System/Kernel
ps c:\Users\Sierra.Frye\Documents> systeminfo ; Get-ComputerInfo
windowsbuildlabex : 17763.1.amd64fre.rs5_release.180914-1434
windowscurrentversion : 6.3
windowseditionid : ServerStandard
windowsinstallationtype : Server Core
windowsinstalldatefromregistry : 22/03/2020 23:49:30
windowsproductid : 00429-00521-62775-AA489
windowsproductname : Windows Server 2019 Standard
windowsregisteredorganization :
windowsregisteredowner : Windows User
windowssystemroot : C:\Windows
windowsversion : 1809
osserverlevel : ServerCore
timezone : (UTC+00:00) Dublin, Edinburgh, Lisbon, London
powerplatformrole : Desktop
deviceguardsmartstatus : Off
ps c:\Users\Sierra.Frye\Documents> cmd /c ver
Microsoft Windows [Version 10.0.17763.2300]Windows Server 2019 Standard
10.0.17763.2300
ServerCore
Networks
PS C:\Users\Sierra.Frye\Documents> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : Research
Primary Dns Suffix . . . . . . . : search.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : search.htb
htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . : htb
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-B9-5A-CD
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : dead:beef::20e(Preferred)
Lease Obtained. . . . . . . . . . : 02 February 2024 02:07:07
Lease Expires . . . . . . . . . . : 02 February 2024 03:07:07
IPv6 Address. . . . . . . . . . . : dead:beef::adc3:2aea:8cbd:5a2f(Preferred)
Link-local IPv6 Address . . . . . : fe80::adc3:2aea:8cbd:5a2f%6(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.11.129(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : fe80::250:56ff:feb9:92a6%6
10.10.10.2
DHCPv6 IAID . . . . . . . . . . . : 117461078
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-24-23-32-00-50-56-B9-CF-AF
DNS Servers . . . . . . . . . . . : 1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Connection-specific DNS Suffix Search List :
htb
Interface: 10.10.11.129 --- 0x6
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-92-a6 dynamic
10.10.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static PS C:\Users\Sierra.Frye\Documents> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 984
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 984
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:8172 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2248
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 488
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1052
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1360
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49674 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49678 0.0.0.0:0 LISTENING 624
TCP 0.0.0.0:49690 0.0.0.0:0 LISTENING 2228
TCP 0.0.0.0:49727 0.0.0.0:0 LISTENING 2340
TCP 0.0.0.0:49755 0.0.0.0:0 LISTENING 2292
TCP 10.10.11.129:53 0.0.0.0:0 LISTENING 2340
TCP 10.10.11.129:139 0.0.0.0:0 LISTENING 4
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2340
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 632
TCP [::]:135 [::]:0 LISTENING 984
TCP [::]:389 [::]:0 LISTENING 632
TCP [::]:443 [::]:0 LISTENING 4
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 632
TCP [::]:593 [::]:0 LISTENING 984
TCP [::]:636 [::]:0 LISTENING 632
TCP [::]:3268 [::]:0 LISTENING 632
TCP [::]:3269 [::]:0 LISTENING 632
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:8172 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 2248
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 488
TCP [::]:49665 [::]:0 LISTENING 1052
TCP [::]:49666 [::]:0 LISTENING 632
TCP [::]:49668 [::]:0 LISTENING 1360
TCP [::]:49673 [::]:0 LISTENING 632
TCP [::]:49674 [::]:0 LISTENING 632
TCP [::]:49678 [::]:0 LISTENING 624
TCP [::]:49690 [::]:0 LISTENING 2228
TCP [::]:49727 [::]:0 LISTENING 2340
TCP [::]:49755 [::]:0 LISTENING 2292
TCP [::1]:53 [::]:0 LISTENING 2340
TCP [dead:beef::20e]:53 [::]:0 LISTENING 2340
TCP [dead:beef::adc3:2aea:8cbd:5a2f]:53 [::]:0 LISTENING 2340
TCP [fe80::adc3:2aea:8cbd:5a2f%6]:53 [::]:0 LISTENING 23400.0.0.0:5985
Users & Groups
ps c:\Users\Sierra.Frye\Documents> net users ; ls C:\Users
User accounts for \\
-------------------------------------------------------------------------------
Aarav.Fry Abbigail.Turner Abby.Gonzalez
Abril.Suarez Ada.Gillespie Administrator
Alfred.Chan Amare.Serrano Amari.Mora
Angel.Atkinson Angie.Duffy Annabelle.Wells
Antony.Russo Arielle.Schultz Armando.Nash
Belen.Compton Blaine.Zavala Bobby.Wolf
Braeden.Rasmussen Cade.Austin Cadence.Conner
Cameron.Melendez Camren.Luna Celia.Moreno
Cesar.Yang Chace.Oneill Chanel.Bell
Charlee.Wilkinson Claudia.Pugh Claudia.Sharp
Colby.Russell Cortez.Hickman Crystal.Greer
Dax.Santiago Desmond.Bonilla Eddie.Stevens
Edgar.Jacobs Edith.Walls Eliezer.Jordan
Elisha.Watts Eve.Galvan Frederick.Cuevas
German.Rice Griffin.Maddox Guest
Gunnar.Callahan Haven.Summers Hope.Sharp
Hugo.Forbes Hunter.Kirby Isabela.Estrada
Jamar.Holt Jayla.Roberts Jeramiah.Fritz
Jermaine.Franco Jolie.Lee Jordan.Gregory
Joy.Costa Judah.Frye Kaitlynn.Lee
Katelynn.Costa Kayley.Ferguson Kaylin.Bird
Keely.Lyons Keith.Hester krbtgt
Kylee.Davila Kyler.Arias Lane.Wu
Lillie.Saunders Lizeth.Love Lorelei.Huang
Maci.Graves Maeve.Mann Maren.Guzman
Margaret.Robinson Marshall.Skinner Melanie.Santiago
Monique.Moreno Natasha.Mayer Payton.Harmon
Prince.Hobbs Reginald.Morton Rene.Larson
Sage.Henson Sandra.Wolfe Saniyah.Roy
Santino.Benjamin Sarai.Boone Savanah.Knox
Savanah.Velazquez Scarlett.Parks Sierra.Frye
Sonia.Schneider Taniya.Hardy Tori.Mora
Trace.Ryan Tristan.Davies Tristen.Christian
Tyshawn.Peck Vincent.Sutton web_svc
Yareli.Mcintyre Yaritza.Riddle Zain.Hopkins
The command completed with one or more errors.
directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 23/03/2020 07:20 .NET v4.5
d----- 23/03/2020 07:20 .NET v4.5 Classic
d----- 20/12/2021 08:34 Administrator
d----- 31/07/2020 10:01 BIR-ADFS-GMSA$
d-r--- 23/03/2020 07:07 Public
d----- 31/07/2020 11:04 Sierra.Frye
d----- 11/08/2020 08:45 WSEnrollmentServer BIR-ADFS-GMSA$
WSEnrollmentServer
ps c:\Users\Sierra.Frye\Documents> net localgroup ; net group /DOMAIN
Aliases for \\RESEARCH
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
Group Accounts for \\
-------------------------------------------------------------------------------
*Birmingham-HelpDesk
*Birmingham-ITSec
*Cloneable Domain Controllers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Glasgow-HelpDesk
*Glasgow-ITSec
*Group Policy Creator Owners
*HelpDesk
*ITSec
*Key Admins
*London-HelpDesk
*London-ITSec
*Manchester-HelpDesk
*Manchester-ITSec
*Protected Users
*Read-only Domain Controllers
*Schema Admins
*Sheffield-HelpDesk
*Sheffield-ITSec
The command completed with one or more errors.Processes
PS C:\Users\Sierra.Frye\Documents> cmd /c tasklist /svc ; ps
cmd : ERROR: Access denied
+ CategoryInfo : NotSpecified: (ERROR: Access denied:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
443 35 12928 21684 2228 0 certsrv
166 11 6940 16276 3592 1 conhost
434 17 2220 5216 384 0 csrss
184 9 1804 4772 496 1 csrss
392 32 16036 22452 2292 0 dfsrs
178 11 2364 7520 2628 0 dfssvc
256 13 3892 13408 3360 0 dllhost
361 34 7340 10656 2340 0 dns
48 6 1484 4516 880 0 fontdrvhost
48 6 1556 4832 888 1 fontdrvhost
0 0 56 8 0 0 Idle
199 16 6524 15292 2620 0 inetinfo
316 17 3092 14348 3524 1 LogonUI
2137 168 65704 68496 632 0 lsass
729 30 36572 46092 2248 0 Microsoft.ActiveDirectory.WebServices
225 13 3120 10536 3508 0 msdtc
1027 78 269600 246608 2532 0 MsMpEng
205 11 3668 10212 3992 0 NisSrv
0 10 484 13704 88 0 Registry
504 12 4928 11192 624 0 services
53 3 492 908 284 0 smss
128 16 3496 7456 784 0 svchost
209 12 1680 7344 820 0 svchost
86 5 864 3792 852 0 svchost
314 12 2828 9408 872 0 svchost
611 19 3528 10124 984 0 svchost
238 10 1764 6828 1020 0 svchost
298 13 10804 15124 1052 0 svchost
250 14 3228 8520 1072 0 svchost
317 16 4160 17356 1088 0 svchost
215 9 2060 7464 1096 0 svchost
280 18 5596 15792 1180 0 svchost
225 11 2200 10780 1196 0 svchost
439 9 2904 9032 1208 0 svchost
381 31 8276 15316 1280 0 svchost
121 7 1216 5424 1344 0 svchost
315 17 3900 13324 1360 0 svchost
204 12 2180 8756 1416 0 svchost
162 9 1976 7212 1516 0 svchost
412 16 9836 19336 1552 0 svchost
127 7 1204 5736 1560 0 svchost
249 14 10216 11276 1584 0 svchost
460 17 3324 11900 1632 0 svchost
177 9 1732 8236 1808 0 svchost
356 16 4564 12500 1840 0 svchost
285 10 2288 8284 1932 0 svchost
336 24 8656 16096 1972 0 svchost
208 11 2368 8540 2104 0 svchost
307 21 10196 15644 2124 0 svchost
134 8 2948 9796 2204 0 svchost
271 25 3640 12672 2212 0 svchost
167 12 3824 10816 2220 0 svchost
119 7 1164 5412 2236 0 svchost
387 18 14404 27420 2316 0 svchost
262 13 2536 7860 2416 0 svchost
138 8 1504 6248 2504 0 svchost
244 15 5244 12520 2512 0 svchost
317 29 5872 15372 2608 0 svchost
186 11 3148 11084 2704 0 svchost
147 9 1620 6440 4420 0 svchost
1293 0 196 72 4 0 System
214 16 2464 10588 2172 0 vds
169 11 2968 10716 2548 0 VGAuthService
146 8 1664 6816 2520 0 vm3dservice
141 10 2316 7860 2916 1 vm3dservice
134 9 1680 7060 4492 1 vm3dservice
393 23 9968 22204 2540 0 vmtoolsd
994 65 198616 135336 4524 0 w3wp
172 11 1476 6840 488 0 wininit
236 11 2488 11052 556 1 winlogon
340 15 7780 16936 3712 0 WmiPrvSE
303 27 20280 20900 2636 0 WMSvc
1448 28 102272 120704 1.17 736 0 wsmprovhost
1236 30 62652 81904 0.58 1336 0 wsmprovhost inetinfo
MsMpEng
NisSrv
WMSvc
Tasks
ps c:\Users\Sierra.Frye\Documents> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
get-scheduledtask : Cannot connect to CIM server. Access denied
at line:1 char:1
+ Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft ...
+ ~~~~~~~~~~~~~~~~~
+ categoryinfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ fullyqualifiederrorid : CimJob_BrokenCimSession,Get-ScheduledTaskps c:\Users\Sierra.Frye\Documents> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
microsoft compatibility appraiser 02/02/2024 04:37:03 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
consolidator 02/02/2024 06:00:00 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
data integrity scan 16/02/2024 16:13:15 Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
device 02/02/2024 03:15:10 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
refreshcache 02/02/2024 18:14:42 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Ready
Windows Defender Cleanup N/A Ready
windows defender scheduled scan 02/02/2024 05:56:31 Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
queuereporting 02/02/2024 03:05:20 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
scheduled start 03/02/2024 02:05:35 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready Firewall & AV
PS C:\Users\Sierra.Frye\Documents> netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .FW is enabled
PS C:\Users\Sierra.Frye\Documents> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Cannot connect to CIM server. Access denied
+ CategoryInfo : ResourceUnavailable: (MSFT_MpPreference:String) [Get-MpPreference], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpPreference Session Architecture
ps c:\Users\Sierra.Frye\Documents> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Users\Sierra.Frye\Documents>
cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framew
ork Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190