System/Kernel
*evil-winrm* ps c:\Users\svc_ldap\Documents> systeminfo
program 'systeminfo.exe' failed to run: Access is deniedAt line:1 char:1
+ systeminfo
+ ~~~~~~~~~~.
at line:1 char:1
+ systeminfo
+ ~~~~~~~~~~
+ categoryinfo : ResourceUnavailable: (:) [], ApplicationFailedException
+ fullyqualifiederrorid : NativeCommandFailed
*evil-winrm* ps c:\Users\svc_ldap\Documents> Get-ComputerInfo
windowsbuildlabex : 17763.1.amd64fre.rs5_release.180914-1434
windowscurrentversion : 6.3
windowseditionid : ServerStandard
windowsinstallationtype : Server
windowsinstalldatefromregistry : 8/9/2022 8:35:28 PM
windowsproductid : 00429-00521-62775-AA872
windowsproductname : Windows Server 2019 Standard
windowsregisteredowner : Windows User
windowssystemroot : C:\Windows
windowsversion : 1809
osserverlevel : FullServer
timezone : (UTC-05:00) Eastern Time (US & Canada)
powerplatformrole : Desktop
deviceguardsmartstatus : Off17763.1.amd64fre.rs5_release.180914-1434
Windows Server 2019 Standard
1809
Networks
*Evil-WinRM* PS C:\Users\svc_ldap\Documents> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 896
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 896
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8443 0.0.0.0:0 LISTENING 3816
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2944
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 468
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1100
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1492
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49671 0.0.0.0:0 LISTENING 2016
TCP 0.0.0.0:49686 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49687 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49689 0.0.0.0:0 LISTENING 620
TCP 0.0.0.0:49690 0.0.0.0:0 LISTENING 2908
TCP 0.0.0.0:49701 0.0.0.0:0 LISTENING 612
TCP 0.0.0.0:49704 0.0.0.0:0 LISTENING 3064
TCP 0.0.0.0:49718 0.0.0.0:0 LISTENING 2952
TCP 0.0.0.0:49725 0.0.0.0:0 LISTENING 3016
TCP 10.10.11.222:53 0.0.0.0:0 LISTENING 3064
TCP 10.10.11.222:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 3064
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 620
TCP [::]:135 [::]:0 LISTENING 896
TCP [::]:389 [::]:0 LISTENING 620
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 620
TCP [::]:593 [::]:0 LISTENING 896
TCP [::]:636 [::]:0 LISTENING 620
TCP [::]:3268 [::]:0 LISTENING 620
TCP [::]:3269 [::]:0 LISTENING 620
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:8443 [::]:0 LISTENING 3816
TCP [::]:9389 [::]:0 LISTENING 2944
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 468
TCP [::]:49665 [::]:0 LISTENING 1100
TCP [::]:49666 [::]:0 LISTENING 1492
TCP [::]:49667 [::]:0 LISTENING 620
TCP [::]:49671 [::]:0 LISTENING 2016
TCP [::]:49686 [::]:0 LISTENING 620
TCP [::]:49687 [::]:0 LISTENING 620
TCP [::]:49689 [::]:0 LISTENING 620
TCP [::]:49690 [::]:0 LISTENING 2908
TCP [::]:49701 [::]:0 LISTENING 612
TCP [::]:49704 [::]:0 LISTENING 3064
TCP [::]:49718 [::]:0 LISTENING 2952
TCP [::]:49725 [::]:0 LISTENING 3016
TCP [::1]:53 [::]:0 LISTENING 3064
TCP [dead:beef::210]:53 [::]:0 LISTENING 3064
TCP [dead:beef::1fff:856d:2473:8cb6]:53 [::]:0 LISTENING 3064
TCP [fe80::7835:2a6c:98a0:6a63%8]:53 [::]:0 LISTENING 3064Users & Groups
*evil-winrm* ps c:\Users\svc_ldap\Documents> net users
User accounts for \\
-------------------------------------------------------------------------------
Administrator Guest krbtgt
svc_ldap
The command completed with one or more errors.*evil-winrm* ps c:\Users\svc_ldap\Documents> net localgroup
Aliases for \\AUTHORITY
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
*evil-winrm* ps c:\Users\svc_ldap\Documents> net groups
Group Accounts for \\
-------------------------------------------------------------------------------
*Cloneable Domain Controllers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*Key Admins
*Protected Users
*Read-only Domain Controllers
*Schema Admins
The command completed with one or more errors.Processes
*Evil-WinRM* PS C:\Users\svc_ldap\Documents> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
391 32 12412 21052 2952 0 certsrv
159 9 6664 1248 2520 0 conhost
154 10 6616 12768 0.03 4744 0 conhost
536 21 3036 5712 364 0 csrss
171 9 1756 4832 476 1 csrss
402 33 16812 23748 3016 0 dfsrs
188 13 2376 7884 3524 0 dfssvc
290 14 3996 13640 4068 0 dllhost
10410 7385 131236 129432 3064 0 dns
534 22 22944 42032 1020 1 dwm
54 6 1508 4004 2812 0 fontdrvhost
54 6 1664 4284 2820 1 fontdrvhost
0 0 56 8 0 0 Idle
206 16 6496 15532 2164 0 inetinfo
140 12 1880 5808 1956 0 ismserv
1508 34 1362604 1336092 3816 0 javaw
473 26 10648 47188 2776 1 LogonUI
2243 241 67804 85396 620 0 lsass
562 58 47796 74660 2944 0 Microsoft.ActiveDirectory.WebServices
255 13 2872 10500 4384 0 msdtc
135 8 1884 6744 2536 0 nssm
536 54 72872 26564 1916 0 powershell
0 8 392 64616 88 0 Registry
619 35 15692 19380 2068 0 SearchIndexer
609 14 5844 13840 612 0 services
53 3 492 1200 272 0 smss
497 26 6128 18772 2908 0 spoolsv
265 13 3728 11348 64 0 svchost
128 15 3448 7728 316 0 svchost
210 12 1680 7436 480 0 svchost
189 11 1812 8372 648 0 svchost
171 11 2148 13232 796 0 svchost
90 5 960 3944 832 0 svchost
745 16 5212 14964 856 0 svchost
753 19 5892 12532 896 0 svchost
239 10 1736 6992 948 0 svchost
215 9 2124 7692 1028 0 svchost
143 7 1332 6012 1048 0 svchost
265 14 3276 9360 1084 0 svchost
356 13 10584 15136 1100 0 svchost
372 17 4616 13200 1236 0 svchost
251 16 3048 12160 1304 0 svchost
406 33 7316 16448 1316 0 svchost
325 10 2536 8660 1396 0 svchost
236 12 2824 11968 1456 0 svchost
438 9 2936 9216 1464 0 svchost
122 7 1252 5692 1480 0 svchost
370 18 4952 14472 1492 0 svchost
163 10 1712 8132 1608 0 svchost
159 10 1936 6880 1624 0 svchost
321 11 2028 9128 1692 0 svchost
302 21 4240 14432 1704 0 svchost
181 11 1968 8336 1724 0 svchost
317 21 8748 15600 1760 0 svchost
162 9 1920 7316 1832 0 svchost
144 9 1596 6668 1840 0 svchost
179 10 1804 8512 1968 0 svchost
221 12 2172 9416 1988 0 svchost
272 14 2576 8264 2000 0 svchost
423 16 12708 22028 2008 0 svchost
169 13 1856 7632 2016 0 svchost
322 18 6176 22864 2024 0 svchost
461 15 3200 11660 2100 0 svchost
235 15 4720 12320 2180 0 svchost
244 25 3656 12992 2208 0 svchost
139 9 1616 6672 2240 0 svchost
141 8 1512 6356 2516 0 svchost
210 11 2264 8776 2680 0 svchost
134 8 3112 10300 2720 0 svchost
171 12 3872 11004 2960 0 svchost
131 7 1324 5852 2976 0 svchost
422 20 17756 31364 3036 0 svchost
224 12 2056 7660 3356 0 svchost
410 26 3544 13264 4732 0 svchost
234 12 2720 12712 5496 0 svchost
167 9 2728 7632 5808 0 svchost
354 21 16748 18452 5852 0 svchost
173 11 2336 13352 5984 0 svchost
190 15 6036 10468 6044 0 svchost
1616 0 192 148 4 0 System
214 16 2440 10660 3832 0 vds
177 11 3220 11872 2448 0 VGAuthService
151 8 1696 7268 2424 0 vm3dservice
140 9 1692 7652 3124 1 vm3dservice
144 10 1796 7700 3244 1 vm3dservice
406 23 10496 23164 2408 0 vmtoolsd
173 11 1424 7024 468 0 wininit
246 12 2604 17344 540 1 winlogon
395 20 22664 33668 3944 0 WmiPrvSE
897 33 63808 90988 1.42 3264 0 wsmprovhostTasks
*evil-winrm* ps c:\Users\svc_ldap\Documents> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Cleanup N/A Running
Cleanup DACLs N/A Ready
Server Initial Configuration Task N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 7/18/2023 3:42:40 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 7/17/2023 6:00:00 PM Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 8/3/2023 8:29:43 PM Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 7/18/2023 3:16:51 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
refreshcache 7/18/2023 9:24:53 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
SecureBootEncodeUEFI N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
speechmodeldownloadtask 7/18/2023 2:07:42 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 7/17/2023 3:28:52 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scheduled start 7/18/2023 4:30:38 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Ready
Recovery-Check N/A DisabledFirewall & AV
*Evil-WinRM* PS C:\Users\svc_ldap\Documents> cmd /c netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Firefox (C:\Program Files\Mozilla Firefox) / C:\Program Files\Mozilla Firefox\firefox.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .Enable Inbound Firefox (C:\Program Files\Mozilla Firefox) / C:\Program Files\Mozilla Firefox\firefox.exe
*Evil-WinRM* PS C:\Users\svc_ldap\Documents> Get-MpComputerStatus
Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-MpComputerStatus
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpComputerStatus:String) [Get-MpComputerStatus], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpComputerStatusSession Architecture
*evil-winrm* ps c:\Users\svc_ldap\Documents> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
*Evil-WinRM* PS C:\Users\svc_ldap\Documents> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework
Volume in drive C has no label.
Volume Serial Number is DF65-3903
Directory of C:\Windows\Microsoft.NET\Framework
09/15/2018 03:19 AM <DIR> .
09/15/2018 03:19 AM <DIR> ..
09/15/2018 03:19 AM <DIR> v1.0.3705
09/15/2018 03:19 AM <DIR> v1.1.4322
09/15/2018 03:19 AM <DIR> v2.0.50727
07/17/2023 05:16 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 5,420,032,000 bytes free
*Evil-WinRM* PS C:\Users\svc_ldap\Documents> cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0