /DOMAIN ; ls C:\Users
User accounts for \\HACKSMARTERSEC
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
sshd tyler WDAGUtilityAccount
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 7/5/2025 2:04 PM Administrator
d-r--- 12/12/2018 7:45 AM Public
d----- 6/30/2023 7:10 PM tylerPS C:\Users\tyler> net localgroup ; net group /DOMAIN
Aliases for \\HACKSMARTERSEC
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Storage Replica Administrators
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
System error 1355 has occurred.
The specified domain either does not exist or could not be contacted.Processes
PS C:\Users\tyler> Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service | ? { $_.ProcessId -eq $_.ProcessId }).Name -jo
in ", "; $u = $_.GetOwner(); [PSCustomObject]@{ Name = $_.Name; PID = $_.ProcessId; User = "$($u.Domain)$($u.User)"} } | ft -AutoSize
Get-WmiObject : Access denied
At line:1 char:1
+ Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
PS C:\Users\tyler> cmd /c tasklist /svc ; ps
ERROR: Access denied
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
148 10 15492 13992 3824 0 amazon-ssm-agent
78 5 3396 4172 0.02 2556 0 cmd
113 7 1288 5084 0.28 724 0 conhost
154 9 6628 12512 1116 0 conhost
151 9 6596 13132 3912 0 conhost
352 13 2176 5204 388 0 csrss
161 9 1668 4752 464 1 csrss
883 36 191008 169672 1956 0 dsm_om_connsvc64
539 22 16284 38436 916 1 dwm
49 6 1412 4288 752 0 fontdrvhost
49 6 1632 4744 756 1 fontdrvhost
0 0 56 8 0 0 Idle
462 25 11188 43204 3004 1 LogonUI
988 23 6188 16176 624 0 lsass
222 13 2956 10272 1368 0 msdtc
697 94 261412 245236 2112 0 MsMpEng
206 11 3900 10828 3228 0 NisSrv
939 32 69804 83500 1.64 2284 0 powershell
0 12 312 21344 84 0 Registry
313 10 3684 7832 600 0 services
53 3 496 1176 284 0 smss
204 11 1740 8824 1564 0 spoofer-scheduler
469 22 5544 16556 1808 0 spoolsv
120 12 1796 7072 2124 0 sshd
124 9 2080 7676 3656 0 sshd
131 10 2264 7364 0.06 4004 0 sshd
168 12 16180 17580 3904 0 ssm-agent-worker
441 26 8864 16652 60 0 svchost
517 17 11236 17932 664 0 svchost
581 17 4696 14456 728 0 svchost
457 16 3140 9204 844 0 svchost
1309 45 31240 56284 956 0 svchost
574 20 4708 14864 964 0 svchost
497 26 6688 17384 1128 0 svchost
672 39 8952 22960 1200 0 svchost
311 11 2016 8864 1208 0 svchost
352 16 9580 14184 1264 0 svchost
405 32 9060 18004 1380 0 svchost
158 8 1376 6376 1636 0 svchost
164 12 3884 10864 1872 0 svchost
326 16 4648 12220 1888 0 svchost
202 11 1620 7180 1996 0 svchost
232 14 4700 11972 2008 0 svchost
198 10 2028 8160 2092 0 svchost
162 10 1916 7420 2652 0 svchost
1247 0 192 156 4 0 System
172 11 1324 6788 512 0 wininit
250 12 2616 15720 532 1 winlogon883 36 191008 169672 1956 0 dsm_om_connsvc64204 11 1740 8824 1564 0 spoofer-scheduler469 22 5544 16556 1808 0 spoolsv
Tasks
PS C:\Users\tyler> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
Get-ScheduledTask : Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask
PS C:\Users\tyler> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 7/6/2025 4:29:50 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 7/5/2025 6:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 7/27/2025 1:51:50 PM Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 7/6/2025 3:41:48 AM Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 7/6/2025 2:15:52 AM Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\Server Manager
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\Software Inventory Logging
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
SpeechModelDownloadTask 7/6/2025 12:08:18 AM Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\termsrv
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\termsrv\RemoteFX
TaskName Next Run Time Status
======================================== ====================== ===============
RemoteFXvGPUDisableTask N/A Ready
RemoteFXWarningTask 8/1/2025 1:00:00 PM Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
Folder: \Microsoft\Windows\Windows Defender
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan 7/6/2025 3:40:31 AM Ready
Windows Defender Verification N/A Ready
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 7/5/2025 4:13:15 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 7/6/2025 1:52:48 PM Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Recovery-Check N/A DisabledServices
PS C:\Users\tyler> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S'
-and $_ -notmatch 'C:\Windows\System32' } | Select-Object
ERROR:
Description = Access denied
PS C:\Users\tyler> Get-Service
Get-Service : Cannot open Service Control Manager on computer '.'. This operation might require other privileges.
At line:1 char:1
+ Get-Service
+ ~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-Service], InvalidOperationException
+ FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.PowerShell.Commands.GetServiceCommand
PS C:\Users\tyler> net start
System error 5 has occurred.
Access is denied.Installed Programs
PS C:\Users\tyler> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft
\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Sele
ct-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique ; ls "C:\Program Files"
; ls "C:\Program Files (x86)"
Amazon SSM Agent
AWS PV Drivers
AWS Tools for Windows
aws-cfn-bootstrap
CAIDA IP Spoofing Tester client
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026
Microsoft Visual C++ 2015 x86 Additional Runtime - 14.0.23026
Microsoft Visual C++ 2015 x86 Minimum Runtime - 14.0.23026
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29910
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29910
Systems Management Software (64-Bit)
WinPcap 4.1.3
Directory: C:\Program Files
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/11/2021 7:28 AM Amazon
d----- 9/15/2018 7:28 AM Common Files
d----- 6/30/2023 6:42 PM Dell
d----- 9/9/2020 4:37 AM internet explorer
d-r--- 1/13/2021 9:21 PM Windows Defender
d----- 3/11/2021 9:20 AM Windows Defender Advanced Threat Protection
d----- 9/15/2018 7:19 AM Windows Mail
d----- 1/13/2021 9:21 PM Windows Media Player
d----- 9/15/2018 7:19 AM Windows Multimedia Platform
d----- 9/15/2018 7:28 AM windows nt
d----- 1/13/2021 9:21 PM Windows Photo Viewer
d----- 9/15/2018 7:19 AM Windows Portable Devices
d----- 9/15/2018 7:19 AM Windows Security
d----- 9/15/2018 7:19 AM WindowsPowerShell
Directory: C:\Program Files (x86)
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/11/2021 7:29 AM AWS SDK for .NET
d----- 3/11/2021 7:29 AM AWS Tools
d----- 9/15/2018 7:28 AM Common Files
d----- 3/18/2020 6:47 AM Internet Explorer
d----- 9/15/2018 7:19 AM Microsoft.NET
d----- 6/30/2023 6:57 PM Spoofer
d----- 1/13/2021 9:21 PM Windows Defender
d----- 9/15/2018 7:19 AM Windows Mail
d----- 1/13/2021 9:21 PM Windows Media Player
d----- 9/15/2018 7:19 AM Windows Multimedia Platform
d----- 9/15/2018 7:28 AM windows nt
d----- 1/13/2021 9:21 PM Windows Photo Viewer
d----- 9/15/2018 7:19 AM Windows Portable Devices
d----- 9/15/2018 7:19 AM WindowsPowerShell
d----- 6/30/2023 6:57 PM WinPcapAmazon SSM AgentAWS PV DriversAWS Tools for Windowsaws-cfn-bootstrapCAIDA IP Spoofing Tester clientSystems Management Software (64-Bit)WinPcap 4.1.3
Firewall & AV
PS C:\Users\tyler> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
21 TCP Enable Inbound FTP
22 TCP Enable Inbound SSH
1311 TCP Enable Inbound SrvMgr
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
21 TCP Enable Inbound FTP
22 TCP Enable Inbound SSH
1311 TCP Enable Inbound SrvMgr
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\Users\tyler> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Get-MpComputerStatus : Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpComputerStatus:String) [Get-MpComputerStatus], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpComputerStatus
Get-MpPreference : Cannot connect to CIM server. Access denied
At line:1 char:24
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpPreference:String) [Get-MpPreference], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpPreferenceSession Architecture
PS C:\Users\tyler> [Environment]::Is64BitProcess
True Installed .NET Frameworks
PS C:\Users\tyler> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Fram
ework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is A8A4-C362
Directory of C:\Windows\Microsoft.NET\Framework
09/15/2018 07:19 AM <DIR> .
09/15/2018 07:19 AM <DIR> ..
09/15/2018 07:19 AM <DIR> v1.0.3705
09/15/2018 07:19 AM <DIR> v1.1.4322
09/15/2018 07:19 AM <DIR> v2.0.50727
07/05/2025 02:04 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 14,076,809,216 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.03761