System/Kernel
*Evil-WinRM* PS C:\Users\M.harris\Documents> cmd /c ver
Microsoft Windows [Version 10.0.17763.6189]
*Evil-WinRM* PS C:\Users\M.harris\Documents> Get-ComputerInfo
WindowsBuildLabEx : 17763.1.amd64fre.rs5_release.180914-1434
WindowsCurrentVersion : 6.3
WindowsEditionId : ServerStandard
WindowsInstallationType : Server
WindowsInstallDateFromRegistry : 12/4/2023 5:22:00 PM
WindowsProductId : 00429-00521-62775-AA556
WindowsProductName : Windows Server 2019 Standard
WindowsRegisteredOrganization :
WindowsRegisteredOwner : Windows User
WindowsSystemRoot : C:\Windows
WindowsVersion : 1809Microsoft Windows [Version 10.0.17763.6189]
Windows Server 2019 Standard
Networks
*Evil-WinRM* PS C:\Users\M.harris\Documents> ipconfig /all ; arp -a ; print route
Windows IP Configuration
Host Name . . . . . . . . . . . . : dc01
Primary Dns Suffix . . . . . . . : infiltrator.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : infiltrator.htb
Ethernet adapter Ethernet0 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : vmxnet3 Ethernet Adapter
Physical Address. . . . . . . . . : 00-50-56-94-9C-8C
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 10.10.11.31(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.254.0
Default Gateway . . . . . . . . . : 10.10.10.2
DNS Servers . . . . . . . . . . . : 127.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 10.10.11.31 --- 0x2
Internet Address Physical Address Type
10.10.10.2 00-50-56-b9-1b-d3 dynamic
10.10.11.24 00-50-56-94-40-95 dynamic
10.10.11.30 00-50-56-94-fd-1f dynamic
10.10.11.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
Unable to initialize device PRN*Evil-WinRM* PS C:\Users\M.harris\Documents> netstat -ano | Select-String LIST
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:88 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 892
TCP 0.0.0.0:389 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:464 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:593 0.0.0.0:0 LISTENING 892
TCP 0.0.0.0:636 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:3268 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:3269 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1012
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:9389 0.0.0.0:0 LISTENING 2104
TCP 0.0.0.0:14118 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14119 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14121 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14122 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14123 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:14125 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:14126 0.0.0.0:0 LISTENING 3476
TCP 0.0.0.0:14127 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14128 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14130 0.0.0.0:0 LISTENING 2360
TCP 0.0.0.0:14406 0.0.0.0:0 LISTENING 6668
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 468
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1288
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1532
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 2336
TCP 0.0.0.0:49690 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49691 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49692 0.0.0.0:0 LISTENING 628
TCP 0.0.0.0:49697 0.0.0.0:0 LISTENING 608
TCP 0.0.0.0:49721 0.0.0.0:0 LISTENING 2632
TCP 0.0.0.0:49740 0.0.0.0:0 LISTENING 3020
TCP 0.0.0.0:49861 0.0.0.0:0 LISTENING 2640
TCP 10.10.11.31:53 0.0.0.0:0 LISTENING 2632
TCP 10.10.11.31:139 0.0.0.0:0 LISTENING 4
TCP 10.10.11.31:15220 0.0.0.0:0 LISTENING 1600
TCP 10.10.11.31:15230 0.0.0.0:0 LISTENING 1048
TCP 127.0.0.1:53 0.0.0.0:0 LISTENING 2632
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:88 [::]:0 LISTENING 628
TCP [::]:135 [::]:0 LISTENING 892
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:464 [::]:0 LISTENING 628
TCP [::]:593 [::]:0 LISTENING 892
TCP [::]:3389 [::]:0 LISTENING 1012
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:9389 [::]:0 LISTENING 2104
TCP [::]:14118 [::]:0 LISTENING 2360
TCP [::]:14122 [::]:0 LISTENING 2360
TCP [::]:14123 [::]:0 LISTENING 4
TCP [::]:14125 [::]:0 LISTENING 4
TCP [::]:14126 [::]:0 LISTENING 3476
TCP [::]:14127 [::]:0 LISTENING 2360
TCP [::]:14128 [::]:0 LISTENING 2360
TCP [::]:14130 [::]:0 LISTENING 2360
TCP [::]:14406 [::]:0 LISTENING 6668
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 468
TCP [::]:49665 [::]:0 LISTENING 1288
TCP [::]:49666 [::]:0 LISTENING 1532
TCP [::]:49667 [::]:0 LISTENING 628
TCP [::]:49670 [::]:0 LISTENING 2336
TCP [::]:49690 [::]:0 LISTENING 628
TCP [::]:49691 [::]:0 LISTENING 628
TCP [::]:49692 [::]:0 LISTENING 628
TCP [::]:49697 [::]:0 LISTENING 608
TCP [::]:49721 [::]:0 LISTENING 2632
TCP [::]:49740 [::]:0 LISTENING 3020
TCP [::]:49861 [::]:0 LISTENING 2640
TCP [::1]:53 [::]:0 LISTENING 26320.0.0.0:14123
0.0.0.0:14125
10.10.11.31:15220
10.10.11.31:15230
Users & Groups
*Evil-WinRM* PS C:\Users\M.harris\Documents> net users ; ls C:\Users
User accounts for \\
-------------------------------------------------------------------------------
A.walker Administrator D.anderson
E.rodriguez Guest K.turner
krbtgt L.clark lan_managment
M.harris O.martinez winrm_svc
The command completed with one or more errors.
Directory: C:\Users
Mode LastWriteTime Length Name
---- ------------- ------ ----
d----- 2/20/2024 3:06 AM Administrator
d----- 8/2/2024 4:51 PM M.harris
d----- 2/19/2024 5:45 PM O.martinez
d-r--- 12/4/2023 9:22 AM Public
d----- 2/25/2024 7:25 AM winrm_svcO.martinez
winrm_svc
*Evil-WinRM* PS C:\Users\M.harris\Documents> net localgroup ; net group /DOMAIN
Aliases for \\DC01
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Account Operators
*Administrators
*Allowed RODC Password Replication Group
*Backup Operators
*Cert Publishers
*Certificate Service DCOM Access
*Cryptographic Operators
*Denied RODC Password Replication Group
*Distributed COM Users
*DnsAdmins
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Incoming Forest Trust Builders
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Pre-Windows 2000 Compatible Access
*Print Operators
*RAS and IAS Servers
*RDS Endpoint Servers
*RDS Management Servers
*RDS Remote Access Servers
*Remote Desktop Users
*Remote Management Users
*Replicator
*Server Operators
*Storage Replica Administrators
*Terminal Server License Servers
*Users
*Windows Authorization Access Group
The command completed successfully.
Group Accounts for \\
-------------------------------------------------------------------------------
*Chiefs Marketing
*Cloneable Domain Controllers
*Developers
*Digital_Influencers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*Infiltrator_QA
*Key Admins
*Marketing_Team
*Protected Users
*Read-only Domain Controllers
*Schema Admins
*Service_Management
The command completed with one or more errors.Processes
*Evil-WinRM* PS C:\Users\M.harris\Documents> ps
Handles NPM(K) PM(K) WS(K) CPU(s) Id SI ProcessName
------- ------ ----- ----- ------ -- -- -----------
407 32 12680 21328 3020 0 certsrv
157 10 6664 12724 0.03 4912 0 conhost
157 10 6672 12712 0.02 5324 0 conhost
157 10 6620 12660 0.02 5948 0 conhost
157 10 6664 12724 0.03 7104 0 conhost
157 10 6688 12724 0.02 7972 0 conhost
157 10 6672 12720 0.02 9808 0 conhost
713 29 2428 5712 368 0 csrss
267 16 1984 5124 476 1 csrss
269 11 2220 8424 6384 2 csrss
363 15 3520 15072 1124 1 ctfmon
357 15 3488 14868 7852 2 ctfmon
400 33 16724 23704 2640 0 dfsrs
187 12 2340 7804 3564 0 dfssvc
263 14 3864 13672 4360 0 dllhost
5376 3697 69344 69904 2632 0 dns
593 25 19168 43760 1068 1 dwm
583 24 11472 40232 2636 2 dwm
1491 59 23684 9672 6068 1 explorer
1401 54 20864 75016 7228 2 explorer
64 7 1924 5240 2984 1 fontdrvhost
64 7 1896 5140 2992 0 fontdrvhost
64 7 1852 5280 6048 2 fontdrvhost
0 0 56 8 0 0 Idle
143 12 2040 5936 2620 0 ismserv
386 21 6984 28668 7988 2 LogonUI
3280 188 80284 93452 628 0 lsass
527 36 53732 65832 2104 0 Microsoft.ActiveDirectory.WebServices
234 13 2784 10340 4584 0 msdtc
1029 96 101636 138428 2360 0 OMServerService
960 89 109788 57188 1048 2 OutputMessenger
1031 113 166416 10408 1600 0 OutputMessenger
228 28 6504 16368 3476 0 outputmessenger_httpd
367 46 13640 21288 3488 0 outputmessenger_httpd
267 21 732824 84204 6668 0 outputmessenger_mysqld
306 12 2388 11224 5532 2 rdpclip
0 13 380 72104 88 0 Registry
171 10 1732 9536 4700 2 RuntimeBroker
318 17 19716 33648 5956 1 RuntimeBroker
154 9 1644 8000 6108 1 RuntimeBroker
275 14 3208 15940 6432 1 RuntimeBroker
292 15 5364 16924 7704 2 RuntimeBroker
236 14 4968 14936 7748 2 RuntimeBroker
676 32 21144 49924 5336 1 SearchUI
653 32 19180 50076 7600 2 SearchUI
683 14 6136 14060 608 0 services
717 29 15536 40848 5232 1 ShellExperienceHost
681 29 14456 42440 7512 2 ShellExperienceHost
444 17 4832 24840 296 2 sihost
440 17 4820 24844 2776 1 sihost
56 3 528 1092 284 0 smss
214 12 2004 10052 276 0 svchost
193 9 1692 12088 316 0 svchost
158 10 1864 6940 332 0 svchost
198 9 1540 7740 364 0 svchost
209 12 1764 7500 372 0 svchost
153 21 4716 8964 464 0 svchost
376 19 5656 27796 712 1 svchost
187 9 4400 12364 720 0 svchost
96 5 960 4176 832 0 svchost
186 10 1920 9012 840 0 svchost
1088 21 7480 23692 852 0 svchost
1103 20 6560 13904 892 0 svchost
131 8 1596 6176 928 0 svchost
365 11 2724 10780 936 0 svchost
217 9 1920 7136 960 0 svchost
717 25 11164 25284 1012 0 svchost
254 13 2892 9060 1096 0 svchost
406 32 9056 18212 1256 0 svchost
427 13 14244 18372 1288 0 svchost
307 16 3320 12540 1316 0 svchost
258 13 2996 12200 1328 0 svchost
454 9 2768 9176 1352 0 svchost
185 7 1232 5996 1372 0 svchost
256 14 3108 14404 1396 0 svchost
186 12 1936 8624 1444 0 svchost
786 16 6444 14216 1500 0 svchost
324 13 2032 9112 1524 0 svchost
394 18 6652 15132 1532 0 svchost
203 12 2284 12480 1584 0 svchost
180 9 2284 7920 1592 0 svchost
426 15 13508 22312 1624 0 svchost
195 10 1828 7088 1688 0 svchost
169 9 1540 7432 1740 0 svchost
352 10 2516 8696 1780 0 svchost
475 19 3276 12256 1812 0 svchost
324 20 9744 15736 1884 0 svchost
454 20 19168 34244 1904 0 svchost
201 9 1648 7232 1984 0 svchost
221 12 2188 9376 2000 0 svchost
336 15 4996 13780 2072 0 svchost
162 10 1800 6832 2080 0 svchost
230 12 2684 13012 2204 1 svchost
253 25 3472 12988 2300 0 svchost
268 13 2468 8004 2324 0 svchost
277 16 2540 10764 2336 0 svchost
246 10 2276 9296 2372 0 svchost
145 8 1500 6580 2588 0 svchost
164 10 1792 7424 2684 0 svchost
145 9 1540 6628 2772 0 svchost
210 11 2272 8756 2872 0 svchost
171 12 3872 11040 3008 0 svchost
177 9 3112 8080 3016 0 svchost
175 7 1428 6200 3032 0 svchost
234 14 4532 12140 3332 0 svchost
318 16 19692 21688 3348 0 svchost
357 22 7796 18260 3380 0 svchost
190 11 2200 13900 3392 0 svchost
220 12 2068 7468 3536 0 svchost
349 17 5236 26008 3572 2 svchost
414 26 3608 13284 3900 0 svchost
126 7 1208 6076 4444 0 svchost
325 18 6416 23136 5644 0 svchost
204 11 2632 11976 5772 0 svchost
195 15 6008 10480 6428 0 svchost
239 16 4500 14356 6748 0 svchost
183 12 2836 14940 6948 0 svchost
225 11 2688 12984 7040 2 svchost
2801 0 192 72 4 0 System
219 19 3632 12220 1912 2 taskhostw
223 20 3864 12844 5708 1 taskhostw
219 16 2584 10820 3912 0 vds
174 11 2936 11444 3368 0 VGAuthService
154 8 1728 7092 3356 0 vm3dservice
148 10 1836 7556 3772 1 vm3dservice
402 23 10460 23348 3340 0 vmtoolsd
247 18 5132 1612 6560 1 vmtoolsd
175 11 1592 6956 468 0 wininit
279 13 3552 11896 536 1 winlogon
269 11 2264 9392 6372 2 winlogon
406 20 19488 30640 4276 0 WmiPrvSE
2247 27 109836 125172 0.64 64 0 wsmprovhost
426 26 72660 89196 0.45 168 0 wsmprovhost
1733 26 82820 98020 0.39 588 0 wsmprovhost
1196 32 79256 101928 0.38 1480 0 wsmprovhost
506 27 84284 101728 0.56 2248 0 wsmprovhost
386 26 60164 76232 0.38 2424 0 wsmprovhost
874 26 66516 81996 0.36 2548 0 wsmprovhost
548 25 56148 70264 0.30 2960 0 wsmprovhost
1381 26 81364 97056 0.50 3648 0 wsmprovhost
1455 26 81076 96496 0.56 4676 0 wsmprovhost
409 27 75380 93364 0.56 4976 0 wsmprovhost
434 27 169432 185872 0.73 5364 0 wsmprovhost
1196 32 79156 101840 0.36 5888 0 wsmprovhost
513 25 55428 69492 0.27 6064 0 wsmprovhost
1197 29 80916 98488 0.36 6608 0 wsmprovhost
618 29 55892 69164 0.66 7004 0 wsmprovhost
1444 32 82700 105408 0.42 7944 0 wsmprovhost
909 26 65800 80476 0.41 8008 0 wsmprovhost
1608 27 77560 92032 0.38 8432 0 wsmprovhost
449 26 125200 141416 0.95 8496 0 wsmprovhost
441 26 76976 92804 0.47 8632 0 wsmprovhost
464 26 121052 136904 0.55 8888 0 wsmprovhost
459 26 121008 135860 0.42 9108 0 wsmprovhost
444 27 171756 188080 0.67 9152 0 wsmprovhost
1090 26 72892 87976 0.39 9220 0 wsmprovhost
738 26 62784 78328 0.38 9484 0 wsmprovhost
376 24 39860 49376 0.20 9540 0 wsmprovhost
447 27 171620 186896 0.66 9860 0 wsmprovhost
962 26 66276 81228 0.38 9944 0 wsmprovhostcertsrv
OutputMessenger
outputmessenger_httpd
outputmessenger_httpd
outputmessenger_mysqld
vds
Tasks
*Evil-WinRM* PS C:\Users\M.harris\Documents> cmd /c schtasks /QUERY /FO TABLE | findstr /v /i "\Microsoft" | findstr /v /i "access level" | findstr /v /i "system32"
cmd.exe : Access is denied.
+ CategoryInfo : NotSpecified: (Access is denied.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandErrorFirewall & AV
*Evil-WinRM* PS C:\Users\M.harris\Documents> netsh firewall show config
Domain profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Domain profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
33060 TCP Enable Inbound Port 33060
3306 TCP Enable Inbound Port 3306
Standard profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Disable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No File and Printer Sharing
Enable No Remote Desktop
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Enable Inbound Firefox (C:\Program Files\Mozilla Firefox) / C:\Program Files\Mozilla Firefox\firefox.exe
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
33060 TCP Enable Inbound Port 33060
3306 TCP Enable Inbound Port 3306
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .33060 TCP Enable Inbound Port 33060
3306 TCP Enable Inbound Port 3306
*Evil-WinRM* PS C:\Users\M.harris\Documents> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
Cannot connect to CIM server. Access denied
At line:1 char:1
+ Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property Exc ...
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (MSFT_MpComputerStatus:String) [Get-MpComputerStatus], CimJobException
+ FullyQualifiedErrorId : CimJob_BrokenCimSession,Get-MpComputerStatusSession Architecture
*Evil-WinRM* PS C:\Users\M.harris\Documents> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
*Evil-WinRM* PS C:\Users\M.harris\Documents> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 96C7-B603
Directory of C:\Windows\Microsoft.NET\Framework
09/15/2018 12:19 AM <DIR> .
09/15/2018 12:19 AM <DIR> ..
09/15/2018 12:19 AM <DIR> v1.0.3705
09/15/2018 12:19 AM <DIR> v1.1.4322
09/15/2018 12:19 AM <DIR> v2.0.50727
09/01/2024 05:04 AM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 44,935,086,080 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80eb1
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.03761
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.03761