๐ฆ XMDR
Get access to XDMR, query folders or files and download. Lots of walking aroudn them, figured out the 2 c2s. Was able to extract 1 from downloads. then get the remaining info from the gtrs c2 using google translate, from the chrome history. Decode the urls and uudecode, to tget the flag.
Endpoint Alerts
Defender Status
Real-time protection: Enabled
Engine version: 1.1.23100.5 ยท AV signature: 1.437.210.0
Recent Alerts
HackTool:Win32
Severe
Detected by: Real-time protection
Object: C:\\\\Users\\\\Administrator\\\\Downloads\\\\GTRS-main.zip
Action: Removed
Time: 2025-09-29 10:12:03
HackTool:Win32
High
Detected by: On-demand scan
Object: C:\\\\Users\\\\Administrator\\\\Downloads\\\\BabyShark-main.zip
Action: Removed
Time: 2025-09-29 09:45:41
List Running Processes
Image Name PID Session Name Session# Mem Usage
System Idle Process 0 Services 0 4 K
System 4 Services 0 140 K
smss.exe 280 Services 0 1,188 K
csrss.exe 364 Services 0 4,780 K
wininit.exe 444 Services 0 5,364 K
csrss.exe 452 Console 1 4,276 K
winlogon.exe 504 Console 1 13,284 K
services.exe 572 Services 0 8,488 K
lsass.exe 580 Services 0 14,560 K
svchost.exe 664 Services 0 13,852 K
svchost.exe 724 Services 0 8,340 K
svchost.exe 852 Services 0 12,188 K
svchost.exe 864 Services 0 61,072 K
svchost.exe 888 Services 0 17,224 K
dwm.exe 912 Console 1 30,480 K
svchost.exe 920 Services 0 11,808 K
svchost.exe 384 Services 0 15,636 K
svchost.exe 684 Services 0 18,824 K
svchost.exe 1060 Services 0 21,472 K
svchost.exe 1084 Services 0 7,388 K
spoolsv.exe 1540 Services 0 16,160 K
svchost.exe 1688 Services 0 8,228 K
svchost.exe 1696 Services 0 8,420 K
LiteAgent.exe 1772 Services 0 4,864 K
nssm.exe 1852 Services 0 6,092 K
MsMpEng.exe 1872 Services 0 250,036 K
MpDefenderCoreService.exe 1880 Services 0 15,964 K
python.exe 1108 Services 0 2,180 K
conhost.exe 1292 Services 0 5,980 K
python.exe 1500 Services 0 34,908 K
CompatTelRunner.exe 2156 Services 0 1,112 K
svchost.exe 2176 Services 0 7,568 K
updater.exe 2324 Services 0 10,860 K
updater.exe 2340 Services 0 8,216 K
conhost.exe 2416 Services 0 1,812 K
updater.exe 2628 Services 0 11,368 K
updater.exe 2644 Services 0 8,192 K
updater.exe 2724 Services 0 16,200 K
LogonUI.exe 2744 Console 1 44,276 K
updater.exe 2752 Services 0 8,180 K
MpDefenderCoreService.exe 2884 Services 0 15,556 K
MpDefenderCoreService.exe 3008 Services 0 15,524 K
MpCmdRun.exe 2088 Services 0 8,368 K
conhost.exe 3004 Services 0 5,820 K
MpCmdRun.exe 1200 Services 0 10,888 K
conhost.exe 2420 Services 0 5,788 K
NisSrv.exe 2300 Services 0 26,872 K
svchost.exe 2004 Services 0 7,636 K
WmiPrvSE.exe 2240 Services 0 11,508 K
svchost.exe 3260 Services 0 7,056 K
amazon-ssm-agent.exe 3468 Services 0 14,104 K
cmd.exe 3524 Services 0 2,612 K
tasklist.exe 3544 Services 0 7,932 K
List Services
Service Display Name State Type
AJRouter AllJoyn Router Service STOPPED WIN32_SHARE_PROCESS
ALG Application Layer Gateway Service STOPPED WIN32_OWN_PROCESS
AmazonSSMAgent Amazon SSM Agent STOPPED WIN32_OWN_PROCESS
AppIDSvc Application Identity STOPPED WIN32_SHARE_PROCESS
Appinfo Application Information STOPPED WIN32_SHARE_PROCESS
AppMgmt Application Management STOPPED WIN32_SHARE_PROCESS
AppReadiness App Readiness STOPPED WIN32_SHARE_PROCESS
AppVClient Microsoft App-V Client STOPPED WIN32_OWN_PROCESS
AppXSvc AppX Deployment Service (AppXSVC) STOPPED WIN32_SHARE_PROCESS
AudioEndpointBuilder Windows Audio Endpoint Builder STOPPED WIN32_SHARE_PROCESS
Audiosrv Windows Audio STOPPED WIN32_OWN_PROCESS
AWSLiteAgent AWS Lite Guest Agent STOPPED WIN32_OWN_PROCESS
AxInstSV ActiveX Installer (AxInstSV) STOPPED WIN32_SHARE_PROCESS
BFE Base Filtering Engine RUNNING WIN32_SHARE_PROCESS
BITS Background Intelligent Transfer Service RUNNING WIN32_SHARE_PROCESS
BrokerInfrastructure Background Tasks Infrastructure Service RUNNING WIN32_SHARE_PROCESS
Browser Computer Browser STOPPED WIN32_SHARE_PROCESS
bthserv Bluetooth Support Service STOPPED WIN32_SHARE_PROCESS
CDPSvc Connected Devices Platform Service STOPPED WIN32_SHARE_PROCESS
CertPropSvc Certificate Propagation RUNNING WIN32_SHARE_PROCESS
cfn-hup CloudFormation cfn-hup STOPPED WIN32_OWN_PROCESS
ClipSVC Client License Service (ClipSVC) RUNNING WIN32_SHARE_PROCESS
COMSysApp COM+ System Application STOPPED WIN32_OWN_PROCESS
CoreMessagingRegistrar CoreMessaging RUNNING WIN32_SHARE_PROCESS
CryptSvc Cryptographic Services RUNNING WIN32_SHARE_PROCESS
CscService Offline Files STOPPED WIN32_SHARE_PROCESS
DcomLaunch DCOM Server Process Launcher RUNNING WIN32_SHARE_PROCESS
DcpSvc DataCollectionPublishingService STOPPED WIN32_SHARE_PROCESS
defragsvc Optimize drives STOPPED WIN32_OWN_PROCESS
DeviceAssociationService Device Association Service STOPPED WIN32_SHARE_PROCESS
DeviceInstall Device Install Service RUNNING WIN32_SHARE_PROCESS
DevQueryBroker DevQuery Background Discovery Broker STOPPED WIN32_SHARE_PROCESS
Dhcp DHCP Client RUNNING WIN32_SHARE_PROCESS
diagnosticshub.standardcollector.service Microsoft (R) Diagnostics Hub Standard Collector Service STOPPED WIN32_OWN_PROCESS
DiagTrack Connected User Experiences and Telemetry STOPPED WIN32_OWN_PROCESS
DmEnrollmentSvc Device Management Enrollment Service STOPPED WIN32_OWN_PROCESS
dmwappushservice dmwappushsvc STOPPED WIN32_SHARE_PROCESS
Dnscache DNS Client RUNNING WIN32_SHARE_PROCESS
dot3svc Wired AutoConfig STOPPED WIN32_SHARE_PROCESS
DPS Diagnostic Policy Service STOPPED WIN32_SHARE_PROCESS
DsmSvc Device Setup Manager STOPPED WIN32_SHARE_PROCESS
DsSvc Data Sharing Service STOPPED WIN32_SHARE_PROCESS
Eaphost Extensible Authentication Protocol STOPPED WIN32_SHARE_PROCESS
EFS Encrypting File System (EFS) STOPPED WIN32_SHARE_PROCESS
embeddedmode Embedded Mode STOPPED WIN32_SHARE_PROCESS
EntAppSvc Enterprise App Management Service STOPPED WIN32_SHARE_PROCESS
EventLog Windows Event Log RUNNING WIN32_SHARE_PROCESS
EventSystem COM+ Event System RUNNING WIN32_SHARE_PROCESS
fdPHost Function Discovery Provider Host STOPPED WIN32_SHARE_PROCESS
FDResPub Function Discovery Resource Publication STOPPED WIN32_SHARE_PROCESS
FontCache Windows Font Cache Service RUNNING WIN32_SHARE_PROCESS
FrameServer Windows Camera Frame Server STOPPED WIN32_SHARE_PROCESS
GoogleChromeElevationService Google Chrome Elevation Service (GoogleChromeElevationService) STOPPED WIN32_OWN_PROCESS
GoogleUpdaterInternalService142.0.7416.0 Google Updater Internal Service (GoogleUpdaterInternalService142.0.7416.0) STOPPED WIN32_OWN_PROCESS
GoogleUpdaterService142.0.7416.0 Google Updater Service (GoogleUpdaterService142.0.7416.0) STOPPED WIN32_OWN_PROCESS
gpsvc Group Policy Client RUNNING WIN32_SHARE_PROCESS
hidserv Human Interface Device Service STOPPED WIN32_SHARE_PROCESS
HvHost HV Host Service STOPPED WIN32_SHARE_PROCESS
icssvc Windows Mobile Hotspot Service STOPPED WIN32_SHARE_PROCESS
IKEEXT IKE and AuthIP IPsec Keying Modules STOPPED WIN32_SHARE_PROCESS
iphlpsvc IP Helper RUNNING WIN32_SHARE_PROCESS
KeyIso CNG Key Isolation RUNNING WIN32_SHARE_PROCESS
KPSSVC KDC Proxy Server service (KPS) STOPPED WIN32_SHARE_PROCESS
KtmRm KtmRm for Distributed Transaction Coordinator STOPPED WIN32_SHARE_PROCESS
LanmanServer Server RUNNING WIN32_SHARE_PROCESS
LanmanWorkstation Workstation RUNNING WIN32_SHARE_PROCESS
lfsvc Geolocation Service STOPPED WIN32_SHARE_PROCESS
LicenseManager Windows License Manager Service RUNNING WIN32_SHARE_PROCESS
lltdsvc Link-Layer Topology Discovery Mapper STOPPED WIN32_SHARE_PROCESS
lmhosts TCP/IP NetBIOS Helper RUNNING WIN32_SHARE_PROCESS
LSM Local Session Manager RUNNING WIN32_SHARE_PROCESS
MapsBroker Downloaded Maps Manager STOPPED WIN32_OWN_PROCESS
MDCoreSvc Microsoft Defender Core Service RUNNING WIN32_OWN_PROCESS
MpsSvc Windows Firewall RUNNING WIN32_SHARE_PROCESS
MSDTC Distributed Transaction Coordinator STOPPED WIN32_OWN_PROCESS
MSiSCSI Microsoft iSCSI Initiator Service STOPPED WIN32_SHARE_PROCESS
msiserver Windows Installer STOPPED WIN32_OWN_PROCESS
NcaSvc Network Connectivity Assistant STOPPED WIN32_SHARE_PROCESS
NcbService Network Connection Broker RUNNING WIN32_SHARE_PROCESS
Netlogon Netlogon STOPPED WIN32_SHARE_PROCESS
Netman Network Connections STOPPED WIN32_SHARE_PROCESS
netprofm Network List Service RUNNING WIN32_SHARE_PROCESS
NetSetupSvc Network Setup Service RUNNING WIN32_SHARE_PROCESS
NetTcpPortSharing Net.Tcp Port Sharing Service STOPPED WIN32_SHARE_PROCESS
NgcCtnrSvc Microsoft Passport Container STOPPED WIN32_SHARE_PROCESS
NgcSvc Microsoft Passport STOPPED WIN32_SHARE_PROCESS
NlaSvc Network Location Awareness RUNNING WIN32_SHARE_PROCESS
nsi Network Store Interface Service RUNNING WIN32_SHARE_PROCESS
PcaSvc Program Compatibility Assistant Service RUNNING WIN32_SHARE_PROCESS
PerfHost Performance Counter DLL Host STOPPED WIN32_OWN_PROCESS
PhoneSvc Phone Service STOPPED WIN32_SHARE_PROCESS
pla Performance Logs & Alerts STOPPED WIN32_SHARE_PROCESS
PlugPlay Plug and Play RUNNING WIN32_SHARE_PROCESS
PolicyAgent IPsec Policy Agent RUNNING WIN32_SHARE_PROCESS
Power Power RUNNING WIN32_SHARE_PROCESS
PrintNotify Printer Extensions and Notifications STOPPED (interactive)
ProfSvc User Profile Service RUNNING WIN32_SHARE_PROCESS
QWAVE Quality Windows Audio Video Experience STOPPED WIN32_SHARE_PROCESS
RasAuto Remote Access Auto Connection Manager STOPPED WIN32_SHARE_PROCESS
RasMan Remote Access Connection Manager STOPPED WIN32_SHARE_PROCESS
RemoteAccess Routing and Remote Access STOPPED WIN32_SHARE_PROCESS
RemoteRegistry Remote Registry RUNNING WIN32_SHARE_PROCESS
RmSvc Radio Management Service STOPPED WIN32_SHARE_PROCESS
RpcEptMapper RPC Endpoint Mapper RUNNING WIN32_SHARE_PROCESS
RpcLocator Remote Procedure Call (RPC) Locator STOPPED WIN32_OWN_PROCESS
RpcSs Remote Procedure Call (RPC) RUNNING WIN32_SHARE_PROCESS
RSoPProv Resultant Set of Policy Provider STOPPED WIN32_SHARE_PROCESS
sacsvr Special Administration Console Helper STOPPED WIN32_SHARE_PROCESS
SamSs Security Accounts Manager RUNNING WIN32_SHARE_PROCESS
SCardSvr Smart Card STOPPED WIN32_SHARE_PROCESS
ScDeviceEnum Smart Card Device Enumeration Service STOPPED WIN32_SHARE_PROCESS
Schedule Task Scheduler RUNNING WIN32_SHARE_PROCESS
SCPolicySvc Smart Card Removal Policy STOPPED WIN32_SHARE_PROCESS
seclogon Secondary Logon STOPPED WIN32_SHARE_PROCESS
SENS System Event Notification Service RUNNING WIN32_SHARE_PROCESS
SensorDataService Sensor Data Service STOPPED WIN32_OWN_PROCESS
SensorService Sensor Service STOPPED WIN32_SHARE_PROCESS
SensrSvc Sensor Monitoring Service STOPPED WIN32_SHARE_PROCESS
SessionEnv Remote Desktop Configuration RUNNING WIN32_SHARE_PROCESS
SharedAccess Internet Connection Sharing (ICS) STOPPED WIN32_SHARE_PROCESS
ShellHWDetection Shell Hardware Detection RUNNING WIN32_SHARE_PROCESS
smphost Microsoft Storage Spaces SMP STOPPED WIN32_OWN_PROCESS
SNMPTRAP SNMP Trap STOPPED WIN32_OWN_PROCESS
Spooler Print Spooler RUNNING (interactive)
sppsvc Software Protection STOPPED WIN32_OWN_PROCESS
SSDPSRV SSDP Discovery RUNNING WIN32_SHARE_PROCESS
SstpSvc Secure Socket Tunneling Protocol Service STOPPED WIN32_SHARE_PROCESS
StateRepository State Repository Service RUNNING WIN32_SHARE_PROCESS
stisvc Windows Image Acquisition (WIA) STOPPED WIN32_OWN_PROCESS
StorSvc Storage Service STOPPED WIN32_SHARE_PROCESS
svsvc Spot Verifier STOPPED WIN32_SHARE_PROCESS
swprv Microsoft Software Shadow Copy Provider STOPPED WIN32_OWN_PROCESS
SysMain Superfetch STOPPED WIN32_SHARE_PROCESS
SystemEventsBroker System Events Broker RUNNING WIN32_SHARE_PROCESS
TabletInputService Touch Keyboard and Handwriting Panel Service STOPPED WIN32_SHARE_PROCESS
TapiSrv Telephony STOPPED WIN32_SHARE_PROCESS
TermService Remote Desktop Services RUNNING WIN32_SHARE_PROCESS
Themes Themes RUNNING WIN32_SHARE_PROCESS
TieringEngineService Storage Tiers Management STOPPED WIN32_OWN_PROCESS
tiledatamodelsvc Tile Data model server RUNNING WIN32_SHARE_PROCESS
TimeBrokerSvc Time Broker RUNNING WIN32_SHARE_PROCESS
TrkWks Distributed Link Tracking Client RUNNING WIN32_SHARE_PROCESS
TrustedInstaller Windows Modules Installer STOPPED WIN32_OWN_PROCESS
tzautoupdate Auto Time Zone Updater STOPPED WIN32_SHARE_PROCESS
UALSVC User Access Logging Service STOPPED WIN32_SHARE_PROCESS
UevAgentService User Experience Virtualization Service STOPPED WIN32_OWN_PROCESS
UI0Detect Interactive Services Detection STOPPED (interactive)
UmRdpService Remote Desktop Services UserMode Port Redirector RUNNING WIN32_SHARE_PROCESS
upnphost UPnP Device Host STOPPED WIN32_SHARE_PROCESS
UserManager User Manager RUNNING WIN32_SHARE_PROCESS
UsoSvc Update Orchestrator Service for Windows Update STOPPED WIN32_SHARE_PROCESS
VaultSvc Credential Manager STOPPED WIN32_SHARE_PROCESS
vds Virtual Disk STOPPED WIN32_OWN_PROCESS
vmicguestinterface Hyper-V Guest Service Interface STOPPED WIN32_SHARE_PROCESS
vmicheartbeat Hyper-V Heartbeat Service STOPPED WIN32_SHARE_PROCESS
vmickvpexchange Hyper-V Data Exchange Service STOPPED WIN32_SHARE_PROCESS
vmicrdv Hyper-V Remote Desktop Virtualization Service STOPPED WIN32_SHARE_PROCESS
vmicshutdown Hyper-V Guest Shutdown Service STOPPED WIN32_SHARE_PROCESS
vmictimesync Hyper-V Time Synchronization Service STOPPED WIN32_SHARE_PROCESS
vmicvmsession Hyper-V PowerShell Direct Service STOPPED WIN32_SHARE_PROCESS
vmicvss Hyper-V Volume Shadow Copy Requestor STOPPED WIN32_SHARE_PROCESS
VSS Volume Shadow Copy STOPPED WIN32_OWN_PROCESS
W32Time Windows Time RUNNING WIN32_SHARE_PROCESS
WalletService WalletService STOPPED WIN32_SHARE_PROCESS
WbioSrvc Windows Biometric Service STOPPED WIN32_SHARE_PROCESS
Wcmsvc Windows Connection Manager RUNNING WIN32_OWN_PROCESS
WdiServiceHost Diagnostic Service Host STOPPED WIN32_SHARE_PROCESS
WdiSystemHost Diagnostic System Host STOPPED WIN32_SHARE_PROCESS
WdNisSvc Microsoft Defender Antivirus Network Inspection Service RUNNING WIN32_OWN_PROCESS
Wecsvc Windows Event Collector STOPPED WIN32_SHARE_PROCESS
WEPHOSTSVC Windows Encryption Provider Host Service STOPPED WIN32_SHARE_PROCESS
wercplsupport Problem Reports and Solutions Control Panel Support STOPPED WIN32_SHARE_PROCESS
WerSvc Windows Error Reporting Service STOPPED WIN32_OWN_PROCESS
WiaRpc Still Image Acquisition Events STOPPED WIN32_SHARE_PROCESS
WinDefend Microsoft Defender Antivirus Service RUNNING WIN32_OWN_PROCESS
WinHttpAutoProxySvc WinHTTP Web Proxy Auto-Discovery Service RUNNING WIN32_SHARE_PROCESS
Winmgmt Windows Management Instrumentation RUNNING WIN32_SHARE_PROCESS
WinRM Windows Remote Management (WS-Management) RUNNING WIN32_SHARE_PROCESS
wisvc Windows Insider Service STOPPED WIN32_SHARE_PROCESS
wlidsvc Microsoft Account Sign-in Assistant RUNNING WIN32_SHARE_PROCESS
wmiApSrv WMI Performance Adapter STOPPED WIN32_OWN_PROCESS
WPDBusEnum Portable Device Enumerator Service RUNNING WIN32_SHARE_PROCESS
WpnService Windows Push Notifications System Service RUNNING WIN32_SHARE_PROCESS
WSearch Windows Search STOPPED WIN32_OWN_PROCESS
wuauserv Windows Update RUNNING WIN32_SHARE_PROCESS
wudfsvc Windows Driver Foundation - User-mode Driver Framework STOPPED WIN32_SHARE_PROCESS
XblAuthManager Xbox Live Auth Manager STOPPED WIN32_SHARE_PROCESS
XblGameSave Xbox Live Game Save STOPPED WIN32_SHARE_PROCESS
XMDR XMDR RUNNING WIN32_OWN_PROCESS
List Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1500
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 724
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 852
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 444
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 888
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 864
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1540
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 572
TCP 0.0.0.0:49687 0.0.0.0:0 LISTENING 580
TCP 10.1.175.121:80 10.254.254.111:35866 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:35876 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:35884 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:35898 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:35906 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:38788 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:42140 TIME_WAIT 0
TCP 10.1.175.121:80 10.254.254.111:44666 TIME_WAIT 0
TCP 10.1.175.121:139 0.0.0.0:0 LISTENING 4
TCP 10.1.175.121:3389 10.0.1.243:22942 CLOSE_WAIT 852
TCP 10.1.175.121:49666 23.55.176.237:80 TIME_WAIT 0
TCP 10.1.175.121:49671 23.214.232.83:80 TIME_WAIT 0
TCP 10.1.175.121:49676 23.214.232.83:80 TIME_WAIT 0
TCP 10.1.175.121:49678 23.214.232.83:80 TIME_WAIT 0
TCP 10.1.175.121:49682 199.232.214.172:80 ESTABLISHED 2884
TCP 10.1.175.121:49683 23.33.192.6:80 ESTABLISHED 2884
TCP 10.1.175.121:49684 40.79.173.41:443 ESTABLISHED 3008
TCP 10.1.175.121:49686 23.33.192.6:80 ESTABLISHED 3008
TCP 10.1.175.121:49693 40.126.62.131:443 TIME_WAIT 0
TCP 10.1.175.121:49694 23.33.192.6:80 ESTABLISHED 864
TCP 10.1.175.121:49695 74.178.240.61:443 TIME_WAIT 0
TCP 10.1.175.121:49696 172.183.192.109:443 TIME_WAIT 0
TCP 10.1.175.121:49697 23.33.192.6:80 TIME_WAIT 0
TCP 10.1.175.121:49698 40.126.62.131:443 TIME_WAIT 0
TCP 10.1.175.121:49699 23.214.232.83:80 TIME_WAIT 0
TCP 10.1.175.121:49703 40.126.62.131:443 TIME_WAIT 0
TCP 10.1.175.121:49704 132.196.74.208:443 TIME_WAIT 0
TCP 10.1.175.121:49705 40.126.62.131:443 TIME_WAIT 0
TCP 10.1.175.121:49706 199.232.210.172:80 TIME_WAIT 0
TCP 10.1.175.121:49707 40.126.62.131:443 TIME_WAIT 0
TCP 10.1.175.121:49710 92.223.96.6:80 ESTABLISHED 864
TCP [::]:135 [::]:0 LISTENING 724
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 852
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 444
TCP [::]:49665 [::]:0 LISTENING 888
TCP [::]:49667 [::]:0 LISTENING 864
TCP [::]:49668 [::]:0 LISTENING 1540
TCP [::]:49673 [::]:0 LISTENING 572
TCP [::]:49687 [::]:0 LISTENING 580
TCP [::1]:49708 [::1]:47001 TIME_WAIT 0
TCP [::1]:49709 [::1]:47001 TIME_WAIT 0
UDP 0.0.0.0:123 *:* 384
UDP 0.0.0.0:3389 *:* 852
UDP 0.0.0.0:5353 *:* 1060
UDP 0.0.0.0:5355 *:* 1060
UDP 10.1.175.121:137 *:* 4
UDP 10.1.175.121:138 *:* 4
UDP 10.1.175.121:1900 *:* 3260
UDP 10.1.175.121:63891 *:* 3260
UDP 127.0.0.1:1900 *:* 3260
UDP 127.0.0.1:63892 *:* 3260
UDP 127.0.0.1:65023 *:* 864
UDP [::]:123 *:* 384
UDP [::]:3389 *:* 852
UDP [::]:5353 *:* 1060
UDP [::]:5355 *:* 1060
UDP [::1]:1900 *:* 3260
UDP [::1]:63890 *:* 3260
UDP [fe80::8d:163e:f5fe:508 6%7]:546 *:* 888
UDP [fe80::bdba:f7c0:4080:5 4a0%8]:546 *:* 888
UDP [fe80::bdba:f7c0:4080:5 4a0%8]:1900 *:* 3260
UDP [fe80::bdba:f7c0:4080:5 4a0%8]:63889 *:* 3260
List User Accounts
Name Enabled
Administrator True
DefaultAccount False
Guest False
List Defender Info
Setting Value
AMServiceEnabled True
AntispywareEnabled True
AntivirusEnabled True
BehaviorMonitorEnabled True
IoavProtectionEnabled True
RealTimeProtectionEnabled True
OnAccessProtectionEnabled True
EngineVersion
AntivirusSignatureVersion 1.439.290.0
List Firewall Info
Name Enabled DefaultInboundAction DefaultOutboundAction
Domain True NotConfigured NotConfigured
Private True NotConfigured NotConfigured
Public True NotConfigured NotConfigured
C:\\Users\\Administrator
AppData 0 2016-10-18T02:03:51.316608
๐ Application Data 0 2025-09-17T14:13:48.988851
๐ Contacts 0 2025-09-29T17:00:46.573211
๐ Cookies 0 2025-09-17T14:13:48.988851
๐ Desktop 0 2025-09-29T17:01:36.708157
๐ Documents 0 2025-09-29T17:59:47.778371
๐ Downloads 0 2025-09-29T17:44:11.665616
๐ Favorites 0 2025-09-29T17:00:46.573211
๐ Links 0 2025-09-29T17:00:47.049969
๐ Local Settings 0 2025-09-17T14:13:48.988851
๐ Music 0 2025-09-29T17:00:46.741955
๐ My Documents 0 2025-09-17T14:13:48.988851
๐ NetHood 0 2025-09-17T14:13:48.988851
๐ NTUSER.DAT 1,048,576 2025-09-29T18:08:56.982708
๐ ntuser.dat.LOG1 0 2025-09-17T14:13:48.125826
๐ ntuser.dat.LOG2 0 2025-09-17T14:13:48.125826
๐ NTUSER.DAT{f2389ab8-60dd-11ed-abbc-0e6e453d8823}.TM.blf 65,536 2025-09-17T14:14:09.438189
๐ NTUSER.DAT{f2389ab8-60dd-11ed-abbc-0e6e453d8823}.TMContainer00000000000000000001.regtrans-ms 524,288 2025-09-17T14:14:09.438189
๐ NTUSER.DAT{f2389ab8-60dd-11ed-abbc-0e6e453d8823}.TMContainer00000000000000000002.regtrans-ms 524,288 2025-09-17T14:14:09.438189
๐ ntuser.ini 20 2016-10-18T02:03:51.316608
๐ Pictures 0 2025-09-29T17:00:46.573211
๐ PrintHood 0 2025-09-17T14:13:48.988851
๐ Recent 0 2025-09-17T14:13:48.988851
๐ Saved Games 0 2025-09-29T17:00:46.831960
๐ Searches 0 2025-09-29T17:00:46.735951
๐ SendTo 0 2025-09-17T14:13:48.988851
๐ Start Menu 0 2025-09-17T14:13:48.988851
๐ Templates 0 2025-09-17T14:13:48.988851
๐ Videos 0 2025-09-29T17:00:46.573211