System/Kernel
PS C:\> cmd /c ver
Microsoft Windows [Version 10.0.20348.2527]
PS C:\> systeminfo ; Get-ComputerInfo
Host Name: MAINFRAME
OS Name: Microsoft Windows Server 2022 Standard
OS Version: 10.0.20348 N/A Build 20348
OS Manufacturer: Microsoft Corporation
OS Configuration: Primary Domain Controller
OS Build Type: Multiprocessor Free
Registered Owner: Windows User
Registered Organization:
Product ID: 00454-20165-01481-AA576
Original Install Date: 1/22/2023, 1:35:28 AM
System Boot Time: 6/27/2024, 2:37:53 AM
System Manufacturer: VMware, Inc.
System Model: VMware7,1
System Type: x64-based PC
Processor(s): 2 Processor(s) Installed.
[01]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2445 Mhz
[02]: AMD64 Family 25 Model 1 Stepping 1 AuthenticAMD ~2445 Mhz
BIOS Version: VMware, Inc. VMW71.00V.21805430.B64.2305221826, 5/22/2023
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume2
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory: 4,095 MB
Available Physical Memory: 2,400 MB
Virtual Memory: Max Size: 6,101 MB
Virtual Memory: Available: 2,021 MB
Virtual Memory: In Use: 4,080 MB
Page File Location(s): C:\pagefile.sys
Domain: axlle.htb
Logon Server: N/A
Hotfix(s): N/A
Network Card(s): 1 NIC(s) Installed.
[01]: vmxnet3 Ethernet Adapter
Connection Name: Ethernet0 2
DHCP Enabled: No
IP address(es)
[01]: 10.10.11.21
[02]: fe80::ff83:e019:f578:fe72
[03]: dead:beef::ff27:2a17:3cd2:b528
[04]: dead:beef::221
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 20348.1.amd64fre.fe_release.210507-1500
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerStandard
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 1/22/2023 9:35:28 AM
WindowsProductId : 00454-20165-01481-AA576
WindowsProductName : Windows Server 2022 Standard
WindowsRegisteredOrganization :
WindowsRegisteredOwner : Windows User
WindowsSystemRoot : C:\Windows
WindowsVersion : 2009
OSDisplayVersion : 21H2
BiosCharacteristics : {4, 7, 9, 11...}
BiosBIOSVersion : {INTEL - 6040000, VMW71.00V.21805430.B64.2305221826,
VMware, Inc. - 10000}
BiosDescription : VMW71.00V.21805430.B64.2305221826
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Uefi
BiosManufacturer : VMware, Inc.
BiosPrimaryBIOS : True
BiosReleaseDate : 5/21/2023 5:00:00 PM
BiosSeralNumber : VMware-42 14 48 ae 58 7f c2 f0-1d e2 64 bb 2c cc e0 dd
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 255
BiosSystemBiosMinorVersion : 255
BiosTargetOperatingSystem : 0
BiosVersion : INTEL - 6040000
CsAdminPasswordStatus : Enabled
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit : DoNotReboot
CsBootOptionOnWatchDog : DoNotReboot
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 33...}
CsBootupState : Normal boot
CsCaption : MAINFRAME
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : -420
CsDaylightInEffect : True
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : MAINFRAME
CsDomain : axlle.htb
CsDomainRole : PrimaryDomainController
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : VMware, Inc.
CsModel : VMware7,1
CsName : MAINFRAME
CsNetworkAdapters : {Ethernet0 2}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 2
CsProcessors : {AMD EPYC 7763 64-Core Processor , AMD EPYC
7763 64-Core Processor }
CsOEMStringArray : {[MS_VM_CERT/SHA1/27d66596a61c48dd3dc7216fd715126e33f59ae7],
Welcome to the Virtual Machine}
CsPartOfDomain : True
CsPauseAfterReset : 3932100000
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Disabled
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : Windows User
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, Primary_Domain_Controller,
Timesource...}
CsStatus : OK
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 4293926912
CsPhyicallyInstalledMemory : 4194304
CsUserName : AXLLE\Administrator
CsWakeUpType : PowerSwitch
CsWorkgroup :
OsName : Microsoft Windows Server 2022 Standard
OsType : WINNT
OsOperatingSystemSKU : StandardServerEdition
OsVersion : 10.0.20348
OsCSDVersion :
OsBuildNumber : 20348
OsHotFixes : {}
OsBootDevice : \Device\HarddiskVolume2
OsSystemDevice : \Device\HarddiskVolume3
OsSystemDirectory : C:\Windows\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\Windows
OsCountryCode : 1
OsCurrentTimeZone : -420
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 6/27/2024 8:24:41 AM
OsLastBootUpTime : 6/27/2024 2:37:53 AM
OsUptime : 05:46:48.1241781
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptOut
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 4193288
OsFreePhysicalMemory : 2458568
OsTotalVirtualMemorySize : 6247432
OsFreeVirtualMemory : 2065756
OsInUseVirtualMemory : 4181676
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 2054144
OsFreeSpaceInPagingFiles : 150624
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.20348.2031
OsInstallDate : 1/22/2023 1:35:28 AM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfProcesses : 171
OsNumberOfUsers : 34
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServices, TerminalServicesSingleSession}
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : DomainController
OsRegisteredUser : Windows User
OsSerialNumber : 00454-20165-01481-AA576
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, TerminalServicesSingleSession}
OsServerLevel : FullServer
KeyboardLayout : en-US
TimeZone : (UTC-08:00) Pacific Time (US & Canada)
PowerPlatformRole : Desktop
HyperVisorPresent : True
DeviceGuardSmartStatus : OffMicrosoft Windows Server 2022 Standard
10.0.20348.2527
x64-based
2 Processor(s)
Networks
PS C:\> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : MAINFRAME
Primary Dns Suffix . . . . . . . : axlle.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : axlle.htb
htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . : htb
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-94-5E-C2
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : dead:beef::221(Preferred)
Lease Obtained. . . . . . . . . . : Thursday, June 27, 2024 2:38:10 AM
Lease Expires . . . . . . . . . . : Thursday, June 27, 2024 9:08:09 AM
IPv6 Address. . . . . . . . . . . : dead:beef::ff27:2a17:3cd2:b528(Preferred)
Link-local IPv6 Address . . . . . : fe80::ff83:e019:f578:fe72%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.11.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::250:56ff:feb9:1bd3%11
10.10.10.2
DHCPv6 IAID . . . . . . . . . . . : 369119318
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2E-0E-EB-59-00-50-56-94-5E-C2
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
htb
Interface: 10.10.11.21 --- 0xb
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-1b-d3 dynamic
10.10.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
Unable to initialize device PRNPS C:\> netstat -ano | Select-String LIST
TCP 0.0.0.0:25 0.0.0.0:0 LISTENING 2456
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:110 0.0.0.0:0 LISTENING 2456
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 924
TCP 0.0.0.0:143 0.0.0.0:0 LISTENING 2456
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:587 0.0.0.0:0 LISTENING 2456
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 924
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 392
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 3068
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 544
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1228
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 1724
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 2132
TCP 0.0.0.0:59688 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:59689 0.0.0.0:0 LISTENING 2948
TCP 0.0.0.0:59691 0.0.0.0:0 LISTENING 676
TCP 0.0.0.0:59698 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:63193 0.0.0.0:0 LISTENING 3040
TCP 0.0.0.0:65290 0.0.0.0:0 LISTENING 2080
TCP 10.10.11.21:53 0.0.0.0:0 LISTENING 3040
TCP 10.10.11.21:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 3040
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 676
TCP [::]:135 [::]:0 LISTENING 924
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 676
TCP [::]:593 [::]:0 LISTENING 924
TCP [::]:3268 [::]:0 LISTENING 676
TCP [::]:3269 [::]:0 LISTENING 676
TCP [::]:3389 [::]:0 LISTENING 392
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 3068
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 676
TCP [::]:49665 [::]:0 LISTENING 544
TCP [::]:49666 [::]:0 LISTENING 1228
TCP [::]:49667 [::]:0 LISTENING 676
TCP [::]:49669 [::]:0 LISTENING 1724
TCP [::]:49670 [::]:0 LISTENING 2132
TCP [::]:59688 [::]:0 LISTENING 676
TCP [::]:59689 [::]:0 LISTENING 2948
TCP [::]:59691 [::]:0 LISTENING 676
TCP [::]:59698 [::]:0 LISTENING 660
TCP [::]:63193 [::]:0 LISTENING 3040
TCP [::]:65290 [::]:0 LISTENING 2080
TCP [::1]:53 [::]:0 LISTENING 3040
TCP [dead:beef::221]:53 [::]:0 LISTENING 3040
TCP [dead:beef::ff27:2a17:3cd2:b528]:53 [::]:0 LISTENING 3040
TCP [fe80::ff83:e019:f578:fe72%11]:53 [::]:0 LISTENING 3040Users & Groups
PS C:\> net users ; ls C:\Users
User accounts for \\MAINFRAME
-------------------------------------------------------------------------------
Administrator gideon.hamill krbtgt
The command completed successfully.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 1/2/2024 3:05 AM Administrator
d----- 1/1/2024 3:44 AM baz.humphries
d----- 1/1/2024 3:43 AM brad.shaw
d----- 1/1/2024 3:44 AM calum.scott
d----- 1/1/2024 3:44 AM dallon.matrix
d----- 1/1/2024 3:44 AM dan.kendo
d----- 1/1/2024 5:58 AM gideon.hamill
d----- 1/1/2024 3:44 AM jacob.greeny
d----- 1/1/2024 3:43 AM lindsay.richards
d-r--- 6/27/2024 2:51 AM Public
d----- 1/1/2024 3:43 AM simon.smalls
d----- 1/1/2024 3:44 AM trent.langdon
PS C:\> net localgroup ; net group /DOMAIN
Aliases for \\MAINFRAME
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
Group Accounts for \\MAINFRAME
-------------------------------------------------------------------------------
*Accounts
*App Devs
*Cloneable Domain Controllers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Employees
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*HR
*Key Admins
*Protected Users
*Read-only Domain Controllers
*Sales
*Schema Admins
*Web Devs
The command completed successfully.Accounts
App Devs
Employees
HR
Sales
Web Devs
Processes
PS C:\> cmd /c tasklist /svc ; ps
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 100 N/A
smss.exe 324 N/A
csrss.exe 424 N/A
csrss.exe 524 N/A
wininit.exe 544 N/A
winlogon.exe 592 N/A
services.exe 660 N/A
lsass.exe 676 Kdc, KeyIso, Netlogon, SamSs, VaultSvc
svchost.exe 884 BrokerInfrastructure, DcomLaunch, PlugPlay,
Power, SystemEventsBroker
svchost.exe 924 RpcEptMapper, RpcSs
svchost.exe 984 LSM
dwm.exe 408 N/A
svchost.exe 736 DsmSvc
svchost.exe 392 TermService
svchost.exe 368 NcbService
svchost.exe 1056 TimeBrokerSvc
svchost.exe 1072 W32Time
svchost.exe 1080 nsi
svchost.exe 1140 Dhcp
svchost.exe 1172 Dnscache
svchost.exe 1228 EventLog
svchost.exe 1376 BFE, mpssvc
svchost.exe 1448 NlaSvc
svchost.exe 1488 gpsvc
svchost.exe 1496 ProfSvc
svchost.exe 1508 EventSystem
svchost.exe 1528 Themes
svchost.exe 1608 SENS
svchost.exe 1644 Wcmsvc
svchost.exe 1676 netprofm
svchost.exe 1692 ShellHWDetection
svchost.exe 1724 Schedule
svchost.exe 1744 FontCache
svchost.exe 1868 LanmanWorkstation
svchost.exe 1908 UmRdpService
svchost.exe 1928 WinHttpAutoProxySvc
svchost.exe 1716 iphlpsvc
svchost.exe 2100 CertPropSvc
svchost.exe 2132 SessionEnv
svchost.exe 2380 UserManager
svchost.exe 2560 PolicyAgent
svchost.exe 2868 LanmanServer
spoolsv.exe 2948 Spooler
svchost.exe 2980 CryptSvc
svchost.exe 2988 CoreMessagingRegistrar
svchost.exe 3000 AppHostSvc
svchost.exe 3032 DiagTrack
dns.exe 3040 DNS
Microsoft.ActiveDirectory 3068 ADWS
dfsrs.exe 2080 DFSR
svchost.exe 2548 SstpSvc
svchost.exe 2436 StateRepository
svchost.exe 2652 SysMain
hMailServer.exe 2456 hMailServer
svchost.exe 2748 W3SVC, WAS
svchost.exe 2796 Winmgmt
vmtoolsd.exe 2792 VMTools
vm3dservice.exe 2736 vm3dservice
VGAuthService.exe 2044 VGAuthService
svchost.exe 2628 WinRM
svchost.exe 2812 WpnService
svchost.exe 2808 tapisrv
dfssvc.exe 3144 Dfs
fontdrvhost.exe 3280 N/A
fontdrvhost.exe 3288 N/A
vm3dservice.exe 3340 N/A
svchost.exe 3468 RasMan
AggregatorHost.exe 3808 N/A
vds.exe 3824 vds
dllhost.exe 3640 COMSysApp
svchost.exe 4284 DispBrokerDesktopSvc
msdtc.exe 4344 MSDTC
WmiPrvSE.exe 4412 N/A
svchost.exe 5524 lmhosts
vm3dservice.exe 5844 N/A
svchost.exe 5996 WaaSMedicSvc
svchost.exe 6132 StorSvc
sihost.exe 600 N/A
svchost.exe 588 CDPUserSvc_6db89
svchost.exe 996 WpnUserService_6db89
taskhostw.exe 5436 N/A
svchost.exe 2112 TabletInputService
ctfmon.exe 5712 N/A
svchost.exe 5264 TokenBroker
svchost.exe 6072 camsvc
svchost.exe 2004 CDPSvc
explorer.exe 2356 N/A
StartMenuExperienceHost.e 6124 N/A
TextInputHost.exe 2964 N/A
RuntimeBroker.exe 1112 N/A
SearchApp.exe 6228 N/A
RuntimeBroker.exe 6384 N/A
ServerManager.exe 6476 N/A
RuntimeBroker.exe 6620 N/A
AzureArcSysTray.exe 7060 N/A
vmtoolsd.exe 7080 N/A
cmd.exe 7124 N/A
conhost.exe 7132 N/A
powershell.exe 5504 N/A
cmd.exe 1260 N/A
conhost.exe 956 N/A
powershell.exe 7044 N/A
cmd.exe 5540 N/A
conhost.exe 5508 N/A
powershell.exe 7180 N/A
svchost.exe 7560 seclogon
xllrunner.exe 7588 N/A
conhost.exe 7600 N/A
svchost.exe 7864 DPS
svchost.exe 7920 WdiServiceHost
svchost.exe 7968 PcaSvc
svchost.exe 8084 UALSVC
svchost.exe 6824 UsoSvc
svchost.exe 1520 cbdhsvc_6db89
svchost.exe 3396 LicenseManager
svchost.exe 4872 DsSvc
xllrunner.exe 2604 N/A
conhost.exe 4028 N/A
rundll32.exe 4440 N/A
cmd.exe 3548 N/A
conhost.exe 6156 N/A
powershell.exe 6412 N/A
LogonUI.exe 4116 N/A
taskhostw.exe 1792 N/A
cmd.exe 4852 N/A
conhost.exe 5632 N/A
powershell.exe 1636 N/A
xllrunner.exe 6028 N/A
conhost.exe 2228 N/A
cmd.exe 7392 N/A
powershell.exe 4396 N/A
powershell.exe 5000 N/A
xllrunner.exe 5204 N/A
conhost.exe 3792 N/A
cmd.exe 7556 N/A
powershell.exe 7428 N/A
conhost.exe 7212 N/A
powershell.exe 1272 N/A
conhost.exe 2316 N/A
cmd.exe 5608 N/A
powershell.exe 2836 N/A
conhost.exe 4372 N/A
powershell.exe 2512 N/A
xllrunner.exe 5332 N/A
conhost.exe 1292 N/A
cmd.exe 1824 N/A
powershell.exe 6800 N/A
more.com 6704 N/A
xllrunner.exe 6684 N/A
conhost.exe 7784 N/A
cmd.exe 2440 N/A
powershell.exe 4048 N/A
findstr.exe 7708 N/A
xllrunner.exe 5800 N/A
conhost.exe 7384 N/A
cmd.exe 6312 N/A
powershell.exe 5952 N/A
xllrunner.exe 6304 N/A
conhost.exe 1300 N/A
cmd.exe 7960 N/A
powershell.exe 840 N/A
xllrunner.exe 4300 N/A
conhost.exe 6308 N/A
cmd.exe 4984 N/A
powershell.exe 1664 N/A
conhost.exe 6048 N/A
powershell.exe 7416 N/A
w3wp.exe 5368 N/A
cmd.exe 4820 N/A
tasklist.exe 2536 N/A
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
114 8 1964 7100 3808 0 AggregatorHost
204 13 3152 388 0.05 7060 1 AzureArcSysTray
84 6 2740 368 0.02 1260 1 cmd
86 6 2248 3592 0.00 1824 1 cmd
86 6 2252 3700 0.00 2440 1 cmd
94 6 2400 436 0.00 3548 1 cmd
91 6 2404 1096 0.00 4852 1 cmd
86 6 2260 4168 0.00 4984 1 cmd
84 6 2736 384 0.00 5540 1 cmd
81 6 2252 3868 0.00 5608 1 cmd
86 6 2252 4152 0.00 6312 1 cmd
84 6 2736 372 0.02 7124 1 cmd
86 6 2272 2084 0.00 7392 1 cmd
86 6 2132 3788 0.00 7556 1 cmd
86 6 2252 3880 0.00 7960 1 cmd
181 12 6908 424 0.02 956 1 conhost
161 11 6852 3344 3.17 1292 1 conhost
160 11 6852 3648 2.53 1300 1 conhost
161 11 6852 2460 1.50 2228 1 conhost
159 11 6848 2756 0.73 2316 1 conhost
160 11 6860 2708 0.92 3792 1 conhost
180 12 6900 368 0.05 4028 1 conhost
158 11 6860 2964 2.56 4372 1 conhost
181 12 6928 1184 0.61 5508 1 conhost
130 10 6644 1292 0.03 5632 1 conhost
158 11 6856 4152 0.08 6048 1 conhost
130 10 6676 584 0.03 6156 1 conhost
160 11 6844 4156 0.58 6308 1 conhost
181 12 6888 464 0.03 7132 1 conhost
114 8 1488 2640 1.09 7212 1 conhost
160 11 6848 3528 3.69 7384 1 conhost
180 12 6884 412 0.03 7600 1 conhost
161 11 6856 3520 4.23 7784 1 conhost
519 21 1988 6484 424 0 csrss
690 25 2172 6668 524 1 csrss
404 15 3336 15468 0.16 5712 1 ctfmon
410 34 16728 25364 2080 0 dfsrs
156 9 1900 6360 3144 0 dfssvc
278 15 3872 14700 3640 0 dllhost
10424 9682 130288 129532 3040 0 dns
777 41 30944 76312 408 1 dwm
1502 58 23372 10032 1.53 2356 1 explorer
69 6 852 3900 0.00 7708 1 findstr
39 6 1476 3996 3280 0 fontdrvhost
39 7 1640 4608 3288 1 fontdrvhost
459 40 16568 21920 2456 0 hMailServer
0 0 60 8 0 0 Idle
441 26 17688 43780 4116 1 LogonUI
2280 215 72740 83712 676 0 lsass
639 32 35664 46208 3068 0 Microsoft.ActiveDirectory.WebServices
64 5 624 3020 0.16 6704 1 more.com
238 14 2796 10972 4344 0 msdtc
518 31 73372 4172 0.80 840 1 powershell
1792 54 219804 4188 18.44 1272 1 powershell
730 26 66808 2304 0.41 1636 1 powershell
823 32 136460 32060 2.69 1664 1 powershell
564 29 143040 3968 1.63 2512 1 powershell
470 26 135116 4016 0.67 2836 1 powershell
539 31 80480 4052 0.64 4048 1 powershell
555 29 149008 4020 1.33 4396 1 powershell
575 28 143500 4088 0.81 5000 1 powershell
394 43 259240 18044 9.64 5504 1 powershell
469 31 134896 84764 7,793.91 5952 1 powershell
699 26 60296 4384 0.33 6412 1 powershell
507 42 237540 3984 3.75 6800 1 powershell
388 25 133228 11504 1.00 7044 1 powershell
398 25 129168 9672 1.22 7180 1 powershell
676 35 134548 8756 1.31 7416 1 powershell
524 29 137036 4020 1.17 7428 1 powershell
0 14 3492 18772 100 0 Registry
212 14 3364 2576 1.34 4440 1 rundll32
191 12 2560 16036 1112 1 RuntimeBroker
283 15 5012 20892 6384 1 RuntimeBroker
266 15 3036 16400 6620 1 RuntimeBroker
666 34 31180 62480 0.67 6228 1 SearchApp
716 35 89612 44500 1.16 6476 1 ServerManager
666 15 5740 14348 660 0 services
497 17 4916 26524 0.17 600 1 sihost
57 3 1080 1220 324 0 smss
445 22 5564 16820 2948 0 spoolsv
561 27 12648 53696 0.30 6124 1 StartMenuExperienceHost
211 12 1984 10136 368 0 svchost
547 21 4632 15304 392 0 svchost
279 14 3052 14884 588 1 svchost
338 16 4072 14276 736 0 svchost
1024 20 6904 23836 884 0 svchost
1096 20 5764 12920 924 0 svchost
304 12 2504 11032 984 0 svchost
323 16 5024 26116 996 1 svchost
169 10 1704 12492 1056 0 svchost
197 12 1652 7644 1072 0 svchost
132 15 3260 7828 1080 0 svchost
226 11 2192 8176 1140 0 svchost
308 17 3516 10760 1172 0 svchost
404 15 17076 22012 1228 0 svchost
414 32 10744 20528 1376 0 svchost
394 18 4224 13644 1448 0 svchost
307 17 3148 13876 1488 0 svchost
202 11 2248 11704 1496 0 svchost
445 10 2888 9460 1508 0 svchost
199 12 2464 15792 1520 1 svchost
229 8 1312 6268 1528 0 svchost
178 12 1840 8736 1608 0 svchost
289 13 1920 9272 1644 0 svchost
440 14 2816 11064 1676 0 svchost
184 12 2044 13048 1692 0 svchost
379 19 2848 12144 1716 0 svchost
387 18 4924 15752 1724 0 svchost
163 10 1680 7220 1744 0 svchost
223 12 2148 9848 1868 0 svchost
146 9 1364 7068 1908 0 svchost
176 10 1776 7904 1928 0 svchost
236 14 2604 13504 2004 0 svchost
181 9 1508 7136 2100 0 svchost
171 10 1540 7880 2112 0 svchost
224 15 2108 9812 2132 0 svchost
202 10 2208 9400 2380 0 svchost
157 9 4612 12956 2436 0 svchost
154 42 1624 7376 2548 0 svchost
165 11 1796 7732 2560 0 svchost
254 14 3132 13340 2628 0 svchost
139 9 1532 7104 2652 0 svchost
241 15 4512 12680 2748 0 svchost
470 17 11688 21456 2796 0 svchost
225 13 2076 8508 2808 0 svchost
137 9 1512 11916 2812 0 svchost
205 11 2256 9204 2868 0 svchost
250 26 3224 13400 2980 0 svchost
150 8 1356 6472 2988 0 svchost
170 12 3936 11512 3000 0 svchost
487 23 14456 31688 3032 0 svchost
184 13 2804 16008 3396 0 svchost
421 26 3596 14260 3468 0 svchost
125 9 1364 7564 4284 0 svchost
193 16 6108 10872 4872 0 svchost
223 12 2780 15120 5264 0 svchost
118 8 1280 5888 5524 0 svchost
145 9 1528 8216 5996 0 svchost
166 11 2020 10996 6072 0 svchost
307 15 3460 16956 6132 0 svchost
235 14 2660 12392 6824 0 svchost
167 8 1392 6524 7560 0 svchost
312 17 13628 19024 7864 0 svchost
124 9 1496 6592 7920 0 svchost
249 13 3804 11308 7968 0 svchost
265 20 7724 14708 8084 0 svchost
2610 0 36 136 4 0 System
292 18 5044 14976 0.06 1792 1 taskhostw
217 23 4464 14520 0.06 5436 1 taskhostw
538 23 9792 43060 0.11 2964 1 TextInputHost
202 16 2320 10872 3824 0 vds
172 12 3284 12412 2044 0 VGAuthService
126 8 1460 6512 2736 0 vm3dservice
125 9 1576 7060 3340 1 vm3dservice
126 9 1572 7096 5844 1 vm3dservice
409 24 10708 24528 2792 0 vmtoolsd
261 18 5100 1908 9.38 7080 1 vmtoolsd
236 21 5416 15068 5368 0 w3wp
151 11 1384 7284 544 0 wininit
271 14 2980 12692 592 1 winlogon
452 23 13500 28708 4412 0 WmiPrvSE
172 12 5768 1740 0.05 2604 1 xllrunner
176 12 5860 5716 0.05 4300 1 xllrunner
175 12 5968 2780 0.03 5204 1 xllrunner
175 12 5900 4316 0.05 5332 1 xllrunner
175 12 5864 4812 0.05 5800 1 xllrunner
175 12 5892 2468 0.06 6028 1 xllrunner
175 12 5796 5180 0.06 6304 1 xllrunner
175 12 5888 4568 0.05 6684 1 xllrunner
178 12 5916 1724 0.08 7588 1 xllrunner Tasks
PS C:\> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
PS C:\> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 6/28/2024 4:18:47 AM Ready
PcaPatchDbTask 6/27/2024 4:32:47 PM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 6/27/2024 12:00:00 PM Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Check And Scan 6/27/2024 11:31:52 PM Ready
Data Integrity Scan N/A Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Device 6/28/2024 4:43:22 AM Ready
Device User N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DirectXDatabaseUpdater N/A Ready
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
UsageDataFlushing N/A Ready
UsageDataReporting N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 6/27/2024 10:36:09 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LocalUserSyncDataAvailable N/A Ready
MouseSyncDataAvailable N/A Ready
PenSyncDataAvailable N/A Ready
TouchpadSyncDataAvailable N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Synchronize Language Settings N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Installation N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
SecureBootEncodeUEFI 1/1/2026 12:00:00 PM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MaintenanceTasks N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 6/27/2024 9:09:23 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 6/28/2024 2:37:38 AM Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Ready
Device-Sync N/A Disabled
Recovery-Check N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
OobeDiscovery N/A Ready Firewall & AV
PS C:\> netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
25 TCP Enable Inbound SMTP
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
25 TCP Enable Inbound SMTP
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .25 TCP Enable Inbound SMTP
PS C:\> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 0.0.0.0
AMProductVersion : 4.18.24050.7
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 0
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion :
AntivirusEnabled : False
AntivirusSignatureAge : 65535
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion :
BehaviorMonitorEnabled : False
ComputerID : 2A964F44-38CF-56BE-D160-04CB446CDD57
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 12/31/1600 4:00:00 PM
DeviceControlState : Unknown
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
InitializationProgress : ServiceStartedSuccessfully
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 65535
NISSignatureLastUpdated :
NISSignatureVersion :
OnAccessProtectionEnabled : False
ProductStatus : 1
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanOverdue : False
QuickScanSignatureVersion :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState :
TamperProtectionSource : UI
TDTCapable : N/A
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/AAV is disabled
Session Architecture
PS C:\> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is BFF7-F940
Directory of C:\Windows\Microsoft.NET\Framework
01/01/2024 04:32 AM <DIR> .
06/27/2024 02:48 AM <DIR> ..
05/08/2021 01:34 AM <DIR> v1.0.3705
05/08/2021 01:34 AM <DIR> v1.1.4322
06/12/2024 11:49 AM <DIR> v2.0.50727
01/01/2024 04:32 AM <DIR> v3.0
01/01/2024 04:32 AM <DIR> v3.5
06/27/2024 02:48 AM <DIR> v4.0.30319
0 File(s) 0 bytes
8 Dir(s) 1,431,232,512 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727
CBS REG_DWORD 0x1
Increment REG_SZ 4927
Install REG_DWORD 0x1
OCM REG_DWORD 0x1
SP REG_DWORD 0x2
Version REG_SZ 2.0.50727.4927
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1028
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1029
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1030
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1031
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1032
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1033
CBS REG_DWORD 0x1
Increment REG_SZ 4927
SP REG_DWORD 0x2
Version REG_SZ 2.0.50727.4927
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1035
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1036
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1038
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1040
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1041
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1042
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1043
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1044
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1045
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1046
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1049
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1053
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1055
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\2052
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\2070
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\3076
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\3082
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0
CBS REG_DWORD 0x1
Increment REG_SZ 4926
Install REG_DWORD 0x1
SP REG_DWORD 0x2
Version REG_SZ 3.0.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Servicing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Servicing\Windows Workflow Foundation
CBS REG_DWORD 0x1
Hotfix REG_SZ
Install REG_DWORD 0x1
SP REG_DWORD 0x2
SPIndex REG_DWORD 0x0
SPName REG_SZ SP2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup
InstallSuccess REG_DWORD 0x1
Version REG_SZ 3.0.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\1033
CBS REG_DWORD 0x1
Increment REG_SZ 4926
Install REG_DWORD 0x1
InstallSuccess REG_DWORD 0x1
SP REG_DWORD 0x2
Version REG_SZ 3.0.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\Windows Communication Foundation
InstallSuccess REG_DWORD 0x1
ReferenceInstallPath REG_SZ C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
RuntimeInstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\
Version REG_SZ 3.0.4506.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\Windows Presentation Foundation
(Default) REG_SZ WPF v3.0.6920.4902
InstallRoot REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\
InstallSuccess REG_DWORD 0x1
ProductVersion REG_SZ 3.0.6920.4902
Version REG_SZ 3.0.6920.4902
WPFCommonAssembliesPathx64 REG_SZ C:\Windows\System32\
WPFNonReferenceAssembliesPathx64 REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\
WPFReferenceAssembliesPathx64 REG_SZ C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation
(Default) REG_SZ Windows Workflow Foundation
FileVersion REG_SZ 3.0.4203.4926
InstallDir REG_SZ C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
InstallSuccess REG_DWORD 0x1
MajorBuildNum REG_SZ 4203
ProductVersion REG_SZ 3.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.5
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.5\
SP REG_DWORD 0x1
Version REG_SZ 3.5.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.5\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
SP REG_DWORD 0x1
Version REG_SZ 3.5.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x81041
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04161
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04161