System/Kernel
*Evil-WinRM* PS C:\Users\Jareth\Documents> cmd /c ver
Microsoft Windows [Version 10.0.17763.1457]
*Evil-WinRM* PS C:\Users\Jareth\Documents> systeminfo ; Get-ComputerInfo
systeminfo.exe : ERROR: Access denied
+ CategoryInfo : NotSpecified: (ERROR: Access denied:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerStandard
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 9/17/2020 6:35:48 PM
WindowsProductId : 00429-70000-00000-AA450
WindowsProductName : Windows Server 2019 Standard
WindowsRegisteredOwner : Windows User
WindowsSystemRoot : C:\Windows
WindowsVersion : 1809
OsServerLevel : FullServer
TimeZone : (UTC+00:00) Dublin, Edinburgh, Lisbon, London
PowerPlatformRole : Desktop
DeviceGuardSmartStatus : OffMicrosoft Windows [Version 10.0.17763.1457]
Windows Server 2019 Standard
Networks
*Evil-WinRM* PS C:\Users\Jareth\Documents> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : year-of-the-owl
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : eu-west-1.ec2-utilities.amazonaws.com
eu-west-1.compute.internal
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : eu-west-1.compute.internal
Description . . . . . . . . . . . : AWS PV Network Device #0
Physical Address. . . . . . . . . : 02-BC-6A-23-71-5B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5870:aed1:8570:73ba%7(Preferred)
IPv4 Address. . . . . . . . . . . : 10.10.163.21(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Lease Obtained. . . . . . . . . . : 09 September 2024 18:03:39
Lease Expires . . . . . . . . . . : 09 September 2024 19:33:39
Default Gateway . . . . . . . . . : 10.10.0.1
DHCP Server . . . . . . . . . . . : 10.10.0.1
DHCPv6 IAID . . . . . . . . . . . : 117897532
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-26-F5-62-ED-00-0C-29-02-45-89
DNS Servers . . . . . . . . . . . : 10.0.0.2
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 10.10.163.21 --- 0x7
Internet Address Physical Address Type
10.10.0.1 02-c8-85-b5-5a-aa dynamic
10.10.255.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static
Unable to initialize device PRN*Evil-WinRM* PS C:\Users\Jareth\Documents> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 1200
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 988
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 1200
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 1652
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 800
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 656
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1032
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1848
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 856
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 792
TCP 0.0.0.0:49675 0.0.0.0:0 LISTENING 772
TCP 10.10.163.21:139 0.0.0.0:0 LISTENING 4
TCP [::]:80 [::]:0 LISTENING 1200
TCP [::]:135 [::]:0 LISTENING 988
TCP [::]:443 [::]:0 LISTENING 1200
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:3306 [::]:0 LISTENING 1652
TCP [::]:3389 [::]:0 LISTENING 800
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 656
TCP [::]:49665 [::]:0 LISTENING 1032
TCP [::]:49666 [::]:0 LISTENING 1848
TCP [::]:49667 [::]:0 LISTENING 856
TCP [::]:49668 [::]:0 LISTENING 792
TCP [::]:49675 [::]:0 LISTENING 772Users & Groups
*Evil-WinRM* PS C:\Users\Jareth\Documents> net user ; ls C:\Users
User accounts for \\
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
Jareth WDAGUtilityAccount
The command completed with one or more errors.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 9/17/2020 7:39 PM Administrator
d----- 9/18/2020 2:14 AM Jareth
d-r--- 9/17/2020 7:39 PM Public*Evil-WinRM* PS C:\Users\Jareth\Documents> net localgroup ; net groups /DOMAIN
Aliases for \\YEAR-OF-THE-OWL
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Certificate Service DCOM Access
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Print Operators
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Storage Replica Administrators
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain WORKGROUP.
net.exe : System error 1355 has occurred.
+ CategoryInfo : NotSpecified: (System error 1355 has occurred.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
The specified domain either does not exist or could not be contacted.Process
*Evil-WinRM* PS C:\Users\Jareth\Documents> cmd /c tasklist /svc ; ps
cmd.exe : ERROR: Access denied
+ CategoryInfo : NotSpecified: (ERROR: Access denied:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
136 9 14124 14664 2044 0 amazon-ssm-agent
0 0 80 36 3684 0 cmd
794 26 29292 24248 3736 0 CompatTelRunner
97 5 896 4040 4168 0 CompatTelRunner
150 9 6596 1712 1868 0 conhost
142 9 6636 12172 2652 0 conhost
151 9 6624 13072 3944 0 conhost
150 9 6604 13044 4140 0 conhost
151 9 6620 13080 4856 0 conhost
358 15 2212 5160 564 0 csrss
160 9 1620 4660 636 1 csrss
540 22 16448 38472 512 1 dwm
49 6 1656 4772 912 1 fontdrvhost
49 6 1504 4408 920 0 fontdrvhost
197 29 9760 19808 1200 0 httpd
492 49 15256 22388 2976 0 httpd
0 0 56 8 0 0 Idle
91 7 1152 4976 1344 0 LiteAgent
469 25 10344 43236 3672 1 LogonUI
954 22 5000 14792 792 0 lsass
126 7 1820 1500 1928 0 MpCmdRun
229 24 28848 31228 108 0 mscorsvw
221 13 2908 10152 3784 0 msdtc
679 74 230784 262916 1984 0 MsMpEng
147 15 210708 43088 1652 0 mysqld
191 10 5000 8668 1968 0 ngen
127 9 4128 6224 4884 0 ngen
244 15 9884 12728 1104 0 ngentask
249 16 7356 17524 4164 0 ngentask
190 25 3300 9260 4080 0 NisSrv
0 24 1364 92692 68 0 Registry
328 10 3440 7680 772 0 services
53 3 480 1208 408 0 smss
229 15 3356 9560 2004 0 snmp
462 22 5600 16440 1848 0 spoolsv
446 26 8808 16940 380 0 svchost
227 15 4164 13456 696 0 svchost
574 20 4524 14448 800 0 svchost
1625 62 37048 61184 856 0 svchost
591 17 4516 14060 892 0 svchost
534 17 3476 9852 988 0 svchost
541 17 12008 17692 1032 0 svchost
500 26 6544 17356 1188 0 svchost
328 15 11492 12448 1232 0 svchost
769 594 27588 42660 1320 0 svchost
310 11 1968 8612 1364 0 svchost
388 31 7740 16440 1532 0 svchost
157 8 1352 6300 1728 0 svchost
421 20 14124 27828 1876 0 svchost
216 12 1720 7500 1956 0 svchost
198 10 2016 8036 2064 0 svchost
145 8 1464 7052 2092 0 svchost
161 10 2056 7432 2284 0 svchost
186 11 3384 11296 5068 0 svchost
1414 0 192 156 4 0 System
286 20 7824 21036 3544 0 taskhostw
3743 55 198388 195244 4552 0 TiWorker
137 8 1916 7068 5048 0 TrustedInstaller
171 11 1340 6748 656 0 wininit
249 12 2628 15528 700 1 winlogon
173 10 2172 8284 1360 0 WmiPrvSE
1360 50 78164 108592 30.19 2384 0 wsmprovhostmysqld
ngen
Tasks
*Evil-WinRM* PS C:\Users\Jareth\Documents> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft ...
+ ~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_ScheduledTask:String) [Get-ScheduledTask], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-ScheduledTask*Evil-WinRM* PS C:\Users\Jareth\Documents> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
Folder: \
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
Server Initial Configuration Task N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
.NET Framework NGEN v4.0.30319 N/A Running
.NET Framework NGEN v4.0.30319 64 N/A Running
.NET Framework NGEN v4.0.30319 64 Critic N/A Disabled
.NET Framework NGEN v4.0.30319 Critical N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
AD RMS Rights Policy Template Management N/A Disabled
AD RMS Rights Policy Template Management N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
PolicyConverter N/A Disabled
VerifiedPublisherCertStoreCheck N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft Compatibility Appraiser 10/09/2024 04:43:59 Ready
ProgramDataUpdater N/A Running
StartupAppTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
appuriverifierdaily N/A Ready
appuriverifierinstall N/A Ready
CleanupTemporaryState N/A Ready
DsSvcCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Pre-staged app cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Proxy N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BitLocker Encrypt All Drives N/A Ready
BitLocker MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UninstallDeviceTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
BgTaskRegistrationMaintenanceTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ProactiveScan N/A Ready
SyspartRepair N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Consolidator 10/09/2024 00:00:00 Ready
UsbCeip N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Data Integrity Scan 22/09/2024 08:36:58 Ready
Data Integrity Scan for Crash Recovery N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScheduledDefrag N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Device 10/09/2024 03:03:38 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
DXGIAdapterCache N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SilentCleanup N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Microsoft-Windows-DiskDiagnosticDataColl N/A Ready
Microsoft-Windows-DiskDiagnosticResolver N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Diagnostics N/A Ready
StorageSense N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
EDP App Launch Task N/A Ready
EDP Auth Task N/A Ready
StorageCardEncryption Task N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ExploitGuard MDM policy Refresh N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Property Definition Sync N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
ReconcileFeatures N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
RefreshCache 10/09/2024 06:51:08 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ScanForUpdates N/A Disabled
ScanForUpdatesAsUser N/A Disabled
WakeUpAndContinueUpdates N/A Disabled
WakeUpAndScanForUpdates N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Notifications N/A Ready
WindowsActionDialog N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
WinSAT N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MapsToastTask N/A Disabled
MapsUpdateTask N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
ProcessMemoryDiagnosticEvents N/A Disabled
RunFullMemoryDiagnostic N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
MNO Metadata Parser N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
LPRemove N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SystemSoundsService N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
GatherNetworkInfo N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Background Synchronization N/A Disabled
Logon Synchronization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Server Manager Performance Monitor N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Device Install Group Policy N/A Ready
Device Install Reboot Required N/A Ready
Sysprep Generalize Drivers N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
AnalyzeSystem N/A Queued
TaskName Next Run Time Status
======================================== ====================== ===============
VerifyWinRE N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CleanupOldPerfLogs N/A Ready
ServerManager N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
StartComponentCleanup N/A Running
TaskName Next Run Time Status
======================================== ====================== ===============
Account Cleanup N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
CreateObjectTask N/A Ready
IndexerAutomaticMaintenance N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Collection N/A Disabled
Configuration N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SpaceAgentTask N/A Ready
SpaceManagerTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
HeadsetButtonPress N/A Ready
SpeechModelDownloadTask 10/09/2024 03:45:55 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Storage Tiers Management Initialization N/A Ready
Storage Tiers Optimization N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
TaskName Next Run Time Status
======================================== ====================== ===============
RemoteFXvGPUDisableTask N/A Ready
RemoteFXWarningTask 05/10/2024 13:00:00 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
MsCtfMonitor N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
ForceSynchronizeTime N/A Ready
SynchronizeTime N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
SynchronizeTimeZone N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UPnPHostConfig N/A Disabled
TaskName Next Run Time Status
======================================== ====================== ===============
Windows Defender Cache Maintenance N/A Running
Windows Defender Cleanup N/A Ready
Windows Defender Scheduled Scan 10/09/2024 03:47:49 Ready
Windows Defender Verification N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
QueueReporting 09/09/2024 19:15:00 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
BfeOnServiceStartTypeChange N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
UpdateLibrary N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Calibration Loader N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Scheduled Start 10/09/2024 18:01:54 Ready
TaskName Next Run Time Status
======================================== ====================== ===============
CacheTask N/A Ready
TaskName Next Run Time Status
======================================== ====================== ===============
Automatic-Device-Join N/A Disabled
Recovery-Check N/A DisabledFirewall & AV
*Evil-WinRM* PS C:\Users\Jareth\Documents> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
3389 TCP Enable Inbound RDP
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable Yes Network Discovery
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
3389 TCP Enable Inbound RDP
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .*Evil-WinRM* PS C:\Users\Jareth\Documents> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpComputerStatus:String) [Get-MpComputerStatus], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpComputerStatus
Cannot connect to CIM server. Access denied
At line:1 char:24
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpPreference:String) [Get-MpPreference], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpPreferenceSession Architecture
*Evil-WinRM* PS C:\Users\Jareth\Documents> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
*Evil-WinRM* PS C:\Users\Jareth\Documents> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 7C0C-3814
Directory of C:\Windows\Microsoft.NET\Framework
15/09/2018 08:19 <DIR> .
15/09/2018 08:19 <DIR> ..
15/09/2018 08:19 <DIR> v1.0.3705
15/09/2018 08:19 <DIR> v1.1.4322
15/09/2018 08:19 <DIR> v2.0.50727
09/09/2024 18:13 <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 4,131,610,624 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x70bf6
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.7.03190
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.7.03190