Sunteți pe pagina 1din 89

>>>>>> OS Version

SystemDirectory : C:\Windows\system32
Organization :
BuildNumber : 16299
RegisteredUser : Windows User
SerialNumber : 00329-00000-00003-AA779
Version : 10.0.16299

>>>>>> Computer Info

PSComputerName : TASTY1
AdminPasswordStatus : 3
BootupState : Normal boot
ChassisBootupState : 3
KeyboardPasswordStatus : 3
PowerOnPasswordStatus : 3
PowerSupplyState : 3
PowerState : 0
FrontPanelResetStatus : 3
ThermalState : 3
Status : OK
Name : TASTY1
PowerManagementCapabilities :
PowerManagementSupported :
__GENUS : 2
__CLASS : Win32_ComputerSystem
__SUPERCLASS : CIM_UnitaryComputerSystem
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_ComputerSystem.Name="TASTY1"
__PROPERTY_COUNT : 64
__DERIVATION : {CIM_UnitaryComputerSystem, CIM_ComputerSystem,
CIM_System, CIM_LogicalElement...}
__SERVER : TASTY1
__NAMESPACE : root\cimv2
__PATH : \\TASTY1\root\cimv2:Win32_ComputerSystem.Name="TA
STY1"
AutomaticManagedPagefile : False
AutomaticResetBootOption : True
AutomaticResetCapability : True
BootOptionOnLimit :
BootOptionOnWatchDog :
BootROMSupported : True
BootStatus : {0, 0, 0, 127...}
Caption : TASTY1
ChassisSKUNumber :
CreationClassName : Win32_ComputerSystem
CurrentTimeZone : -420
DaylightInEffect : True
Description : AT/AT COMPATIBLE
DNSHostName : tasty1
Domain : WORKGROUP
DomainRole : 0
EnableDaylightSavingsTime : True
HypervisorPresent : True
InfraredSupported : False
InitialLoadInfo :
InstallDate :
LastLoadInfo :
Manufacturer : QEMU
Model : Standard PC (i440FX + PIIX, 1996)
NameFormat :
NetworkServerModeEnabled : True
NumberOfLogicalProcessors : 4
NumberOfProcessors : 4
OEMLogoBitmap :
OEMStringArray :
PartOfDomain : False
PauseAfterReset : -1
PCSystemType : 1
PCSystemTypeEx : 1
PrimaryOwnerContact :
PrimaryOwnerName : Windows User
ResetCapability : 1
ResetCount : -1
ResetLimit : -1
Roles : {LM_Workstation, LM_Server, NT}
SupportContactDescription :
SystemFamily :
SystemSKUNumber :
SystemStartupDelay :
SystemStartupOptions :
SystemStartupSetting :
SystemType : x64-based PC
TotalPhysicalMemory : 8589520896
UserName :
WakeUpType : 6
Workgroup : WORKGROUP
Scope : System.Management.ManagementScope
Path : \\TASTY1\root\cimv2:Win32_ComputerSystem.Name="TA
STY1"
Options : System.Management.ObjectGetOptions
ClassPath : \\TASTY1\root\cimv2:Win32_ComputerSystem
Properties : {AdminPasswordStatus, AutomaticManagedPagefile,
AutomaticResetBootOption,
AutomaticResetCapability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

>>>>>> CPU Info

PSComputerName : TASTY1
Availability : 3
CpuStatus : 1
CurrentVoltage :
DeviceID : CPU0
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 28
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize :
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 15618
SocketDesignation : CPU 1
Version :
VoltageCaps : 0
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU0"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice,
CIM_LogicalElement,
CIM_ManagedSystemElement}
__SERVER : TASTY1
__NAMESPACE : root\cimv2
__PATH : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU0"
Architecture : 9
AssetTag :
Caption : Intel64 Family 6 Model 61 Stepping 2
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : Intel64 Family 6 Model 61 Stepping 2
Family : 1
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 6
Manufacturer : GenuineIntel
Name : Intel Core Processor (Broadwell,
IBRS)
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 0F8BFBFF000306D2
Role : CPU
SecondLevelAddressTranslationExtensions : True
SerialNumber :
Stepping :
SystemCreationClassName : Win32_ComputerSystem
SystemName : TASTY1
ThreadCount :
UniqueId :
UpgradeMethod : 1
VirtualizationFirmwareEnabled : False
VMMonitorModeExtensions : True
Scope : System.Management.ManagementScope
Path : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU0"
Options : System.Management.ObjectGetOptions
ClassPath : \\TASTY1\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture,
AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS,
__DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

PSComputerName : TASTY1
Availability : 3
CpuStatus : 1
CurrentVoltage :
DeviceID : CPU1
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 26
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize :
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 15618
SocketDesignation : CPU 2
Version :
VoltageCaps : 0
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU1"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice,
CIM_LogicalElement,
CIM_ManagedSystemElement}
__SERVER : TASTY1
__NAMESPACE : root\cimv2
__PATH : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU1"
Architecture : 9
AssetTag :
Caption : Intel64 Family 6 Model 61 Stepping 2
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : Intel64 Family 6 Model 61 Stepping 2
Family : 1
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 6
Manufacturer : GenuineIntel
Name : Intel Core Processor (Broadwell,
IBRS)
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 0F8BFBFF000306D2
Role : CPU
SecondLevelAddressTranslationExtensions : True
SerialNumber :
Stepping :
SystemCreationClassName : Win32_ComputerSystem
SystemName : TASTY1
ThreadCount :
UniqueId :
UpgradeMethod : 1
VirtualizationFirmwareEnabled : False
VMMonitorModeExtensions : True
Scope : System.Management.ManagementScope
Path : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU1"
Options : System.Management.ObjectGetOptions
ClassPath : \\TASTY1\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture,
AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS,
__DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

PSComputerName : TASTY1
Availability : 3
CpuStatus : 1
CurrentVoltage :
DeviceID : CPU2
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 27
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize :
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 15618
SocketDesignation : CPU 3
Version :
VoltageCaps : 0
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU2"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice,
CIM_LogicalElement,
CIM_ManagedSystemElement}
__SERVER : TASTY1
__NAMESPACE : root\cimv2
__PATH : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU2"
Architecture : 9
AssetTag :
Caption : Intel64 Family 6 Model 61 Stepping 2
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : Intel64 Family 6 Model 61 Stepping 2
Family : 1
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 6
Manufacturer : GenuineIntel
Name : Intel Core Processor (Broadwell,
IBRS)
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 0F8BFBFF000306D2
Role : CPU
SecondLevelAddressTranslationExtensions : True
SerialNumber :
Stepping :
SystemCreationClassName : Win32_ComputerSystem
SystemName : TASTY1
ThreadCount :
UniqueId :
UpgradeMethod : 1
VirtualizationFirmwareEnabled : False
VMMonitorModeExtensions : True
Scope : System.Management.ManagementScope
Path : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU2"
Options : System.Management.ObjectGetOptions
ClassPath : \\TASTY1\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture,
AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS,
__DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

PSComputerName : TASTY1
Availability : 3
CpuStatus : 1
CurrentVoltage :
DeviceID : CPU3
ErrorCleared :
ErrorDescription :
LastErrorCode :
LoadPercentage : 10
Status : OK
StatusInfo : 3
AddressWidth : 64
DataWidth : 64
ExtClock :
L2CacheSize :
L2CacheSpeed :
MaxClockSpeed : 2300
PowerManagementSupported : False
ProcessorType : 3
Revision : 15618
SocketDesignation : CPU 4
Version :
VoltageCaps : 0
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS : CIM_Processor
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Processor.DeviceID="CPU3"
__PROPERTY_COUNT : 57
__DERIVATION : {CIM_Processor, CIM_LogicalDevice,
CIM_LogicalElement,
CIM_ManagedSystemElement}
__SERVER : TASTY1
__NAMESPACE : root\cimv2
__PATH : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU3"
Architecture : 9
AssetTag :
Caption : Intel64 Family 6 Model 61 Stepping 2
Characteristics :
ConfigManagerErrorCode :
ConfigManagerUserConfig :
CreationClassName : Win32_Processor
CurrentClockSpeed : 2300
Description : Intel64 Family 6 Model 61 Stepping 2
Family : 1
InstallDate :
L3CacheSize : 0
L3CacheSpeed : 0
Level : 6
Manufacturer : GenuineIntel
Name : Intel Core Processor (Broadwell,
IBRS)
NumberOfCores : 1
NumberOfEnabledCore :
NumberOfLogicalProcessors : 1
OtherFamilyDescription :
PartNumber :
PNPDeviceID :
PowerManagementCapabilities :
ProcessorId : 0F8BFBFF000306D2
Role : CPU
SecondLevelAddressTranslationExtensions : True
SerialNumber :
Stepping :
SystemCreationClassName : Win32_ComputerSystem
SystemName : TASTY1
ThreadCount :
UniqueId :
UpgradeMethod : 1
VirtualizationFirmwareEnabled : False
VMMonitorModeExtensions : True
Scope : System.Management.ManagementScope
Path : \\TASTY1\root\cimv2:Win32_Processor.D
eviceID="CPU3"
Options : System.Management.ObjectGetOptions
ClassPath : \\TASTY1\root\cimv2:Win32_Processor
Properties : {AddressWidth, Architecture,
AssetTag, Availability...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS,
__DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

>>>>>> Board Info

>>>>>> Installed Files

Directory: C:\Program Files\Docker\Docker

Mode LastWriteTime Length Name


---- ------------- ------ ----
d----- 5/29/2018 2:09 PM resources
-a---- 5/29/2018 2:08 PM 53248 Bugsnag.dll
-a---- 5/29/2018 2:08 PM 161280 Bugsnag.pdb
-a---- 5/29/2018 2:08 PM 15912 com.docker.service
-a---- 5/29/2018 2:08 PM 178 com.docker.service.config
-a---- 5/29/2018 2:08 PM 343184 concrt140.dll
-a---- 5/29/2018 2:09 PM 3577384 Docker for windows
Installer.exe
-a---- 5/29/2018 2:08 PM 1814528 Docker for Windows.exe
-a---- 5/29/2018 2:08 PM 622 Docker for Windows.exe.config
-a---- 5/29/2018 2:08 PM 101888 Docker for Windows.pdb
-a---- 5/29/2018 2:08 PM 92160 Docker.Backend.dll
-a---- 5/29/2018 2:08 PM 175 Docker.Backend.dll.config
-a---- 5/29/2018 2:08 PM 181760 Docker.Backend.pdb
-a---- 5/29/2018 2:08 PM 87552 Docker.Core.dll
-a---- 5/29/2018 2:08 PM 172 Docker.Core.dll.config
-a---- 5/29/2018 2:08 PM 224768 Docker.Core.pdb
-a---- 5/29/2018 2:08 PM 17920 Docker.Service.pdb
-a---- 5/29/2018 2:08 PM 18968 Docker.Watchguard.exe
-a---- 5/29/2018 2:08 PM 2093056 Docker.Watchguard.pdb
-a---- 5/29/2018 2:08 PM 317440 Docker.Win32Helpers.dll
-a---- 5/29/2018 2:08 PM 2109440 Docker.Win32Helpers.pdb
-a---- 5/29/2018 2:08 PM 4972544 Docker.WPF.dll
-a---- 5/29/2018 2:08 PM 617 Docker.WPF.dll.config
-a---- 5/29/2018 2:08 PM 507392 Docker.WPF.pdb
-a---- 5/29/2018 2:08 PM 23048 DockerCli.exe
-a---- 5/29/2018 2:08 PM 530 DockerCli.exe.config
-a---- 5/29/2018 2:08 PM 36352 DockerCli.pdb
-a---- 5/29/2018 2:09 PM 2366 installationmanifest.json
-a---- 5/29/2018 2:08 PM 20504 InstallerCli.exe
-a---- 5/29/2018 2:08 PM 530 InstallerCli.exe.config
-a---- 5/29/2018 2:08 PM 22016 InstallerCli.pdb
-a---- 5/29/2018 2:08 PM 36864 Microsoft.Management.Infrastru
cture.dll
-a---- 5/29/2018 2:08 PM 90456 Microsoft.Toolkit.Uwp.Notifica
tions.dll
-a---- 5/29/2018 2:08 PM 286208 Microsoft.Toolkit.Uwp.Notifica
tions.pdb
-a---- 5/29/2018 2:08 PM 50176 Microsoft.Windows.ComputeVirtu
alization.dll
-a---- 5/29/2018 2:08 PM 675984 msvcp140.dll
-a---- 5/29/2018 2:08 PM 31896 msvcp140_1.dll
-a---- 5/29/2018 2:08 PM 653824 Newtonsoft.Json.dll
-a---- 5/29/2018 2:08 PM 524800 NLog.dll
-a---- 5/29/2018 2:08 PM 1445376 NLog.pdb
-a---- 5/29/2018 2:08 PM 360448 System.Management.Automation.d
ll
-a---- 5/29/2018 2:08 PM 185544 System.Net.Http.Formatting.dll
-a---- 5/29/2018 2:08 PM 28216 System.Runtime.WindowsRuntime.
dll
-a---- 5/29/2018 2:08 PM 30312 System.Runtime.WindowsRuntime.
UI.Xaml.dll
-a---- 5/29/2018 2:08 PM 79208 System.ValueTuple.dll
-a---- 5/29/2018 2:08 PM 386712 vccorlib140.dll
-a---- 5/29/2018 2:08 PM 89248 vcruntime140.dll
>>>>>> Installed Resources

Directory: C:\Program Files\Docker\Docker\Resources

Mode LastWriteTime Length Name


---- ------------- ------ ----
d----- 5/29/2018 2:09 PM bin
d----- 5/29/2018 2:09 PM qemu-img
-a---- 5/29/2018 2:08 PM 60189 CHANGELOG
-a---- 5/29/2018 2:08 PM 3192848 com.docker.9pdb.exe
-a---- 5/29/2018 2:08 PM 43559448 com.docker.cloud.proxy.exe
-a---- 5/29/2018 2:08 PM 2545176 com.docker.isowrap.exe
-a---- 5/29/2018 2:08 PM 8018984 com.docker.localhost-forwarder
.exe
-a---- 5/29/2018 2:08 PM 43559432 com.docker.proxy.exe
-a---- 5/29/2018 2:08 PM 180 componentsVersion.json
-a---- 5/29/2018 2:08 PM 343184 concrt140.dll
-a---- 5/29/2018 2:08 PM 611 config-options.json
-a---- 5/29/2018 2:09 PM 985430016 docker-for-win.iso
-a---- 5/29/2018 2:09 PM 40557128 dockerd.exe
-a---- 5/29/2018 2:09 PM 5178 DockerDebugInfo.ps1
-a---- 5/29/2018 2:09 PM 1857 ForceRemoveDocker.ps1
-a---- 5/29/2018 2:09 PM 67584 forwarding.dll
-a---- 5/29/2018 2:09 PM 7274460 lcow-initrd.img
-a---- 5/29/2018 2:09 PM 7598864 lcow-kernel
-a---- 5/29/2018 2:09 PM 19196 LICENSE.rtf
-a---- 5/29/2018 2:09 PM 1974 linux-daemon-options.json
-a---- 5/29/2018 2:09 PM 14358 MobyLinux.ps1
-a---- 5/29/2018 2:09 PM 675984 msvcp140.dll
-a---- 5/29/2018 2:09 PM 31896 msvcp140_1.dll
-a---- 5/29/2018 2:09 PM 200192 nsenter.tar
-a---- 5/29/2018 2:09 PM 277583 OSS-LICENSES.txt
-a---- 5/29/2018 2:09 PM 40 sha1
-a---- 5/29/2018 2:09 PM 53941 tile-error.png
-a---- 5/29/2018 2:09 PM 85139 tile-icon.png
-a---- 5/29/2018 2:09 PM 6 UpdateChannel
-a---- 5/29/2018 2:09 PM 386712 vccorlib140.dll
-a---- 5/29/2018 2:09 PM 89248 vcruntime140.dll
-a---- 5/29/2018 2:09 PM 24349961 vpnkit.exe
-a---- 5/29/2018 2:09 PM 1516 WinContainers.ps1
-a---- 5/29/2018 2:09 PM 5668 WinContainersDiags.ps1
-a---- 5/29/2018 2:09 PM 1128 windows-daemon-options.json
>>>>>> Get-VMHost

LogicalProcessorCount : 4
ResourceMeteringSaveInterval : 01:00:00
HostNumaStatus : {TASTY1}
NumaStatus : {}
IovSupport : False
IovSupportReasons : {The Virtualization Infrastructure
Driver (VID) is not running.
Ensure that the VID is properly
installed and enabled., SR-IOV
cannot be used on this computer
because the processor does not
support second level address
translation (SLAT). For Intel
processors, this feature might be
referred to as Extended Page
Tables (EPT). For AMD processors,
this feature might be referred to
as Rapid Virtualization Indexing
(RVI) or Nested Page Tables
(NPT)., To use SR-IOV on this
system, the system BIOS must be
updated to allow Windows to
control PCI Express. Contact your
system manufacturer for an
update., SR-IOV cannot be used on
this system as the PCI Express
hardware does not support Access
Control Services (ACS) at any root
port. Contact your system vendor
for further information.}
InternalNetworkAdapters : {Container NIC 43c31eb5, Container
NIC 3d537476}
ExternalNetworkAdapters : {}
SupportedVmVersions : {5.0, 6.2, 7.0, 7.1...}
SecureBootTemplates : {MicrosoftWindows,
MicrosoftUEFICertificateAuthority,
OpenSourceShieldedVM}
EnableEnhancedSessionMode : True
FibreChannelWwnn : C003FF0000FFFF00
FibreChannelWwpnMaximum : C003FFA25B53FFFF
FibreChannelWwpnMinimum : C003FFA25B530000
MacAddressMaximum : 00155DA1F6FF
MacAddressMinimum : 00155DA1F600
NumaSpanningEnabled : True
VirtualHardDiskPath : C:\Users\Public\Documents\Hyper-V\V
irtual Hard Disks
VirtualMachinePath : C:\ProgramData\Microsoft\Windows\Hy
per-V
FullyQualifiedDomainName : WORKGROUP
MemoryCapacity : 8589520896
Name : TASTY1
MaximumStorageMigrations : 2
MaximumVirtualMachineMigrations : 2
UseAnyNetworkForMigration : False
VirtualMachineMigrationAuthenticationType : CredSSP
VirtualMachineMigrationEnabled : False
VirtualMachineMigrationPerformanceOption : TCPIP
CimSession : CimSession: .
ComputerName : TASTY1
IsDeleted : False

>>>>>> Get-WindowsOptionalFeature

FeatureName State
----------- -----
LegacyComponents Disabled
DirectPlay Disabled
SimpleTCP Disabled
SNMP Disabled
WMISnmpProvider Disabled
MicrosoftWindowsPowerShellV2Root Enabled
MicrosoftWindowsPowerShellV2 Enabled
Windows-Identity-Foundation Disabled
Microsoft-Windows-Subsystem-Linux Disabled
WorkFolders-Client Enabled
MediaPlayback Enabled
WindowsMediaPlayer Enabled
NetFx3 DisabledWithPayloadRemove
d
IIS-WebServerRole Disabled
IIS-WebServer Disabled
IIS-CommonHttpFeatures Disabled
IIS-HttpErrors Disabled
IIS-HttpRedirect Disabled
IIS-ApplicationDevelopment Disabled
IIS-NetFxExtensibility Disabled
IIS-NetFxExtensibility45 Disabled
IIS-HealthAndDiagnostics Disabled
IIS-HttpLogging Disabled
IIS-LoggingLibraries Disabled
IIS-RequestMonitor Disabled
IIS-HttpTracing Disabled
IIS-Security Disabled
IIS-URLAuthorization Disabled
IIS-RequestFiltering Disabled
IIS-IPSecurity Disabled
IIS-Performance Disabled
IIS-HttpCompressionDynamic Disabled
IIS-WebServerManagementTools Disabled
IIS-ManagementScriptingTools Disabled
IIS-IIS6ManagementCompatibility Disabled
IIS-Metabase Disabled
WAS-WindowsActivationService Disabled
WAS-ProcessModel Disabled
WAS-NetFxEnvironment Disabled
WAS-ConfigurationAPI Disabled
IIS-HostableWebCore Disabled
WCF-HTTP-Activation Disabled
WCF-NonHTTP-Activation Disabled
WCF-Services45 Enabled
WCF-HTTP-Activation45 Disabled
WCF-TCP-Activation45 Disabled
WCF-Pipe-Activation45 Disabled
WCF-MSMQ-Activation45 Disabled
WCF-TCP-PortSharing45 Enabled
IIS-StaticContent Disabled
IIS-DefaultDocument Disabled
IIS-DirectoryBrowsing Disabled
IIS-WebDAV Disabled
IIS-WebSockets Disabled
IIS-ApplicationInit Disabled
IIS-ASPNET Disabled
IIS-ASPNET45 Disabled
IIS-ASP Disabled
IIS-CGI Disabled
IIS-ISAPIExtensions Disabled
IIS-ISAPIFilter Disabled
IIS-ServerSideIncludes Disabled
IIS-CustomLogging Disabled
IIS-BasicAuthentication Disabled
IIS-HttpCompressionStatic Disabled
IIS-ManagementConsole Disabled
IIS-ManagementService Disabled
IIS-WMICompatibility Disabled
IIS-LegacyScripts Disabled
IIS-LegacySnapIn Disabled
IIS-FTPServer Disabled
IIS-FTPSvc Disabled
IIS-FTPExtensibility Disabled
MSMQ-Container Disabled
MSMQ-Server Disabled
MSMQ-Triggers Disabled
MSMQ-ADIntegration Disabled
MSMQ-HTTP Disabled
MSMQ-Multicast Disabled
MSMQ-DCOMProxy Disabled
IIS-CertProvider Disabled
IIS-WindowsAuthentication Disabled
IIS-DigestAuthentication Disabled
IIS-ClientCertificateMappingAuthentication Disabled
IIS-IISCertificateMappingAuthentication Disabled
IIS-ODBCLogging Disabled
NetFx4-AdvSrvs Enabled
NetFx4Extended-ASPNET45 Disabled
Printing-PrintToPDFServices-Features Enabled
Printing-XPSServices-Features Enabled
RasRip Disabled
MSRDC-Infrastructure Enabled
SearchEngine-Client-Package Enabled
SMB1Protocol Disabled
SMB1Protocol-Client Disabled
SMB1Protocol-Server Disabled
TelnetClient Disabled
TFTP Disabled
Xps-Foundation-Xps-Viewer Enabled
Windows-Defender-Default-Definitions Enabled
Printing-Foundation-Features Enabled
FaxServicesClientPackage Enabled
Printing-Foundation-InternetPrinting-Client Enabled
Printing-Foundation-LPDPrintService Disabled
Printing-Foundation-LPRPortMonitor Disabled
ScanManagementConsole Disabled
TIFFIFilter Disabled
DataCenterBridging Disabled
Microsoft-Windows-NetFx3-OC-Package Enabled
Microsoft-Windows-NetFx4-US-OC-Package Enabled
Microsoft-Windows-NetFx3-WCF-OC-Package Enabled
Microsoft-Windows-NetFx4-WCF-US-OC-Package Enabled
Microsoft-Hyper-V-All Enabled
Microsoft-Hyper-V Enabled
Microsoft-Hyper-V-Tools-All Enabled
Microsoft-Hyper-V-Management-PowerShell Enabled
Microsoft-Hyper-V-Management-Clients Enabled
Microsoft-Hyper-V-Hypervisor Enabled
Microsoft-Hyper-V-Services Enabled
HostGuardian Disabled
DirectoryServices-ADAM-Client Disabled
Windows-Defender-ApplicationGuard Disabled
ServicesForNFS-ClientOnly Disabled
ClientForNFS-Infrastructure Disabled
NFS-Administration Disabled
Containers Enabled
RasCMAK Disabled
SmbDirect Enabled
Microsoft-Windows-NetFx-VCRedist-Package Enabled
Microsoft-Windows-Printing-PrintToPDFServices-Package Enabled
Microsoft-Windows-Printing-XPSServices-Package Enabled
Microsoft-Windows-Client-EmbeddedExp-Package Enabled
Client-DeviceLockdown Disabled
Client-EmbeddedShellLauncher Disabled
Client-EmbeddedBootExp Disabled
Client-EmbeddedLogon Disabled
Client-KeyboardFilter Disabled
Client-UnifiedWriteFilter Disabled
MultiPoint-Connector Disabled
MultiPoint-Connector-Services Disabled
MultiPoint-Tools Disabled
Internet-Explorer-Optional-amd64 Enabled

>>>>>> bcdedit

Windows Boot Manager


--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {f9d86133-0d5a-11e8-8518-e1976d1ae95d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader


-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {f9d86135-0d5a-11e8-8518-e1976d1ae95d}
displaymessageoverride Recovery
recoveryenabled No
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {f9d86133-0d5a-11e8-8518-e1976d1ae95d}
nx OptIn
bootmenupolicy Standard
bootstatuspolicy IgnoreAllFailures
hypervisorlaunchtype Auto
>>>>>> Get-Process

Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName


------- ------ ----- ----- ------ -- -- -----------
2212 91 175608 39744 136.48 3732 0 ccSvcHst
416 28 4848 4696 1.52 6492 2 ccSvcHst
304 25 40488 55488 1.31 1472 2 chrome
237 15 5596 13616 1.05 1704 2 chrome
388 20 13272 21416 1.88 1720 2 chrome
333 31 46188 77652 8.72 5344 2 chrome
144 11 1928 9876 0.05 7980 2 chrome
1351 70 45012 127944 34.98 9508 2 chrome
190 10 1956 8936 0.05 9824 2 chrome
354 39 43060 141712 3.34 10152 2 chrome
351 8 32412 9396 0.05 3408 0 com.docker.localho...
127 9 34680 18396 0.22 11208 2 com.docker.proxy
753 65 84016 95256 19.70 3640 0 com.docker.service
110 7 5280 9812 0.03 2820 2 conhost
108 6 1180 5560 0.02 3168 0 conhost
108 6 1204 5580 0.05 7772 0 conhost
108 7 1260 5668 0.02 8144 0 conhost
317 15 4344 21312 1.30 8400 2 conhost
676 21 1740 5040 1.70 592 0 csrss
164 9 1524 4624 0.75 688 1 csrss
467 17 1708 5100 7.83 7008 2 csrss
371 15 2888 13892 4.42 7416 2 ctfmon
184 15 3124 10384 0.08 6692 0 dllhost
161 9 2152 10004 0.28 10148 2 dllhost
949 65 80320 116900 88.03 6864 2 Docker for Windows
33 3 448 2164 0.02 1484 0 Docker.Watchguard
225 14 20088 32396 0.64 10996 0 dockerd
498 20 16308 36912 0.44 1132 1 dwm
566 39 32700 96572 39.84 5444 2 dwm
2214 91 79900 140968 281.03 7732 2 explorer
65 6 1384 4376 0.03 1000 1 fontdrvhost
45 5 1340 4024 0.03 1004 0 fontdrvhost
65 13 5864 19112 1.75 7144 2 fontdrvhost
0 0 52 8 0 0 Idle
589 32 15616 50232 1.75 1120 1 LogonUI
1305 22 6448 16324 12.47 836 0 lsass
0 0 216 25376 2.33 1872 0 Memory Compression
164 10 1976 9724 0.36 10728 2 MSASCuiL
383 30 9092 29628 1.31 10952 2 OneDrive
641 29 58464 69620 2.08 7664 2 powershell
721 35 127608 145384 5.53 11000 0 powershell
385 16 3080 17004 74.77 6836 2 rdpclip
128 8 1464 6116 0.02 7512 2 rdpinput
394 20 7360 25856 18.17 7892 2 RuntimeBroker
422 22 9228 28020 6.20 8804 2 RuntimeBroker
95 6 1308 5656 0.03 9188 2 RuntimeBroker
369 19 6876 25852 5.41 9224 2 RuntimeBroker
662 35 18344 23184 8.08 9476 0 SearchIndexer
1549 100 107484 177848 18.84 8612 2 SearchUI
378 17 4820 16500 2.52 3684 0 SecurityHealthService
658 11 4640 9420 7.17 828 0 services
1239 45 29260 92136 4.42 8256 2 ShellExperienceHost
508 16 6084 23856 8.81 7012 2 sihost
55 3 456 1236 0.52 404 0 smss
414 21 5468 14308 0.45 3012 0 spoolsv
77 7 1276 5500 0.03 3712 0 ssh-agent
71 9 1312 5712 0.06 4960 0 sshd
943 18 6872 12608 25.06 668 0 svchost
213 12 3044 12592 0.25 844 2 svchost
447 23 7176 31008 2.44 916 2 svchost
77 5 928 3916 0.02 972 0 svchost
963 22 10464 25380 15.66 1016 0 svchost
339 11 2692 8988 5.34 1032 0 svchost
185 10 2312 9892 0.84 1040 0 svchost
824 33 69876 93496 56.55 1244 0 svchost
105 7 1416 5700 0.09 1296 0 svchost
155 9 1772 6668 0.05 1300 0 svchost
502 34 10268 19168 6.41 1308 0 svchost
183 11 2248 9768 0.33 1352 0 svchost
157 9 1960 11304 0.22 1364 0 svchost
426 16 15652 18632 3.31 1512 0 svchost
129 19 4008 8148 0.58 1588 0 svchost
226 12 2624 10920 3.30 1660 0 svchost
181 14 73720 71312 75.19 1668 0 svchost
175 7 1304 5876 0.09 1680 0 svchost
160 8 1928 7660 0.06 1688 0 svchost
217 12 2124 9136 0.05 1788 0 svchost
272 16 2860 7808 1.52 1820 0 svchost
381 17 5480 14548 0.98 1972 0 svchost
161 10 1840 8152 0.08 2008 0 svchost
380 15 4788 12080 1.67 2104 0 svchost
185 10 1872 8436 0.20 2112 0 svchost
131 9 1652 7952 0.19 2120 0 svchost
181 9 1580 6752 0.03 2176 0 svchost
260 18 3208 8524 10.03 2320 0 svchost
190 11 2084 10240 0.14 2360 0 svchost
306 13 3216 13244 3.92 2404 0 svchost
177 10 1956 7972 0.16 2412 0 svchost
369 10 2904 8760 6.63 2452 0 svchost
237 9 4144 11876 23.02 2652 0 svchost
299 11 2312 8656 0.66 2664 0 svchost
124 9 1708 6208 0.08 2668 0 svchost
225 14 2180 8964 0.06 2716 0 svchost
168 11 1956 11128 0.14 2804 0 svchost
183 10 2484 7516 1.23 2896 0 svchost
238 10 2368 8900 1.75 2904 0 svchost
628 20 5856 14284 12.56 3044 0 svchost
265 17 3320 9876 0.77 3080 0 svchost
204 12 2444 9168 0.09 3328 0 svchost
190 10 2596 12028 2.41 3352 0 svchost
228 13 2548 7536 0.16 3476 0 svchost
147 12 1768 7032 0.73 3484 0 svchost
141 8 1404 6408 0.05 3600 0 svchost
226 24 3488 12388 0.50 3632 0 svchost
309 18 14572 21856 4.45 3648 0 svchost
454 18 13208 22636 38.00 3660 0 svchost
503 25 9632 28108 5.52 3668 0 svchost
122 9 1564 6584 0.08 3676 0 svchost
192 12 2340 8804 1.56 3700 0 svchost
117 7 1256 5756 0.03 3724 0 svchost
376 18 4584 20076 0.70 3764 0 svchost
237 21 2276 7608 0.69 3788 0 svchost
463 17 3760 12460 1.14 4012 0 svchost
821 40 15220 31392 150.38 4100 0 svchost
96 7 1296 5476 0.33 4160 0 svchost
217 13 2732 10728 0.16 5540 0 svchost
116 7 1620 6056 0.41 5692 0 svchost
203 14 2264 9788 0.47 5900 0 svchost
164 8 1732 7760 0.09 7260 0 svchost
159 9 3468 6764 0.13 7344 0 svchost
256 13 3216 17880 6.50 7360 0 svchost
307 16 4316 19528 0.94 7780 0 svchost
269 13 2648 11948 0.11 8552 0 svchost
296 22 4884 15552 0.19 9808 0 svchost
109 7 2364 7120 0.06 10036 0 svchost
467 26 5460 21068 0.67 10132 2 svchost
109 8 1760 6376 1.53 10156 0 svchost
700 20 11408 20940 40.11 10208 0 svchost
199 12 2744 9668 0.44 10788 0 svchost
165 9 1920 6832 0.02 11088 0 svchost
3508 0 156 804 103.88 4 0 System
335 16 3944 16476 11.11 7584 2 TabTip
92 7 1292 4940 0.03 7692 2 TabTip32
314 32 6856 16836 0.66 272 2 taskhostw
649 29 22416 44544 256.28 11116 2 Taskmgr
195 11 6684 11756 1.47 7488 0 TiWorker
116 8 2000 6680 0.05 1796 0 TrustedInstaller
133 8 1792 7460 0.06 5248 0 vmcompute
693 24 43172 27944 1.39 4060 0 vmms
146 10 1292 6480 0.34 672 0 wininit
194 9 1868 9300 0.11 780 1 winlogon
225 10 2480 10496 0.22 7060 2 winlogon
292 15 6892 14900 0.83 10044 0 WmiPrvSE
409 56 13908 49336 4.69 4076 2 wordpad

>>>>>> Services

Image Name PID Services


========================= ======== ============================================
svchost.exe 972 PlugPlay
svchost.exe 1016 BrokerInfrastructure, DcomLaunch, Power,
SystemEventsBroker
svchost.exe 668 RpcEptMapper, RpcSs
svchost.exe 1032 LSM
svchost.exe 1244 TermService
svchost.exe 1300 lmhosts
svchost.exe 1308 BFE, CoreMessagingRegistrar, MpsSvc
svchost.exe 1352 NcbService
svchost.exe 1364 TimeBrokerSvc
svchost.exe 1512 EventLog
svchost.exe 1588 nsi
svchost.exe 1660 ProfSvc
svchost.exe 1668 SysMain
svchost.exe 1680 Themes
svchost.exe 1688 EventSystem
svchost.exe 1788 UmRdpService
svchost.exe 1820 Dhcp
svchost.exe 1972 Schedule
svchost.exe 2008 SENS
svchost.exe 2104 NlaSvc
svchost.exe 2112 AudioEndpointBuilder
svchost.exe 2120 FontCache
svchost.exe 2176 CertPropSvc
svchost.exe 2320 Dnscache
svchost.exe 2360 SEMgrSvc
svchost.exe 2404 Audiosrv
svchost.exe 2412 LanmanWorkstation
svchost.exe 2452 netprofm
svchost.exe 2652 StateRepository
svchost.exe 2664 Wcmsvc
svchost.exe 2668 DusmSvc
svchost.exe 2716 SessionEnv
svchost.exe 2804 ShellHWDetection
svchost.exe 2896 WinHttpAutoProxySvc
svchost.exe 2904 UserManager
svchost.exe 3044 fdPHost
svchost.exe 3080 FDResPub
svchost.exe 3352 HomeGroupProvider
svchost.exe 3476 IKEEXT
svchost.exe 3484 PolicyAgent
svchost.exe 3632 CryptSvc
svchost.exe 3648 DPS
svchost.exe 3660 Winmgmt
svchost.exe 3668 DiagTrack
svchost.exe 3676 SstpSvc
svchost.exe 3700 LanmanServer
svchost.exe 3724 TrkWks
svchost.exe 3764 WpnService
svchost.exe 4012 iphlpsvc
svchost.exe 4100 RasMan
svchost.exe 4160 WdiServiceHost
svchost.exe 5900 SharedAccess
svchost.exe 3600 ScDeviceEnum
svchost.exe 844 CDPUserSvc_760a5
svchost.exe 916 WpnUserService_760a5
svchost.exe 7260 TabletInputService
svchost.exe 7360 TokenBroker
svchost.exe 7780 LicenseManager
svchost.exe 8552 lfsvc
svchost.exe 9808 CDPSvc
svchost.exe 7344 PcaSvc
svchost.exe 5540 WinRM
svchost.exe 10788 wscsvc
svchost.exe 10132 OneSyncSvc_760a5,
PimIndexMaintenanceSvc_760a5,
UnistoreSvc_760a5, UserDataSvc_760a5
svchost.exe 1296 WdiSystemHost
svchost.exe 10208 DoSvc
svchost.exe 1040 StorSvc
svchost.exe 3788 SSDPSRV
svchost.exe 10036 ClipSVC
svchost.exe 10156 NetSetupSvc
svchost.exe 3328 hns
svchost.exe 11088 gpsvc
svchost.exe 5692 DeviceAssociationService
>>>>>> Environment

Name Value
---- -----
ALLUSERSPROFILE C:\ProgramData
APPDATA C:\Windows\system32\config\systemprofile\AppData
\Roaming
CommonProgramFiles C:\Program Files\Common Files
CommonProgramFiles(x86) C:\Program Files (x86)\Common Files
CommonProgramW6432 C:\Program Files\Common Files
COMPUTERNAME TASTY1
ComSpec C:\Windows\system32\cmd.exe
LOCALAPPDATA C:\Windows\system32\config\systemprofile\AppData
\Local
NUMBER_OF_PROCESSORS 4
OS Windows_NT
Path C:\Program Files\Docker\Docker\Resources\bin;C:\
Windows\system32;C:\Windows;C:\Windows\System32\
Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\
;C:\Windows\system32\config\systemprofile\AppDat
a\Local\Microsoft\WindowsApps
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
;.MSC;.CPL
PROCESSOR_ARCHITECTURE AMD64
PROCESSOR_IDENTIFIER Intel64 Family 6 Model 61 Stepping 2,
GenuineIntel
PROCESSOR_LEVEL 6
PROCESSOR_REVISION 3d02
ProgramData C:\ProgramData
ProgramFiles C:\Program Files
ProgramFiles(x86) C:\Program Files (x86)
ProgramW6432 C:\Program Files
PSExecutionPolicyPreference Unrestricted
PSModulePath WindowsPowerShell\Modules;C:\Program Files\Windo
wsPowerShell\Modules;C:\Windows\system32\Windows
PowerShell\v1.0\Modules
PUBLIC C:\Users\Public
SystemDrive C:
SystemRoot C:\Windows
TEMP C:\Windows\TEMP
TMP C:\Windows\TEMP
USERDOMAIN WORKGROUP
USERNAME TASTY1$
USERPROFILE C:\Windows\system32\config\systemprofile
windir C:\Windows

>>>>>> Get-VM Details

>>>>>> Get-VM Version

>>>>>> Get-VMComPort

>>>>>> Get-VMDvdDrive

>>>>>> Get-VMIntegrationService

>>>>>> Get-VMMemory

>>>>>> Get-VMProcessor

>>>>>> Get-VMScsiController

>>>>>> Get-VMSecurity

>>>>>> SystemStartOptions

Windows Boot Manager


--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {f9d86133-0d5a-11e8-8518-e1976d1ae95d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader


-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 10
locale en-US
inherit {bootloadersettings}
recoverysequence {f9d86135-0d5a-11e8-8518-e1976d1ae95d}
displaymessageoverride Recovery
recoveryenabled No
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {f9d86133-0d5a-11e8-8518-e1976d1ae95d}
nx OptIn
bootmenupolicy Standard
bootstatuspolicy IgnoreAllFailures
hypervisorlaunchtype Auto

SystemStartOptions : NOEXECUTE=OPTIN HYPERVISORLAUNCHTYPE=AUTO


PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYS
TEM\CurrentControlSet\Control
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYS
TEM\CurrentControlSet
PSChildName : Control
PSDrive : HKLM
PSProvider : Microsoft.PowerShell.Core\Registry

>>>>>> Get-WinEvent SMB

ProviderName: Microsoft-Windows-SMBClient

TimeCreated Id LevelDisplayName Message


----------- -- ---------------- -------
5/29/2018 2:53:58 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x7

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:53:58 PM 30811 Information Deleted a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x7

Guidance:
A TCP/IP binding was
removed from the specified
network adapter for the
SMB client. You should
expect this event when a
computer shuts down or
when a previously enabled
network adaptor is
disabled. No user action
is required.
5/29/2018 2:42:20 PM 30800 Error The server name cannot be
resolved.

Error: The object was not


found.

Server name: NT AUTHORITY

Guidance:
The client cannot resolve
the server address in DNS
or WINS. This issue often
manifests immediately
after joining a computer
to the domain, when the
client's DNS registration
may not yet have
propagated to all DNS
servers. You should also
expect this event at
system startup on a DNS
server (such as a domain
controller) that points to
itself for the primary
DNS. You should validate
the DNS client settings on
this computer using
IPCONFIG /ALL and NSLOOKUP.
5/29/2018 2:19:58 PM 30800 Error The server name cannot be
resolved.

Error: The object was not


found.

Server name: NT AUTHORITY


Guidance:
The client cannot resolve
the server address in DNS
or WINS. This issue often
manifests immediately
after joining a computer
to the domain, when the
client's DNS registration
may not yet have
propagated to all DNS
servers. You should also
expect this event at
system startup on a DNS
server (such as a domain
controller) that points to
itself for the primary
DNS. You should validate
the DNS client settings on
this computer using
IPCONFIG /ALL and NSLOOKUP.
5/29/2018 2:19:49 PM 30812 Information Added a TDI transport
interface.

Name: \Device\NetBT_Tcpip_{
F269C1A8-C105-4379-AE80-B0A
8BE061A45}

Guidance:
A TDI (NetBIOS) binding
was added to the specified
network adapter for the
SMB client. The SMB client
can now send and receive
SMB traffic on this
network adapter using TDI.
You should expect this
event when a computer
restarts or when a
previously disabled
network adaptor is
re-enabled. No user action
is required.
5/29/2018 2:19:47 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (nat)


InterfaceIndex: 0x21

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:19:46 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (nat)


InterfaceIndex: 0x21

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:19:45 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (nat)


InterfaceIndex: 0x21

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:31 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x7

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:31 PM 30811 Information Deleted a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x7

Guidance:
A TCP/IP binding was
removed from the specified
network adapter for the
SMB client. You should
expect this event when a
computer shuts down or
when a previously enabled
network adaptor is
disabled. No user action
is required.
5/29/2018 2:18:22 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x7

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:22 PM 30810 Information Added a TCP/IP transport
interface.

Name: Ethernet 2
InterfaceIndex: 0x4

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:22 PM 30810 Information Added a TCP/IP transport
interface.

Name: Ethernet
InterfaceIndex: 0xB

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:22 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x7

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:22 PM 30810 Information Added a TCP/IP transport
interface.

Name: Ethernet 2
InterfaceIndex: 0x4

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:22 PM 30810 Information Added a TCP/IP transport
interface.

Name: Ethernet
InterfaceIndex: 0xB

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:18:22 PM 30812 Information Added a TDI transport
interface.

Name: \Device\NetBT_Tcpip_{
C8B43D6C-621C-4D6C-8090-966
214AB1730}

Guidance:
A TDI (NetBIOS) binding
was added to the specified
network adapter for the
SMB client. The SMB client
can now send and receive
SMB traffic on this
network adapter using TDI.
You should expect this
event when a computer
restarts or when a
previously disabled
network adaptor is
re-enabled. No user action
is required.
5/29/2018 2:18:22 PM 30812 Information Added a TDI transport
interface.

Name: \Device\NetBT_Tcpip_{
468CBC8C-3C7A-4216-8B00-B71
B51458D17}

Guidance:
A TDI (NetBIOS) binding
was added to the specified
network adapter for the
SMB client. The SMB client
can now send and receive
SMB traffic on this
network adapter using TDI.
You should expect this
event when a computer
restarts or when a
previously disabled
network adaptor is
re-enabled. No user action
is required.
5/29/2018 2:17:37 PM 30810 Information Added a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x1B

Guidance:
A TCP/IP binding was added
to the specified network
adapter for the SMB
client. The SMB client can
now send and receive SMB
traffic on this network
adapter using TCP/IP. You
should expect this event
when a computer restarts
or when a previously
disabled network adaptor
is re-enabled. No user
action is required.
5/29/2018 2:17:36 PM 30811 Information Deleted a TCP/IP transport
interface.

Name: vEthernet (Default


Switch)
InterfaceIndex: 0x1B

Guidance:
A TCP/IP binding was
removed from the specified
network adapter for the
SMB client. You should
expect this event when a
computer shuts down or
when a previously enabled
network adaptor is
disabled. No user action
is required.

ProviderName: Microsoft-Windows-SMBServer
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
5/29/2018 2:19:52 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{F269C1A8-C105-437
9-AE80-B0A8BE061A45}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:18:31 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{C8B43D6C-621C-4D6
C-8090-966214AB1730}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:18:28 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{468CBC8C-3C7A-421
6-8B00-B71B51458D17}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:18:24 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name:
\Device\NetbiosSmb
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:18:24 PM 1025 Warning One or more named pipes or
shares have been marked
for access by anonymous
users. This increases the
security risk of the
computer by allowing
unauthenticated users to
connect to this server.

Registry Key: HKLM\System\C


urrentControlSet\Services\L
anmanServer\Parameters
Registry Values:
NullSessionPipes,
NullSessionShares
Default Value: Empty (or
not present)
Current Value: Non-empty

Guidance:

You should expect this


event when modifying the
default values of
NullSessionShares and
NullSessionPipes. On a
typical file server, these
settings do not exist or
do not contain values,
which is the most secure
configuration. By default,
domain controllers
populate the
NullSessionShares entry
with netlogon, samr, and
lsarpc to allow legacy
access methods.
5/29/2018 2:17:10 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{468CBC8C-3C7A-421
6-8B00-B71B51458D17}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:17:07 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{C8B43D6C-621C-4D6
C-8090-966214AB1730}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:17:04 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name:
\Device\NetbiosSmb
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 2:17:04 PM 1025 Warning One or more named pipes or
shares have been marked
for access by anonymous
users. This increases the
security risk of the
computer by allowing
unauthenticated users to
connect to this server.

Registry Key: HKLM\System\C


urrentControlSet\Services\L
anmanServer\Parameters
Registry Values:
NullSessionPipes,
NullSessionShares
Default Value: Empty (or
not present)
Current Value: Non-empty

Guidance:

You should expect this


event when modifying the
default values of
NullSessionShares and
NullSessionPipes. On a
typical file server, these
settings do not exist or
do not contain values,
which is the most secure
configuration. By default,
domain controllers
populate the
NullSessionShares entry
with netlogon, samr, and
lsarpc to allow legacy
access methods.
5/29/2018 1:58:51 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{C8B43D6C-621C-4D6
C-8090-966214AB1730}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 1:58:48 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{468CBC8C-3C7A-421
6-8B00-B71B51458D17}
Transport Flags: 0x1

Guidance:
You should expect this
event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 1:58:45 PM 1010 Information Endpoint added.

Name: TASTY1
Domain Name: WORKGROUP
Transport Name:
\Device\NetbiosSmb
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 1:58:45 PM 1025 Warning One or more named pipes or
shares have been marked
for access by anonymous
users. This increases the
security risk of the
computer by allowing
unauthenticated users to
connect to this server.

Registry Key: HKLM\System\C


urrentControlSet\Services\L
anmanServer\Parameters
Registry Values:
NullSessionPipes,
NullSessionShares
Default Value: Empty (or
not present)
Current Value: Non-empty

Guidance:

You should expect this


event when modifying the
default values of
NullSessionShares and
NullSessionPipes. On a
typical file server, these
settings do not exist or
do not contain values,
which is the most secure
configuration. By default,
domain controllers
populate the
NullSessionShares entry
with netlogon, samr, and
lsarpc to allow legacy
access methods.
5/29/2018 1:55:38 PM 1010 Information Endpoint added.

Name: DESKTOP-LBOKEUL
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{468CBC8C-3C7A-421
6-8B00-B71B51458D17}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 1:55:35 PM 1010 Information Endpoint added.

Name: DESKTOP-LBOKEUL
Domain Name: WORKGROUP
Transport Name:
\Device\NetbiosSmb
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
5/29/2018 1:55:35 PM 1025 Warning One or more named pipes or
shares have been marked
for access by anonymous
users. This increases the
security risk of the
computer by allowing
unauthenticated users to
connect to this server.

Registry Key: HKLM\System\C


urrentControlSet\Services\L
anmanServer\Parameters
Registry Values:
NullSessionPipes,
NullSessionShares
Default Value: Empty (or
not present)
Current Value: Non-empty

Guidance:

You should expect this


event when modifying the
default values of
NullSessionShares and
NullSessionPipes. On a
typical file server, these
settings do not exist or
do not contain values,
which is the most secure
configuration. By default,
domain controllers
populate the
NullSessionShares entry
with netlogon, samr, and
lsarpc to allow legacy
access methods.
4/20/2018 11:44:55 AM 1010 Information Endpoint added.

Name: DESKTOP-LBOKEUL
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{468CBC8C-3C7A-421
6-8B00-B71B51458D17}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
4/20/2018 11:44:51 AM 1010 Information Endpoint added.

Name: DESKTOP-LBOKEUL
Domain Name: WORKGROUP
Transport Name: \Device\Net
BT_Tcpip_{C8B43D6C-621C-4D6
C-8090-966214AB1730}
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
4/20/2018 11:44:48 AM 1010 Information Endpoint added.
Name: DESKTOP-LBOKEUL
Domain Name: WORKGROUP
Transport Name:
\Device\NetbiosSmb
Transport Flags: 0x1

Guidance:

You should expect this


event when the server
starts listening on an
interface, such as during
system restart or when
enabling a network
adaptor. No user action is
required.
4/20/2018 11:44:48 AM 1025 Warning One or more named pipes or
shares have been marked
for access by anonymous
users. This increases the
security risk of the
computer by allowing
unauthenticated users to
connect to this server.

Registry Key: HKLM\System\C


urrentControlSet\Services\L
anmanServer\Parameters
Registry Values:
NullSessionPipes,
NullSessionShares
Default Value: Empty (or
not present)
Current Value: Non-empty

Guidance:

You should expect this


event when modifying the
default values of
NullSessionShares and
NullSessionPipes. On a
typical file server, these
settings do not exist or
do not contain values,
which is the most secure
configuration. By default,
domain controllers
populate the
NullSessionShares entry
with netlogon, samr, and
lsarpc to allow legacy
access methods.
ProviderName: Microsoft-Windows-SMBServer

TimeCreated Id LevelDisplayName Message


----------- -- ---------------- -------
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55855
User Name:
Session ID: 0x20000000004D
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55854
User Name:
Session ID: 0x200000000049
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55853
User Name:
Session ID: 0x200000000045
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation
Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55852
User Name:
Session ID: 0x200000000041
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55851
User Name:
Session ID: 0x20000000003D
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55850
User Name:
Session ID: 0x200000000039
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55849
User Name:
Session ID: 0x200000000035
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55848
User Name:
Session ID: 0x200000000031
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:
You should expect this
error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55847
User Name:
Session ID: 0x20000000002D
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.
This error can occur when
using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55846
User Name:
Session ID: 0x200000000029
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55845
User Name:
Session ID: 0x200000000025
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55844
User Name:
Session ID: 0x200000000021
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55843
User Name:
Session ID: 0x20000000001D
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:
You should expect this
error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55842
User Name:
Session ID: 0x200000000019
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.
This error can occur when
using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55841
User Name:
Session ID: 0x200000000015
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55840
User Name:
Session ID: 0x200000000011
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55839
User Name:
Session ID: 0x20000000000D
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55838
User Name:
Session ID: 0x200000000009
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled
2/9/2018 2:06:29 AM 551 Error SMB Session Authentication
Failure

Client Name:
\\172.16.203.224
Client Address:
172.16.203.224:55837
User Name:
Session ID: 0x200000000005
Status: The attempted
logon is invalid. This is
either due to a bad
username or authentication
information. (0xC000006D)
SPN: session setup failed
before the SPN could be
queried
SPN Validation Policy: SPN
optional / no validation

Guidance:

You should expect this


error when attempting to
connect to shares using
incorrect credentials.

This error does not always


indicate a problem with
authorization, but mainly
authentication. It is more
common with non-Windows
clients.

This error can occur when


using incorrect usernames
and passwords with NTLM,
mismatched LmCompatibility
settings between client
and server, an incorrect
service principal name,
duplicate Kerberos service
principal names, incorrect
Kerberos ticket-granting
service tickets, or Guest
accounts without Guest
access enabled

ProviderName: Microsoft-Windows-SMBWitnessClient

TimeCreated Id LevelDisplayName Message


----------- -- ---------------- -------
2/8/2018 9:36:15 PM 1 Error Witness Client
initialization failed with
error (The system cannot
find the file specified.)

>>>>>> Get-WinEvent Hyper-V

ProviderName: Microsoft-Windows-Hyper-V-Compute

TimeCreated Id LevelDisplayName Message


----------- -- ---------------- -------
5/29/2018 2:18:27 PM 1001 Information The Host Compute Service
started successfully.
5/29/2018 2:17:32 PM 1001 Information The Host Compute Service
started successfully.

ProviderName: Microsoft-Windows-Hyper-V-Compute

TimeCreated Id LevelDisplayName Message


----------- -- ---------------- -------
5/29/2018 2:18:27 PM 1000 Information The Host Compute Service
is starting.
5/29/2018 2:17:32 PM 1000 Information The Host Compute Service
is starting.

ProviderName: Microsoft-Windows-Hyper-V-VMMS
TimeCreated Id LevelDisplayName Message
----------- -- ---------------- -------
5/29/2018 2:19:37 PM 12514 Information Found a certificate for
server authentication.
Remote access to virtual
machines is now possible.
5/29/2018 2:18:28 PM 19020 Information The WMI provider
'VmmsWmiEventProvider' has
started.
5/29/2018 2:18:28 PM 19020 Information The WMI provider 'VmmsWmiIn
stanceAndMethodProvider'
has started.
5/29/2018 2:18:28 PM 14094 Information Virtual Machine Management
service is started
successfully.
5/29/2018 2:18:27 PM 33483 Information Incremental Replication
will timeout after 360
hours. Minimum value for
timeout is 6 hours.
5/29/2018 2:18:27 PM 33834 Information Hyper-V would age out CDP
reference points after 720
hours.
5/29/2018 2:18:27 PM 33481 Information Change tracking has
defined following limits
for pending log file size.
Error limit : 50% (Minimum
value 10%. Maximum value
100%).
Warning limit : 40%.
Information limit : 30%.
5/29/2018 2:18:27 PM 33480 Information Change tracking has
defined following limits
for free disk space.
Free Disk space error
limit 3072 MBs (Minimum
value can be 1024 MBs).
Free Disk space warning
limit 4915 MBs.
5/29/2018 2:18:27 PM 20410 Information Successfully started the
Virtual Machine migration
connection manager.
5/29/2018 2:18:27 PM 12514 Information Found a certificate for
server authentication.
Remote access to virtual
machines is now possible.
5/29/2018 2:18:27 PM 15350 Error The virtualization
infrastructure driver
(VID) is not running.
5/29/2018 2:18:27 PM 32607 Error The required GPU resources
could not be accessed.
This server cannot run as
a RemoteFX host without a
GPU. Verify that the GPU
is correctly installed.
5/29/2018 2:17:38 PM 19040 Information The WMI provider 'VmmsWmiIn
stanceAndMethodProvider'
has shut down.
5/29/2018 2:17:38 PM 19040 Information The WMI provider
'VmmsWmiEventProvider' has
shut down.
5/29/2018 2:17:38 PM 14100 Warning Shut down physical
computer. Stopping/saving
all virtual machines...
5/29/2018 2:17:32 PM 12514 Information Found a certificate for
server authentication.
Remote access to virtual
machines is now possible.
5/29/2018 2:17:32 PM 12514 Information Found a certificate for
server authentication.
Remote access to virtual
machines is now possible.
5/29/2018 2:17:32 PM 19020 Information The WMI provider
'VmmsWmiEventProvider' has
started.
5/29/2018 2:17:32 PM 19020 Information The WMI provider 'VmmsWmiIn
stanceAndMethodProvider'
has started.
5/29/2018 2:17:32 PM 15310 Information Created configuration
store for 'Snapshot Groups
Cache'.

>>>>>> Get-VMSwitch

Name : Default Switch


Id : c08cb7b8-9b3c-408e-8e30-5e16
a3aeb444
Notes :
Extensions : {Microsoft Windows
Filtering Platform,
Microsoft Azure VFP Switch
Extension, Microsoft NDIS
Capture}
BandwidthReservationMode : Absolute
PacketDirectEnabled : False
EmbeddedTeamingEnabled : False
IovEnabled : False
SwitchType : Internal
AllowManagementOS : True
NetAdapterInterfaceDescription :
NetAdapterInterfaceDescriptions :
NetAdapterInterfaceGuid :
IovSupport : False
IovSupportReasons :
AvailableIPSecSA : 0
NumberIPSecSAAllocated : 0
AvailableVMQueues : 0
NumberVmqAllocated : 0
IovQueuePairCount : 0
IovQueuePairsInUse : 0
IovVirtualFunctionCount : 0
IovVirtualFunctionsInUse : 0
PacketDirectInUse : False
DefaultQueueVrssEnabledRequested : True
DefaultQueueVrssEnabled : False
DefaultQueueVmmqEnabledRequested : False
DefaultQueueVmmqEnabled : False
DefaultQueueVrssMaxQueuePairsRequested : 16
DefaultQueueVrssMaxQueuePairs : 0
DefaultQueueVrssMinQueuePairsRequested : 1
DefaultQueueVrssMinQueuePairs : 0
DefaultQueueVrssQueueSchedulingModeRequested : StaticVrss
DefaultQueueVrssQueueSchedulingMode : StaticVrss
DefaultQueueVrssExcludePrimaryProcessorRequested : False
DefaultQueueVrssExcludePrimaryProcessor : False
BandwidthPercentage : 0
DefaultFlowMinimumBandwidthAbsolute : 0
DefaultFlowMinimumBandwidthWeight : 0
CimSession : CimSession: .
ComputerName : TASTY1
IsDeleted : False
DefaultQueueVmmqQueuePairs : 0
DefaultQueueVmmqQueuePairsRequested : 16

Name : nat
Id : 3cc4f2fa-f3a9-409b-ab8c-006e
13e7c678
Notes :
Extensions : {Microsoft Windows
Filtering Platform,
Microsoft Azure VFP Switch
Extension, Microsoft NDIS
Capture}
BandwidthReservationMode : Absolute
PacketDirectEnabled : False
EmbeddedTeamingEnabled : False
IovEnabled : False
SwitchType : Internal
AllowManagementOS : True
NetAdapterInterfaceDescription :
NetAdapterInterfaceDescriptions :
NetAdapterInterfaceGuid :
IovSupport : False
IovSupportReasons :
AvailableIPSecSA : 0
NumberIPSecSAAllocated : 0
AvailableVMQueues : 0
NumberVmqAllocated : 0
IovQueuePairCount : 0
IovQueuePairsInUse : 0
IovVirtualFunctionCount : 0
IovVirtualFunctionsInUse : 0
PacketDirectInUse : False
DefaultQueueVrssEnabledRequested : True
DefaultQueueVrssEnabled : False
DefaultQueueVmmqEnabledRequested : False
DefaultQueueVmmqEnabled : False
DefaultQueueVrssMaxQueuePairsRequested : 16
DefaultQueueVrssMaxQueuePairs : 0
DefaultQueueVrssMinQueuePairsRequested : 1
DefaultQueueVrssMinQueuePairs : 0
DefaultQueueVrssQueueSchedulingModeRequested : StaticVrss
DefaultQueueVrssQueueSchedulingMode : StaticVrss
DefaultQueueVrssExcludePrimaryProcessorRequested : False
DefaultQueueVrssExcludePrimaryProcessor : False
BandwidthPercentage : 0
DefaultFlowMinimumBandwidthAbsolute : 0
DefaultFlowMinimumBandwidthWeight : 0
CimSession : CimSession: .
ComputerName : TASTY1
IsDeleted : False
DefaultQueueVmmqQueuePairs : 0
DefaultQueueVmmqQueuePairsRequested : 16

>>>>>> Which VM uses DockerNAT?


>>>>>> Get-VMNetworkAdapter

>>>>>> Get-NetNAT

>>>>>> Get-NetIPAddress

IPAddress : fe80::6c7e:e017:7724:59ca%33
InterfaceIndex : 33
InterfaceAlias : vEthernet (nat)
AddressFamily : IPv6
Type : Unicast
PrefixLength : 64
PrefixOrigin : WellKnown
SuffixOrigin : Link
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : fe80::3903:bac5:b0a2:94d6%7
InterfaceIndex : 7
InterfaceAlias : vEthernet (Default Switch)
AddressFamily : IPv6
Type : Unicast
PrefixLength : 64
PrefixOrigin : WellKnown
SuffixOrigin : Link
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : fe80::c579:1c99:db0:4f73%4
InterfaceIndex : 4
InterfaceAlias : Ethernet 2
AddressFamily : IPv6
Type : Unicast
PrefixLength : 64
PrefixOrigin : WellKnown
SuffixOrigin : Link
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : fe80::504:74a0:82b0:e174%11
InterfaceIndex : 11
InterfaceAlias : Ethernet
AddressFamily : IPv6
Type : Unicast
PrefixLength : 64
PrefixOrigin : WellKnown
SuffixOrigin : Link
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : ::1
InterfaceIndex : 1
InterfaceAlias : Loopback Pseudo-Interface 1
AddressFamily : IPv6
Type : Unicast
PrefixLength : 128
PrefixOrigin : WellKnown
SuffixOrigin : WellKnown
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : 172.22.144.1
InterfaceIndex : 33
InterfaceAlias : vEthernet (nat)
AddressFamily : IPv4
Type : Unicast
PrefixLength : 20
PrefixOrigin : Manual
SuffixOrigin : Manual
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : 172.31.188.129
InterfaceIndex : 7
InterfaceAlias : vEthernet (Default Switch)
AddressFamily : IPv4
Type : Unicast
PrefixLength : 28
PrefixOrigin : Manual
SuffixOrigin : Manual
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore
IPAddress : 9.30.254.229
InterfaceIndex : 4
InterfaceAlias : Ethernet 2
AddressFamily : IPv4
Type : Unicast
PrefixLength : 21
PrefixOrigin : Dhcp
SuffixOrigin : Dhcp
AddressState : Preferred
ValidLifetime : 11:24:03
PreferredLifetime : 11:24:03
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : 172.16.161.246
InterfaceIndex : 11
InterfaceAlias : Ethernet
AddressFamily : IPv4
Type : Unicast
PrefixLength : 16
PrefixOrigin : Dhcp
SuffixOrigin : Dhcp
AddressState : Preferred
ValidLifetime : 11:24:03
PreferredLifetime : 11:24:03
SkipAsSource : False
PolicyStore : ActiveStore

IPAddress : 127.0.0.1
InterfaceIndex : 1
InterfaceAlias : Loopback Pseudo-Interface 1
AddressFamily : IPv4
Type : Unicast
PrefixLength : 8
PrefixOrigin : WellKnown
SuffixOrigin : WellKnown
AddressState : Preferred
ValidLifetime : Infinite ([TimeSpan]::MaxValue)
PreferredLifetime : Infinite ([TimeSpan]::MaxValue)
SkipAsSource : False
PolicyStore : ActiveStore

>>>>>> Get-NetIPInterface

ifIndex InterfaceAlias AddressFamily NlMtu(Bytes) InterfaceMet


ric
------- -------------- ------------- ------------ ------------
33 vEthernet (nat) IPv6 1500 15
7 vEthernet (Default Switch) IPv6 1500 15
4 Ethernet 2 IPv6 1500 15
11 Ethernet IPv6 1500 15
1 Loopback Pseudo-Interface 1 IPv6 4294967295 75
33 vEthernet (nat) IPv4 1500 15
7 vEthernet (Default Switch) IPv4 1500 15
4 Ethernet 2 IPv4 1500 15
11 Ethernet IPv4 1500 15
1 Loopback Pseudo-Interface 1 IPv4 4294967295 75

>>>>>> First DNS server


Server: fidns2.fyre.ibm.com
Address: 172.16.200.52

Name: localhost
Addresses: ::1
127.0.0.1

>>>>>> Test default DNS server


Non-authoritative answer:

Server: fidns2.fyre.ibm.com
Address: 172.16.200.52

Name: www.google.com
Addresses: 2607:f8b0:4000:80f::2004
172.217.9.164

>>>>>> Query DNS servers

PSComputerName : TASTY1
DHCPLeaseExpires : 19700101050019.000000-420
Index : 10
Description : Red Hat VirtIO Ethernet Adapter #2
DHCPEnabled : True
DHCPLeaseObtained : 19691231170019.000000-420
DHCPServer : 9.30.248.251
DNSDomain : fyre.ibm.com
DNSDomainSuffixSearchOrder : {fyre.ibm.com}
DNSEnabledForWINSResolution : False
DNSHostName : tasty1
DNSServerSearchOrder : {172.16.200.52, 172.16.200.50}
DomainDNSRegistrationEnabled : False
FullDNSRegistrationEnabled : True
IPAddress : {9.30.254.229, fe80::c579:1c99:db0:4f73}
IPConnectionMetric : 15
IPEnabled : True
IPFilterSecurityEnabled : False
WINSEnableLMHostsLookup : True
WINSHostLookupFile :
WINSPrimaryServer :
WINSScopeID :
WINSSecondaryServer :
__GENUS : 2
__CLASS : Win32_NetworkAdapterConfiguration
__SUPERCLASS : CIM_Setting
__DYNASTY : CIM_Setting
__RELPATH : Win32_NetworkAdapterConfiguration.Index=10
__PROPERTY_COUNT : 61
__DERIVATION : {CIM_Setting}
__SERVER : TASTY1
__NAMESPACE : root\cimv2
__PATH : \\TASTY1\root\cimv2:Win32_NetworkAdapterConfigur
ation.Index=10
ArpAlwaysSourceRoute :
ArpUseEtherSNAP :
Caption : [00000010] Red Hat VirtIO Ethernet Adapter
DatabasePath : %SystemRoot%\System32\drivers\etc
DeadGWDetectEnabled :
DefaultIPGateway : {9.30.248.1}
DefaultTOS :
DefaultTTL :
ForwardBufferMemory :
GatewayCostMetric : {0}
IGMPLevel :
InterfaceIndex : 4
IPPortSecurityEnabled :
IPSecPermitIPProtocols : {}
IPSecPermitTCPPorts : {}
IPSecPermitUDPPorts : {}
IPSubnet : {255.255.248.0, 64}
IPUseZeroBroadcast :
IPXAddress :
IPXEnabled :
IPXFrameType :
IPXMediaType :
IPXNetworkNumber :
IPXVirtualNetNumber :
KeepAliveInterval :
KeepAliveTime :
MACAddress : 00:20:09:1E:FE:E5
MTU :
NumForwardPackets :
PMTUBHDetectEnabled :
PMTUDiscoveryEnabled :
ServiceName : netkvm
SettingID : {468CBC8C-3C7A-4216-8B00-B71B51458D17}
TcpipNetbiosOptions : 0
TcpMaxConnectRetransmissions :
TcpMaxDataRetransmissions :
TcpNumConnections :
TcpUseRFC1122UrgentPointer :
TcpWindowSize :
Scope : System.Management.ManagementScope
Path : \\TASTY1\root\cimv2:Win32_NetworkAdapterConfigur
ation.Index=10
Options : System.Management.ObjectGetOptions
ClassPath : \\TASTY1\root\cimv2:Win32_NetworkAdapterConfigur
ation
Properties : {ArpAlwaysSourceRoute, ArpUseEtherSNAP,
Caption, DatabasePath...}
SystemProperties : {__GENUS, __CLASS, __SUPERCLASS, __DYNASTY...}
Qualifiers : {dynamic, Locale, provider, UUID}
Site :
Container :

>>>>>> Internet settings


User Agent : Mozilla/4.0 (compatible; MSIE 8.0; Win32)
IE5_UA_Backup_Flag : 5.0
ZonesSecurityUpgrade : {242, 139, 64, 77...}
EnableNegotiate : 1
ProxyEnable : 0
PSPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\So
ftware\Microsoft\Windows\CurrentVersion\Internet
Settings
PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_CURRENT_USER\So
ftware\Microsoft\Windows\CurrentVersion
PSChildName : Internet Settings
PSDrive : HKCU
PSProvider : Microsoft.PowerShell.Core\Registry

>>>>>> netstat -abno

Active Connections

Proto Local Address Foreign Address State PID


TCP 0.0.0.0:22 0.0.0.0:0 LISTENING 4960
[sshd.exe]
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 668
RpcSs
[svchost.exe]
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING 4060
[vmms.exe]
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1244
TermService
[svchost.exe]
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:7680 0.0.0.0:0 LISTENING 10208
DoSvc
[svchost.exe]
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 672
Can not obtain ownership information
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1512
EventLog
[svchost.exe]
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1972
Schedule
[svchost.exe]
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2716
SessionEnv
[svchost.exe]
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3012
[spoolsv.exe]
TCP 0.0.0.0:49682 0.0.0.0:0 LISTENING 3484
PolicyAgent
[svchost.exe]
TCP 0.0.0.0:49683 0.0.0.0:0 LISTENING 828
Can not obtain ownership information
TCP 0.0.0.0:49704 0.0.0.0:0 LISTENING 836
[lsass.exe]
TCP 9.30.254.229:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 9.30.254.229:3389 9.65.224.39:62107 ESTABLISHED 1244
TermService
[svchost.exe]
TCP 9.30.254.229:5040 0.0.0.0:0 LISTENING 9808
CDPSvc
[svchost.exe]
TCP 9.30.254.229:50366 52.173.24.17:443 ESTABLISHED 3764
WpnService
[svchost.exe]
TCP 9.30.254.229:50429 13.107.6.254:443 ESTABLISHED 8612
[SearchUI.exe]
TCP 9.30.254.229:53284 64.4.54.254:443 TIME_WAIT 0
TCP 9.30.254.229:53295 52.3.45.201:443 ESTABLISHED 6864
[Docker for Windows.exe]
TCP 9.30.254.229:53296 54.187.120.229:443 TIME_WAIT 0
TCP 172.16.161.246:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 172.16.161.246:5040 0.0.0.0:0 LISTENING 9808
CDPSvc
[svchost.exe]
TCP 172.16.161.246:7680 172.16.209.216:55303 TIME_WAIT 0
TCP 172.16.161.246:7680 172.16.209.216:55307 TIME_WAIT 0
TCP 172.16.161.246:7680 172.16.209.216:55312 TIME_WAIT 0
TCP 172.16.161.246:7680 172.16.209.216:55313 TIME_WAIT 0
TCP 172.16.161.246:7680 172.16.209.216:55317 TIME_WAIT 0
TCP 172.16.161.246:7680 172.16.209.216:55318 TIME_WAIT 0
TCP 172.16.161.246:53122 172.16.245.19:7680 ESTABLISHED 10208
DoSvc
[svchost.exe]
TCP 172.22.144.1:53 0.0.0.0:0 LISTENING 10996
[dockerd.exe]
TCP 172.22.144.1:139 0.0.0.0:0 LISTENING 4
Can not obtain ownership information
TCP 172.31.188.129:5040 0.0.0.0:0 LISTENING 9808
CDPSvc
[svchost.exe]
TCP [::]:22 [::]:0 LISTENING 4960
[sshd.exe]
TCP [::]:135 [::]:0 LISTENING 668
RpcSs
[svchost.exe]
TCP [::]:445 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:2179 [::]:0 LISTENING 4060
[vmms.exe]
TCP [::]:3389 [::]:0 LISTENING 1244
TermService
[svchost.exe]
TCP [::]:5357 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:5985 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:7680 [::]:0 LISTENING 10208
DoSvc
[svchost.exe]
TCP [::]:47001 [::]:0 LISTENING 4
Can not obtain ownership information
TCP [::]:49664 [::]:0 LISTENING 672
Can not obtain ownership information
TCP [::]:49665 [::]:0 LISTENING 1512
EventLog
[svchost.exe]
TCP [::]:49666 [::]:0 LISTENING 1972
Schedule
[svchost.exe]
TCP [::]:49667 [::]:0 LISTENING 2716
SessionEnv
[svchost.exe]
TCP [::]:49668 [::]:0 LISTENING 3012
[spoolsv.exe]
TCP [::]:49682 [::]:0 LISTENING 3484
PolicyAgent
[svchost.exe]
TCP [::]:49683 [::]:0 LISTENING 828
Can not obtain ownership information
TCP [::]:49704 [::]:0 LISTENING 836
[lsass.exe]
TCP [::1]:53361 [::1]:5357 TIME_WAIT 0
TCP [::1]:53363 [::1]:5357 TIME_WAIT 0
TCP [::1]:53364 [::1]:5357 TIME_WAIT 0
TCP [::1]:53365 [::1]:5357 TIME_WAIT 0
TCP [::1]:53366 [::1]:5357 TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53358 [fe80::c08b:a2b8:3647:1101%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53359 [fe80::7dbc:4e5b:13c3:f89c%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53362 [fe80::d197:2061:83bc:5356%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53367 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53369 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53370 [fe80::f841:ae60:b5f:acf5%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53371 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53372 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53373 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53374 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53375 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53376 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53377 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53378 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53379 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53380 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53381 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53382 [fe80::bca6:a072:9fa6:c0a4%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53383 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53384 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53386 [fe80::349f:30f:1e06:c7e2%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53387 [fe80::28c1:b402:f181:a18f%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53388 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53389 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53390 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53391 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53394 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53395 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53397 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53398 [fe80::1922:1a4e:5bf6:5541%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53399 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53400 [fe80::8006:ddad:50b5:2bf7%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53401 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53402 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53403 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53404 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53406 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53407 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53408 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53409 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53410 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53411 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53412 [fe80::6d06:9190:4a59:54a8%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53413 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53414 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53416 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53417 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53418 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53419 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53420 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53421 [fe80::958e:63bf:b862:37b9%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53422 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53423 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53424 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53425 [fe80::e43c:a4ed:4051:def6%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53426 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53427 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53428 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53429 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53430 [fe80::bc1b:3e4e:fdd0:c2ec%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53431 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53432 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53433 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53434 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53435 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53436 [fe80::4500:618d:6e1:dec5%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53437 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53438 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53439 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53440 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53441 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53442 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53443 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53444 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53445 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53446 [fe80::1b4:4082:5809:ebed%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53447 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53448 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53450 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53451 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53452 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53453 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53454 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53455 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53456 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53457 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53458 [fe80::8da6:7e74:8b1f:2576%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53459 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53461 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53462 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53463 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53464 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53465 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53466 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53467 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53468 [fe80::8104:1bce:f0e7:ff8%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53469 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53470 [fe80::f020:9584:9dfb:f8b1%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53471 [fe80::207e:c1e2:df1a:39a%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53472 [fe80::207e:c1e2:df1a:39a%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53473 [fe80::207e:c1e2:df1a:39a%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53474 [fe80::207e:c1e2:df1a:39a%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53475 [fe80::207e:c1e2:df1a:39a%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53476 [fe80::49be:f94f:6def:69f8%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53477 [fe80::207e:c1e2:df1a:39a%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53479 [fe80::70a5:5b04:12f6:c51%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53481 [fe80::8a8:1be6:6e0e:30b6%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53485 [fe80::8da6:7e74:8b1f:2576%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53489 [fe80::4500:618d:6e1:dec5%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53493 [fe80::38fb:684d:a880:fa8b%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53498 [fe80::c08b:a2b8:3647:1101%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53499 [fe80::e43c:a4ed:4051:def6%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53517 [fe80::f404:89fc:4737:c073%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53524 [fe80::8548:fc43:e7b4:d27b%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53527 [fe80::d060:6324:5b06:8e9e%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53535 [fe80::d197:2061:83bc:5356%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53539 [fe80::1922:1a4e:5bf6:5541%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53544 [fe80::49be:f94f:6def:69f8%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53581 [fe80::c0c8:2f35:3648:2e5b%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53595 [fe80::bc1b:3e4e:fdd0:c2ec%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53607 [fe80::28c1:b402:f181:a18f%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53615 [fe80::1b4:4082:5809:ebed%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53617 [fe80::387e:2971:8171:5441%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53628 [fe80::14d2:f260:72fa:6c74%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53634 [fe80::c98c:ad87:2460:564d%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53639 [fe80::6d06:9190:4a59:54a8%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53641 [fe80::349f:30f:1e06:c7e2%11]:5357
TIME_WAIT 0
TCP [fe80::504:74a0:82b0:e174%11]:53654 [fe80::f841:ae60:b5f:acf5%11]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53360 [fe80::c562:416:20dd:1fa6%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53368 [fe80::f53a:dc32:5557:1e9b%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53385 [fe80::c7f:a537:ad13:729%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53392 [fe80::d90f:abf9:d555:31f7%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53393 [fe80::cdd6:2c37:9e7d:821d%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53396 [fe80::c48e:2aa7:3dee:414a%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53405 [fe80::ed12:cbe2:b693:f200%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53415 [fe80::ac7c:e7e5:d285:4b4b%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53449 [fe80::7cb6:7073:f066:984e%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53460 [fe80::f152:14c7:96e8:7e64%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53480 [fe80::e5bc:cc4:ea2:ef20%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53482 [fe80::e5bc:cc4:ea2:ef20%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53483 [fe80::e5bc:cc4:ea2:ef20%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53484 [fe80::e5bc:cc4:ea2:ef20%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53486 [fe80::e5bc:cc4:ea2:ef20%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53487 [fe80::e5bc:cc4:ea2:ef20%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53488 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53490 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53491 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53492 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53494 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53495 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53496 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53497 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53500 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53501 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53502 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53503 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53504 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53505 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53506 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53507 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53508 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53509 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53510 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53511 [fe80::f152:14c7:96e8:7e64%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53512 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53513 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53514 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53515 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53516 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53518 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53519 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53520 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53521 [fe80::543:eda1:a13b:8d3c%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53522 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53523 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53525 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53526 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53528 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53529 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53530 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53531 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53532 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53533 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53534 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53536 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53537 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53538 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53540 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53541 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53542 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53543 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53545 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53546 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53547 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53548 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53549 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53550 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53551 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53552 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53553 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53554 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53555 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53556 [fe80::5dc0:511c:d586:8eca%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53557 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53558 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53559 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53560 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53561 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53562 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53563 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53564 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53565 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53566 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53567 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53568 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53569 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53570 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53571 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53572 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53573 [fe80::ed12:cbe2:b693:f200%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53574 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53575 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53576 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53577 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53578 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53579 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53580 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53582 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53583 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53584 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53585 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53586 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53587 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53588 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53589 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53590 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53591 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53592 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53593 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53594 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53596 [fe80::c7f:a537:ad13:729%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53597 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53598 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53599 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53600 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53601 [fe80::9cca:cdf1:f731:72dd%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53602 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53603 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53604 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53605 [fe80::ac7c:e7e5:d285:4b4b%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53606 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53608 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53609 [fe80::c562:416:20dd:1fa6%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53610 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53611 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53612 [fe80::929:b798:d675:2773%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53613 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53614 [fe80::cdd6:2c37:9e7d:821d%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53616 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53618 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53619 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53620 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53621 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53622 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53623 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53624 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53625 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53626 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53627 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53629 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53630 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53631 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53632 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53633 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53635 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53636 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53637 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53638 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53640 [fe80::f53a:dc32:5557:1e9b%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53642 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53643 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53644 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53645 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53646 [fe80::c48e:2aa7:3dee:414a%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53647 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53648 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53649 [fe80::4c11:7d9b:7c88:1ae2%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53650 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53651 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53652 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53653 [fe80::d90f:abf9:d555:31f7%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53655 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53656 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53657 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53658 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
TCP [fe80::c579:1c99:db0:4f73%4]:53659 [fe80::3066:b2fb:1019:1d06%4]:5357
TIME_WAIT 0
UDP 0.0.0.0:53 *:* 5900
SharedAccess
[svchost.exe]
UDP 0.0.0.0:68 *:* 1820
Dhcp
[svchost.exe]
UDP 0.0.0.0:500 *:* 3476
IKEEXT
[svchost.exe]
UDP 0.0.0.0:3389 *:* 1244
TermService
[svchost.exe]
UDP 0.0.0.0:3702 *:* 3080
FDResPub
[svchost.exe]
UDP 0.0.0.0:3702 *:* 3044
fdPHost
[svchost.exe]
UDP 0.0.0.0:3702 *:* 3044
fdPHost
[svchost.exe]
UDP 0.0.0.0:3702 *:* 3080
FDResPub
[svchost.exe]
UDP 0.0.0.0:4500 *:* 3476
IKEEXT
[svchost.exe]
UDP 0.0.0.0:5050 *:* 9808
CDPSvc
[svchost.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 2320
Dnscache
[svchost.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5353 *:* 9508
[chrome.exe]
UDP 0.0.0.0:5355 *:* 2320
Dnscache
[svchost.exe]
UDP 0.0.0.0:53159 *:* 3044
fdPHost
[svchost.exe]
UDP 0.0.0.0:54387 *:* 9508
[chrome.exe]
UDP 0.0.0.0:59644 *:* 3080
FDResPub
[svchost.exe]
UDP 0.0.0.0:59710 *:* 5900
SharedAccess
[svchost.exe]
UDP 0.0.0.0:59711 *:* 5900
SharedAccess
[svchost.exe]
UDP 0.0.0.0:63036 *:* 2320
Dnscache
[svchost.exe]
UDP 9.30.254.229:137 *:* 4
Can not obtain ownership information
UDP 9.30.254.229:138 *:* 4
Can not obtain ownership information
UDP 9.30.254.229:1900 *:* 3788
SSDPSRV
[svchost.exe]
UDP 9.30.254.229:59706 *:* 3788
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:1900 *:* 3788
SSDPSRV
[svchost.exe]
UDP 127.0.0.1:59648 *:* 4012
iphlpsvc
[svchost.exe]
UDP 127.0.0.1:59709 *:* 3788
SSDPSRV
[svchost.exe]
UDP 172.16.161.246:137 *:* 4
Can not obtain ownership information
UDP 172.16.161.246:138 *:* 4
Can not obtain ownership information
UDP 172.16.161.246:1900 *:* 3788
SSDPSRV
[svchost.exe]
UDP 172.16.161.246:59705 *:* 3788
SSDPSRV
[svchost.exe]
UDP 172.22.144.1:53 *:* 10996
[dockerd.exe]
UDP 172.22.144.1:137 *:* 4
Can not obtain ownership information
UDP 172.22.144.1:138 *:* 4
Can not obtain ownership information
UDP 172.22.144.1:1900 *:* 3788
SSDPSRV
[svchost.exe]
UDP 172.22.144.1:59708 *:* 3788
SSDPSRV
[svchost.exe]
UDP 172.31.188.129:67 *:* 5900
SharedAccess
[svchost.exe]
UDP 172.31.188.129:68 *:* 5900
SharedAccess
[svchost.exe]
UDP 172.31.188.129:1900 *:* 3788
SSDPSRV
[svchost.exe]
UDP 172.31.188.129:59707 *:* 3788
SSDPSRV
[svchost.exe]
UDP [::]:500 *:* 3476
IKEEXT
[svchost.exe]
UDP [::]:3389 *:* 1244
TermService
[svchost.exe]
UDP [::]:3702 *:* 3080
FDResPub
[svchost.exe]
UDP [::]:3702 *:* 3080
FDResPub
[svchost.exe]
UDP [::]:3702 *:* 3044
fdPHost
[svchost.exe]
UDP [::]:3702 *:* 3044
fdPHost
[svchost.exe]
UDP [::]:4500 *:* 3476
IKEEXT
[svchost.exe]
UDP [::]:5353 *:* 9508
[chrome.exe]
UDP [::]:5353 *:* 9508
[chrome.exe]
UDP [::]:5353 *:* 2320
Dnscache
[svchost.exe]
UDP [::]:5353 *:* 9508
[chrome.exe]
UDP [::]:5353 *:* 9508
[chrome.exe]
UDP [::]:5355 *:* 2320
Dnscache
[svchost.exe]
UDP [::]:53160 *:* 3044
fdPHost
[svchost.exe]
UDP [::]:59645 *:* 3080
FDResPub
[svchost.exe]
UDP [::]:59712 *:* 5900
SharedAccess
[svchost.exe]
UDP [::]:63036 *:* 2320
Dnscache
[svchost.exe]
UDP [::1]:1900 *:* 3788
SSDPSRV
[svchost.exe]
UDP [::1]:59704 *:* 3788
SSDPSRV
[svchost.exe]
UDP [fe80::504:74a0:82b0:e174%11]:1900 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::504:74a0:82b0:e174%11]:59700 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::3903:bac5:b0a2:94d6%7]:1900 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::3903:bac5:b0a2:94d6%7]:59702 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::6c7e:e017:7724:59ca%33]:1900 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::6c7e:e017:7724:59ca%33]:59703 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::c579:1c99:db0:4f73%4]:1900 *:*
3788
SSDPSRV
[svchost.exe]
UDP [fe80::c579:1c99:db0:4f73%4]:59701 *:*
3788
SSDPSRV
[svchost.exe]
>>>>>> netstat -rs
IPv4 Statistics

Packets Received = 1482913


Received Header Errors = 0
Received Address Errors = 995
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 6648
Received Packets Delivered = 771666
Output Requests = 146882
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 3
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

IPv6 Statistics

Packets Received = 139002


Received Header Errors = 0
Received Address Errors = 0
Datagrams Forwarded = 0
Unknown Protocols Received = 0
Received Packets Discarded = 1246
Received Packets Delivered = 138360
Output Requests = 7775
Routing Discards = 0
Discarded Output Packets = 0
Output Packet No Route = 0
Reassembly Required = 0
Reassembly Successful = 0
Reassembly Failures = 0
Datagrams Successfully Fragmented = 0
Datagrams Failing Fragmentation = 0
Fragments Created = 0

ICMPv4 Statistics

Received Sent
Messages 219 57
Errors 0 0
Destination Unreachable 0 57
Time Exceeded 0 0
Parameter Problems 0 0
Source Quenches 0 0
Redirects 0 0
Echo Replies 0 0
Echos 219 0
Timestamps 0 0
Timestamp Replies 0 0
Address Masks 0 0
Address Mask Replies 0 0
Router Solicitations 0 0
Router Advertisements 0 0
ICMPv6 Statistics

Received Sent
Messages 979 1000
Errors 0 0
Destination Unreachable 0 2
Packet Too Big 0 0
Time Exceeded 0 0
Parameter Problems 0 0
Echos 0 0
Echo Replies 0 0
MLD Queries 0 0
MLD Reports 0 0
MLD Dones 0 0
Router Solicitations 0 12
Router Advertisements 0 0
Neighbor Solicitations 501 481
Neighbor Advertisements 479 505
Redirects 0 0
Router Renumberings 0 0

TCP Statistics for IPv4

Active Opens = 845


Passive Opens = 67
Failed Connection Attempts = 2
Reset Connections = 56
Current Connections = 5
Segments Received = 648047
Segments Sent = 172135
Segments Retransmitted = 738

TCP Statistics for IPv6

Active Opens = 863


Passive Opens = 9
Failed Connection Attempts = 3
Reset Connections = 1
Current Connections = 0
Segments Received = 4471
Segments Sent = 6130
Segments Retransmitted = 7

UDP Statistics for IPv4

Datagrams Received = 121564


No Ports = 7040
Receive Errors = 107
Datagrams Sent = 3209

UDP Statistics for IPv6

Datagrams Received = 69439


No Ports = 1195
Receive Errors = 51
Datagrams Sent = 645
===========================================================================
Interface List
11...00 16 3e 01 a1 f6 ......Red Hat VirtIO Ethernet Adapter
4...00 20 09 1e fe e5 ......Red Hat VirtIO Ethernet Adapter #2
7...02 15 51 99 18 dd ......Hyper-V Virtual Ethernet Adapter
33...00 15 5d 99 6a f9 ......Hyper-V Virtual Ethernet Adapter #2
1...........................Software Loopback Interface 1
===========================================================================

IPv4 Route Table


===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 9.30.248.1 9.30.254.229 15
9.30.248.0 255.255.248.0 On-link 9.30.254.229 271
9.30.254.229 255.255.255.255 On-link 9.30.254.229 271
9.30.255.255 255.255.255.255 On-link 9.30.254.229 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.16.0.0 255.255.0.0 On-link 172.16.161.246 271
172.16.161.246 255.255.255.255 On-link 172.16.161.246 271
172.16.255.255 255.255.255.255 On-link 172.16.161.246 271
172.22.144.0 255.255.240.0 On-link 172.22.144.1 271
172.22.144.1 255.255.255.255 On-link 172.22.144.1 271
172.22.159.255 255.255.255.255 On-link 172.22.144.1 271
172.31.188.128 255.255.255.240 On-link 172.31.188.129 271
172.31.188.129 255.255.255.255 On-link 172.31.188.129 271
172.31.188.143 255.255.255.255 On-link 172.31.188.129 271
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.16.161.246 271
224.0.0.0 240.0.0.0 On-link 9.30.254.229 271
224.0.0.0 240.0.0.0 On-link 172.31.188.129 271
224.0.0.0 240.0.0.0 On-link 172.22.144.1 271
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.16.161.246 271
255.255.255.255 255.255.255.255 On-link 9.30.254.229 271
255.255.255.255 255.255.255.255 On-link 172.31.188.129 271
255.255.255.255 255.255.255.255 On-link 172.22.144.1 271
===========================================================================
Persistent Routes:
None

IPv6 Route Table


===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
11 271 fe80::/64 On-link
4 271 fe80::/64 On-link
7 271 fe80::/64 On-link
33 271 fe80::/64 On-link
11 271 fe80::504:74a0:82b0:e174/128
On-link
7 271 fe80::3903:bac5:b0a2:94d6/128
On-link
33 271 fe80::6c7e:e017:7724:59ca/128
On-link
4 271 fe80::c579:1c99:db0:4f73/128
On-link
1 331 ff00::/8 On-link
11 271 ff00::/8 On-link
4 271 ff00::/8 On-link
7 271 ff00::/8 On-link
33 271 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
>>>>>> net share
New connections will be remembered.

There are no entries in the list.

>>>>>> Firewall
NAME;DIRECTION;PROTOCOL;ACTION;LOCAL;PORTS;REMOTE;PORTS;APPLICATION;PROFILE
Internet Connection Sharing (SharedAccess-
Out);Out;any;Allow;*;;*;;C:\Windows\system32\svchost.exe;domain|private|public
Internet Connection Sharing (DHCPv4-
In);In;udp;Allow;*;68;*;*;C:\Windows\system32\svchost.exe;domain|private|public
Internet Connection Sharing (DHCP Server-
In);In;udp;Allow;*;67;*;*;C:\Windows\system32\svchost.exe;domain|private|public
@{Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c?ms-
resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName};In;any;Allow;*;;*;;
;domain|private
@{Microsoft.SkypeApp_12.1815.209.0_x64__kzf8qxf38zg5c?ms-
resource://Microsoft.SkypeApp/Resources/SkypeVideo_ProductName};Out;any;Allow;*;;*;
;;domain|private|public
Microsoft Solitaire Collection;Out;any;Allow;*;;*;;;domain|private|public
@{microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe?ms-
resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDes
ktop_DisplayName};In;any;Allow;*;;*;;;domain|private|public
@{microsoft.windowscommunicationsapps_17.9226.21755.0_x64__8wekyb3d8bbwe?ms-
resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDes
ktop_DisplayName};Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Windows.Photos/Resources/AppStoreName};In;any;Allow;*;;*;;;dom
ain|private|public
@{Microsoft.Windows.Photos_2018.18041.15210.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Windows.Photos/Resources/AppStoreName};Out;any;Allow;*;;*;;;do
main|private|public
@{Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME};In;any;Allow;
*;;*;;;domain|private
@{Microsoft.ZuneVideo_10.18041.14611.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.ZuneVideo/resources/IDS_MANIFEST_VIDEO_APP_NAME};Out;any;Allow
;*;;*;;;domain|private|public
@{Microsoft.ZuneMusic_10.18041.14611.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME};In;any;Allow;
*;;*;;;domain|private
@{Microsoft.ZuneMusic_10.18041.14611.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.ZuneMusic/resources/IDS_MANIFEST_MUSIC_APP_NAME};Out;any;Allow
;*;;*;;;domain|private|public
OneNote;In;any;Allow;*;;*;;;domain|private
OneNote;Out;any;Allow;*;;*;;;domain|private|public
Eclipse Manager;Out;any;Allow;*;;*;;;domain|private|public
Xbox;In;any;Allow;*;;*;;;domain|private|public
Xbox;Out;any;Allow;*;;*;;;domain|private|public
Sway;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsStore/Resources/StoreTitle};In;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.WindowsStore_11804.1001.10.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsStore/Resources/StoreTitle};Out;any;Allow;*;;*;;;domain
|private|public
@{Microsoft.MSPaint_4.1805.15037.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.MSPaint/resources/AppName};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.BingNews_4.24.11382.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.BingNews/Resources/ApplicationTitleWithBranding};Out;any;Allow
;*;;*;;;domain|private|public
@{Microsoft.OneConnect_3.1710.3044.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.OneConnect/OneConnect/AppStoreName};In;any;Allow;*;;*;;;domain
|private
@{Microsoft.OneConnect_3.1710.3044.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.OneConnect/OneConnect/AppStoreName};Out;any;Allow;*;;*;;;domai
n|private|public
@{Microsoft.WindowsCalculator_10.1804.911.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsCalculator/Resources/AppStoreName};Out;any;Allow;*;;*;;
;domain|private|public
Xbox Game bar;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Display
Name};In;any;Allow;*;;*;;;domain|private
@{Microsoft.MicrosoftOfficeHub_17.9328.1700.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftOfficeHub/officehubintl/AppManifest_GetOffice_Display
Name};Out;any;Allow;*;;*;;;domain|private|public
Pandora;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.Microsoft3DViewer_4.1804.19012.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Microsoft3DViewer/Common.View.UWP/Resources/StoreAppName};Out;
any;Allow;*;;*;;;domain|private|public
@{AdobeSystemsIncorporated.AdobePhotoshopExpress_2.3.196.0_x64__ynb6jyjzte8ga?ms-
resource://AdobeSystemsIncorporated.AdobePhotoshopExpress/CommonClassLibrary/resour
ces/AppNameNewTitle};Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.BingWeather_4.24.11294.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.BingWeather/Resources/ApplicationTitleWithBranding};Out;any;Al
low;*;;*;;;domain|private|public
@{Microsoft.WindowsFeedbackHub_1.1712.1141.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName};In;any;Allow;*;;*;;
;domain|private
@{Microsoft.WindowsFeedbackHub_1.1712.1141.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsFeedbackHub/Resources/AppStoreName};Out;any;Allow;*;;*;
;;domain|private|public
@{Microsoft.StorePurchaseApp_11804.1001.9.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.StorePurchaseApp/Resources/DisplayTitle};Out;any;Allow;*;;*;;;
domain|private|public
@{Microsoft.DesktopAppInstaller_1.0.20921.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.DesktopAppInstaller/Resources/appDisplayName};In;any;Allow;*;;
*;;;domain|private
@{Microsoft.DesktopAppInstaller_1.0.20921.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.DesktopAppInstaller/Resources/appDisplayName};Out;any;Allow;*;
;*;;;domain|private|public
@{Microsoft.Getstarted_6.10.10872.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Getstarted/Resources/AppStoreName};Out;any;Allow;*;;*;;;domain
|private|public
Code Writer;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.WindowsCamera_2018.227.30.1000_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsCamera/Resources/AppStoreName};Out;any;Allow;*;;*;;;dom
ain|private|public
Microsoft Sticky Notes;In;any;Allow;*;;*;;;domain|private
Microsoft Sticky Notes;Out;any;Allow;*;;*;;;domain|private|public
Print 3D;In;any;Allow;*;;*;;;domain|private
Print 3D;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.GetHelp_10.1706.10952.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.GetHelp/Resources/appDisplayName};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.WindowsMaps_5.1711.10477.1000_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsMaps/Resources/AppStoreName};Out;any;Allow;*;;*;;;domai
n|private|public
@{D5EA27B7.Duolingo-LearnLanguagesforFree_2017.112.1.0_x64__yx6k7tf7xvsea?ms-
resource://D5EA27B7.Duolingo-
LearnLanguagesforFree/Resources/AppName};Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.RemoteDesktop_10.1.1042.0_x86__8wekyb3d8bbwe?ms-
resource://Microsoft.RemoteDesktop/Resources/Appname};In;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.RemoteDesktop_10.1.1042.0_x86__8wekyb3d8bbwe?ms-
resource://Microsoft.RemoteDesktop/Resources/Appname};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.People_10.3.3472.1000_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.People/Resources/AppStoreName};Out;any;Allow;*;;*;;;domain|
private|public
DNS Server Forward Rule - UDP - a8f06e24-459b-4d49-9ae9-c544ebf69c61 -
0;In;udp;Allow;*;53;*;*;;All
DNS Server Forward Rule - TCP - a8f06e24-459b-4d49-9ae9-c544ebf69c61 -
0;In;tcp;Allow;*;53;*;*;;All
Hyper-V
(REMOTE_DESKTOP_TCP_IN);In;tcp;Allow;*;2179;*;*;C:\Windows\system32\vmms.exe;All
Hyper-V (MIG-TCP-In);In;tcp;Allow;*;6600;*;*;C:\Windows\system32\vmms.exe;All
Hyper-V (RPC);In;tcp;Allow;*;RPC,;*;*;System;All
Hyper-V (RPC-EPMAP);In;tcp;Allow;*;RPC-EPMap,;*;*;System;All
Hyper-V - WMI (Async-
In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\wbem\unsecapp.exe;All
Hyper-V - WMI (TCP-Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;All
Hyper-V - WMI (TCP-In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;All
Hyper-V - WMI (DCOM-In);In;tcp;Allow;*;135;*;*;C:\Windows\system32\svchost.exe;All
@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-218;In;tcp;Allow;*;*;*;*;$
(runtime.system32)\wbem\unsecapp.exe;All
@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-216;Out;tcp;Allow;*;*;*;*;$
(runtime.system32)\svchost.exe;All
@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-214;In;tcp;Allow;*;*;*;*;$
(runtime.system32)\svchost.exe;All
@$(runtime.ProgramFiles)\Hyper-V\SnapInAbout.dll,-212;In;tcp;Allow;*;135;*;*;$
(runtime.system32)\svchost.exe;All
DNS Server Forward Rule - UDP - 43991f1d-ffa8-4ac4-a81a-bf4a6f0d171e -
0;In;udp;Allow;*;53;*;*;;All
DNS Server Forward Rule - TCP - 43991f1d-ffa8-4ac4-a81a-bf4a6f0d171e -
0;In;tcp;Allow;*;53;*;*;;All
@{Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txy
ewy?ms-
resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName};Out;a
ny;Allow;*;;*;;;domain|private|public
@{Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftEdge/Resources/AppName};In;any;Allow;*;;*;;;domain|
private
@{Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftEdge/Resources/AppName};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Cortana/resources/PackageDisplayName};In;any;Allow;*;;
*;;;domain|private
@{Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Cortana/resources/PackageDisplayName};Out;any;Allow;*;
;*;;;domain|private|public
@{Microsoft.Windows.ShellExperienceHost_10.0.16299.371_neutral_neutral_cw5n1h2txyew
y?ms-
resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};In;any;A
llow;*;;*;;;domain|private
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName};In;any;Allow;*;
;*;;;domain|private
@{Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName};Out;any;Allow;*
;;*;;;domain|private|public
windows_ie_ac_001;Out;any;Allow;*;;*;;;domain|private|public
Google Chrome (mDNS-In);In;udp;Allow;*;5353;*;*;C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe;All
Shell Input Application;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.SecHealthUI_10.0.16299.334_neutral__cw5n1h2txyewy?ms-
resource://Microsoft.Windows.SecHealthUI/resources/PackageDisplayName};Out;any;Allo
w;*;;*;;;domain|private|public
@{Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftEdge/Resources/AppName};In;any;Allow;*;;*;;;domain|
private
@{Microsoft.MicrosoftEdge_41.16299.371.0_neutral__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftEdge/Resources/AppName};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Cortana/resources/PackageDisplayName};In;any;Allow;*;;
*;;;domain|private
@{Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Cortana/resources/PackageDisplayName};Out;any;Allow;*;
;*;;;domain|private|public
windows_ie_ac_001;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.ShellExperienceHost_10.0.16299.371_neutral_neutral_cw5n1h2txyew
y?ms-
resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.XboxIdentityProvider_12.39.13003.1000_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.XboxIdentityProvider/Resources/DisplayName};Out;any;Allow;*;;*
;;;domain|private|public
Microsoft Pay;Out;any;Allow;*;;*;;;domain|private|public
SNAC Service;In;udp;Allow;*;*;*;*;C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\14.0.3752.1000.105\Bin64\snac64.exe;public
SNAC Service;In;tcp;Allow;*;*;*;*;C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\14.0.3752.1000.105\Bin64\snac64.exe;public
SMC Service;In;udp;Allow;*;*;*;*;C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe;public
SMC Service;In;tcp;Allow;*;*;*;*;C:\Program Files (x86)\Symantec\Symantec Endpoint
Protection\14.0.3752.1000.105\Bin\ccSvcHst.exe;public
@{Microsoft.Messaging_3.37.23004.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Messaging/Resources/AppStoreName};In;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.Messaging_3.37.23004.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Messaging/Resources/AppStoreName};Out;any;Allow;*;;*;;;domain|
private|public
Xbox TCUI;Out;any;Allow;*;;*;;;domain|private|public
Network Speed Test;Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.PeopleExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyew
y?ms-
resource://Microsoft.Windows.PeopleExperienceHost/resources/PkgDisplayName};Out;any
;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.ParentalControls_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?
ms-
resource://Microsoft.Windows.ParentalControls/resources/DisplayName};Out;any;Allow;
*;;*;;;domain|private|public
@{Microsoft.AccountsControl_10.0.16299.15_neutral__cw5n1h2txyewy?ms-
resource://Microsoft.AccountsControl/Resources/DisplayName};Out;any;Allow;*;;*;;;do
main|private|public
@{Microsoft.Windows.HolographicFirstRun_10.0.16299.125_neutral_neutral_cw5n1h2txyew
y?ms-
resource://Microsoft.Windows.HolographicFirstRun/resources/PkgDisplayName};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.PPIProjection_10.0.16299.15_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.PPIProjection/resources/ProductName};Out;any;Allow;*;;*;;;publ
ic
@{Microsoft.PPIProjection_10.0.16299.15_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.PPIProjection/resources/ProductName};In;any;Allow;*;;*;;;publi
c
@{Microsoft.PPIProjection_10.0.16299.15_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.PPIProjection/resources/ProductName};In;any;Allow;*;;*;;;domai
n|private|public
@{Microsoft.PPIProjection_10.0.16299.15_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.PPIProjection/resources/ProductName};Out;any;Allow;*;;*;;;doma
in|private|public
@{Microsoft.Windows.OOBENetworkCaptivePortal_10.0.16299.15_neutral__cw5n1h2txyewy?
ms-
resource://Microsoft.Windows.OOBENetworkCaptivePortal/Resources/AppDisplayName};Out
;any;Allow;*;;*;;;domain|private|public
@{Microsoft.LockApp_10.0.16299.15_neutral__cw5n1h2txyewy?ms-
resource://Microsoft.LockApp/resources/AppDisplayName};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.Windows.Apprep.ChxApp_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Apprep.ChxApp/resources/DisplayName};Out;any;Allow;*;;
*;;;domain|private|public
@{Microsoft.Windows.SecureAssessmentBrowser_10.0.16299.15_neutral_neutral_cw5n1h2tx
yewy?ms-
resource://Microsoft.Windows.SecureAssessmentBrowser/Resources/PackageDisplayName};
Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.XboxGameCallableUI_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.XboxGameCallableUI/resources/PkgDisplayName};Out;any;Allow;*;;
*;;;domain|private|public
@{Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txy
ewy?ms-
resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName};Out;a
ny;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};In;any;A
llow;*;;*;;;domain|private
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName};In;any;Allow;*;
;*;;;domain|private
@{Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName};Out;any;Allow;*
;;*;;;domain|private|public
@{Microsoft.XboxIdentityProvider_12.30.5001.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.XboxIdentityProvider/Resources/DisplayName};Out;any;Allow;*;;*
;;;domain|private|public
@{Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsStore/Resources/StoreTitle};In;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.WindowsStore_11706.1002.9.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.WindowsStore/Resources/StoreTitle};Out;any;Allow;*;;*;;;domain
|private|public
@{Microsoft.Windows.Photos_2017.37071.16410.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Windows.Photos/Resources/AppStoreName};In;any;Allow;*;;*;;;dom
ain|private
@{Microsoft.Windows.Photos_2017.37071.16410.0_x64__8wekyb3d8bbwe?ms-
resource://Microsoft.Windows.Photos/Resources/AppStoreName};Out;any;Allow;*;;*;;;do
main|private|public
@{microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe?ms-
resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDes
ktop_DisplayName};In;any;Allow;*;;*;;;domain|private|public
@{microsoft.windowscommunicationsapps_17.8241.41275.0_x64__8wekyb3d8bbwe?ms-
resource://microsoft.windowscommunicationsapps/hxoutlookintl/AppManifest_OutlookDes
ktop_DisplayName};Out;any;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txy
ewy?ms-
resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName};Out;a
ny;Allow;*;;*;;;domain|private|public
@{Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftEdge/Resources/AppName};In;any;Allow;*;;*;;;domain|
private
@{Microsoft.MicrosoftEdge_41.16299.15.0_neutral__8wekyb3d8bbwe?ms-
resource://Microsoft.MicrosoftEdge/Resources/AppName};Out;any;Allow;*;;*;;;domain|
private|public
@{Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Cortana/resources/PackageDisplayName};In;any;Allow;*;;
*;;;domain|private
@{Microsoft.Windows.Cortana_1.9.6.16299_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.Windows.Cortana/resources/PackageDisplayName};Out;any;Allow;*;
;*;;;domain|private|public
@{Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};In;any;A
llow;*;;*;;;domain|private
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName};In;any;Allow;*;
;*;;;domain|private
@{Microsoft.AAD.BrokerPlugin_1000.16299.15.0_neutral_neutral_cw5n1h2txyewy?ms-
resource://Microsoft.AAD.BrokerPlugin/resources/PackageDisplayName};Out;any;Allow;*
;;*;;;domain|private|public
@{Microsoft.Windows.ContentDeliveryManager_10.0.16299.15_neutral_neutral_cw5n1h2txy
ewy?ms-
resource://Microsoft.Windows.ContentDeliveryManager/resources/AppDisplayName};Out;a
ny;Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};In;any;A
llow;*;;*;;;domain|private
@{Microsoft.Windows.CloudExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.CloudExperienceHost/resources/appDescription};Out;any;
Allow;*;;*;;;domain|private|public
@{Microsoft.Windows.ShellExperienceHost_10.0.16299.15_neutral_neutral_cw5n1h2txyewy
?ms-
resource://Microsoft.Windows.ShellExperienceHost/resources/PkgDisplayName};Out;any;
Allow;*;;*;;;domain|private|public
Remote Desktop - Shadow (TCP-
In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\RdpSa.exe;All
Remote Desktop - User Mode (UDP-
In);In;udp;Allow;*;3389;*;*;C:\Windows\system32\svchost.exe;All
Remote Desktop - User Mode (TCP-
In);In;tcp;Allow;*;3389;*;*;C:\Windows\system32\svchost.exe;All
mDNS (UDP-Out);Out;udp;Allow;*;5353;*;*;C:\Windows\system32\svchost.exe;All
mDNS (UDP-In);In;udp;Allow;*;mDNS,;*;*;C:\Windows\system32\svchost.exe;All
AllJoyn Router (TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
AllJoyn Router (TCP-
In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
AllJoyn Router (UDP-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
AllJoyn Router (UDP-
In);In;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
Core Networking - Group Policy (LSASS-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\lsass.exe;domain
Core Networking - DNS (UDP-
Out);Out;udp;Allow;*;*;*;53;C:\Windows\system32\svchost.exe;All
Core Networking - Group Policy (TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain
Core Networking - Group Policy (NP-Out);Out;tcp;Allow;*;*;*;445;System;domain
Core Networking - IPv6 (IPv6-Out);Out;<unknown>;Allow;*;;*;;System;All
Core Networking - IPv6 (IPv6-In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - IPHTTPS (TCP-
Out);Out;tcp;Allow;*;*;*;IPHTTPS,;C:\Windows\system32\svchost.exe;All
Core Networking - IPHTTPS (TCP-In);In;tcp;Allow;*;IPHTTPS,;*;*;System;All
Core Networking - Teredo (UDP-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;All
Core Networking - Teredo (UDP-
In);In;udp;Allow;*;Teredo,;*;*;C:\Windows\system32\svchost.exe;All
Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-
Out);Out;udp;Allow;*;546;*;547;C:\Windows\system32\svchost.exe;All
Core Networking - Dynamic Host Configuration Protocol for IPv6(DHCPV6-
In);In;udp;Allow;*;546;*;547;C:\Windows\system32\svchost.exe;All
Core Networking - Dynamic Host Configuration Protocol (DHCP-
Out);Out;udp;Allow;*;68;*;67;C:\Windows\system32\svchost.exe;All
Core Networking - Dynamic Host Configuration Protocol (DHCP-
In);In;udp;Allow;*;68;*;67;C:\Windows\system32\svchost.exe;All
Core Networking - Internet Group Management Protocol (IGMP-
Out);Out;<unknown>;Allow;*;;*;;System;All
Core Networking - Internet Group Management Protocol (IGMP-
In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Destination Unreachable Fragmentation Needed (ICMPv4-
In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Multicast Listener Done (ICMPv6-
Out);Out;<unknown>;Allow;*;;LocalSubnet;;;All
Core Networking - Multicast Listener Done (ICMPv6-
In);In;<unknown>;Allow;*;;LocalSubnet;;System;All
Core Networking - Multicast Listener Report v2 (ICMPv6-
Out);Out;<unknown>;Allow;*;;LocalSubnet;;;All
Core Networking - Multicast Listener Report v2 (ICMPv6-
In);In;<unknown>;Allow;*;;LocalSubnet;;System;All
Core Networking - Multicast Listener Report (ICMPv6-
Out);Out;<unknown>;Allow;*;;LocalSubnet;;;All
Core Networking - Multicast Listener Report (ICMPv6-
In);In;<unknown>;Allow;*;;LocalSubnet;;System;All
Core Networking - Multicast Listener Query (ICMPv6-
Out);Out;<unknown>;Allow;*;;LocalSubnet;;;All
Core Networking - Multicast Listener Query (ICMPv6-
In);In;<unknown>;Allow;*;;LocalSubnet;;System;All
Core Networking - Router Solicitation (ICMPv6-
Out);Out;<unknown>;Allow;*;;LocalSubnet,fe80::/64,ff02::2-ff02::2;;;All
Core Networking - Router Solicitation (ICMPv6-
In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Router Advertisement (ICMPv6-
Out);Out;<unknown>;Allow;fe80::/64;;LocalSubnet,fe80::/64,ff02::1-ff02::1;;;All
Core Networking - Router Advertisement (ICMPv6-
In);In;<unknown>;Allow;*;;fe80::/64;;System;All
Core Networking - Neighbor Discovery Advertisement (ICMPv6-
Out);Out;<unknown>;Allow;*;;*;;;All
Core Networking - Neighbor Discovery Advertisement (ICMPv6-
In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Neighbor Discovery Solicitation (ICMPv6-
Out);Out;<unknown>;Allow;*;;*;;;All
Core Networking - Neighbor Discovery Solicitation (ICMPv6-
In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Parameter Problem (ICMPv6-Out);Out;<unknown>;Allow;*;;*;;;All
Core Networking - Parameter Problem (ICMPv6-In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Time Exceeded (ICMPv6-Out);Out;<unknown>;Allow;*;;*;;;All
Core Networking - Time Exceeded (ICMPv6-In);In;<unknown>;Allow;*;;*;;System;All
Core Networking - Packet Too Big (ICMPv6-Out);Out;<unknown>;Allow;*;;*;;;All
Core Networking - Packet Too Big (ICMPv6-In);In;<unknown>;Allow;*;;*;;;All
Core Networking - Destination Unreachable (ICMPv6-
In);In;<unknown>;Allow;*;;*;;System;All
WFD ASP Coordination Protocol (UDP-
Out);Out;udp;Allow;*;7235;LocalSubnet;7235;C:\Windows\system32\svchost.exe;All
WFD ASP Coordination Protocol (UDP-
In);In;udp;Allow;*;7235;LocalSubnet;7235;C:\Windows\system32\svchost.exe;All
Wi-Fi Direct Scan Service Use
(Out);Out;any;Allow;*;;*;;C:\Windows\system32\svchost.exe;public
Wi-Fi Direct Scan Service Use
(In);In;any;Allow;*;;*;;C:\Windows\system32\svchost.exe;public
Wi-Fi Direct Spooler Use
(Out);Out;any;Allow;*;;*;;C:\Windows\system32\spoolsv.exe;public
Wi-Fi Direct Spooler Use
(In);In;any;Allow;*;;*;;C:\Windows\system32\spoolsv.exe;public
Wi-Fi Direct Network Discovery
(Out);Out;any;Allow;*;;*;;C:\Windows\system32\dashost.exe;public
Wi-Fi Direct Network Discovery
(In);In;any;Allow;*;;*;;C:\Windows\system32\dashost.exe;public
Cast to Device functionality (qWave-TCP-
Out);Out;tcp;Allow;*;*;*;2177;C:\Windows\system32\svchost.exe;private|public
Cast to Device functionality (qWave-TCP-
In);In;tcp;Allow;*;2177;*;*;C:\Windows\system32\svchost.exe;private|public
Cast to Device functionality (qWave-UDP-
Out);Out;udp;Allow;*;*;*;2177;C:\Windows\system32\svchost.exe;private|public
Cast to Device functionality (qWave-UDP-
In);In;udp;Allow;*;2177;*;*;C:\Windows\system32\svchost.exe;private|public
Cast to Device UPnP Events (TCP-In);In;tcp;Allow;*;2869;*;*;System;public
Cast to Device SSDP Discovery (UDP-
In);In;udp;Allow;*;Ply2Disc,;*;*;C:\Windows\system32\svchost.exe;public
Cast to Device streaming server (RTSP-Streaming-
In);In;tcp;Allow;*;23554,23555,23556;*;*;C:\Windows\system32\mdeserver.exe;public
Cast to Device streaming server (RTSP-Streaming-
In);In;tcp;Allow;*;23554,23555,23556;LocalSubnet;*;C:\Windows\system32\mdeserver.ex
e;private
Cast to Device streaming server (RTSP-Streaming-
In);In;tcp;Allow;*;23554,23555,23556;*;*;C:\Windows\system32\mdeserver.exe;domain
Cast to Device streaming server (RTP-Streaming-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\mdeserver.exe;public
Cast to Device streaming server (RTP-Streaming-
Out);Out;udp;Allow;*;*;LocalSubnet;*;C:\Windows\system32\mdeserver.exe;private
Cast to Device streaming server (RTP-Streaming-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\mdeserver.exe;domain
Cast to Device streaming server (RTCP-Streaming-
In);In;udp;Allow;*;*;*;*;C:\Windows\system32\mdeserver.exe;public
Cast to Device streaming server (RTCP-Streaming-
In);In;udp;Allow;*;*;LocalSubnet;*;C:\Windows\system32\mdeserver.exe;private
Cast to Device streaming server (RTCP-Streaming-
In);In;udp;Allow;*;*;*;*;C:\Windows\system32\mdeserver.exe;domain
Cast to Device streaming server (HTTP-Streaming-
In);In;tcp;Allow;*;10246;*;*;System;public
Cast to Device streaming server (HTTP-Streaming-
In);In;tcp;Allow;*;10246;LocalSubnet;*;System;private
Cast to Device streaming server (HTTP-Streaming-
In);In;tcp;Allow;*;10246;*;*;System;domain
DIAL protocol server (HTTP-In);In;tcp;Allow;*;10247;LocalSubnet;*;System;private
DIAL protocol server (HTTP-In);In;tcp;Allow;*;10247;*;*;System;domain
Remote Assistance (PNRP-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
Remote Assistance (PNRP-
In);In;udp;Allow;*;3540;*;*;C:\Windows\system32\svchost.exe;domain|private
Remote Assistance (SSDP TCP-Out);Out;tcp;Allow;*;*;LocalSubnet;*;System;domain|
private
Remote Assistance (SSDP TCP-In);In;tcp;Allow;*;2869;LocalSubnet;*;System;domain|
private
Remote Assistance (SSDP UDP-
Out);Out;udp;Allow;*;*;LocalSubnet;1900;C:\Windows\system32\svchost.exe;domain|
private
Remote Assistance (SSDP UDP-
In);In;udp;Allow;*;1900;LocalSubnet;*;C:\Windows\system32\svchost.exe;domain|
private
Remote Assistance (TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\msra.exe;domain|private
Remote Assistance (TCP-
In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\msra.exe;domain|private
Remote Assistance (DCOM-
In);In;tcp;Allow;*;135;*;*;C:\Windows\system32\svchost.exe;domain
Remote Assistance (RA Server TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\raserver.exe;domain
Remote Assistance (RA Server TCP-
In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\raserver.exe;domain
Remote Assistance (PNRP-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;public
Remote Assistance (PNRP-
In);In;udp;Allow;*;3540;*;*;C:\Windows\system32\svchost.exe;public
Remote Assistance (TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\msra.exe;public
Remote Assistance (TCP-In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\msra.exe;public
Wireless Display Infrastructure Back Channel (TCP-
In);In;tcp;Allow;*;7250;*;*;C:\Windows\system32\CastSrv.exe;All
Wireless Display (UDP-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\WUDFHost.exe;All
Wireless Display (TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\WUDFHost.exe;All
Wireless Display (TCP-In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\WUDFHost.exe;All
Network Discovery for Teredo (UPnP-In);In;tcp;Allow;*;*;*;*;System;public
Network Discovery for Teredo (SSDP-
In);In;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;public
Network Discovery (WSD Events-
Out);Out;tcp;Allow;*;*;LocalSubnet;5357;C:\Windows\system32\svchost.exe;private
Network Discovery (WSD Events-In);In;tcp;Allow;*;5357;LocalSubnet;*;System;private
Network Discovery (WSD EventsSecure-
Out);Out;tcp;Allow;*;*;LocalSubnet;5358;C:\Windows\system32\svchost.exe;private
Network Discovery (WSD EventsSecure-
In);In;tcp;Allow;*;5358;LocalSubnet;*;System;private
Network Discovery (Pub WSD-
Out);Out;udp;Allow;*;*;LocalSubnet;3702;C:\Windows\system32\svchost.exe;private
Network Discovery (Pub-WSD-
In);In;udp;Allow;*;3702;LocalSubnet;*;C:\Windows\system32\svchost.exe;private
Network Discovery (LLMNR-UDP-
Out);Out;udp;Allow;*;*;LocalSubnet;5355;C:\Windows\system32\svchost.exe;private
Network Discovery (LLMNR-UDP-
In);In;udp;Allow;*;5355;LocalSubnet;*;C:\Windows\system32\svchost.exe;private
Network Discovery (WSD-
Out);Out;udp;Allow;*;*;LocalSubnet;3702;C:\Windows\system32\svchost.exe;private
Network Discovery (WSD-
In);In;udp;Allow;*;3702;LocalSubnet;*;C:\Windows\system32\dashost.exe;private
Network Discovery (WSD-
In);In;udp;Allow;*;3702;LocalSubnet;*;C:\Windows\system32\svchost.exe;private
Network Discovery (NB-Datagram-
Out);Out;udp;Allow;*;*;LocalSubnet;138;System;private
Network Discovery (NB-Datagram-In);In;udp;Allow;*;138;LocalSubnet;*;System;private
Network Discovery (NB-Name-Out);Out;udp;Allow;*;*;LocalSubnet;137;System;private
Network Discovery (NB-Name-In);In;udp;Allow;*;137;LocalSubnet;*;System;private
Network Discovery (UPnPHost-
Out);Out;tcp;Allow;*;*;LocalSubnet;2869;C:\Windows\system32\svchost.exe;private
Network Discovery (UPnP-
Out);Out;tcp;Allow;*;*;LocalSubnet;2869;C:\Windows\system32\svchost.exe;private
Network Discovery (UPnP-In);In;tcp;Allow;*;2869;LocalSubnet;*;System;private
Network Discovery (SSDP-
Out);Out;udp;Allow;*;*;LocalSubnet;1900;C:\Windows\system32\svchost.exe;private
Network Discovery (SSDP-
In);In;udp;Allow;*;1900;LocalSubnet;*;C:\Windows\system32\svchost.exe;private
Proximity sharing over TCP (TCP sharing-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\proximityuxhost.exe;All
Proximity sharing over TCP (TCP sharing-
In);In;tcp;Allow;*;*;*;*;C:\Windows\system32\proximityuxhost.exe;All
AllJoyn Router (UDP-
Out);Out;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
AllJoyn Router (UDP-
In);In;udp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
AllJoyn Router (TCP-
Out);Out;tcp;Allow;*;*;*;*;C:\Windows\system32\svchost.exe;domain|private
AllJoyn Router (TCP-
In);In;tcp;Allow;*;9955;*;*;C:\Windows\system32\svchost.exe;domain|private
Delivery Optimization (UDP-
In);In;udp;Allow;*;7680;*;*;C:\Windows\system32\svchost.exe;All
Delivery Optimization (TCP-
In);In;tcp;Allow;*;7680;*;*;C:\Windows\system32\svchost.exe;All
Connected User Experiences and Telemetry;Out;tcp;Allow;*;*;*;*;;All
WFD Driver-only (UDP-Out);Out;udp;Allow;*;*;*;*;System;All
WFD Driver-only (UDP-In);In;udp;Allow;*;*;*;*;System;All
WFD Driver-only (TCP-Out);Out;tcp;Allow;*;*;*;*;System;All
WFD Driver-only (TCP-In);In;tcp;Allow;*;*;*;*;System;All