System/Kernel
ps c:\Users\btables> systeminfo ; Get-ComputerInfo
host name: CLIENT
os name: Microsoft Windows 10 Enterprise N
os version: 10.0.19043 N/A Build 19043
os manufacturer: Microsoft Corporation
os configuration: Member Workstation
os build type: Multiprocessor Free
registered owner: setup
registered organization:
product id: 00330-00182-51735-AA058
original install date: 6/15/2022, 8:20:38 AM
system boot time: 1/5/2024, 11:37:32 AM
system manufacturer: Microsoft Corporation
system model: Virtual Machine
system type: x64-based PC
processor(s): 1 Processor(s) Installed.
[01]: AMD64 Family 23 Model 49 Stepping 0 AuthenticAMD ~2994 Mhz
bios version: American Megatrends Inc. 090007 , 5/18/2018
windows directory: C:\Windows
system directory: C:\Windows\system32
boot device: \Device\HarddiskVolume1
system locale: en-us;English (United States)
input locale: en-us;English (United States)
time zone: (UTC-08:00) Pacific Time (US & Canada)
total physical memory: 1,274 MB
available physical memory: 373 MB
virtual memory: Max Size: 1,914 MB
virtual memory: Available: 375 MB
virtual memory: In Use: 1,539 MB
page file location(s): C:\pagefile.sys
domain: outdated.htb
logon server: \\DC
hotfix(s): 4 Hotfix(s) Installed.
[01]: KB4601554
[02]: KB5000736
[03]: KB5001330
[04]: KB5001405
network card(s): 1 NIC(s) Installed.
[01]: Microsoft Hyper-V Network Adapter
connection name: Ethernet
dhcp enabled: No
IP address(es)
[01]: 172.16.20.20
hyper-v requirements: A hypervisor has been detected. Features required for Hyper-V will not be displayed.
windowsbuildlabex : 19041.1.amd64fre.vb_release.191206-1406
windowscurrentversion : 6.3
windowseditionid : EnterpriseN
windowsinstallationtype : Client
windowsinstalldatefromregistry : 6/15/2022 4:20:38 PM
windowsproductid : 00330-00182-51735-AA058
windowsproductname : Windows 10 Enterprise N
windowsregisteredorganization :
windowsregisteredowner : setup
windowssystemroot : C:\Windows
windowsversion : 2009
bioscharacteristics : {4, 7, 9, 11...}
biosbiosversion : {VRTUAL - 5001818, BIOS Date: 05/18/18 15:55:38 Ver:
09.00.07, bios date: 05/18/18 15:55:38 Ver: 09.00.07}
biosbuildnumber :
bioscaption : BIOS Date: 05/18/18 15:55:38 Ver: 09.00.07
bioscodeset :
bioscurrentlanguage : enUS
biosdescription : BIOS Date: 05/18/18 15:55:38 Ver: 09.00.07
biosembeddedcontrollermajorversion :
biosembeddedcontrollerminorversion :
biosfirmwaretype : Bios
biosidentificationcode :
biosinstallablelanguages : 1
biosinstalldate :
bioslanguageedition :
bioslistoflanguages : {enUS}
biosmanufacturer : American Megatrends Inc.
biosname : BIOS Date: 05/18/18 15:55:38 Ver: 09.00.07
biosothertargetos :
biosprimarybios : True
biosreleasedate : 5/17/2018 5:00:00 PM
biosseralnumber : 4969-3819-4253-9257-9968-0050-52
biossmbiosbiosversion : 090007
biossmbiosmajorversion : 2
biossmbiosminorversion : 3
biossmbiospresent : True
biossoftwareelementstate : Running
biosstatus : OK
biossystembiosmajorversion :
biossystembiosminorversion :
biostargetoperatingsystem : 0
biosversion : VRTUAL - 5001818
csadminpasswordstatus : Unknown
csautomaticmanagedpagefile : True
csautomaticresetbootoption : True
csautomaticresetcapability : True
csbootoptiononlimit : 0
csbootoptiononwatchdog : 0
csbootromsupported : True
csbootstatus : {0, 0, 0, 0...}
csbootupstate : Normal boot
cscaption : CLIENT
cschassisbootupstate : Safe
cschassisskunumber :
cscurrenttimezone : -480
csdaylightineffect : False
csdescription : AT/AT COMPATIBLE
csdnshostname : client
csdomain : outdated.htb
csdomainrole : MemberWorkstation
csenabledaylightsavingstime : True
csfrontpanelresetstatus : Unknown
cshypervisorpresent : True
csinfraredsupported : False
csinitialloadinfo :
csinstalldate :
cskeyboardpasswordstatus : Unknown
cslastloadinfo :
csmanufacturer : Microsoft Corporation
csmodel : Virtual Machine
csname : CLIENT
csnetworkadapters : {Ethernet}
csnetworkservermodeenabled : True
csnumberoflogicalprocessors : 1
csnumberofprocessors : 1
csprocessors : {AMD EPYC 7302P 16-Core Processor }
csoemstringarray : {[MS_VM_CERT/SHA1/9b80ca0d5dd061ec9da4e494f4c3fd1196270c22],
00000000000000000000000000000000, To be filed by MSFT}
cspartofdomain : True
cspauseafterreset : 3932100000
cspcsystemtype : Desktop
cspcsystemtypeex : Desktop
cspoweronpasswordstatus : Unknown
cspowerstate : Unknown
cspowersupplystate : Safe
csprimaryownername : setup
csresetcapability : Other
csresetcount : -1
csresetlimit : -1
csroles : {LM_Workstation, LM_Server, NT}
csstatus : OK
cssystemtype : x64-based PC
csthermalstate : Other
cstotalphysicalmemory : 1335414784
csphyicallyinstalledmemory : 2097152
csusername : OUTDATED\btables
cswakeuptype : PowerSwitch
csworkgroup :
osname : Microsoft Windows 10 Enterprise N
ostype : WINNT
osoperatingsystemsku : WindowsEnterprise
osversion : 10.0.19043
oscsdversion :
osbuildnumber : 19043
oshotfixes : {KB4601554, KB5000736, KB5001330, KB5001405}
osbootdevice : \Device\HarddiskVolume1
ossystemdevice : \Device\HarddiskVolume2
ossystemdirectory : C:\Windows\system32
ossystemdrive : C:
oswindowsdirectory : C:\Windows
oscountrycode : 1
oscurrenttimezone : -480
oslocaleid : 0409
oslocale : en-US
oslocaldatetime : 1/5/2024 1:57:21 PM
oslastbootuptime : 1/5/2024 11:37:32 AM
osuptime : 02:19:47.5409017
osbuildtype : Multiprocessor Free
oscodeset : 1252
osdataexecutionpreventionavailable : True
osdataexecutionprevention32bitapplications : True
osdataexecutionpreventiondrivers : True
osdataexecutionpreventionsupportpolicy : OptIn
osdebug : False
osdistributed : False
osencryptionlevel : 256
osforegroundapplicationboost : Maximum
ostotalvisiblememorysize : 1304116
osfreephysicalmemory : 339680
ostotalvirtualmemorysize : 1959476
osfreevirtualmemory : 364032
osinusevirtualmemory : 1595444
ossizestoredinpagingfiles : 655360
osfreespaceinpagingfiles : 483216
ospagingfiles : {C:\pagefile.sys}
oshardwareabstractionlayer : 10.0.19041.906
osinstalldate : 6/15/2022 9:20:38 AM
osmanufacturer : Microsoft Corporation
osmaxnumberofprocesses : 4294967295
osmaxprocessmemorysize : 137438953344
osmuilanguages : {en-US}
osnumberofprocesses : 81
osnumberofusers : 6
osarchitecture : 64-bit
oslanguage : en-US
osproductsuites : {TerminalServicesSingleSession}
osportableoperatingsystem : False
osprimary : True
osproducttype : WorkStation
osregistereduser : setup
osserialnumber : 00330-00182-51735-AA058
osservicepackmajorversion : 0
osservicepackminorversion : 0
osstatus : OK
ossuites : {TerminalServices, TerminalServicesSingleSession}
keyboardlayout : en-US
timezone : (UTC-08:00) Pacific Time (US & Canada)
logonserver : \\DC
powerplatformrole : Desktop
hypervisorpresent : True
deviceguardsmartstatus : OffMicrosoft Windows 10 Enterprise N
10.0.19041.906
x64-based PC
1 Processor(s)
4 Hotfix(s)
1 NIC(s)
Virtual Machine
Networks
PS C:\Users\btables> ipconfig /all ; arp -a ; route print
Windows IP Configuration
Host Name . . . . . . . . . . . . : client
Primary Dns Suffix . . . . . . . : outdated.htb
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : outdated.htb
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hyper-V Network Adapter
Physical Address. . . . . . . . . : 00-15-5D-19-AE-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 172.16.20.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 172.16.20.1
DNS Servers . . . . . . . . . . . : 172.16.20.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Interface: 172.16.20.20 --- 0xb
Internet Address Physical Address Type
172.16.20.1 00-15-5d-19-ae-00 dynamic
172.16.20.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
===========================================================================
Interface List
11...00 15 5d 19 ae 01 ......Microsoft Hyper-V Network Adapter
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 172.16.20.1 172.16.20.20 271
127.0.0.0 255.0.0.0 On-link 127.0.0.1 331
127.0.0.1 255.255.255.255 On-link 127.0.0.1 331
127.255.255.255 255.255.255.255 On-link 127.0.0.1 331
172.16.20.0 255.255.255.0 On-link 172.16.20.20 271
172.16.20.20 255.255.255.255 On-link 172.16.20.20 271
172.16.20.255 255.255.255.255 On-link 172.16.20.20 271
224.0.0.0 240.0.0.0 On-link 127.0.0.1 331
224.0.0.0 240.0.0.0 On-link 172.16.20.20 271
255.255.255.255 255.255.255.255 On-link 127.0.0.1 331
255.255.255.255 255.255.255.255 On-link 172.16.20.20 271
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 172.16.20.1 Default
===========================================================================
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 331 ::1/128 On-link
1 331 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
PS C:\Users\btables> netstat -ano | Select-String LIST
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 932
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 1044
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 604
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 976
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 500
TCP 0.0.0.0:49670 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:49695 0.0.0.0:0 LISTENING 652
TCP 172.16.20.20:139 0.0.0.0:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 932
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 660
TCP [::]:49665 [::]:0 LISTENING 604
TCP [::]:49666 [::]:0 LISTENING 976
TCP [::]:49668 [::]:0 LISTENING 500
TCP [::]:49670 [::]:0 LISTENING 660
TCP [::]:49695 [::]:0 LISTENING 652client.outdated.htb
Microsoft Hyper-V
172.16.20.20
0.0.0.0:135
0.0.0.0:445
0.0.0.0:5040
Users & Groups
ps c:\Users\btables> net user ; net user /DOMAIN
User accounts for \\CLIENT
-------------------------------------------------------------------------------
Administrator DefaultAccount Guest
WDAGUtilityAccount
The command completed successfully.
The request will be processed at a domain controller for domain outdated.htb.
User accounts for \\DC.outdated.htb
-------------------------------------------------------------------------------
Administrator btables Guest
krbtgt sflowers
The command completed successfully.ps c:\Users\btables> net localgroup ; net group /DOMAIN
net localgroup ; net group /DOMAIN
Aliases for \\CLIENT
-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users
The command completed successfully.
The request will be processed at a domain controller for domain outdated.htb.
Group Accounts for \\DC.outdated.htb
-------------------------------------------------------------------------------
*Cloneable Domain Controllers
*DnsUpdateProxy
*Domain Admins
*Domain Computers
*Domain Controllers
*Domain Guests
*Domain Users
*Enterprise Admins
*Enterprise Key Admins
*Enterprise Read-only Domain Controllers
*Group Policy Creator Owners
*ITStaff
*Key Admins
*Protected Users
*Read-only Domain Controllers
*Schema Admins
The command completed successfully.Hyper-V Administrators
IIS_IUSRS
ITStaff
Processes
PS C:\Users\btables> tasklist /svc
Image Name PID Services
========================= ======== ============================================
System Idle Process 0 N/A
System 4 N/A
Registry 72 N/A
smss.exe 432 N/A
csrss.exe 536 N/A
wininit.exe 604 N/A
csrss.exe 612 N/A
services.exe 652 N/A
lsass.exe 660 KeyIso, Netlogon, SamSs, VaultSvc
winlogon.exe 708 N/A
svchost.exe 828 BrokerInfrastructure, DcomLaunch, LSM,
PlugPlay, Power, SystemEventsBroker
fontdrvhost.exe 836 N/A
fontdrvhost.exe 844 N/A
svchost.exe 932 RpcEptMapper, RpcSs
dwm.exe 1020 N/A
svchost.exe 500 Appinfo, BITS, DsmSvc, iphlpsvc,
LanmanServer, lfsvc, ProfSvc, Schedule,
SENS, SessionEnv, ShellHWDetection,
TokenBroker, UserManager, UsoSvc, Winmgmt,
WpnService
svchost.exe 792 CoreMessagingRegistrar, DPS
svchost.exe 924 TermService
svchost.exe 976 Dhcp, EventLog, lmhosts, TimeBrokerSvc,
vmictimesync, WinHttpAutoProxySvc
svchost.exe 1044 BthAvctpSvc, CDPSvc, DispBrokerDesktopSvc,
EventSystem, FontCache, LicenseManager,
netprofm, nsi, SstpSvc, WdiServiceHost
svchost.exe 1060 W32Time
svchost.exe 1076 DsSvc, NcbService, PcaSvc, StorSvc,
SysMain, TabletInputService, TrkWks,
UmRdpService, vmickvpexchange,
vmicshutdown, vmicvss, WdiSystemHost
svchost.exe 1176 CryptSvc, Dnscache, LanmanWorkstation,
NlaSvc
svchost.exe 1452 BFE, mpssvc
svchost.exe 1540 CertPropSvc, RasMan
svchost.exe 1640 vmicheartbeat, vmicrdv
VSSVC.exe 1920 VSS
Memory Compression 1932 N/A
svchost.exe 2008 DusmSvc
svchost.exe 2016 Wcmsvc
svchost.exe 2032 DiagTrack
MsMpEng.exe 2132 WinDefend
svchost.exe 2864 RmSvc
svchost.exe 2980 StateRepository
sihost.exe 2404 N/A
svchost.exe 2640 CDPUserSvc_42a97, OneSyncSvc_42a97,
PimIndexMaintenanceSvc_42a97,
UnistoreSvc_42a97, UserDataSvc_42a97,
WpnUserService_42a97
taskhostw.exe 2544 N/A
powershell.exe 896 N/A
ctfmon.exe 3120 N/A
conhost.exe 3244 N/A
explorer.exe 3392 N/A
svchost.exe 3536 cbdhsvc_42a97
StartMenuExperienceHost.e 3808 N/A
SecurityHealthService.exe 3128 SecurityHealthService
RuntimeBroker.exe 2500 N/A
RuntimeBroker.exe 4136 N/A
SecurityHealthSystray.exe 4996 N/A
OneDrive.exe 5052 N/A
svchost.exe 388 SSDPSRV
SystemSettings.exe 4492 N/A
ApplicationFrameHost.exe 2856 N/A
MicrosoftEdgeUpdate.exe 1504 N/A
SgrmBroker.exe 4512 SgrmBroker
svchost.exe 2208 wscsvc
svchost.exe 3088 InstallService
LockApp.exe 4764 N/A
RuntimeBroker.exe 2588 N/A
TextInputHost.exe 5692 N/A
dllhost.exe 6040 N/A
SearchApp.exe 2496 N/A
powershell.exe 4516 N/A
conhost.exe 2448 N/A
svchost.exe 4684 WbioSrvc
taskhostw.exe 4212 N/A
HxOutlook.exe 5644 N/A
RuntimeBroker.exe 2164 N/A
HxTsr.exe 4508 N/A
RuntimeBroker.exe 4960 N/A
svchost.exe 5612 swprv
WmiPrvSE.exe 2528 N/A
msdt.exe 5420 N/A
sdiagnhost.exe 284 N/A
conhost.exe 1636 N/A
nc64.exe 5812 N/A
cmd.exe 4992 N/A
powershell.exe 2840 N/A
LogonUI.exe 5068 N/A
tasklist.exe 4028 N/A Tasks
ps c:\Users\btables> Get-ScheduledTask | where {$_.TaskPath -notlike "\Microsoft*" } | ft TaskName,TaskPath,State
TaskName TaskPath State
-------- -------- -----
check_mail \ Running
OneDrive Reporting Task-S-1-5-21-4089647348-67660539-4016542185-1106 \ Disabled
OneDrive Standalone Update Task-S-1-5-21-4089647348-67660539-4016542185-1106 \ Disabledcheck_mail
Firewall & AV
PS C:\Users\btables> netsh firewall show config
Domain profile configuration (current):
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Allowed programs configuration for Domain profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Domain profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Standard profile configuration:
-------------------------------------------------------------------
Operational mode = Enable
Exception mode = Enable
Multicast/broadcast response mode = Enable
Notification mode = Enable
Service configuration for Standard profile:
Mode Customized Name
-------------------------------------------------------------------
Enable No Network Discovery
Allowed programs configuration for Standard profile:
Mode Traffic direction Name / Program
-------------------------------------------------------------------
Port configuration for Standard profile:
Port Protocol Mode Traffic direction Name
-------------------------------------------------------------------
Log configuration:
-------------------------------------------------------------------
File location = C:\Windows\system32\LogFiles\Firewall\pfirewall.log
Max file size = 4096 KB
Dropped packets = Disable
Connections = Disable
IMPORTANT: Command executed successfully.
However, "netsh firewall" is deprecated;
use "netsh advfirewall firewall" instead.
For more information on using "netsh advfirewall firewall" commands
instead of "netsh firewall", see KB article 947709
at https://go.microsoft.com/fwlink/?linkid=121488 .FW is enabled
PS C:\Users\btables> Get-MpComputerStatus ; Get-MpPreference | Select-Object -Property ExclusionPath
AMEngineVersion : 1.1.19200.6
AMProductVersion : 4.18.2203.5
AMRunningMode : Normal
AMServiceEnabled : True
AMServiceVersion : 4.18.2203.5
AntispywareEnabled : True
AntispywareSignatureAge : 569
AntispywareSignatureLastUpdated : 6/15/2022 4:08:23 AM
AntispywareSignatureVersion : 1.367.1606.0
AntivirusEnabled : True
AntivirusSignatureAge : 569
AntivirusSignatureLastUpdated : 6/15/2022 4:08:23 AM
AntivirusSignatureVersion : 1.367.1606.0
BehaviorMonitorEnabled : False
ComputerID : 524F69D5-EB8E-4E41-9400-E3947A271AC5
ComputerState : 0
DefenderSignaturesOutOfDate : True
DeviceControlDefaultEnforcement : Unknown
DeviceControlPoliciesLastUpdated : 1/5/2024 11:38:29 AM
DeviceControlState : Disabled
FullScanAge : 4294967295
FullScanEndTime :
FullScanOverdue : False
FullScanRequired : False
FullScanSignatureVersion :
FullScanStartTime :
IoavProtectionEnabled : False
IsTamperProtected : False
IsVirtualMachine : True
LastFullScanSource : 0
LastQuickScanSource : 2
NISEnabled : False
NISEngineVersion : 0.0.0.0
NISSignatureAge : 4294967295
NISSignatureLastUpdated :
NISSignatureVersion : 0.0.0.0
OnAccessProtectionEnabled : False
ProductStatus : 524384
QuickScanAge : 0
QuickScanEndTime : 1/5/2024 12:34:53 PM
QuickScanOverdue : False
QuickScanSignatureVersion : 1.367.1606.0
QuickScanStartTime : 1/5/2024 12:31:55 PM
RealTimeProtectionEnabled : False
RealTimeScanDirection : 0
RebootRequired : False
TamperProtectionSource : UI
TDTMode : N/A
TDTStatus : N/A
TDTTelemetry : N/A
PSComputerName :
ExclusionPath : {N/A: Must be and administrator to view exclusions}AV is partially enabled
Session Architecture
ps c:\Users\btables> [Environment]::Is64BitProcess
TrueInstalled .NET Frameworks
PS C:\Users\btables> cmd /c dir /A:D C:\Windows\Microsoft.NET\Framework ; cmd /c reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP" ; cmd /c reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP" /s
Volume in drive C has no label.
Volume Serial Number is 9EA0-5B4E
Directory of C:\Windows\Microsoft.NET\Framework
12/07/2019 01:51 AM <DIR> .
12/07/2019 01:51 AM <DIR> ..
12/07/2019 01:51 AM <DIR> v1.0.3705
12/07/2019 01:51 AM <DIR> v1.1.4322
12/07/2019 01:14 AM <DIR> v2.0.50727
01/05/2024 12:33 PM <DIR> v4.0.30319
0 File(s) 0 bytes
6 Dir(s) 9,556,828,160 bytes free
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4.0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\CDF\v4.0
HttpNamespaceReservationInstalled REG_DWORD 0x1
NetTcpPortSharingInstalled REG_DWORD 0x1
NonHttpActivationInstalled REG_DWORD 0x1
SMSvcHostPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
WMIInstalled REG_DWORD 0x1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Client\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
InstallPath REG_SZ C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4\Full\1033
CBS REG_DWORD 0x1
Install REG_DWORD 0x1
Release REG_DWORD 0x80ff4
Servicing REG_DWORD 0x0
TargetVersion REG_SZ 4.0.0
Version REG_SZ 4.8.04084
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0
(Default) REG_SZ deprecated
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4.0\Client
Install REG_DWORD 0x1
Version REG_SZ 4.0.0.0.NET 4.8.04084