System/Kernel
PS C:\Windows\system32> cmd /c ver
Microsoft Windows [Version 10.0.17763.1821]
PS C:\Windows\system32> systeminfo ; Get-ComputerInfo
Host Name: CYBERLENS
OS Name: Microsoft Windows Server 2019 Datacenter
OS Version: 10.0.17763 N/A Build 17763
OS Manufacturer: Microsoft Corporation
OS Configuration: Standalone Server
OS Build Type: Multiprocessor Free
Registered Owner: EC2
Registered Organization: Amazon.com
Product ID: 00430-00000-00000-AA344
Original Install Date: 3/17/2021, 2:59:06 PM
System Boot Time: 7/5/2025, 10:59:25 AM
System Manufacturer: Xen
System Model: HVM domU
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 79 Stepping 1 GenuineIntel ~2300 Mhz
BIOS Version: Xen 4.11.amazon, 8/24/2006
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC) Coordinated Universal Time
Total Physical Memory: 4,096 MB
Available Physical Memory: 2,373 MB
Virtual Memory: Max Size: 4,800 MB
Virtual Memory: Available: 3,094 MB
Virtual Memory: In Use: 1,706 MB
Page File Location(s): C:\pagefile.sys
Domain: WORKGROUP
Logon Server: \\CYBERLENS
Hotfix(s): 27 Hotfix(s) Installed.
[01]: KB4601555
[02]: KB4470502
[03]: KB4470788
[04]: KB4480056
[05]: KB4486153
[06]: KB4493510
[07]: KB4499728
[08]: KB4504369
[09]: KB4512577
[10]: KB4512937
[11]: KB4521862
[12]: KB4523204
[13]: KB4535680
[14]: KB4539571
[15]: KB4549947
[16]: KB4558997
[17]: KB4562562
[18]: KB4566424
[19]: KB4570332
[20]: KB4577586
[21]: KB4577667
[22]: KB4587735
[23]: KB4589208
[24]: KB4598480
[25]: KB4601393
[26]: KB5000859
[27]: KB5001568
Network Card(s): 1 NIC(s) Installed.
[01]: AWS PV Network Device
Connection Name: Ethernet
DHCP Enabled: Yes
DHCP Server: 10.10.0.1
IP address(es)
[01]: 10.10.53.112
[02]: fe80::45e9:5ec0:f4c6:d8cf
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerDatacenter
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 3/17/2021 2:59:06 PM
WindowsProductId : 00430-00000-00000-AA344
WindowsProductName : Windows Server 2019 Datacenter
WindowsRegisteredOrganization : Amazon.com
WindowsRegisteredOwner : EC2
WindowsSystemRoot : C:\Windows
WindowsVersion : 1809
BiosCharacteristics : {7, 19, 42}
BiosBIOSVersion : {Xen - 0, Revision: 1.221 }
BiosBuildNumber :
BiosCaption : Revision: 1.221
BiosCodeSet :
BiosCurrentLanguage :
BiosDescription : Revision: 1.221
BiosEmbeddedControllerMajorVersion : 255
BiosEmbeddedControllerMinorVersion : 255
BiosFirmwareType : Bios
BiosIdentificationCode :
BiosInstallableLanguages :
BiosInstallDate :
BiosLanguageEdition :
BiosListOfLanguages :
BiosManufacturer : Xen
BiosName : Revision: 1.221
BiosOtherTargetOS :
BiosPrimaryBIOS : True
BiosReleaseDate : 8/24/2006 12:00:00 AM
BiosSeralNumber : ec213714-744d-d137-49a0-2c580a005fdd
BiosSMBIOSBIOSVersion : 4.11.amazon
BiosSMBIOSMajorVersion : 2
BiosSMBIOSMinorVersion : 7
BiosSMBIOSPresent : True
BiosSoftwareElementState : Running
BiosStatus : OK
BiosSystemBiosMajorVersion : 4
BiosSystemBiosMinorVersion : 11
BiosTargetOperatingSystem : 0
BiosVersion : Xen - 0
CsAdminPasswordStatus : Unknown
CsAutomaticManagedPagefile : True
CsAutomaticResetBootOption : True
CsAutomaticResetCapability : True
CsBootOptionOnLimit :
CsBootOptionOnWatchDog :
CsBootROMSupported : True
CsBootStatus : {0, 0, 0, 127...}
CsBootupState : Normal boot
CsCaption : CYBERLENS
CsChassisBootupState : Safe
CsChassisSKUNumber :
CsCurrentTimeZone : 0
CsDaylightInEffect :
CsDescription : AT/AT COMPATIBLE
CsDNSHostName : CyberLens
CsDomain : WORKGROUP
CsDomainRole : StandaloneServer
CsEnableDaylightSavingsTime : True
CsFrontPanelResetStatus : Unknown
CsHypervisorPresent : True
CsInfraredSupported : False
CsInitialLoadInfo :
CsInstallDate :
CsKeyboardPasswordStatus : Unknown
CsLastLoadInfo :
CsManufacturer : Xen
CsModel : HVM domU
CsName : CYBERLENS
CsNetworkAdapters : {Ethernet}
CsNetworkServerModeEnabled : True
CsNumberOfLogicalProcessors : 2
CsNumberOfProcessors : 1
CsProcessors : {Intel(R) Xeon(R) CPU E5-2686 v4 @ 2.30GHz}
CsOEMStringArray : {Xen}
CsPartOfDomain : False
CsPauseAfterReset : -1
CsPCSystemType : Desktop
CsPCSystemTypeEx : Desktop
CsPowerManagementCapabilities :
CsPowerManagementSupported :
CsPowerOnPasswordStatus : Unknown
CsPowerState : Unknown
CsPowerSupplyState : Safe
CsPrimaryOwnerContact :
CsPrimaryOwnerName : EC2
CsResetCapability : Other
CsResetCount : -1
CsResetLimit : -1
CsRoles : {LM_Workstation, LM_Server, NT, Server_NT}
CsStatus : OK
CsSupportContactDescription :
CsSystemFamily :
CsSystemSKUNumber :
CsSystemType : x64-based PC
CsThermalState : Safe
CsTotalPhysicalMemory : 4294557696
CsPhyicallyInstalledMemory : 4194304
CsUserName : CYBERLENS\CyberLens
CsWakeUpType : PowerSwitch
CsWorkgroup : WORKGROUP
OsName : Microsoft Windows Server 2019 Datacenter
OsType : WINNT
OsOperatingSystemSKU : DatacenterServerEdition
OsVersion : 10.0.17763
OsCSDVersion :
OsBuildNumber : 17763
OsHotFixes : {KB4601555, KB4470502, KB4470788, KB4480056...}
OsBootDevice : \Device\HarddiskVolume1
OsSystemDevice : \Device\HarddiskVolume1
OsSystemDirectory : C:\Windows\system32
OsSystemDrive : C:
OsWindowsDirectory : C:\Windows
OsCountryCode : 1
OsCurrentTimeZone : 0
OsLocaleID : 0409
OsLocale : en-US
OsLocalDateTime : 7/5/2025 1:25:48 PM
OsLastBootUpTime : 7/5/2025 10:59:25 AM
OsUptime : 02:26:23.0180238
OsBuildType : Multiprocessor Free
OsCodeSet : 1252
OsDataExecutionPreventionAvailable : True
OsDataExecutionPrevention32BitApplications : True
OsDataExecutionPreventionDrivers : True
OsDataExecutionPreventionSupportPolicy : OptOut
OsDebug : False
OsDistributed : False
OsEncryptionLevel : 256
OsForegroundApplicationBoost : Maximum
OsTotalVisibleMemorySize : 4193904
OsFreePhysicalMemory : 2402224
OsTotalVirtualMemorySize : 4914800
OsFreeVirtualMemory : 3144236
OsInUseVirtualMemory : 1770564
OsTotalSwapSpaceSize :
OsSizeStoredInPagingFiles : 720896
OsFreeSpaceInPagingFiles : 720896
OsPagingFiles : {C:\pagefile.sys}
OsHardwareAbstractionLayer : 10.0.17763.1790
OsInstallDate : 3/17/2021 2:59:06 PM
OsManufacturer : Microsoft Corporation
OsMaxNumberOfProcesses : 4294967295
OsMaxProcessMemorySize : 137438953344
OsMuiLanguages : {en-US}
OsNumberOfLicensedUsers :
OsNumberOfProcesses : 97
OsNumberOfUsers : 1
OsOrganization : Amazon.com
OsArchitecture : 64-bit
OsLanguage : en-US
OsProductSuites : {TerminalServices, DatacenterEdition,
TerminalServicesSingleSession}
OsOtherTypeDescription :
OsPAEEnabled :
OsPortableOperatingSystem : False
OsPrimary : True
OsProductType : Server
OsRegisteredUser : EC2
OsSerialNumber : 00430-00000-00000-AA344
OsServicePackMajorVersion : 0
OsServicePackMinorVersion : 0
OsStatus : OK
OsSuites : {TerminalServices, DatacenterEdition,
TerminalServicesSingleSession}
OsServerLevel : FullServer
KeyboardLayout : en-US
TimeZone : (UTC) Coordinated Universal Time
LogonServer : \\CYBERLENS
PowerPlatformRole : Desktop
HyperVisorPresent : True
DeviceGuardSmartStatus : OffMicrosoft Windows [Version 10.0.17763.1821]Host Name: CYBERLENSOS Name: Microsoft Windows Server 2019 DatacenterOS Version: 10.0.17763 N/A Build 17763OS Manufacturer: Microsoft CorporationOS Configuration: Standalone ServerSystem Type: x64-based PCProcessor(s): 1 Processor(s) Installed.Domain: WORKGROUPLogon Server: \\CYBERLENSHotfix(s): 27 Hotfix(s) Installed.[01]: KB4601555[02]: KB4470502[03]: KB4470788[04]: KB4480056[05]: KB4486153[06]: KB4493510[07]: KB4499728[08]: KB4504369[09]: KB4512577[10]: KB4512937[11]: KB4521862[12]: KB4523204[13]: KB4535680[14]: KB4539571[15]: KB4549947[16]: KB4558997[17]: KB4562562[18]: KB4566424[19]: KB4570332[20]: KB4577586[21]: KB4577667[22]: KB4587735[23]: KB4589208[24]: KB4598480[25]: KB4601393[26]: KB5000859[27]: KB5001568
Networks
PS C:\Windows\system32> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : CyberLens
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu-west-1.ec2-utilities.amazonaws.com
eu-west-1.compute.internal
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Description . . . . . . . . . . . : AWS PV Network Device #0
Physical Address. . . . . . . . . : 02-8E-69-82-82-5D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::45e9:5ec0:f4c6:d8cf%5(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.53.112(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : Saturday, July 5, 2025 10:59:59 AM
Lease Expires . . . . . . . . . . : Saturday, July 5, 2025 2:00:00 PM
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 118418632
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2F-FA-BD-FB-02-8E-69-82-82-5D
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 10.10.53.112 --- 0x5
Internet Address Physical Address Type
10.10.0.1 02-c8-85-b5-5a-aa dynamic
10.10.13.132 02-1a-eb-8b-8c-61 dynamic
10.10.255.255 ff-ff-ff-ff-ff-ff static
169.254.169.123 02-c8-85-b5-5a-aa dynamic
169.254.169.250 02-c8-85-b5-5a-aa dynamic
169.254.169.254 02-c8-85-b5-5a-aa dynamic
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRNPS C:\Windows\system32> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 936
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 536
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 560
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 652
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1236
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1544
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2268
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 2580
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2408
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 796
TCP 0.0.0.0:49677 0.0.0.0:0 LISTENING 820
TCP 0.0.0.0:61777 0.0.0.0:0 LISTENING 4348
TCP 10.10.53.112:139 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 936
TCP [::]:135 [::]:0 LISTENING 536
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3389 [::]:0 LISTENING 560
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 652
TCP [::]:49665 [::]:0 LISTENING 1236
TCP [::]:49666 [::]:0 LISTENING 1544
TCP [::]:49667 [::]:0 LISTENING 2268
TCP [::]:49668 [::]:0 LISTENING 2580
TCP [::]:49669 [::]:0 LISTENING 2408
TCP [::]:49670 [::]:0 LISTENING 796
TCP [::]:49677 [::]:0 LISTENING 820
TCP [::]:61777 [::]:0 LISTENING 4348Users & Groups
PS C:\Windows\system32> net users ; net user /DOMAIN ; ls C:\Users
User accounts for \\CYBERLENS
-------------------------------------------------------------------------------
Administrator CyberLens DefaultAccount
Guest WDAGUtilityAccount
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/17/2021 3:13 PM Administrator
d----- 11/25/2023 7:31 AM CyberLens
d-r--- 12/12/2018 7:45 AM Public PS C:\Windows\system32> net localgroup ; net group /DOMAIN
Aliases for \\CYBERLENS
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Storage Replica Administrators
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.Processes
PS C:\Windows\system32> Get-WmiObject Win32_Process | % { $s = (Get-CimInstance Win32_Service | ? { $_.ProcessId -eq $_.ProcessId }).Name -join ", "; $u = $_.GetOwner(); [PSCustomObject]@{ Name = $_.Name; PID = $_.ProcessId; User = "$($u.Domain)$($u.User)"} } | ft -AutoSize
Name PID User
---- --- ----
System Idle Process 0
System 4
Registry 88
smss.exe 412
csrss.exe 572
wininit.exe 652
csrss.exe 660
winlogon.exe 724
services.exe 796
lsass.exe 820
svchost.exe 924
svchost.exe 944
fontdrvhost.exe 980
fontdrvhost.exe 972
svchost.exe 536
svchost.exe 576
svchost.exe 560
svchost.exe 1064
dwm.exe 1196
svchost.exe 1220
svchost.exe 1228
svchost.exe 1236
svchost.exe 1296
svchost.exe 1304
svchost.exe 1320
svchost.exe 1340
svchost.exe 1432
svchost.exe 1476
svchost.exe 1516
svchost.exe 1524
svchost.exe 1536
svchost.exe 1544
svchost.exe 1600
svchost.exe 1692
svchost.exe 1700
svchost.exe 1780
svchost.exe 1832
svchost.exe 1864
svchost.exe 2064
svchost.exe 2096
svchost.exe 2116
svchost.exe 2220
svchost.exe 2268
svchost.exe 2360
svchost.exe 2400
svchost.exe 2408
spoolsv.exe 2580
svchost.exe 2604
svchost.exe 2612
svchost.exe 2648
svchost.exe 2696
svchost.exe 2720
svchost.exe 2740
svchost.exe 2768
LiteAgent.exe 2884
svchost.exe 2896
svchost.exe 2992
svchost.exe 3848
svchost.exe 3940 CYBERLENSCyberLens
svchost.exe 3960 CYBERLENSCyberLens
sihost.exe 3976 CYBERLENSCyberLens
taskhostw.exe 4000 CYBERLENSCyberLens
svchost.exe 3272
svchost.exe 1168
ctfmon.exe 3560 CYBERLENSCyberLens
svchost.exe 3368
explorer.exe 4192 CYBERLENSCyberLens
ShellExperienceHost.exe 4456 CYBERLENSCyberLens
SearchUI.exe 4532 CYBERLENSCyberLens
RuntimeBroker.exe 4620 CYBERLENSCyberLens
RuntimeBroker.exe 4656 CYBERLENSCyberLens
RuntimeBroker.exe 4256 CYBERLENSCyberLens
java.exe 4348 CYBERLENSCyberLens
conhost.exe 1060 CYBERLENSCyberLens
httpd.exe 936 CYBERLENSCyberLens
conhost.exe 1000 CYBERLENSCyberLens
httpd.exe 5388 CYBERLENSCyberLens
amazon-ssm-agent.exe 5944
ssm-agent-worker.exe 6032
conhost.exe 6040
svchost.exe 2764
msdtc.exe 4552
svchost.exe 720
svchost.exe 1136
svchost.exe 4740
svchost.exe 5728
svchost.exe 3212
svchost.exe 5176
svchost.exe 4556
taskhostw.exe 5356 CYBERLENSCyberLens
conhost.exe 4284 CYBERLENSCyberLens
cmd.exe 5284 CYBERLENSCyberLens
powershell.exe 5232 CYBERLENSCyberLens
WmiPrvSE.exe 4036 LiteAgent.exe 2884java.exe 4348 CYBERLENSCyberLenshttpd.exe 936 CYBERLENSCyberLensamazon-ssm-agent.exe 5944ssm-agent-worker.exe 6032
Tasks
PS C:\Windows\system32> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
PS C:\Windows\system32> cmd /c schtasks /QUERY /FO TABLE
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
Folder: \Microsoft\Windows\.NET Framework
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Ready
.NET Framework NGEN v4.0.30319 64 N/A Ready
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
Folder: \Microsoft\Windows\Active Directory Rights Management Services Client
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
Folder: \Microsoft\Windows\AppID
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
Folder: \Microsoft\Windows\Application Experience
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 7/6/2025 4:08:10 AM Ready
ProgramDataUpdater N/A Ready
StartupAppTask N/A Ready
Folder: \Microsoft\Windows\ApplicationData
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
Folder: \Microsoft\Windows\AppxDeploymentClient
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
Folder: \Microsoft\Windows\Autochk
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
Folder: \Microsoft\Windows\BitLocker
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\Bluetooth
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
Folder: \Microsoft\Windows\BrokerInfrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
Folder: \Microsoft\Windows\CertificateServicesClient
TaskName Next Run Time Status
======================================== ====================== ===============
UserTask N/A Ready
UserTask-Roam N/A Ready
Folder: \Microsoft\Windows\Chkdsk
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
Folder: \Microsoft\Windows\CloudExperienceHost
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
Folder: \Microsoft\Windows\Customer Experience Improvement Program
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 7/5/2025 6:00:00 PM Ready
UsbCeip N/A Ready
Folder: \Microsoft\Windows\Data Integrity Scan
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 7/31/2025 9:03:30 AM Ready
Data Integrity Scan for Crash Recovery N/A Ready
Folder: \Microsoft\Windows\Defrag
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
Folder: \Microsoft\Windows\Device Information
TaskName Next Run Time Status
======================================== ====================== ===============
Device 7/6/2025 3:28:44 AM Ready
Folder: \Microsoft\Windows\Diagnosis
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
Folder: \Microsoft\Windows\DirectX
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
Folder: \Microsoft\Windows\DiskCleanup
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
Folder: \Microsoft\Windows\DiskDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Disabled
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
Folder: \Microsoft\Windows\DiskFootprint
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
Folder: \Microsoft\Windows\EDP
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
EDP Inaccessible Credentials Task N/A Ready
StorageCardEncryption Task N/A Ready
Folder: \Microsoft\Windows\ExploitGuard
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
Folder: \Microsoft\Windows\File Classification Infrastructure
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
Folder: \Microsoft\Windows\Flighting
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\Flighting\FeatureConfig
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
Folder: \Microsoft\Windows\Flighting\OneSettings
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 7/6/2025 1:36:38 AM Ready
Folder: \Microsoft\Windows\InstallService
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
Folder: \Microsoft\Windows\LanguageComponentsInstaller
TaskName Next Run Time Status
======================================== ====================== ===============
Installation N/A Ready
Folder: \Microsoft\Windows\Location
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
Folder: \Microsoft\Windows\Maintenance
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
Folder: \Microsoft\Windows\Maps
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
Folder: \Microsoft\Windows\MemoryDiagnostic
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
Folder: \Microsoft\Windows\Mobile Broadband Accounts
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
Folder: \Microsoft\Windows\MUI
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
Folder: \Microsoft\Windows\Multimedia
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
Folder: \Microsoft\Windows\NetTrace
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
Folder: \Microsoft\Windows\Offline Files
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
Folder: \Microsoft\Windows\PLA
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
Folder: \Microsoft\Windows\Plug and Play
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
Folder: \Microsoft\Windows\Power Efficiency Diagnostics
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Ready
Folder: \Microsoft\Windows\RecoveryEnvironment
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Disabled
Folder: \Microsoft\Windows\Registry
TaskName Next Run Time Status
======================================== ====================== ===============
RegIdleBackup N/A Ready
Folder: \Microsoft\Windows\Server Manager
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
Folder: \Microsoft\Windows\Servicing
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Ready
Folder: \Microsoft\Windows\SharedPC
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
Folder: \Microsoft\Windows\Shell
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
Folder: \Microsoft\Windows\Software Inventory Logging
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
Folder: \Microsoft\Windows\SoftwareProtectionPlatform
TaskName Next Run Time Status
======================================== ====================== ===============
SvcRestartTaskLogon N/A Disabled
Folder: \Microsoft\Windows\SpacePort
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
Folder: \Microsoft\Windows\Speech
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
Folder: \Microsoft\Windows\Storage Tiers Management
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
Folder: \Microsoft\Windows\Task Manager
TaskName Next Run Time Status
======================================== ====================== ===============
Interactive N/A Ready
Folder: \Microsoft\Windows\termsrv
TaskName Next Run Time Status
======================================== ====================== ===============
INFO: There are no scheduled tasks presently available at your access level.
Folder: \Microsoft\Windows\termsrv\RemoteFX
TaskName Next Run Time Status
======================================== ====================== ===============
RemoteFXvGPUDisableTask N/A Ready
RemoteFXWarningTask 8/1/2025 1:00:00 PM Ready
Folder: \Microsoft\Windows\TextServicesFramework
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
Folder: \Microsoft\Windows\Time Synchronization
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
Folder: \Microsoft\Windows\Time Zone
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
Folder: \Microsoft\Windows\UPnP
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
Folder: \Microsoft\Windows\WDI
TaskName Next Run Time Status
======================================== ====================== ===============
ResolutionHost N/A Running
Folder: \Microsoft\Windows\Windows Error Reporting
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 7/5/2025 1:32:35 PM Ready
Folder: \Microsoft\Windows\Windows Filtering Platform
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
Folder: \Microsoft\Windows\Windows Media Sharing
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
Folder: \Microsoft\Windows\WindowsColorSystem
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
Folder: \Microsoft\Windows\WindowsUpdate
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 7/6/2025 10:58:38 AM Ready
Folder: \Microsoft\Windows\Wininet
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Running
Folder: \Microsoft\Windows\Workplace Join
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Recovery-Check N/A Disabled Services
PS C:\Windows\system32> wmic service where "State='Running'" get Name,PathName,StartName | Out-String -Stream | Where-Object { $_ -match 'S' -and $_ -notmatch 'C:\Windows\System32' } | Select-Object
Name PathName StartName
AmazonSSMAgent "C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe" LocalSystem
AWSLiteAgent "C:\Program Files\Amazon\XenTools\LiteAgent.exe" LocalSystem
BFE C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT AUTHORITY\LocalService
BrokerInfrastructure C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
CDPSvc C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
CertPropSvc C:\Windows\system32\svchost.exe -k netsvcs LocalSystem
CoreMessagingRegistrar C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
CryptSvc C:\Windows\system32\svchost.exe -k NetworkService -p NT Authority\NetworkService
DcomLaunch C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
Dhcp C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
Dnscache C:\Windows\system32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
DPS C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p NT AUTHORITY\LocalService
DsmSvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
DsSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
EventLog C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
EventSystem C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
FontCache C:\Windows\system32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
gpsvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
IKEEXT C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
iphlpsvc C:\Windows\System32\svchost.exe -k NetSvcs -p LocalSystem
KeyIso C:\Windows\system32\lsass.exe LocalSystem
LanmanServer C:\Windows\System32\svchost.exe -k smbsvcs LocalSystem
LanmanWorkstation C:\Windows\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
LicenseManager C:\Windows\System32\svchost.exe -k LocalService -p NT Authority\LocalService
lmhosts C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
LSM
mpssvc C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p NT Authority\LocalService
MSDTC C:\Windows\System32\msdtc.exe NT AUTHORITY\NetworkService
NcbService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
netprofm C:\Windows\System32\svchost.exe -k LocalService -p NT AUTHORITY\LocalService
NlaSvc C:\Windows\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
nsi C:\Windows\system32\svchost.exe -k LocalService -p NT Authority\LocalService
PlugPlay C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
PolicyAgent C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p NT Authority\NetworkService
Power C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
ProfSvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
RpcEptMapper C:\Windows\system32\svchost.exe -k RPCSS -p NT AUTHORITY\NetworkService
RpcSs C:\Windows\system32\svchost.exe -k rpcss -p NT AUTHORITY\NetworkService
SamSs C:\Windows\system32\lsass.exe LocalSystem
Schedule C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
SENS C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
SessionEnv C:\Windows\System32\svchost.exe -k netsvcs -p localSystem
ShellHWDetection C:\Windows\System32\svchost.exe -k netsvcs -p LocalSystem
Spooler C:\Windows\System32\spoolsv.exe LocalSystem
StateRepository C:\Windows\system32\svchost.exe -k appmodel -p LocalSystem
StorSvc C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SysMain C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
SystemEventsBroker C:\Windows\system32\svchost.exe -k DcomLaunch -p LocalSystem
TabletInputService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
TermService C:\Windows\System32\svchost.exe -k termsvcs NT Authority\NetworkService
Themes C:\Windows\System32\svchost.exe -k netsvcs -p LocalSystem
TimeBrokerSvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
TokenBroker C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
TrkWks C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
UALSVC C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
UmRdpService C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p localSystem
UserManager C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
UsoSvc C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
W32Time C:\Windows\system32\svchost.exe -k LocalService NT AUTHORITY\LocalService
Wcmsvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT Authority\LocalService
WdiSystemHost C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p LocalSystem
WinHttpAutoProxySvc C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p NT AUTHORITY\LocalService
Winmgmt C:\Windows\system32\svchost.exe -k netsvcs -p localSystem
WinRM C:\Windows\System32\svchost.exe -k NetworkService -p NT AUTHORITY\NetworkService
WpnService C:\Windows\system32\svchost.exe -k netsvcs -p LocalSystem
CDPUserSvc_26579 C:\Windows\system32\svchost.exe -k UnistackSvcGroup
WpnUserService_26579 C:\Windows\system32\svchost.exe -k UnistackSvcGroup AmazonSSMAgent "C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe" LocalSystemAWSLiteAgent "C:\Program Files\Amazon\XenTools\LiteAgent.exe" LocalSystem
Installed Programs
PS C:\Windows\system32> Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKLM:\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\*", "HKCU:\Software\Microsoft\Windows\CurrentVersion\Uninstall\*" -ErrorAction SilentlyContinue | Select-Object -ExpandProperty DisplayName -ErrorAction SilentlyContinue | Where-Object { $_ } | Sort-Object -Unique ; ls "C:\Program Files" ; ls "C:\Program Files (x86)"
Amazon SSM Agent
AWS PV Drivers
AWS Tools for Windows
aws-cfn-bootstrap
Eclipse Temurin JDK with Hotspot 17.0.7+7 (x64)
Microsoft Visual C++ 2015-2019 Redistributable (x64) - 14.28.29910
Microsoft Visual C++ 2019 X64 Additional Runtime - 14.28.29910
Microsoft Visual C++ 2019 X64 Minimum Runtime - 14.28.29910
Directory: C:\Program Files
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/11/2021 7:28 AM Amazon
d----- 9/15/2018 7:28 AM Common Files
d----- 6/6/2023 7:30 PM Eclipse Adoptium
d----- 9/9/2020 4:37 AM internet explorer
d-r--- 1/13/2021 9:21 PM Windows Defender
d----- 3/11/2021 9:20 AM Windows Defender Advanced Threat Protection
d----- 9/15/2018 7:19 AM Windows Mail
d----- 1/13/2021 9:21 PM Windows Media Player
d----- 9/15/2018 7:19 AM Windows Multimedia Platform
d----- 9/15/2018 7:28 AM windows nt
d----- 1/13/2021 9:21 PM Windows Photo Viewer
d----- 9/15/2018 7:19 AM Windows Portable Devices
d----- 9/15/2018 7:19 AM Windows Security
d----- 9/15/2018 7:19 AM WindowsPowerShell
Directory: C:\Program Files (x86)
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 3/11/2021 7:29 AM AWS SDK for .NET
d----- 3/11/2021 7:29 AM AWS Tools
d----- 9/15/2018 7:28 AM Common Files
d----- 3/18/2020 6:47 AM Internet Explorer
d----- 9/15/2018 7:19 AM Microsoft.NET
d----- 1/13/2021 9:21 PM Windows Defender
d----- 9/15/2018 7:19 AM Windows Mail
d----- 1/13/2021 9:21 PM Windows Media Player
d----- 9/15/2018 7:19 AM Windows Multimedia Platform
d----- 9/15/2018 7:28 AM windows nt
d----- 1/13/2021 9:21 PM Windows Photo Viewer
d----- 9/15/2018 7:19 AM Windows Portable Devices
d----- 9/15/2018 7:19 AM WindowsPowerShell Amazon SSM AgentAWS PV DriversAWS Tools for Windowsaws-cfn-bootstrapEclipse Temurin JDK with Hotspot 17.0.7+7 (x64)
Firewall & AV
PS C:\Windows\system32> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Disable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .PS C:\Windows\system32> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 0.0.0.0
AMProductVersion : 4.18.23050.3
AMRunningMode : Not running
AMServiceEnabled : False
AMServiceVersion : 0.0.0.0
AntispywareEnabled : False
AntispywareSignatureAge : 4294967295
AntispywareSignatureLastUpdated :
AntispywareSignatureVersion : 0.0.0.0
AntivirusEnabled : False
AntivirusSignatureAge : 4294967295
AntivirusSignatureLastUpdated :
AntivirusSignatureVersion : 0.0.0.0
BehaviorMonitorEnabled : False
ComputerID : 3DBFE4F2-4B29-4FF5-531E-E6C7CDAE6B2E
ComputerState : 0
DefenderSignaturesOutOfDate : False
DeviceControlDefaultEnforcement : N/A
DeviceControlPoliciesLastUpdated : 1/1/1601 12:00:00 AM
DeviceControlState : N/A
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 0
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 1
QuickScanAge : 4294967295
QuickScanEndTime :
QuickScanOverdue : False
QuickScanSignatureVersion :
QuickScanStartTime :
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
RebootRequired : False
SmartAppControlExpiration :
SmartAppControlState :
TamperProtectionSource : N/A
TDTMode : N/A
TDTSiloType : N/A
TDTStatus : N/A
TDTTelemetry : N/A
TroubleShootingDailyMaxQuota :
TroubleShootingDailyQuotaLeft :
TroubleShootingEndTime :
TroubleShootingExpirationLeft :
TroubleShootingMode :
TroubleShootingModeSource :
TroubleShootingQuotaResetTime :
TroubleShootingStartTime :
PSComputerName :
ExclusionPath : {N/A: Must be an administrator to view exclusions}Session Architecture
PS C:\Windows\system32> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Windows\system32> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is A8A4-C362
Directory of C:\Windows\Microsoft.NET\Framework
09/15/2018 07:19 AM <DIR> .
09/15/2018 07:19 AM <DIR> ..
09/15/2018 07:19 AM <DIR> v1.0.3705
09/15/2018 07:19 AM <DIR> v1.1.4322
09/15/2018 07:19 AM <DIR> v2.0.50727
07/05/2025 11:09 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 14,897,618,944 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.03761