System/Kernel
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> cmd /c ver
Microsoft Windows [Version 10.0.17763.4252]
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> systeminfo ; Get-ComputerInfo
Program 'systeminfo.exe' failed to run: Access is deniedAt line:1 char:1
+ systeminfo ; Get-ComputerInfo
+ ~~~~~~~~~~.
At line:1 char:1
+ systeminfo ; Get-ComputerInfo
+ ~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [], ApplicationFailedException
+ FullyQualifiedErrorId : NativeCommandFailedMicrosoft Windows [Version 10.0.17763.4252]
Networks
Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : nagoya
Primary Dns Suffix . . . . . . . : nagoya-industries.com
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : nagoya-industries.com
Ethernet adapter Ethernet0:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-9E-CC-B5
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.158.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.158.254
DNS Servers . . . . . . . . . . . : 192.168.158.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 192.168.158.21 --- 0x3
Internet Address Physical Address Type
192.168.158.254 00-50-56-9e-ad-80 dynamic
192.168.158.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
Unable to initialize device PRN*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 884
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 884
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 3612
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 68
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2612
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 496
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 272
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1016
TCP 0.0.0.0:49676 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49677 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49681 0.0.0.0:0 LISTENING 2508
TCP 0.0.0.0:49686 0.0.0.0:0 LISTENING 624
TCP 0.0.0.0:49691 0.0.0.0:0 LISTENING 632
TCP 0.0.0.0:49698 0.0.0.0:0 LISTENING 2664
TCP 0.0.0.0:49717 0.0.0.0:0 LISTENING 2692
TCP 0.0.0.0:52804 0.0.0.0:0 LISTENING 3612
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2664
TCP 192.168.158.21:53 0.0.0.0:0 LISTENING 2664
TCP 192.168.158.21:139 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 632
TCP [::]:135 [::]:0 LISTENING 884
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 632
TCP [::]:593 [::]:0 LISTENING 884
TCP [::]:1433 [::]:0 LISTENING 3612
TCP [::]:3389 [::]:0 LISTENING 68
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 2612
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 496
TCP [::]:49665 [::]:0 LISTENING 272
TCP [::]:49666 [::]:0 LISTENING 632
TCP [::]:49668 [::]:0 LISTENING 1016
TCP [::]:49676 [::]:0 LISTENING 632
TCP [::]:49677 [::]:0 LISTENING 632
TCP [::]:49681 [::]:0 LISTENING 2508
TCP [::]:49686 [::]:0 LISTENING 624
TCP [::]:49691 [::]:0 LISTENING 632
TCP [::]:49698 [::]:0 LISTENING 2664
TCP [::]:49717 [::]:0 LISTENING 2692
TCP [::]:52804 [::]:0 LISTENING 3612
TCP [::1]:53 [::]:0 LISTENING 2664 TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 3612
Users & Groups
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> net users ; ls C:\Users
User accounts for \\
-------------------------------------------------------------------------------
Abigail.Hughes Administrator Andrea.Hayes
Anne.Jenkins Bethan.Webster Brett.Naylor
Christopher.Lewis Craig.Carr Damien.Chapman
Elaine.Brady Emma.Miah Fiona.Clark
Frances.Ward Guest Holly.Matthews
Iain.White Joanna.Wood Joanne.Lewis
Kate.Watson Kirsty.Norris krbtgt
Matthew.Harrison Megan.Johnson Melanie.Watson
Melissa.Mitchell Patrick.Martin Rebecca.Bell
Scott.Gardner svc_helpdesk svc_mssql
svc_tpl svc_web Sylvia.King
Terry.Edwards Wayne.Hartley
The command completed with one or more errors.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 4/29/2023 12:09 PM Administrator
d----- 4/23/2025 11:29 AM Christopher.Lewis
d-r--- 4/29/2023 12:09 PM Public
d----- 5/1/2023 8:42 AM svc_mssqlsvc_mssql
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> net localgroup ; net group /DOMAIN
Aliases for \\NAGOYA
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*SQLServer2005SQLBrowserUser$NAGOYA
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
Group Accounts for \\
-------------------------------------------------------------------------------
*Cloneable Domain Controllers
*developers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*employees
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*helpdesk
*Key Admins
*Protected Users
*Read-only Domain Controllers
*Schema Admins
The command completed with one or more errors.Processes
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service | ? { $_.ProcessId -eq $_.ProcessId }).Name -join ", "; $u = $_.GetOwner(); [PSCustomObject]@{ Name = $_.Name; PID = $_.ProcessId; User = "$($u.Domain)$($u.User)"; Services = $s } } | ft -AutoSize
Access denied
At line:1 char:1
+ Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> cmd /c tasklist /svc ; ps
cmd.exe : ERROR: Access denied
+ CategoryInfo : NotSpecified: (ERROR: Access denied:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
102 5 960 4316 304 0 CompatTelRunner
341 16 3408 10508 1028 0 CompatTelRunner
159 9 6664 13036 1248 0 conhost
144 9 6728 12724 2036 0 conhost
460 16 2444 5560 380 0 csrss
170 13 1788 4932 484 1 csrss
396 32 15660 22740 2692 0 dfsrs
159 8 1932 6256 2772 0 dfssvc
265 14 3876 13784 3692 0 dllhost
5362 3699 68948 69604 2664 0 dns
532 21 22400 41616 968 1 dwm
53 6 1652 4364 112 1 fontdrvhost
53 6 1540 4144 3732 0 fontdrvhost
0 0 56 8 0 0 Idle
206 16 6560 15564 2728 0 inetinfo
145 13 2048 5888 2756 0 ismserv
472 26 10780 48580 4160 1 LogonUI
1938 193 97420 73184 632 0 lsass
614 30 35988 46024 2612 0 Microsoft.ActiveDirectory.WebServices
235 13 3260 10564 3784 0 msdtc
0 14 564 92716 88 0 Registry
461 14 4868 12532 624 0 services
53 3 488 1212 288 0 smss
475 22 5812 16824 2508 0 spoolsv
202 14 3972 12584 2104 0 SppExtComObj
243 12 7968 19104 1560 0 sppsvc
576 31 38068 53744 2680 0 sqlceip
815 56 335616 218768 3612 0 sqlservr
147 10 1884 8100 2792 0 sqlwriter
512 19 4256 13456 68 0 svchost
578 18 13924 20384 272 0 svchost
892 31 9064 26064 476 0 svchost
210 12 1728 7424 488 0 svchost
679 18 4908 14888 848 0 svchost
835 48 9680 25972 864 0 svchost
682 20 3884 10624 884 0 svchost
476 29 12352 21044 984 0 svchost
1831 66 31908 67180 1016 0 svchost
406 32 9272 18508 1228 0 svchost
316 13 2032 9216 1416 0 svchost
439 24 3452 13112 1628 0 svchost
165 10 2096 7584 2044 0 svchost
179 12 3304 12628 2080 0 svchost
212 11 2288 8564 2332 0 svchost
171 12 3804 11024 2568 0 svchost
192 10 5620 8128 2576 0 svchost
117 7 1148 5604 2588 0 svchost
500 22 16712 31516 2652 0 svchost
320 14 4332 11864 2684 0 svchost
234 14 4592 12116 2868 0 svchost
134 7 1724 6404 4992 0 svchost
1520 0 192 156 4 0 System
216 16 2460 10796 3312 0 vds
175 11 2932 11788 2828 0 VGAuthService
150 8 1700 7416 2836 0 vm3dservice
144 10 1800 7848 3092 1 vm3dservice
427 23 11132 23768 2820 0 vmtoolsd
173 11 1464 7128 496 0 wininit
246 12 2576 18036 544 1 winlogon
59 4 732 3356 2936 0 wlms
374 16 7784 16944 2220 0 WmiPrvSE
1223 29 56396 76144 0.41 2956 0 wsmprovhostspoolsvsqlceipsqlservrsqlwriter
Tasks
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> cmd /c schtasks /QUERY /FO TABLE
cmd.exe : Access is denied.
+ CategoryInfo : NotSpecified: (Access is denied.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandErrorServices
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object -First 100
WMIC.exe : ERROR:
+ CategoryInfo : NotSpecified: (ERROR::String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandErrorInstalled Programs
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique
Azure Data Studio
Browser for SQL Server 2022
Integration Services
Microsoft .NET 6.0.16 - Windows Server Hosting
Microsoft .NET 7.0.5 - Windows Server Hosting
Microsoft .NET Host - 6.0.16 (x64)
Microsoft .NET Host - 6.0.16 (x86)
Microsoft .NET Host - 7.0.5 (x64)
Microsoft .NET Host - 7.0.5 (x86)
Microsoft .NET Host FX Resolver - 6.0.16 (x64)
Microsoft .NET Host FX Resolver - 6.0.16 (x86)
Microsoft .NET Host FX Resolver - 7.0.5 (x64)
Microsoft .NET Host FX Resolver - 7.0.5 (x86)
Microsoft .NET Runtime - 6.0.16 (x64)
Microsoft .NET Runtime - 6.0.16 (x86)
Microsoft .NET Runtime - 7.0.5 (x64)
Microsoft .NET Runtime - 7.0.5 (x86)
Microsoft Analysis Services OLE DB Provider
Microsoft ASP.NET Core 6.0.16 - Shared Framework (x64)
Microsoft ASP.NET Core 6.0.16 - Shared Framework (x86)
Microsoft ASP.NET Core 6.0.16 Hosting Bundle Options
Microsoft ASP.NET Core 6.0.16 Shared Framework (x64)
Microsoft ASP.NET Core 6.0.16 Shared Framework (x86)
Microsoft ASP.NET Core 7.0.5 - Shared Framework (x64)
Microsoft ASP.NET Core 7.0.5 - Shared Framework (x86)
Microsoft ASP.NET Core 7.0.5 Hosting Bundle Options
Microsoft ASP.NET Core 7.0.5 Shared Framework (x64)
Microsoft ASP.NET Core 7.0.5 Shared Framework (x86)
Microsoft ASP.NET Core Module V2
Microsoft Help Viewer 2.3
Microsoft ODBC Driver 17 for SQL Server
Microsoft OLE DB Driver for SQL Server
Microsoft SQL Server 2022 (64-bit)
Microsoft SQL Server 2022 RsFx Driver
Microsoft SQL Server 2022 Setup (English)
Microsoft SQL Server Management Studio - 19.0.2
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.32.31326
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.32.31326
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.32.31326
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.32.31326
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.32.31326
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.32.31326
Microsoft Visual Studio Tools for Applications 2019
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
Microsoft VSS Writer for SQL Server 2022
SQL Server 2022 Batch Parser
SQL Server 2022 Common Files
SQL Server 2022 Connection Info
SQL Server 2022 Database Engine Services
SQL Server 2022 Database Engine Shared
SQL Server 2022 DMF
SQL Server 2022 Shared Management Objects
SQL Server 2022 Shared Management Objects Extensions
SQL Server 2022 SQL Diagnostics
SQL Server 2022 XEvent
SQL Server Management Studio
SQL Server Management Studio Language Pack - English
SSMS Post Install Tasks
Visual Studio 2017 Isolated Shell for SSMS
VMware ToolsAzure Data StudioBrowser for SQL Server 2022Integration ServicesMicrosoft ODBC Driver 17 for SQL ServerMicrosoft OLE DB Driver for SQL ServerMicrosoft SQL Server 2022 (64-bit)Microsoft SQL Server 2022 RsFx DriverMicrosoft SQL Server 2022 Setup (English)Microsoft SQL Server Management Studio - 19.0.2Microsoft VSS Writer for SQL Server 2022SQL Server 2022 Batch ParserSQL Server 2022 Common FilesSQL Server 2022 Connection InfoSQL Server 2022 Database Engine ServicesSQL Server 2022 Database Engine SharedSQL Server 2022 DMFSQL Server 2022 Shared Management ObjectsSQL Server 2022 Shared Management Objects ExtensionsSQL Server 2022 SQL DiagnosticsSQL Server 2022 XEventSQL Server Management StudioSQL Server Management Studio Language Pack - EnglishSSMS Post Install TasksVisual Studio 2017 Isolated Shell for SSMS
Firewall & AV
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
1433 TCP Disable Inbound Custom Forbid External 1433
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable Yes Network Discovery
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
1433 TCP Disable Inbound Custom Forbid External 1433
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .1433 TCP Disable Inbound Custom Forbid External 1433
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPathN/A
Session Architecture
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
*Evil-WinRM* PS C:\Users\Christopher.Lewis\Documents> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 4CB9-C891
Directory of C:\Windows\Microsoft.NET\Framework
04/30/2023 12:35 AM <DIR> .
04/30/2023 12:35 AM <DIR> ..
09/15/2018 12:19 AM <DIR> v1.0.3705
09/15/2018 12:19 AM <DIR> v1.1.4322
04/30/2023 12:35 AM <DIR> v2.0.50727
04/30/2023 12:35 AM <DIR> v3.0
04/30/2023 12:35 AM <DIR> v3.5
04/23/2025 11:16 AM <DIR> v4.0.30319
0 File(s) 0 bytes
8 Dir(s) 19,722,854,400 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v2.0.50727
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v3.5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727
CBS REG_DWORD 0x1
Increment REG_SZ 4927
Install REG_DWORD 0x1
OCM REG_DWORD 0x1
SP REG_DWORD 0x2
Version REG_SZ 2.0.50727.4927
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1028
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1029
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1030
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1031
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1032
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1033
CBS REG_DWORD 0x1
Increment REG_SZ 4927
SP REG_DWORD 0x2
Version REG_SZ 2.0.50727.4927
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1035
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1036
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1038
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1040
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1041
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1042
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1043
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1044
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1045
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1046
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1049
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1053
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\1055
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\2052
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\2070
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\3076
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v2.0.50727\3082
Install REG_DWORD 0x1
MSI REG_DWORD 0x1
OCM REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0
CBS REG_DWORD 0x1
Increment REG_SZ 4926
Install REG_DWORD 0x1
SP REG_DWORD 0x2
Version REG_SZ 3.0.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Servicing
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Servicing\Windows Workflow Foundation
CBS REG_DWORD 0x1
Hotfix REG_SZ
Install REG_DWORD 0x1
SP REG_DWORD 0x2
SPIndex REG_DWORD 0x0
SPName REG_SZ SP2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup
InstallSuccess REG_DWORD 0x1
Version REG_SZ 3.0.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\1033
CBS REG_DWORD 0x1
Increment REG_SZ 4926
Install REG_DWORD 0x1
InstallSuccess REG_DWORD 0x1
SP REG_DWORD 0x2
Version REG_SZ 3.0.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\Windows Communication Foundation
InstallSuccess REG_DWORD 0x1
ReferenceInstallPath REG_SZ C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
RuntimeInstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\
Version REG_SZ 3.0.4506.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\Windows Presentation Foundation
(Default) REG_SZ WPF v3.0.6920.4902
InstallRoot REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\
InstallSuccess REG_DWORD 0x1
ProductVersion REG_SZ 3.0.6920.4902
Version REG_SZ 3.0.6920.4902
WPFCommonAssembliesPathx64 REG_SZ C:\Windows\System32\
WPFNonReferenceAssembliesPathx64 REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\
WPFReferenceAssembliesPathx64 REG_SZ C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.0\Setup\Windows Workflow Foundation
(Default) REG_SZ Windows Workflow Foundation
FileVersion REG_SZ 3.0.4203.4926
InstallDir REG_SZ C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\
InstallSuccess REG_DWORD 0x1
MajorBuildNum REG_SZ 4203
ProductVersion REG_SZ 3.0.0.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.5
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v3.5\
SP REG_DWORD 0x1
Version REG_SZ 3.5.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v3.5\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
SP REG_DWORD 0x1
Version REG_SZ 3.5.30729.4926
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190