Nessus Report

Report generated by Tenable Nessus™

Server 1

Sat, 10 Jan 2026 05:42:13 India Standard Time

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
172.17.100.20
23
51
15
1
1836
Critical
High
Medium
Low
Info
Scan Information
Start time: Sat Jan 10 00:00:17 2026
End time: Sat Jan 10 00:41:09 2026
Host Information
Netbios Name: SPINE-HRMS
IP: 172.17.100.20
MAC Address: 00:50:56:BC:92:1F
OS: Microsoft Windows Server 2019 Datacenter Build 17763
Vulnerabilities

156860 - Apache Log4j 1.x Multiple Vulnerabilities
-
Synopsis
A logging library running on the remote host has multiple vulnerabilities.
Description
According to its self-reported version number, the installation of Apache Log4j on the remote host is 1.x and is no longer supported. Log4j reached its end of life prior to 2016. Additionally, Log4j 1.x is affected by multiple vulnerabilities, including :

- Log4j includes a SocketServer that accepts serialized log events and deserializes them without verifying whether the objects are allowed or not. This can provide an attack vector that can be exploited. (CVE-2019-17571)

- Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. (CVE-2020-9488)

- JMSSink uses JNDI in an unprotected manner allowing any application using the JMSSink to be vulnerable if it is configured to reference an untrusted site or if the site referenced can be accesseed by the attacker.
(CVE-2022-23302)

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it is likely to contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Log4j that is currently supported.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Risk Factor
High
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.4904
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2019-17571
CVE CVE-2020-9488
CVE CVE-2022-23302
CVE CVE-2022-23305
CVE CVE-2022-23307
CVE CVE-2023-26464
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
XREF IAVA:2021-A-0573
Plugin Information
Published: 2022/01/19, Modified: 2024/06/13
Plugin Output

tcp/445/cifs


Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\ALPHA\FVU 5.0\log4j-1.2.8.jar
Installed version : 1.2.8

tcp/445/cifs


Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\FVU 5.0\log4j-1.2.8.jar
Installed version : 1.2.8

182252 - Apache Log4j SEoL (<= 1.x)
-
Synopsis
An unsupported version of Apache Log4j is installed on the remote host.
Description
According to its version, Apache Log4j is less than or equal to 1.x. It is, therefore, no longer maintained by its vendor or provider.

Lack of support implies that no new security patches for the product will be released by the vendor. As a result, it may contain security vulnerabilities.
See Also
Solution
Upgrade to a version of Apache Log4j that is currently supported.
Risk Factor
Critical
CVSS v3.0 Base Score
10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Plugin Information
Published: 2023/09/29, Modified: 2023/11/02
Plugin Output

tcp/0


Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\ALPHA\FVU 5.0\log4j-1.2.8.jar
Installed version : 1.2.8
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

tcp/0


Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\FVU 5.0\log4j-1.2.8.jar
Installed version : 1.2.8
Security End of Life : August 4, 2015
Time since Security End of Life (Est.) : >= 10 years

171441 - KB5022840: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022840. It is, therefore, affected by multiple vulnerabilities

- Windows iSCSI Discovery Service Remote Code Execution Vulnerability (CVE-2023-21803)

- Microsoft PostScript Printer Driver Remote Code Execution Vulnerability (CVE-2023-21684, CVE-2023-21801)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21685, CVE-2023-21686, CVE-2023-21799)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022840
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.3497
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/02/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022840

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4010
172533 - KB5023702: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5023702. It is, therefore, affected by multiple vulnerabilities

- An out-of-bounds write vulnerability exists in TPM2.0's Module Library allowing writing of a 2-byte data past the end of TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can lead to denial of service (crashing the TPM chip/process or rendering it unusable) and/or arbitrary code execution in the TPM context. (CVE-2023-1017)

- An out-of-bounds read vulnerability exists in TPM2.0's Module Library allowing a 2-byte read past the end of a TPM2.0 command in the CryptParameterDecryption routine. An attacker who can successfully exploit this vulnerability can read or access sensitive data stored in the TPM. (CVE-2023-1018)

- Remote Procedure Call Runtime Remote Code Execution Vulnerability (CVE-2023-21708, CVE-2023-23405, CVE-2023-24869, CVE-2023-24908)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5023702
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.7729
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/03/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5023702

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4131
174108 - KB5025229: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5025229. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-28275)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-21554)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5025229
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.9216
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/04/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5025229

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4252
175347 - KB5026362: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5026362. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-24943)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-28283)

- Server for NFS Denial of Service Vulnerability (CVE-2023-24939)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5026362
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.4022
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/05/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5026362

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4377
177247 - KB5027222: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5027222. It is, therefore, affected by multiple vulnerabilities

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-29363, CVE-2023-32014, CVE-2023-32015)

- Windows Collaborative Translation Framework Elevation of Privilege Vulnerability (CVE-2023-32009)

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-29373)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5027222
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.2211
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/06/13, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5027222

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4499
178150 - KB5028168: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5028168. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2023-35365, CVE-2023-35366, CVE-2023-35367)

- Windows Netlogon Information Disclosure Vulnerability (CVE-2023-21526)

- Windows Win32k Elevation of Privilege Vulnerability (CVE-2023-21756)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5028168
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.6873
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21526
CVE CVE-2023-21756
CVE CVE-2023-32033
CVE CVE-2023-32034
CVE CVE-2023-32035
CVE CVE-2023-32037
CVE CVE-2023-32038
CVE CVE-2023-32039
CVE CVE-2023-32040
CVE CVE-2023-32041
CVE CVE-2023-32042
CVE CVE-2023-32043
CVE CVE-2023-32044
CVE CVE-2023-32045
CVE CVE-2023-32046
CVE CVE-2023-32049
CVE CVE-2023-32053
CVE CVE-2023-32054
CVE CVE-2023-32055
CVE CVE-2023-32056
CVE CVE-2023-32057
CVE CVE-2023-32083
CVE CVE-2023-32084
CVE CVE-2023-32085
CVE CVE-2023-33154
CVE CVE-2023-33155
CVE CVE-2023-33163
CVE CVE-2023-33164
CVE CVE-2023-33166
CVE CVE-2023-33167
CVE CVE-2023-33168
CVE CVE-2023-33169
CVE CVE-2023-33172
CVE CVE-2023-33173
CVE CVE-2023-33174
CVE CVE-2023-35296
CVE CVE-2023-35297
CVE CVE-2023-35299
CVE CVE-2023-35300
CVE CVE-2023-35302
CVE CVE-2023-35303
CVE CVE-2023-35304
CVE CVE-2023-35305
CVE CVE-2023-35306
CVE CVE-2023-35308
CVE CVE-2023-35309
CVE CVE-2023-35310
CVE CVE-2023-35312
CVE CVE-2023-35313
CVE CVE-2023-35314
CVE CVE-2023-35315
CVE CVE-2023-35316
CVE CVE-2023-35317
CVE CVE-2023-35318
CVE CVE-2023-35319
CVE CVE-2023-35320
CVE CVE-2023-35321
CVE CVE-2023-35322
CVE CVE-2023-35324
CVE CVE-2023-35325
CVE CVE-2023-35326
CVE CVE-2023-35328
CVE CVE-2023-35329
CVE CVE-2023-35330
CVE CVE-2023-35331
CVE CVE-2023-35332
CVE CVE-2023-35336
CVE CVE-2023-35338
CVE CVE-2023-35339
CVE CVE-2023-35340
CVE CVE-2023-35341
CVE CVE-2023-35342
CVE CVE-2023-35343
CVE CVE-2023-35344
CVE CVE-2023-35345
CVE CVE-2023-35346
CVE CVE-2023-35348
CVE CVE-2023-35350
CVE CVE-2023-35351
CVE CVE-2023-35352
CVE CVE-2023-35353
CVE CVE-2023-35356
CVE CVE-2023-35357
CVE CVE-2023-35358
CVE CVE-2023-35360
CVE CVE-2023-35361
CVE CVE-2023-35362
CVE CVE-2023-35363
CVE CVE-2023-35364
CVE CVE-2023-35365
CVE CVE-2023-35366
CVE CVE-2023-35367
CVE CVE-2023-36871
CVE CVE-2023-36874
MSKB 5028168
XREF CISA-KNOWN-EXPLOITED:2023/08/01
XREF MSFT:MS23-5028168
XREF IAVA:2023-A-0347-S
XREF IAVA:2023-A-0345-S
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/07/11, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5028168

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4644
179487 - KB5029247: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5029247. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)

- Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5029247
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9322
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-20569
CVE CVE-2023-35359
CVE CVE-2023-35376
CVE CVE-2023-35377
CVE CVE-2023-35378
CVE CVE-2023-35380
CVE CVE-2023-35381
CVE CVE-2023-35382
CVE CVE-2023-35383
CVE CVE-2023-35384
CVE CVE-2023-35385
CVE CVE-2023-35386
CVE CVE-2023-35387
CVE CVE-2023-36882
CVE CVE-2023-36884
CVE CVE-2023-36889
CVE CVE-2023-36900
CVE CVE-2023-36903
CVE CVE-2023-36904
CVE CVE-2023-36905
CVE CVE-2023-36906
CVE CVE-2023-36907
CVE CVE-2023-36908
CVE CVE-2023-36909
CVE CVE-2023-36910
CVE CVE-2023-36911
CVE CVE-2023-36912
CVE CVE-2023-36913
CVE CVE-2023-38154
CVE CVE-2023-38172
CVE CVE-2023-38184
CVE CVE-2023-38254
MSKB 5029247
XREF MSFT:MS23-5029247
XREF IAVA:2023-A-0418-S
XREF IAVA:2023-A-0409-S
XREF IAVA:2023-A-0402-S
XREF IAVA:2023-A-0412-S
XREF IAVA:2023-A-0416-S
XREF CISA-KNOWN-EXPLOITED:2023/08/29
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/08/08, Modified: 2024/11/13
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5029247

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4737
182865 - KB5031361: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5031361. It is, therefore, affected by multiple vulnerabilities

- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577)

- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5031361
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.9443
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29348
CVE CVE-2023-35349
CVE CVE-2023-36431
CVE CVE-2023-36434
CVE CVE-2023-36436
CVE CVE-2023-36438
CVE CVE-2023-36557
CVE CVE-2023-36563
CVE CVE-2023-36564
CVE CVE-2023-36567
CVE CVE-2023-36570
CVE CVE-2023-36571
CVE CVE-2023-36572
CVE CVE-2023-36573
CVE CVE-2023-36574
CVE CVE-2023-36575
CVE CVE-2023-36576
CVE CVE-2023-36577
CVE CVE-2023-36578
CVE CVE-2023-36579
CVE CVE-2023-36581
CVE CVE-2023-36582
CVE CVE-2023-36583
CVE CVE-2023-36584
CVE CVE-2023-36585
CVE CVE-2023-36589
CVE CVE-2023-36590
CVE CVE-2023-36591
CVE CVE-2023-36592
CVE CVE-2023-36593
CVE CVE-2023-36594
CVE CVE-2023-36596
CVE CVE-2023-36598
CVE CVE-2023-36602
CVE CVE-2023-36603
CVE CVE-2023-36605
CVE CVE-2023-36606
CVE CVE-2023-36697
CVE CVE-2023-36698
CVE CVE-2023-36701
CVE CVE-2023-36702
CVE CVE-2023-36703
CVE CVE-2023-36704
CVE CVE-2023-36706
CVE CVE-2023-36707
CVE CVE-2023-36709
CVE CVE-2023-36710
CVE CVE-2023-36711
CVE CVE-2023-36712
CVE CVE-2023-36713
CVE CVE-2023-36717
CVE CVE-2023-36718
CVE CVE-2023-36720
CVE CVE-2023-36721
CVE CVE-2023-36722
CVE CVE-2023-36723
CVE CVE-2023-36724
CVE CVE-2023-36725
CVE CVE-2023-36726
CVE CVE-2023-36729
CVE CVE-2023-36731
CVE CVE-2023-36732
CVE CVE-2023-36743
CVE CVE-2023-36776
CVE CVE-2023-36902
CVE CVE-2023-38159
CVE CVE-2023-38166
CVE CVE-2023-41765
CVE CVE-2023-41766
CVE CVE-2023-41767
CVE CVE-2023-41768
CVE CVE-2023-41769
CVE CVE-2023-41770
CVE CVE-2023-41771
CVE CVE-2023-41772
CVE CVE-2023-41773
CVE CVE-2023-41774
CVE CVE-2023-44487
MSKB 5031361
XREF MSFT:MS23-5031361
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
XREF CISA-KNOWN-EXPLOITED:2023/12/07
XREF CISA-KNOWN-EXPLOITED:2023/10/31
XREF CEA-ID:CEA-2024-0004
XREF IAVB:2023-B-0083-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/10/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5031361

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4974
185579 - KB5032196: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5032196. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5032196
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9021
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24023
CVE CVE-2023-36017
CVE CVE-2023-36025
CVE CVE-2023-36028
CVE CVE-2023-36033
CVE CVE-2023-36036
CVE CVE-2023-36047
CVE CVE-2023-36392
CVE CVE-2023-36393
CVE CVE-2023-36394
CVE CVE-2023-36395
CVE CVE-2023-36397
CVE CVE-2023-36398
CVE CVE-2023-36400
CVE CVE-2023-36401
CVE CVE-2023-36402
CVE CVE-2023-36403
CVE CVE-2023-36404
CVE CVE-2023-36405
CVE CVE-2023-36408
CVE CVE-2023-36423
CVE CVE-2023-36424
CVE CVE-2023-36425
CVE CVE-2023-36427
CVE CVE-2023-36428
CVE CVE-2023-36705
CVE CVE-2023-36719
CVE CVE-2023-38039
CVE CVE-2023-38545
CVE CVE-2024-21315
MSKB 5032196
XREF MSFT:MS23-5032196
XREF CISA-KNOWN-EXPLOITED:2023/12/05
XREF CEA-ID:CEA-2023-0052
XREF IAVA:2023-A-0638-S
XREF IAVA:2023-A-0636-S
XREF IAVA:2024-A-0105
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/11/14, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5032196

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5122
202028 - KB5040430: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5040430. It is, therefore, affected by multiple vulnerabilities

- RADIUS Protocol under RFC 2865 is susceptible to forgery attacks by a local attacker who can modify any valid Response (Access-Accept, Access-Reject, or Access-Challenge) to any other response using a chosen- prefix collision attack against MD5 Response Authenticator signature. (CVE-2024-3596)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5040430
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9286
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-3596
CVE CVE-2024-21417
CVE CVE-2024-28899
CVE CVE-2024-30013
CVE CVE-2024-30071
CVE CVE-2024-30079
CVE CVE-2024-30081
CVE CVE-2024-30098
CVE CVE-2024-35270
CVE CVE-2024-37969
CVE CVE-2024-37970
CVE CVE-2024-37971
CVE CVE-2024-37972
CVE CVE-2024-37973
CVE CVE-2024-37974
CVE CVE-2024-37975
CVE CVE-2024-37981
CVE CVE-2024-37984
CVE CVE-2024-37986
CVE CVE-2024-37987
CVE CVE-2024-37988
CVE CVE-2024-37989
CVE CVE-2024-38010
CVE CVE-2024-38011
CVE CVE-2024-38013
CVE CVE-2024-38015
CVE CVE-2024-38017
CVE CVE-2024-38019
CVE CVE-2024-38022
CVE CVE-2024-38025
CVE CVE-2024-38027
CVE CVE-2024-38028
CVE CVE-2024-38030
CVE CVE-2024-38031
CVE CVE-2024-38033
CVE CVE-2024-38034
CVE CVE-2024-38041
CVE CVE-2024-38043
CVE CVE-2024-38044
CVE CVE-2024-38047
CVE CVE-2024-38048
CVE CVE-2024-38049
CVE CVE-2024-38050
CVE CVE-2024-38051
CVE CVE-2024-38052
CVE CVE-2024-38053
CVE CVE-2024-38054
CVE CVE-2024-38055
CVE CVE-2024-38056
CVE CVE-2024-38057
CVE CVE-2024-38058
CVE CVE-2024-38060
CVE CVE-2024-38061
CVE CVE-2024-38062
CVE CVE-2024-38064
CVE CVE-2024-38065
CVE CVE-2024-38066
CVE CVE-2024-38067
CVE CVE-2024-38068
CVE CVE-2024-38069
CVE CVE-2024-38070
CVE CVE-2024-38071
CVE CVE-2024-38072
CVE CVE-2024-38073
CVE CVE-2024-38074
CVE CVE-2024-38076
CVE CVE-2024-38077
CVE CVE-2024-38079
CVE CVE-2024-38085
CVE CVE-2024-38091
CVE CVE-2024-38099
CVE CVE-2024-38100
CVE CVE-2024-38101
CVE CVE-2024-38102
CVE CVE-2024-38104
CVE CVE-2024-38105
CVE CVE-2024-38112
CVE CVE-2024-38517
CVE CVE-2024-39684
MSKB 5040430
XREF MSFT:MS24-5040430
XREF CISA-KNOWN-EXPLOITED:2024/07/30
XREF IAVA:2024-A-0408-S
XREF IAVA:2024-A-0407-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/07/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5040430

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6054
205461 - KB5041578: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5041578. It is, therefore, affected by multiple vulnerabilities

- An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS. This can allow an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. (CVE-2024-21302)

- A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism. (CVE-2022-2601)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5041578
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.9006
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/08/13, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5041578

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6189
206898 - KB5043050: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5043050. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Spoofing Vulnerability (CVE-2024-43461)

- Windows Remote Desktop Licensing Service Spoofing Vulnerability (CVE-2024-43455)

- Windows Remote Desktop Licensing Service Remote Code Execution Vulnerability (CVE-2024-38260, CVE-2024-38263, CVE-2024-43454, CVE-2024-43467)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5043050
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2639
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/09/10, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5043050

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6292
208285 - KB5044277: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5044277. It is, therefore, affected by multiple vulnerabilities

- libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances. (CVE-2024-6197)
- Remote Desktop Client Remote Code Execution Vulnerability (CVE-2024-43599)

- An unauthenticated attacker could send a specially crafted protocol message to a Routing and Remote Access Service (RRAS) server, which could lead to remote code execution (RCE) on the RAS server machine.
(CVE-2024-43607)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5044277
Risk Factor
Critical
CVSS v3.0 Base Score
9.0 (CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.6 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.5847
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-6197
CVE CVE-2024-20659
CVE CVE-2024-30092
CVE CVE-2024-37976
CVE CVE-2024-37979
CVE CVE-2024-37982
CVE CVE-2024-37983
CVE CVE-2024-38124
CVE CVE-2024-38149
CVE CVE-2024-38202
CVE CVE-2024-38212
CVE CVE-2024-38261
CVE CVE-2024-38262
CVE CVE-2024-38265
CVE CVE-2024-43453
CVE CVE-2024-43456
CVE CVE-2024-43501
CVE CVE-2024-43502
CVE CVE-2024-43506
CVE CVE-2024-43509
CVE CVE-2024-43511
CVE CVE-2024-43512
CVE CVE-2024-43513
CVE CVE-2024-43514
CVE CVE-2024-43515
CVE CVE-2024-43516
CVE CVE-2024-43517
CVE CVE-2024-43518
CVE CVE-2024-43519
CVE CVE-2024-43520
CVE CVE-2024-43521
CVE CVE-2024-43523
CVE CVE-2024-43524
CVE CVE-2024-43525
CVE CVE-2024-43526
CVE CVE-2024-43528
CVE CVE-2024-43532
CVE CVE-2024-43534
CVE CVE-2024-43535
CVE CVE-2024-43536
CVE CVE-2024-43537
CVE CVE-2024-43538
CVE CVE-2024-43540
CVE CVE-2024-43541
CVE CVE-2024-43542
CVE CVE-2024-43543
CVE CVE-2024-43544
CVE CVE-2024-43545
CVE CVE-2024-43547
CVE CVE-2024-43549
CVE CVE-2024-43550
CVE CVE-2024-43551
CVE CVE-2024-43553
CVE CVE-2024-43554
CVE CVE-2024-43555
CVE CVE-2024-43556
CVE CVE-2024-43557
CVE CVE-2024-43558
CVE CVE-2024-43559
CVE CVE-2024-43560
CVE CVE-2024-43561
CVE CVE-2024-43562
CVE CVE-2024-43563
CVE CVE-2024-43564
CVE CVE-2024-43565
CVE CVE-2024-43567
CVE CVE-2024-43570
CVE CVE-2024-43572
CVE CVE-2024-43573
CVE CVE-2024-43575
CVE CVE-2024-43581
CVE CVE-2024-43582
CVE CVE-2024-43583
CVE CVE-2024-43585
CVE CVE-2024-43589
CVE CVE-2024-43592
CVE CVE-2024-43593
CVE CVE-2024-43599
CVE CVE-2024-43607
CVE CVE-2024-43608
CVE CVE-2024-43611
CVE CVE-2024-43615
MSKB 5044277
XREF MSFT:MS24-5044277
XREF CISA-KNOWN-EXPLOITED:2024/10/29
XREF IAVA:2024-A-0628
XREF IAVA:2024-A-0631-S
XREF IAVA:2024-A-0630-S
Plugin Information
Published: 2024/10/08, Modified: 2024/11/18
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5044277

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6414
210860 - KB5046615: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5046615. It is, therefore, affected by multiple vulnerabilities

- Windows Kerberos Remote Code Execution Vulnerability (CVE-2024-43639)

- Windows NT OS Kernel Elevation of Privilege Vulnerability (CVE-2024-43623)

- Windows Telephony Service Elevation of Privilege Vulnerability (CVE-2024-43626)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5046615
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
10.0
EPSS Score
0.9039
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/11/12, Modified: 2025/01/23
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5046615

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6530
249130 - KB5063877: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5063877. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)

- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)

- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5063877
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.017
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/08/12, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5063877

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7671
270378 - KB5066586: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities

- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)

- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5066586
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.0824
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2016-9535
CVE CVE-2025-24052
CVE CVE-2025-24990
CVE CVE-2025-25004
CVE CVE-2025-47827
CVE CVE-2025-48813
CVE CVE-2025-49708
CVE CVE-2025-50152
CVE CVE-2025-50175
CVE CVE-2025-53150
CVE CVE-2025-53768
CVE CVE-2025-54957
CVE CVE-2025-55325
CVE CVE-2025-55326
CVE CVE-2025-55328
CVE CVE-2025-55332
CVE CVE-2025-55333
CVE CVE-2025-55335
CVE CVE-2025-55336
CVE CVE-2025-55338
CVE CVE-2025-55678
CVE CVE-2025-55679
CVE CVE-2025-55680
CVE CVE-2025-55681
CVE CVE-2025-55683
CVE CVE-2025-55687
CVE CVE-2025-55692
CVE CVE-2025-55695
CVE CVE-2025-55696
CVE CVE-2025-55699
CVE CVE-2025-55700
CVE CVE-2025-55701
CVE CVE-2025-58714
CVE CVE-2025-58715
CVE CVE-2025-58716
CVE CVE-2025-58717
CVE CVE-2025-58718
CVE CVE-2025-58719
CVE CVE-2025-58720
CVE CVE-2025-58722
CVE CVE-2025-58725
CVE CVE-2025-58726
CVE CVE-2025-58728
CVE CVE-2025-58729
CVE CVE-2025-58730
CVE CVE-2025-58732
CVE CVE-2025-58733
CVE CVE-2025-58734
CVE CVE-2025-58735
CVE CVE-2025-58736
CVE CVE-2025-58737
CVE CVE-2025-58738
CVE CVE-2025-58739
CVE CVE-2025-59184
CVE CVE-2025-59185
CVE CVE-2025-59186
CVE CVE-2025-59187
CVE CVE-2025-59188
CVE CVE-2025-59190
CVE CVE-2025-59191
CVE CVE-2025-59192
CVE CVE-2025-59193
CVE CVE-2025-59195
CVE CVE-2025-59196
CVE CVE-2025-59197
CVE CVE-2025-59198
CVE CVE-2025-59199
CVE CVE-2025-59200
CVE CVE-2025-59201
CVE CVE-2025-59202
CVE CVE-2025-59203
CVE CVE-2025-59204
CVE CVE-2025-59205
CVE CVE-2025-59207
CVE CVE-2025-59208
CVE CVE-2025-59209
CVE CVE-2025-59211
CVE CVE-2025-59214
CVE CVE-2025-59230
CVE CVE-2025-59242
CVE CVE-2025-59244
CVE CVE-2025-59253
CVE CVE-2025-59254
CVE CVE-2025-59255
CVE CVE-2025-59258
CVE CVE-2025-59259
CVE CVE-2025-59260
CVE CVE-2025-59275
CVE CVE-2025-59277
CVE CVE-2025-59278
CVE CVE-2025-59280
CVE CVE-2025-59282
CVE CVE-2025-59294
CVE CVE-2025-59295
MSKB 5066586
XREF MSFT:MS25-5066586
XREF CISA-KNOWN-EXPLOITED:2025/11/04
XREF IAVA:2025-A-0775-S
XREF IAVA:2025-A-0776-S
Plugin Information
Published: 2025/10/14, Modified: 2025/11/18
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5066586

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7919
187901 - Security Updates for Microsoft .NET Framework (January 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Denial of service vulnerability in Microsoft .NET Framework. (CVE-2023-36042, CVE-2024-21312)

- Security feature bypass in System.Data.SqlClient SQL data provider. An attacker can perform a man-in-the-middle attack on the connection between the client and server in order to read and modify the TLS traffic. (CVE-2024-0056)

- Security feature bypass in applications that use the X.509 chain building APIs. When processing an untrusted certificate with malformed signatures, the framework returns an incorrect reason code.
Applications which make use of this reason code may treat this scenario as a successful chain build, potentially bypassing the application's typical authentication logic. (CVE-2024-0057)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.0864
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36042
CVE CVE-2024-0056
CVE CVE-2024-0057
CVE CVE-2024-21312
MSKB 5033898
MSKB 5033899
MSKB 5033904
MSKB 5033907
MSKB 5033909
MSKB 5033910
MSKB 5033911
MSKB 5033912
MSKB 5033914
MSKB 5033916
MSKB 5033917
MSKB 5033918
MSKB 5033919
MSKB 5033920
MSKB 5033922
MSKB 5033945
MSKB 5033946
MSKB 5033947
MSKB 5033948
XREF MSFT:MS24-5033898
XREF MSFT:MS24-5033899
XREF MSFT:MS24-5033904
XREF MSFT:MS24-5033907
XREF MSFT:MS24-5033909
XREF MSFT:MS24-5033910
XREF MSFT:MS24-5033911
XREF MSFT:MS24-5033912
XREF MSFT:MS24-5033914
XREF MSFT:MS24-5033916
XREF MSFT:MS24-5033917
XREF MSFT:MS24-5033918
XREF MSFT:MS24-5033919
XREF MSFT:MS24-5033920
XREF MSFT:MS24-5033922
XREF MSFT:MS24-5033945
XREF MSFT:MS24-5033946
XREF MSFT:MS24-5033947
XREF MSFT:MS24-5033948
XREF IAVA:2024-A-0011-S
Plugin Information
Published: 2024/01/10, Modified: 2024/03/29
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5033904

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3930.0
Should be : 4.7.4081.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5033904
185887 - Security Updates for Microsoft .NET Framework (November 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from accessing internal applications in a website. (CVE-2023-36560)

- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands to the FTP server. (CVE-2023-36049)

- Information disclosure vulnerability in .NET Framework. An attacker can obtain the ObjRef URI which could lead to remote code execution. (CVE-2024-29059
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.9385
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36049
CVE CVE-2023-36560
CVE CVE-2024-29059
MSKB 5031984
MSKB 5031987
MSKB 5031988
MSKB 5031989
MSKB 5031990
MSKB 5031991
MSKB 5031993
MSKB 5031995
MSKB 5031999
MSKB 5032000
MSKB 5032004
MSKB 5032005
MSKB 5032006
MSKB 5032007
MSKB 5032008
MSKB 5032009
MSKB 5032010
MSKB 5032011
MSKB 5032012
XREF MSFT:MS23-5031984
XREF MSFT:MS23-5031987
XREF MSFT:MS23-5031988
XREF MSFT:MS23-5031989
XREF MSFT:MS23-5031990
XREF MSFT:MS23-5031991
XREF MSFT:MS23-5031993
XREF MSFT:MS23-5031995
XREF MSFT:MS23-5031999
XREF MSFT:MS23-5032000
XREF MSFT:MS23-5032004
XREF MSFT:MS23-5032005
XREF MSFT:MS23-5032006
XREF MSFT:MS23-5032007
XREF MSFT:MS23-5032008
XREF MSFT:MS23-5032009
XREF MSFT:MS23-5032010
XREF MSFT:MS23-5032011
XREF MSFT:MS23-5032012
XREF IAVA:2023-A-0618-S
XREF IAVA:2024-A-0178-S
XREF CISA-KNOWN-EXPLOITED:2025/02/25
Plugin Information
Published: 2023/11/16, Modified: 2025/02/04
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5031984

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.9051
Should be : 2.0.50727.9062

11_2023 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3930.0
Should be : 4.7.4076.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5031984

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.9051
Should be : 2.0.50727.9062

207065 - Security Updates for Microsoft SQL Server Elevation of Privilege (September 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is affected by the following vulnerabilities:

- An elevation of privilege vulnerability. An authenticated, remote attacker can exploit this issue, to gain elevated privileges. (CVE-2024-37341, CVE-2024-37965, CVE-2024-37980)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.076
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-37341
CVE CVE-2024-37965
CVE CVE-2024-37980
MSKB 5042207
MSKB 5042209
MSKB 5042578
MSKB 5042749
MSKB 5042211
MSKB 5042215
MSKB 5042214
MSKB 5042217
XREF MSFT:MS24-5042207
XREF MSFT:MS24-5042209
XREF MSFT:MS24-5042578
XREF MSFT:MS24-5042749
XREF MSFT:MS24-5042211
XREF MSFT:MS24-5042215
XREF MSFT:MS24-5042214
XREF MSFT:MS24-5042217
XREF IAVA:2024-A-0565-S
Plugin Information
Published: 2024/09/12, Modified: 2025/01/08
Plugin Output

tcp/445/cifs



KB : 5042749
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4390.2

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER

156103 - Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104)
-
Synopsis
A package installed on the remote host is affected by a remote code execution vulnerability.
Description
The version of Apache Log4j on the remote host is 1.2. It is, therefore, affected by a remote code execution vulnerability when specifically configured to use JMSAppender.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.722
CVSS v2.0 Base Score
6.0 (CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2021-4104
XREF IAVA:2021-A-0573
XREF IAVA:0001-A-0650
Plugin Information
Published: 2021/12/15, Modified: 2024/06/13
Plugin Output

tcp/0


Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\ALPHA\FVU 5.0\log4j-1.2.8.jar
Installed version : 1.2.8
Fixed version : 2.16.0

tcp/0


Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\FVU 5.0\log4j-1.2.8.jar
Installed version : 1.2.8
Fixed version : 2.16.0

169788 - KB5022286: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5022286. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2023-21732)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-21681)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2023-21676)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5022286
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.5296
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/01/10, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5022286

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.3887
181303 - KB5030214: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5030214. It is, therefore, affected by multiple vulnerabilities

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-35355)

- DHCP Server Service Denial of Service Vulnerability (CVE-2023-38162)

- Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5030214
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7891
CVSS v2.0 Base Score
8.3 (CVSS2#AV:A/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.2 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-35355
CVE CVE-2023-36801
CVE CVE-2023-36802
CVE CVE-2023-36803
CVE CVE-2023-36804
CVE CVE-2023-36805
CVE CVE-2023-38139
CVE CVE-2023-38140
CVE CVE-2023-38141
CVE CVE-2023-38142
CVE CVE-2023-38143
CVE CVE-2023-38144
CVE CVE-2023-38147
CVE CVE-2023-38149
CVE CVE-2023-38152
CVE CVE-2023-38160
CVE CVE-2023-38161
CVE CVE-2023-38162
MSKB 5030214
XREF MSFT:MS23-5030214
XREF CISA-KNOWN-EXPLOITED:2023/10/03
XREF IAVA:2023-A-0472-S
XREF IAVA:2023-A-0471-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/09/12, Modified: 2024/10/23
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5030214

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.4851
186789 - KB5033371: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033371. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)

- Win32k Elevation of Privilege Vulnerability (CVE-2023-36011)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5033371
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.3857
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/12/12, Modified: 2025/10/31
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5033371

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5202
187803 - KB5034127: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034127. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)

- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)

- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034127
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.5194
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/01/09, Modified: 2024/06/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034127

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5328
190482 - KB5034768: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034768. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21375, CVE-2024-21391, CVE-2024-21420)

- Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338, CVE-2024-21371)

- Windows Kernel Information Disclosure Vulnerability (CVE-2024-21340)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034768
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.9377
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/02/13, Modified: 2025/10/09
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034768

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5458
191938 - KB5035849: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5035849. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)

- Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5035849
Risk Factor
Critical
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.3458
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/03/12, Modified: 2025/10/22
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5035849

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5576
193091 - KB5036896: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5036896. It is, therefore, affected by multiple vulnerabilities

- SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

- Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920, CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061, CVE-2024-29062)

- Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5036896
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.6
EPSS Score
0.8317
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-20665
CVE CVE-2024-20669
CVE CVE-2024-20678
CVE CVE-2024-20693
CVE CVE-2024-23593
CVE CVE-2024-23594
CVE CVE-2024-26158
CVE CVE-2024-26168
CVE CVE-2024-26171
CVE CVE-2024-26172
CVE CVE-2024-26175
CVE CVE-2024-26179
CVE CVE-2024-26180
CVE CVE-2024-26183
CVE CVE-2024-26189
CVE CVE-2024-26194
CVE CVE-2024-26195
CVE CVE-2024-26200
CVE CVE-2024-26202
CVE CVE-2024-26205
CVE CVE-2024-26207
CVE CVE-2024-26208
CVE CVE-2024-26209
CVE CVE-2024-26210
CVE CVE-2024-26211
CVE CVE-2024-26212
CVE CVE-2024-26214
CVE CVE-2024-26215
CVE CVE-2024-26216
CVE CVE-2024-26217
CVE CVE-2024-26218
CVE CVE-2024-26219
CVE CVE-2024-26220
CVE CVE-2024-26221
CVE CVE-2024-26222
CVE CVE-2024-26223
CVE CVE-2024-26224
CVE CVE-2024-26226
CVE CVE-2024-26227
CVE CVE-2024-26228
CVE CVE-2024-26229
CVE CVE-2024-26230
CVE CVE-2024-26231
CVE CVE-2024-26232
CVE CVE-2024-26233
CVE CVE-2024-26234
CVE CVE-2024-26237
CVE CVE-2024-26239
CVE CVE-2024-26240
CVE CVE-2024-26241
CVE CVE-2024-26242
CVE CVE-2024-26244
CVE CVE-2024-26248
CVE CVE-2024-26250
CVE CVE-2024-26252
CVE CVE-2024-26253
CVE CVE-2024-26254
CVE CVE-2024-26255
CVE CVE-2024-28896
CVE CVE-2024-28897
CVE CVE-2024-28898
CVE CVE-2024-28900
CVE CVE-2024-28901
CVE CVE-2024-28902
CVE CVE-2024-28903
CVE CVE-2024-28919
CVE CVE-2024-28920
CVE CVE-2024-28921
CVE CVE-2024-28922
CVE CVE-2024-28923
CVE CVE-2024-28924
CVE CVE-2024-28925
CVE CVE-2024-29050
CVE CVE-2024-29056
CVE CVE-2024-29061
CVE CVE-2024-29062
CVE CVE-2024-29064
CVE CVE-2024-29066
CVE CVE-2024-29988
MSKB 5036896
XREF MSFT:MS24-5036896
XREF CISA-KNOWN-EXPLOITED:2024/05/21
XREF IAVA:2024-A-0227-S
XREF IAVA:2024-A-0228-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/04/09, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5036896

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5696
197006 - KB5037765: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5037765 or 5039705. It is, therefore, affected by multiple vulnerabilities

- Windows MSHTML Platform Security Feature Bypass Vulnerability (CVE-2024-30040)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-29996, CVE-2024-30025, CVE-2024-30037)

- Windows Mobile Broadband Driver Remote Code Execution Vulnerability (CVE-2024-29997, CVE-2024-29998, CVE-2024-29999, CVE-2024-30000, CVE-2024-30001, CVE-2024-30002, CVE-2024-30003, CVE-2024-30004, CVE-2024-30005, CVE-2024-30012, CVE-2024-30021)

Due to issues with the originally published patch (KB5037765), Microsoft has released KB5039705 as an Out-of-Bounds (OOB) patch.
While the OOB patch does not include any new security fixes relative to KB5037765, it may be required if KB5037765 fails to install.
Please review the links provided in the See Also section for additional guidance.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5037765 or 5039705
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.5191
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2024/05/14, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5037765
- 5039705

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5820
200349 - KB5039217: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5039217. It is, therefore, affected by multiple vulnerabilities

- Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability (CVE-2024-30097)

- Windows Remote Access Connection Manager Information Disclosure Vulnerability (CVE-2024-30069)

- DHCP Server Service Denial of Service Vulnerability (CVE-2024-30070)

- Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability (CVE-2024-30080)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5039217
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.8897
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-50868
CVE CVE-2024-30062
CVE CVE-2024-30063
CVE CVE-2024-30065
CVE CVE-2024-30066
CVE CVE-2024-30067
CVE CVE-2024-30068
CVE CVE-2024-30069
CVE CVE-2024-30070
CVE CVE-2024-30076
CVE CVE-2024-30077
CVE CVE-2024-30078
CVE CVE-2024-30080
CVE CVE-2024-30082
CVE CVE-2024-30083
CVE CVE-2024-30084
CVE CVE-2024-30085
CVE CVE-2024-30086
CVE CVE-2024-30087
CVE CVE-2024-30088
CVE CVE-2024-30089
CVE CVE-2024-30090
CVE CVE-2024-30091
CVE CVE-2024-30093
CVE CVE-2024-30094
CVE CVE-2024-30095
CVE CVE-2024-30096
CVE CVE-2024-30097
CVE CVE-2024-30099
CVE CVE-2024-35250
CVE CVE-2024-35265
CVE CVE-2024-38213
MSKB 5039217
XREF MSFT:MS24-5039217
XREF IAVA:2024-A-0343-S
XREF IAVA:2024-A-0345-S
XREF CISA-KNOWN-EXPLOITED:2025/01/06
XREF CISA-KNOWN-EXPLOITED:2024/11/05
XREF CISA-KNOWN-EXPLOITED:2024/09/03
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2024/06/11, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5039217

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.5933
212239 - KB5048661: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5048661. It is, therefore, affected by multiple vulnerabilities

- Windows Kernel-Mode Driver Elevation of Privilege Vulnerability (CVE-2024-49074)

- Input Method Editor (IME) Remote Code Execution Vulnerability (CVE-2024-49079)

- Windows Common Log File System Driver Elevation of Privilege Vulnerability (CVE-2024-49090)

- Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability (CVE-2024-49112)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5048661
Risk Factor
Critical
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.0 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.8871
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/12/10, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5048661

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6640
214115 - KB5050008: Windows 10 version 1809 / Windows Server 2019 Security Update (January 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5050008. It is, therefore, affected by multiple vulnerabilities

- Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability (CVE-2025-21307)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21223, CVE-2025-21233, CVE-2025-21236, CVE-2025-21237, CVE-2025-21238, CVE-2025-21239, CVE-2025-21240, CVE-2025-21241, CVE-2025-21243, CVE-2025-21244, CVE-2025-21245, CVE-2025-21246, CVE-2025-21248, CVE-2025-21250, CVE-2025-21252, CVE-2025-21266, CVE-2025-21273, CVE-2025-21282, CVE-2025-21286, CVE-2025-21302, CVE-2025-21303, CVE-2025-21305, CVE-2025-21306, CVE-2025-21339, CVE-2025-21409, CVE-2025-21411, CVE-2025-21413, CVE-2025-21417)

- Windows BitLocker Information Disclosure Vulnerability (CVE-2025-21210, CVE-2025-21214)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5050008
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.7811
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-7344
CVE CVE-2025-21189
CVE CVE-2025-21193
CVE CVE-2025-21202
CVE CVE-2025-21207
CVE CVE-2025-21210
CVE CVE-2025-21211
CVE CVE-2025-21213
CVE CVE-2025-21214
CVE CVE-2025-21215
CVE CVE-2025-21217
CVE CVE-2025-21218
CVE CVE-2025-21219
CVE CVE-2025-21220
CVE CVE-2025-21223
CVE CVE-2025-21225
CVE CVE-2025-21226
CVE CVE-2025-21227
CVE CVE-2025-21228
CVE CVE-2025-21229
CVE CVE-2025-21230
CVE CVE-2025-21231
CVE CVE-2025-21232
CVE CVE-2025-21233
CVE CVE-2025-21236
CVE CVE-2025-21237
CVE CVE-2025-21238
CVE CVE-2025-21239
CVE CVE-2025-21240
CVE CVE-2025-21241
CVE CVE-2025-21242
CVE CVE-2025-21243
CVE CVE-2025-21244
CVE CVE-2025-21245
CVE CVE-2025-21246
CVE CVE-2025-21248
CVE CVE-2025-21249
CVE CVE-2025-21250
CVE CVE-2025-21251
CVE CVE-2025-21252
CVE CVE-2025-21255
CVE CVE-2025-21256
CVE CVE-2025-21257
CVE CVE-2025-21258
CVE CVE-2025-21260
CVE CVE-2025-21261
CVE CVE-2025-21263
CVE CVE-2025-21265
CVE CVE-2025-21266
CVE CVE-2025-21268
CVE CVE-2025-21269
CVE CVE-2025-21270
CVE CVE-2025-21271
CVE CVE-2025-21272
CVE CVE-2025-21273
CVE CVE-2025-21274
CVE CVE-2025-21276
CVE CVE-2025-21277
CVE CVE-2025-21278
CVE CVE-2025-21280
CVE CVE-2025-21281
CVE CVE-2025-21282
CVE CVE-2025-21284
CVE CVE-2025-21285
CVE CVE-2025-21286
CVE CVE-2025-21287
CVE CVE-2025-21288
CVE CVE-2025-21289
CVE CVE-2025-21290
CVE CVE-2025-21291
CVE CVE-2025-21292
CVE CVE-2025-21293
CVE CVE-2025-21294
CVE CVE-2025-21295
CVE CVE-2025-21296
CVE CVE-2025-21297
CVE CVE-2025-21298
CVE CVE-2025-21299
CVE CVE-2025-21300
CVE CVE-2025-21301
CVE CVE-2025-21302
CVE CVE-2025-21303
CVE CVE-2025-21304
CVE CVE-2025-21305
CVE CVE-2025-21306
CVE CVE-2025-21307
CVE CVE-2025-21308
CVE CVE-2025-21309
CVE CVE-2025-21310
CVE CVE-2025-21312
CVE CVE-2025-21314
CVE CVE-2025-21316
CVE CVE-2025-21318
CVE CVE-2025-21319
CVE CVE-2025-21320
CVE CVE-2025-21321
CVE CVE-2025-21323
CVE CVE-2025-21324
CVE CVE-2025-21327
CVE CVE-2025-21328
CVE CVE-2025-21329
CVE CVE-2025-21330
CVE CVE-2025-21331
CVE CVE-2025-21332
CVE CVE-2025-21336
CVE CVE-2025-21338
CVE CVE-2025-21339
CVE CVE-2025-21340
CVE CVE-2025-21341
CVE CVE-2025-21374
CVE CVE-2025-21378
CVE CVE-2025-21382
CVE CVE-2025-21389
CVE CVE-2025-21409
CVE CVE-2025-21411
CVE CVE-2025-21413
CVE CVE-2025-21417
MSKB 5050008
XREF MSFT:MS25-5050008
XREF IAVA:2025-A-0034-S
XREF IAVA:2025-A-0033-S
XREF CWE:20
XREF CWE:41
XREF CWE:59
XREF CWE:94
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:191
XREF CWE:200
XREF CWE:203
XREF CWE:269
XREF CWE:284
XREF CWE:347
XREF CWE:352
XREF CWE:362
XREF CWE:400
XREF CWE:415
XREF CWE:416
XREF CWE:451
XREF CWE:476
XREF CWE:532
XREF CWE:591
XREF CWE:636
XREF CWE:693
XREF CWE:843
XREF CWE:908
XREF CWE:922
Exploitable With
Metasploit (true)
Plugin Information
Published: 2025/01/14, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5050008

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6766
216131 - KB5052000: Windows 10 version 1809 / Windows Server 2019 Security Update (February 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5052000. It is, therefore, affected by multiple vulnerabilities

- Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability (CVE-2025-21208, CVE-2025-21410)

- Windows Telephony Service Remote Code Execution Vulnerability (CVE-2025-21190, CVE-2025-21200, CVE-2025-21371, CVE-2025-21406, CVE-2025-21407)

- Microsoft Digest Authentication Remote Code Execution Vulnerability (CVE-2025-21368, CVE-2025-21369)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5052000
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.2857
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2025/02/11, Modified: 2025/10/06
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5052000

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.6893
232617 - KB5053596: Windows 10 version 1809 / Windows Server 2019 Security Update (March 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5053596. It is, therefore, affected by multiple vulnerabilities

- Relative path traversal in Remote Desktop Client allows an unauthorized attacker to execute code over a network. (CVE-2025-26645)

- Sensitive data storage in improperly locked memory in Windows Remote Desktop Services allows an unauthorized attacker to execute code over a network. (CVE-2025-24035, CVE-2025-24045)

- ** UNSUPPORTED WHEN ASSIGNED ** A privilege escalation vulnerability in CxUIUSvc64.exe and CxUIUSvc32.exe of Synaptics audio drivers allows a local authorized attacker to load a DLL in a privileged process. Out of an abundance of caution, this CVE ID is being assigned to better serve our customers and ensure all who are still running this product understand that the product is End-of-Life and should be removed. For more information on this, refer to the CVE Record's reference information. (CVE-2024-9157)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5053596
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.5654
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-9157
CVE CVE-2025-21180
CVE CVE-2025-21247
CVE CVE-2025-24035
CVE CVE-2025-24044
CVE CVE-2025-24045
CVE CVE-2025-24046
CVE CVE-2025-24048
CVE CVE-2025-24050
CVE CVE-2025-24051
CVE CVE-2025-24054
CVE CVE-2025-24055
CVE CVE-2025-24056
CVE CVE-2025-24059
CVE CVE-2025-24061
CVE CVE-2025-24064
CVE CVE-2025-24066
CVE CVE-2025-24067
CVE CVE-2025-24071
CVE CVE-2025-24072
CVE CVE-2025-24984
CVE CVE-2025-24985
CVE CVE-2025-24987
CVE CVE-2025-24988
CVE CVE-2025-24991
CVE CVE-2025-24992
CVE CVE-2025-24993
CVE CVE-2025-24995
CVE CVE-2025-24996
CVE CVE-2025-25008
CVE CVE-2025-26633
CVE CVE-2025-26645
MSKB 5053596
XREF MSFT:MS25-5053596
XREF IAVA:2025-A-0181-S
XREF IAVA:2025-A-0182-S
XREF CISA-KNOWN-EXPLOITED:2025/05/08
XREF CISA-KNOWN-EXPLOITED:2025/04/01
XREF CWE:23
XREF CWE:41
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:200
XREF CWE:284
XREF CWE:416
XREF CWE:532
XREF CWE:591
XREF CWE:681
XREF CWE:693
XREF CWE:707
Plugin Information
Published: 2025/03/11, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5053596

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7009
234046 - KB5055519: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5055519. It is, therefore, affected by multiple vulnerabilities

- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5055519
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2827
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-21174
CVE CVE-2025-21191
CVE CVE-2025-21197
CVE CVE-2025-21203
CVE CVE-2025-21204
CVE CVE-2025-21205
CVE CVE-2025-21221
CVE CVE-2025-21222
CVE CVE-2025-24058
CVE CVE-2025-24060
CVE CVE-2025-24073
CVE CVE-2025-24074
CVE CVE-2025-26635
CVE CVE-2025-26637
CVE CVE-2025-26640
CVE CVE-2025-26641
CVE CVE-2025-26644
CVE CVE-2025-26647
CVE CVE-2025-26648
CVE CVE-2025-26652
CVE CVE-2025-26663
CVE CVE-2025-26664
CVE CVE-2025-26665
CVE CVE-2025-26666
CVE CVE-2025-26667
CVE CVE-2025-26668
CVE CVE-2025-26669
CVE CVE-2025-26670
CVE CVE-2025-26671
CVE CVE-2025-26672
CVE CVE-2025-26673
CVE CVE-2025-26674
CVE CVE-2025-26676
CVE CVE-2025-26678
CVE CVE-2025-26679
CVE CVE-2025-26680
CVE CVE-2025-26686
CVE CVE-2025-26687
CVE CVE-2025-26688
CVE CVE-2025-27467
CVE CVE-2025-27469
CVE CVE-2025-27470
CVE CVE-2025-27471
CVE CVE-2025-27473
CVE CVE-2025-27474
CVE CVE-2025-27476
CVE CVE-2025-27477
CVE CVE-2025-27478
CVE CVE-2025-27479
CVE CVE-2025-27480
CVE CVE-2025-27481
CVE CVE-2025-27482
CVE CVE-2025-27483
CVE CVE-2025-27484
CVE CVE-2025-27485
CVE CVE-2025-27486
CVE CVE-2025-27487
CVE CVE-2025-27491
CVE CVE-2025-27727
CVE CVE-2025-27730
CVE CVE-2025-27731
CVE CVE-2025-27732
CVE CVE-2025-27733
CVE CVE-2025-27735
CVE CVE-2025-27736
CVE CVE-2025-27737
CVE CVE-2025-27738
CVE CVE-2025-27739
CVE CVE-2025-27740
CVE CVE-2025-27741
CVE CVE-2025-27742
CVE CVE-2025-29809
CVE CVE-2025-29810
CVE CVE-2025-29824
MSKB 5055519
XREF CISA-KNOWN-EXPLOITED:2025/04/29
XREF MSFT:MS25-5055519
XREF IAVA:2025-A-0256-S
XREF IAVA:2025-A-0255-S
XREF CWE:20
XREF CWE:59
XREF CWE:121
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:200
XREF CWE:284
XREF CWE:345
XREF CWE:367
XREF CWE:400
XREF CWE:410
XREF CWE:415
XREF CWE:416
XREF CWE:591
XREF CWE:667
XREF CWE:693
XREF CWE:787
XREF CWE:822
XREF CWE:908
XREF CWE:922
XREF CWE:1039
XREF CWE:1390
Plugin Information
Published: 2025/04/08, Modified: 2025/09/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5055519

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7131
235845 - KB5058392: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5058392. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)

- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)

- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5058392
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.2127
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/05/13, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5058392

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7309
238080 - KB5060531: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5060531. It is, therefore, affected by multiple vulnerabilities

- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)

- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)

- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5060531
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.5119
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-3052
CVE CVE-2025-24065
CVE CVE-2025-24068
CVE CVE-2025-24069
CVE CVE-2025-32712
CVE CVE-2025-32713
CVE CVE-2025-32714
CVE CVE-2025-32715
CVE CVE-2025-32716
CVE CVE-2025-32718
CVE CVE-2025-32719
CVE CVE-2025-32720
CVE CVE-2025-32721
CVE CVE-2025-32722
CVE CVE-2025-32724
CVE CVE-2025-32725
CVE CVE-2025-33050
CVE CVE-2025-33052
CVE CVE-2025-33053
CVE CVE-2025-33055
CVE CVE-2025-33056
CVE CVE-2025-33057
CVE CVE-2025-33058
CVE CVE-2025-33059
CVE CVE-2025-33060
CVE CVE-2025-33061
CVE CVE-2025-33062
CVE CVE-2025-33063
CVE CVE-2025-33064
CVE CVE-2025-33065
CVE CVE-2025-33066
CVE CVE-2025-33067
CVE CVE-2025-33068
CVE CVE-2025-33070
CVE CVE-2025-33071
CVE CVE-2025-33073
CVE CVE-2025-33075
CVE CVE-2025-47160
MSKB 5060531
XREF MSFT:MS25-5060531
XREF IAVA:2025-A-0428-S
XREF IAVA:2025-A-0417-S
XREF CISA-KNOWN-EXPLOITED:2025/11/10
XREF CISA-KNOWN-EXPLOITED:2025/07/01
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:269
XREF CWE:284
XREF CWE:400
XREF CWE:416
XREF CWE:476
XREF CWE:693
XREF CWE:908
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2025/06/10, Modified: 2025/10/21
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5060531

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7434
241548 - KB5062557: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5062557. It is, therefore, affected by multiple vulnerabilities

- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)

- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)

- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5062557
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0055
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-36350
CVE CVE-2025-36357
CVE CVE-2025-47159
CVE CVE-2025-47971
CVE CVE-2025-47972
CVE CVE-2025-47973
CVE CVE-2025-47975
CVE CVE-2025-47976
CVE CVE-2025-47980
CVE CVE-2025-47981
CVE CVE-2025-47982
CVE CVE-2025-47984
CVE CVE-2025-47985
CVE CVE-2025-47986
CVE CVE-2025-47987
CVE CVE-2025-47991
CVE CVE-2025-47996
CVE CVE-2025-47998
CVE CVE-2025-47999
CVE CVE-2025-48000
CVE CVE-2025-48001
CVE CVE-2025-48003
CVE CVE-2025-48799
CVE CVE-2025-48800
CVE CVE-2025-48803
CVE CVE-2025-48804
CVE CVE-2025-48805
CVE CVE-2025-48806
CVE CVE-2025-48808
CVE CVE-2025-48811
CVE CVE-2025-48814
CVE CVE-2025-48815
CVE CVE-2025-48816
CVE CVE-2025-48817
CVE CVE-2025-48818
CVE CVE-2025-48819
CVE CVE-2025-48820
CVE CVE-2025-48821
CVE CVE-2025-48822
CVE CVE-2025-48823
CVE CVE-2025-48824
CVE CVE-2025-49657
CVE CVE-2025-49658
CVE CVE-2025-49659
CVE CVE-2025-49660
CVE CVE-2025-49661
CVE CVE-2025-49663
CVE CVE-2025-49664
CVE CVE-2025-49665
CVE CVE-2025-49666
CVE CVE-2025-49667
CVE CVE-2025-49668
CVE CVE-2025-49669
CVE CVE-2025-49670
CVE CVE-2025-49671
CVE CVE-2025-49672
CVE CVE-2025-49673
CVE CVE-2025-49674
CVE CVE-2025-49675
CVE CVE-2025-49676
CVE CVE-2025-49678
CVE CVE-2025-49679
CVE CVE-2025-49680
CVE CVE-2025-49681
CVE CVE-2025-49683
CVE CVE-2025-49684
CVE CVE-2025-49685
CVE CVE-2025-49686
CVE CVE-2025-49687
CVE CVE-2025-49688
CVE CVE-2025-49689
CVE CVE-2025-49690
CVE CVE-2025-49691
CVE CVE-2025-49716
CVE CVE-2025-49721
CVE CVE-2025-49722
CVE CVE-2025-49723
CVE CVE-2025-49724
CVE CVE-2025-49725
CVE CVE-2025-49726
CVE CVE-2025-49727
CVE CVE-2025-49729
CVE CVE-2025-49730
CVE CVE-2025-49732
CVE CVE-2025-49733
CVE CVE-2025-49740
CVE CVE-2025-49742
CVE CVE-2025-49744
CVE CVE-2025-49753
CVE CVE-2025-49760
CVE CVE-2025-55230
CVE CVE-2025-55231
MSKB 5062557
XREF MSFT:MS25-5062557
XREF IAVA:2025-A-0507-S
XREF IAVA:2025-A-0506-S
XREF IAVA:2025-A-0631-S
XREF CWE:20
XREF CWE:23
XREF CWE:59
XREF CWE:73
XREF CWE:122
XREF CWE:125
XREF CWE:126
XREF CWE:190
XREF CWE:191
XREF CWE:197
XREF CWE:200
XREF CWE:284
XREF CWE:306
XREF CWE:326
XREF CWE:349
XREF CWE:353
XREF CWE:362
XREF CWE:367
XREF CWE:400
XREF CWE:415
XREF CWE:416
XREF CWE:476
XREF CWE:591
XREF CWE:693
XREF CWE:787
XREF CWE:820
XREF CWE:822
XREF CWE:843
XREF CWE:862
Plugin Information
Published: 2025/07/08, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5062557

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7558
261799 - KB5065428: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities

- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)

- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)

- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5065428
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0073
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/09/09, Modified: 2025/10/29
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5065428

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.7786
274782 - KB5068791: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)

- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5068791
Risk Factor
Critical
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0009
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/11/11, Modified: 2025/11/14
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5068791

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.8024
277987 - KB5071544: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities

- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)

- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)

- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5071544
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0821
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/12/09, Modified: 2025/12/17
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5071544

- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.3770
Should be : 10.0.17763.8146
192147 - Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203)
-
Synopsis
An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.
Description
The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0214
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-26203
XREF IAVA:2024-A-0157
Plugin Information
Published: 2024/03/15, Modified: 2024/03/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Azure Data Studio\
Installed version : 1.41.2.0
Fixed version : 1.48.0
242073 - RARLAB WinRAR < 7.12 Beta 1 Directory Traversal Remote Code Execution (CVE-2025-6218)
-
Synopsis
The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.
Description
The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:

- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.0029
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2025-6218
XREF IAVA:2025-A-0227
XREF ZDI:ZDI-25-409
XREF CISA-KNOWN-EXPLOITED:2025/12/30
Plugin Information
Published: 2025/07/14, Modified: 2025/12/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 7.12 Beta 1
248462 - RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088)
-
Synopsis
The remote Windows host has an application installed which is affected by a directory traversal vulnerability.
Description
The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:

- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to RARLAB WinRAR version 7.13 or later.
Risk Factor
Critical
CVSS v4.0 Base Score
8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.0562
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2025-8088
XREF CISA-KNOWN-EXPLOITED:2025/09/02
XREF IAVA:2025-A-0608
Plugin Information
Published: 2025/08/11, Modified: 2025/08/21
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 7.13
193217 - Security Updates for Microsoft .NET Framework (April 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.547
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21409
MSKB 5036604
MSKB 5036605
MSKB 5036606
MSKB 5036607
MSKB 5036608
MSKB 5036609
MSKB 5036610
MSKB 5036611
MSKB 5036612
MSKB 5036613
MSKB 5036614
MSKB 5036615
MSKB 5036618
MSKB 5036619
MSKB 5036620
MSKB 5036621
MSKB 5036624
MSKB 5036625
MSKB 5036626
MSKB 5036627
MSKB 5036631
MSKB 5036632
MSKB 5036633
MSKB 5036634
MSKB 5036636
MSKB 5036637
XREF MSFT:MS24-5036604
XREF MSFT:MS24-5036605
XREF MSFT:MS24-5036606
XREF MSFT:MS24-5036607
XREF MSFT:MS24-5036608
XREF MSFT:MS24-5036609
XREF MSFT:MS24-5036610
XREF MSFT:MS24-5036611
XREF MSFT:MS24-5036612
XREF MSFT:MS24-5036613
XREF MSFT:MS24-5036614
XREF MSFT:MS24-5036615
XREF MSFT:MS24-5036618
XREF MSFT:MS24-5036619
XREF MSFT:MS24-5036620
XREF MSFT:MS24-5036621
XREF MSFT:MS24-5036624
XREF MSFT:MS24-5036625
XREF MSFT:MS24-5036626
XREF MSFT:MS24-5036627
XREF MSFT:MS24-5036631
XREF MSFT:MS24-5036632
XREF MSFT:MS24-5036633
XREF MSFT:MS24-5036634
XREF MSFT:MS24-5036636
XREF MSFT:MS24-5036637
XREF IAVA:2024-A-0219-S
Plugin Information
Published: 2024/04/11, Modified: 2024/07/12
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5036604

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched.
Remote version : 4.7.3620.0
Should be : 4.7.4092.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5036604
179664 - Security Updates for Microsoft .NET Framework (August 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in applications running on IIS using their parent application's Application Pool which can lead to privilege escalation and other security bypasses. (CVE-2023-36899)

- A spoofing vulnerability where an unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. (CVE-2023-36873)
See Also
http://www.nessus.org/u?31a7e1cb
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899
https://support.microsoft.com/en-us/help/5028946
https://support.microsoft.com/en-us/help/5028947
https://support.microsoft.com/en-us/help/5028948
https://support.microsoft.com/en-us/help/5028950
https://support.microsoft.com/en-us/help/5028951
https://support.microsoft.com/en-us/help/5028952
https://support.microsoft.com/en-us/help/5028953
https://support.microsoft.com/en-us/help/5028954
https://support.microsoft.com/en-us/help/5028955
https://support.microsoft.com/en-us/help/5028956
https://support.microsoft.com/en-us/help/5028957
https://support.microsoft.com/en-us/help/5028958
https://support.microsoft.com/en-us/help/5028960
https://support.microsoft.com/en-us/help/5028961
https://support.microsoft.com/en-us/help/5028962
https://support.microsoft.com/en-us/help/5028963
https://support.microsoft.com/en-us/help/5028967
https://support.microsoft.com/en-us/help/5028968
https://support.microsoft.com/en-us/help/5028969
https://support.microsoft.com/en-us/help/5028970
https://support.microsoft.com/en-us/help/5028973
https://support.microsoft.com/en-us/help/5028974
https://support.microsoft.com/en-us/help/5028975
https://support.microsoft.com/en-us/help/5028976
https://support.microsoft.com/en-us/help/5028977
https://support.microsoft.com/en-us/help/5028978
https://support.microsoft.com/en-us/help/5028979
https://support.microsoft.com/en-us/help/5028980
https://support.microsoft.com/en-us/help/5028981
https://support.microsoft.com/en-us/help/5028982
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.6966
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36873
CVE CVE-2023-36899
MSKB 5028946
MSKB 5028947
MSKB 5028948
MSKB 5028950
MSKB 5028951
MSKB 5028952
MSKB 5028953
MSKB 5028954
MSKB 5028955
MSKB 5028956
MSKB 5028957
MSKB 5028958
MSKB 5028960
MSKB 5028961
MSKB 5028962
MSKB 5028963
MSKB 5028967
MSKB 5028968
MSKB 5028969
MSKB 5028970
MSKB 5028973
MSKB 5028974
MSKB 5028975
MSKB 5028976
MSKB 5028977
MSKB 5028978
MSKB 5028979
MSKB 5028980
MSKB 5028981
MSKB 5028982
XREF MSFT:MS23-5028946
XREF MSFT:MS23-5028947
XREF MSFT:MS23-5028948
XREF MSFT:MS23-5028950
XREF MSFT:MS23-5028951
XREF MSFT:MS23-5028952
XREF MSFT:MS23-5028953
XREF MSFT:MS23-5028954
XREF MSFT:MS23-5028955
XREF MSFT:MS23-5028956
XREF MSFT:MS23-5028957
XREF MSFT:MS23-5028958
XREF MSFT:MS23-5028960
XREF MSFT:MS23-5028961
XREF MSFT:MS23-5028962
XREF MSFT:MS23-5028963
XREF MSFT:MS23-5028967
XREF MSFT:MS23-5028968
XREF MSFT:MS23-5028969
XREF MSFT:MS23-5028970
XREF MSFT:MS23-5028973
XREF MSFT:MS23-5028974
XREF MSFT:MS23-5028975
XREF MSFT:MS23-5028976
XREF MSFT:MS23-5028977
XREF MSFT:MS23-5028978
XREF MSFT:MS23-5028979
XREF MSFT:MS23-5028980
XREF MSFT:MS23-5028981
XREF MSFT:MS23-5028982
XREF IAVA:2023-A-0406-S
Plugin Information
Published: 2023/08/10, Modified: 2023/09/15
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5028960

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.9051
Should be : 2.0.50727.9061

08_2023 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.7.3930.0
Should be : 4.7.4057.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5028960

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.web.dll has not been patched.
Remote version : 2.0.50727.9051
Should be : 2.0.50727.9061

171598 - Security Updates for Microsoft .NET Framework (February 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A denial of service (DoS) vulnerability. (CVE-2023-21722)

- A remote code execution vulnerability. (CVE-2023-21808)
See Also
http://www.nessus.org/u?5bd7d30c
http://www.nessus.org/u?42dae88f
http://www.nessus.org/u?db0b1765
https://support.microsoft.com/en-us/help/5022497
https://support.microsoft.com/en-us/help/5022498
https://support.microsoft.com/en-us/help/5022499
https://support.microsoft.com/en-us/help/5022501
https://support.microsoft.com/en-us/help/5022502
https://support.microsoft.com/en-us/help/5022503
https://support.microsoft.com/en-us/help/5022504
https://support.microsoft.com/en-us/help/5022505
https://support.microsoft.com/en-us/help/5022506
https://support.microsoft.com/en-us/help/5022507
https://support.microsoft.com/en-us/help/5022508
https://support.microsoft.com/en-us/help/5022509
https://support.microsoft.com/en-us/help/5022511
https://support.microsoft.com/en-us/help/5022512
https://support.microsoft.com/en-us/help/5022513
https://support.microsoft.com/en-us/help/5022514
https://support.microsoft.com/en-us/help/5022515
https://support.microsoft.com/en-us/help/5022516
https://support.microsoft.com/en-us/help/5022520
https://support.microsoft.com/en-us/help/5022521
https://support.microsoft.com/en-us/help/5022522
https://support.microsoft.com/en-us/help/5022523
https://support.microsoft.com/en-us/help/5022524
https://support.microsoft.com/en-us/help/5022525
https://support.microsoft.com/en-us/help/5022526
https://support.microsoft.com/en-us/help/5022529
https://support.microsoft.com/en-us/help/5022530
https://support.microsoft.com/en-us/help/5022531
https://support.microsoft.com/en-us/help/5022574
https://support.microsoft.com/en-us/help/5022575
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0118
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-21722
CVE CVE-2023-21808
MSKB 5022497
MSKB 5022498
MSKB 5022499
MSKB 5022501
MSKB 5022502
MSKB 5022503
MSKB 5022504
MSKB 5022505
MSKB 5022506
MSKB 5022507
MSKB 5022508
MSKB 5022509
MSKB 5022511
MSKB 5022512
MSKB 5022513
MSKB 5022514
MSKB 5022515
MSKB 5022516
MSKB 5022520
MSKB 5022521
MSKB 5022522
MSKB 5022523
MSKB 5022524
MSKB 5022525
MSKB 5022526
MSKB 5022529
MSKB 5022530
MSKB 5022531
MSKB 5022574
MSKB 5022575
XREF MSFT:MS23-5022497
XREF MSFT:MS23-5022498
XREF MSFT:MS23-5022499
XREF MSFT:MS23-5022501
XREF MSFT:MS23-5022502
XREF MSFT:MS23-5022503
XREF MSFT:MS23-5022504
XREF MSFT:MS23-5022505
XREF MSFT:MS23-5022506
XREF MSFT:MS23-5022507
XREF MSFT:MS23-5022508
XREF MSFT:MS23-5022509
XREF MSFT:MS23-5022511
XREF MSFT:MS23-5022512
XREF MSFT:MS23-5022513
XREF MSFT:MS23-5022514
XREF MSFT:MS23-5022515
XREF MSFT:MS23-5022516
XREF MSFT:MS23-5022520
XREF MSFT:MS23-5022521
XREF MSFT:MS23-5022522
XREF MSFT:MS23-5022523
XREF MSFT:MS23-5022524
XREF MSFT:MS23-5022525
XREF MSFT:MS23-5022526
XREF MSFT:MS23-5022529
XREF MSFT:MS23-5022530
XREF MSFT:MS23-5022531
XREF MSFT:MS23-5022574
XREF MSFT:MS23-5022575
XREF IAVA:2023-A-0087-S
Plugin Information
Published: 2023/02/17, Modified: 2023/09/04
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5022511

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.9054
Should be : 2.0.50727.9055

02_2023 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.4010.0
Should be : 4.7.4038.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5022504

C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll has not been patched.
Remote version : 2.0.50727.9054
Should be : 2.0.50727.9055

214274 - Security Updates for Microsoft .NET Framework (January 2025)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:

- A remote code execution vulnerability. An attacker can exploit this issue to cause the affected component to execute unauthorized code. (CVE-2025-21176)

Note that Nessus has relied upon on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0035
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2025-21176
MSKB 5049614
MSKB 5049618
MSKB 5049620
MSKB 5049622
MSKB 5049624
MSKB 5049993
MSKB 5050013
MSKB 5050180
MSKB 5050181
MSKB 5050182
MSKB 5050183
MSKB 5050184
MSKB 5050185
MSKB 5050186
MSKB 5050187
MSKB 5050188
MSKB 5050416
XREF MSFT:MS25-5049614
XREF MSFT:MS25-5049618
XREF MSFT:MS25-5049620
XREF MSFT:MS25-5049622
XREF MSFT:MS25-5049624
XREF MSFT:MS25-5049993
XREF MSFT:MS25-5050013
XREF MSFT:MS25-5050180
XREF MSFT:MS25-5050181
XREF MSFT:MS25-5050182
XREF MSFT:MS25-5050183
XREF MSFT:MS25-5050184
XREF MSFT:MS25-5050185
XREF MSFT:MS25-5050186
XREF MSFT:MS25-5050187
XREF MSFT:MS25-5050188
XREF MSFT:MS25-5050416
XREF IAVA:2025-A-0028-S
XREF CWE:126
Plugin Information
Published: 2025/01/16, Modified: 2025/04/09
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5049608

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll has not been patched.
Remote version : 4.7.3946.0
Should be : 4.7.4126.0

202304 - Security Updates for Microsoft .NET Framework (July 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0035
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38081
MSKB 5041017
MSKB 5041020
MSKB 5041016
MSKB 5041023
MSKB 5041022
MSKB 5041021
MSKB 5041026
MSKB 5039885
MSKB 5041024
MSKB 5041027
MSKB 5039895
MSKB 5041019
MSKB 5041018
XREF MSFT:MS24-5041017
XREF MSFT:MS24-5041020
XREF MSFT:MS24-5041016
XREF MSFT:MS24-5041023
XREF MSFT:MS24-5041022
XREF MSFT:MS24-5041021
XREF MSFT:MS24-5041026
XREF MSFT:MS24-5039885
XREF MSFT:MS24-5041024
XREF MSFT:MS24-5041027
XREF MSFT:MS24-5039895
XREF MSFT:MS24-5041019
XREF MSFT:MS24-5041018
XREF IAVA:2024-A-0399-S
Plugin Information
Published: 2024/07/12, Modified: 2024/10/11
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5039879

C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll has not been patched.
Remote version : 4.7.3946.0
Should be : 4.7.4101.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5039886
177393 - Security Updates for Microsoft .NET Framework (June 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in the MSDIA SDK where corrupted PDBs can cause a heap overflow.
(CVE-2023-24897)

- A remote code execution vulnerability in WPF where the BAML offers other ways to instantiate types.
(CVE-2023-21808)

- A remote code execution vulnerability in the WPF XAML parser (CVE-2023-24895)
See Also
http://www.nessus.org/u?283f4db9
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030
https://support.microsoft.com/en-us/help/5027107
https://support.microsoft.com/en-us/help/5027108
https://support.microsoft.com/en-us/help/5027109
https://support.microsoft.com/en-us/help/5027110
https://support.microsoft.com/en-us/help/5027111
https://support.microsoft.com/en-us/help/5027112
https://support.microsoft.com/en-us/help/5027113
https://support.microsoft.com/en-us/help/5027114
https://support.microsoft.com/en-us/help/5027115
https://support.microsoft.com/en-us/help/5027116
https://support.microsoft.com/en-us/help/5027117
https://support.microsoft.com/en-us/help/5027118
https://support.microsoft.com/en-us/help/5027119
https://support.microsoft.com/en-us/help/5027121
https://support.microsoft.com/en-us/help/5027122
https://support.microsoft.com/en-us/help/5027123
https://support.microsoft.com/en-us/help/5027124
https://support.microsoft.com/en-us/help/5027125
https://support.microsoft.com/en-us/help/5027126
https://support.microsoft.com/en-us/help/5027127
https://support.microsoft.com/en-us/help/5027128
https://support.microsoft.com/en-us/help/5027129
https://support.microsoft.com/en-us/help/5027131
https://support.microsoft.com/en-us/help/5027132
https://support.microsoft.com/en-us/help/5027133
https://support.microsoft.com/en-us/help/5027134
https://support.microsoft.com/en-us/help/5027138
https://support.microsoft.com/en-us/help/5027139
https://support.microsoft.com/en-us/help/5027140
https://support.microsoft.com/en-us/help/5027141
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.1026
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24895
CVE CVE-2023-24897
CVE CVE-2023-24936
CVE CVE-2023-29326
CVE CVE-2023-29330
CVE CVE-2023-29331
CVE CVE-2023-32030
MSKB 5027107
MSKB 5027108
MSKB 5027109
MSKB 5027110
MSKB 5027111
MSKB 5027112
MSKB 5027113
MSKB 5027114
MSKB 5027115
MSKB 5027116
MSKB 5027117
MSKB 5027118
MSKB 5027119
MSKB 5027121
MSKB 5027122
MSKB 5027123
MSKB 5027124
MSKB 5027125
MSKB 5027126
MSKB 5027127
MSKB 5027128
MSKB 5027129
MSKB 5027131
MSKB 5027132
MSKB 5027133
MSKB 5027134
MSKB 5027138
MSKB 5027139
MSKB 5027140
MSKB 5027141
XREF MSFT:MS23-5027107
XREF MSFT:MS23-5027108
XREF MSFT:MS23-5027109
XREF MSFT:MS23-5027110
XREF MSFT:MS23-5027111
XREF MSFT:MS23-5027112
XREF MSFT:MS23-5027113
XREF MSFT:MS23-5027114
XREF MSFT:MS23-5027115
XREF MSFT:MS23-5027116
XREF MSFT:MS23-5027117
XREF MSFT:MS23-5027118
XREF MSFT:MS23-5027119
XREF MSFT:MS23-5027121
XREF MSFT:MS23-5027122
XREF MSFT:MS23-5027123
XREF MSFT:MS23-5027124
XREF MSFT:MS23-5027125
XREF MSFT:MS23-5027126
XREF MSFT:MS23-5027127
XREF MSFT:MS23-5027128
XREF MSFT:MS23-5027129
XREF MSFT:MS23-5027131
XREF MSFT:MS23-5027132
XREF MSFT:MS23-5027133
XREF MSFT:MS23-5027134
XREF MSFT:MS23-5027138
XREF MSFT:MS23-5027139
XREF MSFT:MS23-5027140
XREF MSFT:MS23-5027141
XREF IAVA:2023-A-0291-S
Plugin Information
Published: 2023/06/16, Modified: 2023/08/11
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5027131

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.data.dll has not been patched.
Remote version : 2.0.50727.9049
Should be : 2.0.50727.9058

06_2023 - C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.4010.0
Should be : 4.7.4050.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5027131

C:\Windows\Microsoft.NET\Framework\v2.0.50727\system.data.dll has not been patched.
Remote version : 2.0.50727.9049
Should be : 2.0.50727.9058

208757 - Security Updates for Microsoft .NET Framework (October 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2024-43483, CVE-2024-43484)

Note that Nessus has relied upon on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0338
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-43483
CVE CVE-2024-43484
MSKB 5044009
MSKB 5044010
MSKB 5044011
MSKB 5044012
MSKB 5044016
MSKB 5044017
MSKB 5044018
MSKB 5044019
MSKB 5044021
MSKB 5044022
MSKB 5044023
MSKB 5044024
MSKB 5044025
MSKB 5044026
MSKB 5044028
MSKB 5044029
MSKB 5044030
MSKB 5044033
MSKB 5044035
XREF MSFT:MS24-5044009
XREF MSFT:MS24-5044010
XREF MSFT:MS24-5044011
XREF MSFT:MS24-5044012
XREF MSFT:MS24-5044016
XREF MSFT:MS24-5044017
XREF MSFT:MS24-5044018
XREF MSFT:MS24-5044019
XREF MSFT:MS24-5044021
XREF MSFT:MS24-5044022
XREF MSFT:MS24-5044023
XREF MSFT:MS24-5044024
XREF MSFT:MS24-5044025
XREF MSFT:MS24-5044026
XREF MSFT:MS24-5044028
XREF MSFT:MS24-5044029
XREF MSFT:MS24-5044030
XREF MSFT:MS24-5044033
XREF MSFT:MS24-5044035
XREF IAVA:2024-A-0632-S
Plugin Information
Published: 2024/10/11, Modified: 2025/03/31
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5044016

C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll has not been patched.
Remote version : 4.7.4010.0
Should be : 4.7.4115.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5044022
181375 - Security Updates for Microsoft .NET Framework (September 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Multiple vulnerabilities in DiaSymReader.dll where parsing an corrupted PDB can result in remote code execution. (CVE-2023-36792, CVE-2023-36793, CVE-2023-36794 CVE-2023-36796)

- A vulnerability in the WPF XML parser where an unsandboxed parser can lead to remote code execution.
(CVE-2023-36788)
See Also
http://www.nessus.org/u?3bbdfd35
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796
https://support.microsoft.com/en-us/help/5029915
https://support.microsoft.com/en-us/help/5029916
https://support.microsoft.com/en-us/help/5029917
https://support.microsoft.com/en-us/help/5029919
https://support.microsoft.com/en-us/help/5029920
https://support.microsoft.com/en-us/help/5029921
https://support.microsoft.com/en-us/help/5029922
https://support.microsoft.com/en-us/help/5029923
https://support.microsoft.com/en-us/help/5029924
https://support.microsoft.com/en-us/help/5029925
https://support.microsoft.com/en-us/help/5029926
https://support.microsoft.com/en-us/help/5029927
https://support.microsoft.com/en-us/help/5029928
https://support.microsoft.com/en-us/help/5029929
https://support.microsoft.com/en-us/help/5029931
https://support.microsoft.com/en-us/help/5029932
https://support.microsoft.com/en-us/help/5029933
https://support.microsoft.com/en-us/help/5029937
https://support.microsoft.com/en-us/help/5029938
https://support.microsoft.com/en-us/help/5029940
https://support.microsoft.com/en-us/help/5029941
https://support.microsoft.com/en-us/help/5029942
https://support.microsoft.com/en-us/help/5029943
https://support.microsoft.com/en-us/help/5029944
https://support.microsoft.com/en-us/help/5029945
https://support.microsoft.com/en-us/help/5029946
https://support.microsoft.com/en-us/help/5029947
https://support.microsoft.com/en-us/help/5029948
https://support.microsoft.com/en-us/help/5030030
https://support.microsoft.com/en-us/help/5030160
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0156
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36788
CVE CVE-2023-36792
CVE CVE-2023-36793
CVE CVE-2023-36794
CVE CVE-2023-36796
MSKB 5029915
MSKB 5029916
MSKB 5029917
MSKB 5029919
MSKB 5029920
MSKB 5029921
MSKB 5029922
MSKB 5029923
MSKB 5029924
MSKB 5029925
MSKB 5029926
MSKB 5029927
MSKB 5029928
MSKB 5029929
MSKB 5029931
MSKB 5029932
MSKB 5029933
MSKB 5029937
MSKB 5029938
MSKB 5029940
MSKB 5029941
MSKB 5029942
MSKB 5029943
MSKB 5029944
MSKB 5029945
MSKB 5029946
MSKB 5029947
MSKB 5029948
MSKB 5030030
MSKB 5030160
XREF MSFT:MS23-5029916
XREF MSFT:MS23-5029917
XREF MSFT:MS23-5029919
XREF MSFT:MS23-5029920
XREF MSFT:MS23-5029921
XREF MSFT:MS23-5029922
XREF MSFT:MS23-5029923
XREF MSFT:MS23-5029924
XREF MSFT:MS23-5029925
XREF MSFT:MS23-5029926
XREF MSFT:MS23-5029927
XREF MSFT:MS23-5029928
XREF MSFT:MS23-5029929
XREF MSFT:MS23-5029931
XREF MSFT:MS23-5029932
XREF MSFT:MS23-5029933
XREF MSFT:MS23-5029937
XREF MSFT:MS23-5029938
XREF MSFT:MS23-5029940
XREF MSFT:MS23-5029941
XREF MSFT:MS23-5029942
XREF MSFT:MS23-5029943
XREF MSFT:MS23-5029944
XREF MSFT:MS23-5029945
XREF MSFT:MS23-5029946
XREF MSFT:MS23-5029947
XREF MSFT:MS23-5029948
XREF MSFT:MS23-5030030
XREF MSFT:MS23-5030160
XREF IAVA:2023-A-0470-S
Plugin Information
Published: 2023/09/13, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :

Cumulative
- 5029931

C:\Windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll has not been patched.
Remote version : 14.7.3190.0
Should be : 14.7.4063.0

Microsoft .NET Framework 3.5
The remote host is missing one of the following rollup KBs :

Cumulative
- 5029925
249129 - Security Updates for Microsoft SQL Server (August 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- An elevation of privilege vulnerability. (CVE-2025-53727)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-53727
MSKB 5063814
MSKB 5063756
MSKB 5063757
MSKB 5063758
MSKB 5063759
MSKB 5063760
MSKB 5063761
MSKB 5063762
XREF MSFT:MS25-5063814
XREF MSFT:MS25-5063756
XREF MSFT:MS25-5063757
XREF MSFT:MS25-5063758
XREF MSFT:MS25-5063759
XREF MSFT:MS25-5063760
XREF MSFT:MS25-5063761
XREF MSFT:MS25-5063762
XREF IAVA:2025-A-0599-S
XREF CWE:89
Plugin Information
Published: 2025/08/12, Modified: 2025/10/29
Plugin Output

tcp/445/cifs



KB : 5063757
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4440.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
216604 - Security Updates for Microsoft SQL Server (July 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is affected by multiple vulnerabilities.
Description
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-20701, CVE-2024-21303, CVE-2024-21308, CVE-2024-21317, CVE-2024-21331, CVE-2024-21332, CVE-2024-21333, CVE-2024-21335, CVE-2024-21373, CVE-2024-21398, CVE-2024-21414, CVE-2024-21415, CVE-2024-21425, CVE-2024-21428, CVE-2024-21449, CVE-2024-28928, CVE-2024-35256, CVE-2024-35271, CVE-2024-35272, CVE-2024-37318, CVE-2024-37319, CVE-2024-37320, CVE-2024-37321, CVE-2024-37322, CVE-2024-37323, CVE-2024-37324, CVE-2024-37326, CVE-2024-37327, CVE-2024-37328, CVE-2024-37329, CVE-2024-37330, CVE-2024-37331, CVE-2024-37332, CVE-2024-37333, CVE-2024-37334, CVE-2024-37336, CVE-2024-38087, CVE-2024-38088)
See Also
Solution
Microsoft has released the following security updates to address this issue:
-KB5040942
-KB5040939
-KB5040936
-KB5040986
-KB5040944
-KB5040948
-KB5040940
-KB5040946
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0692
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
CVE CVE-2024-20701
CVE CVE-2024-21303
CVE CVE-2024-21308
CVE CVE-2024-21317
CVE CVE-2024-21331
CVE CVE-2024-21332
CVE CVE-2024-21333
CVE CVE-2024-21335
CVE CVE-2024-21373
CVE CVE-2024-21398
CVE CVE-2024-21414
CVE CVE-2024-21415
CVE CVE-2024-21425
CVE CVE-2024-21428
CVE CVE-2024-21449
CVE CVE-2024-28928
CVE CVE-2024-35256
CVE CVE-2024-35271
CVE CVE-2024-35272
CVE CVE-2024-37318
CVE CVE-2024-37319
CVE CVE-2024-37320
CVE CVE-2024-37321
CVE CVE-2024-37322
CVE CVE-2024-37323
CVE CVE-2024-37324
CVE CVE-2024-37326
CVE CVE-2024-37327
CVE CVE-2024-37328
CVE CVE-2024-37329
CVE CVE-2024-37330
CVE CVE-2024-37331
CVE CVE-2024-37332
CVE CVE-2024-37333
CVE CVE-2024-37334
CVE CVE-2024-37336
CVE CVE-2024-38087
CVE CVE-2024-38088
MSKB 5040942
MSKB 5040939
MSKB 5040936
MSKB 5040986
MSKB 5040944
MSKB 5040948
MSKB 5040940
MSKB 5040946
XREF MSFT:MS24-5040942
XREF MSFT:MS24-5040939
XREF MSFT:MS24-5040936
XREF MSFT:MS24-5040986
XREF MSFT:MS24-5040944
XREF MSFT:MS24-5040948
XREF MSFT:MS24-5040940
XREF MSFT:MS24-5040946
XREF CWE:121
XREF CWE:122
XREF CWE:190
XREF CWE:415
XREF CWE:416
Plugin Information
Published: 2025/02/21, Modified: 2025/09/17
Plugin Output

tcp/445/cifs



KB : 5040948
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4382.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
241544 - Security Updates for Microsoft SQL Server (July 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-49717)

- Information disclosure vulnerabilities. An authenticated, remote attacker can exploit this to disclose sensitive database and file information. (CVE-2025-49718, CVE-2025-49719)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.5 (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)
VPR Score
8.1
EPSS Score
0.003
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-49717
CVE CVE-2025-49718
CVE CVE-2025-49719
MSKB 5058712
MSKB 5058713
MSKB 5058714
MSKB 5058716
MSKB 5058717
MSKB 5058718
MSKB 5058721
MSKB 5058722
XREF MSFT:MS25-5058712
XREF MSFT:MS25-5058713
XREF MSFT:MS25-5058714
XREF MSFT:MS25-5058716
XREF MSFT:MS25-5058717
XREF MSFT:MS25-5058718
XREF MSFT:MS25-5058721
XREF MSFT:MS25-5058722
XREF IAVA:2025-A-0492-S
XREF CWE:20
XREF CWE:122
XREF CWE:908
Plugin Information
Published: 2025/07/08, Modified: 2025/10/29
Plugin Output

tcp/445/cifs



KB : 5058722
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4435.7

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
211472 - Security Updates for Microsoft SQL Server (November 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-38255, CVE-2024-43459, CVE-2024-43462, CVE-2024-48993, CVE-2024-48994, CVE-2024-48995, CVE-2024-48996, CVE-2024-48997, CVE-2024-48998, CVE-2024-48999, CVE-2024-49000, CVE-2024-49001, CVE-2024-49002, CVE-2024-49003, CVE-2024-49004, CVE-2024-49005, CVE-2024-49006, CVE-2024-49007, CVE-2024-49008, CVE-2024-49009, CVE-2024-49010, CVE-2024-49011, CVE-2024-49012, CVE-2024-49013, CVE-2024-49014, CVE-2024-49015, CVE-2024-49016, CVE-2024-49017, CVE-2024-49018, CVE-2024-49021, CVE-2024-49043)
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.0596
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-38255
CVE CVE-2024-43459
CVE CVE-2024-43462
CVE CVE-2024-48993
CVE CVE-2024-48994
CVE CVE-2024-48995
CVE CVE-2024-48996
CVE CVE-2024-48997
CVE CVE-2024-48998
CVE CVE-2024-48999
CVE CVE-2024-49000
CVE CVE-2024-49001
CVE CVE-2024-49002
CVE CVE-2024-49003
CVE CVE-2024-49004
CVE CVE-2024-49005
CVE CVE-2024-49006
CVE CVE-2024-49007
CVE CVE-2024-49008
CVE CVE-2024-49009
CVE CVE-2024-49010
CVE CVE-2024-49011
CVE CVE-2024-49012
CVE CVE-2024-49013
CVE CVE-2024-49014
CVE CVE-2024-49015
CVE CVE-2024-49016
CVE CVE-2024-49017
CVE CVE-2024-49018
CVE CVE-2024-49021
CVE CVE-2024-49043
MSKB 5046855
MSKB 5046856
MSKB 5046857
MSKB 5046858
MSKB 5046859
MSKB 5046860
MSKB 5046861
MSKB 5046862
XREF MSFT:MS24-5046855
XREF MSFT:MS24-5046856
XREF MSFT:MS24-5046857
XREF MSFT:MS24-5046858
XREF MSFT:MS24-5046859
XREF MSFT:MS24-5046860
XREF MSFT:MS24-5046861
XREF MSFT:MS24-5046862
XREF IAVA:2024-A-0731
Plugin Information
Published: 2024/11/15, Modified: 2024/11/18
Plugin Output

tcp/445/cifs



KB : 5046860
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4410.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
275459 - Security Updates for Microsoft SQL Server (November 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected a vulnerability:

- Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges over a network. (CVE-2025-59499)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-59499
MSKB 5068400
MSKB 5068401
MSKB 5068402
MSKB 5068403
MSKB 5068404
MSKB 5068405
MSKB 5068406
MSKB 5068407
XREF MSFT:MS25-5068400
XREF MSFT:MS25-5068401
XREF MSFT:MS25-5068402
XREF MSFT:MS25-5068403
XREF MSFT:MS25-5068404
XREF MSFT:MS25-5068405
XREF MSFT:MS25-5068406
XREF MSFT:MS25-5068407
XREF IAVA:2025-A-0848
Plugin Information
Published: 2025/11/14, Modified: 2025/11/14
Plugin Output

tcp/445/cifs



KB : 5068404
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4455.2

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
207067 - Security Updates for Microsoft SQL Server (September 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-26186, CVE-2024-26191, CVE-2024-37335, CVE-2024-37338, CVE-2024-37339, CVE-2024-37340)

- An information disclosure vulnerability. An authenticated, remote attacker can exploit this to disclose sensitive database and file information. (CVE-2024-37337, CVE-2024-37342, CVE-2024-37966)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0464
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-26186
CVE CVE-2024-26191
CVE CVE-2024-37335
CVE CVE-2024-37337
CVE CVE-2024-37338
CVE CVE-2024-37339
CVE CVE-2024-37340
CVE CVE-2024-37342
CVE CVE-2024-37966
MSKB 5042578
MSKB 5042749
MSKB 5042211
MSKB 5042215
MSKB 5042214
MSKB 5042217
XREF MSFT:MS24-5042578
XREF MSFT:MS24-5042749
XREF MSFT:MS24-5042211
XREF MSFT:MS24-5042215
XREF MSFT:MS24-5042214
XREF MSFT:MS24-5042217
XREF IAVA:2024-A-0565-S
Plugin Information
Published: 2024/09/12, Modified: 2024/11/15
Plugin Output

tcp/445/cifs



KB : 5042749
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4390.2

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER
261809 - Security Updates for Microsoft SQL Server (September 2025)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities:

- Improper Handling of Exceptional Conditions in Newtonsoft.Json (CVE-2024-21907)

- An information disclosure vulnerability (CVE-2025-47997)

- A privilege escalation vulnerability (CVE-2025-55227)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft SQL Server.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0252
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2024-21907
CVE CVE-2025-47997
CVE CVE-2025-55227
MSKB 5065220
MSKB 5065221
MSKB 5065222
MSKB 5065223
MSKB 5065224
MSKB 5065225
MSKB 5065226
MSKB 5065227
XREF MSFT:MS25-5065220
XREF MSFT:MS25-5065221
XREF MSFT:MS25-5065222
XREF MSFT:MS25-5065223
XREF MSFT:MS25-5065224
XREF MSFT:MS25-5065225
XREF MSFT:MS25-5065226
XREF MSFT:MS25-5065227
XREF IAVA:2025-A-0669
XREF CWE:77
XREF CWE:200
XREF CWE:362
XREF CWE:755
Plugin Information
Published: 2025/09/09, Modified: 2025/09/17
Plugin Output

tcp/445/cifs



KB : 5065222
- C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe has not been patched.
Remote version : 2019.150.4335.1
Should be : 2019.150.4445.1

SQL Server Version : 15.0.4335.1 Standard Edition
SQL Server Instance : MSSQLSERVER

193160 - Security Updates for Microsoft SQL Server ODBC Driver (April 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28929)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28930)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28931)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0893
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2025/01/22
Plugin Output

tcp/0


Path : C:\Windows\System32\msodbcsql17.dll
Installed version : 17.10.5.1
Fixed version : 17.10.6
175440 - Security Updates for Microsoft SQL Server OLE DB Driver (April 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-28304) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0172
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-23375
CVE CVE-2023-28304
XREF IAVA:2023-A-0189-S
Plugin Information
Published: 2023/05/12, Modified: 2025/08/15
Plugin Output

tcp/0


Path : C:\Windows\System32\msoledbsql19.dll
Installed version : 19.2.0.0
Fixed version : 19.3.0

193161 - Security Updates for Microsoft SQL Server OLE DB Driver (April 2024)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28906)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28908)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0906
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2025/08/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.7.0
Fixed version : 18.7.2

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql19.dll
Installed version : 19.2.0.0
Fixed version : 19.3.3
205300 - Security Updates for Microsoft SQL Server OLE DB Driver (July 2024)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability. An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver. This could result in the database returning malicious data that could cause arbitrary code execution on the client.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0243
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2024/08/09, Modified: 2025/08/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.7.0
Fixed version : 18.7.4

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql19.dll
Installed version : 19.2.0.0
Fixed version : 19.3.5
161605 - VMware Tools 10.x / 11.x / 12.x < 12.0.5 XXE (VMSA-2022-0015)
-
Synopsis
A virtualization tool suite is installed on the remote Windows host is affected by an XML External Entity vulnerability.
Description
The version of VMware Tools installed on the remote Windows host is affected by an XML External Entity (XXE) vulnerability. A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VMware Tools version 12.0.5 or later.
Risk Factor
Low
CVSS v3.0 Base Score
7.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.2
EPSS Score
0.0003
CVSS v2.0 Base Score
3.6 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:P)
CVSS v2.0 Temporal Score
2.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-22977
XREF VMSA:VMSA-2022-0015
XREF IAVB:2022-B-0014-S
Plugin Information
Published: 2022/05/27, Modified: 2022/08/30
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Installed version : 10.1.15.65452
Fixed version : 12.0.5
276819 - Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803)
-
Synopsis
A Microsoft development toolset on the remote Windows host is affected by privilege escalation.
Description
In VSTA 2019 (prior 16.0.35907.0) and VSTA 2022 (prior to 17.0.35906.0), the software contains a vulnerability (CVE-2025-29803) that could allow remote or local attackers to execute arbitrary code or escalate privileges within the host application, potentially compromising systems that rely on VSTA for automation or extensibility.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0005
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
STIG Severity
I
References
CVE CVE-2025-29803
XREF IAVA:2025-A-0247
Plugin Information
Published: 2025/11/25, Modified: 2025/11/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\16.0\Bin\VstaCore.dll
Installed version : 16.0.31110
Fixed version : 16.0.35907.0
180174 - WinRAR < 6.23 RCE
-
Synopsis
The remote Windows host has an application installed which is affected by a remote code execution vulnerability.
Description
The remote host is running WinRAR, an archive manager for Windows.

The version of WinRAR installed on the remote host is affected by a an improper validation of user-supplied data, which can result in memory access past the end of an allocated buffer which can be exploited remotely and may allow attackers to execute code in the context of the current process.
See Also
Solution
Upgrade to WinRAR version 6.23 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.9385
CVSS v2.0 Base Score
9.3 (CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.1 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2023-38831
CVE CVE-2023-40477
XREF CISA-KNOWN-EXPLOITED:2023/09/14
XREF IAVA:2023-A-0436-S
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/08/24, Modified: 2024/05/03
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 6.23
192940 - WinRAR < 7.00 Multiple Vulnerabilities
-
Synopsis
The remote Windows host has an application installed which is affected by multiple vulnerabilities.
Description
The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.00. It is, therefore, affected by multiple vulnerabilties:

- The vulnerability exists due to an error within the archive extraction functionality. A remote attacker can use a specially crafted archive to bypass the Mark-Of-The-Web protection mechanism and potentially compromise the affected system. (CVE-2024-30370)

- RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899. (CVE-2024-36052)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to WinRAR version 7.00 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0042
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.9 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2024-30370
CVE CVE-2024-36052
XREF IAVA:2024-A-0194-S
XREF IAVA:2024-A-0303-S
Plugin Information
Published: 2024/04/05, Modified: 2025/06/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 7.0
166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)
-
Synopsis
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
See Also
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.7941
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF IAVA:2013-A-0227
Plugin Information
Published: 2022/10/26, Modified: 2025/12/17
Plugin Output

tcp/445/cifs



Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
171859 - Curl Use-After-Free < 7.87 (CVE-2022-43552)
-
Synopsis
The remote Windows host has a program that is affected by a use-after-free vulnerability.
Description
The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by a use-after-free vulnerability. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade Curl to version 7.87.0 or later
Risk Factor
Medium
CVSS v3.0 Base Score
5.9 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
5.3 (CVSS:3.0/E:P/RL:O/RC:C)
VPR Score
4.4
EPSS Score
0.0013
CVSS v2.0 Base Score
5.4 (CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
4.2 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-43552
XREF IAVA:2023-A-0008-S
Plugin Information
Published: 2023/02/23, Modified: 2024/10/07
Plugin Output

tcp/445/cifs


Path : c:\windows\system32\curl.exe
Installed version : 7.83.1.0
Fixed version : 7.87.0

tcp/445/cifs


Path : c:\windows\syswow64\curl.exe
Installed version : 7.83.1.0
Fixed version : 7.87.0

136929 - JQuery 1.2 < 3.5.0 Multiple XSS
-
Synopsis
The remote web server is affected by multiple cross site scripting vulnerability.
Description
According to the self-reported version in the script, the version of JQuery hosted on the remote web server is greater than or equal to 1.2 and prior to 3.5.0. It is, therefore, affected by multiple cross site scripting vulnerabilities.

Note, the vulnerabilities referenced in this plugin have no security impact on PAN-OS, and/or the scenarios required for successful exploitation do not exist on devices running a PAN-OS release.
See Also
Solution
Upgrade to JQuery version 3.5.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
5.7
EPSS Score
0.323
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2020-11022
CVE CVE-2020-11023
XREF IAVB:2020-B-0030
XREF CEA-ID:CEA-2021-0004
XREF CEA-ID:CEA-2021-0025
XREF CISA-KNOWN-EXPLOITED:2025/02/13
Plugin Information
Published: 2020/05/28, Modified: 2025/01/24
Plugin Output

tcp/81/www


URL : http://172.17.100.20:81/Scripts/jquery-3.2.1.min.js
Installed version : 3.2.1
Fixed version : 3.5.0

58333 - MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019)
-
Synopsis
The remote Windows host contains a development application that is affected by a privilege escalation vulnerability.
Description
The installed version of Microsoft Visual Studio does not properly validate add-ins in the path before loading them into the application.

An attacker can elevate his privileges by placing a specially crafted add-in in the path used by Visual Studio and convincing a user with higher privileges to start Visual Studio.
See Also
Solution
Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1.
Risk Factor
Medium
VPR Score
5.9
EPSS Score
0.0451
CVSS v2.0 Base Score
6.9 (CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.1 (CVSS2#E:U/RL:OF/RC:C)
References
BID 52329
CVE CVE-2012-0008
MSKB 2669970
MSKB 2644980
MSKB 2645410
XREF MSFT:MS12-021
Plugin Information
Published: 2012/03/13, Modified: 2019/01/10
Plugin Output

tcp/445/cifs



KB : 2645410
- C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\\ShellExtensions\Platform\AppenvStub.dll has not been patched.
Remote version : 10.0.40219.1
Should be : 10.0.40219.377
57608 - SMB Signing not required
-
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information
Published: 2012/01/19, Modified: 2022/10/05
Plugin Output

tcp/445/cifs

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/1433/mssql


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SSL_Self_Signed_Fallback
|-Issuer : CN=SSL_Self_Signed_Fallback

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output

tcp/3389/msrdp


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=SPINE-HRMS
|-Issuer : CN=SPINE-HRMS

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/443/www


The identities known by Nessus are :

172.17.100.20
spine-hrms
172.17.100.20

The Common Name in the certificate is :

www.lkp.net.in

The Subject Alternate Names in the certificate are :

admin.pennypal.in
aims.lkp.net.in
allocation.lkp.net.in
api.lkp.net.in
backoffice.lkp.net.in
bo.lkp.net.in
demo.pennypal.in
devtrade.lkp.net.in
devtradekyc.lkp.net.in
druat.pennypal.in
ekyc.lkp.net.in
ekyc.lkponline.com
ekyc.pennypal.in
ekycuat.lkp.net.in
getsetgrow.lkponline.com
hrms.lkp.net.in
ia.lkp.net.in
ipo.lkp.net.in
lkp.net.in
lkpconnect.net.in
lkpsec.com
lms.lkp.net.in
middleware.lkp.net.in
middlewareapi.lkp.net.in
notification.lkponline.com
notification.pennypal.in
pay.lkp.net.in
pennypal.in
ra.lkp.net.in
referral.pennypal.in
rekyc.pennypal.in
spip.lkp.net.in
spip.lkponline.com
trading.lkponline.com
trading.pennypal.in
trilogy.lkp.net.in
uat.lkp.net.in
uat.lkpsec.com
uat.pennypal.in
uatbackoffice.lkp.net.in
uatekyc.lkponline.com
uatgetsetgrow.lkponline.com
uatspip.lkponline.com
uattrading.lkponline.com
uatweb.pennypal.in
wealth.lkp.net.in
welcome.lkp.net.in
www.lkp.net.in
www.lkpfinance.com
www.lkpsec.com

45411 - SSL Certificate with Wrong Hostname
-
Synopsis
The SSL certificate for this service is for a different host.
Description
The 'commonName' (CN) attribute of the SSL certificate presented for this service is for a different machine.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
Plugin Information
Published: 2010/04/03, Modified: 2020/04/27
Plugin Output

tcp/1433/mssql


The identities known by Nessus are :

172.17.100.20
spine-hrms
172.17.100.20

The Common Name in the certificate is :

SSL_Self_Signed_Fallback
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/1433/mssql


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SSL_Self_Signed_Fallback

57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/3389/msrdp


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=SPINE-HRMS
58453 - Terminal Services Doesn't Use Network Level Authentication (NLA) Only
-
Synopsis
The remote Terminal Services doesn't use Network Level Authentication only.
Description
The remote Terminal Services is not configured to use Network Level Authentication (NLA) only. NLA uses the Credential Security Support Provider (CredSSP) protocol to perform strong server authentication either through TLS/SSL or Kerberos mechanisms, which protect against man-in-the-middle attacks. In addition to improving authentication, NLA also helps protect the remote computer from malicious users and software by completing user authentication before a full RDP connection is established.
See Also
Solution
Enable Network Level Authentication (NLA) on the remote RDP server. This is generally done on the 'Remote' tab of the 'System' settings on Windows.
Risk Factor
Medium
CVSS v3.0 Base Score
4.0 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:N/A:N)
CVSS v2.0 Base Score
4.3 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N)
Plugin Information
Published: 2012/03/23, Modified: 2025/09/29
Plugin Output

tcp/3389/msrdp

Nessus was able to negotiate non-NLA (Network Level Authentication) security.

168362 - VMware Tools 10.x / 11.x / 12.x < 12.1.5 DoS (VMSA-2022-0029)
-
Synopsis
A virtualization tool suite is installed on the remote Windows host is affected by a denial of service vulnerability.
Description
The version of VMware Tools installed on the remote Windows host is affected by a denial of service vulnerability in the VM3DMP driver. An authenticated, local attacker can exploit this to trigger a PANIC in the VM3DMP driver leading to a denial-of-service condition in the Windows guest OS.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to VMware Tools version 12.1.5 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
3.6
EPSS Score
0.0005
CVSS v2.0 Base Score
4.6 (CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
3.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2022-31693
XREF VMSA:2022-0029
XREF IAVB:2022-B-0056-S
Plugin Information
Published: 2022/12/02, Modified: 2023/09/20
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Installed version : 10.1.15.65452
Fixed version : 12.1.5
234002 - WinRAR < 7.11 Mark of the Web Bypass (CVE-2025-31334)
-
Synopsis
The remote Windows host has an application installed which is affected by a mark of the web bypass vulnerability.
Description
The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.11. It is, therefore, affected by a vulnerability:

- Issue that bypasses the 'Mark of the Web' security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. (CVE-2025-31334)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to WinRAR version 7.11 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
STIG Severity
II
References
CVE CVE-2025-31334
XREF IAVA:2025-A-0227
Plugin Information
Published: 2025/04/08, Modified: 2025/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 5.91.0.0
Fixed version : 7.11
132101 - Windows Speculative Execution Configuration Check
-
Synopsis
The remote host has not properly mitigated a series of speculative execution vulnerabilities.
Description
The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
- Intel Branch History Injection (BHI) (CVE-2022-0001)
See Also
Solution
Apply vendor recommended settings.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.9
EPSS Score
0.9433
CVSS v2.0 Base Score
5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:H/RL:OF/RC:C)
References
BID 102371
BID 102378
BID 104232
BID 105080
BID 108330
CVE CVE-2017-5715
CVE CVE-2017-5753
CVE CVE-2017-5754
CVE CVE-2018-3615
CVE CVE-2018-3620
CVE CVE-2018-3639
CVE CVE-2018-3646
CVE CVE-2018-12126
CVE CVE-2018-12127
CVE CVE-2018-12130
CVE CVE-2019-11135
CVE CVE-2022-0001
XREF CEA-ID:CEA-2019-0547
XREF CEA-ID:CEA-2019-0324
Exploitable With
CANVAS (true)
Plugin Information
Published: 2019/12/18, Modified: 2025/08/27
Plugin Output

tcp/445/cifs

Current Settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set

-----------------------------------

Recommended Settings 1:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.

-----------------------------------

Recommended Settings 2:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 3:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00802048 (8396872)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading disabled.

-----------------------------------

Recommended Settings 4:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00800048 (8388680)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading enabled.

10114 - ICMP Timestamp Request Remote Date Disclosure
-
Synopsis
It is possible to determine the exact time set on the remote host.
Description
The remote host answers to an ICMP timestamp request. This allows an attacker to know the date that is set on the targeted machine, which may assist an unauthenticated, remote attacker in defeating time-based authentication protocols.

Timestamps returned from machines running Windows Vista / 7 / 2008 / 2008 R2 are deliberately incorrect, but usually within 1000 seconds of the actual system time.
Solution
Filter out the ICMP timestamp requests (13), and the outgoing ICMP timestamp replies (14).
Risk Factor
Low
VPR Score
2.2
EPSS Score
0.0037
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N)
References
Plugin Information
Published: 1999/08/01, Modified: 2024/10/07
Plugin Output

icmp/0

This host returns non-standard timestamps (high bit is set)
The ICMP timestamps might be in little endian format (not in network format)
The remote clock is synchronized with the local clock.

46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.

Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :

www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output

tcp/0

The following hostnames point to the remote host :
- spine-hrms

16193 - Antivirus Software Check
-
Synopsis
An antivirus application is installed on the remote host.
Description
An antivirus application is installed on the remote host, and its engine and virus definitions are up to date.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/01/18, Modified: 2025/05/27
Plugin Output

tcp/445/cifs


Kaspersky :
Kaspersky Anti-Virus is installed on the remote host :

Product name : Kaspersky Endpoint Security for Windows
Version : 21.15.8.493
Installation path : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0
Virus signatures : 01/08/2026

156001 - Apache Log4j JAR Detection (Windows)
-
Synopsis
Apache Log4j is installed on the remote Windows host.
Description
One or more instances of Apache Log4j, a logging API, are installed on the remote Windows Host.

- Powershell version 5 or greater is required for this plugin.

- If the 'Perform thorough tests' setting is enabled, this plugin will inspect the manifest and properties files of the detected Java archive files.

- The plugin timeout can be set to a custom value other than the plugin's default of 60 minutes via the 'timeout.156001' scanner setting in Nessus 8.15.1 or later.

Please see https://docs.tenable.com/nessus/Content/SettingsAdvanced.htm#Custom for more information.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVA:0001-A-0650
XREF IAVT:0001-T-0941
Plugin Information
Published: 2021/12/10, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus detected 2 installs of Apache Log4j:

Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\FVU 5.0\log4j-1.2.8.jar
Version : 1.2.8
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

Path : D:\HR SHARE\Salary\2015-16\Working\Form 24 Q\Q4\Working\q4\ALPHA\FVU 5.0\log4j-1.2.8.jar
Version : 1.2.8
JMSAppender.class association : Found
JdbcAppender.class association : Found
JndiLookup.class association : Not Found
Method : log4j-core file search

59 Jar files successfully inspected.
92415 - Application Compatibility Cache
-
Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Application compatibility cache report attached.
34097 - BIOS Info (SMB)
-
Synopsis
BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's SMB interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/08, Modified: 2024/06/11
Plugin Output

tcp/0


Version : 6.00
Release date : 20201112000000.000000+000
Secure boot : disabled
34096 - BIOS Info (WMI)
-
Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/05, Modified: 2025/12/15
Plugin Output

tcp/0


Vendor : Phoenix Technologies LTD
Version : 6.00
Release date : 20201112000000.000000+000
UUID : 70F94D56-6C8A-92B9-74BE-BEBCF80CD73B
Secure boot : disabled
92416 - BagMRU Folder History
-
Synopsis
Nessus was able to enumerate folders that were opened in Windows Explorer.
Description
Nessus was able to enumerate folders that were opened in Windows Explorer. Microsoft Windows maintains folder settings using a registry key known as shellbags or BagMRU. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

BagMRU report attached.

96533 - Chrome Browser Extension Enumeration
-
Synopsis
One or more Chrome browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Chrome browser extensions installed on the remote host.
See Also
Solution
Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0511
Plugin Information
Published: 2017/01/16, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


User : Administrator
|- Browser : Chrome
|- Add-on information :

Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.95.1
Update Date : Jan. 2, 2026 at 19:31:54 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.95.1_0

Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.96.1
Update Date : Jan. 2, 2026 at 19:31:54 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.96.1_0

Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.97.1
Update Date : Jan. 2, 2026 at 19:31:54 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.97.1_0

Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.98.1
Update Date : Jan. 2, 2026 at 19:31:54 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.98.1_0

Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.99.1
Update Date : Jan. 2, 2026 at 19:31:54 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.99.1_0

Name : Chrome Web Store Payments
Description : Chrome Web Store Payments
Version : 1.0.0.6
Update Date : Jan. 2, 2026 at 19:31:54 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0

45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2025/09/29
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_server_2019:10.0.17763.3770:-:~~datacenter~~x64~ -> Microsoft Windows Server 2019

Following application CPE's matched on the remote system :

cpe:/a:apache:log4j:1.2.8 -> Apache Software Foundation log4j
cpe:/a:google:chrome:143.0.7499.193 -> Google Chrome
cpe:/a:haxx:curl:7.83.1.0 -> Haxx Curl
cpe:/a:jquery:jquery:3.2.1 -> jQuery
cpe:/a:jquery:jquery_ui:1.12.1 -> jQuery UI
cpe:/a:kaspersky:kaspersky_anti-virus:21.15.8.493 -> Kaspersky Anti-virus
cpe:/a:microsoft:.net_framework:2.0.50727 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.0 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.0.6920.9054 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.5 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.2 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.4010.0 -> Microsoft .NET Framework
cpe:/a:microsoft:ie:11.1790.17763.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:iis:10.0 -> Microsoft IIS
cpe:/a:microsoft:internet_explorer:11.0.17763.3770 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_information_services:10.0.17763.3650 -> Microsoft Internet Information Server (IIS) -
cpe:/a:microsoft:remote_desktop_connection:10.0.17763.2867 -> Microsoft Remote Desktop Connection
cpe:/a:microsoft:sql_server:15.0.4335.0 -> Microsoft SQLServer
cpe:/a:microsoft:sql_server:15.0.4335.1 -> Microsoft SQLServer
cpe:/a:microsoft:visual_studio:10.0.40219.1 -> Microsoft Visual Studio
cpe:/a:microsoft:visual_studio_tools_for_applications:15.0.27520
cpe:/a:microsoft:visual_studio_tools_for_applications:16.0.31110
cpe:/a:rarlab:winrar:5.91.0.0 -> RARLAB WinRAR
cpe:/a:smartbedded:meteobridge_firmware
cpe:/a:vmware:tools:10.1.15.65452 -> VMWare Tools
x-cpe:/a:microsoft:azure_data_studio:1.41.2.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.5.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.6.7.0
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:19.2.0.0
24270 - Computer Manufacturer Information (WMI)
-
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/02, Modified: 2025/12/15
Plugin Output

tcp/0


Computer Manufacturer : VMware, Inc.
Computer Model : VMware Virtual Platform
Computer SerialNumber : VMware-56 4d f9 70 8a 6c b9 92-74 be be bc f8 0c d7 3b
Computer Type : Other

Computer Physical CPU's : 16
Computer Logical CPU's : 16
CPU0
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU1
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU2
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU3
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU4
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU5
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU6
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU7
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU8
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU9
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU10
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU11
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU12
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU13
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU14
Architecture : x64
Physical Cores: 1
Logical Cores : 1
CPU15
Architecture : x64
Physical Cores: 1
Logical Cores : 1

Computer Memory : 16383 MB
RAM slot #0
Form Factor: DIMM
Type : DRAM
Capacity : 16384 MB
171860 - Curl Installed (Windows)
-
Synopsis
Curl is installed on the remote Windows host.
Description
Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.

Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/23, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus detected 2 installs of Curl:

Path : c:\windows\system32\curl.exe
Version : 7.83.1.0
Managed by OS : True

Path : c:\windows\syswow64\curl.exe
Version : 7.83.1.0
Managed by OS : True

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/135/epmap


The following DCERPC services are available locally :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc095900

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc095900

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8d5c0613ee9f9e9c5c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-34a29c7b7351e43450

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : c969d4f7-c97b-4e19-8f9e-93e7fee4abe7

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000002
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ae5796e0efcca82950

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000003
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0e5419c41ba4753f26

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0497b57d-2e66-424f-a0c6-157cd5d41700, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-0913370109e39f27ba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-0913370109e39f27ba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-0913370109e39f27ba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-0913370109e39f27ba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-0913370109e39f27ba

Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE4DECF69C268A48C0E51F0D334047

Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2106199e4334edd110

Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE4DECF69C268A48C0E51F0D334047

Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2106199e4334edd110

Object UUID : 00000003-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE4DECF69C268A48C0E51F0D334047

Object UUID : 00000003-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2106199e4334edd110

Object UUID : 5252504b-4950-534e-9ae2-7071fc130000
UUID : 9b3e3722-12bf-3191-4b50-525250494453, version 85.115
Description : Unknown RPC service
Annotation : PRRUniversal#9D4D6F36C9AC26F6:5116
Type : Local RPC service
Named pipe : PRRUniversal#9D4D6F36C9AC26F6:5116

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:5116

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#9D4D6F36C9AC26F6:5116

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:5116

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#9D4D6F36C9AC26F6:5116

Object UUID : 03104ab4-0000-0000-9ae2-7071fc130000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:5116

Object UUID : 03104ab4-0000-0000-9ae2-7071fc130000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#9D4D6F36C9AC26F6:5116

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000003
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc6FFE476A3

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000003
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc6FFE476A3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9435cc56-1d9c-4924-ac7d-b60a2c3520e1, version 1.0
Description : Unknown RPC service
Annotation : SPPSVC Default RPC Interface
Type : Local RPC service
Named pipe : SPPCTransportEndpoint-00001

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE2503064CBFC07543C52A6A73F415

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-0c01d7f8c9413b5168

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0
Description : Unknown RPC service
Annotation : LicenseManager
Type : Local RPC service
Named pipe : LicenseServiceEndpoint

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9f69a46ebcf4591466

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9f69a46ebcf4591466

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-6ebbd8f887676548ff

Object UUID : 5252504b-4950-534e-3e45-82aca42d0000
UUID : 9b3e3722-8ce0-3557-4b50-525250494453, version 98.209
Description : Unknown RPC service
Annotation : PRRUniversal#D85EBDC05A9079FE:11684
Type : Local RPC service
Named pipe : PRRUniversal#D85EBDC05A9079FE:11684

Object UUID : 5252504b-4950-534e-e78f-edf724340000
UUID : 9b3e3722-0448-92d0-4b50-525250494453, version 85.115
Description : Unknown RPC service
Annotation : PRRUniversal#23C9EBFAB7E4F61C:13348
Type : Local RPC service
Named pipe : PRRUniversal#23C9EBFAB7E4F61C:13348

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:13348

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#23C9EBFAB7E4F61C:13348

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:13348

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#23C9EBFAB7E4F61C:13348

Object UUID : 078f8dbc-0000-0000-e78f-edf724340000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:13348

Object UUID : 078f8dbc-0000-0000-e78f-edf724340000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#23C9EBFAB7E4F61C:13348

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF0B71920DAEECCB1964B761A8545

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f0e827c810c39a4511

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF0B71920DAEECCB1964B761A8545

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f0e827c810c39a4511

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF0B71920DAEECCB1964B761A8545

Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f0e827c810c39a4511

Object UUID : 5252504b-4950-534e-e3de-f07a882b0000
UUID : 9b3e3722-e22d-7891-4b50-525250494453, version 85.115
Description : Unknown RPC service
Annotation : PRRUniversal#A6CD3AF4B10300A3:11144
Type : Local RPC service
Named pipe : PRRUniversal#A6CD3AF4B10300A3:11144

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:11144

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#A6CD3AF4B10300A3:11144

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:11144

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#A6CD3AF4B10300A3:11144

Object UUID : 03127efc-0000-0000-e3de-f07a882b0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:11144

Object UUID : 03127efc-0000-0000-e3de-f07a882b0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#A6CD3AF4B10300A3:11144

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc06E7022

Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc06E7022

Object UUID : e16530d6-fec6-410d-b2dc-218f8cc0f610
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-32463fbe7d05b693c2

Object UUID : 474ddcaa-8dc5-4465-aa5b-2dc8e96ef20b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-32463fbe7d05b693c2

Object UUID : 95e5236b-97df-49eb-ace7-4919043b7059
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-32463fbe7d05b693c2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2695ba7840669a4a82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2695ba7840669a4a82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2695ba7840669a4a82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2695ba7840669a4a82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2695ba7840669a4a82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2695ba7840669a4a82

Object UUID : 9549eaaa-8a71-4d36-a442-3a3d847dd51b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLE14296FBED79967518F7A1AFB4525

Object UUID : 9549eaaa-8a71-4d36-a442-3a3d847dd51b
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-38cc3187977b2aefb8

Object UUID : 5252504b-4950-534e-c9b0-c26f000e0000
UUID : 9b3e3722-7c9b-d48b-4b50-525250494453, version 85.115
Description : Unknown RPC service
Annotation : PRRUniversal#9B9F0CDAB103935F:3584
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-fb3c-0007-4b50-525250524944
UUID : 9b3e3722-d801-7233-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PR_REMOTE_MANAGER_PROP
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-e72a-000f-4b50-525250524944
UUID : 9b3e3722-e474-f035-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpnPRAGUE_REMOTE_API
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 05fb0fa0-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 05fb0fa0-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-abb6-0007-4b50-525250524944
UUID : 9b3e3722-7551-7dee-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_MEMMANAGER
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-abb6-0007-4b50-525250524944
UUID : 9b3e3722-7551-7dee-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_MEMMANAGER
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 00000000-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 00000000-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-bab3-e001-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : ai_loader_remote_object
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 04b2a984-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 04b2a984-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-c75c-28ad-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : PRRoot
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-8790-000c-4b50-525250524944
UUID : 9b3e3722-1441-c93d-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_TYPE_NAME
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-8790-000c-4b50-525250524944
UUID : 9b3e3722-1441-c93d-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_TYPE_NAME
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-a517-000d-4b50-525250524944
UUID : 9b3e3722-f9a8-d5cb-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_PROFILE_NAME
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-a517-000d-4b50-525250524944
UUID : 9b3e3722-f9a8-d5cb-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_PROFILE_NAME
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-b19c-0002-4b50-525250524944
UUID : 9b3e3722-050c-2b49-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_ID
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-b19c-0002-4b50-525250524944
UUID : 9b3e3722-050c-2b49-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTASK_MANAGER_TASK_ID
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-1931-0005-4b50-525250524944
UUID : 9b3e3722-a39b-5baa-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_REQ
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-1931-0005-4b50-525250524944
UUID : 9b3e3722-a39b-5baa-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_REQ
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-4d95-0005-4b50-525250524944
UUID : 9b3e3722-f7aa-5ba3-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_RSP
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-4d95-0005-4b50-525250524944
UUID : 9b3e3722-f7aa-5ba3-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npAVS_HTTP_RSP
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-b87a-0007-4b50-525250524944
UUID : 9b3e3722-86c2-73eb-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MESSAGE_IS_INCOMING
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-b87a-0007-4b50-525250524944
UUID : 9b3e3722-86c2-73eb-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MESSAGE_IS_INCOMING
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-5916-0003-4b50-525250524944
UUID : 9b3e3722-0276-35b6-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MESSAGE_CHECK_ONLY
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-5916-0003-4b50-525250524944
UUID : 9b3e3722-0276-35b6-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MESSAGE_CHECK_ONLY
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-20c7-000f-4b50-525250524944
UUID : 9b3e3722-c49b-fe45-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PROTOCOL_TYPE
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-20c7-000f-4b50-525250524944
UUID : 9b3e3722-c49b-fe45-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : PROTOCOL_TYPE
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-c384-0000-4b50-525250524944
UUID : 9b3e3722-6122-0a2a-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_VIRTUAL_OBJECT_NAME
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-c384-0000-4b50-525250524944
UUID : 9b3e3722-6122-0a2a-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_VIRTUAL_OBJECT_NAME
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-7401-0008-4b50-525250524944
UUID : 9b3e3722-62c7-816c-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npUserContext
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-7401-0008-4b50-525250524944
UUID : 9b3e3722-62c7-816c-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npUserContext
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-0568-0001-4b50-525250524944
UUID : 9b3e3722-1d09-1186-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npAVS_SCAN_AREA_ID
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-0568-0001-4b50-525250524944
UUID : 9b3e3722-1d09-1186-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npAVS_SCAN_AREA_ID
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-618e-000d-4b50-525250524944
UUID : 9b3e3722-7819-d199-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : antimalware.am_core_dll.registered
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-618e-000d-4b50-525250524944
UUID : 9b3e3722-7819-d199-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : antimalware.am_core_dll.registered
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-4dfb-000b-4b50-525250524944
UUID : 9b3e3722-56be-b1b4-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npSCAN_OBJECT_CONTEXT
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-4dfb-000b-4b50-525250524944
UUID : 9b3e3722-56be-b1b4-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npSCAN_OBJECT_CONTEXT
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-5c94-000c-4b50-525250524944
UUID : 9b3e3722-7dc3-c215-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_READONLY_tERROR
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-5c94-000c-4b50-525250524944
UUID : 9b3e3722-7dc3-c215-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_READONLY_tERROR
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-66bb-0002-4b50-525250524944
UUID : 9b3e3722-b130-2d78-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_EXECUTABLE_PARENT_IO_hOBJECT
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-66bb-0002-4b50-525250524944
UUID : 9b3e3722-b130-2d78-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_EXECUTABLE_PARENT_IO_hOBJECT
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-0726-0007-4b50-525250524944
UUID : 9b3e3722-dfbb-7d89-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_SET_WRITE_ACCESS_tERROR
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-0726-0007-4b50-525250524944
UUID : 9b3e3722-dfbb-7d89-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_OBJECT_SET_WRITE_ACCESS_tERROR
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-21ab-0008-4b50-525250524944
UUID : 9b3e3722-da96-8fb3-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_INTEGRAL_PARENT_IO
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-21ab-0008-4b50-525250524944
UUID : 9b3e3722-da96-8fb3-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npENGINE_INTEGRAL_PARENT_IO
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-554f-0006-4b50-525250524944
UUID : 9b3e3722-3fdc-66a9-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npOBJECT_STARTUP
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-554f-0006-4b50-525250524944
UUID : 9b3e3722-3fdc-66a9-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npOBJECT_STARTUP
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-ae59-0004-4b50-525250524944
UUID : 9b3e3722-49dd-4e78-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : antimalware.oas.PenderPtr
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-ae59-0004-4b50-525250524944
UUID : 9b3e3722-49dd-4e78-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : antimalware.oas.PenderPtr
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-e77b-0006-4b50-525250524944
UUID : 9b3e3722-d7d6-630a-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : native file io object is a stream really
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-e77b-0006-4b50-525250524944
UUID : 9b3e3722-d7d6-630a-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : native file io object is a stream really
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-54e6-0005-4b50-525250524944
UUID : 9b3e3722-97cf-5c32-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : native file io object streams
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-54e6-0005-4b50-525250524944
UUID : 9b3e3722-97cf-5c32-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : native file io object streams
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-c572-000b-4b50-525250524944
UUID : 9b3e3722-7d85-bb8f-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npTM_PROFILE
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-c572-000b-4b50-525250524944
UUID : 9b3e3722-7d85-bb8f-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npTM_PROFILE
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-2be7-0004-4b50-525250524944
UUID : 9b3e3722-2175-40a9-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_SYSCACHED
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-2be7-0004-4b50-525250524944
UUID : 9b3e3722-2175-40a9-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : cpTEMPFILE_SYSCACHED
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 06a12348-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-b8eb-3e0b-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : TaskManager
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 06a12348-0000-0000-c9b0-c26f000e0000
UUID : 9b3e3722-b8eb-3e0b-4b50-52524f424a53, version 85.115
Description : Unknown RPC service
Annotation : TaskManager
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-aa75-0009-4b50-525250524944
UUID : 9b3e3722-b9de-913a-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : DEFER_THREAD_INIT
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-aa75-0009-4b50-525250524944
UUID : 9b3e3722-b9de-913a-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : DEFER_THREAD_INIT
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-1e7b-0004-4b50-525250524944
UUID : 9b3e3722-6afd-4748-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MAILER_PID
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-1e7b-0004-4b50-525250524944
UUID : 9b3e3722-6afd-4748-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MAILER_PID
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-487b-0006-4b50-525250524944
UUID : 9b3e3722-2a49-6623-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npMESSAGE_IS_COMPLETE
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-487b-0006-4b50-525250524944
UUID : 9b3e3722-2a49-6623-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : npMESSAGE_IS_COMPLETE
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-cf60-000f-4b50-525250524944
UUID : 9b3e3722-93c9-f5ca-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : NO_NEED_TREATMENT
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-cf60-000f-4b50-525250524944
UUID : 9b3e3722-93c9-f5ca-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : NO_NEED_TREATMENT
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 9b3e3722-7820-0006-4b50-525250524944
UUID : 9b3e3722-9839-6e01-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MAILER_TID
Type : Local RPC service
Named pipe : PRRNameService:3584

Object UUID : 9b3e3722-7820-0006-4b50-525250524944
UUID : 9b3e3722-9839-6e01-4b50-525250524f50, version 85.115
Description : Unknown RPC service
Annotation : MAILER_TID
Type : Local RPC service
Named pipe : PRRUniversal#9B9F0CDAB103935F:3584

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Local RPC service
Named pipe : ipsec

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-4772203fe290515ef5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-4772203fe290515ef5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-313cd468bb5438244e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-313cd468bb5438244e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-313cd468bb5438244e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-313cd468bb5438244e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e49adf69153ef17ff

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-d992ac4756202d2be2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d992ac4756202d2be2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d992ac4756202d2be2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d992ac4756202d2be2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d992ac4756202d2be2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-135db427fd67f5ef5c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-95792791cdb81e900d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-95792791cdb81e900d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-bf4e435d9a2517e9ab

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-95792791cdb81e900d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-bf4e435d9a2517e9ab

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-78acd977af64ccabb5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-95792791cdb81e900d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-bf4e435d9a2517e9ab

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-78acd977af64ccabb5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-77fd67f7b2729a9cd1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLE61F09ADB8A1D3B99BA9C19F93155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-4ef0d164f13e5f56f1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLE61F09ADB8A1D3B99BA9C19F93155

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-4ef0d164f13e5f56f1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9A7BCDB6FBB981F3B1518A75B97E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c091bad9cdf332b748

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9A7BCDB6FBB981F3B1518A75B97E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c091bad9cdf332b748

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9A7BCDB6FBB981F3B1518A75B97E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c091bad9cdf332b748

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9A7BCDB6FBB981F3B1518A75B97E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c091bad9cdf332b748

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9A7BCDB6FBB981F3B1518A75B97E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c091bad9cdf332b748

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE9A7BCDB6FBB981F3B1518A75B97E

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c091bad9cdf332b748

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-832fbab9bc29912d57

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-832fbab9bc29912d57

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : LRPC-e90dd6c93d9e284d82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : LRPC-e90dd6c93d9e284d82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : LRPC-e90dd6c93d9e284d82

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-098244262de7e4e9dc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-a76289378e7807f5b2

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-4c33d61950613f0b54

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-c7e4dea214e2e4252d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-c7e4dea214e2e4252d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-c7e4dea214e2e4252d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7e4dea214e2e4252d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d7a06f6ff41f9fcebe

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7e4dea214e2e4252d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d7a06f6ff41f9fcebe

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c7e4dea214e2e4252d

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d7a06f6ff41f9fcebe

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-eaea60565f70982c72

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-13229a2ff71efe81ad

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-c5e00903a94bbe9eeb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f87b6ebeee0c1b49f4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f87b6ebeee0c1b49f4

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2fd7cbfa66ff7ebbe3

Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-32b4ea045f66260fd0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-32b4ea045f66260fd0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-69ab26697aa495bfcb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-32b4ea045f66260fd0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-69ab26697aa495bfcb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLEBAA38205D048D971286BFA4D576F

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-219d4cd3fe9187c3f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-32b4ea045f66260fd0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-69ab26697aa495bfcb

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : OLEBAA38205D048D971286BFA4D576F

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-219d4cd3fe9187c3f2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : df4df73a-c52d-4e3a-8003-8437fdf8302a, version 0.0
Description : Unknown RPC service
Annotation : WM_WindowManagerRPC\Server
Type : Local RPC service
Named pipe : LRPC-d46b077d8fcb70f84d

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7d23eede3c512ff42e

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc098A81

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-117db5b89707c421a1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-755b3afe41306aa717

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-755b3afe41306aa717

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-10944cdd7dff162cd7

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-755b3afe41306aa717

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-10944cdd7dff162cd7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-755b3afe41306aa717

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-10944cdd7dff162cd7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8d5c0613ee9f9e9c5c

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-755b3afe41306aa717

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-10944cdd7dff162cd7

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8d5c0613ee9f9e9c5c

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-139cbf54c1010f34ea

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D47F17F89F694F7A9894F54BD44

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1ef7dad490d6091c49

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25e301d9e6d46ab088

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-755b3afe41306aa717

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-10944cdd7dff162cd7

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following DCERPC services are available remotely :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\SPINE-HRMS

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\SPINE-HRMS

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\SPINE-HRMS

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49664/dce-rpc


The following DCERPC services are available on TCP port 49664 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49664
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49665/dce-rpc


The following DCERPC services are available on TCP port 49665 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49665
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49666/dce-rpc


The following DCERPC services are available on TCP port 49666 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.20

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49667/dce-rpc


The following DCERPC services are available on TCP port 49667 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49667
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49668/dce-rpc


The following DCERPC services are available on TCP port 49668 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49668
IP : 172.17.100.20

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49668
IP : 172.17.100.20

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49668
IP : 172.17.100.20

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49668
IP : 172.17.100.20

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49668
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49669/dce-rpc


The following DCERPC services are available on TCP port 49669 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6b5bdd1e-528c-422c-af8c-a4079be4fe48, version 1.0
Description : Unknown RPC service
Annotation : Remote Fw APIs
Type : Remote RPC service
TCP Port : 49669
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49752/dce-rpc


The following DCERPC services are available on TCP port 49752 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49752
IP : 172.17.100.20

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49793/dce-rpc


The following DCERPC services are available on TCP port 49793 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49793
IP : 172.17.100.20

139785 - DISM Package List (Windows)
-
Synopsis
Use DISM to extract package info from the host.
Description
Using the Deployment Image Servicing Management tool, this plugin enumerates installed packages.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/08/25, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

The following packages were enumerated using the Deployment Image Servicing and Management Tool:

Package : Microsoft-Windows-FodMetadata-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Foundation
Install Time : 9/15/2018 7:21 AM

Package : Microsoft-Windows-InternetExplorer-Optional-Package~31bf3856ad364e35~amd64~~11.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:07 AM

Package : Microsoft-Windows-LanguageFeatures-Basic-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-Handwriting-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-OCR-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-Speech-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-LanguageFeatures-TextToSpeech-en-us-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-MediaPlayer-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Microsoft-Windows-NetFx3-OnDemand-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 12/28/2022 3:47 AM

Package : Microsoft-Windows-Security-SPP-Component-SKU-ServerDatacenter-GVLK-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 9:11 AM

Package : Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~10.0.17763.1
State : Installed
Release Type : Language Pack
Install Time : 9/15/2018 9:07 AM

Package : Microsoft-Windows-ServerCore-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 7:21 AM

Package : Microsoft-Windows-ServerCore-SKU-Foundation-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : Feature Pack
Install Time : 9/15/2018 7:21 AM

Package : Microsoft-Windows-TabletPCMath-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:09 AM

Package : Microsoft-Windows-Xps-Xps-Viewer-Opt-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : OpenSSH-Client-Package~31bf3856ad364e35~amd64~~10.0.17763.1
State : Installed
Release Type : OnDemand Pack
Install Time : 9/15/2018 9:08 AM

Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.3630.3
State : Superseded
Release Type : Update
Install Time : 7/10/2020 7:12 PM

Package : Package_for_DotNetRollup~31bf3856ad364e35~amd64~~10.0.4010.2
State : Installed
Release Type : Update
Install Time : 12/28/2022 8:42 AM

Package : Package_for_KB4535680~31bf3856ad364e35~amd64~~10.0.1.0
State : Installed
Release Type : Security Update
Install Time : 12/7/2021 2:47 PM

Package : Package_for_KB4558997~31bf3856ad364e35~amd64~~17763.1337.1.1
State : Installed
Release Type : Security Update
Install Time : 7/10/2020 7:11 PM

Package : Package_for_KB4587735~31bf3856ad364e35~amd64~~17763.1574.1.2
State : Installed
Release Type : Security Update
Install Time : 12/6/2020 10:10 AM

Package : Package_for_KB4589208~31bf3856ad364e35~amd64~~10.0.2.4
State : Installed
Release Type : Update
Install Time : 12/7/2021 2:46 PM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.1339.1.9
State : Superseded
Release Type : Security Update
Install Time : 7/10/2020 7:20 PM

Package : Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10
State : Installed
Release Type : Security Update
Install Time : 12/28/2022 6:23 AM

Package : Package_for_ServicingStack_2262~31bf3856ad364e35~amd64~~17763.2262.1.2
State : Installed
Release Type : Update
Install Time : 12/7/2021 12:52 PM

Package : Package_for_ServicingStack_2328~31bf3856ad364e35~amd64~~17763.2328.1.0
State : Installed
Release Type : Update
Install Time : 12/8/2021 1:47 AM

Package : Package_for_ServicingStack_2510~31bf3856ad364e35~amd64~~17763.2510.1.2
State : Installed
Release Type : Update
Install Time : 3/24/2022 6:18 AM

Package : Package_for_ServicingStack_2744~31bf3856ad364e35~amd64~~17763.2744.1.2
State : Installed
Release Type : Update
Install Time : 5/4/2022 4:40 AM

Package : Package_for_ServicingStack_3641~31bf3856ad364e35~amd64~~17763.3641.1.1
State : Installed
Release Type : Security Update
Install Time : 12/28/2022 3:59 AM

84239 - Debugging Log Report
-
Synopsis
This plugin gathers the logs written by other plugins and reports them.
Description
Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/06/17, Modified: 2025/07/14
Plugin Output

tcp/0

Plugin debug log(s) have been attached.
55472 - Device Hostname
-
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/06/30, Modified: 2025/12/15
Plugin Output

tcp/0


Hostname : SPINE-HRMS
SPINE-HRMS (WMI)
54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2025/03/12
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 100

19689 - Embedded Web Server Detection
-
Synopsis
The remote web server is embedded.
Description
The remote web server cannot host user-supplied CGIs. CGI scanning will be disabled on this server.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/09/14, Modified: 2025/09/29
Plugin Output

tcp/5800/www

71246 - Enumerate Local Group Memberships
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering Group data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/06, Modified: 2025/12/15
Plugin Output

tcp/0

Group Name : Access Control Assistance Operators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-579
Members :

Group Name : Administrators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-544
Members :
Name : production
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-500
Name : tidua
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-1009

Group Name : Backup Operators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-551
Members :

Group Name : Certificate Service DCOM Access
Host Name : SPINE-HRMS
Group SID : S-1-5-32-574
Members :

Group Name : Cryptographic Operators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-569
Members :

Group Name : Device Owners
Host Name : SPINE-HRMS
Group SID : S-1-5-32-583
Members :

Group Name : Distributed COM Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-562
Members :
Name : production
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-500

Group Name : Event Log Readers
Host Name : SPINE-HRMS
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : SPINE-HRMS
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-501

Group Name : Hyper-V Administrators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-578
Members :

Group Name : IIS_IUSRS
Host Name : SPINE-HRMS
Group SID : S-1-5-32-568
Members :

Group Name : Network Configuration Operators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-559
Members :
Name : MSSQLServerOLAPService
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : Performance Monitor Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-558
Members :
Name : MSSQLSERVER
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Name : SQLSERVERAGENT
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : Power Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-547
Members :

Group Name : Print Operators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-550
Members :

Group Name : RDS Endpoint Servers
Host Name : SPINE-HRMS
Group SID : S-1-5-32-576
Members :

Group Name : RDS Management Servers
Host Name : SPINE-HRMS
Group SID : S-1-5-32-577
Members :

Group Name : RDS Remote Access Servers
Host Name : SPINE-HRMS
Group SID : S-1-5-32-575
Members :

Group Name : Remote Desktop Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-555
Members :

Group Name : Remote Management Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-580
Members :

Group Name : Replicator
Host Name : SPINE-HRMS
Group SID : S-1-5-32-552
Members :

Group Name : Storage Replica Administrators
Host Name : SPINE-HRMS
Group SID : S-1-5-32-582
Members :

Group Name : System Managed Accounts Group
Host Name : SPINE-HRMS
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-503

Group Name : Users
Host Name : SPINE-HRMS
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : SPINE-HRMS
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : SPINE-HRMS
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Lkpadmin
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-1000
Name : tidua
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-1009

Group Name : Cyber Operators
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1008
Members :

Group Name : HelpLibraryUpdaters
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1001
Members :
Name : production
Domain : SPINE-HRMS
Class : Win32_UserAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-500

Group Name : KLAdmins
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1006
Members :
Name : ksnproxy
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : KLOperators
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1007
Members :

Group Name : SQLServer2005SQLBrowserUser$WIN-1R3TN9P7KEQ
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1002
Members :
Name : SQLBrowser
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : SQLServerMSASUser$WIN-1R3TN9P7KEQ$MSSQLSERVER
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1003
Members :
Name : MSSQLServerOLAPService
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :

Group Name : WSS_ADMIN_WPG
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1004
Members :

Group Name : WSS_WPG
Host Name : SPINE-HRMS
Group SID : S-1-5-21-1687551350-3880216100-4069998428-1005
Members :
72684 - Enumerate Users via WMI
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.
Description
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin.

Note: Unable to query local Domain Controllers during Agent scans.
Rendering User data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/02/25, Modified: 2025/12/15
Plugin Output

tcp/0


Name : DefaultAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-503
Disabled : True
Lockout : False
Change password : True
Source : Local

Name : Guest
SID : S-1-5-21-1687551350-3880216100-4069998428-501
Disabled : True
Lockout : False
Change password : False
Source : Local

Name : Lkpadmin
SID : S-1-5-21-1687551350-3880216100-4069998428-1000
Disabled : False
Lockout : False
Change password : False
Source : Local

Name : production
SID : S-1-5-21-1687551350-3880216100-4069998428-500
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : tidua
SID : S-1-5-21-1687551350-3880216100-4069998428-1009
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : WDAGUtilityAccount
SID : S-1-5-21-1687551350-3880216100-4069998428-504
Disabled : True
Lockout : False
Change password : True
Source : Local

No. Of Users : 6
168980 - Enumerate the PATH Variables
-
Synopsis
Enumerates the PATH variable of the current scan user.
Description
Enumerates the PATH variables of the current scan user.
Solution
Ensure that directories listed here are in line with corporate policy.
Risk Factor
None
Plugin Information
Published: 2022/12/21, Modified: 2025/12/18
Plugin Output

tcp/0

Nessus has enumerated the path of the current scan user :

C:\Windows\system32
C:\Windows
C:\Windows\System32\Wbem
C:\Windows\System32\WindowsPowerShell\v1.0\
C:\Windows\System32\OpenSSH\
C:\Program Files\Microsoft SQL Server\120\DTS\Binn\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\
C:\Program Files\Microsoft SQL Server\120\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\
C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\
C:\Program Files\BackupClient\CommandLineTool\
C:\Program Files (x86)\Common Files\Acronis\FileProtector\
C:\Program Files (x86)\Common Files\Acronis\FileProtector64\
C:\Program Files\BackupClient\PyShell\bin\
C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\
C:\Program Files\Microsoft SQL Server\150\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\
C:\Program Files\Microsoft SQL Server\150\DTS\Binn\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\
C:\Program Files\Azure Data Studio\bin
C:\Users\tidua\AppData\Local\Microsoft\WindowsApps
117530 - Errors in nessusd.dump
-
Synopsis
This plugin parses information from the nessusd.dump log file and reports on errors.
Description
This plugin parses information from the nessusd.dump log file and reports on errors.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/09/17, Modified: 2024/11/04
Plugin Output

tcp/0

The nessusd.dump log file contained errors from the following plugins:

- apache_log4j_2_17_0.nasl reported 2 errors
- apache_log4j_2_17_1.nasl reported 2 errors
- smb_nt_ms23_aug_sqlserver_odbc_driver.nasl reported 1 error
- react_CVE-2025-55182.nbin reported 4 errors
- log4j_log4shell_www.nbin reported 1 error
- wmi_start_server_svc.nbin reported 4 errors
35716 - Ethernet Card Manufacturer Detection
-
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/02/19, Modified: 2020/05/13
Plugin Output

tcp/0


The following card manufacturers were identified :

00:50:56:BC:92:1F : VMware, Inc.
86420 - Ethernet MAC Addresses
-
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/10/16, Modified: 2025/06/10
Plugin Output

tcp/0

The following is a consolidated list of detected MAC addresses:
- 00:50:56:BC:92:1F
92439 - Explorer Search History
-
Synopsis
Nessus was able to gather a list of items searched for in the Windows UI.
Description
Nessus was able to gather evidence of cached search results from Windows Explorer searches.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0


Explorer search history report attached.
56310 - Firewall Rule Enumeration
-
Synopsis
A firewall is configured on the remote host.
Description
Using the supplied credentials, Nessus was able to get a list of firewall rules from the remote host.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/09/28, Modified: 2020/09/11
Plugin Output

tcp/0

report output too big - ending list here

34196 - Google Chrome Detection (Windows)
-
Synopsis
The remote Windows host contains a web browser.
Description
Google Chrome, a web browser from Google, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0511
Plugin Information
Published: 2008/09/12, Modified: 2025/07/10
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Google\Chrome\Application
Version : 143.0.7499.193

Note that Nessus only looked in the registry for evidence of Google
Chrome. If there are multiple users on this host, you may wish to
enable the 'Perform thorough tests' setting and re-scan. This will
cause Nessus to scan each local user's directory for installs.

84502 - HSTS Missing From HTTPS Server
-
Synopsis
The remote web server is not enforcing HSTS.
Description
The remote HTTPS server is not enforcing HTTP Strict Transport Security (HSTS). HSTS is an optional response header that can be configured on the server to instruct the browser to only communicate via HTTPS. The lack of HSTS allows downgrade attacks, SSL-stripping man-in-the-middle attacks, and weakens cookie-hijacking protections.
See Also
Solution
Configure the remote web server to use HSTS.
Risk Factor
None
Plugin Information
Published: 2015/07/02, Modified: 2024/08/09
Plugin Output

tcp/443/www


HTTP/1.1 404 Not Found

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 18:32:45 GMT
Connection: close
Content-Length: 315


The remote HTTPS server does not send the HTTP
"Strict-Transport-Security" header.

43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.

The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD

Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.

As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.

Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output

tcp/80/www

Based on the response to an OPTIONS request :

- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :

/
10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/80/www

The remote web server type is :

Microsoft-IIS/10.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/443/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/5800/www

The remote web server type is :

RealVNC/E4

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/5985/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/18018/www

The remote web server type is :

Crow/0.3

10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0931
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output

tcp/47001/www

The remote web server type is :

Microsoft-HTTPAPI/2.0

12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2025/03/13
Plugin Output

tcp/0


172.17.100.20 resolves as SPINE-HRMS.

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/80/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :

Cache-Control: max-age=31536000
Content-Type: text/html
Last-Modified: Wed, 28 Dec 2022 06:34:38 GMT
Accept-Ranges: bytes
ETag: "1f165075861ad91:0"
Server: Microsoft-IIS/10.0
Date: Fri, 09 Jan 2026 18:36:29 GMT
Content-Length: 703

Response Body :

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {
color:#000000;
background-color:#0072C6;
margin:0;
}

#container {
margin-left:auto;
margin-right:auto;
text-align:center;
}

a img {
border:none;
}

-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&amp;clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/81/www


Response Code : HTTP/1.1 200 OK

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Cache-Control: public, no-store, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Fri, 09 Jan 2026 18:36:29 GMT
Last-Modified: Fri, 09 Jan 2026 18:36:29 GMT
Vary: *
X-Frame-Options: SAMEORIGIN
X-Powered-By: ASP.NET
Date: Fri, 09 Jan 2026 18:36:29 GMT
Content-Length: 90307

Response Body :




<!DOCTYPE html>

<html>
<head>
<meta name="viewport" content="width=device-width" />





<link href="/Content/bootstrap.min.css" rel="stylesheet"/>
<link href="/Content/animate.css" rel="stylesheet"/>
<link href="/Content/plugins/toastr/toastr.min.css" rel="stylesheet"/>
<link href="/Content/style.css" rel="stylesheet"/>
<link href="/Content/Site.css" rel="stylesheet"/>



<script src="/Scripts/modernizr-2.6.2.js"></script>



<link href="/Content/fonts/font-awesome/css/font-awesome.min.css" rel="stylesheet"/>



<script src="/Scripts/jquery-3.2.1.min.js"></script>



<script src="/Scripts/plugins/jquery-ui/jquery-ui.min.js"></script>



<script src="/Scripts/bootstrap.min.js"></script>



<script src="/Scripts/plugins/toastr/toastr.min.js"></script>


<script src="/Scripts/plugins/datapicker/bootstrap-datepicker.js"></script>



<script src="/Scripts/Custom/Common/dataLogger.js"></script>
<script src="/Scripts/Custom/Common/viewManager.js"></script>
<script src="/Scripts/Custom/Common/general.js"></script>



<script src="/Scripts/plugins/pwstrength/pwstrength-bootstrap.min.js"></script>

<script src="/Scripts/plugins/pwstrength/zxcvbn.js"></script>


<script src="/Scripts/Custom/Common/fileUploadManager.js"></script>


<link href="/Content/plugins/dataTables/datatables.min.css" rel="stylesheet" />
<script src="/Scripts/plugins/dataTables/datatables.min.js"></script>


<title>Spine-NX</title>
<link rel="icon" type="images/x-icon" href="/Content/favicon.ico" />

<style type="text/css">
.headCase {
text-transform: none;
}

.lab-Normal {
font-weight: normal;
}

.footer {
position: fixed;
width: 100;
/*left: 0;
bottom: 0;
width: 100%;
background-color: #efeded;
color:#898787 ;*/
/*text-align: center;*/
}

#cookieAcceptBtn {
display: contents !important;
}

@media all and (max-width:400px) {
.mdhide {
display: none;
}

.p-xxs {
padding: 2px;
}
}

.flag {
width: 30px;
height: 20px;
vertical-align: middle;
margin-left: 25px;
border: 1px solid #e8e6e6;
}

.sml {
font-size: initial;
}

.spresetpass {
font-size: x-large;
}

.serviceEllipses {
display: inline-block;
white-space: nowrap;
width: 340px;
overflow: hidden;
text-overflow: ellipsis;
}

.fz-10 {
font-size: 10px;
}
</style>
</head>
<body>

<div class="container" id="login">

<div class="login-outer">
<div id="divlogin" class="hidden">
<div class="login-sign col-lg-4 col-md-4 col-sm-4">
<i class="fa fa-sign-in login-icon" style="font-size:107px;"></i>
</div>
<div class="login-form col-lg-8 col-md-8 col-sm-8">
<form id="frmLogin" autocomplete="off" class="form-horizontal" action="/Home/Login/DoLogin" method="post">
<input name="__RequestVerificationToken" type="hidden" value="DxGO7iL3cGy5hqUSZMHALyA2PqUfdaXaoQ67HOnrvqwR2briANMPAWNNF49YQHq7y21q5qcbdzJRQ3tnj39NYZzgnmpIgfzDCB29sUynfs01" />

<input type="hidden" id="UserMapCode" name="UserMapCode" value="" />
<input type="hidden" id="SD" name="SD" value="4277730192561385" />
<input type="hidden" id="LoginUserName" name="UserName" value="" />
<input type="hidden" id="UserId" name="UserId" value="0" />

<fieldset>
<legend><h4 class="login-heading headCase">Spine-<small><span class="text-warning">NX</span></small> Login <small class="sml"></small></h4></legend>
<div>
<div class="col-md-12">
<div class="form-group">
<label class="col-md-4 control-label" for="ddlUserMapCode">Company</label>
<div class="col-md-8 controls">
<select class=" form-control " id="ddlUserMapCode" name="ddlUserMapCode"><option>C001 - LKP1</option>
<option>C002 - LKP2</option>
</select> </div>
</div>
</div>
</div>

<div class="input-group" data-autoclose="true">
<div class="col-md-12">
<div class="form-group">
<label class="col-md-4 control-label" for="txtLoginUserName">User Name</label>
<div class="col-md-8 controls">
<div class="input-group" data-autoclose="true">
<input type="text" id="txtLoginUserName" placeholder="Enter User Name" value="" class="form-control input-sm " />
<span class="input-group-addon">
<span class="fa fa-user"></span>
</span>
</div>
</div>
</div>
</div>
</div>

<div>
<div class="col-md-12">
<div class="form-group">
<label class="col-md-4 control-label" for="txtLoginUserPass">Password</label>
<div class="col-md-8 controls">
<div class="input-group" data-autoclose="true">
<input type="password" id="txtLoginUserPass" name="UserPass" placeholder="Enter Password" maxlength="30" class="form-control input-sm" onkeypress="loginManager.capLock(event);" />
<span class="input-group-addon">
<span class="fa fa-lock"></span>
</span>
</div>
<span id="divCapsLock" class="text-info hidden">Caps Lock is on.</span>
</div>

</div>

</div>
</div>
<div>
<div class="col-md-12">

<div class="form-group">
<div class="col-lg-4 control-label">
<a id="btnForgot" onclick="loginManager.forgotPassword();">Forgot Password ?</a>
</div>
<div class="col-md-8 ">
<button type="submit" id="btnSave" onclick="loginManager.onSumbit();" class="btn btn-primary">Login</button>
<button type="reset" id="btnReset" onclick="loginManager.resetdata();" class="btn btn-danger">Reset</button>
<button type="button" id="btnLicenseInfo" onclick="loginManager.showlicInfo();" class="btn btn-warning">License Info <i class="fa fa-chevron-right"></i></button>

</div>
</div>
</div>
</div>

<div>
<div class="col-md-12">
<div class="form-group">
<div class="col-md-12">


<span id="spnError" class="text-center"></span>

</div>
</div>
</div>
</div>

</fieldset>
</form>
</div>

<div class="text-justify fz-10">
<p>
<span><b>Disclaimer</b> </span>
Every effort has been made to legitimate information and to avoid mistakes in this product and services. However, errors and omissions might have crept by inadvertently It is notified that we do not hold ourselves responsible for any legal action either civil or criminal and to any damage or loss occurring to anyone therefrom.
</p>
</div>

</div>





<div id="divLicenseInfo" class="animated hidden">

<div class="ibox">


<div class="ibox-content">
<legend>
<h4 class="login-heading headCase">License Info</h4>
</legend>



<div class="form-horizontal">

<div class="form-group">
<label class="col-md-2 control-label">Manufacturer</label>
<div class="col-md-10">
<span class="col-md-12 bg-muted p-xxs b-r-sm">Spine Technologies India Private Limited&nbsp;</span>
</div>
</div>


<div class="form-group">
<label class="col-md-2 control-label">License Key</label>
<div class="col-md-10">
<span class="col-md-12 bg-muted p-xxs b-r-sm">
Payrollnx@JISYPBR3URSTGUHOHGPB &nbsp;&nbsp;
<span id="spnLicenseStatus" class="bg-primary p-xxs b-r-sm">
<span class="mdhide">Active </span>
<i class="fa fa-check-circle"></i>
</span>

</span>
</div>
</div>

<div class="row">
<div class="col-sm-6">
<div class="form-group">
<label class="col-md-4 control-label">Product</label>
<div class="col-md-8">
<span class="col-md-12 bg-muted p-xxs b-r-sm">Spine-NX&nbsp;</span>
</div>
</div>
</div>
<div class="col-sm-6">
<div class="form-group">
<label class="col-md-4 control-label">Version</label>
<div class="col-md-8">
<span class="col-md-12 bg-muted p-xxs b-r-sm">
V 10.9.0.0&nbsp;
<img src="/Images/flags-normal/IND.png" class="flag" />

</span>
</div>
</div>
</div>
</div>

<br />
<div class="form-group">
<label class="col-md-2 control-label">Registered To</label>
<div class="col-md-10">
<span class="col-md-12 bg-muted p-xxs b-r-sm">LKP SECURITIES LIMITED&nbsp;</span>
</div>
</div>
<div class="form-group">
<label class="col-md-2 control-label">License Type</label>
<div class="col-md-10">
<span class="col-md-12 bg-muted p-xxs b-r-sm">Regular&nbsp;</span>
</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="form-group">
<label class="col-md-4 control-label">System Date</label>
<div class="col-md-8">
<span class="col-md-12 bg-muted p-xxs b-r-sm">
10-Jan-2026
&nbsp;
</span>
</div>
</div>
</div>

<div class="col-sm-6">

</div>
</div>
<div class="row">
<div class="col-sm-6">
<div class="form-group">
<label class="col-md-4 control-label">Registered Mobile</label>
<div class="col-md-8">
<span class="col-md-12 bg-muted p-xxs b-r-sm">&nbsp;</span>
</div>
</div>
</div>

<div class="col-sm-6">
<div class="form-group">
<label class="col-md-4 control-label">Registered Email</label>
<div class="col-md-8">
<span class="col-md-12 bg-muted p-xxs b-r-sm">&nbsp;</span>
</div>
</div>
</div>
</div>
<br />
<div class="form-group">
<div class="col-md-10 col-md-offset-2">
<a href="http://spinetechnologies.com/downloadupgrades.htm" class="btn btn-info btn-xs" target="_blank">
<i class="fa fa-download"></i> Download Upgrade
</a>





<div class="pull-right">
<button type="button" id="btnBackToLogin" onclick="loginManager.backToLogin();" class="btn btn-success btn-xs pull-right">
<i class="fa fa-chevron-left"></i> Back To Login
</button>
</div>
</div>

</div>
</div>
</div>
</div>
</div>

<div id="divStructDbCnt" class="hidden">

<div class="ibox">

<div class="ibox-content">
<legend>
<div class="row">
<div class="col-sm-8">
<h4 class="login-heading headCase">Database Structure Count Info</h4>
</div>
<div class="col-sm-4">

<button type="button" onclick="loginManager.showlicInfo();" class="btn btn-success pull-right mgrtp-23">
<i class="fa fa-chevron-left"></i> Back To License Info
</button>


</div>
</div>

</legend>

<div class="form-horizontal">

<div class="row">

<div class="col-sm-10">
<div class="form-group">
<label class="col-md-2 control-label">Company</label>
<div class="col-md-4 controls">
<select class=" form-control " id="CompId" name="CompId" onchange="loginManager.showStructCnt()"><option>C001 - LKP1</option>
<option>C002 - LKP2</option>
</select> </div>
</div>
</div>

<div id="divTblStructDbCount" class="table-responsive col-sm-12"></div>

</div>




</div>
</div>
</div>
</div>



<div id="divStructDbDetail" class="hidden">

<div class="ibox">

<div class="ibox-content">
<legend>
<div class="row">
<div class="col-md-8">
<h4 class="login-heading headCase" id="divHeading"></h4>
</div>
<div class="col-md-4">
<button type="button" class="btn btn-success pull-right" onclick="loginManager.clsStructDBDetail()"><i class="fa fa-chevron-left"></i>&nbsp;Back To Count List</button>
</div>
</div>

</legend>

<div class="form-horizontal">

<div class="row">

<div class="col-sm-12">
<div id="divtblStrctDbDetail" class="table-responsive"></div>
</div>


<div class="form-group btnCtrls">
<div class="col-sm-offset-2 col-sm-10">

</div>
</div>
</div>
</div>
</div>
</div>

</div>



</div>




</div>

<div id="dvProgress" class="bgOverlay">
<div style="text-align:center; vertical-align:middle; position:absolute;top:50%;left:50%;">
<div class="spiner-example">
<div class="sk-spinner sk-spinner-three-bounce">
<div class="sk-bounce1"></div>
<div class="sk-bounce2"></div>
<div class="sk-bounce3"></div>
</div>
</div>
</div>
</div>

<div id="divDisclaimer" class="modal fade" role="dialog" data-backdrop="static" data-keyboard="false">
<div class="modal-dialog modal-lg">

<div class="modal-content">

<div class="modal-body" id="modelBody">

<span>
We use cookies to give you the best possible experience on our website.<br /><br />

When you visit any website, it may store or retrieve information on your browser, mostly in the form of cookies. This information might be about you, your preferences or your device and is mostly used to make the site work as you expect it to. The information does not usually directly identify you, but it can give you a more personalized web experience. Because we respect your right to privacy, you can choose not to allow some types of cookies. However, blocking some types of cookies may impact your experience of the site and the services we are able to offer.
</span>

</div>
<div class="modal-footer">
<div class="form-group">
<div class="col-md-12">
<input type="button" class="btn btn-success" id="btnAccept" value="Accept All Cookies" />
</div>
</div>
</div>

</div>
</div>
</div>

<div id="divResetPass" class="modal fade" role="dialog" data-backdrop="static" data-keyboard="false">
<div class="modal-dialog modal-md">

<div class="modal-content">

<div class="modal-body" id="modelBody">

<span class="spresetpass">
New password is sonic (Please login again)
</span>

</div>
<div class="modal-footer">
<div class="form-group">
<div class="col-md-12">
<input type="button" class="btn btn-success" id="btnResetPass" onclick="loginManager.resetPass()" value="OK" />
</div>
</div>
</div>

</div>
</div>
</div>



<form id="frmChngPass" class="form-horizontal" action="/Menu/Users/ChangePassword" method="post">
<div id="chngPassModal" class="modal fade" role="dialog">
<div class="modal-dialog">
<!--Modal content-->
<div class="modal-content">
<div class="modal-header">

<button type="button" class="close" data-dismiss="modal" onclick="changePasswordManager.cancel();">&times;</button>
<h3 class="text-info">Change Password</h3>
</div>
<div class="modal-body" id="pwd-container1">


<div class="form-group">
<label class="col-md-3 control-label" for="txtOldUserPass">Current Password</label>
<div class="col-md-6 controls">
<div class="input-group" data-autoclose="true">
<input type="password" id="txtOldUserPass" name="OldUserPass" placeholder="Enter Old Password" class="form-control input-sm" required />
<span class="input-group-addon">
<span class="fa fa-lock"></span>
</span>
</div>
</div>
</div>

<div class="form-group">
<label class="col-md-3 control-label" for="txtUserPass">New Password</label>
<div class="col-md-6 controls">
<div class="input-group" data-autoclose="true">
<input type="password" id="txtUserPass" name="UserPass" placeholder="Enter New Password" class="form-control input-sm pwdMeterStrength1" required />
<span class="input-group-addon">
<span class="fa fa-lock"></span>
</span>
</div>
</div>
<div class="col-md-3">
<div id="bar1" class="pwstrength_viewport_progress hidden"></div>
</div>
</div>



<div class="form-group">
<label class="col-md-3 control-label" for="txtConfirmUserPass">Confirm Password</label>
<div class="col-md-6 controls">
<div class="input-group" data-autoclose="true">
<input type="password" id="txtConfirmUserPass" name="ConfirmUserPass" placeholder="Confirm Password" class="form-control input-sm pwdMeterStrength2" required />
<span class="input-group-addon">
<span class="fa fa-lock"></span>
</span>
</div>
</div>
<div class="col-md-3">
<div id="bar2" class="pwstrength_viewport_progress hidden"></div>
</div>
</div>



</div>
<div class="modal-footer">

<div class="form-group">
<div class="col-md-6 col-lg-offset-2">
<button type="button" class="btn btn-primary" onclick="return changePasswordManager.save();">Update</button>
<button type="reset" id="btnChangePassReset" class="btn btn-warning" onclick="changePasswordManager.reset();">Reset</button>
<button type="button" class="btn btn-danger" data-dismiss="modal" onclick="changePasswordManager.cancel();">Cancel</button>
<input type="hidden" id="UserName" name="UserName" value="" />
<input type="hidden" id="chngSD" name="SD" value="3695023829232581" />
</div>
</div>

</div>

</div>
</div>
</div>

</form>

<script src="/Scripts/Custom/Common/787d299.js"></script>
<script type="text/javascript">


var changePasswordManager = (function () {


var validate = function () {
var isValid = true;

var $OldUserPass = $('#frmChngPass #txtOldUserPass');
var $UserPass = $('#frmChngPass #txtUserPass');
var $ConfirmUserPass = $('#frmChngPass #txtConfirmUserPass');

if ($OldUserPass.val() == '' || $UserPass.val() == '' || $ConfirmUserPass.val() == '') {
$('<button type="submit">').appendTo('#frmChngPass').click().remove();
isValid = false;
}

if ($ConfirmUserPass.val() != $UserPass.val()) {
toastr.error("New Password and Confirm Password does not match.", "Password Error");
isValid = false;
}

if (isValid) {

var sd = CryptoJS.enc.Utf8.parse($('#frmChngPass #chngSD').val());

$('#frmChngPass').append($('<input/>', { id: 'tmpUserName', type: 'hidden' }));

$('#frmChngPass #tmpUserName').val(txtEnc($('#frmChngPass #UserName').val(), sd));

$OldUserPass.val(txtEnc($OldUserPass.val(), sd));

$UserPass.val(txtEnc($UserPass.val(), sd));

$ConfirmUserPass.val($UserPass.val());
}

return isValid
}

var confirmPassword = function () {

var $UserPass = $('#frmChngPass #txtUserPass');
var $ConfirmUserPass = $('#frmChngPass #txtConfirmUserPass');

if ($UserPass.val() != "" && $ConfirmUserPass.val() != "") {

if ($ConfirmUserPass.val() != $UserPass.val()) {
toastr.error("New Password and Confirm Password does not match.", "Password Error");
}
}
}


var init = function (CPType) {
if (CPType != 'ChngPassOnExpire') {
$('#chngPassModal').modal({ show: true, backdrop: 'static', keyboard: false });
}
else if (CPType != 'ChngPassFirstTime') {
$('#chngPassModal').modal({ show: true, backdrop: 'static', keyboard: false });
}
else {
$('#chngPassModal').modal('show');
}
}

var reset = function () {
$('#bar1').addClass('hidden');
$('#bar1 .progress-bar').css('width', '1%');

$('#bar2').addClass('hidden');
$('#bar2 .progress-bar').css('width', '1%');
}

var cancel = function () {
$('#btnChangePassReset').click();
}


var txtEnc = function (v, k) {

return CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(v), k, {
keySize: 128 / 8,
iv: k,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
}

var save = function () {

if (validate()) {

var paramData = {};
paramData.UserName = $('#frmChngPass #tmpUserName').val(); $('#frmChngPass #tmpUserName').remove();
paramData.OldUserPass = $('#frmChngPass #txtOldUserPass').val();
paramData.UserPass = $('#frmChngPass #txtUserPass').val();
paramData.SD = $('#frmChngPass #chngSD').val();

$.ajax({
url: '/Menu/Users/ChangePassword',
type: 'POST',
data: paramData
}).done(function (data) {

if (data.infoMsg != '' || data.successMsg != '') {

if (data.infoMsg != '') {
toastr.error(data.infoMsg, data.title);
}

if (data.successMsg != '') {



toastr.success(data.successMsg, data.title);

if ($('#login').length > 0) { $('#login').removeClass('hidden'); }
}

$('#chngPassModal').modal('hide');
}

else if (data.errMsg != '') {


toastr.error(data.errMsg, data.title);
}

$('#frmChngPass #txtOldUserPass').val('');
$('#frmChngPass #txtUserPass').val('');
$('#frmChngPass #txtConfirmUserPass').val('');
reset();

}).fail(function () {
toastr.error("Failed to change the password.", "Error");
})
}

}

return {
init: init,
save: save,
reset: reset,
cancel: cancel,
confirmPassword: confirmPassword
}
})();
</script>





<form id="frmForgotPass" class="form-horizontal">
<div id="divForgotPass" class="modal fade" role="dialog">
<div class="modal-dialog">
<!--Modal content-->
<div class="modal-content">
<div class="modal-header">
<h2 id="headerText"></h2>
</div>
<div class="modal-body" id="modelBody">

<div class="form-group hidden" id="divBodyText">
<div class="col-md-12">
<label id="lblBodyText" class="h4">Do you want to reset your password</label>
</div>
</div>

<div class="form-group aligncenter">
<div class="row aligncenter">
<div class="col-md-5 hidden col-md-offset-1 aligncenter" id="divOTP">

<input type="text" id="txtOTP" class="form-control" placeholder="Enter OTP" />
</div>
<div id="hideMsg" class="col-md-5 col-md-offset-1 aligncenter">
<span class="h4 text-primary aligncenter" id="spnTime"></span>
</div>
</div>
</div>




<div>
<div class="row">
<div id="hideMsg" class="col-sm-offset-4 col-sm-4">
<span class="h3 text-primary" id="spnTime"></span>
</div>
</div>
</div>

<input type="hidden" id="hdnUsedFor" />
</div>
<div class="modal-footer">
<div class="form-group">
<div class="col-md-12">
<input type="button" class="btn btn-primary hidden" id="btnOTP" value="Submit OTP" />
<input type="button" class="btn btn-primary hidden" id="btnUserAuthOTP" value="Submit OTP" />
<input type="button" class="btn btn-success hidden" id="btnResend" value="Resend OTP" onclick="forgotPasswordCommon.cnfYes();" />
<input type="button" class="btn btn-success hidden" id="btnCnfYes" value="Yes" onclick="forgotPasswordCommon.cnfYes();" />
<input type="button" class="btn btn-danger hidden" id="btnCnfNo" value="No" onclick="forgotPasswordCommon.cnfNo();" />
<input type="button" class="btn btn-danger hidden" id="btnCancel" value="Cancel" onclick="forgotPasswordCommon.cancel();" />
</div>
</div>
</div>

</div>
</div>
</div>

</form>


<script type="text/javascript">
var usedFor = ""; var timer, boxValue;
$(document).ready(function () {

});

var forgotPasswordCommon = (function () {

var showConfirmation = function (data) {
boxValue = data;
if (data.headerText != undefined) {
$("#headerText").text(data.headerText);
}


if (data.bodyText != undefined) {
$("#lblBodyText").text(data.bodyText);
$("#divBodyText").removeClass("hidden");
}

if (data.bodyHtml != undefined) {
$("#divBodyText").html(data.bodyHtml).removeClass("hidden");
}

if (data.showCnfYes) {
$("#btnCnfYes").removeClass("hidden");
}

if (data.showCnfNo) {
$("#btnCnfNo").removeClass("hidden");
}

if (data.usedFor != undefined) {
$("#hdnUsedFor").val(data.usedFor);
}

};

var cnfYes = function () {
$("#spnTime").text("");
$("#txtOTP").val("");
$("#spnTime").prop("class", "h3 text-primary");
clearInterval(timer);
$("#divlogin").css("display", "none");
hiddenClass(["btnCnfYes", "btnCnfNo", "divBodyText"]);
displayClass(["hideMsg"]);

var dataPar = {};
dataPar.usedFor = $("#hdnUsedFor").val();
dataPar.UserId = $("#UserId").val();

$.ajax({
type: "post",
//dataType: "json",
data: dataPar,
url: "/Home/Login/SendOTP" + '?dt=' + new Date(),
//async : false
}).done(function (response) {

if (response.isSuccess) {

//added temporarily for testing purpose
//console.clear();
//console.log(response.xyz);

//if (response.mailSent) {
$("#headerText").text(boxValue.afterYesHeader);
$("#lblBodyText").text("");
displayClass(["divOTP", "btnOTP", "btnResend", "btnCancel"]);

if (dataPar.usedFor == "isUserAuthOTP") {
$("#btnOTP").addClass("hidden");
}

var time = 0, min = 0, sec = 0, secString = "";
time = response.timer;
timer = setInterval(function () {
time -= 1;
min = Math.floor((time % (60 * 60)) / (60));
sec = Math.floor((time % (60)));

secString = sec.toString();
if (sec < 10) {
secString = "0" + sec;
}

if (min < 2 & min >= 1) {
$("#spnTime").prop("class", "h3 text-warning");
}
else if (min < 1) {
$("#spnTime").prop("class", "h3 text-danger");
}

$("#spnTime").text("0" + min + " : " + secString + "");
if (time == 0) {
$("#spnTime").text("Time Expired");
$("#lblBodyText").text("");
hiddenClass(["divOTP", "btnOTP"]);
clearInterval(timer);
}
}, 1000);
//changed by Priyanka on 13-May-2021 to change msg while send sms and mail both -Ref task 809
if (response.SmsSent && response.mailSent) {
//toastr.info("OTP successfully sent to your registered email id and mobile .");
toastr.info(response.infoMsg);
}
else if (response.SmsSent) {
//toastr.info("OTP successfully sent to your registered mobile number.");
toastr.info(response.infoMsg);
}
else if (response.mailSent) {
//toastr.info("OTP successfully sent to your registered email id.");
toastr.info(response.infoMsg);
}

if (response.msg != "") {
toastr.error(response.msg);
}

//} else {
// forgotPasswordCommon.cancel();
// toastr.error(response.msg);
//}
} else {
forgotPasswordCommon.cancel();
toastr.error(response.msg);
}

}).fail(function (jqXHR, status, err) {

checkAjaxStatus(jqXHR.status, err);
});
};

//Changed By Reshma on 31-May-2019,added structDbCnt condition
var cnfNo = function () {

if ($("#hdnUsedFor").val() == "structDbCnt") {
$("#divLicenseInfo").removeClass("hidden");
$("#divForgotPass").addClass("in").css("display", "none");
$("#divlogin").css("display", "block");
}
else {

$("#divForgotPass").removeClass("in").css("display", "none");
$("#divlogin").css("display", "block");
}

}

var cancel = function () {
cnfNo();
hiddenClass(["divOTP", "hideMsg", "btnOTP", "btnResend", "btnCancel"]);
};

var hiddenClass = function (control) {
for (var i = 0; i < control.length; i++) {
$("#" + control[i] + "").addClass("hidden");
}
};

var displayClass = function (control) {
for (var i = 0; i < control.length; i++) {
$("#" + control[i] + "").removeClass("hidden");
}
}

return {
showConfirmation: showConfirmation,
cnfYes: cnfYes,
cnfNo: cnfNo,
cancel: cancel,
hiddenClass: hiddenClass,
displayClass: displayClass
}
})();

</script>



<style>
#PolicyModal {
height: 75vh;
overflow: auto;
}

#HeaderModal {
margin-top: 6px;
margin-bottom: -1px;
}

#scrollContainer h3 {
font-size: 14px;
}

</style>
<div class="modal fade" id="userAgreementModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalScrollableTitle" aria-hidden="true">
<div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
<h2 class="title m-0" id="HeaderModal">USER AGREEMENT</h2>
</div>
<div class="modal-body" id="PolicyModal">
<div class="content" id="scrollContainer">
<p>This User Agreement is a legal agreement between User and Spine Technologies (India) Private Limited By accessing or using our Spine HRMS and Spine Fixed Assets software, you agree to comply with and be bound by the terms and conditions set forth in this Agreement. If you do not agree to these terms, do not install, access, or use the Software.</p>

<h3>1. LICENSE GRANT</h3>
<p>Spine Technologies grants you a limited, non-exclusive, non-transferable, and revocable license to use the Software in accordance with the terms of this Agreement.</p>
<h3>2. RESTRICTIONS ON USE</h3>
<p>You agree not to:</p>
<ul>
<li>Modify, reverse engineer, decompile, or disassemble the Software.</li>
<li>Rent, lease, sell, distribute, or sublicense the Software.</li>
<li>Use the Software for any illegal, unauthorized, or unethical purpose.</li>
<li>Bypass or disable any security or license enforcement mechanisms in the Software.</li>
</ul>

<h3>3. OWNERSHIP AND INTELLECTUAL PROPERTY</h3>
<p> All rights, titles, and interests in and to the Software, including but not limited to copyrights, trademarks, and trade secrets, belong solely to Spine Technologies. This Agreement does not grant you any ownership rights in the Software.</p>
<h3>4. DATA COLLECTION AND PRIVACY</h3>
<p>Your use of the Software is also governed by our Privacy Policy, which outlines how we collect, use, and protect your data. By accepting this Agreement, you also acknowledge and agree to our Privacy Policy.</p>

<h3>5. DISCLAIMER OF WARRANTIES</h3>
<p>The Software is provided "as is" without any express or implied warranties, including but not limited to merchantability, fitness for a particular purpose, or non-infringement. We do not guarantee that the Software will be error-free or uninterrupted.</p>

<h3>6. LIMITATION OF LIABILITY</h3>
<p>To the fullest extent permitted by law, Spine Technologies shall not be liable for any indirect, incidental, special, or consequential damages arising from the use of or inability to use the Software.</p>

<h3>7. TERMINATION</h3>
<p>We reserve the right to terminate this Agreement and revoke your license to use the Software at any time if you violate any terms herein. Upon termination, you must cease all use of the Software and uninstall it from your device(s).</p>

<h3>8. UPDATES AND MODIFICATIONS</h3>
<p>Spine Technologies reserves the right to update, modify, or discontinue the Software at any time without prior notice. We may also modify this Agreement, and continued use of the Software after changes are posted constitutes acceptance of the revised terms.</p>

<h3>9. GOVERNING LAW</h3>
<p> This Agreement shall be governed by and construed in accordance with the laws of India. Any disputes arising from this Agreement shall be subject to the exclusive jurisdiction of the courts in Mumbai-India.</p>

<h3>10. ACCEPTANCE OF TERMS</h3>
<p>By clicking "I Agree" or installing and using the Software, you acknowledge that you have read, understood, and agreed to be bound by this Agreement. If you do not agree to these terms, do not use the Software.</p>

<h3>11. CONTACT INFORMATION</h3>
<p> If you have any questions about this Agreement, please contact us at:</p>

<p><strong>Spine Technologies (India) Private Limited</strong></p>
<p>info@spinetechnologies.com</p>
</div>
</div>
<div class="modal-footer">
<div class="button-container">
<button id="myButton" class="btn btn-success accept-btn" data-dismiss="modal"><h4 class="m-0">OK</h4></button>
</div>
</div>
</div>
</div>
</div>

<script src="/Scripts/Custom/Common/787d299.js"></script>
<script type="text/javascript">


var userAgreementManager = (function () {

var init = function () {
$('#userAgreementModal').modal('show');
}

var cancel = function () {
$('#userAgreementModal').modal('hide');
}

return {
init: init,
cancel: cancel
}
})();
</script>



<style>

#PolicyModal {
height: 75vh;
overflow: auto;
}

#HeaderModal {
margin-top: 6px;
margin-bottom: -1px;
}

#scrollContainer h3 {
font-size: 14px;
}

</style>
<div class="modal fade" id="disclaimerModal" tabindex="-1" role="dialog" aria-labelledby="disclaimerModal" aria-hidden="true">
<div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
<h2 class="title m-0" id="HeaderModal">Disclaimer</h2>
</div>
<div class="modal-body" id="PolicyModal">
<div class="content" id="scrollContainer">
<p>Spine Technologies (India) Private Limited. provides the Spine HRMS and SPINE ASSETS software to assist users with data management, processing, and reporting. While we strive to ensure accuracy, completeness, and reliability of the data processed by our Software, we do not guarantee that all information will always be accurate, up-to-date, or error-free.</p>
<h3>1. NO WARRANTY ON DATA ACCURACY</h3>
<p>The Software processes data based on user inputs, system configurations, and third-party integrations. The accuracy of outputs and reports depends on the accuracy of the data entered by the User. We do not take responsibility for any incorrect, incomplete, or outdated information resulting from:</p>
<ul>
<li>User data entry errors or omissions</li>
<li>Misconfigurations or incorrect software settings</li>
<li>External system or third-party data discrepancies</li>
<li>Software bugs, system limitations, or unforeseen technical issues</li>
</ul>
<h3>2. USER RESPONSIBILITY</h3>
<p>It is the User’s responsibility to:</p>
<ul>
<li>Verify and validate data before making business, financial, or operational decisions.</li>
<li>Regularly review and update data to ensure its accuracy.</li>
<li>Implement independent audits or reconciliation processes as necessary.</li>
<li>Report any identified discrepancies or system issues to Spine Technologies for resolution.</li>
</ul>
<h3>3. NO LIABILITY FOR LOSSES OR DAMAGES</h3>
<p> To the fullest extent permitted by law, Spine Technologies shall not be liable for any loss, damage, or consequences arising from the use of inaccurate or incomplete data within the Software, including but not limited to:</p>
<ul>
<li>Financial losses</li>
<li>Compliance violations</li>
<li>Business disruptions</li>
<li>Legal implications or penalties</li>
</ul>
<p> Users acknowledge that they use the Software at their own risk and should implement appropriate safeguards and review processes.</p>
<h3>4. SOFTWARE UPDATES AND CHANGES</h3>
<p>We may periodically update or enhance the Software to improve performance, fix errors, or introduce new features. However, we do not guarantee that such updates will correct all inaccuracies or prevent data-related issues in the future.</p>

<h3>5. ACCEPTANCE OF TERMS</h3>
<p>By using the Software, you acknowledge and accept this Data Accuracy Disclaimer. If you do not agree with these terms, you should discontinue use of the Software.</p>

<h3>6. CONTACT INFORMATION</h3>
<p> For questions or concerns regarding this disclaimer, please contact:</p>

<p><strong>Spine Technologies (India) Private Limited</strong></p>
<p>info@spinetechnologies.com</p>
</div>
</div>
<div class="modal-footer">
<div class="button-container">
<button id="myButton" class="btn btn-success accept-btn" data-dismiss="modal"><h4 class="m-0">OK</h4></button>
</div>
</div>
</div>
</div>
</div>

<script src="/Scripts/Custom/Common/787d299.js"></script>
<script type="text/javascript">


var disclaimerManager = (function () {

var init = function () {
$('#disclaimerModal').modal('show');
}

var cancel = function () {
$('#disclaimerModal').modal('hide');
}

return {
init: init,
cancel: cancel
}
})();
</script>



<style>
#PolicyModal {
height: 75vh;
overflow: auto;
}

#HeaderModal {
margin-top: 6px;
margin-bottom: -1px;
}

#scrollContainer h3 {
font-size: 14px;
}


</style>
<div class="modal fade" id="privacyPolicyModal" tabindex="-1" role="dialog" aria-labelledby="exampleModalScrollableTitle" aria-hidden="true">
<div class="modal-dialog modal-dialog-scrollable modal-lg" role="document">
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
<h2 class="title m-0" id="HeaderModal">Privacy Policy</h2>
</div>
<div class="modal-body" id="PolicyModal">
<div class="content" id="scrollContainer">
<p>Spine Technologies (India) Private Limited is committed to protecting the privacy of users of our Spine HRMS and Spine Fixed Assets software. This Privacy Policy outlines how we collect, use, maintain, and disclose information from users of our Site.</p>
<h3>1. Personal Identification Information</h3>
<p>We may collect personal identification information from Users in various ways, including when they:</p>
<ul>
<li>Visit our Site</li>
<li>Register on the Site</li>
<li>Fill out a form</li>
<li>Respond to a survey</li>
<li>Engage in other activities, services, features, or resources we provide</li>
</ul>
<p>Users may be asked for details such as name, email address, mailing address, and phone number. Users can visit our Site anonymously. We will collect personal identification information only if voluntarily submitted. Users may refuse to provide such information, though this may prevent them from engaging in certain Site-related activities.</p>
<h3>2. Non-Personal Identification Information</h3>
<p>We may collect non-personal identification information whenever Users interact with our Site. This may include:</p>
<ul>
<li>Browser type</li>
<li>Type of computer or device used</li>
<li>Technical details about Users' connection to our Site, such as the operating system and Internet service provider</li>
</ul>

<h3>3. Web Browser Cookies</h3>
<p>Our Site may use "cookies" to enhance User experience. Cookies are stored on Users’ devices for record-keeping and tracking purposes. Users can choose to set their web browsers to refuse cookies or notify them when cookies are being sent. However, disabling cookies may affect the functionality of the Site.</p>
<h3>4. How We Use Collected Information</h3>
<p>Spine Technologies may use Users' personal information for the following purposes:</p>
<ul>
<li><strong>To operate our Site –</strong> Ensuring content is displayed correctly.</li>
<li><strong>To improve customer service –</strong> Enhancing our ability to respond to inquiries.</li>
<li><strong>To personalize user experience – </strong> Understanding how Users interact with our services.</li>
<li><strong>To improve our Site – </strong> Implementing feedback to enhance products and services.</li>
<li><strong>To manage promotions, surveys, or other features – </strong> Sending relevant information Users have agreed to receive.</li>
<li><strong>To send periodic emails – </strong> Responding to inquiries, questions, and other requests.</li>
</ul>

<h3>5. How We Protect Your Information</h3>
<p>We adopt appropriate security measures to protect against unauthorized access, alteration, disclosure, or destruction of personal information, usernames, passwords, transaction data, and other information stored on our Site.</p>

<h3>6. Sharing Your Personal Information</h3>
<p>We do not sell, trade, or rent Users' personal identification information. However, we may:</p>
<ul>
<li>Share aggregated demographic information not linked to personal identification information.</li>
<li>Use third-party service providers for business operations (e.g., email newsletters, surveys), sharing information with these providers only for limited purposes with User consent.</li>
</ul>
<h3>7. Electronic Newsletters</h3>
<p>If Users opt-in to our mailing list, they may receive emails containing company news, updates, and related product or service information. Users can unsubscribe at any time by following the instructions provided in emails:</p>

<h3>8. Third-Party Websites</h3>
<p>Our Site may contain links to third-party websites. We do not control these sites and are not responsible for their content or practices. These websites have their own privacy policies, and Users interact with them at their own risk.</p>

<h3>9. Changes to This Privacy Policy</h3>
<p>Spine Technologies (India) Private Limited reserves the right to update this Privacy Policy at any time. When changes occur, we will post a notification on our Site. Users should check this page periodically to stay informed. Continued use of the Site after changes are posted constitutes acceptance of the updated policy.</p>

<h3>10. Your Acceptance of These Terms</h3>
<p>By using this Site, you agree to this Privacy Policy. If you do not agree, please do not use our Site. Continued use of the Site following policy updates signifies acceptance of the changes.</p>

<h3>11. Contacting Us</h3>
<p> For any questions regarding this Privacy Policy, our practices, or your interactions with our Site, please contact us at:</p>

<p><strong>Spine Technologies (India) Private Limited</strong></p>
<p>info@spinetechnologies.com</p>
</div>
</div>
<div class="modal-footer">
<div class="button-container">
<button id="myButton" class="btn btn-success accept-btn" data-dismiss="modal"><h4 class="m-0">OK</h4></button>
</div>
</div>
</div>
</div>
</div>

<script src="/Scripts/Custom/Common/787d299.js"></script>
<script type="text/javascript">


var privacyPolicyManager = (function () {

var init = function () {
$('#privacyPolicyModal').modal('show');
}

var cancel = function () {
$('#privacyPolicyModal').modal('hide');
}

return {
init: init,
cancel: cancel
}
})();
</script>

<div>
</div>



<div class="footer">
<div class="col-md-8 text-left">
Developed by <b>Spine Technologies India Pvt. Ltd.</b> (2001-2026)
&nbsp;&nbsp;
<span>
<a href="#" onclick="userAgreementManager.init()">
User Agreement
</a>

|

<a href="#" onclick="privacyPolicyManager.init()">
Privacy Policy
</a>

|

<a href="#" onclick="disclaimerManager.init();">
Disclaimer
</a>
</span>
</div>

<div class="col-md-4 text-right">
</div>
</div>




<script src="/Scripts/jquery.cookie.min.js"></script>
<script src="/Scripts/Custom/Common/787d299.js"></script>
<script type="text/javascript">
$(document).ready(function () {

$('#txtOTP').on('keydown', function (e) {
if (e.which === 13 || e.key === 'Enter') {
e.preventDefault();
return false;
}
});

document.addEventListener("keydown", function (event) {
if (event.which == 20 && $("#txtLoginUserPass").is(":focus")) {
loginManager.capLock(event);
}
});

if ($.cookie('cookieAcceptance') != 'confirmed') {
$('#divlogin').addClass('hidden');
$('#divDisclaimer').modal('show');
} else {
$('#divlogin').removeClass('hidden');
}

$('#btnAccept').on('click', function () {
$('#divDisclaimer').modal('hide');
$('#divlogin').removeClass('hidden');
$.cookie("cookieAcceptance", 'confirmed', { expires: 365 * 10, path: '/' });
});

//$('body').cookieDisclaimer({

// // bar,modal
// layout: "bar",

// // top,middle,bottom
// position: "top",

// // dark,light
// style: "light",

// // this is the modal title (not used on layout "bar")
// title: "Cookie Disclaimer",

// // "bar" and "modal" text
// text: "We use technical and analytics cookies to ensure that we give you the best experience on our application.",

// //fixed,absolute,relative
// cssPosition: "fixed",
// onAccepted: "",

// // accept button options
// acceptBtn: {
// text: "I Accept", // accept btn text
// cssClass: "cdbtn cookie", // accept btn class
// cssId: "cookieAcceptBtn", // univocal accept btn ID
// onAfter: "" // callback after accept button click
// },

// // policy button options
// policyBtn: {
// active: false, // this option is for activate "cookie policy page button link"
// text: "Read More", // policypage btn text
// link: "#", // cookie policy page URL
// linkTarget: "_blank", // policypage btn link target
// cssClass: "cdbtn privacy", // policypage btn class
// cssId: "policyPageBtn", // univocal policypage btn ID
// onClick: "" //function on click
// },

// // jQuery cookie plugin options
// cookie: {
// name: "cookieDisclaimer",
// val: "confirmed",
// path: "/",
// expire: 365
// }

//});

//$('#cookieAcceptBtn').removeClass('cdbtn cookie cdbar-cookie-accept').html('<i class="fa fa-times"></i>');

if ("false" == "false") {
var companyCookieValue = $.cookie('company');

if (companyCookieValue == undefined) {
$('#ddlUserMapCode').val($('#ddlUserMapCode option:first').val());
}
else {
$('#ddlUserMapCode').val(companyCookieValue);
}
}


loginManager.init();

//Changed By Reshma on 31-May-2019, added structDbCnt condition
$("#btnOTP").click(function () {
if ($("#hdnUsedFor").val() == "structDbCnt") { loginManager.ValidateStructDbCntOTP(); }
else { loginManager.validateOTP(); }

});

$("#btnUserAuthOTP").click(function () {
loginManager.ValidateUserAuthOTP();
});

//Added By Reshma on 05-Jun-2019
$(document).ajaxStart(function () {
if (spGeneral.showAjaxLoader) { showLoading(); }
});

$(document).ajaxStop(function () {
if (spGeneral.showAjaxLoader) { hideLoading(); }
spGeneral.showAjaxLoader = true; // Reset Settings
});
});


var loginManager = (function () {

var init = function () {

$('#ddlUserMapCode').removeAttr('name');

//-------------- Error log display ---------------

var fileName = getLOURLParameter('ef');

if (fileName) {
if (fileName != '') {

fileUploadManager.initDwnldUrl('/Home/Login/DownloadFile');

var filePath = '~/ErrorInfo/';

toastr.error("The server encountered something unexpected that didn't allow it to complete the request. Click on View error log.");

$('#spnError').html(fileUploadManager.gnrteFileDwnldrElemnt("View error log", fileName, fileName, filePath));
$('#spnError span').effect('highlight', { color: '#f7c2c2' }, 2000);
}
}


//spGeneral.maximizeSideBar();

if ('False' == 'True') {
toastr.info("Your password has been expired. Please change the password.", "Password Expired");
changePasswordManager.init('ChngPass');
}

if ('False' == 'True') {

$('#login').addClass('hidden');
changePasswordManager.init('ChngPassOnExpire');

}

//Added By Dhananjay on 26-Apr-2019

if ('False' == 'True') {


$("#divlogin").css("display", "none");
$("#divForgotPass").addClass("in").css("display", "block");

forgotPasswordCommon.showConfirmation({
headerText: "Please verify your OTP",
usedFor: "isUserAuthOTP",
});

forgotPasswordCommon.cnfYes();

$("#btnUserAuthOTP").removeClass("hidden");
$("#btnOTP").addClass("hidden");
$("#hdnUsedFor").val("isUserAuthOTP");

}



//------------NEW PASSWORD METER--------//
var options1 = {};
options1.ui = {
container: "#pwd-container1",
showVerdictsInsideProgressBar: true,
viewports: {
progress: "#bar1"
}
};
options1.common = {
debug: false,
};
$('.pwdMeterStrength1').pwstrength(options1);

$('.pwdMeterStrength1').on('keypress', function () {
$('#bar1').removeClass('hidden');
});




//------------CONFIRM PASSWORD METER--------//
var options2 = {};
options2.ui = {
container: "#pwd-container1",
showVerdictsInsideProgressBar: true,
viewports: {
progress: "#bar2"
}
};
options2.common = {
debug: false,
};


$('.pwdMeterStrength2').pwstrength(options2);

$('.pwdMeterStrength2').on('keypress', function () {
$('#bar2').removeClass('hidden');
});


}


var getLOURLParameter = function (name) {
name = name.replace(/[\[]/, '\\[').replace(/[\]]/, '\\]');
var regex = new RegExp('[\\?&]' + name + '=([^&#]*)');
var results = regex.exec(location.search);
return results === null ? '' : decodeURIComponent(results[1].replace(/\+/g, ' '));
};


var txtEnc = function (v, k) {

return CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(v), k, {
keySize: 128 / 8,
iv: k,
mode: CryptoJS.mode.CBC,
padding: CryptoJS.pad.Pkcs7
});
}

var resetdata = function () {
window.location = '/Home/Login';
}


var onSumbit = function () {

var sd = CryptoJS.enc.Utf8.parse($('#SD').val());

$('#UserMapCode').val(txtEnc($('#ddlUserMapCode').val(), sd));

$('#LoginUserName').val(txtEnc($('#txtLoginUserName').val(), sd));

$('#txtLoginUserPass').val(txtEnc($('#txtLoginUserPass').val(), sd));

var comp_code = $("#ddlUserMapCode").val();
$.cookie("company", comp_code);

}


var backToLogin = function () {

$('#divLicenseInfo').removeClass('bounceIn');
$('#divLicenseInfo').addClass('bounceOut');

setTimeout(function () {
$('#divLicenseInfo').addClass('hidden');
$('#divlogin').removeClass('hidden');

//Added By Reshma on 04-Jun-2019
$('#divlogin').css('display','block');
}, 500);

}

var showlicInfo = function () {

$('#divlogin').addClass('hidden');
$('#divLicenseInfo').removeClass('bounceOut');
$('#divLicenseInfo').addClass('bounceIn');
$('#divLicenseInfo').removeClass('hidden');

//Added By Reshma on 30-May-2019
$('#divStructDbCnt').addClass('hidden');
}

var capLock = function (event) {
if (event.getModifierState("CapsLock")) {
$('#divCapsLock').removeClass('hidden');
} else {
$('#divCapsLock').addClass('hidden');
}
}

//changed by parmar on 06-Aug-2025 for pms task 7205 Required Validate Before Forgot Password
var forgotPassword = function () {

var isValid = true;

if (!$('#ddlUserMapCode').val()) {
toastr.error(" " + $('label[for="ddlUserMapCode"]').text() + " can not be blank.", "Missing Required fields");
isValid = false;
}
//Added By Dhananjay on 02-Mar-2022 for PMS_2 Task 2278, validation added.
else if ($('#txtLoginUserName').val().trim() == "") {
toastr.error(" " + $('label[for="txtLoginUserName"]').text() + " can not be blank.", "Missing Required fields");
isValid = false;
}
else if ($('#txtLoginUserName').val().toLowerCase() != 'super') {
//Changed by parmar on 16-Jul-2025 for pms task 7060 sch Task #10075 Pending PayrollNX Vulnerabilities of client.
//toastr.error(" " + $('label[for="txtLoginUserName"]').text() + " should be 'super'.", "Missing Required fields");
toastr.error(" This option is not available for mentioned " + $('label[for="txtLoginUserName"]').text() + ".", "Missing Required fields");
isValid = false;
}

if (isValid) {

$("#divForgotPass").addClass("in").css("display", "block");
$("#divlogin").css("display", "none");

forgotPasswordCommon.showConfirmation({
headerText: "Are You Sure?",
bodyText: "Do you want to reset your password?",
showCnfYes: true,
showCnfNo: true,
usedFor: "forgotPassOTP",
afterYesHeader: "Please verify your OTP to Reset Password"
});
}

};

var validateOTP = function () {
if ($("#txtOTP").val() != "") {
$.ajax({
type: "post",
dataType: "json",
data: { otp: $("#txtOTP").val(), userMapCode: $("#ddlUserMapCode").val(), usedFor: $("#hdnUsedFor").val() },
url: "/Home/Login/ValidateOTP"
}).done(function (response) {
if (response.isSuccess) {
if (response.validOTP) {
if (response.reset) {
//toastr.success(response.msg);
$("#divResetPass").modal("show");
$("#txtOTP").val("");
$("#divForgotPass").removeClass("in").css("display", "none");
//$("#divlogin").css("display", "block");
} else {
toastr.error(response.msg);
}
} else {
toastr.error("Invalid OTP");
}
} else {

if (response.exceed) {
forgotPasswordCommon.cancel();
}

toastr.error(response.msg);

}
}).fail(function (jqXHR, status, err) {
checkAjaxStatus(jqXHR.status, err);
});
} else {
toastr.error("Please enter OTP.");
}
};

//changed by parmar on 30-mar-2023 for sch task 5391 Not Upgraded for OTP Authorization user
//Added By Dhananjay on 26-Apr-2019

var ValidateUserAuthOTP = function () {
if ($("#txtOTP").val() != "") {
$.ajax({
url: "/Home/Login/ValidateUserAuthOTP",
type: "post",
dataType: "json",
data: { otp: $("#txtOTP").val(), usedFor: "isUserAuthOTP" }
}).done(function (response) {
if (response.isSuccess) {
if (response.validOTP) {
$("#txtOTP").val("");
$("#divForgotPass").removeClass("in").css("display", "none");
window.location = '/Home/Login/UpgradeOTPAuthUser';
} else {
toastr.error("Invalid OTP");
}
} else {
toastr.error(response.msg);
}
}).fail(function (jqXHR, status, err) {
checkAjaxStatus(jqXHR.status, err);
});
} else {
toastr.error("Please enter OTP.");
}
};


//Added By Reshma on 29-May-2019
var createHTMLTable = function (data, tabCtrls) {
var $tabCtrl = $(tabCtrls);

if ($tabCtrl) {

if (data) {

//------------ Table -----------------------
var $table = $('<table id="tblStructDbCnt" class="table table-striped table-bordered table-hover compact nowrap dataTable">');

//------------ Table Head -----------------------
var $thead = $table.append('<thead>').children('thead');

//------------ Header Row -----------------------
$thead.append('<tr/>').children('tr:last')
.append('<th>Table</th>')
.append('<th>Count</th>')
.append('<th>Detail</th>');

//------------ Table Body -----------------------
var $tbody = $table.append('<tbody/>').children('tbody');

//------------ Data Row -----------------------
$.each(data, function (i, v) {

$tbody.append('<tr/>').children('tr:last')
.append('<td>' + v.FieldName + '</td>')
.append('<td>' + v.FieldId + '</td>')
.append('<td><a onclick=\'loginManager.GetStructDbCntDetails("' + v.FieldName + '")\'>View</a></td>');
});

$table.appendTo($tabCtrl);

} else {
$tabCtrl.html('<div class="alert alert-info"> No details available.</div>')
}
}
else {
$tabCtrl.html('<div class="alert alert-info"> No details available.</div>')
}
};

var createHTMLTableDetail = function (data, tabCtrls,keyName) {
var $tabCtrl = $(tabCtrls);
var $th = "";
var $td = "";

if ($tabCtrl) {

if (data) {

//------------ Table -----------------------
var $table = $('<table id="tblStrctDbDetail" class="table table-striped table-bordered table-hover compact nowrap dataTable">');

//------------ Table Head -----------------------
var $thead = $table.append('<thead>').children('thead');

//------------ Header Row -----------------------

if (keyName == "Table Count") { $th = ("<th>Table Name</th>"); }
else if (keyName == "Fields Count" || keyName == "UA_Field Count" || keyName == "RRStruct Count") { $th = "<th>table Name</th><th>Field Name</th>"; }

else if (keyName == "Primary Key Count" || keyName == "Foreign Key Count" || keyName == "Unique Key Count") {
$th = "<th>Table Name</th><th>Field Name</th><th>Key</th>";
}
else if (keyName == "Const Mast Count" ){
$th = "<th>Table Name</th><th>Field Name</th><th>Text</th><th>Value</th>";
}
else if (keyName == "Default Setup Count") {
$th = "<th>Display Value</th><th>Setup Value</th>";
}
else if (keyName == "Macro Count") {
$th = "<th>Module Name</th><th>Macro Name</th>";
}
else if (keyName == "Investment Mast Count") {
$th = "<th>Tax Code</th><th>Investment Details</th>";
}

$thead.append('<tr/>').children('tr:last')
.append($th);

//------------ Table Body -----------------------
var $tbody = $table.append('<tbody/>').children('tbody');

//------------ Data Row -----------------------
$.each(data, function (i, v) {

if (keyName == "Table Count") { $td = ("<td>" + v.TabName + "</td>"); }
else if (keyName == "Fields Count" || keyName == "UA_Field Count" || keyName == "RRStruct Count"
|| keyName == "Macro Count" || keyName == "Investment Mast Count" || keyName == "Default Setup Count") {
$td = "<td>" + v.TabName + "</td><td>" + v.FieldName + "</td>";
}

else if (keyName == "Primary Key Count" || keyName == "Foreign Key Count" || keyName == "Unique Key Count") {
$td = "<td>" + v.TabName + "</td><td>" + v.FieldName + "</td><td>"+v.FieldCaption+"</td>";
}
else if (keyName == "Const Mast Count") {
$td = "<td>" + v.TabName + "</td><td>" + v.FieldName + "</td><td>" + v.FieldCaption +"</td><td>"+v.Options+"</td>";
}
//else if (keyName == "Default Setup Count") {
// $td = "<td>" + v.TabName + "</td><td>" + v.FieldName + "</td>";
//}
//else if (keyName == "Macro Count") {
// $td = "<td>" + v.TabName + "</td><td>" + v.FieldName + "</td>";
//}
//else if (keyName == "Investment Mast Count") {
// $td = "<td>" + v.TabName + "</td><td>" + v.FieldName + "</td>";
//}

$tbody.append('<tr/>').children('tr:last')
.append($td);
});

$table.appendTo($tabCtrl);

} else {
$tabCtrl.html('<div class="alert alert-info"> No details available.</div>')
}
}
else {
$tabCtrl.html('<div class="alert alert-info"> No details available.</div>')
}
};


var showStructCnt = function () {

var paramData = {};
paramData.dbName = $("#CompId").val();
$("#divTblStructDbCount").html("");

$.post('/Home/Login/GetDataBaseStructureCount', paramData).done(function (response) {

if (response.isSuccess) {

createHTMLTable(response.lstPageField, "#divTblStructDbCount");

if ($('#tblStructDbCnt').length > 0) {

$("#tblStructDbCnt").DataTable({
destroy: true,
"order": false,
scrollY: '40vh',
// scrollCollapse: true,

});

spGeneral.adjustDataTableColInModal('#tblStructDbCnt');
}

$("#divLicenseInfo").addClass("hidden");
$("#divStructDbCnt").removeClass("hidden");

}
else {
$("#divTblStructDbCount").html('<div class="alert alert-info"> No details available.</div>');
}


}).fail(function (jqXHR, status, err) {
checkAjaxStatus(jqXHR.status, err);
});

};

var GetStructDbCntDetails = function (keyName) {


var paramData = {};
paramData.keyName = keyName;
paramData.dbName = $("#CompId").val();
$("#divtblStrctDbDetail").html("");

$.post('/Home/Login/GetDataBaseStructureCountDetail', paramData).done(function (response) {

if (response.isSuccess) {
createHTMLTableDetail(response.lstPageField, "#divtblStrctDbDetail", keyName);

if ($("#tblStrctDbDetail").length > 0) {
$("#tblStrctDbDetail").DataTable({
pageLength: 25,
responsive: true,
destroy: true,
scrollY: '40vh',
"aLengthMenu": [25, 100, 250, 500, 1000, 5000, 99999]
});

spGeneral.adjustDataTableColInModal('#tblStrctDbDetail');
}

$("#divHeading").text(keyName + " Detail Info");
$("#divStructDbDetail").removeClass("hidden");
$("#divStructDbCnt").addClass("hidden");

}
else {
$("#divtblStrctDbDetail").html('<div class="alert alert-info"> No details available.</div>');
}


}).fail(function (jqXHR, status, err) {
checkAjaxStatus(jqXHR.status, err);
});
}

var clsStructDBDetail = function () {
$("#divStructDbDetail").addClass("hidden");
$("#divStructDbCnt").removeClass("hidden");
};

var sendStructCntOtp = function () {
var data = {};
$("#divForgotPass").addClass("in").css("display", "block");
$("#hdnUsedFor").val("structDbCnt");
$("#divLicenseInfo").addClass("hidden");


forgotPasswordCommon.showConfirmation({
headerText: "Please verify your OTP",
usedFor: "structDbCnt",
});

forgotPasswordCommon.cnfYes();

}

var ValidateStructDbCntOTP = function () {
if ($("#txtOTP").val() != "") {
$.ajax({
url: "/Home/Login/ValidateStructDBCntOTP",
type: "post",
dataType: "json",
data: { otp: $("#txtOTP").val(), usedFor: "structDbCnt" }
}).done(function (response) {
if (response.isSuccess) {
if (response.validOTP) {
$("#txtOTP").val("");
loginManager.showStructCnt();
$("#divForgotPass").removeClass("in").css("display", "none");
} else {
toastr.error("Invalid OTP");
}
} else {
toastr.error(response.msg);
}
}).fail(function (jqXHR, status, err) {
checkAjaxStatus(jqXHR.status, err);
});
} else {
toastr.error("Please enter OTP.");
}
};


var resetPass = function () {
$("#divResetPass").modal("hide");
$("#divlogin").css("display", "block");
};

return {
init: init,
onSumbit: onSumbit,
resetdata: resetdata,
backToLogin: backToLogin,
showlicInfo: showlicInfo,
capLock: capLock,
forgotPassword: forgotPassword,
validateOTP: validateOTP,
ValidateUserAuthOTP: ValidateUserAuthOTP,
resetPass: resetPass,
//Added By Reshma on 29-May-2019
showStructCnt : showStructCnt,
GetStructDbCntDetails: GetStructDbCntDetails,
clsStructDBDetail: clsStructDBDetail,
sendStructCntOtp: sendStructCntOtp,
ValidateStructDbCntOTP: ValidateStructDbCntOTP

}

})();

//Added By Reshma on 05-Jun-2019
$(window).on('load', function () {

window.history.forward(0);

if ($.active == 0) {
setTimeout(function () { $('#dvProgress').fadeOut('slow'); }, 2000);
}
});

function showLoading() {
$('#dvProgress').fadeIn();
}

function hideLoading() {
$(document).ready(function () {
$('#dvProgress').fadeOut('slow');
});
}

</script>

</body>
</html>

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/443/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: Yes
HTTP/2 Cleartext Support: No
SSL : yes
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 18:36:27 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/5985/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 18:36:29 GMT
Connection: close
Content-Length: 315

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/18018/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : yes
Options allowed : (Not implemented)
Headers :

Content-Length: 15
Server: Crow/0.3
Date: Fri, 09 Jan 2026 18:36:29 GMT
Connection: Keep-Alive

Response Body :

24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...

This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output

tcp/47001/www


Response Code : HTTP/1.1 404 Not Found

Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :

Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Fri, 09 Jan 2026 18:36:29 GMT
Connection: close
Content-Length: 315

Response Body :

171410 - IP Assignment Method Detection
-
Synopsis
Enumerates the IP address assignment method(static/dynamic).
Description
Enumerates the IP address assignment method(static/dynamic).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/14, Modified: 2025/12/15
Plugin Output

tcp/0

+ LAN
+ IPv4
- Address : 172.17.100.20
Assign Method : static
+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static

179947 - Intel CPUID detection
-
Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/08/18, Modified: 2025/12/15
Plugin Output

tcp/135/epmap

Nessus was able to extract the following cpuid: C06F2

92421 - Internet Explorer Typed URLs
-
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/05/08
Plugin Output

tcp/0

http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://localhost:81/
http://172.17.100.20/SpineHR/admin..;/'
http://localhost/
http://localhost/SpineHR/MobileHR/Payrollnx
localhost:81//PAYROLLNX
https://localhost/SpineHR/login.aspx?ReturnUrl=%2fSpineHR
http://www.google.com/
http://172.17.100.20:81/
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://localhost/
https://localhost/Mobilehr/login.aspx?ReturnUrl=%2fMobilehr
http://lkp.net.in/
http://172.17.100.193/
http://spinetechnologies.com/
http://localhost:81//PAYROLLNX
http://hrms.lkp.net.in/SpineHR
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141

Internet Explorer typed URL report attached.

106658 - JQuery Detection
-
Synopsis
The web server on the remote host uses JQuery.
Description
Nessus was able to detect JQuery on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/07, Modified: 2024/02/08
Plugin Output

tcp/81/www


URL : http://172.17.100.20:81/Scripts/jquery-3.2.1.min.js
Version : 3.2.1

53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
-
Synopsis
The remote device supports LLMNR.
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2011/04/21, Modified: 2023/10/17
Plugin Output

udp/5355/llmnr


According to LLMNR, the name of the remote host is 'SPINE-HRMS'.

160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection
-
Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2022/04/28, Modified: 2022/12/29
Plugin Output

tcp/445/cifs


LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.

108761 - MSSQL Host Information in NTLM SSP
-
Synopsis
Nessus can obtain information about the host by examining the NTLM SSP message.
Description
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over MSSQL.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/03/30, Modified: 2025/12/15
Plugin Output

tcp/1433/mssql

Nessus was able to obtain the following information about the host, by
parsing the MSSQL server's NTLM SSP message:

Target Name: SPINE-HRMS
NetBIOS Domain Name: SPINE-HRMS
NetBIOS Computer Name: SPINE-HRMS
DNS Domain Name: SPINE-HRMS
DNS Computer Name: SPINE-HRMS
DNS Tree Name: unknown
Product Version: 10.0.17763

92424 - MUICache Program Execution History
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\control.exe.friendlyappname : Windows Control Panel
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\control.exe.applicationcompany : Microsoft Corporation
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@firewallapi.dll,-50304 : Enables Simple Network Management Protocol (SNMP) requests to be processed by this computer. If this service is stopped, the computer will be unable to process SNMP requests. If this service is disabled, any services that explicitly depend on it will fail to start.
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@c:\windows\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8198 : Receives activation requests over the net.tcp protocol and passes them to the Windows Process Activation Service.
@%windir%\system32\inetsrv\iisres.dll,-20002 : The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%windir%\system32\inetsrv\ftpres.dll,-30002 : Enables this server to be a File Transfer Protocol (FTP) server. If this service is stopped, the server cannot function as an FTP server. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8196 : Receives activation requests over the net.pipe protocol and passes them to the Windows Process Activation Service.
@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work.
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\presentationhost.exe,-3310 : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@winlangdb.dll,-1121 : English (United States)
@%windir%\system32\inetsrv\iisres.dll,-30008 : Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\servicemodelinstallrc.dll,-8194 : Receives activation requests over the net.msmq and msmq.formatname protocols and passes them to the Windows Process Activation Service.
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\inetsrv\smtpsetup.exe,-2 : Transports electronic mail across the network.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-2 : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\simptcp.dll,-201 : Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
c:\program files\winrar\winrar.exe.applicationcompany : Alexander Roshal
c:\program files\internet explorer\iexplore.exe.applicationcompany : Microsoft Corporation
c:\users\administrator\downloads\kvrt.exe.applicationcompany : AO Kaspersky Lab
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\program files (x86)\windows media player\wmplayer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\msiexec.exe.friendlyappname : Windows® installer
c:\windows\system32\control.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\control.exe.friendlyappname : Windows Control Panel
c:\users\administrator\downloads\kvrt (1).exe.applicationcompany : AO Kaspersky Lab
c:\windows\system32\mspaint.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\users\administrator\desktop\lkp_securities_8304.exe.friendlyappname : Win_Client_Patch
c:\program files\windows nt\accessories\wordpad.exe.applicationcompany : Microsoft Corporation
langid : .
c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe.applicationcompany : Microsoft Corporation
c:\windows\regedit.exe.friendlyappname : Registry Editor
c:\program files\winrar\winrar.exe.friendlyappname : WinRAR archiver
c:\users\administrator\downloads\kvrt (1).exe.friendlyappname : Kaspersky Virus Removal Tool
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\windows.storage.dll.friendlyappname : Microsoft WinRT Storage API
f:\lkpsoft\spineupdate\installpay992\installpay992.exe.friendlyappname : InstallPay992.exe
c:\windows\system32\compmgmtlauncher.exe.applicationcompany : Microsoft Corporation
c:\program files\common files\system\ole db\oledb32.dll.applicationcompany : Microsoft Corporation
c:\program files\google\chrome\application\chrome.exe.friendlyappname : Google Chrome
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\openwith.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.friendlyappname : Notepad
f:\lkpsoft\update-12042023\spineservices\clearlogdailyattenapi.bat.friendlyappname : ClearLogDailyAttenAPI.bat
c:\program files (x86)\microsoft visual studio 10.0\common7\ide\devenv.exe.friendlyappname : Microsoft Visual Studio 2010
c:\program files (x86)\common files\microsoft shared\msenv\vslauncher.exe.friendlyappname : Microsoft Visual Studio Version Selector
c:\windows\regedit.exe.applicationcompany : Microsoft Corporation
c:\program files\windows nt\accessories\wordpad.exe.friendlyappname : WordPad
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\users\administrator\downloads\kvrt.exe.friendlyappname : Kaspersky Virus Removal Tool
d:\lkpsoft\chromestandalonesetup64.exe.applicationcompany : Google Inc.
d:\lkpsoft\chromestandalonesetup64.exe.friendlyappname : Google Update Setup
c:\windows\system32\appresolver.dll.friendlyappname : App Resolver
c:\program files (x86)\windows media player\wmplayer.exe.friendlyappname : Windows Media Player
c:\program files (x86)\microsoft sql server\120\tools\binn\managementstudio\ssms.exe.applicationcompany : Microsoft Corporation
c:\program files\common files\system\ole db\oledb32.dll.friendlyappname : OLE DB Core Services
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\windows.storage.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\openwith.exe.friendlyappname : Pick an app
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.friendlyappname : Internet Explorer
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
d:\lkpsoft\spine new update\installpay995\installpay995.exe.friendlyappname : InstallPay995.exe
c:\program files (x86)\microsoft sql server\120\tools\binn\managementstudio\ssms.exe.friendlyappname : SQL Server Management Studio
c:\windows\system32\compmgmtlauncher.exe.friendlyappname : Computer Management Snapin Launcher
c:\windows\system32\mspaint.exe.friendlyappname : Paint
c:\windows\system32\msiexec.exe.applicationcompany : Microsoft Corporation
c:\program files (x86)\common files\microsoft shared\msenv\vslauncher.exe.applicationcompany : Microsoft Corporation
c:\program files\google\chrome\application\chrome.exe.applicationcompany : Google LLC
c:\windows\system32\cryptext.dll.friendlyappname : Crypto Shell Extensions
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\cryptext.dll.applicationcompany : Microsoft Corporation
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@firewallapi.dll,-50304 : Enables Simple Network Management Protocol (SNMP) requests to be processed by this computer. If this service is stopped, the computer will be unable to process SNMP requests. If this service is disabled, any services that explicitly depend on it will fail to start.
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@c:\windows\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8198 : Receives activation requests over the net.tcp protocol and passes them to the Windows Process Activation Service.
@%windir%\system32\inetsrv\iisres.dll,-20002 : The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%windir%\system32\inetsrv\ftpres.dll,-30002 : Enables this server to be a File Transfer Protocol (FTP) server. If this service is stopped, the server cannot function as an FTP server. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8196 : Receives activation requests over the net.pipe protocol and passes them to the Windows Process Activation Service.
@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work.
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\presentationhost.exe,-3310 : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@winlangdb.dll,-1121 : English (United States)
@%windir%\system32\inetsrv\iisres.dll,-30008 : Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\microsoft.net\framework64\v3.0\windows communication foundation\servicemodelinstallrc.dll,-8194 : Receives activation requests over the net.msmq and msmq.formatname protocols and passes them to the Windows Process Activation Service.
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\inetsrv\smtpsetup.exe,-2 : Transports electronic mail across the network.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-2 : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\simptcp.dll,-201 : Supports the following TCP/IP services: Character Generator, Daytime, Discard, Echo, and Quote of the Day.
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.

MUICache report attached.

51351 - Microsoft .NET Framework Detection
-
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0655
Plugin Information
Published: 2010/12/20, Modified: 2025/10/15
Plugin Output

tcp/445/cifs


Nessus detected 5 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727
Version : 2.0.50727
Full Version : 2.0.50727.4927
SP : 2

Path : C:\Windows\Microsoft.NET\Framework64\v3.0
Version : 3.0
Full Version : 3.0.30729.4926
SP : 2

Path : C:\Windows\Microsoft.NET\Framework64\v3.5\
Version : 3.5
Full Version : 3.5.30729.4926
SP : 1

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Full
Release : 461814

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Client
Release : 461814
99364 - Microsoft .NET Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/04/14, Modified: 2025/10/23
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll
Version : 4.7.4010.0
.NET Version : 4.7.2
Associated KB : 5020866
Latest effective update level : 12_2022

Path : C:\Windows\winsxs\*system.printing_31bf3856ad364e35*
Version : 3.0.6920.9054
.NET Version : 3.5
Associated KB : 5020866
Latest effective update level : 12_2022

192148 - Microsoft Azure Data Studio Installed (Windows)
-
Synopsis
Microsoft Azure Data Studio is installed on the remote Windows host.
Description
Microsoft Azure Data Studio is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/03/15, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Program Files\Azure Data Studio\
Version : 1.41.2.0

72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection
-
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/03/07, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Type : Admin Groups
Is Enabled : True

Type : User Groups
Is Enabled : True

162560 - Microsoft Internet Explorer Installed
-
Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/06/28, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Windows\system32\mshtml.dll
Version : 11.0.17763.3770

72367 - Microsoft Internet Explorer Version Detection
-
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0509
Plugin Information
Published: 2014/02/06, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Version : 11.1790.17763.0

139615 - Microsoft Internet Information Services (IIS) Installed
-
Synopsis
Checks Windows registry keys and executables for a Microsoft Internet Information Services (IIS) installation.
Description
Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows host.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0030
XREF IAVT:0001-T-0944
Plugin Information
Published: 2020/08/17, Modified: 2025/12/15
Plugin Output

tcp/0


Path : C:\Windows\system32\inetsrv
Version : 10.0.17763.3650

140655 - Microsoft Internet Information Services (IIS) Sites Enumeration
-
Synopsis
Checks IIS configuration file for configured sites and their bound addresses.
Description
Microsoft Internet Information Services configuration file has been parsed to extract information about the existing sites, their protocols, domains and IP addresses.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/09/18, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

Nessus found the following sites configured on the remote host:
+ site name: Default Web Site
+ binding 0
- IP address : 172.17.100.20
- port : 80
- domain :
- protocol : http
+ binding 1
- IP address : 808
- port : *
- domain :
- protocol : net.tcp
+ binding 2
- IP address : *
- port :
- domain :
- protocol : net.pipe
+ binding 3
- IP address : localhost
- port :
- domain :
- protocol : net.msmq
+ binding 4
- IP address : localhost
- port :
- domain :
- protocol : msmq.formatname
+ binding 5
- IP address : *
- port : 443
- domain : hrms.lkp.net.in
- protocol : https
+ site name: PAYROLLNX
+ binding 0
- IP address : 172.17.100.20
- port : 81
- domain :
- protocol : http
66424 - Microsoft Malicious Software Removal Tool Installed
-
Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/05/15, Modified: 2023/01/10
Plugin Output

tcp/445/cifs


File : C:\Windows\system32\MRT.exe
Version : 5.130.24110.1001
Release at last run : unknown
Report infection information to Microsoft : Yes
174413 - Microsoft ODBC Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.5.1
174405 - Microsoft OLE DB Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Microsoft OLE DB Driver for SQL Server:

Path : C:\Windows\System32\msoledbsql.dll
Version : 18.6.7.0

Path : C:\Windows\System32\msoledbsql19.dll
Version : 19.2.0.0

92427 - Microsoft Paint Recent File History
-
Synopsis
Nessus was able to enumerate files opened in Microsoft Paint on the remote host.
Description
Nessus was able to generate a list of files opened using the Microsoft Paint program.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

production
- D:\SpineHR\MobileHR\Payrollnx\UserData\CompanyLogo\LKP Logo.jpg
- C:\Users\Administrator\Pictures\Logo_C001.jpg
- D:\SpineHR\MobileHR\Payrollnx\UserData\CompanyLogo\Logo_C001.jpg
- D:\SpineHR\UserData\CompanyLogo\LKP Logo.jpg
- D:\SpineHR\navbar_files\V502\Images\logo.png
- F:\LKP.jpg
- D:\SpineHR\MobileHR\Payrollnx\UserData\CompanyLogo\Logo_C001.png
- D:\SpineHR\MobileHR\Payrollnx\UserData\EmpPhotoes\EmpPhoto.jpg
- D:\ERROR.png

57033 - Microsoft Patch Bulletin Feasibility Check
-
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/06, Modified: 2021/07/12
Plugin Output

tcp/445/cifs



Nessus is able to test for missing patches using :
Nessus

125835 - Microsoft Remote Desktop Connection Installed
-
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/06/12, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.17763.2867

11217 - Microsoft SQL Server Detection (credentialed check)
-
Synopsis
The remote host has a database server installed.
Description
Nessus has detected one or more installs of Microsoft SQL server by examining the registry and file systems on the remote host.
See Also
Solution
Ensure the latest service pack and hotfixes are installed.
Risk Factor
None
References
XREF IAVT:0001-T-0800
Plugin Information
Published: 2003/01/26, Modified: 2025/09/24
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn
Version : 15.0.4335.1
arch : x64
instance_name : MSSQLSERVER
is_accessible_share : 1
local_db : 0
localdb : 0


Nessus detected 2 installs of Microsoft SQL Server:

Version : 15.0.4335.1
Edition : Standard Edition
Path : C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn
Named Instance : MSSQLSERVER

69482 - Microsoft SQL Server STARTTLS Support
-
Synopsis
The remote service supports encrypting traffic.
Description
The remote Microsoft SQL Server service supports the use of encryption initiated during pre-login to switch from a cleartext to an encrypted communications channel.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/07/04, Modified: 2022/04/11
Plugin Output

tcp/1433/mssql


Here is the Microsoft SQL Server's SSL certificate that Nessus
was able to collect after sending a pre-login packet :

------------------------------ snip ------------------------------
Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 5F A6 47 B4 50 A2 91 B4 4A BF 92 7D BC 69 CE 5A

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Apr 17 09:39:52 2025 GMT
Not Valid After: Apr 17 09:39:52 2055 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BB A6 D8 50 8B E3 5F AF BA C2 D6 5B 8A C2 46 8A 28 F1 D7
0A 35 5C 06 33 F0 1A E8 6B E0 54 D6 DF 17 F9 D5 9D 8E 05 DF
4D A3 F5 BC 28 EC 73 DE 56 F8 1C E7 2E BC EB 59 84 B4 DD A7
D7 63 F3 3D 7F FA 9A 26 B9 C9 25 97 6C 99 06 69 F0 78 1E 59
07 C3 66 8D 5D 6C 0F 5D 6E EE 19 53 F1 C2 03 7D 12 FE 50 5A
1B 44 8D 77 58 A5 75 4E 62 C4 66 CB CF D2 F3 26 A8 8F 28 13
0D 41 CC 76 03 1E EA 57 3C 6F D5 24 21 49 59 BA BE 57 27 D8
E0 A7 76 17 02 E7 5C 20 60 F2 F8 3E 09 48 2F 78 7C CF 54 31
9A 90 5C 31 85 D0 D1 59 0B 72 00 DB 55 2D BF 94 38 AE 45 63
B9 AE 47 86 FA 88 7F CD EA 81 24 71 96 AF 86 AA AC B4 FF 30
1E 1E D7 AB 4A 93 CD C6 88 BA D9 A7 1D BC B3 EA 15 3B 15 FD
07 90 45 60 BC 33 2A 57 2F C2 07 54 10 EB C3 80 E9 8C 89 95
4C 38 C0 70 59 8C 8B 58 00 6D 22 04 AD FD 01 00 05
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 60 1F CC 85 54 B5 C8 A5 6C 1E FB 42 7D 2D C2 A5 48 7A 69
17 5B 6C D7 C2 42 F5 F4 F5 72 D8 42 55 A8 C2 C0 6B 80 EF 51
00 CC 42 E6 99 57 00 39 29 8C 9E 74 E0 B2 F7 34 85 F8 E9 3C
DF F5 B2 5A 4A 4B 04 D2 BA C8 40 93 56 C2 BE 04 BF 73 F1 24
F6 12 EE 96 EF 59 07 4E 27 64 AE 73 47 D6 1E 36 91 BD DD C2
9E 20 EA 06 1E D7 7E DE EC 47 F6 32 8A 31 79 2F 68 AE 6C F2
53 9B 79 9B BF EB C5 18 F3 9E 97 7D F7 66 84 B9 58 23 22 AA
FF E7 31 1C AB A2 00 3B 4F 9B E8 04 A2 B7 61 F4 F3 D1 66 3F
9E 08 EB AB 9B 08 23 E1 14 53 CE 25 D1 51 B3 54 0A E5 0F 37
65 81 BD 0E D6 08 5C 43 4A BA E2 50 6C DC 3F 4A E8 79 E5 22
95 3A D5 C6 90 EC 8B 9F 66 DB EB 52 04 31 AB 54 58 90 F4 E9
78 6D 0C 18 C6 91 41 57 BB A2 83 E4 CD A9 14 65 92 F9 47 37
2A 98 1C 0C 80 C7 05 FD E8 B0 2C E3 08 40 8A 3B 83


------------------------------ snip ------------------------------


SQL Server Version : 15.0.4335.0
SQL Server Instance : MSSQLSERVER
10144 - Microsoft SQL Server TCP/IP Listener Detection
-
Synopsis
A database server is listening on the remote port.
Description
The remote host is running MSSQL, a database server from Microsoft. It is possible to extract the version number of the remote installation from the server pre-login response.
Solution
Restrict access to the database to allowed IPs only.
Risk Factor
None
References
XREF IAVT:0001-T-0800
Plugin Information
Published: 1999/10/12, Modified: 2024/07/29
Plugin Output

tcp/1433/mssql


Service : mssql-MSSQLSERVER
Version : 15.0.4335.0
InstanceName : MSSQLSERVER
Note : The remote MSSQL server accepts cleartext logins.

10674 - Microsoft SQL Server UDP Query Remote Version Disclosure
-
Synopsis
It is possible to determine the remote SQL server version.
Description
Microsoft SQL server has a function wherein remote users can query the database server for the version that is being run. The query takes place over the same UDP port that handles the mapping of multiple SQL server instances on the same machine.

It is important to note that, after Version 8.00.194, Microsoft decided not to update this function. This means that the data returned by the SQL ping is inaccurate for newer releases of SQL Server.
Solution
If there is only a single SQL instance installed on the remote host, consider filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2001/05/25, Modified: 2018/03/13
Plugin Output

udp/1434


A 'ping' request returned the following information about the remote
SQL instance :

ServerName : SPINE-HRMS
InstanceName : MSSQLSERVER
IsClustered : No
Version : 15.0.2000.5
tcp : 1433

93962 - Microsoft Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/10/11, Modified: 2025/11/18
Plugin Output

tcp/445/cifs


Cumulative Rollup : 12_2022 [KB5021237]
Cumulative Rollup : 11_2022
Cumulative Rollup : 10_2022
Cumulative Rollup : 09_2022
Cumulative Rollup : 08_2022
Cumulative Rollup : 07_2022
Cumulative Rollup : 06_2022
Cumulative Rollup : 05_2022
Cumulative Rollup : 04_2022
Cumulative Rollup : 03_2022
Cumulative Rollup : 02_2022
Cumulative Rollup : 01_2022
Cumulative Rollup : 12_2021
Cumulative Rollup : 11_2021
Cumulative Rollup : 10_2021
Cumulative Rollup : 09_2021
Cumulative Rollup : 08_2021
Cumulative Rollup : 07_2021
Cumulative Rollup : 06_2021_07_01
Cumulative Rollup : 06_2021
Cumulative Rollup : 05_2021
Cumulative Rollup : 04_2021
Cumulative Rollup : 03_2021
Cumulative Rollup : 02_2021
Cumulative Rollup : 01_2021
Cumulative Rollup : 12_2020
Cumulative Rollup : 11_2020
Cumulative Rollup : 10_2020
Cumulative Rollup : 09_2020
Cumulative Rollup : 08_2020
Cumulative Rollup : 07_2020 [KB4558998]
Cumulative Rollup : 06_2020
Cumulative Rollup : 05_2020
Cumulative Rollup : 04_2020
Cumulative Rollup : 03_2020
Cumulative Rollup : 02_2020
Cumulative Rollup : 01_2020
Cumulative Rollup : 12_2019
Cumulative Rollup : 11_2019
Cumulative Rollup : 10_2019
Cumulative Rollup : 09_2019
Cumulative Rollup : 08_2019
Cumulative Rollup : 07_2019
Cumulative Rollup : 06_2019
Cumulative Rollup : 05_2019
Cumulative Rollup : 04_2019
Cumulative Rollup : 03_2019
Cumulative Rollup : 02_2019
Cumulative Rollup : 01_2019
Cumulative Rollup : 12_2018
Cumulative Rollup : 11_2018
Cumulative Rollup : 10_2018

Latest effective update level : 12_2022
File checked : C:\Windows\system32\ntoskrnl.exe
File version : 10.0.17763.3770
Associated KB : 5021237
50346 - Microsoft Update Installed
-
Synopsis
A software updating service is installed.
Description
Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/10/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

122546 - Microsoft Visual Studio Isolated Shell Installed
-
Synopsis
The remote Windows host has one or more applications built on top of Microsoft Visual Studio Isolated Shell.
Description
Microsoft Visual Studio Isolated Shell, a base IDE to build tools and applications on top of Visual Studio, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/03/04, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft Visual Studio 10.0\
Version : 10.0.40219.1
Product : 2010

265694 - Microsoft Visual Studio Tools for Applications Installed (Windows)
-
Synopsis
The remote Windows host has an integrated development environment installed.
Description
Microsoft Visual Studio Tools for Applications (VSTA) is a set of tools that independent software vendors (ISVs) can use to build customization abilities into their applications for both automation and extensibility, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/09/22, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus detected 2 installs of Microsoft Visual Studio Tools for Applications:

Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\15.0\Bin\VstaCore.dll
Version : 15.0.27520
product_version : 2017

Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\16.0\Bin\VstaCore.dll
Version : 16.0.31110
product_version : 2019

10902 - Microsoft Windows 'Administrators' Group User List
-
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/445/cifs


The following users are members of the 'Administrators' group :

- SPINE-HRMS\production (User)
- SPINE-HRMS\tidua (User)
48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
-
Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:

- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)

- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)

- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/26, Modified: 2019/12/20
Plugin Output

tcp/445/cifs


Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing

92370 - Microsoft Windows ARP Table
-
Synopsis
Nessus was able to collect and report ARP table information from the remote host.
Description
Nessus was able to collect ARP table information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

172.17.100.10 : 78-64-a0-ba-d1-47
172.17.100.18 : 00-50-56-88-3a-2f
172.17.100.19 : 00-50-56-88-d2-f4
172.17.100.33 : d4-f5-ef-60-36-fc
172.17.100.35 : 00-50-56-bc-fc-73
172.17.100.38 : 00-50-56-88-a7-ac
172.17.100.39 : 00-50-56-bc-4f-46
172.17.100.44 : 00-50-56-bc-e5-e3
172.17.100.50 : 00-50-56-88-59-f9
172.17.100.52 : 00-50-56-bc-04-95
172.17.100.53 : 00-50-56-88-ef-ed
172.17.100.56 : 00-50-56-88-08-9c
172.17.100.59 : 00-50-56-88-e7-eb
172.17.100.60 : 00-50-56-bc-47-5e
172.17.100.62 : 00-50-56-bc-30-36
172.17.100.69 : 00-50-56-93-20-59
172.17.100.70 : 00-50-56-bc-c1-4d
172.17.100.73 : 40-a8-f0-20-84-35
172.17.100.78 : 00-50-56-bc-8d-b9
172.17.100.83 : 00-50-56-bc-b4-9f
172.17.100.88 : 00-50-56-bc-f7-5e
172.17.100.93 : 00-50-56-bc-85-97
172.17.100.95 : 00-50-56-bc-16-9d
172.17.100.112 : 00-50-56-bc-7d-2b
172.17.100.116 : 00-50-56-88-63-80
172.17.100.117 : 00-50-56-bc-4d-ab
172.17.100.120 : 00-50-56-bc-29-b3
172.17.100.137 : 00-50-56-bc-37-2c
172.17.100.140 : 00-50-56-88-13-c1
172.17.100.149 : 00-50-56-93-04-7f
172.17.100.154 : 00-50-56-bc-f3-c3
172.17.100.160 : 00-50-56-88-49-b4
172.17.100.167 : 00-50-56-bc-74-6f
172.17.100.186 : 00-50-56-bc-ad-94
172.17.100.189 : 00-50-56-bc-6b-55
172.17.100.190 : 00-50-56-88-d4-3e
172.17.100.191 : 00-50-56-88-fc-24
172.17.100.222 : 24-5e-be-0a-86-b0
172.17.100.223 : 24-5e-be-0a-86-b2
172.17.100.224 : 00-50-56-88-8f-dc
172.17.100.226 : 00-50-56-a9-fc-32
172.17.100.254 : 1a-c2-41-87-f6-3d
172.17.100.255 : ff-ff-ff-ff-ff-ff
224.0.0.22 : 01-00-5e-00-00-16
224.0.0.251 : 01-00-5e-00-00-fb
224.0.0.252 : 01-00-5e-00-00-fc
226.1.1.1 : 01-00-5e-01-01-01
239.255.255.250 : 01-00-5e-7f-ff-fa
255.255.255.255 : ff-ff-ff-ff-ff-ff

Extended ARP table information attached.
70615 - Microsoft Windows AutoRuns Boot Execute
-
Synopsis
Report programs that startup associates with session manager subsystem.
Description
Report registry startup locations associated with the session manager subsystem during boot time.

These registry keys start-up with the smss.exe service during boot time and perform system tasks that cannot be performed while Windows is running.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0

+ HKLM\System\CurrentControlSet\Control\Session Manager\bootexecute
- autocheck autochk /q /v *

70616 - Microsoft Windows AutoRuns Codecs
-
Synopsis
Report programs set to normally start with multimedia.
Description
Codecs are encoders and decoders for digital data streams commonly associated with video and audio playback.

The following keys are codecs that are set to start automatically to control different types of digital media encoding and decoding.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\System32\l3codeca.acm
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\SysWOW64\l3codeca.acm
- vidc.cvid : iccvid.dll
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll


70617 - Microsoft Windows AutoRuns Explorer
-
Synopsis
Reports programs that startup associates with the explorer process.
Description
Report the startup locations associated with the explorer.exe process.

These items could add controls to menus, add extensions for common protocols such as HTTP or FTP, or set control user activity with the desktop and control panels.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Protocols\Filter
+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/octet-stream
- Value : C:\Windows\System32\mscoree.dll

+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/x-complus
- Value : C:\Windows\System32\mscoree.dll

+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/x-msdownload
- Value : C:\Windows\System32\mscoree.dll


+ HKLM\SOFTWARE\Classes\Protocols\Handler
+ CLSID : {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
- Name : about
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
- Name : cdl
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {12D51199-0DB5-46FE-A120-47A3D7D937CC}
- Name : dvd
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : file
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
- Name : ftp
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
- Name : http
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
- Name : https
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : javascript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : local
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
- Name : mailto
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {05300401-BCBC-11d0-85E3-00C04FD85AB4}
- Name : mhtml
- Value : C:\Windows\System32\inetcomm.dll

+ CLSID : {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
- Name : mk
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : ms-its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
- Name : res
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : tbauth
- Value : C:\Windows\System32\tbauth.dll

+ CLSID : {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
- Name : tv
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : vbscript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : windows.tbauth
- Value : C:\Windows\System32\tbauth.dll


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ CLSID : {AE81D5A2-A34B-4D93-8DF8-540DBCE48043}
- Name : Kaspersky Anti-Virus 21.15
- Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\x64\shellex.dll

+ CLSID : {e2bf9676-5f8f-435c-97eb-11607a5bedf7}
- Name : ModernSharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {09799AFB-AD67-11d1-ABCD-00C04FC30936}
- Name : Open With
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : Open With EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll

+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :

+ CLSID : {90AA3A4E-1CBA-4233-B8BB-535773D48449}
- Name : Taskband Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {C539A15A-3AF9-4c92-B771-50CB78F5C751}
- Name :
- Value : C:\Program Files\BackupClient\ShellExtensions\tishell64.dll


+ HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers
+ CLSID : {7444C719-39BF-11D1-8CD9-00C04FC29D45}
- Name : CryptoSignMenu
- Value : %SystemRoot%\system32\cryptext.dll

+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {3EA48300-8CF6-101B-84FB-666CCB9BCD32}
- Name : OLE DocFile Property Page
- Value : %SystemRoot%\system32\docprop.dll

+ CLSID : {883373C3-BF89-11D1-BE35-080036B11A03}
- Name : Summary Properties Page
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ CLSID : {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
- Name : CopyAsPathMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {7BA4C740-9E81-11CF-99D3-00AA004AE837}
- Name : SendTo
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name :
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name :
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {AE81D5A2-A34B-4D93-8DF8-540DBCE48043}
- Name : Kaspersky Anti-Virus 21.15
- Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\x64\shellex.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll


+ HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {4a7ded0a-ad25-11d0-98a8-0800361b1103}
- Name :
- Value : %SystemRoot%\system32\mydocs.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}
- Name :
- Value : C:\Windows\System32\DfsShlEx.dll

+ CLSID : {ef43ecfe-2ab9-4632-bf21-58909dd177f0}
- Name :
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ CLSID : {217FC9C0-3AEA-1069-A2DB-08002B30309D}
- Name : FileSystem
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ CLSID : {D969A300-E7FF-11d0-A93B-00A0C90F2719}
- Name : New
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ CLSID : {AE81D5A2-A34B-4D93-8DF8-540DBCE48043}
- Name : Kaspersky Anti-Virus 21.15
- Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\x64\shellex.dll

+ CLSID : {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
- Name : Library Location
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {470C0EBD-5D73-4d58-9CED-E91E22E23282}
- Name : PintoStartScreen
- Value : C:\Windows\System32\appresolver.dll

+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll

+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {C539A15A-3AF9-4c92-B771-50CB78F5C751}
- Name :
- Value : C:\Program Files\BackupClient\ShellExtensions\tishell64.dll


+ HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll

+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :

+ CLSID : {BD472F60-27FA-11cf-B8B4-444553540000}
- Name :
- Value : %SystemRoot%\system32\zipfldr.dll


+ HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers
+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ CLSID : {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
- Name : EnhancedStorageShell
- Value : C:\Windows\System32\EhStorShell.dll

+ CLSID : {4E77131D-3629-431c-9818-C5679DC83E81}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


70620 - Microsoft Windows AutoRuns Known DLLs
-
Synopsis
DLLs listed to be shared by processes.
Description
The known DLLs registry setting is used to define DLLs that are shared between processes without a process having to search for the DLL location.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
- imagehlp : IMAGEHLP.dll
- shcore : SHCORE.dll
- oleaut32 : OLEAUT32.dll
- normaliz : NORMALIZ.dll
- msvcrt : MSVCRT.dll
- shell32 : SHELL32.dll
- msctf : MSCTF.dll
- gdi32 : gdi32.dll
- nsi : NSI.dll
- advapi32 : advapi32.dll
- coml2 : coml2.dll
- _wowarmhw : wowarmhw.dll
- clbcatq : clbcatq.dll
- wow64win : wow64win.dll
- shlwapi : SHLWAPI.dll
- psapi : PSAPI.DLL
- imm32 : IMM32.dll
- combase : combase.dll
- user32 : user32.dll
- sechost : sechost.dll
- _xtajit : xtajit.dll
- _wow64cpu : wow64cpu.dll
- wow64 : wow64.dll
- rpcrt4 : rpcrt4.dll
- kernel32 : kernel32.dll
- ws2_32 : WS2_32.dll
- wldap32 : WLDAP32.dll
- ole32 : ole32.dll
- difxapi : difxapi.dll
- setupapi : Setupapi.dll
- comdlg32 : COMDLG32.dll
- gdiplus : gdiplus.dll
70613 - Microsoft Windows AutoRuns LSA Providers
-
Synopsis
Programs set to start as Local Security Authority.
Description
An LSA (Local Security Authority) is an application that can be used to authorize users to their systems. The reported autoruns are available to provide this service or features to this service.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0



+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\authentication packages
- msv1_0


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\notification packages
- rassfm
- scecli


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\security packages
- ""
70621 - Microsoft Windows AutoRuns Logon
-
Synopsis
Report programs that start-up from the most common registry locations.
Description
Report the most common startup locations used by programs. These are commonly associated with programs that start automatically when the computer is turned on, users log in, users log off, or remote sessions are started.

Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
- rdpclip


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
- C:\Windows\system32\userinit.exe


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\vmapplet
- SystemPropertiesPerformance.exe /pagefile


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
- explorer.exe


+ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- AlternateShell : cmd.exe


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Name : vmware user process
- Value : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe" -n vmusr

- Name : securityhealth
- Value : %windir%\system32\SecurityHealthSystray.exe

- Name : mmsmonitor.exe
- Value : C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe

- Name : acronis scheduler2 service
- Value : "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Name : acronistibmountermonitor
- Value : C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe


+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
- Name : Themes Setup
- Value : /UserInstall

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4340}
- Name : Windows Desktop Update
- Value : U

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4383}
- Name : Web Platform Customizations
- Value : C:\Windows\System32\ie4uinit.exe -UserConfig

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

+ CLSID : {8A69D345-D564-463c-AFF1-A69D9E530F96}
- Name : Google Chrome
- Value : "C:\Program Files\Google\Chrome\Application\143.0.7499.193\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel=stable

+ CLSID : {A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin

+ CLSID : {A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
- iconservicelib : IconCodecService.dll
- Load :


70622 - Microsoft Windows AutoRuns Network Providers
-
Synopsis
Report programs set to automatically start-up as a Network Provider.
Description
The DLLs listed under the registry key are used to provide network services for new protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll

+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
70623 - Microsoft Windows AutoRuns Print Monitor
-
Synopsis
Report programs set to start automatically as a print monitor.
Description
Report the DLLs that control print monitor functions for multiple programs and systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
- Local Port : localspl.dll
- Standard TCP/IP Port : tcpmon.dll
- USB Monitor : usbmon.dll
- WSD Port : APMon.dll
70618 - Microsoft Windows AutoRuns Registry Hijack Possible Locations
-
Synopsis
Report common registry keys used to hijack execution.
Description
Report common registry keys that can be used to hijack system process execution.

These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command
- Command : "%1" %*


+ HKLM\Software\Classes\.exe : exefile
- open : "%1" %*
- runas : "%1" %*
- runasuser :


+ HKLM\Software\Classes\.cmd : cmdfile
- edit : %SystemRoot%\System32\NOTEPAD.EXE %1
- open : "%1" %*
- print : %SystemRoot%\System32\NOTEPAD.EXE /p %1
- runas : %SystemRoot%\System32\cmd.exe /C "%1" %*
- runasuser :


+ HKLM\Software\Classes\.htm : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.html : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.docx : docxfile
- open : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
- print : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1"
- printto : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.vbs : VBSFile
- Edit : "%SystemRoot%\System32\Notepad.exe" %1
- Open : "%SystemRoot%\System32\WScript.exe" "%1" %*
- Open2 : "%SystemRoot%\System32\CScript.exe" "%1" %*
- Print : "%SystemRoot%\System32\Notepad.exe" /p %1


+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.xml : xmlfile
- Open : "C:\Program Files\Internet Explorer\iexplore.exe" %1


+ HKLM\Software\Classes\.pif : piffile
- open : "%1" %*


+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"



70624 - Microsoft Windows AutoRuns Report
-
Synopsis
Generate a CSV report of all autoruns.
Description
Collect all autoruns listed in the Windows autoruns plugins and report the primary content in a CSV report.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+Enabled Autoruns Detection Types
- LSA Provider
- Boot Execute
- WinLogon
- Known DLLs
- Winsock Provider
- Service
- Explorer
- Logon
- Codecs
- Driver
- Image Hijack
- Network Provider
- Scheduled Tasks
- Print Monitor


The attached CSV contains information about Windows autoruns.
70625 - Microsoft Windows AutoRuns Scheduled Tasks
-
Synopsis
Report processes that start-up via the scheduled task manager.
Description
This plugin lists the scheduled tasks for the system. The scheduled tasks are often used to update software, for systems administrators to run processes, and can be used by malware to spread on systems.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ Task
+ RegistrationInfo
- Description : Ensure Npcap service is configured to start at boot
- URI : \npcapwatchdog
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
+ Actions
+ Exec
- Command : C:\Program Files\Npcap\CheckStatus.bat

+ Task
+ RegistrationInfo
- Author : SecPod Saner
- URI : \SecPod Saner Agent WatchDog
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ BootTrigger
- Delay : PT15M
+ Repetition
- Interval : PT5M
+ TimeTrigger
- StartBoundary : 2024-12-28T23:55:00
+ Repetition
- Interval : PT5M
+ Actions
+ Exec
- Command : "C:\Program Files (x86)\SecPod Saner\Agent\bin\spagentwatchdog.exe"

+ Task
+ RegistrationInfo
- Author : SPINE-HRMS\production
- Description : Updates out-of-date system feeds.
- URI : \User_Feed_Synchronization-{FD981474-79A0-432B-A03F-697B3CB3E3FC}
+ Principals
+ Principal
- UserId : S-1-5-21-1687551350-3880216100-4069998428-500
- LogonType : InteractiveToken
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2026-01-10T01:49:34+05:30
- EndBoundary : 2036-01-10T01:49:34+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : C:\Windows\system32\msfeedssync.exe
- Arguments : sync

+ Task
+ RegistrationInfo
- Author : NT AUTHORITY\SYSTEM
- Description : GoogleUpdater Task System 145.0.7569.0
- URI : \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem145.0.7569.0{305A859E-305A-4B1F-A031-8DBA25216CC0}
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
+ Triggers
+ LogonTrigger
+ CalendarTrigger
- StartBoundary : 2025-12-12T17:13:17+05:30
+ Repetition
- Interval : PT1H
- Duration : P1D
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe"
- Arguments : --wake --system

+ Task
+ RegistrationInfo
- Author : $(@%systemroot%\system32\SrvInitConfig.exe,-100)
- Description : $(@%systemroot%\system32\SrvInitConfig.exe,-101)
- URI : \Microsoft\Windows\Server Initial Configuration Task
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
+ Actions
+ Exec
- Command : %windir%\system32\srvinitconfig.exe
- Arguments : /disableconfigtask

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {84F0FAE1-C27B-4F6F-807B-28CF6F96287D}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {429BC048-379E-45E0-80E4-EB1977941B5C}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- WakeToRun : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ IdleTrigger
+ Actions
+ ComHandler
- ClassId : {613FBA38-A3DF-4AB8-9674-5604984A299A}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2010-09-30T14:53:37.9516706
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- WakeToRun : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ IdleTrigger
+ Actions
+ ComHandler
- ClassId : {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E}
- Data : /RuntimeWide

+ Task
+ RegistrationInfo
- Date : 2006-11-10T14:29:55.5851926
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Author : $(@%systemRoot%\System32\msdrm.dll,-6001)
- Description : $(@%systemRoot%\System32\msdrm.dll,-6002)
- URI : \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
+ Principals
+ Principal
- GroupId : S-1-1-0
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2006-11-09T03:00:00
- RandomDelay : PT1H
+ ScheduleByDay
- DaysInterval : 1
+ LogonTrigger
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {CF2CF428-325B-48D3-8CA8-7633E36E5A32}

+ Task
+ RegistrationInfo
- Date : 2006-11-10T14:29:55.5851926
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Author : $(@%systemRoot%\System32\msdrm.dll,-6001)
- Description : $(@%systemRoot%\System32\msdrm.dll,-6003)
- URI : \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
+ Principals
+ Principal
- GroupId : S-1-1-0
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Enabled : false
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {BF5CB148-7C77-4D8A-A53E-D81C70CF743C}

+ Task
+ RegistrationInfo
- Date : 2015-02-09T10:54:13.9629482
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-2978287140-3787137133-1749738600-1988163579-2060695581)
- Source : $(@%SystemRoot%\system32\ApplockerCsp.dll,-101)
- Author : $(@%SystemRoot%\system32\ApplockerCsp.dll,-100)
- Description : $(@%SystemRoot%\system32\ApplockerCsp.dll,-102)
- URI : \Microsoft\Windows\AppID\EDP Policy Manager
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7588BCA328009213
+ WnfStateChangeTrigger
- StateName : 75E0BCA328009213
+ Actions
+ ComHandler
- ClassId : {DECA92E0-AF85-439E-9204-86679978DA08}
- Data : EdpPolicyManager

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
- Source : $(@%systemroot%\system32\appidsvc.dll,-300)
- Author : $(@%systemroot%\system32\appidsvc.dll,-301)
- Description : $(@%systemroot%\system32\appidsvc.dll,-302)
- URI : \Microsoft\Windows\AppID\PolicyConverter
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\appidpolicyconverter.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;CI;FA;;;LS)(A;CI;FA;;;S-1-5-80-2078495744-2416903469-4072184685-3943858305-976987417)
- Source : $(@%systemroot%\system32\appidsvc.dll,-200)
- Author : $(@%systemroot%\system32\appidsvc.dll,-201)
- Description : $(@%systemroot%\system32\appidsvc.dll,-202)
- URI : \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : Queue
- Priority : 10
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT3M
- WaitTimeout : PT23H
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT30M
+ Repetition
- Interval : P1D
+ Actions
+ Exec
- Command : %windir%\system32\appidcertstorecheck.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\appraiser.dll,-500)
- Author : $(@%SystemRoot%\system32\appraiser.dll,-501)
- Description : $(@%SystemRoot%\system32\appraiser.dll,-502)
- URI : \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P4D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-09-01T03:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 750CBCA3290B9641
- Data : 01
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7510BCA323028B41
- Data : 01
+ Actions
+ Exec
- Command : %windir%\system32\compattelrunner.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\invagent.dll,-701)
- Author : $(@%SystemRoot%\system32\invagent.dll,-701)
- Description : $(@%SystemRoot%\system32\invagent.dll,-702)
- URI : \Microsoft\Windows\Application Experience\ProgramDataUpdater
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 4
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1DT12H
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\compattelrunner.exe
- Arguments : -maintenance

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;LA)(A;OICI;FA;;;SY)(A;OICI;FRFX;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\Startupscan.dll,-701)
- Author : $(@%SystemRoot%\system32\Startupscan.dll,-701)
- Description : $(@%SystemRoot%\system32\Startupscan.dll,-702)
- URI : \Microsoft\Windows\Application Experience\StartupAppTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
- Priority : 4
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P2D
- Deadline : P3D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : Startupscan.dll,SusRunTask

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)(A;;FRFX;;;AU)(A;;FRFX;;;IU)
- Source : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10005)
- Author : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10004)
- Description : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10002)
- URI : \Microsoft\Windows\ApplicationData\appuriverifierdaily
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\AppHostRegistrationVerifier.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)(A;;FRFX;;;AU)(A;;FRFX;;;IU)
- Source : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10005)
- Author : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10004)
- Description : $(@%systemroot%\system32\AppHostRegistrationVerifier.exe,-10002)
- URI : \Microsoft\Windows\ApplicationData\appuriverifierinstall
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT1M
- StateName : 7508BCA32C7C8741
+ Actions
+ Exec
- Command : %windir%\system32\AppHostRegistrationVerifier.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5001)
- Author : $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5002)
- Description : $(@%systemroot%\system32\Windows.Storage.ApplicationData.dll,-5003)
- URI : \Microsoft\Windows\ApplicationData\CleanupTemporaryState
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : Windows.Storage.ApplicationData.dll,CleanupTemporaryState

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%systemroot%\system32\dssvc.dll,-10005)
- Author : $(@%systemroot%\system32\dssvc.dll,-10004)
- Description : $(@%systemroot%\system32\dssvc.dll,-10006)
- URI : \Microsoft\Windows\ApplicationData\DsSvcCleanup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\dstokenclean.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;GA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- URI : \Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT15M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ LogonTrigger
- Delay : PT1H
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

+ Task
+ RegistrationInfo
- Source : $(@%systemroot%\system32\acproxy.dll,-100)
- Author : $(@%systemroot%\system32\acproxy.dll,-101)
- Description : $(@%systemroot%\system32\acproxy.dll,-102)
- URI : \Microsoft\Windows\Autochk\Proxy
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : P365D
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT30M
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : /d acproxy.dll,PerformAutochkOperations

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\BitLocker\BitLocker Encrypt All Drives
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7568BCA32B188341
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : BitLockerEncryptAllDrives

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\BitLocker\BitLocker MDM policy Refresh
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7540BCA32B188341
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : BitLockerPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%SystemRoot%\system32\BthUdTask.exe,-1002)
- Description : $(@%SystemRoot%\system32\BthUdTask.exe,-1001)
- URI : \Microsoft\Windows\Bluetooth\UninstallDeviceTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : BthUdTask.exe
- Arguments : $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%systemRoot%\System32\bisrv.dll,-102)
- Description : $(@%systemRoot%\System32\bisrv.dll,-103)
- URI : \Microsoft\Windows\BrokerInfrastructure\BgTaskRegistrationMaintenanceTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT6M
- MultipleInstancesPolicy : IgnoreNew
- Priority : 6
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT1S
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {E984D939-0E00-4DD9-AC3A-7ACA04745521}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%\system32\ngctasks.dll,-101)
- Author : $(@%SystemRoot%\system32\ngctasks.dll,-100)
- Description : $(@%SystemRoot%\system32\ngctasks.dll,-103)
- URI : \Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA323098541
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : AIKCertEnroll

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%\system32\ngctasks.dll,-101)
- Author : $(@%SystemRoot%\system32\ngctasks.dll,-100)
- Description : $(@%SystemRoot%\system32\ngctasks.dll,-104)
- URI : \Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7530BCA323098541
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : CryptoPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;NS)
- Source : $(@%SystemRoot%\system32\ngctasks.dll,-101)
- Author : $(@%SystemRoot%\system32\ngctasks.dll,-100)
- Description : $(@%SystemRoot%\system32\ngctasks.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA323098541
+ WnfStateChangeTrigger
- Delay : PT10M
- StateName : 7520BCA323098541
+ WnfStateChangeTrigger
- Delay : PT10M
- StateName : 75C0BCA33E06830D
+ LogonTrigger
- Enabled : false
- Delay : PT10M
+ SessionStateChangeTrigger
- Enabled : false
- Delay : PT10M
- StateChange : ConsoleConnect
+ Actions
+ ComHandler
- ClassId : {47E30D54-DAC1-473A-AFF7-2355BF78881F}
- Data : NGCKeyPregen

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\dimsjob.dll,-100)
- Author : $(@%SystemRoot%\system32\dimsjob.dll,-101)
- Description : $(@%SystemRoot%\system32\dimsjob.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\SystemTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ RegistrationTrigger
+ BootTrigger
- Delay : PT10S
+ Repetition
- Interval : PT8H
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : SYSTEM

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
- Source : $(@%SystemRoot%\system32\dimsjob.dll,-100)
- Author : $(@%SystemRoot%\system32\dimsjob.dll,-101)
- Description : $(@%SystemRoot%\system32\dimsjob.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\UserTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : F510BCA32A1E890D
+ RegistrationTrigger
+ LogonTrigger
+ Repetition
- Interval : PT8H
+ EventTrigger
- ExecutionTimeLimit : PT30M
- Delay : PT25M
+ Repetition
- Interval : PT1H
- Duration : PT4H
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-User Device Registration/Admin"><Select Path="Microsoft-Windows-User Device Registration/Admin">*[System[Provider[@Name='Microsoft-Windows-User Device Registration'] and EventID=300]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : USER

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFW;;;IU)
- Source : $(@%SystemRoot%\system32\dimsjob.dll,-100)
- Author : $(@%SystemRoot%\system32\dimsjob.dll,-101)
- Description : $(@%SystemRoot%\system32\dimsjob.dll,-102)
- URI : \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ RestartOnFailure
- Count : 5
- Interval : PT1M
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ SessionStateChangeTrigger
- StateChange : SessionLock
+ SessionStateChangeTrigger
- StateChange : SessionUnlock
+ Actions
+ ComHandler
- ClassId : {58FB76B9-AC85-4E55-AC04-427593B1D060}
- Data : KEYROAMING

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\pstask.dll,-100)
- Author : $(@%systemroot%\system32\pstask.dll,-101)
- Description : $(@%systemroot%\system32\pstask.dll,-102)
- URI : \Microsoft\Windows\Chkdsk\ProactiveScan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {CF4270F5-2E43-4468-83B3-A8C45BB33EA1}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FR;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\Chkdsk\SyspartRepair
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32C0D8E0A
+ Actions
+ Exec
- Command : %windir%\system32\bcdboot.exe
- Arguments : %windir% /sysrepair

+ Task
+ RegistrationInfo
- Date : 2014-01-01T00:00:00
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)(A;;FA;;;S-1-5-80-65843127-2189646064-2697706863-2125155322-3141006483)(A;;FR;;;S-1-5-87-1452649159-2109950929-2856838567-3638795029-1283063528)
- Source : $(@%SystemRoot%\system32\ClipUp.exe,-102)
- Author : $(@%SystemRoot%\system32\ClipUp.exe,-100)
- Description : $(@%SystemRoot%\system32\ClipUp.exe,-101)
- URI : \Microsoft\Windows\Clip\License Validation
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
+ Actions
+ Exec
- Command : %SystemRoot%\system32\ClipUp.exe
- Arguments : -p -s -o

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;IU)
- URI : \Microsoft\Windows\CloudExperienceHost\CreateObjectTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {E4544ABA-62BF-4C54-AAB2-EC246342626C}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)
- Source : $(@%systemRoot%\system32\wsqmcons.exe,-106)
- Author : $(@%systemRoot%\system32\wsqmcons.exe,-108)
- Description : $(@%systemRoot%\system32\wsqmcons.exe,-107)
- URI : \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2004-01-02T00:00:00
+ Repetition
- Interval : PT6H
+ Actions
+ Exec
- Command : %SystemRoot%\System32\wsqmcons.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GRGX;;;AU)(A;OICI;SD;;;S-1-5-87-1060603329-121822201-3452730971-4292368946-61207722)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\usbceip.dll,-601)
- Author : $(@%SystemRoot%\system32\usbceip.dll,-600)
- Description : $(@%SystemRoot%\system32\usbceip.dll,-602)
- URI : \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {C27F6B1D-FE0B-45E4-9257-38799FA69BC8}
- Data : SYSTEM

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\discan.dll,-601)
- Author : $(@%systemroot%\system32\discan.dll,-600)
- Description : $(@%systemroot%\system32\discan.dll,-602)
- URI : \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2011-01-01T23:00:00
- RandomDelay : P7D
+ ScheduleByWeek
- WeeksInterval : 4
+ DaysOfWeek
+ Saturday
+ BootTrigger
- Enabled : false
- Delay : PT1H
+ Actions
+ ComHandler
- ClassId : {DCFD3EA8-D960-4719-8206-490AE315F94F}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\discan.dll,-601)
- Author : $(@%systemroot%\system32\discan.dll,-600)
- Description : $(@%systemroot%\system32\discan.dll,-603)
- URI : \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 5
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT5M
- StateName : 7508BCA32907950A
+ Actions
+ ComHandler
- ClassId : {DCFD3EA8-D960-4719-8206-490AE315F94F}
- Data : -CrashRecovery

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\defragsvc.dll,-800)
- Author : $(@%systemroot%\system32\defragsvc.dll,-801)
- Description : $(@%systemroot%\system32\defragsvc.dll,-802)
- URI : \Microsoft\Windows\Defrag\ScheduledDefrag
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\defrag.exe
- Arguments : -c -h -k -g -$

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- URI : \Microsoft\Windows\Device Information\Device
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P4D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-09-01T03:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 750CBCA3290B9641
- Data : 01
+ Actions
+ Exec
- Command : %windir%\system32\devicecensus.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\System32\DeviceSetupManager.dll,-601)
- Author : $(@%SystemRoot%\System32\DeviceSetupManager.dll,-600)
- Description : $(@%SystemRoot%\System32\DeviceSetupManager.dll,-602)
- URI : \Microsoft\Windows\Device Setup\Metadata Refresh
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P10D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {23C1F3CF-C110-4512-ACA9-7B6174ECE888}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)(A;;FRFX;;;LS)
- Source : $(@%systemroot%\system32\sdiagschd.dll,-102)
- Author : $(@%systemroot%\system32\sdiagschd.dll,-101)
- Description : $(@%systemroot%\system32\sdiagschd.dll,-103)
- URI : \Microsoft\Windows\Diagnosis\Scheduled
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {C1F85EF8-BCC2-4606-BB39-70C523715EB3}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- URI : \Microsoft\Windows\DirectX\DXGIAdapterCache
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : StopExisting
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7580BCA32916C641
+ WnfStateChangeTrigger
- StateName : 7588BCA32916C641
+ Actions
+ Exec
- Command : %windir%\system32\dxgiadaptercache.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Source : $(@%systemroot%\system32\cleanmgr.exe,-1300)
- Author : $(@%systemroot%\system32\cleanmgr.exe,-1300)
- Description : $(@%systemroot%\system32\cleanmgr.exe,-1301)
- URI : \Microsoft\Windows\DiskCleanup\SilentCleanup
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT15M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\cleanmgr.exe
- Arguments : /autoclean /d %systemdrive%

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\System32\DFDTS.dll,-100)
- Author : $(@%SystemRoot%\System32\DFDTS.dll,-101)
- Description : $(@%SystemRoot%\System32\DFDTS.dll,-119)
- URI : \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticDataCollector
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
- Deadline : P1M
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : dfdts.dll,DfdGetDefaultPolicyAndSMART

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FR;;;BU)
- Source : $(@%SystemRoot%\System32\DFDTS.dll,-100)
- Author : $(@%SystemRoot%\System32\DFDTS.dll,-101)
- Description : $(@%SystemRoot%\System32\DFDTS.dll,-118)
- URI : \Microsoft\Windows\DiskDiagnostic\Microsoft-Windows-DiskDiagnosticResolver
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- Hidden : true
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%\system32\DFDWiz.exe

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\DiskFootprint\Diagnostics
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\disksnapshot.exe
- Arguments : -z

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\DiskFootprint\StorageSense
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {AB2A519B-03B0-43CE-940A-A73DF850B49A}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\EDP\EDP App Launch Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 3508BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : AppLaunch

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\EDP\EDP Auth Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7538BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : ReAuth

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\EDP\EDP Inaccessible Credentials Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7560BCA3280A9641
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : MissingCredentials

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FRFX;;;AU)(A;;FA;;;SY)
- URI : \Microsoft\Windows\EDP\StorageCardEncryption Task
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7548BCA32B188341
+ Actions
+ ComHandler
- ClassId : {61BCD1B9-340C-40EC-9D41-D7F1C0632F05}
- Data : SDCardEncryptionPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;AU)
- Source : $(@%systemroot%\system32\mitigationconfiguration.dll,-601)
- Author : $(@%systemroot%\system32\mitigationconfiguration.dll,-600)
- Description : $(@%systemroot%\system32\mitigationconfiguration.dll,-602)
- URI : \Microsoft\Windows\ExploitGuard\ExploitGuard MDM policy Refresh
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BEA328009213
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ BootTrigger
+ Actions
+ ComHandler
- ClassId : {711001CD-CC1D-4470-9B7E-1EF73849C79E}
- Data : ExploitGuardPolicy

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(D;;SD;;;AU)(A;;FRFWFX;;;AU)
- Source : $(@%systemroot%\system32\srm.dll,-18000)
- Author : $(@%systemroot%\system32\srm.dll,-18001)
- Description : $(@%systemroot%\system32\srm.dll,-18002)
- URI : \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT1M
- WaitTimeout : PT1M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2006-11-09T03:00:00
- RandomDelay : PT4H
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ ComHandler
- ClassId : {2AE64751-B728-4D6B-97A0-B2DA2E7D2A3B}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;AU)
- Source : $(@%systemroot%\system32\fcon.dll,-602)
- Author : $(@%systemroot%\system32\fcon.dll,-601)
- Description : $(@%systemroot%\system32\fcon.dll,-603)
- URI : \Microsoft\Windows\Flighting\FeatureConfig\ReconcileFeatures
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ Actions
+ ComHandler
- ClassId : {59EECBFE-C2F5-4419-9B99-13FE05FF2675}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;AU)
- Source : $(@%systemroot%\system32\wosc.dll,-602)
- Author : $(@%systemroot%\system32\wosc.dll,-601)
- Description : $(@%systemroot%\system32\wosc.dll,-603)
- URI : \Microsoft\Windows\Flighting\OneSettings\RefreshCache
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2025-07-10T23:11:57+05:30
+ Repetition
- Interval : PT23H
- RandomDelay : PT1H
+ Actions
+ ComHandler
- ClassId : {E07647F7-AED2-48D9-9720-939BC24A8A3C}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)
- URI : \Microsoft\Windows\InstallService\ScanForUpdates
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
+ Repetition
- Interval : P1D
- RandomDelay : P1D
+ WnfStateChangeTrigger
- Delay : PT15M
- StateName : 7524BCA33E06830D
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
- Enabled : false
+ Actions
+ ComHandler
- ClassId : {A558C6A5-B42B-4C98-B610-BF9559143139}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFX;;;IU)
- URI : \Microsoft\Windows\InstallService\ScanForUpdatesAsUser
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P3D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- URI : \Microsoft\Windows\InstallService\SmartRetry
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT6M
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
- Enabled : false
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7538BDA33E06830D
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7518BCA33E06830D
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7510BCA33E0B8441
- Data : 03
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
- Enabled : false
+ Actions
+ ComHandler
- ClassId : {F3A219C3-2698-4CBF-9C07-037EDB8E72E6}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)
- URI : \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {0DC331EE-8438-49D5-A721-E10B937CE459}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;BA)
- URI : \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-01-01T05:30:00+05:30
+ Repetition
- Interval : P1D
- RandomDelay : P1D
+ Actions
+ ComHandler
- ClassId : {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;IU)
- Source : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-601)
- Author : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-600)
- Description : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-602)
- URI : \Microsoft\Windows\LanguageComponentsInstaller\Installation
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT15M
+ Repetition
- Interval : P1D
+ IdleTrigger
+ Repetition
- Interval : P1D
+ Actions
+ ComHandler
- ClassId : {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
- Data : Install $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-601)
- Author : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-600)
- Description : $(@%systemRoot%\System32\LanguageComponentsInstaller.Dll,-603)
- URI : \Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {6F58F65F-EC0E-4ACA-99FE-FC5A1A25E4BE}
- Data : Uninstall

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- Source : $(@%SystemRoot%\system32\TempSignedLicenseExchangeTask.dll,-601)
- Author : $(@%SystemRoot%\system32\TempSignedLicenseExchangeTask.dll,-600)
- Description : $(@%SystemRoot%\system32\TempSignedLicenseExchangeTask.dll,-602)
- URI : \Microsoft\Windows\License Manager\TempSignedLicenseExchange
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P7D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {77646A68-AD14-4D53-897D-7BE4DDE5F929}

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Description : $(@%systemRoot%\system32\LocationNotificationWindows.exe,-102)
- URI : \Microsoft\Windows\Location\Notifications
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA321089541
- Data : 01
+ Actions
+ Exec
- Command : %windir%\System32\LocationNotificationWindows.exe

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Description : $(@%systemRoot%\System32\WindowsActionDialog.exe,-102)
- URI : \Microsoft\Windows\Location\WindowsActionDialog
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7548BCA321089541
+ Actions
+ Exec
- Command : %windir%\System32\WindowsActionDialog.exe

+ Task
+ RegistrationInfo
- Date : 2008-02-25T19:15:00
- SecurityDescriptor : D:(A;;GA;;;BA)(A;;GA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%systemroot%\system32\winsatapi.dll,-113)
- Author : $(@%systemroot%\system32\winsatapi.dll,-112)
- Description : $(@%systemroot%\system32\winsatapi.dll,-114)
- URI : \Microsoft\Windows\Maintenance\WinSAT
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT30M
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P1M
- Exclusive : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {A9A33436-678B-4C9C-A211-7CC38785E79D}

+ Task
+ RegistrationInfo
- Date : 2014-11-05T00:00:00
- SecurityDescriptor : D:(A;;0x111FFFFF;;;SY)(A;;0x111FFFFF;;;BA)(A;;0x111FFFFF;;;S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376)(A;;FRFX;;;AU)
- Author : $(@%SystemRoot%\system32\mapstoasttask.dll,-600)
- Description : $(@%SystemRoot%\system32\mapstoasttask.dll,-602)
- URI : \Microsoft\Windows\Maps\MapsToastTask
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT5S
- Hidden : true
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {9885AEF2-BD9F-41E0-B15E-B3141395E803}
- Data : $(Arg0);$(Arg1);$(Arg2);$(Arg3);$(Arg4);$(Arg5);$(Arg6);$(Arg7)

+ Task
+ RegistrationInfo
- Date : 2014-11-05T00:00:00
- SecurityDescriptor : D:(A;;0x111FFFFF;;;SY)(A;;0x111FFFFF;;;BA)(A;;0x111FFFFF;;;S-1-5-80-3028837079-3186095147-955107200-3701964851-1150726376)(A;;FRFX;;;NS)(A;;FRFX;;;AU)
- Author : $(@%SystemRoot%\system32\mapsupdatetask.dll,-600)
- Description : $(@%SystemRoot%\system32\mapsupdatetask.dll,-602)
- URI : \Microsoft\Windows\Maps\MapsUpdateTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT40S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2014-10-21T00:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT2H
+ Actions
+ ComHandler
- ClassId : {B9033E87-33CF-4D77-BC9B-895AFBBA72E4}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
- Source : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)
- Author : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)
- Description : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-603)
- URI : \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Microsoft-Windows-WER-SystemErrorReporting'] and (EventID=1000 or EventID=1001 or EventID=1006)]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Application"><Select Path="Application">*[System[Provider[@Name='Application Error'] and EventID=1000]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[Provider[@Name='Application Popup'] and EventID=1801]]</Select></Query></QueryList>
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-Kernel-StoreMgr/Operational"><Select Path="Microsoft-Windows-Kernel-StoreMgr/Operational">*[System[Provider[@Name='Microsoft-Windows-Kernel-StoreMgr'] and EventID=6]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
- Data : Event

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-601)
- Author : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-600)
- Description : $(@%SystemRoot%\system32\MemoryDiagnostic.dll,-602)
- URI : \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT2H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : true
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P2M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {8168E74A-B39F-46D8-ADCD-7BED477B80A3}
- Data : Time

+ Task
+ RegistrationInfo
- Version : 1.3
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Source : $(@%SystemRoot%\system32\MbaeParserTask.exe,-1901)
- Author : $(@%SystemRoot%\system32\MbaeParserTask.exe,-1902)
- Description : $(@%SystemRoot%\system32\MbaeParserTask.exe,-1903)
- URI : \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT3M
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>
<Query Id='1'>
<Select Path='Microsoft-Windows-DeviceSetupManager/Operational'>*[System/EventID=302] and *[EventData/Data[@Name='Prop_ServiceInfoNamespace']='http://schemas.microsoft.com/windows/2010/12/DeviceMetadata/MobileBroadBandInfo']</Select>
</Query>
</QueryList>
+ Actions
+ Exec
- Command : %SystemRoot%\System32\MbaeParserTask.exe

+ Task
+ RegistrationInfo
- Source : $(@%systemRoot%\System32\lpremove.exe,-100)
- Author : $(@%systemRoot%\System32\lpremove.exe,-100)
- Description : $(@%systemRoot%\System32\lpremove.exe,-101)
- URI : \Microsoft\Windows\MUI\LPRemove
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT9H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P3D
- Deadline : P4D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\lpremove.exe

+ Task
+ RegistrationInfo
- Date : 2005-06-23T13:48:00-08:00
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)
- Source : $(@%systemRoot%\System32\PlaySndSrv.Dll,-106)
- Description : $(@%systemRoot%\System32\PlaySndSrv.Dll,-105)
- URI : \Microsoft\Windows\Multimedia\SystemSoundsService
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {2DEA658F-54C1-4227-AF9B-260AB5FC3543}

+ Task
+ RegistrationInfo
- Source : $(@%SystemRoot%\system32\nettrace.dll,-6910)
- Author : $(@%SystemRoot%\system32\nettrace.dll,-6911)
- Description : $(@%SystemRoot%\system32\nettrace.dll,-6912)
- URI : \Microsoft\Windows\NetTrace\GatherNetworkInfo
+ Principals
+ Principal
- GroupId : S-1-5-32-545
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\gatherNetworkInfo.vbs
- WorkingDirectory : $(Arg1)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\wbem\SDNDiagnosticsProvider.dll,-500)
- Author : $(@%SystemRoot%\system32\wbem\SDNDiagnosticsProvider.dll,-500)
- Description : $(@%SystemRoot%\system32\wbem\SDNDiagnosticsProvider.dll,-501)
- URI : \Microsoft\Windows\Network Controller\SDN Diagnostics Task
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2015-08-21T00:00:00
+ Repetition
- Interval : PT30M
+ BootTrigger
+ Actions
+ Exec
- Command : %windir%\System32\SDNDiagnosticsTask.exe

+ Task
+ RegistrationInfo
- Version : 1.0
- Source : $(@%systemroot%\system32\cscui.dll,-5000)
- Author : $(@%systemroot%\system32\cscui.dll,-5001)
- Description : $(@%systemroot%\system32\cscui.dll,-5003)
- URI : \Microsoft\Windows\Offline Files\Background Synchronization
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : P1D
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2008-01-01T00:00:00
+ Repetition
- Interval : PT2H
- RandomDelay : PT20M
+ Actions
+ ComHandler
- ClassId : {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}

+ Task
+ RegistrationInfo
- Version : 1.0
- Source : $(@%systemroot%\system32\cscui.dll,-5000)
- Author : $(@%systemroot%\system32\cscui.dll,-5001)
- Description : $(@%systemroot%\system32\cscui.dll,-5002)
- URI : \Microsoft\Windows\Offline Files\Logon Synchronization
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : P1D
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT4M
+ Actions
+ ComHandler
- ClassId : {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8}
- Data : Logon

+ Task
+ RegistrationInfo
- Date : 2012-02-07T16:39:20
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-604)
- URI : \Microsoft\Windows\PI\Secure-Boot-Update
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33E0C9541
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : SBServicing

+ Task
+ RegistrationInfo
- Date : 2011-07-22T00:00:00.8844064
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-603)
- URI : \Microsoft\Windows\PI\Sqm-Tasks
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : PiSqmTasks

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1301ff;;;S-1-5-80-2661322625-712705077-2999183737-3043590567-590698655)(A;;FRFX;;;LU)
- Source : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-101)
- Author : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-8197)
- URI : \Microsoft\Windows\PLA\Server Manager Performance Monitor
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 2
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Data
+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)
- Author : $(@%SystemRoot%\system32\pnppolicy.dll,-600)
- Description : $(@%SystemRoot%\system32\pnppolicy.dll,-602)
- URI : \Microsoft\Windows\Plug and Play\Device Install Group Policy
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : P1D
- Hidden : true
- MultipleInstancesPolicy : Queue
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32A1E890D
+ Actions
+ ComHandler
- ClassId : {60400283-B242-4FA8-8C25-CAF695B88209}

+ Task
+ RegistrationInfo
- SecurityDescriptor : O:BAG:BAD:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;;FR;;;IU)
- Author : $(@%SystemRoot%\system32\pnpui.dll,-600)
- Description : $(@%SystemRoot%\system32\pnpui.dll,-602)
- URI : \Microsoft\Windows\Plug and Play\Device Install Reboot Required
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Queue
- Priority : 6
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA33D009602
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {48794782-6A1F-47B9-BD52-1D5F95D49C1B}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Author : $(@%SystemRoot%\System32\sppnp.dll,-2000)
- Description : $(@%SystemRoot%\System32\sppnp.dll,-2001)
- URI : \Microsoft\Windows\Plug and Play\Sysprep Generalize Drivers
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %SystemRoot%\System32\drvinst.exe
- Arguments : 6

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;OICI;FA;;;BA)(A;OICI;FA;;;SY)(A;OICI;GR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%systemRoot%\system32\energytask.dll,-601)
- Author : $(@%systemRoot%\system32\energytask.dll,-600)
- Description : $(@%systemRoot%\system32\energytask.dll,-602)
- URI : \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
- Exclusive : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {927EA2AF-1C54-43D5-825E-0074CE028EEE}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- URI : \Microsoft\Windows\PushToInstall\LoginCheck
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- StartBoundary : 2017-01-01T05:30:00+05:30
- EndBoundary : 2017-01-01T05:30:00+05:30
- Delay : PT5M
+ Actions
+ Exec
- Command : %windir%\system32\sc.exe
- Arguments : start pushtoinstall login

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GRGX;;;SU)
- URI : \Microsoft\Windows\PushToInstall\Registration
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- DisallowStartOnRemoteAppSession : true
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2017-01-01T05:30:00+05:30
+ Repetition
- Interval : P20D
+ WnfStateChangeTrigger
- Delay : PT15M
- StateName : 750CBCA3290B9641
- Data : 01
+ Actions
+ Exec
- Command : %windir%\system32\sc.exe
- Arguments : start pushtoinstall registration

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;LS)
- Author : $(@%SystemRoot%\system32\rasmbmgr.dll,-201)
- Description : $(@%SystemRoot%\system32\rasmbmgr.dll,-202)
- URI : \Microsoft\Windows\Ras\MobilityManager
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>







<Query







Id="0"







Path="Application"







>







<Select Path="Application">*[System[Provider[@Name='RasClient'] and (Level=4 or Level=0) and (EventID=20281)]]</Select>







</Query>







</QueryList>
+ Actions
+ ComHandler
- ClassId : {C463A0FC-794F-4FDF-9201-01938CEACAFA}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;AU)(A;;FRFX;;;LS)
- Source : $(@%SystemRoot%\system32\ReAgentTask.dll,-602)
- Author : $(@%SystemRoot%\system32\ReAgentTask.dll,-601)
- Description : $(@%SystemRoot%\system32\ReAgentTask.dll,-603)
- URI : \Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
+ Principals
+ Principal
- GroupId : S-1-5-32-544
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT1H
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P14D
- Deadline : P1M
+ Triggers
+ Actions
+ ComHandler
- ClassId : {89D1D0C2-A3CF-490C-ABE3-B86CDE34B047}
- Data : VerifyWinRE

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)(A;;FRFX;;;LS)
- Source : $(@%systemroot%\system32\regidle.dll,-601)
- Author : $(@%systemroot%\system32\regidle.dll,-600)
- Description : $(@%systemroot%\system32\regidle.dll,-602)
- URI : \Microsoft\Windows\Registry\RegIdleBackup
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- Priority : 5
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P10D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {CA767AA8-9157-4604-B64B-40747123D5F2}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:SYD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)(A;;FRFX;;;LU)
- Source : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-101)
- Author : $(@%systemroot%\system32\wbem\mgmtprovider.dll,-8197)
- URI : \Microsoft\Windows\Server Manager\CleanupOldPerfLogs
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : %systemroot%\system32\cscript.exe
- Arguments : /B /nologo %systemroot%\system32\calluxxprovider.vbs $(Arg0) $(Arg1) $(Arg2)

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- Source : $(@%SystemRoot%\system32\svrmgrnc.dll,-101)
- Author : $(@%SystemRoot%\system32\svrmgrnc.dll,-103)
- Description : $(@%SystemRoot%\system32\svrmgrnc.dll,-104)
- URI : \Microsoft\Windows\Server Manager\ServerManager
+ Principals
+ Principal
- GroupId : S-1-5-32-544
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- Priority : 4
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %windir%\system32\ServerManagerLauncher.exe

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\Servicing\StartComponentCleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {752073A1-23F2-4396-85F0-8FDB879ED0ED}

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\SharedPC\Account Cleanup
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT30M
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
- RunOnlyIfIdle : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\System32\rundll32.exe
- Arguments : %windir%\System32\Windows.SharedPC.AccountManager.dll,StartMaintenance

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;IU)
- Source : $(@%SystemRoot%\system32\shell32.dll,-14349)
- Author : $(@%SystemRoot%\system32\shell32.dll,-14349)
- Description : $(@%SystemRoot%\system32\shell32.dll,-14350)
- URI : \Microsoft\Windows\Shell\CreateObjectTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT30S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {990A9F8F-301F-45F7-8D0E-68C5952DBA43}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FA;;;LS)(A;;FR;;;BA)
- Source : $(@%systemroot%\system32\srchadmin.dll,-1901)
- Author : $(@%systemroot%\system32\srchadmin.dll,-1901)
- Description : $(@%systemroot%\system32\srchadmin.dll,-1902)
- URI : \Microsoft\Windows\Shell\IndexerAutomaticMaintenance
+ Principals
+ Principal
- UserId : S-1-5-19
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ ComHandler
- ClassId : {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6}

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- URI : \Microsoft\Windows\Software Inventory Logging\Collection
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- ExecutionTimeLimit : PT10M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-01-01T03:00:00
+ Repetition
- Interval : PT1H
- RandomDelay : PT30M
+ Actions
+ Exec
- Command : %systemroot%\system32\cmd.exe
- Arguments : /d /c %systemroot%\system32\silcollector.cmd publish

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- URI : \Microsoft\Windows\Software Inventory Logging\Configuration
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT2M
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT1M
+ Actions
+ Exec
- Command : %systemroot%\system32\cmd.exe
- Arguments : /d /c %systemroot%\system32\silcollector.cmd configure

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FA;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-2912274048-3994893941-1669128114-1310430903-1263774323)
- Source : $(@%systemroot%\system32\sppc.dll,-200)
- Author : $(@%systemroot%\system32\sppc.dll,-200)
- Description : $(@%systemroot%\system32\sppc.dll,-201)
- URI : \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ CalendarTrigger
- StartBoundary : 2125-08-09T07:10:30+05:30
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : timer

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-4)
- Source : $(@%systemroot%\system32\sppc.dll,-200)
- Author : $(@%systemroot%\system32\sppc.dll,-200)
- Description : $(@%systemroot%\system32\sppc.dll,-202)
- URI : \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : logon

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;FRFW;;;S-1-5-80-123231216-2592883651-3715271367-3753151631-4175906628)(A;;FR;;;S-1-5-87-431836887-2321537645-4075769387-3393595759-2187231311)
- Source : $(@%systemroot%\system32\sppc.dll,-200)
- Author : $(@%systemroot%\system32\sppc.dll,-200)
- Description : $(@%systemroot%\system32\sppc.dll,-203)
- URI : \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-NetworkProfile/Operational"><Select Path="Microsoft-Windows-NetworkProfile/Operational">*[System[EventID=10000]]</Select></Query></QueryList>
+ Actions
+ ComHandler
- ClassId : {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC}
- Data : network

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\SpaceAgent.exe,-1)
- Author : $(@%SystemRoot%\system32\SpaceAgent.exe,-2)
- Description : $(@%SystemRoot%\system32\SpaceAgent.exe,-3)
- URI : \Microsoft\Windows\SpacePort\SpaceAgentTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT6H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT2M
+ WnfStateChangeTrigger
- StateName : 7508BCA33E1E8702
+ Actions
+ Exec
- Command : %windir%\system32\SpaceAgent.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\spaceman.exe,-1)
- Author : $(@%SystemRoot%\system32\spaceman.exe,-2)
- Description : $(@%SystemRoot%\system32\spaceman.exe,-3)
- URI : \Microsoft\Windows\SpacePort\SpaceManagerTask
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Enabled : false
- Delay : PT2M
+ WnfStateChangeTrigger
- StateName : 7510BCA33E1E8702
+ Actions
+ Exec
- Command : %windir%\system32\spaceman.exe
- Arguments : /Work

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;AU)
- URI : \Microsoft\Windows\Speech\HeadsetButtonPress
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA33E1E8509
+ Actions
+ Exec
- Command : %windir%\system32\speech_onecore\common\SpeechRuntime.exe
- Arguments : StartedFromTask

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FA;;;BA)(A;;GA;;;NU)
- URI : \Microsoft\Windows\Speech\SpeechModelDownloadTask
+ Principals
+ Principal
- UserId : S-1-5-20
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT10M
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT1M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2004-01-01T00:00:00
+ Repetition
- Interval : P1D
- RandomDelay : PT4H
+ Actions
+ Exec
- Command : %windir%\system32\speech_onecore\common\SpeechModelDownload.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\TieringEngineService.exe,-601)
- Author : $(@%systemroot%\system32\TieringEngineService.exe,-600)
- Description : $(@%systemroot%\system32\TieringEngineService.exe,-602)
- URI : \Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA32B1D940D
+ Actions
+ ComHandler
- ClassId : {5C9AB547-345D-4175-9AF6-65133463A100}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FR;;;AU)
- Source : $(@%systemroot%\system32\TieringEngineService.exe,-601)
- Author : $(@%systemroot%\system32\TieringEngineService.exe,-600)
- Description : $(@%systemroot%\system32\TieringEngineService.exe,-603)
- URI : \Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2013-01-01T01:00:00
+ Repetition
- Interval : PT4H
+ Actions
+ Exec
- Command : %windir%\system32\defrag.exe
- Arguments : -c -h -g -# -m 8 -i 13500

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)
- Source : $(@%systemroot%\system32\wdc.dll,-10042)
- Author : $(@%systemroot%\system32\wdc.dll,-10041)
- Description : $(@%systemroot%\system32\wdc.dll,-10043)
- URI : \Microsoft\Windows\Task Manager\Interactive
+ Principals
+ Principal
- GroupId : S-1-5-4
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {855FEC53-D2E4-4999-9E87-3414E9CF0FF4}
- Data : $(Arg0)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;BU)
- Source : $(@%systemRoot%\system32\MsCtfMonitor.dll,-1000)
- Description : $(@%systemRoot%\system32\MsCtfMonitor.dll,-1001)
- URI : \Microsoft\Windows\TextServicesFramework\MsCtfMonitor
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 5
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {01575CFE-9A55-4003-A5E1-F38D1EBDCBE1}

+ Task
+ RegistrationInfo
- Source : $(@%SystemRoot%\system32\TimeSyncTask.dll,-601)
- Author : $(@%SystemRoot%\system32\TimeSyncTask.dll,-600)
- Description : $(@%SystemRoot%\system32\TimeSyncTask.dll,-602)
- URI : \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime
+ Principals
+ Principal
- UserId : S-1-5-19
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT1M
- StateName : 7510BCA32F018915
+ Actions
+ ComHandler
- ClassId : {A31AD6C2-FF4C-43D4-8E90-7101023096F9}
- Data : TimeSyncTask

+ Task
+ RegistrationInfo
- Source : $(@%systemroot%\system32\w32time.dll,-200)
- Author : $(@%systemroot%\system32\w32time.dll,-202)
- Description : $(@%systemroot%\system32\w32time.dll,-201)
- URI : \Microsoft\Windows\Time Synchronization\SynchronizeTime
+ Principals
+ Principal
- UserId : S-1-5-19
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : true
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\sc.exe
- Arguments : start w32time task_started

+ Task
+ RegistrationInfo
- Date : 2013-01-10T16:32:04.2837388
- Author : $(@%SystemRoot%\system32\tzsyncres.dll,-101)
- Description : $(@%SystemRoot%\system32\tzsyncres.dll,-102)
- URI : \Microsoft\Windows\Time Zone\SynchronizeTimeZone
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- ExecutionTimeLimit : PT1H
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P7D
- Deadline : P14D
+ Triggers
+ Actions
+ Exec
- Command : %windir%\system32\tzsync.exe

+ Task
+ RegistrationInfo
- Date : 2015-02-16T17:49:20.8844064
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-605)
- URI : \Microsoft\Windows\TPM\Tpm-HASCertRetr
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA3250F9541
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : HASCertRetr

+ Task
+ RegistrationInfo
- Date : 2010-06-10T17:49:20.8844064
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FA;;;S-1-5-87-1469317444-2401623638-2778953283-1691679301-3481717153)
- Source : $(@%SystemRoot%\system32\TpmTasks.dll,-601)
- Author : $(@%SystemRoot%\system32\TpmTasks.dll,-600)
- Description : $(@%SystemRoot%\system32\TpmTasks.dll,-602)
- URI : \Microsoft\Windows\TPM\Tpm-Maintenance
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7518BCA3391E8B41
+ WnfStateChangeTrigger
- StateName : 7560BCA322028F02
+ WnfStateChangeTrigger
- StateName : 7510BCA3391E8B41
+ WnfStateChangeTrigger
- StateName : 3528BCA32E1D8E0D
+ Actions
+ ComHandler
- ClassId : {5014B7C8-934E-4262-9816-887FA745A6C4}
- Data : TpmTasks

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\AC Power Download
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7508BCA3380C960C
- Data : 01000000
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartDownload

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\Backup Scan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- WakeToRun : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2025-07-24T15:01:49+05:30
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartScan

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\Maintenance Install
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ MaintenanceSettings
- Period : P1D
- Deadline : P2D
+ Triggers
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartInstall

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\MusUx_UpdateInterval
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ LogonTrigger
- Delay : PT40S
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe
- Arguments : LogonDisplay

+ Task
+ RegistrationInfo
- URI : \Microsoft\Windows\UpdateOrchestrator\Reboot
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT10M
- StartWhenAvailable : true
- WakeToRun : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
+ Triggers
+ TimeTrigger
- StartBoundary : 2022-12-28T17:26:00+05:30
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe
- Arguments : RebootDialog

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- URI : \Microsoft\Windows\UpdateOrchestrator\Schedule Scan
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2020-12-07T23:55:49+05:30
+ Repetition
- Interval : PT22H
- RandomDelay : PT4H
+ WnfStateChangeTrigger
- StateName : 7508BCA3380C960C
- Data : 01000000
+ WnfStateChangeTrigger
- StateName : 7508BCA33E0B8441
- Data : 00000000
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartScan

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Source : $(@%systemRoot%\system32\usocore.dll,-104)
- Author : $(@%systemRoot%\system32\usocore.dll,-103)
- Description : $(@%systemRoot%\system32\usocore.dll,-105)
- URI : \Microsoft\Windows\UpdateOrchestrator\Schedule Scan Static Task
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- Delay : PT2H5M
- StateName : 7524BCA33E06830D
- Data : 01
+ WnfStateChangeTrigger
- Delay : PT2H5M
- StateName : 750CBCA3290B9641
- Data : 01
+ WnfStateChangeTrigger
- StateName : 7550BCA322028F02
+ WnfStateChangeTrigger
- StateName : 7508BCA32E07C641
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*[System[EventID=8202]]</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %systemroot%\system32\usoclient.exe
- Arguments : StartScan

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Source : $(@%systemRoot%\system32\usocore.dll,-104)
- Author : $(@%systemRoot%\system32\usocore.dll,-103)
- Description : $(@%systemRoot%\system32\usocore.dll,-106)
- URI : \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Queue
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ WnfStateChangeTrigger
- StateName : 7510BCA3381D8941
+ CalendarTrigger
- StartBoundary : 2000-01-01T03:00:00
- RandomDelay : P1D
+ ScheduleByDay
- DaysInterval : 1
+ Actions
+ Exec
- Command : %systemroot%\system32\MusNotification.exe

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;LS)
- Author : $(@%systemroot%\system32\upnphost.dll,-215)
- Description : $(@%systemroot%\system32\upnphost.dll,-216)
- URI : \Microsoft\Windows\UPnP\UPnPHostConfig
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ Exec
- Command : sc.exe
- Arguments : config upnphost start= auto

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)
- Source : $(@%SystemRoot%\system32\profsvc,-500)
- Author : $(@%SystemRoot%\system32\profsvc,-500)
- Description : $(@%SystemRoot%\system32\profsvc,-501)
- URI : \Microsoft\Windows\User Profile Service\HiveUploadTask
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : true
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
+ RestartOnFailure
- Count : 3
- Interval : PT2M
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
- RunOnlyIfIdle : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT2H
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2007-08-28T00:00:00
+ Repetition
- Interval : PT12H
- RandomDelay : PT1H
+ Actions
+ ComHandler
- ClassId : {BA677074-762C-444B-94C8-8C83F93F6605}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FRFX;;;BA)
- Source : $(@%systemroot%\system32\WaasMedicSvc.dll,-103)
- Author : $(@%systemroot%\system32\WaasMedicSvc.dll,-102)
- Description : $(@%systemroot%\system32\WaasMedicSvc.dll,-104)
- URI : \Microsoft\Windows\WaaSMedic\PerformRemediation
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2000-10-15T03:00:00
+ Repetition
- Interval : P7D
- RandomDelay : PT4H
+ Actions
+ ComHandler
- ClassId : {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32}
- Data : None

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : O:BAG:BAD:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;FR;;;IU)(A;;FRFX;;;S-1-5-80-2970612574-78537857-698502321-558674196-1451644582)
- Source : $(@%systemroot%\system32\dps.dll,-601)
- Author : $(@%systemroot%\system32\dps.dll,-600)
- Description : $(@%systemroot%\system32\dps.dll,-602)
- URI : \Microsoft\Windows\WDI\ResolutionHost
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- Hidden : true
- MultipleInstancesPolicy : Parallel
- Priority : 10
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ Actions
+ ComHandler
- ClassId : {900BE39D-6BE8-461A-BC4D-B0FA71F5ECB1}

+ Task
+ RegistrationInfo
- Version : 1.5
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;WD)
- Source : $(@%SystemRoot%\system32\wer.dll,-292)
- Author : $(@%SystemRoot%\system32\wer.dll,-293)
- Description : $(@%SystemRoot%\system32\wer.dll,-294)
- URI : \Microsoft\Windows\Windows Error Reporting\QueueReporting
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : true
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT4H
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ BootTrigger
- Delay : PT3M
+ WnfStateChangeTrigger
- StateName : 7510BCA33A0B9441
- Data : 01
+ WnfStateChangeTrigger
- StateName : 7510BCA33E0B8441
- Data : 03
+ TimeTrigger
- StartBoundary : 2022-03-24T11:19:27+05:30
- Enabled : false
+ Repetition
- Interval : PT30M
- RandomDelay : PT30M
+ Actions
+ Exec
- Command : %windir%\system32\wermgr.exe
- Arguments : -upload

+ Task
+ RegistrationInfo
- Author : $(@%SystemRoot%\system32\bfe.dll,-2001)
- Description : $(@%SystemRoot%\system32\bfe.dll,-2002)
- URI : \Microsoft\Windows\Windows Filtering Platform\BfeOnServiceStartTypeChange
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowHardTerminate : false
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Hidden : true
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList><Query Id="0" Path="System"><Select Path="System">*/System/Provider[@Name='Service Control Manager'] and */System/EventID='7040' and */EventData/Data[@Name='param4']='BFE'</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %windir%\system32\rundll32.exe
- Arguments : bfe.dll,BfeOnServiceStartTypeChange

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FRFX;;;AU)
- Author : $(@%ProgramFiles%\Windows Media Player\wmpnscfg.exe,-1001)
- Description : $(@%ProgramFiles%\Windows Media Player\wmpnscfg.exe,-1002)
- URI : \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
+ Principals
+ Principal
- GroupId : S-1-5-11
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : Parallel
- StartWhenAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ EventTrigger
- Subscription : <QueryList>
<Query
Id="0"
Path="System"
>
<Select Path="System">*[System[Provider[@Name='Microsoft-Windows-WMPNSS-Service'] and (EventID=14210)]]</Select>
</Query>
</QueryList>
+ Actions
+ Exec
- Command : "%ProgramFiles%\Windows Media Player\wmpnscfg.exe"

+ Task
+ RegistrationInfo
- Version : 1.0
- SecurityDescriptor : D:(A;;FA;;;BA)(A;;FA;;;SY)(A;;FWFR;;;BU)
- Source : $(@%SystemRoot%\system32\mscms.dll,-200)
- Author : $(@%SystemRoot%\system32\mscms.dll,-201)
- Description : $(@%SystemRoot%\system32\mscms.dll,-202)
- URI : \Microsoft\Windows\WindowsColorSystem\Calibration Loader
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- AllowHardTerminate : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ SessionStateChangeTrigger
- StateChange : ConsoleConnect
+ Actions
+ ComHandler
- ClassId : {B210D694-C8DF-490D-9576-9E20CDBC20BD}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:(A;;FA;;;SY)(A;;FRFX;;;LS)(A;;FA;;;BA)
- Source : Microsoft Corporation.
- Author : Microsoft Corporation.
- Description : This task is used to start the Windows Update service when needed to perform scheduled operations such as scans.
- URI : \Microsoft\Windows\WindowsUpdate\Scheduled Start
+ Principals
+ Principal
- UserId : S-1-5-18
+ Settings
- AllowStartOnDemand : false
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- MultipleInstancesPolicy : IgnoreNew
- StartWhenAvailable : true
+ IdleSettings
- Duration : PT10M
- WaitTimeout : PT1H
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ TimeTrigger
- StartBoundary : 2026-01-10T16:36:51+05:30
- RandomDelay : PT1M
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : ConsoleDisconnect
+ SessionStateChangeTrigger
- Enabled : false
- StateChange : RemoteDisconnect
+ WnfStateChangeTrigger
- Enabled : false
- StateName : 7508BCA3380C960C
- Data : 01
+ Actions
+ Exec
- Command : C:\Windows\system32\sc.exe
- Arguments : start wuauserv

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:P(A;;FA;;;BA)(A;;FA;;;SY)(A;;0x001200a9;;;BU)(A;;0x001200a9;;;WD)(A;;0x001200a9;;;LW)
- Author : $(@%systemroot%\system32\wininet.dll,-16000)
- Description : $(@%systemroot%\system32\wininet.dll,-16001)
- URI : \Microsoft\Windows\Wininet\CacheTask
+ Principals
+ Principal
- GroupId : S-1-5-32-545
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- ExecutionTimeLimit : PT0S
- MultipleInstancesPolicy : Parallel
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ ComHandler
- ClassId : {0358B920-0AC7-461F-98F4-58E32CD89148}

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;NS)(A;;GA;;;SY)(A;ID;FA;;;BA)(A;ID;GRGX;;;AU)
- Description : $(@%SystemRoot%\system32\dsregcmd.exe,-101)
- URI : \Microsoft\Windows\Workplace Join\Automatic-Device-Join
+ Principals
+ Principal
- UserId : S-1-5-18
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT5M
- MultipleInstancesPolicy : IgnoreNew
- RunOnlyIfNetworkAvailable : true
+ IdleSettings
- StopOnIdleEnd : true
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
- Delay : PT1M
+ EventTrigger
+ Repetition
- Interval : PT1H
- Duration : P1D
- Subscription : <QueryList><Query Id="0" Path="Microsoft-Windows-User Device Registration/Admin"><Select Path="Microsoft-Windows-User Device Registration/Admin">*[System[Provider[@Name='Microsoft-Windows-User Device Registration'] and EventID=4096]]</Select></Query></QueryList>
+ Actions
+ Exec
- Command : %SystemRoot%\System32\dsregcmd.exe
- Arguments : $(Arg0) $(Arg1) $(Arg2)

+ Task
+ RegistrationInfo
- SecurityDescriptor : D:AI(A;;FA;;;NS)(A;;GA;;;SY)(A;ID;FA;;;BA)(A;ID;GRGX;;;AU)
- Description : $(@%SystemRoot%\system32\dsregcmd.exe,-102)
- URI : \Microsoft\Windows\Workplace Join\Recovery-Check
+ Principals
+ Principal
- GroupId : S-1-5-4
- RunLevel : HighestAvailable
+ Settings
- DisallowStartIfOnBatteries : false
- StopIfGoingOnBatteries : false
- Enabled : false
- ExecutionTimeLimit : PT2H
- MultipleInstancesPolicy : Queue
+ IdleSettings
- StopOnIdleEnd : false
- RestartOnIdle : false
- UseUnifiedSchedulingEngine : true
+ Triggers
+ LogonTrigger
+ Actions
+ Exec
- Command : %SystemRoot%\System32\dsregcmd.exe
- Arguments : /checkrecovery
70626 - Microsoft Windows AutoRuns Services and Drivers
-
Synopsis
Report programs that are set to start automatically on boot as a service or driver.
Description
Report the registry keys that track programs that are set to start on boot as a service.

These programs can start as a system wide service or be loaded as a driver.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services
Drivers :
+ Acronis Agent Core Service
- "C:\Program Files\Common Files\Acronis\Agent\aakore.exe" run
- Auto Load
- Enables Acronis Agent Core Service.

+ Acronis Update Controller
- "C:\Program Files\BackupClient\UpdateController\acp-update-controller.exe" --update-controller
- Auto Load
- Enables Acronis Update Controller.

+ Acronis Active Protection Service
- "C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe"
- Auto Load
- Acronis Active Protection Service

+ Acronis Scheduler2 Service
- "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
- Auto Load
- Provides scheduling for tasks of Acronis components.

+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1

+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113

+ @%windir%\system32\inetsrv\iisres.dll,-30011
- %windir%\system32\svchost.exe -k apphost
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30012

+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101

+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101

+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @appmgmts.dll,-3251

+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness -p
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001

+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101

+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2

+ @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- Load on Demand
- @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-2

+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205

+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201

+ Kaspersky Endpoint Security Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avp.exe" -r
- Auto Load
- Provides computer protection against viruses, other malicious applications, and network attacks.

+ Kaspersky Seamless Update Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpsus.exe"
- Auto Load
- Lets you install and roll back critical and approved updates of application modules.

+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- disabled
- @%SystemRoot%\system32\AxInstSV.dll,-104

+ AzureAttestService
- C:\Windows\system32\svchost.exe -k AzureAttestService
- Auto Load
-

+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002

+ @%SystemRoot%\system32\qmgr.dll,-1000
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\qmgr.dll,-1001

+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\bisrv.dll,-101

+ @%SystemRoot%\system32\BTAGService.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\BTAGService.dll,-102

+ @%SystemRoot%\system32\BthAvctpSvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\BthAvctpSvc.dll,-102

+ @%SystemRoot%\System32\bthserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\System32\bthserv.dll,-102

+ @%SystemRoot%\system32\CapabilityAccessManager.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\CapabilityAccessManager.dll,-2

+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12

+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104

+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948

+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2

+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002

+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- disabled
- @%systemroot%\system32\cscsvc.dll,-201

+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @combase.dll,-5013

+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102

+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101

+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101

+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101

+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001

+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc -p
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002

+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101

+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\dmwappushsvc.dll,-201

+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102

+ @%systemroot%\system32\dosvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%systemroot%\system32\dosvc.dll,-101

+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103

+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%systemroot%\system32\dps.dll,-501

+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001

+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002

+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2

+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101

+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202

+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2

+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201

+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @comres.dll,-2451

+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101

+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101

+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101

+ @%SystemRoot%\system32\PresentationHost.exe,-3309
- %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
- Load on Demand
- @%SystemRoot%\system32\PresentationHost.exe,-3310

+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101

+ @%windir%\system32\inetsrv\ftpres.dll,-30001
- %windir%\system32\svchost.exe -k ftpsvc
- Auto Load
- @%windir%\system32\inetsrv\ftpres.dll,-30002

+ Google Chrome Elevation Service (GoogleChromeElevationService)
- "C:\Program Files\Google\Chrome\Application\143.0.7499.193\elevation_service.exe"
- Load on Demand
- Provides encryption services and a secure way for recovering Google Chrome if it gets out of date. If this service is disabled, Google Chrome may lose access to encrypted data, and Google Chrome may not be able recover itself.

+ Google Updater Internal Service (GoogleUpdaterInternalService145.0.7569.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe" --system --windows-service --service=update-internal
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

+ Google Updater Service (GoogleUpdaterService145.0.7569.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe" --system --windows-service --service=update
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @gpapi.dll,-113

+ @%SystemRoot%\system32\GraphicsPerfSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup
- disabled
- @%SystemRoot%\system32\GraphicsPerfSvc.dll,-101

+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102

+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101

+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- disabled
- @%SystemRoot%\System32\tetheringservice.dll,-4098

+ @%windir%\system32\inetsrv\iisres.dll,-30007
- %windir%\system32\inetsrv\inetinfo.exe
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30008

+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502

+ @%SystemRoot%\system32\InstallService.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\InstallService.dll,-201

+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501

+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101

+ Kaspersky Security Center Network Agent
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe"
- Auto Load
- Network Agent coordinates interaction between the Administration Server and Kaspersky applications installed on devices.

+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101

+ Kaspersky Security Network proxy server
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\ksnproxy.exe"
- Load on Demand
- The KSN proxy service retranslates requests to Kaspersky Security Network and caches the responses.

+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
- Load on Demand
- @comres.dll,-2947

+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101

+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101

+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\lfsvc.dll,-2

+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201

+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\lltdres.dll,-2

+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102

+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\lsm.dll,-1002

+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- disabled
- @%SystemRoot%\System32\moshost.dll,-101

+ Acronis Managed Machine Service
- "C:\Program Files\BackupClient\BackupAndRecovery\mms.exe"
- Auto Load
- Enables data backup and recovery on the machine.

+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091

+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798

+ SQL Server Integration Services 12.0
- "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ SQL Server Integration Services 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\iscsidsc.dll,-5001

+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32

+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
- Load on Demand
- Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable.

+ SQL Server (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- Provides storage, processing and controlled access of data, and rapid transaction processing.

+ SQL Server Analysis Services (MSSQLSERVER)
- "c:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Config"
- Auto Load
- Supplies online analytical processing (OLAP) and data mining functionality for business intelligence applications.

+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008

+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501

+ @%SystemRoot%\System32\netlogon.dll,-102
- %systemroot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\System32\netlogon.dll,-103

+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110

+ @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195
- "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8194

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8196

+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203

+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4

+ @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8198

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Load on Demand
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200

+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2

+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101

+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2

+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201

+ NXLog
- "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
- Auto Load
- This service is responsible for running the NXLog agent. See www.nxlog.co.

+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\pcasvc.dll,-2

+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1

+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001

+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Load on Demand
- @%systemroot%\system32\pla.dll,-501

+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011

+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101

+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301

+ @%SystemRoot%\system32\pushtoinstall.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\pushtoinstall.dll,-201

+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2

+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201

+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%Systemroot%\system32\rasmans.dll,-201

+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201

+ Remote Registry
- %SystemRoot%\system32\svchost.exe -k localService -p
- Load on Demand
- @regsvc.dll,-2

+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- disabled
- @%SystemRoot%\system32\RMapi.dll,-1002

+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS -p
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002

+ @%systemroot%\system32\Locator.exe,-2
- %SystemRoot%\system32\locator.exe
- Load on Demand
- @%systemroot%\system32\Locator.exe,-3

+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss -p
- Auto Load
- @combase.dll,-5011

+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115

+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501

+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2

+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\System32\SCardSvr.dll,-5

+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101

+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14

+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000

+ SecPod Saner Agent
- "C:\Program Files (x86)\SecPod Saner\Agent\bin\spsaneragnt.exe"
- Auto Load
- An agent for vulnerability detection and mitigation, works with SecPod's SanerNow Advanced Vulnerability Management platform.

+ SecPod Saner Upgrade Controller v2
- "C:\Program Files (x86)\SecPod Saner\Upgrader\bin\spupgradecontroller.exe"
- Load on Demand
- Controller for monitoring SecPod's SanerNow agent upgrade.

+ @%systemroot%\system32\SecurityHealthAgent.dll,-1002
- %SystemRoot%\system32\SecurityHealthService.exe
- Load on Demand
- @%systemroot%\system32\SecurityHealthAgent.dll,-1001

+ @%SystemRoot%\System32\SEMgrSvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\System32\SEMgrSvc.dll,-1002

+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201

+ @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001
- "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe"
- Load on Demand
- @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1002

+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- disabled
- @%SystemRoot%\system32\SensorDataService.exe,-102

+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001

+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001

+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027

+ @%SystemRoot%\System32\SgrmBroker.exe,-100
- %SystemRoot%\system32\SgrmBroker.exe
- Load on Demand
- @%SystemRoot%\System32\SgrmBroker.exe,-101

+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\ipnathlp.dll,-107

+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289

+ @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-101

+ Simple TCP/IP Services
- %SystemRoot%\System32\tcpsvcs.exe
- disabled
- @%SystemRoot%\system32\simptcp.dll,-201

+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101

+ @%windir%\system32\inetsrv\smtpsetup.exe,-1
- %windir%\system32\inetsrv\inetinfo.exe
- Load on Demand
- @%windir%\system32\inetsrv\smtpsetup.exe,-2

+ @firewallapi.dll,-50303
- %SystemRoot%\System32\snmp.exe
- Auto Load
- @firewallapi.dll,-50304

+ @firewallapi.dll,-50323
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @firewallapi.dll,-50324

+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100

+ SQL Server Distributed Replay Client
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayClient\DReplayClient.exe"
- Load on Demand
- One or more Distributed Replay client computers that work together with a Distributed Replay controller to simulate concurrent workloads against an instance of SQL Server.

+ SQL Server Distributed Replay Controller
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayController\DReplayController.exe"
- Load on Demand
- Provides trace replay orchestration across multiple Distributed Replay client computers.

+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- Auto Load
- Provides SQL Server connection information to client computers.

+ SQL Server Agent (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Auto Load
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.

+ SQL Server CEIP service (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
- Auto Load
- CEIP service for Sql server

+ SQL Server VSS Writer
- "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
- Auto Load
- Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.

+ SQL Server Analysis Services CEIP (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\Bin\sqlceip.exe" -Service MSSQLSERVER MSAS
- Auto Load
- CEIP service for Sql Server Analysis Services

+ @%systemroot%\system32\ssdpsrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\ssdpsrv.dll,-101

+ OpenSSH Authentication Agent
- %SystemRoot%\System32\OpenSSH\ssh-agent.exe
- disabled
- Agent to hold private keys used for public key authentication.

+ SQL Server Integration Services CEIP service 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\sqlceip.exe" -Service default MSIS
- Auto Load
- CEIP service for Sql server Integration Services

+ @%SystemRoot%\system32\sstpsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\sstpsvc.dll,-201

+ @%SystemRoot%\system32\windows.staterepository.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\windows.staterepository.dll,-2

+ @%SystemRoot%\system32\wiaservc.dll,-9
- %SystemRoot%\system32\svchost.exe -k imgsvc
- Load on Demand
- @%SystemRoot%\system32\wiaservc.dll,-10

+ @%SystemRoot%\System32\StorSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\StorSvc.dll,-101

+ @%SystemRoot%\system32\svsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\svsvc.dll,-102

+ @%SystemRoot%\System32\swprv.dll,-103
- %SystemRoot%\System32\svchost.exe -k swprv
- Load on Demand
- @%SystemRoot%\System32\swprv.dll,-102

+ @%SystemRoot%\system32\sysmain.dll,-1000
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\sysmain.dll,-1001

+ @%windir%\system32\SystemEventsBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\SystemEventsBrokerServer.dll,-1002

+ @%SystemRoot%\system32\TabSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\TabSvc.dll,-101

+ @%SystemRoot%\system32\tapisrv.dll,-10100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\tapisrv.dll,-10101

+ @%SystemRoot%\System32\termsrv.dll,-268
- %SystemRoot%\System32\svchost.exe -k termsvcs
- Load on Demand
- @%SystemRoot%\System32\termsrv.dll,-267

+ @%SystemRoot%\System32\themeservice.dll,-8192
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\themeservice.dll,-8193

+ Tib Mounter Service
- "C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe"
- Load on Demand
-

+ @%SystemRoot%\system32\TieringEngineService.exe,-702
- %SystemRoot%\system32\TieringEngineService.exe
- Load on Demand
- @%SystemRoot%\system32\TieringEngineService.exe,-701

+ @%windir%\system32\TimeBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%windir%\system32\TimeBrokerServer.dll,-1002

+ @%systemroot%\system32\tokenbroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\tokenbroker.dll,-101

+ @%SystemRoot%\system32\trkwks.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\trkwks.dll,-2

+ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
- %SystemRoot%\servicing\TrustedInstaller.exe
- Load on Demand
- @%SystemRoot%\servicing\TrustedInstaller.exe,-101

+ @%SystemRoot%\system32\tzautoupdate.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\tzautoupdate.dll,-201

+ @%systemroot%\system32\ualsvc.dll,-102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%systemroot%\system32\ualsvc.dll,-101

+ @%systemroot%\system32\AgentService.exe,-102
- %systemroot%\system32\AgentService.exe
- disabled
- @%systemroot%\system32\AgentService.exe,-101

+ @%SystemRoot%\system32\umrdp.dll,-1000
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\umrdp.dll,-1001

+ @%systemroot%\system32\upnphost.dll,-213
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\upnphost.dll,-214

+ @%systemroot%\system32\usermgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usermgr.dll,-101

+ @%systemroot%\system32\usocore.dll,-101
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usocore.dll,-102

+ @%SystemRoot%\system32\vaultsvc.dll,-1003
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\vaultsvc.dll,-1004

+ @%SystemRoot%\system32\vds.exe,-100
- %SystemRoot%\System32\vds.exe
- Load on Demand
- @%SystemRoot%\system32\vds.exe,-112

+ VMware Alias Manager and Ticket Service
- "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"
- Auto Load
- Alias Manager and Ticket Service

+ @oem8.inf,%VM3DSERVICE_DISPLAYNAME%;VMware SVGA Helper Service
- %SystemRoot%\system32\vm3dservice.exe
- Auto Load
- @oem8.inf,%VM3DSERVICE_DESCRIPTION%;Helps VMware SVGA driver by collecting and conveying user mode information

+ @%systemroot%\system32\icsvc.dll,-801
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-802

+ @%systemroot%\system32\icsvc.dll,-101
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-102

+ @%systemroot%\system32\icsvc.dll,-201
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-202

+ @%systemroot%\system32\icsvcext.dll,-601
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-602

+ @%systemroot%\system32\icsvc.dll,-301
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-302

+ @%systemroot%\system32\icsvc.dll,-401
- %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-402

+ @%systemroot%\system32\icsvc.dll,-901
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-902

+ @%systemroot%\system32\icsvcext.dll,-501
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-502

+ VMware Tools
- "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
- Auto Load
- Provides support for synchronizing objects between the host and guest operating systems.

+ VMware Snapshot Provider
- C:\Windows\system32\dllhost.exe /Processid:{0A0395B5-DCA0-40B0-8D0E-C89A44322E93}
- Load on Demand
- VMware Snapshot Provider

+ VMware CAF AMQP Communication Service
- "C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe"
- Load on Demand
- VMware Common Agent AMQP Communication Service

+ VMware CAF Management Agent Service
- "C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe"
- Auto Load
- VMware Common Agent Management Agent Service

+ @%systemroot%\system32\vssvc.exe,-102
- %systemroot%\system32\vssvc.exe
- Load on Demand
- @%systemroot%\system32\vssvc.exe,-101

+ @%SystemRoot%\system32\w32time.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @%SystemRoot%\system32\w32time.dll,-201

+ @%windir%\system32\inetsrv\iisres.dll,-30014
- %windir%\system32\svchost.exe -k apphost
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30015

+ @%windir%\system32\inetsrv\iisres.dll,-30003
- %windir%\system32\svchost.exe -k iissvcs
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30004

+ @WaaSMedicSvc.dll,-100
- %systemroot%\system32\svchost.exe -k wusvcs -p
- Load on Demand
- @WaaSMedicSvc.dll,-101

+ @%SystemRoot%\System32\WalletService.dll,-1000
- %SystemRoot%\System32\svchost.exe -k appmodel -p
- disabled
- @%SystemRoot%\System32\WalletService.dll,-1001

+ @%SystemRoot%\System32\Windows.WARP.JITService.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\Windows.WARP.JITService.dll,-101

+ @%windir%\system32\inetsrv\iisres.dll,-30001
- %windir%\system32\svchost.exe -k iissvcs
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30002

+ @%systemroot%\system32\wbiosrvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
- Load on Demand
- @%systemroot%\system32\wbiosrvc.dll,-101

+ @%SystemRoot%\System32\wcmsvc.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\System32\wcmsvc.dll,-4098

+ @%systemroot%\system32\wdi.dll,-502
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-503

+ @%systemroot%\system32\wdi.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-501

+ @%SystemRoot%\system32\wecsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\wecsvc.dll,-201

+ @%systemroot%\system32\wephostsvc.dll,-100
- %systemroot%\system32\svchost.exe -k WepHostSvcGroup
- Load on Demand
- @%systemroot%\system32\wephostsvc.dll,-101

+ @%SystemRoot%\System32\wercplsupport.dll,-101
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\wercplsupport.dll,-100

+ @%SystemRoot%\System32\wersvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k WerSvcGroup
- Load on Demand
- @%SystemRoot%\System32\wersvc.dll,-101

+ @%SystemRoot%\system32\wiarpc.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\wiarpc.dll,-1

+ @%SystemRoot%\system32\winhttp.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\winhttp.dll,-101

+ @%Systemroot%\system32\wbem\wmisvc.dll,-205
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%Systemroot%\system32\wbem\wmisvc.dll,-204

+ @%Systemroot%\system32\wsmsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%Systemroot%\system32\wsmsvc.dll,-102

+ VNC Server Version 4
- "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
- Auto Load
-

+ @%SystemRoot%\system32\flightsettings.dll,-103
- %systemroot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\flightsettings.dll,-104

+ @%SystemRoot%\system32\wlidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\wlidsvc.dll,-101

+ @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
- %systemroot%\system32\wbem\WmiApSrv.exe
- Load on Demand
- @%Systemroot%\system32\wbem\wmiapsrv.exe,-111

+ @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
- "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
- Load on Demand
- @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102

+ @%windir%\system32\inetsrv\iisres.dll,-20001
- %windir%\system32\inetsrv\wmsvc.exe
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-20002

+ @%SystemRoot%\system32\wpdbusenum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wpdbusenum.dll,-101

+ @%SystemRoot%\system32\wpnservice.dll,-1
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\wpnservice.dll,-2

+ @%systemroot%\system32\SearchIndexer.exe,-103
- %systemroot%\system32\SearchIndexer.exe /Embedding
- disabled
- @%systemroot%\system32\SearchIndexer.exe,-104

+ @%systemroot%\system32\wuaueng.dll,-105
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\wuaueng.dll,-106

+ @wpdfs.inf,%WPDFS_SvcName%;WPD File System driver
- \SystemRoot\system32\DRIVERS\WUDFRd.sys
- Load on Demand
- @wpdfs.inf,%WPDFS_SvcDesc%;User mode driver that enables communication with removable storage devices via the WPD interface


Services :
+ Acronis Agent Core Service
- "C:\Program Files\Common Files\Acronis\Agent\aakore.exe" run
- Auto Load
- Enables Acronis Agent Core Service.

+ Acronis Update Controller
- "C:\Program Files\BackupClient\UpdateController\acp-update-controller.exe" --update-controller
- Auto Load
- Enables Acronis Update Controller.

+ Acronis Active Protection Service
- "C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe"
- Auto Load
- Acronis Active Protection Service

+ Acronis Scheduler2 Service
- "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
- Auto Load
- Provides scheduling for tasks of Acronis components.

+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1

+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113

+ @%windir%\system32\inetsrv\iisres.dll,-30011
- %windir%\system32\svchost.exe -k apphost
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30012

+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101

+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101

+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @appmgmts.dll,-3251

+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness -p
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001

+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101

+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2

+ @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- Load on Demand
- @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-2

+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205

+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201

+ Kaspersky Endpoint Security Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avp.exe" -r
- Auto Load
- Provides computer protection against viruses, other malicious applications, and network attacks.

+ Kaspersky Seamless Update Service (KES.21.15)
- "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpsus.exe"
- Auto Load
- Lets you install and roll back critical and approved updates of application modules.

+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- disabled
- @%SystemRoot%\system32\AxInstSV.dll,-104

+ AzureAttestService
- C:\Windows\system32\svchost.exe -k AzureAttestService
- Auto Load
-

+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002

+ @%SystemRoot%\system32\qmgr.dll,-1000
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\qmgr.dll,-1001

+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\bisrv.dll,-101

+ @%SystemRoot%\system32\BTAGService.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\BTAGService.dll,-102

+ @%SystemRoot%\system32\BthAvctpSvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\BthAvctpSvc.dll,-102

+ @%SystemRoot%\System32\bthserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\System32\bthserv.dll,-102

+ @%SystemRoot%\system32\CapabilityAccessManager.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\CapabilityAccessManager.dll,-2

+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12

+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104

+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948

+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2

+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002

+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- disabled
- @%systemroot%\system32\cscsvc.dll,-201

+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @combase.dll,-5013

+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102

+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101

+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101

+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101

+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001

+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc -p
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002

+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101

+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\dmwappushsvc.dll,-201

+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102

+ @%systemroot%\system32\dosvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%systemroot%\system32\dosvc.dll,-101

+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103

+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%systemroot%\system32\dps.dll,-501

+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001

+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002

+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2

+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101

+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202

+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2

+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201

+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @comres.dll,-2451

+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101

+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101

+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101

+ @%SystemRoot%\system32\PresentationHost.exe,-3309
- %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
- Load on Demand
- @%SystemRoot%\system32\PresentationHost.exe,-3310

+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101

+ @%windir%\system32\inetsrv\ftpres.dll,-30001
- %windir%\system32\svchost.exe -k ftpsvc
- Auto Load
- @%windir%\system32\inetsrv\ftpres.dll,-30002

+ Google Chrome Elevation Service (GoogleChromeElevationService)
- "C:\Program Files\Google\Chrome\Application\143.0.7499.193\elevation_service.exe"
- Load on Demand
- Provides encryption services and a secure way for recovering Google Chrome if it gets out of date. If this service is disabled, Google Chrome may lose access to encrypted data, and Google Chrome may not be able recover itself.

+ Google Updater Internal Service (GoogleUpdaterInternalService145.0.7569.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe" --system --windows-service --service=update-internal
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

+ Google Updater Service (GoogleUpdaterService145.0.7569.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe" --system --windows-service --service=update
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @gpapi.dll,-113

+ @%SystemRoot%\system32\GraphicsPerfSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup
- disabled
- @%SystemRoot%\system32\GraphicsPerfSvc.dll,-101

+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102

+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101

+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- disabled
- @%SystemRoot%\System32\tetheringservice.dll,-4098

+ @%windir%\system32\inetsrv\iisres.dll,-30007
- %windir%\system32\inetsrv\inetinfo.exe
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30008

+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502

+ @%SystemRoot%\system32\InstallService.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\InstallService.dll,-201

+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501

+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101

+ Kaspersky Security Center Network Agent
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe"
- Auto Load
- Network Agent coordinates interaction between the Administration Server and Kaspersky applications installed on devices.

+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101

+ Kaspersky Security Network proxy server
- "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\ksnproxy.exe"
- Load on Demand
- The KSN proxy service retranslates requests to Kaspersky Security Network and caches the responses.

+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
- Load on Demand
- @comres.dll,-2947

+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101

+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101

+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\lfsvc.dll,-2

+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201

+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\lltdres.dll,-2

+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102

+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\lsm.dll,-1002

+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- disabled
- @%SystemRoot%\System32\moshost.dll,-101

+ Acronis Managed Machine Service
- "C:\Program Files\BackupClient\BackupAndRecovery\mms.exe"
- Auto Load
- Enables data backup and recovery on the machine.

+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091

+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798

+ SQL Server Integration Services 12.0
- "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ SQL Server Integration Services 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\MsDtsSrvr.exe"
- Auto Load
- Provides management support for SSIS package storage and execution.

+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\iscsidsc.dll,-5001

+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32

+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
- Load on Demand
- Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable.

+ SQL Server (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- Provides storage, processing and controlled access of data, and rapid transaction processing.

+ SQL Server Analysis Services (MSSQLSERVER)
- "c:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Config"
- Auto Load
- Supplies online analytical processing (OLAP) and data mining functionality for business intelligence applications.

+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008

+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501

+ @%SystemRoot%\System32\netlogon.dll,-102
- %systemroot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\System32\netlogon.dll,-103

+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110

+ @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8195
- "%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8194

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8197
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8196

+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203

+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4

+ @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8199
- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Auto Load
- @C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8198

+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- Load on Demand
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200

+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2

+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101

+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2

+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201

+ NXLog
- "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
- Auto Load
- This service is responsible for running the NXLog agent. See www.nxlog.co.

+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\pcasvc.dll,-2

+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1

+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001

+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Load on Demand
- @%systemroot%\system32\pla.dll,-501

+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101

+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011

+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101

+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301

+ @%SystemRoot%\system32\pushtoinstall.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\pushtoinstall.dll,-201

+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2

+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201

+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Load on Demand
- @%Systemroot%\system32\rasmans.dll,-201

+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201

+ Remote Registry
- %SystemRoot%\system32\svchost.exe -k localService -p
- Load on Demand
- @regsvc.dll,-2

+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- disabled
- @%SystemRoot%\system32\RMapi.dll,-1002

+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS -p
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002

+ @%systemroot%\system32\Locator.exe,-2
- %SystemRoot%\system32\locator.exe
- Load on Demand
- @%systemroot%\system32\Locator.exe,-3

+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss -p
- Auto Load
- @combase.dll,-5011

+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115

+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501

+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2

+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\System32\SCardSvr.dll,-5

+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101

+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14

+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000

+ SecPod Saner Agent
- "C:\Program Files (x86)\SecPod Saner\Agent\bin\spsaneragnt.exe"
- Auto Load
- An agent for vulnerability detection and mitigation, works with SecPod's SanerNow Advanced Vulnerability Management platform.

+ SecPod Saner Upgrade Controller v2
- "C:\Program Files (x86)\SecPod Saner\Upgrader\bin\spupgradecontroller.exe"
- Load on Demand
- Controller for monitoring SecPod's SanerNow agent upgrade.

+ @%systemroot%\system32\SecurityHealthAgent.dll,-1002
- %SystemRoot%\system32\SecurityHealthService.exe
- Load on Demand
- @%systemroot%\system32\SecurityHealthAgent.dll,-1001

+ @%SystemRoot%\System32\SEMgrSvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\System32\SEMgrSvc.dll,-1002

+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201

+ @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001
- "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe"
- Load on Demand
- @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1002

+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- disabled
- @%SystemRoot%\system32\SensorDataService.exe,-102

+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001

+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001

+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027

+ @%SystemRoot%\System32\SgrmBroker.exe,-100
- %SystemRoot%\system32\SgrmBroker.exe
- Load on Demand
- @%SystemRoot%\System32\SgrmBroker.exe,-101

+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\ipnathlp.dll,-107

+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289

+ @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-101

+ Simple TCP/IP Services
- %SystemRoot%\System32\tcpsvcs.exe
- disabled
- @%SystemRoot%\system32\simptcp.dll,-201

+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101

+ @%windir%\system32\inetsrv\smtpsetup.exe,-1
- %windir%\system32\inetsrv\inetinfo.exe
- Load on Demand
- @%windir%\system32\inetsrv\smtpsetup.exe,-2

+ @firewallapi.dll,-50303
- %SystemRoot%\System32\snmp.exe
- Auto Load
- @firewallapi.dll,-50304

+ @firewallapi.dll,-50323
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @firewallapi.dll,-50324

+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100

+ SQL Server Distributed Replay Client
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayClient\DReplayClient.exe"
- Load on Demand
- One or more Distributed Replay client computers that work together with a Distributed Replay controller to simulate concurrent workloads against an instance of SQL Server.

+ SQL Server Distributed Replay Controller
- "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayController\DReplayController.exe"
- Load on Demand
- Provides trace replay orchestration across multiple Distributed Replay client computers.

+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- Auto Load
- Provides SQL Server connection information to client computers.

+ SQL Server Agent (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Auto Load
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.

+ SQL Server CEIP service (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
- Auto Load
- CEIP service for Sql server

+ SQL Server VSS Writer
- "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
- Auto Load
- Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.

+ SQL Server Analysis Services CEIP (MSSQLSERVER)
- "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\Bin\sqlceip.exe" -Service MSSQLSERVER MSAS
- Auto Load
- CEIP service for Sql Server Analysis Services

+ @%systemroot%\system32\ssdpsrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\ssdpsrv.dll,-101

+ OpenSSH Authentication Agent
- %SystemRoot%\System32\OpenSSH\ssh-agent.exe
- disabled
- Agent to hold private keys used for public key authentication.

+ SQL Server Integration Services CEIP service 15.0
- "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\sqlceip.exe" -Service default MSIS
- Auto Load
- CEIP service for Sql server Integration Services

+ @%SystemRoot%\system32\sstpsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\sstpsvc.dll,-201

+ @%SystemRoot%\system32\windows.staterepository.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\windows.staterepository.dll,-2

+ @%SystemRoot%\system32\wiaservc.dll,-9
- %SystemRoot%\system32\svchost.exe -k imgsvc
- Load on Demand
- @%SystemRoot%\system32\wiaservc.dll,-10

+ @%SystemRoot%\System32\StorSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\StorSvc.dll,-101

+ @%SystemRoot%\system32\svsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\svsvc.dll,-102

+ @%SystemRoot%\System32\swprv.dll,-103
- %SystemRoot%\System32\svchost.exe -k swprv
- Load on Demand
- @%SystemRoot%\System32\swprv.dll,-102

+ @%SystemRoot%\system32\sysmain.dll,-1000
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\sysmain.dll,-1001

+ @%windir%\system32\SystemEventsBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\SystemEventsBrokerServer.dll,-1002

+ @%SystemRoot%\system32\TabSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\TabSvc.dll,-101

+ @%SystemRoot%\system32\tapisrv.dll,-10100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\tapisrv.dll,-10101

+ @%SystemRoot%\System32\termsrv.dll,-268
- %SystemRoot%\System32\svchost.exe -k termsvcs
- Load on Demand
- @%SystemRoot%\System32\termsrv.dll,-267

+ @%SystemRoot%\System32\themeservice.dll,-8192
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\themeservice.dll,-8193

+ Tib Mounter Service
- "C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe"
- Load on Demand
-

+ @%SystemRoot%\system32\TieringEngineService.exe,-702
- %SystemRoot%\system32\TieringEngineService.exe
- Load on Demand
- @%SystemRoot%\system32\TieringEngineService.exe,-701

+ @%windir%\system32\TimeBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%windir%\system32\TimeBrokerServer.dll,-1002

+ @%systemroot%\system32\tokenbroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\tokenbroker.dll,-101

+ @%SystemRoot%\system32\trkwks.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\trkwks.dll,-2

+ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
- %SystemRoot%\servicing\TrustedInstaller.exe
- Load on Demand
- @%SystemRoot%\servicing\TrustedInstaller.exe,-101

+ @%SystemRoot%\system32\tzautoupdate.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\tzautoupdate.dll,-201

+ @%systemroot%\system32\ualsvc.dll,-102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%systemroot%\system32\ualsvc.dll,-101

+ @%systemroot%\system32\AgentService.exe,-102
- %systemroot%\system32\AgentService.exe
- disabled
- @%systemroot%\system32\AgentService.exe,-101

+ @%SystemRoot%\system32\umrdp.dll,-1000
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\umrdp.dll,-1001

+ @%systemroot%\system32\upnphost.dll,-213
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\upnphost.dll,-214

+ @%systemroot%\system32\usermgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usermgr.dll,-101

+ @%systemroot%\system32\usocore.dll,-101
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usocore.dll,-102

+ @%SystemRoot%\system32\vaultsvc.dll,-1003
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\vaultsvc.dll,-1004

+ @%SystemRoot%\system32\vds.exe,-100
- %SystemRoot%\System32\vds.exe
- Load on Demand
- @%SystemRoot%\system32\vds.exe,-112

+ VMware Alias Manager and Ticket Service
- "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"
- Auto Load
- Alias Manager and Ticket Service

+ @oem8.inf,%VM3DSERVICE_DISPLAYNAME%;VMware SVGA Helper Service
- %SystemRoot%\system32\vm3dservice.exe
- Auto Load
- @oem8.inf,%VM3DSERVICE_DESCRIPTION%;Helps VMware SVGA driver by collecting and conveying user mode information

+ @%systemroot%\system32\icsvc.dll,-801
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-802

+ @%systemroot%\system32\icsvc.dll,-101
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-102

+ @%systemroot%\system32\icsvc.dll,-201
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-202

+ @%systemroot%\system32\icsvcext.dll,-601
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-602

+ @%systemroot%\system32\icsvc.dll,-301
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-302

+ @%systemroot%\system32\icsvc.dll,-401
- %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-402

+ @%systemroot%\system32\icsvc.dll,-901
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-902

+ @%systemroot%\system32\icsvcext.dll,-501
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-502

+ VMware Tools
- "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"
- Auto Load
- Provides support for synchronizing objects between the host and guest operating systems.

+ VMware Snapshot Provider
- C:\Windows\system32\dllhost.exe /Processid:{0A0395B5-DCA0-40B0-8D0E-C89A44322E93}
- Load on Demand
- VMware Snapshot Provider

+ VMware CAF AMQP Communication Service
- "C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe"
- Load on Demand
- VMware Common Agent AMQP Communication Service

+ VMware CAF Management Agent Service
- "C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe"
- Auto Load
- VMware Common Agent Management Agent Service

+ @%systemroot%\system32\vssvc.exe,-102
- %systemroot%\system32\vssvc.exe
- Load on Demand
- @%systemroot%\system32\vssvc.exe,-101

+ @%SystemRoot%\system32\w32time.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- Auto Load
- @%SystemRoot%\system32\w32time.dll,-201

+ @%windir%\system32\inetsrv\iisres.dll,-30014
- %windir%\system32\svchost.exe -k apphost
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30015

+ @%windir%\system32\inetsrv\iisres.dll,-30003
- %windir%\system32\svchost.exe -k iissvcs
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30004

+ @WaaSMedicSvc.dll,-100
- %systemroot%\system32\svchost.exe -k wusvcs -p
- Load on Demand
- @WaaSMedicSvc.dll,-101

+ @%SystemRoot%\System32\WalletService.dll,-1000
- %SystemRoot%\System32\svchost.exe -k appmodel -p
- disabled
- @%SystemRoot%\System32\WalletService.dll,-1001

+ @%SystemRoot%\System32\Windows.WARP.JITService.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\Windows.WARP.JITService.dll,-101

+ @%windir%\system32\inetsrv\iisres.dll,-30001
- %windir%\system32\svchost.exe -k iissvcs
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30002

+ @%systemroot%\system32\wbiosrvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
- Load on Demand
- @%systemroot%\system32\wbiosrvc.dll,-101

+ @%SystemRoot%\System32\wcmsvc.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\System32\wcmsvc.dll,-4098

+ @%systemroot%\system32\wdi.dll,-502
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-503

+ @%systemroot%\system32\wdi.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-501

+ @%SystemRoot%\system32\wecsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\wecsvc.dll,-201

+ @%systemroot%\system32\wephostsvc.dll,-100
- %systemroot%\system32\svchost.exe -k WepHostSvcGroup
- Load on Demand
- @%systemroot%\system32\wephostsvc.dll,-101

+ @%SystemRoot%\System32\wercplsupport.dll,-101
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\wercplsupport.dll,-100

+ @%SystemRoot%\System32\wersvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k WerSvcGroup
- Load on Demand
- @%SystemRoot%\System32\wersvc.dll,-101

+ @%SystemRoot%\system32\wiarpc.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\wiarpc.dll,-1

+ @%SystemRoot%\system32\winhttp.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\winhttp.dll,-101

+ @%Systemroot%\system32\wbem\wmisvc.dll,-205
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%Systemroot%\system32\wbem\wmisvc.dll,-204

+ @%Systemroot%\system32\wsmsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%Systemroot%\system32\wsmsvc.dll,-102

+ VNC Server Version 4
- "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
- Auto Load
-

+ @%SystemRoot%\system32\flightsettings.dll,-103
- %systemroot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\flightsettings.dll,-104

+ @%SystemRoot%\system32\wlidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\wlidsvc.dll,-101

+ @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
- %systemroot%\system32\wbem\WmiApSrv.exe
- Load on Demand
- @%Systemroot%\system32\wbem\wmiapsrv.exe,-111

+ @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
- "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
- Load on Demand
- @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102

+ @%windir%\system32\inetsrv\iisres.dll,-20001
- %windir%\system32\inetsrv\wmsvc.exe
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-20002

+ @%SystemRoot%\system32\wpdbusenum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wpdbusenum.dll,-101

+ @%SystemRoot%\system32\wpnservice.dll,-1
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\wpnservice.dll,-2

+ @%systemroot%\system32\SearchIndexer.exe,-103
- %systemroot%\system32\SearchIndexer.exe /Embedding
- disabled
- @%systemroot%\system32\SearchIndexer.exe,-104

+ @%systemroot%\system32\wuaueng.dll,-105
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\wuaueng.dll,-106

+ Zabbix Agent
- "C:\Program Files\Zabbix Agent\zabbix_agentd.exe" --config "C:\Program Files\Zabbix Agent\zabbix_agentd.conf"
- Auto Load
- Provides system monitoring
70629 - Microsoft Windows AutoRuns Winlogon
-
Synopsis
Report programs that startup associates with the winlogon process.
Description
Report the startup locations associated with the winlogon process.

These values could add features to the logon process, assist in authentication, or set screen savers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
+ CLSID : {1b283861-754f-4022-ad47-a5eaaa618894}
- Name : Smartcard Reader Selection Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {1ee7337f-85ac-45e2-a23c-37c753209769}
- Name : Smartcard WinRT Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
- Name : PicturePasswordLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {25CBB996-92ED-457e-B28C-4774084BD562}
- Name : GenericProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}
- Name : TrustedSignal Credential Provider
- Value : %systemroot%\system32\TrustedSignalCredProv.dll

+ CLSID : {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
- Name : NPProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {48B4E58D-2791-456C-9091-D524C6C706F2}
- Name : Secondary Authentication Factor Credential Provider
- Value : C:\Windows\System32\devicengccredprov.dll

+ CLSID : {600e7adb-da3e-41a4-9225-3c0399e88c0c}
- Name : CngCredUICredentialProvider
- Value : %systemroot%\system32\cngcredui.dll

+ CLSID : {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
- Name : PasswordProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
- Name : Smartcard Credential Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {94596c7e-3744-41ce-893e-bbf09122f76a}
- Name : Smartcard Pin Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {BEC09223-B018-416D-A0AC-523971B639F5}
- Name : WinBio Credential Provider
- Value : %SystemRoot%\System32\BioCredProv.dll

+ CLSID : {C5D7540A-CD51-453B-B22B-05305BA03F07}
- Name : Cloud Experience Credential Provider
- Value : C:\Windows\System32\cxcredprov.dll

+ CLSID : {cb82ea12-9f71-446d-89e1-8d0924e1256e}
- Name : PINLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {D6886603-9D2F-4EB2-B667-1971041FA96B}
- Name : NGC Credential Provider
- Value : C:\Windows\System32\ngccredprov.dll

+ CLSID : {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
- Name : CertCredProvider
- Value : %systemroot%\system32\certCredProvider.dll

+ CLSID : {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
- Name : WLIDCredentialProvider
- Value : %SystemRoot%\system32\wlidcredprov.dll

+ CLSID : {F8A1793B-7873-4046-B2A7-1F318747F427}
- Name : FIDO Credential Provider
- Value : %systemroot%\system32\fidocredprov.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
+ CLSID : {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
- Name : GenericFilter
- Value : %SystemRoot%\system32\credprovs.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
+ CLSID : {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}
- Name : RasProvider
- Value : %SystemRoot%\system32\rasplap.dll




70630 - Microsoft Windows AutoRuns Winsock Provider
-
Synopsis
Report Winsock providers extensions.
Description
A Winsock provider is a type of Layered Service Provider (LSP) that can be used to control protocols by inserting itself into the TCP/IP stack. This can commonly be used to help filter web traffic, enable QoS type services, or anything to hook network traffic controls.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : vSockets DGRAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll

- Name : vSockets STREAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : vSockets DGRAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll

- Name : vSockets STREAM
- PackedCatalogItem : %windir%\system32\vsocklib.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll

92363 - Microsoft Windows Device Logs
-
Synopsis
Nessus was able to collect available device logs from the remote host.
Description
Nessus was able to collect available device logs from the remote Windows host and add them as attachments.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Device logs attached.
92364 - Microsoft Windows Environment Variables
-
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0757
Plugin Information
Published: 2016/07/19, Modified: 2022/06/24
Plugin Output

tcp/0

Global Environment Variables :
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 16
username : SYSTEM
os : Windows_NT
temp : %SystemRoot%\TEMP
processor_revision : cf02
path : %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\110\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files\Microsoft SQL Server\120\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\;C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\;C:\Program Files\BackupClient\CommandLineTool\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files\BackupClient\PyShell\bin\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files\Microsoft SQL Server\150\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files\Azure Data Studio\bin
tmp : %SystemRoot%\TEMP
processor_identifier : Intel64 Family 6 Model 207 Stepping 2, GenuineIntel
driverdata : C:\Windows\System32\Drivers\DriverData
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Microsoft SQL Server\120\Tools\PowerShell\Modules\;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\
windir : %SystemRoot%

Active User Environment Variables
- S-1-5-21-1687551350-3880216100-4069998428-500
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin;C:\Program Files (x86)\Nmap
tmp : %USERPROFILE%\AppData\Local\Temp
- S-1-5-21-1687551350-3880216100-4069998428-1009
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
92365 - Microsoft Windows Hosts File
-
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/01/27
Plugin Output

tcp/0

Windows hosts file attached.

MD5: 3688374325b992def12793500307566d
SHA-1: 4bed0823746a2a8577ab08ac8711b79770e48274
SHA-256: 2d6bdfb341be3a6234b24742377f93aa7c7cfb0d9fd64efa9282c87852e57085
187318 - Microsoft Windows Installed
-
Synopsis
The remote host is running Microsoft Windows.
Description
The remote host is running Microsoft Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/12/27, Modified: 2025/12/10
Plugin Output

tcp/0


OS Name : Microsoft Windows Server 2019 1809
Vendor : Microsoft
Product : Windows Server
Release : 2019 1809
Edition : Datacenter
Version : 10.0.17763.3770
Role : server
Kernel : Windows NT 10.0
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_server_2019:10.0.17763.3770:-:~~datacenter~~x64~
CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.3770:-:*:*:datacenter:*:x64:*
Type : local
Method : SMB
Confidence : 100

20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
-
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0501
Plugin Information
Published: 2006/01/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following software are installed on the remote host :

Acronis Cyber Protect [version 15.0.36514]
Google Chrome [version 143.0.7499.193] [installed on 2026/01/09]
Kaspersky Security Center Network Agent [version 14.2.0.26967]
Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit) [version 12.3.6024.0] [installed on 2023/12/05]
Hotfix 4335 for SQL Server 2019 (KB5030333) (64-bit) [version 15.0.4335.1] [installed on 2025/02/04]
Microsoft Help Viewer 1.1 [version 1.1.40219]
Microsoft Help Viewer 2.3 [version 2.3.28307]
Microsoft SQL Server 2014 (64-bit)
Microsoft SQL Server 2019 (64-bit)
Nmap 7.95 [version 7.95]
Npcap [version 1.79]
VNC Enterprise Edition E4.6.1 [version E4.6.1] [installed on 2020/12/06]
SecPod Saner [version 6.3.0.1]
WinRAR 5.91 (64-bit) [version 5.91.0]
Kaspersky Endpoint Security for Windows [version 11.15.8.493]
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/11]
SQL Server 2019 Database Engine Services [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2019 Data quality client [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2019 Data quality service [version 15.0.2000.5] [installed on 2025/02/04]
Visual Studio 2017 Isolated Shell for SSMS [version 15.0.28308.421] [installed on 2025/02/04]
SQL Server 2014 Integration Services [version 12.3.6024.0] [installed on 2023/12/05]
SQL Server 2019 Common Files [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft Visual Studio Tools for Applications x86 Runtime 3.0 [version 10.0.40220] [installed on 2022/12/28]
SQL Server 2014 Data quality client [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft SQL Server 2014 Policies [version 12.3.6024.0] [installed on 2023/12/05]
SQL Server 2014 Documentation Components [version 12.0.2000.8] [installed on 2022/12/28]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2022/12/28]
SQL Server 2019 XEvent [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2019 Distributed Replay [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2019 SQL Diagnostics [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2014 Client Tools [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft VSS Writer for SQL Server 2019 [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2014 Distributed Replay [version 12.3.6024.0] [installed on 2023/12/05]
SQL Server 2014 SQL Data Quality Common [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft SQL Server 2019 T-SQL Language Service [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft Report Viewer 2014 Runtime [version 12.0.2000.8] [installed on 2022/12/28]
SQL Server 2019 Integration Services [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2014 Distributed Replay [version 12.0.2000.8] [installed on 2022/12/28]
Microsoft System CLR Types for SQL Server 2014 (x64) [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532 [version 14.36.32532.0]
Microsoft SQL Server 2014 Transact-SQL Compiler Service [version 12.3.6024.0] [installed on 2023/12/05]
SQL Server 2019 Full text search [version 15.0.2000.5] [installed on 2025/02/04]
Zabbix Agent (64-bit) [version 7.4.2.2400] [installed on 2025/09/10]
Microsoft ODBC Driver 11 for SQL Server [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.5.1] [installed on 2025/02/04]
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 [version 10.0.40219] [installed on 2022/12/28]
Browser for SQL Server 2019 [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2021/12/07]
Google Update Helper [version 1.3.33.7] [installed on 2022/12/28]
SQL Server 2019 Database Engine Shared [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2019 Shared Management Objects [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft SQL Server 2008 Setup Support Files [version 10.3.5500.0] [installed on 2022/12/28]
Azure Data Studio [version 1.41.2] [installed on 2025/02/04]
Visual Studio 2010 Prerequisites - English [version 10.0.40219] [installed on 2022/12/28]
SQL Server Management Studio [version 19.0.20209.0] [installed on 2025/02/04]
SQL Server 2019 Client Tools [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft SQL Server 2014 Transact-SQL ScriptDom [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft SQL Server 2019 Setup (English) [version 15.0.4335.1] [installed on 2025/02/04]
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/11]
SQL Server 2014 Management Studio [version 12.3.6024.0] [installed on 2023/12/05]
Microsoft Analysis Services OLE DB Provider [version 16.0.5143.0] [installed on 2025/02/04]
VMware Tools [version 10.1.15.6677369] [installed on 2021/12/07]
Integration Services [version 16.0.5107.0] [installed on 2025/02/04]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 [version 12.0.40664] [installed on 2025/02/04]
SQL Server 2019 DMF [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft SQL Server 2008 R2 Management Objects [version 10.51.2500.0] [installed on 2022/12/28]
Kaspersky Endpoint Security for Windows [version 12.3.0.493] [installed on 2023/12/02]
SQL Server 2019 Shared Management Objects Extensions [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support [version 16.0.31110] [installed on 2025/02/04]
Microsoft SQL Server Management Studio - 19.0.2 [version 19.0.20209.0]
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0]
SSMS Post Install Tasks [version 19.0.20209.0] [installed on 2025/02/04]
Microsoft Application Error Reporting [version 12.0.6012.5000] [installed on 2022/12/28]
Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support [version 15.0.27520] [installed on 2025/02/04]
SQL Server 2019 Connection Info [version 15.0.2000.5] [installed on 2025/02/04]
IIS URL Rewrite Module 2 [version 7.2.1993] [installed on 2025/07/07]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [version 9.0.30729.6161] [installed on 2021/12/07]
Microsoft SQL Server 2012 Native Client [version 11.4.7462.6] [installed on 2023/12/05]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 [version 12.0.40664.0]
Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support [version 15.0.27520] [installed on 2025/02/04]
SQL Server Management Studio Language Pack - English [version 19.0.20209.0] [installed on 2025/02/04]
SQL Server 2014 Common Files [version 12.3.6024.0] [installed on 2023/12/05]
NXLog-CE [version 3.2.2329] [installed on 2024/12/12]
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/11]
Cyber Protect [version 15.0.36514] [installed on 2023/10/13]
Microsoft SQL Server System CLR Types [version 10.51.2500.0] [installed on 2022/12/28]
Microsoft .NET Framework 4 Multi-Targeting Pack [version 4.0.30319] [installed on 2022/12/28]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 [version 12.0.40664] [installed on 2025/02/04]
SQL Server 2019 Batch Parser [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft OLE DB Driver 19 for SQL Server [version 19.2.0.0] [installed on 2022/12/28]
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2025/03/11]
Microsoft Visual Studio 2010 Shell (Isolated) - ENU [version 10.0.40219] [installed on 2022/12/28]
SQL Server 2019 SQL Data Quality Common [version 15.0.2000.5] [installed on 2025/02/04]
SQL Server 2019 Client Tools Extensions [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support [version 16.0.31110] [installed on 2025/02/04]
Microsoft SQL Server 2019 RsFx Driver [version 15.0.4335.1] [installed on 2025/02/04]
Microsoft OLE DB Driver for SQL Server [version 18.6.7.0] [installed on 2025/02/04]
SQL Server 2019 Analysis Services [version 15.0.2000.5] [installed on 2025/02/04]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 [version 10.0.40219] [installed on 2022/12/28]
Microsoft Visual Studio Tools for Applications x64 Runtime 3.0 [version 10.0.40220] [installed on 2022/12/28]
Microsoft Visual Studio Tools for Applications 2019 [version 16.0.31110]
Microsoft Visual Studio Tools for Applications 2017 [version 15.0.27520]

The following updates are installed :

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 :
KB2151757 [version 1] [installed on 12/28/2022]
KB2467173 [version 1] [installed on 12/28/2022]
KB2565063 [version 1] [installed on 12/28/2022]
KB982573 [version 1] [installed on 12/28/2022]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 :
KB2151757 [version 1] [installed on 12/28/2022]
KB2467173 [version 1] [installed on 12/28/2022]
KB2565063 [version 1] [installed on 12/28/2022]
KB982573 [version 1] [installed on 12/28/2022]
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 :
KB2455033 [version 1] [installed on 12/28/2022]
KB982517 [version 1] [installed on 12/28/2022]
Microsoft Visual Studio 2010 Shell (Isolated) - ENU :
KB983509 [version 1] [installed on 12/28/2022]
Visual Studio 2010 Prerequisites - English :
KB2413561 [version 1] [installed on 12/28/2022]
178102 - Microsoft Windows Installed Software Version Enumeration
-
Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2024/07/15
Plugin Output

tcp/445/cifs


The following software information is available on the remote host :

- Microsoft Visual Studio 2010 Shell (Isolated) - ENU
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Microsoft Visual Studio 2010 Shell (Isolated) - ENU
[UninstallString] :
Raw Value : MsiExec.exe /X{D64B6984-242F-32BC-B008-752806E5FC44}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40219
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server Management Studio - 19.0.2
Best Confidence Version : 19.0.20209.0
Version Confidence Level : 3
All Possible Versions : 19.0.20209.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[DisplayName] :
Raw Value : Microsoft SQL Server Management Studio - 19.0.2
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{8a5660e4-6781-49cb-96bb-e2ebefed84f1}\SSMS-Setup-ENU.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{8a5660e4-6781-49cb-96bb-e2ebefed84f1}\SSMS-Setup-ENU.exe
Parsed File Version : 19.0.20209.0
[DisplayVersion] :
Raw Value : 19.0.20209.0
[VersionMinor] :
Raw Value : 0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{8a5660e4-6781-49cb-96bb-e2ebefed84f1}\SSMS-Setup-ENU.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{8a5660e4-6781-49cb-96bb-e2ebefed84f1}\SSMS-Setup-ENU.exe
Parsed File Version : 19.0.20209.0

- Microsoft System CLR Types for SQL Server 2014 (x64)
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : Microsoft System CLR Types for SQL Server 2014 (x64)
[UninstallString] :
Raw Value : MsiExec.exe /I{39E91C68-66A8-4FE3-AFED-1C2D7D68AB9C}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- Npcap
Best Confidence Version : 5.1.79.117
Version Confidence Level : 3
All Possible Versions : 5.1.79.117, 1.79
Other Version Data
[VersionMajor] :
Raw Value : 1
[InstallLocation] :
Raw Value : C:\Program Files\Npcap
[DisplayName] :
Raw Value : Npcap
[UninstallString] :
Raw Value : "C:\Program Files\Npcap\uninstall.exe"
Parsed File Path : C:\Program Files\Npcap\uninstall.exe
Parsed File Version : 5.1.79.117
[DisplayVersion] :
Raw Value : 1.79
[VersionMinor] :
Raw Value : 79
[DisplayIcon] :
Raw Value : C:\Program Files\Npcap\uninstall.exe
Parsed File Path : C:\Program Files\Npcap\uninstall.exe
Parsed File Version : 5.1.79.117

- SQL Server 2014 Data quality client
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : SQL Server 2014 Data quality client
[UninstallString] :
Raw Value : MsiExec.exe /I{1B61E3E0-7021-47ED-8733-927A31300AE4}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- Microsoft SQL Server 2014 (64-bit)
Best Confidence Version :
Version Confidence Level :
All Possible Versions :
Other Version Data
[DisplayName] :
Raw Value : Microsoft SQL Server 2014 (64-bit)
[UninstallString] :
Raw Value : "c:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014\x64\SetupARP.exe"
Parsed File Path : c:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014\x64\SetupARP.exe
[Publisher] :
Raw Value : Microsoft Corporation
[DisplayIcon] :
Raw Value : "c:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014\x64\SetupARP.exe"
Parsed File Path : c:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\SQLServer2014\x64\SetupARP.exe

- SQL Server 2019 Distributed Replay
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Distributed Replay
[UninstallString] :
Raw Value : MsiExec.exe /I{D67DD60A-07F3-456F-A7CC-E273E2CF7818}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Help Viewer 2.3
Best Confidence Version : 2.3.28307
Version Confidence Level : 2
All Possible Versions : 51.119.37703, 2.3.28307
Other Version Data
[InstallDate] :
Raw Value : 2025/02/04
[DisplayIcon] :
Raw Value : msiexec.exe
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Microsoft Help Viewer\v2.3\
[UninstallString] :
Raw Value : MsiExec.exe /X{99DC6816-30B2-32EB-9E12-AF8944C4FA4E}
[VersionMinor] :
Raw Value : 3
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 33779347
Parsed Version : 51.119.37703
[DisplayVersion] :
Raw Value : 2.3.28307
[DisplayName] :
Raw Value : Microsoft Help Viewer 2.3

- SQL Server 2019 Database Engine Shared
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Database Engine Shared
[UninstallString] :
Raw Value : MsiExec.exe /I{619F0B6C-C802-422A-B4E5-294E61F68473}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Browser for SQL Server 2019
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Browser for SQL Server 2019
[UninstallString] :
Raw Value : MsiExec.exe /X{5E366957-8D78-4BB5-A790-96F97A9766BD}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[VersionMinor] :
Raw Value : 0

- Zabbix Agent (64-bit)
Best Confidence Version : 7.4.2.2400
Version Confidence Level : 2
All Possible Versions : 7.4.2.2400
Other Version Data
[InstallDate] :
Raw Value : 2025/09/10
[InstallLocation] :
Raw Value : C:\Program Files\Zabbix Agent\
[UninstallString] :
Raw Value : MsiExec.exe /I{4FD972EC-F7B5-48E8-8C6D-50C9DC54F218}
[VersionMinor] :
Raw Value : 4
[Version] :
Raw Value : 117702658
[VersionMajor] :
Raw Value : 7
[Publisher] :
Raw Value : Zabbix SIA
[DisplayVersion] :
Raw Value : 7.4.2.2400
[DisplayName] :
Raw Value : Zabbix Agent (64-bit)

- SQL Server 2019 XEvent
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 XEvent
[UninstallString] :
Raw Value : MsiExec.exe /I{228C3DC2-695E-4FC7-87E4-6A9CE905DA9B}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2019 Full text search
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Full text search
[UninstallString] :
Raw Value : MsiExec.exe /I{4A22F2D9-9ADA-4620-8C99-2A449C24902B}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268466566
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{8E7A3713-551D-333A-9271-10EF4D77A80F}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 16.0.31110
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2019 Shared Management Objects Extensions
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Shared Management Objects Extensions
[UninstallString] :
Raw Value : MsiExec.exe /I{8DDAEBCA-4267-4E16-9FE0-D87F21D36891}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft ODBC Driver 17 for SQL Server
Best Confidence Version : 17.10.5.1
Version Confidence Level : 2
All Possible Versions : 17.10.5.1
Other Version Data
[VersionMajor] :
Raw Value : 17
[Version] :
Raw Value : 285868037
[DisplayName] :
Raw Value : Microsoft ODBC Driver 17 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{57B9F896-DE52-4CFA-B7DE-9EFD00A1E020}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 17.10.5.1
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 10

- Microsoft ODBC Driver 11 for SQL Server
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : Microsoft ODBC Driver 11 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{50D6B005-B0D6-425F-953B-01331E2C7FCB}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- SQL Server Management Studio
Best Confidence Version : 19.0.20209.0
Version Confidence Level : 2
All Possible Versions : 19.0.20209.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318787313
[DisplayName] :
Raw Value : SQL Server Management Studio
[UninstallString] :
Raw Value : MsiExec.exe /I{6896642F-8E65-48E1-89EE-67CCEAEA5A04}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 19.0.20209.0
[VersionMinor] :
Raw Value : 0

- NXLog-CE
Best Confidence Version : 3.2.2329
Version Confidence Level : 2
All Possible Versions : 80.70.20553, 3.2.2329
Other Version Data
[InstallDate] :
Raw Value : 2024/12/12
[InstallLocation] :
Raw Value : C:\Program Files\nxlog\
[UninstallString] :
Raw Value : MsiExec.exe /X{BE5E656D-853E-4570-AE57-A45967208689}
[VersionMinor] :
Raw Value : 2
[Version] :
Raw Value : 50465049
Parsed Version : 80.70.20553
[VersionMajor] :
Raw Value : 3
[Publisher] :
Raw Value : NXLog Ltd
[DisplayVersion] :
Raw Value : 3.2.2329
[DisplayName] :
Raw Value : NXLog-CE

- Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
Best Confidence Version : 12.0.40664
Version Confidence Level : 2
All Possible Versions : 12.0.40664
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201367256
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
[UninstallString] :
Raw Value : MsiExec.exe /X{D401961D-3A20-3AC7-943B-6139D5BD490A}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 12.0.40664
[VersionMinor] :
Raw Value : 0

- Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
Best Confidence Version : 10.0.40220
Version Confidence Level : 2
All Possible Versions : 10.0.40220
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812380
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications x86 Runtime 3.0
[UninstallString] :
Raw Value : MsiExec.exe /X{191A6F65-6878-398D-A272-EF011B80F371}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40220
[VersionMinor] :
Raw Value : 0

- Microsoft Visual Studio Tools for Applications x64 Runtime 3.0
Best Confidence Version : 10.0.40220
Version Confidence Level : 2
All Possible Versions : 10.0.40220
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812380
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications x64 Runtime 3.0
[UninstallString] :
Raw Value : MsiExec.exe /X{F14401A9-F0A0-33CC-8444-F60823A60DEB}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40220
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Best Confidence Version : 12.0.40664.0
Version Confidence Level : 3
All Possible Versions : 12.0.40664.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe
Parsed File Version : 12.0.40664.0
[DisplayVersion] :
Raw Value : 12.0.40664.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe
Parsed File Version : 12.0.40664.0

- Microsoft Analysis Services OLE DB Provider
Best Confidence Version : 16.0.5143.0
Version Confidence Level : 2
All Possible Versions : 16.0.5143.0
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268440599
[DisplayName] :
Raw Value : Microsoft Analysis Services OLE DB Provider
[UninstallString] :
Raw Value : MsiExec.exe /I{8D96B285-698F-42BA-B483-A0A54D75ECD6}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 16.0.5143.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2014 Transact-SQL ScriptDom
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : Microsoft SQL Server 2014 Transact-SQL ScriptDom
[UninstallString] :
Raw Value : MsiExec.exe /I{6CC673B9-F743-47AD-8962-C00CA5300016}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- IIS URL Rewrite Module 2
Best Confidence Version : 7.2.1993
Version Confidence Level : 2
All Possible Versions : 7.2.1993
Other Version Data
[VersionMajor] :
Raw Value : 7
[Version] :
Raw Value : 117573577
[DisplayName] :
Raw Value : IIS URL Rewrite Module 2
[UninstallString] :
Raw Value : MsiExec.exe /X{9BCA2118-F753-4A1E-BCF3-5A820729965C}
[InstallDate] :
Raw Value : 2025/07/07
[DisplayVersion] :
Raw Value : 7.2.1993
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 2

- SQL Server 2019 SQL Data Quality Common
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 SQL Data Quality Common
[UninstallString] :
Raw Value : MsiExec.exe /I{DE61B584-A1E5-4AB4-810B-EC2F8C106B00}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Visual Studio 2010 Prerequisites - English
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Visual Studio 2010 Prerequisites - English
[UninstallString] :
Raw Value : MsiExec.exe /X{662014D2-0450-37ED-ABAE-157C88127BEB}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40219
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050}
[InstallDate] :
Raw Value : 2025/03/11
[DisplayVersion] :
Raw Value : 14.36.32532
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 36

- SQL Server 2019 DMF
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 DMF
[UninstallString] :
Raw Value : MsiExec.exe /I{FC8DC283-4A85-467F-8D0E-2FE4606DCCA1}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Integration Services
Best Confidence Version : 16.0.5107.0
Version Confidence Level : 2
All Possible Versions : 16.0.5107.0
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268440563
[DisplayName] :
Raw Value : Integration Services
[UninstallString] :
Raw Value : MsiExec.exe /I{7E7A5720-D189-4042-8AC0-D0836D173A43}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 16.0.5107.0
[VersionMinor] :
Raw Value : 0

- Kaspersky Security Center Network Agent
Best Confidence Version : 14.2.0.26967
Version Confidence Level : 2
All Possible Versions : 14.2.0.26967
Other Version Data
[InstallDate] :
Raw Value : 2023/04/06
[DisplayIcon] :
Raw Value : C:\Windows\Installer\{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5}\setup2.ico
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\
[UninstallString] :
Raw Value : MsiExec.exe /I{BCF4CF24-88AB-45E1-A6E6-40C8278A70C5} /l*v "C:\Windows\Temp\$klnagent-uninstall.log"
[VersionMinor] :
Raw Value : 2
[Version] :
Raw Value : 235012096
[VersionMajor] :
Raw Value : 14
[DisplayVersion] :
Raw Value : 14.2.0.26967
[DisplayName] :
Raw Value : Kaspersky Security Center Network Agent

- Microsoft .NET Framework 4 Multi-Targeting Pack
Best Confidence Version : 4.0.30319
Version Confidence Level : 2
All Possible Versions : 103.19.37251, 4.0.30319
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67139183
Parsed Version : 103.19.37251
[DisplayName] :
Raw Value : Microsoft .NET Framework 4 Multi-Targeting Pack
[UninstallString] :
Raw Value : MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 4.0.30319
[VersionMinor] :
Raw Value : 0

- Microsoft Application Error Reporting
Best Confidence Version : 12.0.6012.5000
Version Confidence Level : 2
All Possible Versions : 12.0.6012.5000
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201332604
[DisplayName] :
Raw Value : Microsoft Application Error Reporting
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 12.0.6012.5000
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
[UninstallString] :
Raw Value : MsiExec.exe /X{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40219
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2019 T-SQL Language Service
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 T-SQL Language Service
[UninstallString] :
Raw Value : MsiExec.exe /I{31D27B41-A051-49D8-907A-62E0F4A2188C}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2019 Connection Info
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Connection Info
[UninstallString] :
Raw Value : MsiExec.exe /I{99B940D5-1A49-4B6C-B26C-6A88B2C061CA}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Visual Studio 2017 Isolated Shell for SSMS
Best Confidence Version : 15.0.28308.421
Version Confidence Level : 2
All Possible Versions : 15.0.28308.421
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251686548
[DisplayName] :
Raw Value : Visual Studio 2017 Isolated Shell for SSMS
[UninstallString] :
Raw Value : MsiExec.exe /I{0C69A55F-BC72-4AFB-BAEF-C5DEF9C32B9A}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.28308.421
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Best Confidence Version : 14.36.32532.0
Version Confidence Level : 3
All Possible Versions : 14.36.32532.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
Parsed File Version : 14.36.32532.0
[DisplayVersion] :
Raw Value : 14.36.32532.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
Parsed File Version : 14.36.32532.0

- Microsoft Help Viewer 1.1
Best Confidence Version : 5.0.17763.3650
Version Confidence Level : 3
All Possible Versions : 5.0.17763.3650, 22.136.10609, 1.1.40219
Other Version Data
[InstallDate] :
Raw Value : 2022/12/28
[DisplayIcon] :
Raw Value : C:\Windows\system32\msiexec.exe
Parsed File Path : C:\Windows\system32\msiexec.exe
Parsed File Version : 5.0.17763.3650
[InstallLocation] :
Raw Value : C:\Program Files\Microsoft Help Viewer\v1.0\
[UninstallString] :
Raw Value : MsiExec.exe /X{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}
[VersionMinor] :
Raw Value : 1
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16882971
Parsed Version : 22.136.10609
[Publisher] :
Raw Value : Microsoft Corporation
[DisplayVersion] :
Raw Value : 1.1.40219
[DisplayName] :
Raw Value : Microsoft Help Viewer 1.1

- SQL Server 2019 Analysis Services
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Analysis Services
[UninstallString] :
Raw Value : MsiExec.exe /I{F01BC425-ABD3-41AA-9B88-8B1521B2B5D0}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2014 Integration Services
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : SQL Server 2014 Integration Services
[UninstallString] :
Raw Value : MsiExec.exe /I{327B1B40-2434-4DC5-9D4D-B9B24D4B2EDE}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support
Best Confidence Version : 15.0.27520
Version Confidence Level : 2
All Possible Versions : 15.0.27520
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251685760
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{9594C97E-6A20-38B3-81BB-2778C4780BE1}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.27520
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2012 Native Client
Best Confidence Version : 11.4.7462.6
Version Confidence Level : 2
All Possible Versions : 11.4.7462.6
Other Version Data
[VersionMajor] :
Raw Value : 11
[Version] :
Raw Value : 184818982
[DisplayName] :
Raw Value : Microsoft SQL Server 2012 Native Client
[UninstallString] :
Raw Value : MsiExec.exe /I{9D93D367-A2CC-4378-BD63-79EF3FE76C78}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 11.4.7462.6
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 4

- Google Update Helper
Best Confidence Version : 1.3.33.7
Version Confidence Level : 2
All Possible Versions : 22.151.14423, 1.3.33.7
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16973857
Parsed Version : 22.151.14423
[DisplayName] :
Raw Value : Google Update Helper
[UninstallString] :
Raw Value : MsiExec.exe /I{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 1.3.33.7
[VersionMinor] :
Raw Value : 3

- Microsoft Report Viewer 2014 Runtime
Best Confidence Version : 12.0.2000.8
Version Confidence Level : 2
All Possible Versions : 12.0.2000.8
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201328592
[DisplayName] :
Raw Value : Microsoft Report Viewer 2014 Runtime
[UninstallString] :
Raw Value : MsiExec.exe /I{327E9C0D-1687-414F-923E-F5979E549548}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 12.0.2000.8
[VersionMinor] :
Raw Value : 0

- SecPod Saner
Best Confidence Version : 6.3.0.0
Version Confidence Level : 3
All Possible Versions : 6.3.0.0, 6.3.0.1
Other Version Data
[InstallLocation] :
Raw Value : C:\Program Files (x86)\SecPod Saner
[DisplayName] :
Raw Value : SecPod Saner
[UninstallString] :
Raw Value : "C:\Program Files (x86)\SecPod Saner\Agent\bin\spsaneruninstall.exe"
Parsed File Path : C:\Program Files (x86)\SecPod Saner\Agent\bin\spsaneruninstall.exe
Parsed File Version : 6.3.0.0
[DisplayVersion] :
Raw Value : 6.3.0.1
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\SecPod Saner\Agent\icon.ico

- Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support
Best Confidence Version : 15.0.27520
Version Confidence Level : 2
All Possible Versions : 15.0.27520
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251685760
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{AFFB9D8D-6E58-38A0-A7DD-F6F1F4247B36}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.27520
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- VMware Tools
Best Confidence Version : 10.1.15.6677369
Version Confidence Level : 2
All Possible Versions : 10.1.15.6677369
Other Version Data
[InstallDate] :
Raw Value : 2021/12/07
[InstallLocation] :
Raw Value : C:\Program Files\VMware\VMware Tools\
[UninstallString] :
Raw Value : MsiExec.exe /I{7CFC363A-72CE-409C-97C2-E497A1D831FC}
[VersionMinor] :
Raw Value : 1
[Version] :
Raw Value : 167837711
[VersionMajor] :
Raw Value : 10
[Publisher] :
Raw Value : VMware, Inc.
[DisplayVersion] :
Raw Value : 10.1.15.6677369
[DisplayName] :
Raw Value : VMware Tools

- Kaspersky Endpoint Security for Windows
Best Confidence Version : 11.15.8.493
Version Confidence Level : 2
All Possible Versions : 11.15.8.493
Other Version Data
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\
[DisplayName] :
Raw Value : Kaspersky Endpoint Security for Windows
[DisplayVersion] :
Raw Value : 11.15.8.493

- SQL Server 2014 SQL Data Quality Common
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : SQL Server 2014 SQL Data Quality Common
[UninstallString] :
Raw Value : MsiExec.exe /I{2D95D8C0-0DC4-44A6-A729-1E2388D2C03E}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Best Confidence Version : 9.0.30729.6161
Version Confidence Level : 2
All Possible Versions : 9.0.30729.6161
Other Version Data
[VersionMajor] :
Raw Value : 9
[Version] :
Raw Value : 151025673
[DisplayName] :
Raw Value : Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
[UninstallString] :
Raw Value : MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
[InstallDate] :
Raw Value : 2021/12/07
[DisplayVersion] :
Raw Value : 9.0.30729.6161
[VersionMinor] :
Raw Value : 0

- Acronis Cyber Protect
Best Confidence Version : 15.0.1.36514
Version Confidence Level : 3
All Possible Versions : 15.0.1.36514, 15.0.36514
Other Version Data
[DisplayName] :
Raw Value : Acronis Cyber Protect
[UninstallString] :
Raw Value : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Path : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Version : 15.0.1.36514
[DisplayVersion] :
Raw Value : 15.0.36514
[Publisher] :
Raw Value : Acronis
[DisplayIcon] :
Raw Value : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Path : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Version : 15.0.1.36514

- Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Best Confidence Version : 9.0.30729.6161
Version Confidence Level : 2
All Possible Versions : 9.0.30729.6161
Other Version Data
[VersionMajor] :
Raw Value : 9
[Version] :
Raw Value : 151025673
[DisplayName] :
Raw Value : Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
[UninstallString] :
Raw Value : MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
[InstallDate] :
Raw Value : 2021/12/07
[DisplayVersion] :
Raw Value : 9.0.30729.6161
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- WinRAR 5.91 (64-bit)
Best Confidence Version : 5.91.0.0
Version Confidence Level : 3
All Possible Versions : 5.91.0.0, 5.91.0
Other Version Data
[VersionMajor] :
Raw Value : 5
[InstallLocation] :
Raw Value : C:\Program Files\WinRAR\
[DisplayName] :
Raw Value : WinRAR 5.91 (64-bit)
[UninstallString] :
Raw Value : C:\Program Files\WinRAR\uninstall.exe
Parsed File Path : C:\Program Files\WinRAR\uninstall.exe
Parsed File Version : 5.91.0.0
[DisplayVersion] :
Raw Value : 5.91.0
[Publisher] :
Raw Value : win.rar GmbH
[VersionMinor] :
Raw Value : 91
[DisplayIcon] :
Raw Value : C:\Program Files\WinRAR\WinRAR.exe
Parsed File Path : C:\Program Files\WinRAR\WinRAR.exe
Parsed File Version : 5.91.0.0

- SQL Server 2014 Documentation Components
Best Confidence Version : 12.0.2000.8
Version Confidence Level : 2
All Possible Versions : 12.0.2000.8
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201328592
[DisplayName] :
Raw Value : SQL Server 2014 Documentation Components
[UninstallString] :
Raw Value : MsiExec.exe /I{5EACF47D-EB70-4FE0-83DE-9FD9693C24B9}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 12.0.2000.8
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft VSS Writer for SQL Server 2019
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Microsoft VSS Writer for SQL Server 2019
[UninstallString] :
Raw Value : MsiExec.exe /I{2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit)
Best Confidence Version : 2014.120.6024.0
Version Confidence Level : 3
All Possible Versions : 2014.120.6024.0, 12.3.6024.0
Other Version Data
[DisplayName] :
Raw Value : Service Pack 3 for SQL Server 2014 (KB4022619) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\Update Cache\KB4022619\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\120\Setup Bootstrap\Update Cache\KB4022619\ServicePack\setup.exe
Parsed File Version : 2014.120.6024.0
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation

- SQL Server 2014 Common Files
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : SQL Server 2014 Common Files
[UninstallString] :
Raw Value : MsiExec.exe /I{F7012F84-80F5-4C25-852E-B1BA03276FE6}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- SQL Server 2019 Database Engine Services
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Database Engine Services
[UninstallString] :
Raw Value : MsiExec.exe /I{97E1B195-1A3F-4594-BC2B-BE2FD72AC74D}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
[UninstallString] :
Raw Value : MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40219
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2}
[InstallDate] :
Raw Value : 2025/03/11
[DisplayVersion] :
Raw Value : 14.36.32532
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 36

- SQL Server 2014 Client Tools
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : SQL Server 2014 Client Tools
[UninstallString] :
Raw Value : MsiExec.exe /I{2BA1811B-44C0-4C50-8C5A-CE68AB25ED71}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- Microsoft Visual Studio Tools for Applications 2017
Best Confidence Version : 15.0.27520.0
Version Confidence Level : 3
All Possible Versions : 15.0.27520.0, 15.0.27520
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2017
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe
Parsed File Version : 15.0.27520.0
[DisplayVersion] :
Raw Value : 15.0.27520
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe
Parsed File Version : 15.0.27520.0

- Microsoft SQL Server System CLR Types
Best Confidence Version : 10.51.2500.0
Version Confidence Level : 2
All Possible Versions : 10.51.2500.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 171116996
[DisplayName] :
Raw Value : Microsoft SQL Server System CLR Types
[UninstallString] :
Raw Value : MsiExec.exe /I{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.51.2500.0
[VersionMinor] :
Raw Value : 51

- Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X86 Additional Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{C2C59CAB-8766-4ABD-A8EF-1151A36C41E5}
[InstallDate] :
Raw Value : 2025/03/11
[DisplayVersion] :
Raw Value : 14.36.32532
[VersionMinor] :
Raw Value : 36

- Microsoft SQL Server 2014 Transact-SQL Compiler Service
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : Microsoft SQL Server 2014 Transact-SQL Compiler Service
[UninstallString] :
Raw Value : MsiExec.exe /I{492E752D-F672-42B4-95F9-6AEE613CC3B6}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- SQL Server 2019 Shared Management Objects
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Shared Management Objects
[UninstallString] :
Raw Value : MsiExec.exe /I{A8581199-F913-443B-B058-8E8BF317E71C}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2014 Management Studio
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : SQL Server 2014 Management Studio
[UninstallString] :
Raw Value : MsiExec.exe /I{75A54138-3B98-4705-92E4-F619825B121F}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- SQL Server 2019 Data quality client
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Data quality client
[UninstallString] :
Raw Value : MsiExec.exe /I{089D4965-E3F7-4712-98AB-FA612518F81E}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Kaspersky Endpoint Security for Windows
Best Confidence Version : 12.3.0.493
Version Confidence Level : 2
All Possible Versions : 12.3.0.493
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201523200
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\
[DisplayName] :
Raw Value : Kaspersky Endpoint Security for Windows
[UninstallString] :
Raw Value : msiexec.exe /x {8409A30E-CDF7-4800-B389-FB0A8FB6CE2C}
[InstallDate] :
Raw Value : 2023/12/02
[DisplayVersion] :
Raw Value : 12.3.0.493
[VersionMinor] :
Raw Value : 3

- VNC Enterprise Edition E4.6.1
Best Confidence Version : 51.52.0.0
Version Confidence Level : 3
All Possible Versions : 51.52.0.0, E4.6.1, 4.6.1.54321
Other Version Data
[InstallLocation] :
Raw Value : C:\Program Files\RealVNC\VNC4\
[DisplayName] :
Raw Value : VNC Enterprise Edition E4.6.1
[UninstallString] :
Raw Value : "C:\Program Files\RealVNC\VNC4\unins000.exe"
Parsed File Path : C:\Program Files\RealVNC\VNC4\unins000.exe
Parsed File Version : 51.52.0.0
[InstallDate] :
Raw Value : 2020/12/06
[DisplayVersion] :
Raw Value : E4.6.1
[Publisher] :
Raw Value : RealVNC Ltd
[DisplayIcon] :
Raw Value : C:\Program Files\RealVNC\VNC4\VNCViewer.exe,0
Parsed File Path : C:\Program Files\RealVNC\VNC4\VNCViewer.exe
Parsed File Version : 4.6.1.54321

- SQL Server 2019 Client Tools
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Client Tools
[UninstallString] :
Raw Value : MsiExec.exe /I{9F3D48F5-4184-444C-A810-845C6F078721}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2019 Client Tools Extensions
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Client Tools Extensions
[UninstallString] :
Raw Value : MsiExec.exe /I{EA0ADED4-831D-45B3-B612-C7FD0A1E2BAB}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft OLE DB Driver 19 for SQL Server
Best Confidence Version : 19.2.0.0
Version Confidence Level : 2
All Possible Versions : 19.2.0.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318898176
[DisplayName] :
Raw Value : Microsoft OLE DB Driver 19 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{D500075B-3C32-4825-A297-473FF88C68A5}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 19.2.0.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 2

- SQL Server Management Studio Language Pack - English
Best Confidence Version : 19.0.20209.0
Version Confidence Level : 2
All Possible Versions : 19.0.20209.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318787313
[DisplayName] :
Raw Value : SQL Server Management Studio Language Pack - English
[UninstallString] :
Raw Value : MsiExec.exe /I{B8F284F5-642E-4644-BBA0-4B8748C36FDD}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 19.0.20209.0
[VersionMinor] :
Raw Value : 0

- SQL Server 2019 Data quality service
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Data quality service
[UninstallString] :
Raw Value : MsiExec.exe /I{9F853C8B-E6C0-4D9E-849F-EB284DE29EC9}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Best Confidence Version : 10.0.40219
Version Confidence Level : 2
All Possible Versions : 10.0.40219
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167812379
[DisplayName] :
Raw Value : Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
[UninstallString] :
Raw Value : MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.0.40219
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Hotfix 4335 for SQL Server 2019 (KB5030333) (64-bit)
Best Confidence Version : 2019.150.4335.1
Version Confidence Level : 3
All Possible Versions : 2019.150.4335.1, 15.0.4335.1
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4335 for SQL Server 2019 (KB5030333) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5030333\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5030333\QFE\setup.exe
Parsed File Version : 2019.150.4335.1
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.4335.1
[Publisher] :
Raw Value : Microsoft Corporation

- Microsoft SQL Server 2019 Setup (English)
Best Confidence Version : 15.0.4335.1
Version Confidence Level : 2
All Possible Versions : 15.0.4335.1
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251662575
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 Setup (English)
[UninstallString] :
Raw Value : MsiExec.exe /X{6DB2BB97-BC43-45EE-920B-09AF9FA4CFAC}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.4335.1
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Cyber Protect
Best Confidence Version : 15.0.36514
Version Confidence Level : 2
All Possible Versions : 15.0.36514
Other Version Data
[InstallDate] :
Raw Value : 2023/10/13
[InstallLocation] :
Raw Value : C:\Program Files\BackupClient\
[UninstallString] :
Raw Value : MsiExec.exe /X{C3C08FBE-639E-4453-963C-0959CF18D60C}
[VersionMinor] :
Raw Value : 0
[Version] :
Raw Value : 251694754
[VersionMajor] :
Raw Value : 15
[Publisher] :
Raw Value : Acronis
[DisplayVersion] :
Raw Value : 15.0.36514
[DisplayName] :
Raw Value : Cyber Protect

- Microsoft SQL Server 2008 R2 Management Objects
Best Confidence Version : 10.51.2500.0
Version Confidence Level : 2
All Possible Versions : 10.51.2500.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 171116996
[DisplayName] :
Raw Value : Microsoft SQL Server 2008 R2 Management Objects
[UninstallString] :
Raw Value : MsiExec.exe /I{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.51.2500.0
[VersionMinor] :
Raw Value : 51

- SSMS Post Install Tasks
Best Confidence Version : 19.0.20209.0
Version Confidence Level : 2
All Possible Versions : 19.0.20209.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318787313
[DisplayName] :
Raw Value : SSMS Post Install Tasks
[UninstallString] :
Raw Value : MsiExec.exe /I{91C80543-ECE0-4CF2-8A21-B6EAE18B9438}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 19.0.20209.0
[VersionMinor] :
Raw Value : 0

- SQL Server 2019 Integration Services
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Integration Services
[UninstallString] :
Raw Value : MsiExec.exe /I{BEB4DA4D-7186-4FA6-8563-3EA3F007FBC0}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Google Chrome
Best Confidence Version : 143.0.7499.193
Version Confidence Level : 3
All Possible Versions : 143.0.7499.193
Other Version Data
[InstallDate] :
Raw Value : 2026/01/09
[DisplayIcon] :
Raw Value : C:\Program Files\Google\Chrome\Application\chrome.exe,0
Parsed File Path : C:\Program Files\Google\Chrome\Application\chrome.exe
Parsed File Version : 143.0.7499.193
[InstallLocation] :
Raw Value : C:\Program Files\Google\Chrome\Application
[UninstallString] :
Raw Value : "C:\Program Files\Google\Chrome\Application\143.0.7499.193\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging
Parsed File Path : C:\Program Files\Google\Chrome\Application\143.0.7499.193\Installer\setup.exe
Parsed File Version : 143.0.7499.193
[VersionMinor] :
Raw Value : 193
[Version] :
Raw Value : 143.0.7499.193
[VersionMajor] :
Raw Value : 7499
[DisplayVersion] :
Raw Value : 143.0.7499.193
[DisplayName] :
Raw Value : Google Chrome

- SQL Server 2019 Common Files
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Common Files
[UninstallString] :
Raw Value : MsiExec.exe /I{5E4344C9-8B97-4ED9-8760-57E221C240F4}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2019 RsFx Driver
Best Confidence Version : 15.0.4335.1
Version Confidence Level : 2
All Possible Versions : 15.0.4335.1
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251662575
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 RsFx Driver
[UninstallString] :
Raw Value : MsiExec.exe /I{E898F065-FAEF-4D84-99E0-D84308B91971}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.4335.1
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
Best Confidence Version : 12.0.40664
Version Confidence Level : 2
All Possible Versions : 12.0.40664
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201367256
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
[UninstallString] :
Raw Value : MsiExec.exe /X{8122DAB1-ED4D-3676-BB0A-CA368196543E}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 12.0.40664
[VersionMinor] :
Raw Value : 0

- Azure Data Studio
Best Confidence Version : 51.1052.0.0
Version Confidence Level : 3
All Possible Versions : 51.1052.0.0, 1.41.2, 1.41.2.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[InstallLocation] :
Raw Value : C:\Program Files\Azure Data Studio\
[DisplayName] :
Raw Value : Azure Data Studio
[UninstallString] :
Raw Value : "C:\Program Files\Azure Data Studio\unins000.exe"
Parsed File Path : C:\Program Files\Azure Data Studio\unins000.exe
Parsed File Version : 51.1052.0.0
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 1.41.2
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 41
[DisplayIcon] :
Raw Value : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Path : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Version : 1.41.2.0

- Microsoft OLE DB Driver for SQL Server
Best Confidence Version : 18.6.7.0
Version Confidence Level : 2
All Possible Versions : 18.6.7.0
Other Version Data
[VersionMajor] :
Raw Value : 18
[Version] :
Raw Value : 302383111
[DisplayName] :
Raw Value : Microsoft OLE DB Driver for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{EBC362C3-E2BD-41A6-BC10-F07D52F1509E}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 18.6.7.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 6

- Microsoft SQL Server 2008 Setup Support Files
Best Confidence Version : 10.3.5500.0
Version Confidence Level : 2
All Possible Versions : 10.3.5500.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167974268
[DisplayName] :
Raw Value : Microsoft SQL Server 2008 Setup Support Files
[UninstallString] :
Raw Value : MsiExec.exe /X{6292D514-17A4-403F-98F9-E150F10C043D}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 10.3.5500.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 3

- SQL Server 2019 SQL Diagnostics
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 SQL Diagnostics
[UninstallString] :
Raw Value : MsiExec.exe /I{28ED6838-D8E5-454C-A813-12C5EB447CAB}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- SQL Server 2014 Distributed Replay
Best Confidence Version : 12.0.2000.8
Version Confidence Level : 2
All Possible Versions : 12.0.2000.8
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201328592
[DisplayName] :
Raw Value : SQL Server 2014 Distributed Replay
[UninstallString] :
Raw Value : MsiExec.exe /I{B5D457CD-3E1A-4D6C-8D16-6030E88DAF35}
[InstallDate] :
Raw Value : 2022/12/28
[DisplayVersion] :
Raw Value : 12.0.2000.8
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268466566
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{E7A0CD34-1F9B-3496-ADB3-2F180D302F6A}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 16.0.31110
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
Best Confidence Version : 14.36.32532.0
Version Confidence Level : 3
All Possible Versions : 14.36.32532.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.36.32532
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
Parsed File Version : 14.36.32532.0
[DisplayVersion] :
Raw Value : 14.36.32532.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{410c0ee1-00bb-41b6-9772-e12c2828b02f}\VC_redist.x86.exe
Parsed File Version : 14.36.32532.0

- Microsoft Visual Studio Tools for Applications 2019
Best Confidence Version : 16.0.31110.0
Version Confidence Level : 3
All Possible Versions : 16.0.31110.0, 16.0.31110
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe
Parsed File Version : 16.0.31110.0
[DisplayVersion] :
Raw Value : 16.0.31110
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe
Parsed File Version : 16.0.31110.0

- Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{73F77E4E-5A17-46E5-A5FC-8A061047725F}
[InstallDate] :
Raw Value : 2025/03/11
[DisplayVersion] :
Raw Value : 14.36.32532
[VersionMinor] :
Raw Value : 36

- Microsoft SQL Server 2014 Policies
Best Confidence Version : 12.3.6024.0
Version Confidence Level : 2
All Possible Versions : 12.3.6024.0
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201529224
[DisplayName] :
Raw Value : Microsoft SQL Server 2014 Policies
[UninstallString] :
Raw Value : MsiExec.exe /I{1C30FE7E-8A8C-4492-89D6-10CB20C3B0EB}
[InstallDate] :
Raw Value : 2023/12/05
[DisplayVersion] :
Raw Value : 12.3.6024.0
[VersionMinor] :
Raw Value : 3

- Nmap 7.95
Best Confidence Version : 7.95.0.0
Version Confidence Level : 3
All Possible Versions : 7.95.0.0, 7.95
Other Version Data
[DisplayName] :
Raw Value : Nmap 7.95
[UninstallString] :
Raw Value : "C:\Program Files (x86)\Nmap\uninstall.exe"
Parsed File Path : C:\Program Files (x86)\Nmap\uninstall.exe
Parsed File Version : 7.95.0.0
[DisplayVersion] :
Raw Value : 7.95
[DisplayIcon] :
Raw Value : "C:\Program Files (x86)\Nmap\icon1.ico"

- SQL Server 2019 Batch Parser
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Batch Parser
[UninstallString] :
Raw Value : MsiExec.exe /I{D459615B-83B0-408F-8F39-6CC07C277BA6}
[InstallDate] :
Raw Value : 2025/02/04
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server 2019 (64-bit)
Best Confidence Version : 15.0.4335.1
Version Confidence Level : 3
All Possible Versions : 15.0.4335.1
Other Version Data
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe"
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe
Parsed File Version : 15.0.4335.1
[Publisher] :
Raw Value : Microsoft Corporation
[DisplayIcon] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe"
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe
Parsed File Version : 15.0.4335.1

92366 - Microsoft Windows Last Boot Time
-
Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/07/09
Plugin Output

tcp/0

Last reboot : 2025-04-17T15:11:06+05:30 (20250417151106.134569+330)

161502 - Microsoft Windows Logged On Users
-
Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enumerate the SIDs of logged on users
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/05/25, Modified: 2025/10/01
Plugin Output

tcp/445/cifs

Logged on users :
- S-1-5-21-1687551350-3880216100-4069998428-1009
Domain : SPINE-HRMS
Username : tidua
- S-1-5-21-1687551350-3880216100-4069998428-500
Domain : SPINE-HRMS
Username : production
63080 - Microsoft Windows Mounted Devices
-
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/11/28, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Name : \??\volume{7d017e37-865f-11ed-9a13-005056bc6c90}
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f0064005f005600690072007400750061006c005f004400560044002d0052004f004d002300320026003100660034006100640066006600650026003000260030003000300030003000310023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{73d8349d-37ef-11eb-9a05-806e6f6e6963}
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\g:
Data : \??\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f004d007300660074002600500072006f0064005f005600690072007400750061006c005f004400560044002d0052004f004d002300320026003100660034006100640066006600650026003000260030003000300030003000310023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{49aad8eb-90d3-11ee-9a28-806e6f6e6963}
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&1778b74b&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300350026003100370037003800620037003400620026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\h:
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#5&2a3267f0&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200310030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300350026003200610033003200360037006600300026003000260031002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\e:
Data :
Raw data : ead118f80000100000000000

Name : \dosdevices\a:
Data : \??\FDC#GENERIC_FLOPPY_DRIVE#6&1b0d1d81&0&0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c004600440043002300470045004e0045005200490043005f0046004c004f005000500059005f004400520049005600450023003600260031006200300064003100640038003100260030002600300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\f:
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR00_______________1.00____#5&1778b74b&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200300030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300350026003100370037003800620037003400620026003000260030002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{73d8349c-37ef-11eb-9a05-806e6f6e6963}
Data : \??\IDE#CdRomNECVMWar_VMware_IDE_CDR10_______________1.00____#5&2a3267f0&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c0049004400450023004300640052006f006d004e004500430056004d005700610072005f0056004d0077006100720065005f004900440045005f00430044005200310030005f005f005f005f005f005f005f005f005f005f005f005f005f005f005f0031002e00300030005f005f005f005f002300350026003200610033003200360037006600300026003000260031002e0030002e00300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\c:
Data : +nK`"
Raw data : 2b6e4bfa0000602200000000

Name : \dosdevices\d:
Data : DMIO:ID:^PVl
Raw data : 444d494f3a49443afb9de2945e86ed119a12005056bc6c90

92372 - Microsoft Windows NetBIOS over TCP/IP Info
-
Synopsis
Nessus was able to collect and report NBT information from the remote host.
Description
Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

NBT information attached.
First 10 lines of all CSVs:
nbtstat_local.csv:
Interface,Name,Suffix,Type,Status,MAC
172.17.100.20,SPINE-HRMS,<00>,UNIQUE,Registered,00:50:56:BC:92:1F
172.17.100.20,WORKGROUP,<00>,GROUP,Registered,00:50:56:BC:92:1F
172.17.100.20,SPINE-HRMS,<20>,UNIQUE,Registered,00:50:56:BC:92:1F

103871 - Microsoft Windows Network Adapters
-
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0758
Plugin Information
Published: 2017/10/17, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Network Adapter Driver Description : Intel(R) 82574L Gigabit Network Connection
Network Adapter Driver Version : 12.15.22.6
65791 - Microsoft Windows Portable Devices
-
Synopsis
It is possible to get a list of portable devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that use of the portable devices agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2013/04/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Friendly name : Misc
Device : SWD#WPDBUSENUM#{3D559B4A-91B6-11ED-9A1D-806E6F6E6963}#0000000000100000

Friendly name : Misc
Device : SWD#WPDBUSENUM#{3EB75C1B-91A4-11ED-9A1C-005056BC6C90}#0000000000100000

Friendly name : New Volume
Device : SWD#WPDBUSENUM#{73D83489-37EF-11EB-9A05-806E6F6E6963}#0000000000100000

92367 - Microsoft Windows PowerShell Execution Policy
-
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/06/12
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned

151440 - Microsoft Windows Print Spooler Service Enabled
-
Synopsis
The Microsoft Windows Print Spooler service on the remote host is enabled.
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/07, Modified: 2021/07/07
Plugin Output

tcp/445/cifs

The Microsoft Windows Print Spooler service on the remote host is enabled.

70329 - Microsoft Windows Process Information
-
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2025/12/15
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (608)
2 : csrss.exe (10612)
2 : winlogon.exe (10660)
2 : |- fontdrvhost.exe (10788)
2 : |- dwm.exe (10824)
2 : |- LogonUI.exe (4268)
3 : winlogon.exe (1132)
3 : |- LogonUI.exe (16720)
3 : |- dwm.exe (17952)
3 : |- fontdrvhost.exe (19372)
2 : explorer.exe (11684)
2 : |- rundll32.exe (12948)
2 : |- schedhlp.exe (12996)
2 : |- MmsMonitor.exe (13036)
2 : |- MmsMonitor.exe (13196)
2 : |- MmsMonitor.exe (13284)
2 : |- MmsMonitor.exe (13308)
2 : |- iexplore.exe (16680)
2 : |- iexplore.exe (17376)
2 : |- Ssms.exe (17444)
2 : |- cmd.exe (18924)
2 : |- conhost.exe (1200)
2 : |- mmc.exe (2768)
2 : |- notepad.exe (5224)
2 : |- mmc.exe (6012)
2 : |- notepad.exe (9244)
3 : tib_mounter_monitor.exe (13008)
2 : tib_mounter_monitor.exe (13648)
3 : explorer.exe (148)
3 : |- schedhlp.exe (17656)
3 : |- MmsMonitor.exe (2728)
3 : |- MmsMonitor.exe (12240)
3 : |- MmsMonitor.exe (4024)
3 : |- MmsMonitor.exe (5324)
3 : csrss.exe (16320)
3 : ServerManager.exe (18220)
0 : Registry (212)
0 : conhost.exe (6928)
0 : csrss.exe (720)
0 : wininit.exe (828)
0 : |- fontdrvhost.exe (820)
0 : |- services.exe (968)
0 : |- svchost.exe (1064)
0 : |- svchost.exe (11108)
0 : |- svchost.exe (1112)
0 : |- svchost.exe (11152)
0 : |- svchost.exe (11456)
2 : |- ctfmon.exe (11508)
3 : |- ctfmon.exe (19972)
0 : |- svchost.exe (11500)
0 : |- svchost.exe (1168)
0 : |- inetinfo.exe (11924)
0 : |- schedul2.exe (120)
0 : |- acp-update-controller.exe (12180)
0 : |- svchost.exe (1280)
2 : |- rdpclip.exe (10304)
3 : |- rdpclip.exe (18368)
0 : |- svchost.exe (12880)
0 : |- svchost.exe (12956)
0 : |- svchost.exe (13228)
0 : |- klnagent.exe (13348)
0 : |- vapm.exe (732)
0 : |- svchost.exe (13368)
0 : |- svchost.exe (1380)
0 : |- svchost.exe (1388)
0 : |- svchost.exe (1420)
0 : |- svchost.exe (1428)
0 : |- svchost.exe (1436)
0 : |- svchost.exe (14696)
0 : |- SecurityHealthService.exe (15548)
3 : |- svchost.exe (15868)
0 : |- svchost.exe (1616)
0 : |- svchost.exe (16160)
0 : |- svchost.exe (16504)
0 : |- w3wp.exe (14376)
0 : |- w3wp.exe (14840)
0 : |- svchost.exe (1664)
0 : |- svchost.exe (1672)
0 : |- zabbix_agentd.exe (16976)
0 : |- svchost.exe (1720)
0 : |- svchost.exe (17216)
0 : |- svchost.exe (1768)
0 : |- sppsvc.exe (17780)
0 : |- WUDFHost.exe (1816)
0 : |- svchost.exe (1868)
2 : |- taskhostw.exe (4252)
2 : |- taskhostw.exe (4788)
3 : |- taskhostw.exe (9704)
0 : |- svchost.exe (1900)
0 : |- svchost.exe (1912)
0 : |- svchost.exe (1920)
0 : |- svchost.exe (2020)
0 : |- svchost.exe (2208)
0 : |- svchost.exe (2236)
0 : |- svchost.exe (2324)
0 : |- svchost.exe (2356)
0 : |- svchost.exe (2364)
0 : |- svchost.exe (2408)
0 : |- svchost.exe (2464)
0 : |- svchost.exe (2508)
2 : |- MusNotifyIcon.exe (3116)
0 : |- svchost.exe (2516)
0 : |- svchost.exe (2668)
0 : |- svchost.exe (2696)
3 : |- sihost.exe (10012)
2 : |- sihost.exe (5276)
0 : |- svchost.exe (2704)
0 : |- svchost.exe (2712)
0 : |- svchost.exe (2824)
0 : |- svchost.exe (2972)
0 : |- svchost.exe (2992)
0 : |- spoolsv.exe (3120)
0 : |- svchost.exe (3256)
0 : |- svchost.exe (3296)
0 : |- avpsus.exe (3320)
0 : |- svchost.exe (3352)
0 : |- svchost.exe (3360)
0 : |- svchost.exe (3368)
0 : |- aakore.exe (3380)
0 : |- updater.exe (13940)
0 : |- conhost.exe (13948)
0 : |- cyber-desktop-service.exe (1880)
0 : |- conhost.exe (20368)
0 : |- network-isolation-unit.exe (5496)
0 : |- conhost.exe (6476)
0 : |- grpm-sync-unit.exe (5856)
0 : |- conhost.exe (6232)
0 : |- cyber-scripting-executor.exe (6216)
0 : |- conhost.exe (6268)
0 : |- cred-store.exe (6256)
0 : |- conhost.exe (6380)
0 : |- sh-inventory.exe (6424)
0 : |- conhost.exe (6540)
0 : |- feedback-collector.exe (6520)
0 : |- conhost.exe (6648)
0 : |- task-manager.exe (6676)
0 : |- conhost.exe (6788)
0 : |- adp-agent.exe (6716)
0 : |- conhost.exe (6932)
0 : |- mi-monitoring.exe (6936)
0 : |- conhost.exe (7016)
0 : |- grpm.exe (7024)
0 : |- conhost.exe (7072)
0 : |- svchost.exe (3408)
0 : |- svchost.exe (3496)
0 : |- svchost.exe (3504)
0 : |- mms.exe (3524)
0 : |- svchost.exe (3532)
0 : |- active_protection_service.exe (3560)
0 : |- vm3dservice.exe (3564)
1 : |- vm3dservice.exe (4160)
0 : |- winvnc4.exe (3576)
1 : |- winvnc4.exe (4404)
0 : |- avp.exe (3584)
2 : |- avpui.exe (11144)
3 : |- avpui.exe (5116)
0 : |- sqlwriter.exe (3592)
0 : |- vmtoolsd.exe (3620)
0 : |- sqlbrowser.exe (3628)
0 : |- svchost.exe (3636)
0 : |- VGAuthService.exe (3648)
0 : |- ManagementAgentHost.exe (3656)
0 : |- snmp.exe (3668)
0 : |- SMSvcHost.exe (3680)
0 : |- svchost.exe (3732)
0 : |- sqlceip.exe (3816)
3 : |- svchost.exe (3832)
0 : |- svchost.exe (4124)
0 : |- sqlservr.exe (4364)
0 : |- sqlceip.exe (5076)
0 : |- MsDtsSrvr.exe (5084)
2 : |- svchost.exe (5096)
0 : |- sqlceip.exe (5108)
2 : |- svchost.exe (5228)
0 : |- msmdsrv.exe (5284)
0 : |- dllhost.exe (5564)
0 : |- svchost.exe (648)
0 : |- nxlog.exe (7184)
0 : |- msdtc.exe (7360)
0 : |- svchost.exe (748)
2 : |- RuntimeBroker.exe (10808)
2 : |- SearchUI.exe (11004)
2 : |- ShellExperienceHost.exe (11968)
2 : |- RuntimeBroker.exe (12844)
2 : |- smartscreen.exe (12892)
0 : |- WmiPrvSE.exe (13392)
3 : |- SearchUI.exe (13424)
2 : |- dllhost.exe (13508)
3 : |- smartscreen.exe (14668)
3 : |- RuntimeBroker.exe (15200)
0 : |- WmiPrvSE.exe (18260)
3 : |- RuntimeBroker.exe (18988)
2 : |- unsecapp.exe (19012)
0 : |- WmiPrvSE.exe (19264)
0 : |- WmiPrvSE.exe (20364)
0 : |- unsecapp.exe (3768)
3 : |- RuntimeBroker.exe (4724)
2 : |- RuntimeBroker.exe (5432)
0 : |- WmiPrvSE.exe (5960)
2 : |- ApplicationFrameHost.exe (8788)
3 : |- ShellExperienceHost.exe (9748)
0 : |- SQLAGENT.EXE (8488)
0 : |- conhost.exe (9652)
0 : |- fdlauncher.exe (8824)
0 : |- fdhost.exe (6836)
0 : |- conhost.exe (2684)
0 : |- spsaneragnt.exe (9308)
0 : |- spfileindexer.exe (10440)
0 : |- svchost.exe (9488)
0 : |- lsass.exe (976)
1 : csrss.exe (836)
1 : winlogon.exe (912)
1 : |- LogonUI.exe (1172)
1 : |- dwm.exe (1180)
1 : |- fontdrvhost.exe (644)

Process_Information_.csv : information about the running process.
70331 - Microsoft Windows Process Module Information
-
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2025/12/15
Plugin Output

tcp/0

Process_Modules_.csv : lists the loaded modules for each process.

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/80/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/81/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/123


The Win32 process 'svchost.exe' is listening on this port (pid 3504).

This process 'svchost.exe' (pid 3504) is hosting the following Windows services :
W32Time (@%SystemRoot%\system32\w32time.dll,-200)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/135/epmap


The Win32 process 'svchost.exe' is listening on this port (pid 1064).

This process 'svchost.exe' (pid 1064) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/137/netbios-ns


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/138


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/139/smb


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/161


The Win32 process 'snmp.exe' is listening on this port (pid 3668).

This process 'snmp.exe' (pid 3668) is hosting the following Windows services :
SNMP (@firewallapi.dll,-50303)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/443/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/500


The Win32 process 'svchost.exe' is listening on this port (pid 2972).

This process 'svchost.exe' (pid 2972) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/1433/mssql


The Win32 process 'sqlservr.exe' is listening on this port (pid 4364).

This process 'sqlservr.exe' (pid 4364) is hosting the following Windows services :
MSSQLSERVER (SQL Server (MSSQLSERVER))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/1434


The Win32 process 'sqlbrowser.exe' is listening on this port (pid 3628).

This process 'sqlbrowser.exe' (pid 3628) is hosting the following Windows services :
SQLBrowser (SQL Server Browser)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/2383


The Win32 process 'msmdsrv.exe' is listening on this port (pid 5284).

This process 'msmdsrv.exe' (pid 5284) is hosting the following Windows services :
MSSQLServerOLAPService (SQL Server Analysis Services (MSSQLSERVER))

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/3389/msrdp


The Win32 process 'svchost.exe' is listening on this port (pid 1280).

This process 'svchost.exe' (pid 1280) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/3389


The Win32 process 'svchost.exe' is listening on this port (pid 1280).

This process 'svchost.exe' (pid 1280) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/4500


The Win32 process 'svchost.exe' is listening on this port (pid 2972).

This process 'svchost.exe' (pid 2972) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/5353


The Win32 process 'svchost.exe' is listening on this port (pid 2356).

This process 'svchost.exe' (pid 2356) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/5355/llmnr


The Win32 process 'svchost.exe' is listening on this port (pid 2356).

This process 'svchost.exe' (pid 2356) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/5800/www


The Win32 process 'winvnc4.exe' is listening on this port (pid 4404).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/5900/vnc


The Win32 process 'winvnc4.exe' is listening on this port (pid 4404).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/5985/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/6111


The Win32 process 'network-isolation-unit.exe' is listening on this port (pid 5496).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/6771


The Win32 process 'updater.exe' is listening on this port (pid 13940).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/6888


The Win32 process 'updater.exe' is listening on this port (pid 13940).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/6888


The Win32 process 'updater.exe' is listening on this port (pid 13940).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/10050


The Win32 process 'zabbix_agentd.exe' is listening on this port (pid 16976).

This process 'zabbix_agentd.exe' (pid 16976) is hosting the following Windows services :
Zabbix Agent (Zabbix Agent)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/15000


The Win32 process 'klnagent.exe' is listening on this port (pid 13348).

This process 'klnagent.exe' (pid 13348) is hosting the following Windows services :
klnagent (Kaspersky Security Center Network Agent)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/18018/www


The Win32 process 'updater.exe' is listening on this port (pid 13940).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/35009


The Win32 process 'svchost.exe' is listening on this port (pid 3408).

This process 'svchost.exe' (pid 3408) is hosting the following Windows services :
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/47001/www


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49664/dce-rpc


The Win32 process 'wininit.exe' is listening on this port (pid 828).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49665/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 1436).

This process 'svchost.exe' (pid 1436) is hosting the following Windows services :
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49666/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 1868).

This process 'svchost.exe' (pid 1868) is hosting the following Windows services :
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49667/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 2704).

This process 'svchost.exe' (pid 2704) is hosting the following Windows services :
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49668/dce-rpc


The Win32 process 'spoolsv.exe' is listening on this port (pid 3120).

This process 'spoolsv.exe' (pid 3120) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49669/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 2992).

This process 'svchost.exe' (pid 2992) is hosting the following Windows services :
PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49752/dce-rpc


The Win32 process 'services.exe' is listening on this port (pid 968).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

tcp/49793/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 976).

This process 'lsass.exe' (pid 976) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2025/12/15
Plugin Output

udp/52684


The Win32 process 'nxlog.exe' is listening on this port (pid 7184).

This process 'nxlog.exe' (pid 7184) is hosting the following Windows services :
nxlog (NXLog)

126527 - Microsoft Windows SAM user enumeration
-
Synopsis
Nessus was able to enumerate domain users from the local SAM.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager.

Note: Unable to obtain SMB SAMR user data during Agent scans.
Rendering User data obtained by plugin 171956
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/07/08, Modified: 2025/06/04
Plugin Output

tcp/0

- DefaultAccount (id S-1-5-21-1687551350-3880216100-503, A user account managed by the system.)
- Guest (id S-1-5-21-1687551350-3880216100-501, Built-in account for guest access to the computer/domain, Guest account)
- Lkpadmin (id S-1-5-21-1687551350-3880216100-1000, Lkpadmin)
- production (id S-1-5-21-1687551350-3880216100-500, Administrator account, Built-in account for administering the computer/domain)
- tidua (id S-1-5-21-1687551350-3880216100-1009, Audit)
- WDAGUtilityAccount (id S-1-5-21-1687551350-3880216100-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.)

17651 - Microsoft Windows SMB : Obtains the Password Policy
-
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

tcp/445/cifs

The following password policy is defined on the remote host:

Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
50859 - Microsoft Windows SMB : WSUS Client Configured
-
Synopsis
The remote Windows host is utilizing a WSUS server.
Description
The remote host is configured to utilize a Windows Server Update Services (WSUS) server.
See Also
Solution
Verify the remote host is configured to utilize the correct WSUS server.
Risk Factor
None
Plugin Information
Published: 2010/12/01, Modified: 2018/11/15
Plugin Output

tcp/445/cifs


This host is configured to get updates from the following WSUS server :

http://localhost:1550

WSUS Environment Options :

ElevateNonAdmins : undefined
TargetGroup : Automatic Windows Update Policy
TargetGroupEnabled : 1

Automatic Update settings :

AUOptions : 2
AutoInstallMinorUpdates : 0
DetectionFrequency : 22
DetectionFrequencyEnabled : 1
NoAutoRebootWithLoggedOnUsers : 1
NoAutoUpdate : 1
RebootRelaunchTimeout : undefined
RebootRelaunchTimeoutEnabled : undefined
RebootWarningTimeout : undefined
RebootWarningTimeoutEnabled : undefined
RescheduleWaitTime : undefined
RescheduleWaitTimeEnabled : 0
ScheduledInstallDay : 0
ScheduledInstallTime : 10
38689 - Microsoft Windows SMB Last Logged On User Disclosure
-
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.

Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/05/05, Modified: 2019/09/02
Plugin Output

tcp/445/cifs


Last Successful logon : .\production
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/07/21
Plugin Output

tcp/445/cifs

- The SMB tests will be done as tidua/******
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
-
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2024/01/31
Plugin Output

tcp/445/cifs


The remote host SID value is : S-1-5-21-1687551350-3880216100-4069998428

The value of 'RestrictAnonymous' setting is : 0
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/10/17, Modified: 2021/09/20
Plugin Output

tcp/445/cifs

Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:

Target Name: SPINE-HRMS
NetBIOS Domain Name: SPINE-HRMS
NetBIOS Computer Name: SPINE-HRMS
DNS Domain Name: SPINE-HRMS
DNS Computer Name: SPINE-HRMS
DNS Tree Name: unknown
Product Version: 10.0.17763
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
-
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/31, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Operating system version = 10.17763
Architecture = x64
Build lab extended = 17763.1.amd64fre.rs5_release.180914-1434
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
-
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Plugin Information
Published: 2003/03/24, Modified: 2018/06/05
Plugin Output

tcp/445/cifs


Max cached logons : 10
10400 - Microsoft Windows SMB Registry Remotely Accessible
-
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/12/16
Plugin Output

tcp/445/cifs

44401 - Microsoft Windows SMB Service Config Enumeration
-
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
XREF IAVT:0001-T-0752
Plugin Information
Published: 2010/02/05, Modified: 2022/05/16
Plugin Output

tcp/445/cifs


The following services are set to start automatically :

AVP.KES.21.15 startup parameters :
Display name : Kaspersky Endpoint Security Service (KES.21.15)
Service name : AVP.KES.21.15
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avp.exe" -r

AcrSch2Svc startup parameters :
Display name : Acronis Scheduler2 Service
Service name : AcrSch2Svc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
Dependencies : RpcSs/

AcronisActiveProtectionService startup parameters :
Display name : Acronis Active Protection Service
Service name : AcronisActiveProtectionService
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe"
Dependencies : file_protector/CryptSvc/

AppHostSvc startup parameters :
Display name : Application Host Helper Service
Service name : AppHostSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost

AzureAttestService startup parameters :
Display name : AzureAttestService
Service name : AzureAttestService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AzureAttestService

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : RpcSs/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

BrokerInfrastructure startup parameters :
Display name : Background Tasks Infrastructure Service
Service name : BrokerInfrastructure
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

CDPSvc startup parameters :
Display name : Connected Devices Platform Service
Service name : CDPSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : ncbservice/RpcSS/Tcpip/

CDPUserSvc_60ffe9f0b startup parameters :
Display name : Connected Devices Platform User Service_60ffe9f0b
Service name : CDPUserSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

CDPUserSvc_7ba5c startup parameters :
Display name : Connected Devices Platform User Service_7ba5c
Service name : CDPUserSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

CoreMessagingRegistrar startup parameters :
Display name : CoreMessaging
Service name : CoreMessagingRegistrar
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : rpcss/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/

DPS startup parameters :
Display name : Diagnostic Policy Service
Service name : DPS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p

DcomLaunch startup parameters :
Display name : DCOM Server Process Launcher
Service name : DcomLaunch
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : NSI/Afd/

DiagTrack startup parameters :
Display name : Connected User Experiences and Telemetry
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p
Dependencies : RpcSs/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : nsi/

EventLog startup parameters :
Display name : Windows Event Log
Service name : EventLog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

GoogleUpdaterInternalService145.0.7569.0 startup parameters :
Display name : Google Updater Internal Service (GoogleUpdaterInternalService145.0.7569.0)
Service name : GoogleUpdaterInternalService145.0.7569.0
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe" --system --windows-service --service=update-internal
Dependencies : RPCSS/

GoogleUpdaterService145.0.7569.0 startup parameters :
Display name : Google Updater Service (GoogleUpdaterService145.0.7569.0)
Service name : GoogleUpdaterService145.0.7569.0
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\GoogleUpdater\145.0.7569.0\updater.exe" --system --windows-service --service=update
Dependencies : RPCSS/

IISADMIN startup parameters :
Display name : IIS Admin Service
Service name : IISADMIN
Log on as : localSystem
Executable path : C:\Windows\system32\inetsrv\inetinfo.exe
Dependencies : RPCSS/SamSS/HTTP/

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : BFE/nsi/

LSM startup parameters :
Display name : Local Session Manager
Service name : LSM
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k smbsvcs
Dependencies : SamSS/Srv2/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : Bowser/MRxSmb20/NSI/

MMS startup parameters :
Display name : Acronis Managed Machine Service
Service name : MMS
Log on as : LocalSystem
Executable path : "C:\Program Files\BackupClient\BackupAndRecovery\mms.exe"
Dependencies : winmgmt/AcrSch2Svc/aakore/

MSDTC startup parameters :
Display name : Distributed Transaction Coordinator
Service name : MSDTC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\msdtc.exe
Dependencies : RPCSS/SamSS/

MSSQLSERVER startup parameters :
Display name : SQL Server (MSSQLSERVER)
Service name : MSSQLSERVER
Log on as : NT Service\MSSQLSERVER
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
Dependencies : KEYISO/

MSSQLServerOLAPService startup parameters :
Display name : SQL Server Analysis Services (MSSQLSERVER)
Service name : MSSQLServerOLAPService
Log on as : NT Service\MSSQLServerOLAPService
Executable path : "c:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\bin\msmdsrv.exe" -s "C:\Program Files\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Config"

MsDtsServer120 startup parameters :
Display name : SQL Server Integration Services 12.0
Service name : MsDtsServer120
Log on as : NT Service\MsDtsServer120
Executable path : "C:\Program Files\Microsoft SQL Server\120\DTS\Binn\MsDtsSrvr.exe"

MsDtsServer150 startup parameters :
Display name : SQL Server Integration Services 15.0
Service name : MsDtsServer150
Log on as : NT Service\MsDtsServer150
Executable path : "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\MsDtsSrvr.exe"

NetMsmqActivator startup parameters :
Display name : Net.Msmq Listener Adapter
Service name : NetMsmqActivator
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe" -NetMsmqActivator
Dependencies : was/msmq/

NetPipeActivator startup parameters :
Display name : Net.Pipe Listener Adapter
Service name : NetPipeActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/

NetTcpActivator startup parameters :
Display name : Net.Tcp Listener Adapter
Service name : NetTcpActivator
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
Dependencies : was/NetTcpPortSharing/

NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

RpcEptMapper startup parameters :
Display name : RPC Endpoint Mapper
Service name : RpcEptMapper
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p

RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k rpcss -p
Dependencies : RpcEptMapper/DcomLaunch/

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : EventSystem/

SNMP startup parameters :
Display name : SNMP Service
Service name : SNMP
Log on as : LocalSystem
Executable path : C:\Windows\System32\snmp.exe

SQLBrowser startup parameters :
Display name : SQL Server Browser
Service name : SQLBrowser
Log on as : NT AUTHORITY\LOCALSERVICE
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"

SQLSERVERAGENT startup parameters :
Display name : SQL Server Agent (MSSQLSERVER)
Service name : SQLSERVERAGENT
Log on as : NT Service\SQLSERVERAGENT
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
Dependencies : MSSQLSERVER/

SQLTELEMETRY startup parameters :
Display name : SQL Server CEIP service (MSSQLSERVER)
Service name : SQLTELEMETRY
Log on as : NT Service\SQLTELEMETRY
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service

SQLWriter startup parameters :
Display name : SQL Server VSS Writer
Service name : SQLWriter
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"

SSASTELEMETRY startup parameters :
Display name : SQL Server Analysis Services CEIP (MSSQLSERVER)
Service name : SSASTELEMETRY
Log on as : NT Service\SSASTELEMETRY
Executable path : "C:\Program Files\Microsoft SQL Server\MSAS15.MSSQLSERVER\OLAP\Bin\sqlceip.exe" -Service MSSQLSERVER MSAS

SSISTELEMETRY150 startup parameters :
Display name : SQL Server Integration Services CEIP service 15.0
Service name : SSISTELEMETRY150
Log on as : NT Service\SSISTELEMETRY150
Executable path : "C:\Program Files\Microsoft SQL Server\150\DTS\Binn\sqlceip.exe" -Service default MSIS

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/

Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/SystemEventsBroker/

SecPod Saner Agent startup parameters :
Display name : SecPod Saner Agent
Service name : SecPod Saner Agent
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\SecPod Saner\Agent\bin\spsaneragnt.exe"

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

SysMain startup parameters :
Display name : SysMain
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : rpcss/

SystemEventsBroker startup parameters :
Display name : System Events Broker
Service name : SystemEventsBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/RpcSs/

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

UALSVC startup parameters :
Display name : User Access Logging Service
Service name : UALSVC
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : WinMgmt/

UserManager startup parameters :
Display name : User Manager
Service name : UserManager
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

UsoSvc startup parameters :
Display name : Update Orchestrator Service
Service name : UsoSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

VGAuthService startup parameters :
Display name : VMware Alias Manager and Ticket Service
Service name : VGAuthService
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\VMware VGAuth\VGAuthService.exe"

VM3DService startup parameters :
Display name : VMware SVGA Helper Service
Service name : VM3DService
Log on as : LocalSystem
Executable path : C:\Windows\system32\vm3dservice.exe

VMTools startup parameters :
Display name : VMware Tools
Service name : VMTools
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\vmtoolsd.exe"

VMwareCAFManagementAgentHost startup parameters :
Display name : VMware CAF Management Agent Service
Service name : VMwareCAFManagementAgentHost
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\ManagementAgentHost.exe"

W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService

W3SVC startup parameters :
Display name : World Wide Web Publishing Service
Service name : W3SVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : WAS/HTTP/

Wcmsvc startup parameters :
Display name : Windows Connection Manager
Service name : Wcmsvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/NSI/

WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : RPCSS/HTTP/

WinVNC4 startup parameters :
Display name : VNC Server Version 4
Service name : WinVNC4
Log on as : LocalSystem
Executable path : "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/

WpnService startup parameters :
Display name : Windows Push Notifications System Service
Service name : WpnService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

WpnUserService_60ffe9f0b startup parameters :
Display name : Windows Push Notifications User Service_60ffe9f0b
Service name : WpnUserService_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

WpnUserService_7ba5c startup parameters :
Display name : Windows Push Notifications User Service_7ba5c
Service name : WpnUserService_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

Zabbix Agent startup parameters :
Display name : Zabbix Agent
Service name : Zabbix Agent
Log on as : LocalSystem
Executable path : "C:\Program Files\Zabbix Agent\zabbix_agentd.exe" --config "C:\Program Files\Zabbix Agent\zabbix_agentd.conf"

aakore startup parameters :
Display name : Acronis Agent Core Service
Service name : aakore
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Acronis\Agent\aakore.exe" run

acp-update-controller startup parameters :
Display name : Acronis Update Controller
Service name : acp-update-controller
Log on as : LocalSystem
Executable path : "C:\Program Files\BackupClient\UpdateController\acp-update-controller.exe" --update-controller

avpsus.KES.21.15 startup parameters :
Display name : Kaspersky Seamless Update Service (KES.21.15)
Service name : avpsus.KES.21.15
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpsus.exe"

ftpsvc startup parameters :
Display name : Microsoft FTP Service
Service name : ftpsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k ftpsvc
Dependencies : RPCSS/

gpsvc startup parameters :
Display name : Group Policy Client
Service name : gpsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/Mup/

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p
Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/

klnagent startup parameters :
Display name : Kaspersky Security Center Network Agent
Service name : klnagent
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\klnagent.exe"

mpssvc startup parameters :
Display name : Windows Defender Firewall
Service name : mpssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : mpsdrv/bfe/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/nsiproxy/

nxlog startup parameters :
Display name : nxlog
Service name : nxlog
Log on as : LocalSystem
Executable path : "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
Dependencies : eventlog/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/

The following services must be started manually :

AJRouter startup parameters :
Display name : AllJoyn Router Service
Service name : AJRouter
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p

AppReadiness startup parameters :
Display name : App Readiness
Service name : AppReadiness
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p

AppXSvc startup parameters :
Display name : AppX Deployment Service (AppXSVC)
Service name : AppXSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wsappx -p
Dependencies : rpcss/staterepository/

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : AudioEndpointBuilder/RpcSs/

BTAGService startup parameters :
Display name : Bluetooth Audio Gateway Service
Service name : BTAGService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : bthserv/rpcss/

BthAvctpSvc startup parameters :
Display name : AVCTP service
Service name : BthAvctpSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

CaptureService_60ffe9f0b startup parameters :
Display name : CaptureService_60ffe9f0b
Service name : CaptureService_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

CaptureService_7ba5c startup parameters :
Display name : CaptureService_7ba5c
Service name : CaptureService_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

CertPropSvc startup parameters :
Display name : Certificate Propagation
Service name : CertPropSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

ClipSVC startup parameters :
Display name : Client License Service (ClipSVC)
Service name : ClipSVC
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k wsappx -p
Dependencies : rpcss/

ConsentUxUserSvc_60ffe9f0b startup parameters :
Display name : ConsentUX_60ffe9f0b
Service name : ConsentUxUserSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

ConsentUxUserSvc_7ba5c startup parameters :
Display name : ConsentUX_7ba5c
Service name : ConsentUxUserSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

DevQueryBroker startup parameters :
Display name : DevQuery Background Discovery Broker
Service name : DevQueryBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DeviceAssociationService startup parameters :
Display name : Device Association Service
Service name : DeviceAssociationService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DeviceInstall startup parameters :
Display name : Device Install Service
Service name : DeviceInstall
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

DevicesFlowUserSvc_60ffe9f0b startup parameters :
Display name : DevicesFlow_60ffe9f0b
Service name : DevicesFlowUserSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

DevicesFlowUserSvc_7ba5c startup parameters :
Display name : DevicesFlow_7ba5c
Service name : DevicesFlowUserSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

DmEnrollmentSvc startup parameters :
Display name : Device Management Enrollment Service
Service name : DmEnrollmentSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

DoSvc startup parameters :
Display name : Delivery Optimization
Service name : DoSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/

DsSvc startup parameters :
Display name : Data Sharing Service
Service name : DsSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

DsmSvc startup parameters :
Display name : Device Setup Manager
Service name : DsmSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

EFS startup parameters :
Display name : Encrypting File System (EFS)
Service name : EFS
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe
Dependencies : RPCSS/

Eaphost startup parameters :
Display name : Extensible Authentication Protocol
Service name : Eaphost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/KeyIso/

EntAppSvc startup parameters :
Display name : Enterprise App Management Service
Service name : EntAppSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : RpcSs/http/fdphost/

FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

FrameServer startup parameters :
Display name : Windows Camera Frame Server
Service name : FrameServer
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k Camera
Dependencies : rpcss/

GoogleChromeElevationService startup parameters :
Display name : Google Chrome Elevation Service (GoogleChromeElevationService)
Service name : GoogleChromeElevationService
Log on as : LocalSystem
Executable path : "C:\Program Files\Google\Chrome\Application\143.0.7499.193\elevation_service.exe"
Dependencies : RPCSS/

HvHost startup parameters :
Display name : HV Host Service
Service name : HvHost
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : hvservice/

InstallService startup parameters :
Display name : Microsoft Store Install Service
Service name : InstallService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

KPSSVC startup parameters :
Display name : KDC Proxy Server service (KPS)
Service name : KPSSVC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup
Dependencies : rpcss/http/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
Dependencies : RPCSS/SamSS/

LicenseManager startup parameters :
Display name : Windows License Manager Service
Service name : LicenseManager
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/

MSSQLFDLauncher startup parameters :
Display name : SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
Service name : MSSQLFDLauncher
Log on as : NT Service\MSSQLFDLauncher
Executable path : "C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER

MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p

NcaSvc startup parameters :
Display name : Network Connectivity Assistant
Service name : NcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p
Dependencies : BFE/dnscache/NSI/iphlpsvc/

NcbService startup parameters :
Display name : Network Connection Broker
Service name : NcbService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSS/tcpip/

NetSetupSvc startup parameters :
Display name : Network Setup Service
Service name : NetSetupSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/nsi/

NgcCtnrSvc startup parameters :
Display name : Microsoft Passport Container
Service name : NgcCtnrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/

NgcSvc startup parameters :
Display name : Microsoft Passport
Service name : NgcSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/

PimIndexMaintenanceSvc_60ffe9f0b startup parameters :
Display name : Contact Data_60ffe9f0b
Service name : PimIndexMaintenanceSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

PimIndexMaintenanceSvc_7ba5c startup parameters :
Display name : Contact Data_7ba5c
Service name : PimIndexMaintenanceSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p

PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
Dependencies : Tcpip/bfe/

PrintNotify startup parameters :
Display name : Printer Extensions and Notifications
Service name : PrintNotify
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k print
Dependencies : RpcSs/

PrintWorkflowUserSvc_60ffe9f0b startup parameters :
Display name : PrintWorkflow_60ffe9f0b
Service name : PrintWorkflowUserSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow

PrintWorkflowUserSvc_7ba5c startup parameters :
Display name : PrintWorkflow_7ba5c
Service name : PrintWorkflowUserSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow

QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/

RSoPProv startup parameters :
Display name : Resultant Set of Policy Provider
Service name : RSoPProv
Log on as : LocalSystem
Executable path : C:\Windows\system32\RSoPProv.exe
Dependencies : RPCSS/

RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RasAcd/

RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : SstpSvc/DnsCache/

RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k localService -p
Dependencies : RPCSS/

RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe

SCPolicySvc startup parameters :
Display name : Smart Card Removal Policy
Service name : SCPolicySvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

SCardSvr startup parameters :
Display name : Smart Card
Service name : SCardSvr
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

SMTPSVC startup parameters :
Display name : Simple Mail Transfer Protocol (SMTP)
Service name : SMTPSVC
Log on as : localSystem
Executable path : C:\Windows\system32\inetsrv\inetinfo.exe
Dependencies : IISADMIN/

SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe

SQL Server Distributed Replay Client startup parameters :
Display name : SQL Server Distributed Replay Client
Service name : SQL Server Distributed Replay Client
Log on as : NT Service\SQL Server Distributed Replay Client
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayClient\DReplayClient.exe"

SQL Server Distributed Replay Controller startup parameters :
Display name : SQL Server Distributed Replay Controller
Service name : SQL Server Distributed Replay Controller
Log on as : NT Service\SQL Server Distributed Replay Controller
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\150\Tools\DReplayController\DReplayController.exe"

SecPod Saner Upgrade Controller v2 startup parameters :
Display name : SecPod Saner Upgrade Controller v2
Service name : SecPod Saner Upgrade Controller v2
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\SecPod Saner\Upgrader\bin\spupgradecontroller.exe"

SecurityHealthService startup parameters :
Display name : Windows Security Service
Service name : SecurityHealthService
Log on as : LocalSystem
Executable path : C:\Windows\system32\SecurityHealthService.exe
Dependencies : RpcSs/

Sense startup parameters :
Display name : Windows Defender Advanced Threat Protection Service
Service name : Sense
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"

SensorService startup parameters :
Display name : Sensor Service
Service name : SensorService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

SensrSvc startup parameters :
Display name : Sensor Monitoring Service
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p

SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/LanmanWorkstation/

SgrmBroker startup parameters :
Display name : System Guard Runtime Monitor Broker
Service name : SgrmBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\SgrmBroker.exe
Dependencies : RpcSs/

SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

StateRepository startup parameters :
Display name : State Repository Service
Service name : StateRepository
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/

StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

TabletInputService startup parameters :
Display name : Touch Keyboard and Handwriting Panel Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k termsvcs
Dependencies : RPCSS/

Tib Mounter Service startup parameters :
Display name : Tib Mounter Service
Service name : Tib Mounter Service
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe"
Dependencies : RPCSS/

TieringEngineService startup parameters :
Display name : Storage Tiers Management
Service name : TieringEngineService
Log on as : localSystem
Executable path : C:\Windows\system32\TieringEngineService.exe

TimeBrokerSvc startup parameters :
Display name : Time Broker
Service name : TimeBrokerSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p

TokenBroker startup parameters :
Display name : Web Account Manager
Service name : TokenBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : UserManager/

TrustedInstaller startup parameters :
Display name : Windows Modules Installer
Service name : TrustedInstaller
Log on as : localSystem
Executable path : C:\Windows\servicing\TrustedInstaller.exe

UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : TermService/RDPDR/

UnistoreSvc_60ffe9f0b startup parameters :
Display name : User Data Storage_60ffe9f0b
Service name : UnistoreSvc_60ffe9f0b
Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup

UnistoreSvc_7ba5c startup parameters :
Display name : User Data Storage_7ba5c
Service name : UnistoreSvc_7ba5c
Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup

UserDataSvc_60ffe9f0b startup parameters :
Display name : User Data Access_60ffe9f0b
Service name : UserDataSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

UserDataSvc_7ba5c startup parameters :
Display name : User Data Access_7ba5c
Service name : UserDataSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup

VMwareCAFCommAmqpListener startup parameters :
Display name : VMware CAF AMQP Communication Service
Service name : VMwareCAFCommAmqpListener
Log on as : LocalSystem
Executable path : "C:\Program Files\VMware\VMware Tools\VMware CAF\pme\bin\CommAmqpListener.exe"

VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/

VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/

WAS startup parameters :
Display name : Windows Process Activation Service
Service name : WAS
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : RPCSS/

WEPHOSTSVC startup parameters :
Display name : Windows Encryption Provider Host Service
Service name : WEPHOSTSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup
Dependencies : rpcss/

WMPNetworkSvc startup parameters :
Display name : Windows Media Player Network Sharing Service
Service name : WMPNetworkSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Dependencies : http/WSearch/

WMSVC startup parameters :
Display name : Web Management Service
Service name : WMSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\inetsrv\wmsvc.exe
Dependencies : HTTP/

WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/

WaaSMedicSvc startup parameters :
Display name : Windows Update Medic Service
Service name : WaaSMedicSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p
Dependencies : rpcss/

WarpJITSvc startup parameters :
Display name : WarpJITSvc
Service name : WarpJITSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/

WdiServiceHost startup parameters :
Display name : Diagnostic Service Host
Service name : WdiServiceHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p

WdiSystemHost startup parameters :
Display name : Diagnostic System Host
Service name : WdiSystemHost
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : HTTP/Eventlog/

WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup

WiaRpc startup parameters :
Display name : Still Image Acquisition Events
Service name : WiaRpc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : Dhcp/

aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

bthserv startup parameters :
Display name : Bluetooth Support Service
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

camsvc startup parameters :
Display name : Capability Access Manager Service
Service name : camsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p

cbdhsvc_60ffe9f0b startup parameters :
Display name : Clipboard User Service_60ffe9f0b
Service name : cbdhsvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p

cbdhsvc_7ba5c startup parameters :
Display name : Clipboard User Service_7ba5c
Service name : cbdhsvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p

defragsvc startup parameters :
Display name : Optimize drives
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/

diagnosticshub.standardcollector.service startup parameters :
Display name : Microsoft (R) Diagnostics Hub Standard Collector Service
Service name : diagnosticshub.standardcollector.service
Log on as : LocalSystem
Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/Ndisuio/Eaphost/

embeddedmode startup parameters :
Display name : Embedded Mode
Service name : embeddedmode
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : BrokerInfrastructure/

fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/http/

hidserv startup parameters :
Display name : Human Interface Device Service
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

ksnproxy startup parameters :
Display name : Kaspersky Security Network proxy server
Service name : ksnproxy
Log on as : NT SERVICE\ksnproxy
Executable path : "C:\Program Files (x86)\Kaspersky Lab\NetworkAgent\ksnproxy.exe"

lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : Afd/

msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/

netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : RpcSs/nlasvc/

pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : RPCSS/

sacsvr startup parameters :
Display name : Special Administration Console Helper
Service name : sacsvr
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p

seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p

smphost startup parameters :
Display name : Microsoft Storage Spaces SMP
Service name : smphost
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k smphost
Dependencies : RPCSS/

stisvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : stisvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/

svsvc startup parameters :
Display name : Spot Verifier
Service name : svsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/

tapisrv startup parameters :
Display name : Telephony
Service name : tapisrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/

vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/

vmicguestinterface startup parameters :
Display name : Hyper-V Guest Service Interface
Service name : vmicguestinterface
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmicheartbeat startup parameters :
Display name : Hyper-V Heartbeat Service
Service name : vmicheartbeat
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService -p

vmickvpexchange startup parameters :
Display name : Hyper-V Data Exchange Service
Service name : vmickvpexchange
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmicrdv startup parameters :
Display name : Hyper-V Remote Desktop Virtualization Service
Service name : vmicrdv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService -p

vmicshutdown startup parameters :
Display name : Hyper-V Guest Shutdown Service
Service name : vmicshutdown
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmictimesync startup parameters :
Display name : Hyper-V Time Synchronization Service
Service name : vmictimesync
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : VmGid/

vmicvmsession startup parameters :
Display name : Hyper-V PowerShell Direct Service
Service name : vmicvmsession
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmicvss startup parameters :
Display name : Hyper-V Volume Shadow Copy Requestor
Service name : vmicvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

vmvss startup parameters :
Display name : VMware Snapshot Provider
Service name : vmvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{0A0395B5-DCA0-40B0-8D0E-C89A44322E93}
Dependencies : rpcss/

w3logsvc startup parameters :
Display name : W3C Logging Service
Service name : w3logsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost
Dependencies : HTTP/

wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p

wlidsvc startup parameters :
Display name : Microsoft Account Sign-in Assistant
Service name : wlidsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe

wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

The following services are disabled :

AppVClient startup parameters :
Display name : Microsoft App-V Client
Service name : AppVClient
Log on as : LocalSystem
Executable path : C:\Windows\system32\AppVClient.exe
Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

DevicePickerUserSvc_60ffe9f0b startup parameters :
Display name : DevicePicker_60ffe9f0b
Service name : DevicePickerUserSvc_60ffe9f0b
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

DevicePickerUserSvc_7ba5c startup parameters :
Display name : DevicePicker_7ba5c
Service name : DevicePickerUserSvc_7ba5c
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow

GraphicsPerfSvc startup parameters :
Display name : GraphicsPerfSvc
Service name : GraphicsPerfSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup

MapsBroker startup parameters :
Display name : Downloaded Maps Manager
Service name : MapsBroker
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/

PhoneSvc startup parameters :
Display name : Phone Service
Service name : PhoneSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/

PushToInstall startup parameters :
Display name : Windows PushToInstall Service
Service name : PushToInstall
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/

RmSvc startup parameters :
Display name : Radio Management Service
Service name : RmSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/

SEMgrSvc startup parameters :
Display name : Payments and NFC/SE Manager
Service name : SEMgrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/

SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : HTTP/NSI/

ScDeviceEnum startup parameters :
Display name : Smart Card Device Enumeration Service
Service name : ScDeviceEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

SensorDataService startup parameters :
Display name : Sensor Data Service
Service name : SensorDataService
Log on as : LocalSystem
Executable path : C:\Windows\System32\SensorDataService.exe

SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : BFE/

UevAgentService startup parameters :
Display name : User Experience Virtualization Service
Service name : UevAgentService
Log on as : LocalSystem
Executable path : C:\Windows\system32\AgentService.exe

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/BrokerInfrastructure/

WalletService startup parameters :
Display name : WalletService
Service name : WalletService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k appmodel -p

dmwappushservice startup parameters :
Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service
Service name : dmwappushservice
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

icssvc startup parameters :
Display name : Windows Mobile Hotspot Service
Service name : icssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/wcmsvc/

lfsvc startup parameters :
Display name : Geolocation Service
Service name : lfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/lltdio/

shpamsvc startup parameters :
Display name : Shared PC Account Manager
Service name : shpamsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

simptcp startup parameters :
Display name : Simple TCP/IP Services
Service name : simptcp
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\tcpsvcs.exe
Dependencies : afd/

ssh-agent startup parameters :
Display name : OpenSSH Authentication Agent
Service name : ssh-agent
Log on as : LocalSystem
Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe

tzautoupdate startup parameters :
Display name : Auto Time Zone Updater
Service name : tzautoupdate
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p

upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : SSDPSRV/HTTP/

wisvc startup parameters :
Display name : Windows Insider Service
Service name : wisvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/139/smb


An SMB server is running on this port.

11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/445/cifs


A CIFS server is running on this port.
10456 - Microsoft Windows SMB Service Enumeration
-
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0751
Plugin Information
Published: 2000/07/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Active Services :

Acronis Agent Core Service [ aakore ]
Acronis Update Controller [ acp-update-controller ]
Acronis Active Protection Service [ AcronisActiveProtectionService ]
Acronis Scheduler2 Service [ AcrSch2Svc ]
Application Host Helper Service [ AppHostSvc ]
Application Information [ Appinfo ]
Kaspersky Endpoint Security Service (KES.21.15) [ AVP.KES.21.15 ]
Kaspersky Seamless Update Service (KES.21.15) [ avpsus.KES.21.15 ]
AzureAttestService [ AzureAttestService ]
Base Filtering Engine [ BFE ]
Background Tasks Infrastructure Service [ BrokerInfrastructure ]
AVCTP service [ BthAvctpSvc ]
Connected Devices Platform Service [ CDPSvc ]
Certificate Propagation [ CertPropSvc ]
COM+ System Application [ COMSysApp ]
CoreMessaging [ CoreMessagingRegistrar ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
Connected User Experiences and Telemetry [ DiagTrack ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Data Sharing Service [ DsSvc ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Microsoft FTP Service [ ftpsvc ]
Group Policy Client [ gpsvc ]
IIS Admin Service [ IISADMIN ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
CNG Key Isolation [ KeyIso ]
Kaspersky Security Center Network Agent [ klnagent ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
Windows License Manager Service [ LicenseManager ]
TCP/IP NetBIOS Helper [ lmhosts ]
Local Session Manager [ LSM ]
Acronis Managed Machine Service [ MMS ]
Windows Defender Firewall [ mpssvc ]
Distributed Transaction Coordinator [ MSDTC ]
SQL Server Integration Services 15.0 [ MsDtsServer150 ]
SQL Full-text Filter Daemon Launcher (MSSQLSERVER) [ MSSQLFDLauncher ]
SQL Server (MSSQLSERVER) [ MSSQLSERVER ]
SQL Server Analysis Services (MSSQLSERVER) [ MSSQLServerOLAPService ]
Network Connection Broker [ NcbService ]
Net.Pipe Listener Adapter [ NetPipeActivator ]
Network List Service [ netprofm ]
Net.Tcp Listener Adapter [ NetTcpActivator ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
nxlog [ nxlog ]
Program Compatibility Assistant Service [ PcaSvc ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
SecPod Saner Agent [ SecPod Saner Agent ]
Windows Security Service [ SecurityHealthService ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
SNMP Service [ SNMP ]
Print Spooler [ Spooler ]
Software Protection [ sppsvc ]
SQL Server Browser [ SQLBrowser ]
SQL Server Agent (MSSQLSERVER) [ SQLSERVERAGENT ]
SQL Server CEIP service (MSSQLSERVER) [ SQLTELEMETRY ]
SQL Server VSS Writer [ SQLWriter ]
SQL Server Analysis Services CEIP (MSSQLSERVER) [ SSASTELEMETRY ]
SQL Server Integration Services CEIP service 15.0 [ SSISTELEMETRY150 ]
State Repository Service [ StateRepository ]
Storage Service [ StorSvc ]
SysMain [ SysMain ]
System Events Broker [ SystemEventsBroker ]
Touch Keyboard and Handwriting Panel Service [ TabletInputService ]
Remote Desktop Services [ TermService ]
Themes [ Themes ]
Time Broker [ TimeBrokerSvc ]
Web Account Manager [ TokenBroker ]
Distributed Link Tracking Client [ TrkWks ]
Windows Modules Installer [ TrustedInstaller ]
User Access Logging Service [ UALSVC ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
User Manager [ UserManager ]
Update Orchestrator Service [ UsoSvc ]
Credential Manager [ VaultSvc ]
VMware Alias Manager and Ticket Service [ VGAuthService ]
VMware SVGA Helper Service [ VM3DService ]
VMware Tools [ VMTools ]
VMware CAF Management Agent Service [ VMwareCAFManagementAgentHost ]
Windows Time [ W32Time ]
World Wide Web Publishing Service [ W3SVC ]
Windows Process Activation Service [ WAS ]
Windows Connection Manager [ Wcmsvc ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Remote Management (WS-Management) [ WinRM ]
VNC Server Version 4 [ WinVNC4 ]
Windows Push Notifications System Service [ WpnService ]
Connected Devices Platform User Service_7ba5c [ CDPUserSvc_7ba5c ]
Windows Push Notifications User Service_7ba5c [ WpnUserService_7ba5c ]
Zabbix Agent [ Zabbix Agent ]
Connected Devices Platform User Service_60ffe9f0b [ CDPUserSvc_60ffe9f0b ]
Windows Push Notifications User Service_60ffe9f0b [ WpnUserService_60ffe9f0b ]

Inactive Services :

AllJoyn Router Service [ AJRouter ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Management [ AppMgmt ]
App Readiness [ AppReadiness ]
Microsoft App-V Client [ AppVClient ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
ASP.NET State Service [ aspnet_state ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
Background Intelligent Transfer Service [ BITS ]
Bluetooth Audio Gateway Service [ BTAGService ]
Bluetooth Support Service [ bthserv ]
Capability Access Manager Service [ camsvc ]
Client License Service (ClipSVC) [ ClipSVC ]
Offline Files [ CscService ]
Optimize drives [ defragsvc ]
Device Association Service [ DeviceAssociationService ]
Device Install Service [ DeviceInstall ]
DevQuery Background Discovery Broker [ DevQueryBroker ]
Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ]
Device Management Enrollment Service [ DmEnrollmentSvc ]
Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ]
Delivery Optimization [ DoSvc ]
Wired AutoConfig [ dot3svc ]
Device Setup Manager [ DsmSvc ]
Extensible Authentication Protocol [ Eaphost ]
Encrypting File System (EFS) [ EFS ]
Embedded Mode [ embeddedmode ]
Enterprise App Management Service [ EntAppSvc ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Windows Camera Frame Server [ FrameServer ]
Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ]
GraphicsPerfSvc [ GraphicsPerfSvc ]
Human Interface Device Service [ hidserv ]
HV Host Service [ HvHost ]
Windows Mobile Hotspot Service [ icssvc ]
Microsoft Store Install Service [ InstallService ]
KDC Proxy Server service (KPS) [ KPSSVC ]
Kaspersky Security Network proxy server [ ksnproxy ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Geolocation Service [ lfsvc ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Downloaded Maps Manager [ MapsBroker ]
SQL Server Integration Services 12.0 [ MsDtsServer120 ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
Network Connectivity Assistant [ NcaSvc ]
Netlogon [ Netlogon ]
Network Connections [ Netman ]
Net.Msmq Listener Adapter [ NetMsmqActivator ]
Network Setup Service [ NetSetupSvc ]
Microsoft Passport Container [ NgcCtnrSvc ]
Microsoft Passport [ NgcSvc ]
Performance Counter DLL Host [ PerfHost ]
Phone Service [ PhoneSvc ]
Performance Logs & Alerts [ pla ]
Printer Extensions and Notifications [ PrintNotify ]
Windows PushToInstall Service [ PushToInstall ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Remote Access Connection Manager [ RasMan ]
Routing and Remote Access [ RemoteAccess ]
Radio Management Service [ RmSvc ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Resultant Set of Policy Provider [ RSoPProv ]
Special Administration Console Helper [ sacsvr ]
Smart Card [ SCardSvr ]
Smart Card Device Enumeration Service [ ScDeviceEnum ]
Smart Card Removal Policy [ SCPolicySvc ]
Secondary Logon [ seclogon ]
SecPod Saner Upgrade Controller v2 [ SecPod Saner Upgrade Controller v2 ]
Payments and NFC/SE Manager [ SEMgrSvc ]
Windows Defender Advanced Threat Protection Service [ Sense ]
Sensor Data Service [ SensorDataService ]
Sensor Service [ SensorService ]
Sensor Monitoring Service [ SensrSvc ]
System Guard Runtime Monitor Broker [ SgrmBroker ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Shared PC Account Manager [ shpamsvc ]
Simple TCP/IP Services [ simptcp ]
Microsoft Storage Spaces SMP [ smphost ]
Simple Mail Transfer Protocol (SMTP) [ SMTPSVC ]
SNMP Trap [ SNMPTRAP ]
SQL Server Distributed Replay Client [ SQL Server Distributed Replay Client ]
SQL Server Distributed Replay Controller [ SQL Server Distributed Replay Controller ]
SSDP Discovery [ SSDPSRV ]
OpenSSH Authentication Agent [ ssh-agent ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
Windows Image Acquisition (WIA) [ stisvc ]
Spot Verifier [ svsvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Telephony [ tapisrv ]
Tib Mounter Service [ Tib Mounter Service ]
Storage Tiers Management [ TieringEngineService ]
Auto Time Zone Updater [ tzautoupdate ]
User Experience Virtualization Service [ UevAgentService ]
UPnP Device Host [ upnphost ]
Virtual Disk [ vds ]
Hyper-V Guest Service Interface [ vmicguestinterface ]
Hyper-V Heartbeat Service [ vmicheartbeat ]
Hyper-V Data Exchange Service [ vmickvpexchange ]
Hyper-V Remote Desktop Virtualization Service [ vmicrdv ]
Hyper-V Guest Shutdown Service [ vmicshutdown ]
Hyper-V Time Synchronization Service [ vmictimesync ]
Hyper-V PowerShell Direct Service [ vmicvmsession ]
Hyper-V Volume Shadow Copy Requestor [ vmicvss ]
VMware Snapshot Provider [ vmvss ]
VMware CAF AMQP Communication Service [ VMwareCAFCommAmqpListener ]
Volume Shadow Copy [ VSS ]
W3C Logging Service [ w3logsvc ]
Windows Update Medic Service [ WaaSMedicSvc ]
WalletService [ WalletService ]
WarpJITSvc [ WarpJITSvc ]
Windows Biometric Service [ WbioSrvc ]
Diagnostic Service Host [ WdiServiceHost ]
Diagnostic System Host [ WdiSystemHost ]
Windows Event Collector [ Wecsvc ]
Windows Encryption Provider Host Service [ WEPHOSTSVC ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
Still Image Acquisition Events [ WiaRpc ]
Windows Insider Service [ wisvc ]
Microsoft Account Sign-in Assistant [ wlidsvc ]
WMI Performance Adapter [ wmiApSrv ]
Windows Media Player Network Sharing Service [ WMPNetworkSvc ]
Web Management Service [ WMSVC ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Search [ WSearch ]
Windows Update [ wuauserv ]
CaptureService_7ba5c [ CaptureService_7ba5c ]
Clipboard User Service_7ba5c [ cbdhsvc_7ba5c ]
ConsentUX_7ba5c [ ConsentUxUserSvc_7ba5c ]
DevicePicker_7ba5c [ DevicePickerUserSvc_7ba5c ]
DevicesFlow_7ba5c [ DevicesFlowUserSvc_7ba5c ]
Contact Data_7ba5c [ PimIndexMaintenanceSvc_7ba5c ]
PrintWorkflow_7ba5c [ PrintWorkflowUserSvc_7ba5c ]
User Data Storage_7ba5c [ UnistoreSvc_7ba5c ]
User Data Access_7ba5c [ UserDataSvc_7ba5c ]
Google Updater Internal Service (GoogleUpdaterInternalService145.0.7569.0) [ GoogleUpdaterInternalService145.0.7569.0 ]
Google Updater Service (GoogleUpdaterService145.0.7569.0) [ GoogleUpdaterService145.0.7569.0 ]
CaptureService_60ffe9f0b [ CaptureService_60ffe9f0b ]
Clipboard User Service_60ffe9f0b [ cbdhsvc_60ffe9f0b ]
ConsentUX_60ffe9f0b [ ConsentUxUserSvc_60ffe9f0b ]
DevicePicker_60ffe9f0b [ DevicePickerUserSvc_60ffe9f0b ]
DevicesFlow_60ffe9f0b [ DevicesFlowUserSvc_60ffe9f0b ]
Contact Data_60ffe9f0b [ PimIndexMaintenanceSvc_60ffe9f0b ]
PrintWorkflow_60ffe9f0b [ PrintWorkflowUserSvc_60ffe9f0b ]
User Data Storage_60ffe9f0b [ UnistoreSvc_60ffe9f0b ]
User Data Access_60ffe9f0b [ UserDataSvc_60ffe9f0b ]

92373 - Microsoft Windows SMB Sessions
-
Synopsis
Nessus was able to collect and report SMB session information from the remote host.
Description
Nessus was able to collect details of SMB sessions from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2025/12/15
Plugin Output

tcp/0

tidua
production

Extended SMB session information attached.

23974 - Microsoft Windows SMB Share Hosting Office Files
-
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output

tcp/445/cifs


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\f\msoirmprotector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\r\msoirmprotector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\f\msoirmprotector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\r\msoirmprotector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_08e5c4718206e3dd\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_fe911a1f4da621e2\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\f\msoirmprotector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\r\msoirmprotector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\f\msoirmprotector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\r\msoirmprotector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_08e5c4718206e3dd\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_fe911a1f4da621e2\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\f\msoirmprotector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\r\msoirmprotector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\f\msoirmprotector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\r\msoirmprotector.xls
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_08e5c4718206e3dd\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1_none_fe911a1f4da621e2\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\f\wdagplaceholder.xlsx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\r\wdagplaceholder.xlsx
- C:\inetpub\wwwroot\SpineHR\MobileHR\UserData\SampleResumeFile\SampleResume.docx
- C:\inetpub\wwwroot\SpineHR\UserData\SampleResumeFile\SampleResume.docx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\r\wdagplaceholder.docx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\f\wdagplaceholder.docx
- C:\Users\Administrator\Downloads\VAPT-Update-18.12.2024\SpineHRMS_Deploy607\UserData\SampleResumeFile\SampleResume.docx
- C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Licenses\1033\SSMS License Terms.docx
- C:\inetpub\wwwroot\SpineHR - Copy\UserData\SampleResumeFile\SampleResume.docx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\f\wdagplaceholder.pptx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.3770.1.10\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\r\wdagplaceholder.pptx

+ E$ :

- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Docs\Resume\Elijah Nevis.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000010_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000011_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000013_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000014_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000014_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000015_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000016_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000017_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000022_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000022_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000023_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000023_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000024_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000024_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000025_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000025_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000033_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000034_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000035_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000040_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000042_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000043_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000044_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000044_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000055_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000056_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000059_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000061_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000061_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000062_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000063_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000064_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000085_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000086_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000087_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000088_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000089_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000090_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000090_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\LetterTemplate\CanLetter\C000000091_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\ResignReq\Exit_4695_resignation letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\ResignReq\Exit_4739_resgine letter.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\ResignReq\Exit_4863_vishal resignation.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\ResignReq\Exit_4930_Resignation.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\11i2kb1q13a_Naveen kumar.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\1cul4ffjzeq_K RAVIKIRAN RESUME.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\1oylklkyuh0_S.RENESH.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\4fkrtkt3pgh_Sandeep.k[16_0].doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\Ganesh .doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\gec2pmbuf4w_shekar.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\guoyghri4ky_S.ELANGOVAN.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\ho4q0pvrwuf_SUBHASH C.J CHITLUR.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\hwjdepbfaiu_ADITYA DUBEY.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\itapin4owj5_M Manimekala.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\jlqz4fzvbld_E.MANJULA.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\k1uhjmsdjyt_T. kipson.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\q5nzbsejrxs_SOUNDARARAJAN.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\qdqo1m4o5nm_Sidhant Mandley .doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\sgjqdeoepqv_senthil resume.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\smfom1ypffi_ANIL KUMAR (2).doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\stgajklu5no_Rm Saravanan.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\sv3xwvhluvq_Elijah Nevis.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\syjyl0iygrp_Krupakaran M.doc
- E:\MobileHR backup 13-05-2025\Payrollnx\UserData\Resume\wevetgwtuml_Kunal Shekhar.doc
- E:\MobileHR backup 13-05-2025\Payrollnx - Copy (2)\UserData\EmpDoc\PIP\Without Signature\Prasanna M.doc
- E:\MobileHR backup 13-05-2025\Payrollnx - Copy (2)\UserData\EmpDoc\PIP\Without Signature\Sagar Ghule .doc
- E:\MobileHR backup 13-05-2025\Payrollnx - Copy (2)\UserData\EmpDoc\PIP\Without Signature\Sameerkhan Pathan.doc
- E:\MobileHR backup 13-05-2025\Payrollnx - Copy (2)\UserData\EmpDoc\PIP\Without Signature\Shantaram Gavande .doc
- E:\MobileHR backup 13-05-2025\UserData\Docs\Resume\Elijah Nevis.doc
- E:\MobileHR backup 13-05-2025\UserData\EmpDoc\PIP\Without Signature\Amol Hyalij.doc
- E:\MobileHR backup 13-05-2025\UserData\EmpDoc\PIP\Without Signature\Ankush Singh.doc
- E:\MobileHR backup 13-05-2025\UserData\EmpDoc\PIP\Without Signature\Mahendra Bodade.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000014_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000014_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000015_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000016_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000017_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000018_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000018_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000019_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000023_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000024_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000024_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000025_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000025_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000026_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000027_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000028_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000040_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000042_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000043_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000044_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000044_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000047_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000048_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000049_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000061_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000061_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000062_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000063_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000064_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000065_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000066_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000068_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000088_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000089_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000090_Appointment Letter.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000090_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\LetterTemplate\CanLetter\C000000091_Appt Letter _Rashmi.doc
- E:\MobileHR backup 13-05-2025\UserData\ResignReq\Exit_0657_Resignation.doc
- E:\MobileHR backup 13-05-2025\UserData\ResignReq\Exit_3426_EKNATH KHAMKAR.doc
- E:\MobileHR backup 13-05-2025\UserData\ResignReq\Exit_4284_Nagesh resignation.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\a5cqdrdrdh3_Noor Jahan.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\aa1bnquv3vx_Arumugaraj.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\b4jvbmj42gb_Kunal Shekhar.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\ccqqx3evw1x_sandeep-CV21(1).doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\ccz44otkgfv_PRADEEP.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\d3jllvsgdsl_Sunilkumar.V.N.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\dobd0gfsjas_JAYAPRIYA.P.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\ff4s2iximgv_moumita.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\khhscuacxf0_Jasvinder Saini.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\lmim3gponti_Afzal Shariff.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\NIDHIAGRAWAL[7_0].doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\ob5p504k220_Ganesh .doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\or0k30ujr5k_Shiv_Shankar.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\otlmkp22sjh_Gopi_resume.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\ph2hvnme2hq_VEERA MANJU CH.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\q12qkilzoxn_Arockia Jegan.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\wxwuoo4ooeg_Nayeem.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\xmimg0qjtsn_Raj_Resume_New__1_.doc
- E:\MobileHR backup 13-05-2025\UserData\Resume\yhifnwsveo3_PRABAKARAN_S.doc
- E:\SPINE WORK\Spine_LKP\Policies\Leave Policy (Permanent).doc
- E:\SPINE WORK\Spine_LKP\Policies\Leave Policy (Probation).doc
- E:\SPINE WORK\Spine_LKP\Policies\Leave Policy.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Docs\Resume\Elijah Nevis.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\EmpDoc\PIP\Without Signature\Amol Hyalij.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000011_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000013_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000014_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000014_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000015_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000016_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000017_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000018_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000022_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000023_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000023_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000024_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000024_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000025_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000025_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000026_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000034_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000035_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000040_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000042_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000043_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000044_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000044_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000047_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000056_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000059_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000061_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000061_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000062_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000063_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000064_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000065_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000086_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000087_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000088_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000089_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000090_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000090_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\LetterTemplate\CanLetter\C000000091_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\ResignReq\Exit_0657_Resignation.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\1oylklkyuh0_S.RENESH.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\4fkrtkt3pgh_Sandeep.k[16_0].doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\a5cqdrdrdh3_Noor Jahan.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\aa1bnquv3vx_Arumugaraj.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\b4jvbmj42gb_Kunal Shekhar.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\ccqqx3evw1x_sandeep-CV21(1).doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\ccz44otkgfv_PRADEEP.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\d3jllvsgdsl_Sunilkumar.V.N.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\jlqz4fzvbld_E.MANJULA.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\k1uhjmsdjyt_T. kipson.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\khhscuacxf0_Jasvinder Saini.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\lmim3gponti_Afzal Shariff.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\NIDHIAGRAWAL[7_0].doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\ob5p504k220_Ganesh .doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\or0k30ujr5k_Shiv_Shankar.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\otlmkp22sjh_Gopi_resume.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\syjyl0iygrp_Krupakaran M.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\wevetgwtuml_Kunal Shekhar.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\wxwuoo4ooeg_Nayeem.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\xmimg0qjtsn_Raj_Resume_New__1_.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx\UserData\Resume\yhifnwsveo3_PRABAKARAN_S.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\Docs\Resume\Elijah Nevis.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\EmpDoc\PIP\Without Signature\Amol Hyalij.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\EmpDoc\PIP\Without Signature\Ankush Singh.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000013_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000014_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000014_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000015_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000016_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000017_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000018_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000018_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000023_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000023_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000024_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000024_Appt Letter _Rashmi.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000025_Appointment Letter.doc
- E:\SpineHR--31052023\MobileHR\Payrollnx - Copy\UserData\LetterTemplate\CanLetter\C000000025_Appt Letter _Rashmi.doc


Note that Nessus has limited the report to 255 files although there
may be more.
60119 - Microsoft Windows SMB Share Permissions Enumeration
-
Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/07/25, Modified: 2022/08/11
Plugin Output

tcp/445/cifs


Share path : \\SPINE-HRMS\HR SHARE
Local path : D:\HR SHARE
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for Everyone (S-1-1-0): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES

Share path : \\SPINE-HRMS\Spine DataBase Backup$
Local path : E:\Spine DataBase Backup
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: NO
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: NO
FILE_ADD_FILE: NO
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: NO
DELETE: NO
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: NO
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: NO
FILE_CREATE_PIPE_INSTANCE: NO
FILE_WRITE_ATTRIBUTES: NO
10396 - Microsoft Windows SMB Shares Access
-
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following shares can be accessed as tidua :

- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
appcompat
apppatch
AppReadiness
assembly
bcastdvr
bfsvc.exe
Boot
bootstat.dat
Branding
CbsTemp
Containers
CSC
Cursors
debug
DfsrAdmin.exe
DfsrAdmin.exe.config
diagnostics
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
IdentityCRL
iis.log
IME
ImmersiveControlPanel
INF
InputMethod
Installer
L2Schemas
LiveKernelReports
Logs
lsasetup.log
media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
Offline Web Pages
Panther
PCHEALTH
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
ServiceState
servicing
Setup
setuperr.log
ShellComponents
ShellExperiences
SKB
smtpins.log
SoftwareDistribution
SoftwareDistribution.klnagent
Speech
Speech_OneCore
splwow64.exe
symbols
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SysWOW64
TAPI
Tasks

- C$ - (readable,writable)
+ Content of this share :
Documents and Settings
inetpub
KVRT2020_Data
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
System Volume Information
Users
Windows

- Spine DataBase Backup$ - (readable,writable)
+ Content of this share :
..
24-06-25 backup spine.rar
LKPSEC_01 Oct 2025 _23_30_1.rar
LKPSEC_02 Jan 2026 _23_30_0.rar
LKPSEC_03 Nov 2025 _23_30_0.rar
LKPSEC_03 Oct 2025 _23_30_0.rar
LKPSEC_04 Jun 2025 _23_30_5.rar
LKPSEC_05 Jan 2026 _23_30_0.bak
LKPSEC_05 Jan 2026 _23_30_6.bak
LKPSEC_05 Nov 2025 _23_30_0.rar
LKPSEC_07 Jan 2026 _23_30_0.bak
LKPSEC_07 Jan 2026 _23_30_6.bak
LKPSEC_09 Jan 2026 _23_30_0.bak
LKPSEC_09 Jan 2026 _23_30_6.bak
LKPSEC_26 Dec 2025 _23_30_0.rar
LKPSEC_26 Nov 2025 _23_30_0.rar
LKPSEC_26 Sep 2025 _23_30_0.rar
LKPSEC_28 Apr 2025 _23_30_0.rar
LKPSEC_28 Nov 2025 _23_30_0.rar
LKPSEC_29 Dec 2025 _23_30_0.rar
LKPSEC_29 Oct 2025 _23_30_0.rar
LKPSEC_29 Sep 2025 _23_30_0.rar
LKPSEC_30 Apr 2025 _23_30_0.rar
LKPSEC_30 May 2025 _23_30_1.rar
LKPSEC_31 Dec 2025 _23_30_0.rar
LKPSEC_31 Oct 2025 _23_30_0.rar
Logs
OLD-Backups
Spine DataBase Backup 29 Aug 2025.rar
Spine DataBase Backup 30 Jul 2025.rar
Spine DataBase Backup.rar
Spine DataBase Backup16 Jul 2025.rar

- HR SHARE - (readable,writable)
+ Content of this share :
..
LKP Securities Ltd HDFCBank-OnePager-Millennia Debit Card.pptx
Salary
Thumbs.db

- E$ - (readable,writable)
+ Content of this share :
cert
COMPARE
DailyAttenRecalc
esgAuditTool
HR SHARE.rar
HRMS-Update_15.10.2024
LKPSOFT
MobileHR backup 13-05-2025
OldSpineDailyAtt
PC-SPAN
PROJECT
Spine Database
Spine DataBase Backup
SPINE WORK
SpineDailyAttenRecalc
SpineDailyAttenRecalc - Copy
SpineEssData.dll
SpineHR--31052023
System Volume Information
Utility_version
WSFTP

- D$ - (readable,writable)
+ Content of this share :
08052025
blankps
blankps.zip
DBBACKUP
ERROR.png
HR SHARE
LKPSOFT
LKP_C001_NX_04012022.zip
LKP_C002_NX_04012022.zip
SpineDatabase
SpineHR
SpineHR - Copy (2)
SpineHRMobile_Deploy.zip
Spineweb
System Volume Information
udl.txt
WEBconfig backup
10395 - Microsoft Windows SMB Shares Enumeration
-
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Here are the SMB shares available on the remote host when logged in as tidua:

- ADMIN$
- C$
- D$
- E$
- HR SHARE
- IPC$
- Spine DataBase Backup$
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/06/19, Modified: 2019/11/22
Plugin Output

tcp/445/cifs


The remote host supports the following versions of SMB :
SMBv2
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/09, Modified: 2020/03/11
Plugin Output

tcp/445/cifs


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10

92368 - Microsoft Windows Scripting Host Settings
-
Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1

Windows scripting host configuration attached.

200493 - Microsoft Windows Start Menu Software Version Enumeration
-
Synopsis
Enumerates Start Menu software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2024/06/13, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

The following software information is available on the remote host :

- Google Chrome.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Google Chrome.lnk
Target : C:\Program Files\Google\Chrome\Application\chrome.exe
Version : 143.0.7499.193

- Immersive Control Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Immersive Control Panel.lnk
Target : C:\Windows\System32\Control.exe
Version : 10.0.17763.2300

- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.17763.168

- Speech Recognition.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessibility\Speech Recognition.lnk
Target : C:\Windows\Speech\Common\sapisvr.exe
Version : 5.3.22514.0

- Calculator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Calculator.lnk
Target : C:\Windows\system32\win32calc.exe
Version : 10.0.17763.1

- Math Input Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Math Input Panel.lnk
Target : C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
Version : 10.0.17763.1697

- Paint.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Paint.lnk
Target : C:\Windows\system32\mspaint.exe
Version : 10.0.17763.1697

- Remote Desktop Connection.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Remote Desktop Connection.lnk
Target : C:\Windows\system32\mstsc.exe
Version : 10.0.17763.2867

- Snipping Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Snipping Tool.lnk
Target : C:\Windows\system32\SnippingTool.exe
Version : 10.0.17763.1697

- Steps Recorder.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Steps Recorder.lnk
Target : C:\Windows\system32\psr.exe
Version : 10.0.17763.1697

- Windows Media Player.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows Media Player.lnk
Target : C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Version : 12.0.17763.1

- Wordpad.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Wordpad.lnk
Target : C:\Program Files\Windows NT\Accessories\wordpad.exe
Version : 10.0.17763.2989

- XPS Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\XPS Viewer.lnk
Target : C:\Windows\system32\xpsrchvw.exe
Version : 10.0.17763.3113

- Character Map.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Character Map.lnk
Target : C:\Windows\system32\charmap.exe
Version : 5.2.3668.0

- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown

- Acronis Cyber Protect Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Acronis\Acronis Cyber Protect Monitor.lnk
Target : C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe
Version : 23.9.883.0

- Component Services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Component Services.lnk
Target : C:\Windows\system32\comexp.msc
Version : unknown

- Computer Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Computer Management.lnk
Target : C:\Windows\system32\compmgmt.msc
Version : unknown

- dfrgui.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\dfrgui.lnk
Target : C:\Windows\system32\dfrgui.exe
Version : 10.0.17763.1697

- Disk Cleanup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Disk Cleanup.lnk
Target : C:\Windows\system32\cleanmgr.exe
Version : 10.0.17763.1

- Event Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Event Viewer.lnk
Target : C:\Windows\system32\eventvwr.msc
Version : unknown

- IIS Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\IIS Manager.lnk
Target : C:\Windows\system32\inetsrv\InetMgr.exe
Version : 10.0.17763.3650

- IIS6 Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\IIS6 Manager.lnk
Target : C:\Windows\system32\inetsrv\InetMgr6.exe
Version : 10.0.17763.1

- iSCSI Initiator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\iSCSI Initiator.lnk
Target : C:\Windows\system32\iscsicpl.exe
Version : 10.0.17763.1

- Memory Diagnostics Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Memory Diagnostics Tool.lnk
Target : C:\Windows\system32\MdSched.exe
Version : 10.0.17763.1

- Microsoft Azure services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Microsoft Azure services.lnk
Target : C:\Windows\explorer.exe
Version : 10.0.17763.3113

- ODBC Data Sources (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (32-bit).lnk
Target : C:\Windows\syswow64\odbcad32.exe
Version : 10.0.17763.1

- ODBC Data Sources (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (64-bit).lnk
Target : C:\Windows\system32\odbcad32.exe
Version : 10.0.17763.1

- Performance Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Performance Monitor.lnk
Target : C:\Windows\system32\perfmon.msc
Version : unknown

- Print Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Print Management.lnk
Target : C:\Windows\system32\printmanagement.msc
Version : unknown

- RecoveryDrive.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\RecoveryDrive.lnk
Target : C:\Windows\system32\RecoveryDrive.exe
Version : 10.0.17763.2183

- Registry Editor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Registry Editor.lnk
Target : C:\Windows\regedit.exe
Version : 10.0.17763.1697

- Resource Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Resource Monitor.lnk
Target : C:\Windows\system32\perfmon.exe
Version : 10.0.17763.1

- Security Configuration Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Security Configuration Management.lnk
Target : C:\Windows\system32\secpol.msc
Version : unknown

- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.17763.168

- services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\services.lnk
Target : C:\Windows\system32\services.msc
Version : unknown

- System Configuration.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Configuration.lnk
Target : C:\Windows\system32\msconfig.exe
Version : 10.0.17763.2061

- System Information.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Information.lnk
Target : C:\Windows\system32\msinfo32.exe
Version : 10.0.17763.2145

- Task Scheduler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Task Scheduler.lnk
Target : C:\Windows\system32\taskschd.msc
Version : unknown

- Windows Defender Firewall with Advanced Security.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk
Target : C:\Windows\system32\WF.msc
Version : unknown

- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown

- Azure Data Studio.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Azure Data Studio\Azure Data Studio.lnk
Target : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Version : 1.41.2.0

- Kaspersky Endpoint Security for Windows.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Kaspersky Endpoint Security for Windows\Kaspersky Endpoint Security for Windows.lnk
Target : C:\Program Files (x86)\Kaspersky Lab\KES.12.3.0\avpui.exe
Version : 21.15.8.493

- SQL Server Installation Center (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2008\Configuration Tools\SQL Server Installation Center (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\LandingPage.exe
Version : 10.0.5500.0

- SQL Server 2014 Import and Export Data (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\SQL Server 2014 Import and Export Data (32-bit).lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\DTSWizard.exe
Version : 12.0.6024.0

- SQL Server 2014 Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\SQL Server 2014 Import and Export Data (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\120\DTS\Binn\DTSWizard.exe
Version : 12.0.6024.0

- SQL Server 2014 Management Studio.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\SQL Server 2014 Management Studio.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\Ssms.exe
Version : 2014.120.6024.0

- Deployment Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Analysis Services\Deployment Wizard.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\Microsoft.AnalysisServices.Deployment.exe
Version : 12.0.2000.8

- SQL Server 2014 Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Configuration Tools\SQL Server 2014 Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.17763.1697

- SQL Server 2014 Reporting Services Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Configuration Tools\SQL Server 2014 Reporting Services Configuration Manager.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\RSConfigTool.exe
Version : 12.0.6024.0

- SQL Server 2014 Data Quality Client.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Data Quality Services\SQL Server 2014 Data Quality Client.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\DQ\DataQualityServices.exe
Version : 12.0.2000.8

- Community Projects & Samples.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\Community Projects & Samples.lnk
Target :
Version : unknown

- Manage Help Settings.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\Manage Help Settings.lnk
Target : C:\Program Files\Microsoft Help Viewer\v1.0\HelpLibManager.exe
Version : 1.0.40219.1

- Resource Center.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\Resource Center.lnk
Target :
Version : unknown

- SQL Server Documentation.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Documentation & Community\SQL Server Documentation.lnk
Target :
Version : unknown

- SQL Server 2014 Data Profile Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Data Profile Viewer.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\DataProfileViewer.exe
Version : 12.0.2000.8

- SQL Server 2014 Deployment Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Deployment Wizard.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\ISDeploymentWizard.exe
Version : 12.0.2000.8

- SQL Server 2014 Execute Package Utility.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Execute Package Utility.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\ManagementStudio\DTExecUI.exe
Version : 12.0.2000.8

- SQL Server 2014 Project Conversion Wizard.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Integration Services\SQL Server 2014 Project Conversion Wizard.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\DTS\Binn\ISProjectWizard.exe
Version : 12.0.2000.8

- SQL Server 2014 Database Engine Tuning Advisor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Performance Tools\SQL Server 2014 Database Engine Tuning Advisor.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\DTASHELL.EXE
Version : 12.0.2000.8

- SQL Server 2014 Profiler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2014\Performance Tools\SQL Server 2014 Profiler.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\120\Tools\Binn\PROFILER.EXE
Version : 2014.120.6024.0

- SQL Server 2019 Import and Export Data (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\SQL Server 2019 Import and Export Data (32-bit).lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\DTSWizard.exe
Version : 15.0.4335.1

- SQL Server 2019 Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\SQL Server 2019 Import and Export Data (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\150\DTS\Binn\DTSWizard.exe
Version : 15.0.4335.1

- SQL Server 2019 Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.17763.1697

- SQL Server 2019 Error and Usage Reporting.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Error and Usage Reporting.lnk
Target : C:\Program Files\Microsoft SQL Server\150\Shared\SqlWtsn.exe
Version : 15.0.2000.5

- SQL Server 2019 Installation Center (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Installation Center (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\LandingPage.exe
Version : 15.0.4335.1

- SQL Server 2019 Data Quality Client.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Data Quality Services\SQL Server 2019 Data Quality Client.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\DQ\DataQualityServices.exe
Version : 15.0.2000.5

- SQL Server 2019 Data Quality Server Installer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Data Quality Services\SQL Server 2019 Data Quality Server Installer.lnk
Target : C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\DQSInstaller.exe
Version : 15.0.2000.5

- Analysis Services Deployment Wizard 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\Analysis Services Deployment Wizard 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\Microsoft.AnalysisServices.Deployment.exe
Version : 16.0.19993.0

- SQL Server Management Studio Management Studio 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\SQL Server Management Studio Management Studio 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\Ssms.exe
Version : 2023.160.20209.0

- Database Engine Tuning Advisor 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\Performance Tools\Database Engine Tuning Advisor 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\DTASHELL.EXE
Version : 16.200.20209.0

- SQL Server Profiler 19.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 19\Performance Tools\SQL Server Profiler 19.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\PROFILER.EXE
Version : 2022.160.4001.1

- VNC Address Book.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Address Book.lnk
Target : C:\Program Files\RealVNC\VNC4\vncaddrbook.exe
Version : 4.6.1.54321

- VNC Server.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Server.lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321

- VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321

- Enter VNC Server License Key.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Enter VNC Server License Key.lnk
Target : C:\Program Files\RealVNC\VNC4\vncconfig.exe
Version : 4.6.1.54321

- Start Listening VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Start Listening VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321

- VNC Server (User Mode).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\VNC Server (User Mode).lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321

- Task Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Task Manager.lnk
Target : C:\Windows\system32\taskmgr.exe
Version : 10.0.17763.2989

- start VM Statistics Logging.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\VMware\VMware Tools\start VM Statistics Logging.lnk
Target : C:\Windows\System32\perfmon.msc
Version : unknown

- Console RAR manual.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\Console RAR manual.lnk
Target : C:\Program Files\WinRAR\Rar.txt
Version : unknown

- What is new in the latest version.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\What is new in the latest version.lnk
Target : C:\Program Files\WinRAR\WhatsNew.txt
Version : unknown

- WinRAR help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR help.lnk
Target : C:\Program Files\WinRAR\WinRAR.chm
Version : unknown

- WinRAR.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR.lnk
Target : C:\Program Files\WinRAR\WinRAR.exe
Version : 5.91.0.0
58452 - Microsoft Windows Startup Software Enumeration
-
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/03/23, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following startup item was found :

Acronis Scheduler2 Service - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
AcronisTibMounterMonitor - C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
MmsMonitor.exe - C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
VMware User Process - C:\Program Files\VMware\VMware Tools\vmtoolsd.exe
38153 - Microsoft Windows Summary of Missing Patches
-
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Note the results of missing patches also include superseded patches.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information
Published: 2009/04/24, Modified: 2019/06/13
Plugin Output

tcp/445/cifs

The patches for the following bulletins or KBs are missing on the remote host :

- MS12-021 ( http://technet.microsoft.com/en-us/security/bulletin/ms12-021 )
- KB5022286 ( https://support.microsoft.com/en-us/help/5022286 )
- KB5022504 ( https://support.microsoft.com/en-us/help/5022504 )
- KB5022511 ( https://support.microsoft.com/en-us/help/5022511 )
- KB5022840 ( https://support.microsoft.com/en-us/help/5022840 )
- KB5023702 ( https://support.microsoft.com/en-us/help/5023702 )
- KB5025229 ( https://support.microsoft.com/en-us/help/5025229 )
- KB5026362 ( https://support.microsoft.com/en-us/help/5026362 )
- KB5027131 ( https://support.microsoft.com/en-us/help/5027131 )
- KB5027222 ( https://support.microsoft.com/en-us/help/5027222 )
- KB5028168 ( https://support.microsoft.com/en-us/help/5028168 )
- KB5028960 ( https://support.microsoft.com/en-us/help/5028960 )
- KB5029247 ( https://support.microsoft.com/en-us/help/5029247 )
- KB5029925 ( https://support.microsoft.com/en-us/help/5029925 )
- KB5029931 ( https://support.microsoft.com/en-us/help/5029931 )
- KB5030214 ( https://support.microsoft.com/en-us/help/5030214 )
- KB5031361 ( https://support.microsoft.com/en-us/help/5031361 )
- KB5031984 ( https://support.microsoft.com/en-us/help/5031984 )
- KB5032196 ( https://support.microsoft.com/en-us/help/5032196 )
- KB5033371 ( https://support.microsoft.com/en-us/help/5033371 )
- KB5033904 ( https://support.microsoft.com/en-us/help/5033904 )
- KB5034127 ( https://support.microsoft.com/en-us/help/5034127 )
- KB5034768 ( https://support.microsoft.com/en-us/help/5034768 )
- KB5035849 ( https://support.microsoft.com/en-us/help/5035849 )
- KB5036604 ( https://support.microsoft.com/en-us/help/5036604 )
- KB5036896 ( https://support.microsoft.com/en-us/help/5036896 )
- KB5037765 ( https://support.microsoft.com/en-us/help/5037765 )
- KB5039705 ( https://support.microsoft.com/en-us/help/5039705 )
- KB5039217 ( https://support.microsoft.com/en-us/help/5039217 )
- KB5039879 ( https://support.microsoft.com/en-us/help/5039879 )
- KB5039886 ( https://support.microsoft.com/en-us/help/5039886 )
- KB5040430 ( https://support.microsoft.com/en-us/help/5040430 )
- KB5041578 ( https://support.microsoft.com/en-us/help/5041578 )
- KB5043050 ( https://support.microsoft.com/en-us/help/5043050 )
- KB5044016 ( https://support.microsoft.com/en-us/help/5044016 )
- KB5044022 ( https://support.microsoft.com/en-us/help/5044022 )
- KB5044277 ( https://support.microsoft.com/en-us/help/5044277 )
- KB5046615 ( https://support.microsoft.com/en-us/help/5046615 )
- KB5048661 ( https://support.microsoft.com/en-us/help/5048661 )
- KB5049608 ( https://support.microsoft.com/en-us/help/5049608 )
- KB5050008 ( https://support.microsoft.com/en-us/help/5050008 )
- KB5052000 ( https://support.microsoft.com/en-us/help/5052000 )
- KB5053596 ( https://support.microsoft.com/en-us/help/5053596 )
- KB5055519 ( https://support.microsoft.com/en-us/help/5055519 )
- KB5058392 ( https://support.microsoft.com/en-us/help/5058392 )
- KB5060531 ( https://support.microsoft.com/en-us/help/5060531 )
- KB5062557 ( https://support.microsoft.com/en-us/help/5062557 )
- KB5063877 ( https://support.microsoft.com/en-us/help/5063877 )
- KB5065428 ( https://support.microsoft.com/en-us/help/5065428 )
- KB5066586 ( https://support.microsoft.com/en-us/help/5066586 )
- KB5068791 ( https://support.microsoft.com/en-us/help/5068791 )
- KB5071544 ( https://support.microsoft.com/en-us/help/5071544 )

92369 - Microsoft Windows Time Zone Information
-
Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2023/06/06
Plugin Output

tcp/0

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : India Standard Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-492
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-491
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000000000000000000000000000000
19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2025/10/29
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.11.1
Nessus build : 20021
Plugin feed version : 202601041845
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : Server 1
Scan policy used : Server
Scanner IP : 172.17.100.38
Port scanner(s) : wmi_netstat
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : yes (at debugging level 4)
Paranoia level : 0
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '172.17.100.20\tidua' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2026/1/10 0:00 India Standard Time (UTC +05:30)
Scan duration : 2430 sec
Scan for malware : no
58651 - Netstat Active Connections
-
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/04/10, Modified: 2021/06/29
Plugin Output

tcp/0


Netstat output :

Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:81 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1064
TCP 0.0.0.0:443 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:1433 0.0.0.0:0 LISTENING 4364
TCP 0.0.0.0:2383 0.0.0.0:0 LISTENING 5284
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1280
TCP 0.0.0.0:5800 0.0.0.0:0 LISTENING 4404
TCP 0.0.0.0:5900 0.0.0.0:0 LISTENING 4404
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:6111 0.0.0.0:0 LISTENING 5496
TCP 0.0.0.0:10050 0.0.0.0:0 LISTENING 16976
TCP 0.0.0.0:18018 0.0.0.0:0 LISTENING 13940
TCP 0.0.0.0:35009 0.0.0.0:0 LISTENING 3408
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 828
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1436
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1868
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2704
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 3120
TCP 0.0.0.0:49669 0.0.0.0:0 LISTENING 2992
TCP 0.0.0.0:49752 0.0.0.0:0 LISTENING 968
TCP 0.0.0.0:49793 0.0.0.0:0 LISTENING 976
TCP 127.0.0.1:1434 0.0.0.0:0 LISTENING 4364
TCP 127.0.0.1:1550 0.0.0.0:0 LISTENING 13348
TCP 127.0.0.1:1551 0.0.0.0:0 LISTENING 13348
TCP 127.0.0.1:2723 127.0.0.1:49670 ESTABLISHED 2728
TCP 127.0.0.1:4435 127.0.0.1:49690 ESTABLISHED 3380
TCP 127.0.0.1:5093 127.0.0.1:49670 ESTABLISHED 13036
TCP 127.0.0.1:5393 127.0.0.1:49670 ESTABLISHED 13036
TCP 127.0.0.1:6109 0.0.0.0:0 LISTENING 3560
TCP 127.0.0.1:6111 127.0.0.1:11316 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11317 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11321 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11322 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11324 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11325 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11330 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11331 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11334 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11339 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11340 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11342 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11343 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11349 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11350 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11351 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11352 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11363 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11364 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11368 TIME_WAIT 0
TCP 127.0.0.1:6111 127.0.0.1:11369 TIME_WAIT 0
TCP 127.0.0.1:6146 127.0.0.1:49670 ESTABLISHED 120
TCP 127.0.0.1:6888 0.0.0.0:0 LISTENING 13940
TCP 127.0.0.1:7374 127.0.0.1:49670 ESTABLISHED 13036
TCP 127.0.0.1:7563 127.0.0.1:49670 ESTABLISHED 2728
TCP 127.0.0.1:9212 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:9771 0.0.0.0:0 LISTENING 6424
TCP 127.0.0.1:9771 127.0.0.1:49687 ESTABLISHED 6424
TCP 127.0.0.1:9806 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:9850 0.0.0.0:0 LISTENING 3524
TCP 127.0.0.1:9872 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:10778 127.0.0.1:49670 ESTABLISHED 3524
TCP 127.0.0.1:11030 127.0.0.1:49670 ESTABLISHED 5496
TCP 127.0.0.1:11134 127.0.0.1:49670 ESTABLISHED 1880
TCP 127.0.0.1:11135 127.0.0.1:49670 ESTABLISHED 1880
TCP 127.0.0.1:11187 127.0.0.1:49670 ESTABLISHED 3524
TCP 127.0.0.1:11229 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:11304 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:11318 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11320 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11327 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11328 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11329 127.0.0.1:45567 TIME_WAIT 0
TCP 127.0.0.1:11332 127.0.0.1:49715 TIME_WAIT 0
TCP 127.0.0.1:11335 127.0.0.1:6109 TIME_WAIT 0
TCP 127.0.0.1:11337 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11338 127.0.0.1:49729 TIME_WAIT 0
TCP 127.0.0.1:11341 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11344 127.0.0.1:49985 TIME_WAIT 0
TCP 127.0.0.1:11345 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11346 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11348 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11354 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11355 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11356 127.0.0.1:49867 TIME_WAIT 0
TCP 127.0.0.1:11357 127.0.0.1:49670 ESTABLISHED 6520
TCP 127.0.0.1:11358 127.0.0.1:49670 ESTABLISHED 6520
TCP 127.0.0.1:11359 127.0.0.1:49670 ESTABLISHED 6520
TCP 127.0.0.1:11360 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:11361 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:11365 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11366 127.0.0.1:49692 ESTABLISHED 3380
TCP 127.0.0.1:11367 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:11370 127.0.0.1:49670 TIME_WAIT 0
TCP 127.0.0.1:13227 127.0.0.1:49670 ESTABLISHED 3524
TCP 127.0.0.1:14222 127.0.0.1:49670 ESTABLISHED 4024
TCP 127.0.0.1:14732 127.0.0.1:49670 ESTABLISHED 13308
TCP 127.0.0.1:15700 127.0.0.1:49670 ESTABLISHED 6716
TCP 127.0.0.1:15757 127.0.0.1:49670 ESTABLISHED 12180
TCP 127.0.0.1:26325 127.0.0.1:49670 ESTABLISHED 13036
TCP 127.0.0.1:29623 127.0.0.1:49670 ESTABLISHED 13036
TCP 127.0.0.1:30523 0.0.0.0:0 LISTENING 13348
TCP 127.0.0.1:30835 127.0.0.1:49670 ESTABLISHED 2728
TCP 127.0.0.1:31832 127.0.0.1:49670 ESTABLISHED 13036
TCP 127.0.0.1:40178 127.0.0.1:49670 ESTABLISHED 2728
TCP 127.0.0.1:43234 0.0.0.0:0 LISTENING 3524
TCP 127.0.0.1:45567 0.0.0.0:0 LISTENING 1880
TCP 127.0.0.1:45567 127.0.0.1:11329 TIME_WAIT 0
TCP 127.0.0.1:48679 127.0.0.1:49670 ESTABLISHED 6936
TCP 127.0.0.1:49228 127.0.0.1:49670 ESTABLISHED 2728
TCP 127.0.0.1:49670 0.0.0.0:0 LISTENING 3380
TCP 127.0.0.1:49670 127.0.0.1:2723 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:5093 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:5393 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:6146 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:7374 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:7563 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:10778 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11030 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11134 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11135 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11187 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11319 TIME_WAIT 0
TCP 127.0.0.1:49670 127.0.0.1:11326 TIME_WAIT 0
TCP 127.0.0.1:49670 127.0.0.1:11336 TIME_WAIT 0
TCP 127.0.0.1:49670 127.0.0.1:11353 TIME_WAIT 0
TCP 127.0.0.1:49670 127.0.0.1:11357 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11358 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11359 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:11365 TIME_WAIT 0
TCP 127.0.0.1:49670 127.0.0.1:13227 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:14222 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:14732 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:15700 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:15757 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:26325 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:29623 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:30835 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:31832 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:40178 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:48679 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49228 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49688 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49696 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49697 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49698 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49865 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:49866 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:50003 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:50080 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:50135 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:50136 ESTABLISHED 3380
TCP 127.0.0.1:49670 127.0.0.1:65280 ESTABLISHED 3380
TCP 127.0.0.1:49673 0.0.0.0:0 LISTENING 6520
TCP 127.0.0.1:49673 127.0.0.1:49677 ESTABLISHED 6520
TCP 127.0.0.1:49677 127.0.0.1:49673 ESTABLISHED 3380
TCP 127.0.0.1:49678 0.0.0.0:0 LISTENING 5856
TCP 127.0.0.1:49678 127.0.0.1:49739 ESTABLISHED 5856
TCP 127.0.0.1:49680 0.0.0.0:0 LISTENING 6256
TCP 127.0.0.1:49680 127.0.0.1:49689 ESTABLISHED 6256
TCP 127.0.0.1:49687 127.0.0.1:9771 ESTABLISHED 3380
TCP 127.0.0.1:49688 127.0.0.1:49670 ESTABLISHED 6216
TCP 127.0.0.1:49689 127.0.0.1:49680 ESTABLISHED 3380
TCP 127.0.0.1:49690 0.0.0.0:0 LISTENING 6216
TCP 127.0.0.1:49690 127.0.0.1:4435 ESTABLISHED 6216
TCP 127.0.0.1:49692 0.0.0.0:0 LISTENING 6676
TCP 127.0.0.1:49692 127.0.0.1:9212 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:9806 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:9872 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:11229 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:11304 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:11360 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:11361 ESTABLISHED 6676
TCP 127.0.0.1:49692 127.0.0.1:11366 ESTABLISHED 6676
TCP 127.0.0.1:49696 127.0.0.1:49670 ESTABLISHED 6676
TCP 127.0.0.1:49697 127.0.0.1:49670 ESTABLISHED 3560
TCP 127.0.0.1:49698 127.0.0.1:49670 ESTABLISHED 6676
TCP 127.0.0.1:49715 0.0.0.0:0 LISTENING 6716
TCP 127.0.0.1:49719 0.0.0.0:0 LISTENING 6936
TCP 127.0.0.1:49719 127.0.0.1:49720 ESTABLISHED 6936
TCP 127.0.0.1:49720 127.0.0.1:49719 ESTABLISHED 3380
TCP 127.0.0.1:49729 0.0.0.0:0 LISTENING 7024
TCP 127.0.0.1:49739 127.0.0.1:49678 ESTABLISHED 3380
TCP 127.0.0.1:49753 0.0.0.0:0 LISTENING 3584
TCP 127.0.0.1:49865 127.0.0.1:49670 ESTABLISHED 13940
TCP 127.0.0.1:49866 127.0.0.1:49670 ESTABLISHED 13940
TCP 127.0.0.1:49867 0.0.0.0:0 LISTENING 13940
TCP 127.0.0.1:49878 127.0.0.1:49879 ESTABLISHED 13940
TCP 127.0.0.1:49879 127.0.0.1:49878 ESTABLISHED 13940
TCP 127.0.0.1:49985 0.0.0.0:0 LISTENING 12180
TCP 127.0.0.1:49990 127.0.0.1:49991 ESTABLISHED 120
TCP 127.0.0.1:49991 127.0.0.1:49990 ESTABLISHED 120
TCP 127.0.0.1:49992 127.0.0.1:49993 ESTABLISHED 120
TCP 127.0.0.1:49993 127.0.0.1:49992 ESTABLISHED 120
TCP 127.0.0.1:49994 127.0.0.1:49995 ESTABLISHED 120
TCP 127.0.0.1:49995 127.0.0.1:49994 ESTABLISHED 120
TCP 127.0.0.1:49996 127.0.0.1:49997 ESTABLISHED 120
TCP 127.0.0.1:49997 127.0.0.1:49996 ESTABLISHED 120
TCP 127.0.0.1:49998 127.0.0.1:49999 ESTABLISHED 120
TCP 127.0.0.1:49999 127.0.0.1:49998 ESTABLISHED 120
TCP 127.0.0.1:50000 127.0.0.1:50001 ESTABLISHED 120
TCP 127.0.0.1:50001 127.0.0.1:50000 ESTABLISHED 120
TCP 127.0.0.1:50002 0.0.0.0:0 LISTENING 120
TCP 127.0.0.1:50003 127.0.0.1:49670 ESTABLISHED 120
TCP 127.0.0.1:50007 0.0.0.0:0 LISTENING 13348
TCP 127.0.0.1:50009 127.0.0.1:50010 ESTABLISHED 7184
TCP 127.0.0.1:50010 127.0.0.1:50009 ESTABLISHED 7184
TCP 127.0.0.1:50062 127.0.0.1:50063 ESTABLISHED 3524
TCP 127.0.0.1:50063 127.0.0.1:50062 ESTABLISHED 3524
TCP 127.0.0.1:50064 127.0.0.1:50065 ESTABLISHED 3524
TCP 127.0.0.1:50065 127.0.0.1:50064 ESTABLISHED 3524
TCP 127.0.0.1:50066 127.0.0.1:50067 ESTABLISHED 3524
TCP 127.0.0.1:50067 127.0.0.1:50066 ESTABLISHED 3524
TCP 127.0.0.1:50068 127.0.0.1:50069 ESTABLISHED 3524
TCP 127.0.0.1:50069 127.0.0.1:50068 ESTABLISHED 3524
TCP 127.0.0.1:50080 127.0.0.1:49670 ESTABLISHED 3524
TCP 127.0.0.1:50104 127.0.0.1:50105 ESTABLISHED 3524
TCP 127.0.0.1:50105 127.0.0.1:50104 ESTABLISHED 3524
TCP 127.0.0.1:50106 127.0.0.1:50107 ESTABLISHED 3524
TCP 127.0.0.1:50107 127.0.0.1:50106 ESTABLISHED 3524
TCP 127.0.0.1:50108 127.0.0.1:50109 ESTABLISHED 3524
TCP 127.0.0.1:50109 127.0.0.1:50108 ESTABLISHED 3524
TCP 127.0.0.1:50110 127.0.0.1:50111 ESTABLISHED 3524
TCP 127.0.0.1:50111 127.0.0.1:50110 ESTABLISHED 3524
TCP 127.0.0.1:50112 127.0.0.1:50113 ESTABLISHED 3524
TCP 127.0.0.1:50113 127.0.0.1:50112 ESTABLISHED 3524
TCP 127.0.0.1:50114 127.0.0.1:50115 ESTABLISHED 3524
TCP 127.0.0.1:50115 127.0.0.1:50114 ESTABLISHED 3524
TCP 127.0.0.1:50116 127.0.0.1:50117 ESTABLISHED 3524
TCP 127.0.0.1:50117 127.0.0.1:50116 ESTABLISHED 3524
TCP 127.0.0.1:50118 127.0.0.1:50119 ESTABLISHED 3524
TCP 127.0.0.1:50119 127.0.0.1:50118 ESTABLISHED 3524
TCP 127.0.0.1:50120 127.0.0.1:50121 ESTABLISHED 3524
TCP 127.0.0.1:50121 127.0.0.1:50120 ESTABLISHED 3524
TCP 127.0.0.1:50122 127.0.0.1:50123 ESTABLISHED 3524
TCP 127.0.0.1:50123 127.0.0.1:50122 ESTABLISHED 3524
TCP 127.0.0.1:50124 127.0.0.1:50125 ESTABLISHED 3524
TCP 127.0.0.1:50125 127.0.0.1:50124 ESTABLISHED 3524
TCP 127.0.0.1:50126 127.0.0.1:50127 ESTABLISHED 3524
TCP 127.0.0.1:50127 127.0.0.1:50126 ESTABLISHED 3524
TCP 127.0.0.1:50128 127.0.0.1:50129 ESTABLISHED 3524
TCP 127.0.0.1:50129 127.0.0.1:50128 ESTABLISHED 3524
TCP 127.0.0.1:50130 127.0.0.1:50131 ESTABLISHED 3524
TCP 127.0.0.1:50131 127.0.0.1:50130 ESTABLISHED 3524
TCP 127.0.0.1:50132 127.0.0.1:50133 ESTABLISHED 3524
TCP 127.0.0.1:50133 127.0.0.1:50132 ESTABLISHED 3524
TCP 127.0.0.1:50135 127.0.0.1:49670 ESTABLISHED 3524
TCP 127.0.0.1:50136 127.0.0.1:49670 ESTABLISHED 3524
TCP 127.0.0.1:65280 127.0.0.1:49670 ESTABLISHED 6424
TCP 172.17.100.20:135 172.17.100.38:54986 ESTABLISHED 1064
TCP 172.17.100.20:139 0.0.0.0:0 LISTENING 4
TCP 172.17.100.20:443 152.58.1.210:43334 ESTABLISHED 4
TCP 172.17.100.20:445 172.17.100.38:54985 ESTABLISHED 4
TCP 172.17.100.20:445 192.168.10.111:49725 ESTABLISHED 4
TCP 172.17.100.20:1433 172.17.100.19:50165 ESTABLISHED 4364
TCP 172.17.100.20:1433 172.17.100.19:50166 ESTABLISHED 4364
TCP 172.17.100.20:1433 172.17.100.19:50171 ESTABLISHED 4364
TCP 172.17.100.20:1433 172.17.100.20:8975 ESTABLISHED 4364
TCP 172.17.100.20:1433 172.17.100.20:8991 ESTABLISHED 4364
TCP 172.17.100.20:1433 172.17.100.20:11130 ESTABLISHED 4364
TCP 172.17.100.20:1433 172.17.100.20:11139 ESTABLISHED 4364
TCP 172.17.100.20:6888 0.0.0.0:0 LISTENING 13940
TCP 172.17.100.20:8975 172.17.100.20:1433 ESTABLISHED 14840
TCP 172.17.100.20:8991 172.17.100.20:1433 ESTABLISHED 14840
TCP 172.17.100.20:10050 172.17.100.18:36264 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36278 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36288 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36292 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36294 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36310 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36320 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36332 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36340 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36342 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36358 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36368 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36384 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36394 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36410 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:36418 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48206 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48216 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48230 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48234 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48246 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48256 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48258 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48266 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48272 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48280 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48286 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48292 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48294 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48298 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48310 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48318 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:48324 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54180 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54190 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54196 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54208 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54224 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54238 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54242 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54246 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54262 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54264 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54276 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54286 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54292 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54300 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54310 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:54322 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60800 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60808 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60818 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60828 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60836 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60842 TIME_WAIT 0
TCP 172.17.100.20:10050 172.17.100.18:60856 TIME_WAIT 0
TCP 172.17.100.20:11130 172.17.100.20:1433 ESTABLISHED 14840
TCP 172.17.100.20:11139 172.17.100.20:1433 ESTABLISHED 14840
TCP 172.17.100.20:35009 172.17.100.38:54987 ESTABLISHED 3408
TCP [::]:80 [::]:0 LISTENING 4
TCP [::]:81 [::]:0 LISTENING 4
TCP [::]:135 [::]:0 LISTENING 1064
TCP [::]:443 [::]:0 LISTENING 4
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:1433 [::]:0 LISTENING 4364
TCP [::]:2383 [::]:0 LISTENING 5284
TCP [::]:3389 [::]:0 LISTENING 1280
TCP [::]:5800 [::]:0 LISTENING 4404
TCP [::]:5900 [::]:0 LISTENING 4404
TCP [::]:5985 [::]:0 LISTENING 4
TCP [::]:10050 [::]:0 LISTENING 16976
TCP [::]:35009 [::]:0 LISTENING 3408
TCP [::]:47001 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 828
TCP [::]:49665 [::]:0 LISTENING 1436
TCP [::]:49666 [::]:0 LISTENING 1868
TCP [::]:49667 [::]:0 LISTENING 2704
TCP [::]:49668 [::]:0 LISTENING 3120
TCP [::]:49669 [::]:0 LISTENING 2992
TCP [::]:49752 [::]:0 LISTENING 968
TCP [::]:49793 [::]:0 LISTENING 976
TCP [::1]:1434 [::]:0 LISTENING 4364
TCP [::1]:1550 [::]:0 LISTENING 13348
TCP [::1]:1551 [::]:0 LISTENING 13348
TCP [::1]:9850 [::]:0 LISTENING 3524
TCP [::1]:30523 [::]:0 LISTENING 13348
TCP [::1]:50007 [::]:0 LISTENING 13348
UDP 0.0.0.0:123 *:* 3504
UDP 0.0.0.0:161 *:* 3668
UDP 0.0.0.0:500 *:* 2972
UDP 0.0.0.0:1434 *:* 3628
UDP 0.0.0.0:3389 *:* 1280
UDP 0.0.0.0:4500 *:* 2972
UDP 0.0.0.0:5353 *:* 2356
UDP 0.0.0.0:5355 *:* 2356
UDP 0.0.0.0:6771 *:* 13940
UDP 0.0.0.0:6771 *:* 13940
UDP 0.0.0.0:15000 *:* 13348
UDP 0.0.0.0:52684 *:* 7184
UDP 127.0.0.1:6888 *:* 13940
UDP 127.0.0.1:24100 *:* 3524
UDP 127.0.0.1:24101 *:* 3524
UDP 127.0.0.1:24102 *:* 3524
UDP 127.0.0.1:51731 *:* 4124
UDP 172.17.100.20:137 *:* 4
UDP 172.17.100.20:138 *:* 4
UDP 172.17.100.20:6888 *:* 13940
UDP [::]:123 *:* 3504
UDP [::]:161 *:* 3668
UDP [::]:500 *:* 2972
UDP [::]:1434 *:* 3628
UDP [::]:3389 *:* 1280
UDP [::]:4500 *:* 2972
UDP [::]:15000 *:* 13348
64582 - Netstat Connection Information
-
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/13, Modified: 2023/05/23
Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=80]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=81]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=443]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=1433]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=2383]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5800]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5900]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5985]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=6111]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=10050]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=18018]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=35009]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=47001]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49664]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49665]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49666]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49667]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49668]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49669]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49752]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49793]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=1434]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=1550]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=1551]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=2723]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=4435]
dst: [host=127.0.0.1, port=49690]

tcp4 (established)
src: [host=127.0.0.1, port=5093]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=5393]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=6109]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11316]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11317]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11321]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11322]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11324]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11325]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11330]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11331]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11334]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11339]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11340]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11342]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11343]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11349]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11350]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11351]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11352]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11363]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11364]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11368]

tcp4 (established)
src: [host=127.0.0.1, port=6111]
dst: [host=127.0.0.1, port=11369]

tcp4 (established)
src: [host=127.0.0.1, port=6146]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=6888]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=7374]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=7563]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=9212]
dst: [host=127.0.0.1, port=49692]

tcp4 (listen)
src: [host=127.0.0.1, port=9771]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=9771]
dst: [host=127.0.0.1, port=49687]

tcp4 (established)
src: [host=127.0.0.1, port=9806]
dst: [host=127.0.0.1, port=49692]

tcp4 (listen)
src: [host=127.0.0.1, port=9850]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=9872]
dst: [host=127.0.0.1, port=49692]

tcp4 (established)
src: [host=127.0.0.1, port=10778]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11030]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11134]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11135]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11187]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11229]
dst: [host=127.0.0.1, port=49692]

tcp4 (established)
src: [host=127.0.0.1, port=11304]
dst: [host=127.0.0.1, port=49692]

tcp4 (established)
src: [host=127.0.0.1, port=11318]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11320]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11327]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11328]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11329]
dst: [host=127.0.0.1, port=45567]

tcp4 (established)
src: [host=127.0.0.1, port=11332]
dst: [host=127.0.0.1, port=49715]

tcp4 (established)
src: [host=127.0.0.1, port=11335]
dst: [host=127.0.0.1, port=6109]

tcp4 (established)
src: [host=127.0.0.1, port=11337]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11338]
dst: [host=127.0.0.1, port=49729]

tcp4 (established)
src: [host=127.0.0.1, port=11341]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11344]
dst: [host=127.0.0.1, port=49985]

tcp4 (established)
src: [host=127.0.0.1, port=11345]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11346]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11348]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11354]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11355]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11356]
dst: [host=127.0.0.1, port=49867]

tcp4 (established)
src: [host=127.0.0.1, port=11357]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11358]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11359]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11360]
dst: [host=127.0.0.1, port=49692]

tcp4 (established)
src: [host=127.0.0.1, port=11361]
dst: [host=127.0.0.1, port=49692]

tcp4 (established)
src: [host=127.0.0.1, port=11365]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11366]
dst: [host=127.0.0.1, port=49692]

tcp4 (established)
src: [host=127.0.0.1, port=11367]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=11370]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=13227]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=14222]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=14732]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=15700]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=15757]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=26325]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=29623]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=30523]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=30835]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=31832]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=40178]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=43234]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=45567]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=45567]
dst: [host=127.0.0.1, port=11329]

tcp4 (established)
src: [host=127.0.0.1, port=48679]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=49228]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=49670]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=2723]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=5093]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=5393]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=6146]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=7374]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=7563]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=10778]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11030]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11134]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11135]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11187]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11319]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11326]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11336]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11353]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11357]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11358]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11359]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=11365]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=13227]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=14222]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=14732]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=15700]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=15757]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=26325]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=29623]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=30835]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=31832]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=40178]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=48679]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49228]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49688]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49696]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49697]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49698]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49865]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=49866]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=50003]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=50080]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=50135]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=50136]

tcp4 (established)
src: [host=127.0.0.1, port=49670]
dst: [host=127.0.0.1, port=65280]

tcp4 (listen)
src: [host=127.0.0.1, port=49673]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49673]
dst: [host=127.0.0.1, port=49677]

tcp4 (established)
src: [host=127.0.0.1, port=49677]
dst: [host=127.0.0.1, port=49673]

tcp4 (listen)
src: [host=127.0.0.1, port=49678]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49678]
dst: [host=127.0.0.1, port=49739]

tcp4 (listen)
src: [host=127.0.0.1, port=49680]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49680]
dst: [host=127.0.0.1, port=49689]

tcp4 (established)
src: [host=127.0.0.1, port=49687]
dst: [host=127.0.0.1, port=9771]

tcp4 (established)
src: [host=127.0.0.1, port=49688]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=49689]
dst: [host=127.0.0.1, port=49680]

tcp4 (listen)
src: [host=127.0.0.1, port=49690]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49690]
dst: [host=127.0.0.1, port=4435]

tcp4 (listen)
src: [host=127.0.0.1, port=49692]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=9212]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=9806]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=9872]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=11229]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=11304]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=11360]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=11361]

tcp4 (established)
src: [host=127.0.0.1, port=49692]
dst: [host=127.0.0.1, port=11366]

tcp4 (established)
src: [host=127.0.0.1, port=49696]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=49697]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=49698]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=49715]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=127.0.0.1, port=49719]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49719]
dst: [host=127.0.0.1, port=49720]

tcp4 (established)
src: [host=127.0.0.1, port=49720]
dst: [host=127.0.0.1, port=49719]

tcp4 (listen)
src: [host=127.0.0.1, port=49729]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49739]
dst: [host=127.0.0.1, port=49678]

tcp4 (listen)
src: [host=127.0.0.1, port=49753]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49865]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=49866]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=49867]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49878]
dst: [host=127.0.0.1, port=49879]

tcp4 (established)
src: [host=127.0.0.1, port=49879]
dst: [host=127.0.0.1, port=49878]

tcp4 (listen)
src: [host=127.0.0.1, port=49985]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=49990]
dst: [host=127.0.0.1, port=49991]

tcp4 (established)
src: [host=127.0.0.1, port=49991]
dst: [host=127.0.0.1, port=49990]

tcp4 (established)
src: [host=127.0.0.1, port=49992]
dst: [host=127.0.0.1, port=49993]

tcp4 (established)
src: [host=127.0.0.1, port=49993]
dst: [host=127.0.0.1, port=49992]

tcp4 (established)
src: [host=127.0.0.1, port=49994]
dst: [host=127.0.0.1, port=49995]

tcp4 (established)
src: [host=127.0.0.1, port=49995]
dst: [host=127.0.0.1, port=49994]

tcp4 (established)
src: [host=127.0.0.1, port=49996]
dst: [host=127.0.0.1, port=49997]

tcp4 (established)
src: [host=127.0.0.1, port=49997]
dst: [host=127.0.0.1, port=49996]

tcp4 (established)
src: [host=127.0.0.1, port=49998]
dst: [host=127.0.0.1, port=49999]

tcp4 (established)
src: [host=127.0.0.1, port=49999]
dst: [host=127.0.0.1, port=49998]

tcp4 (established)
src: [host=127.0.0.1, port=50000]
dst: [host=127.0.0.1, port=50001]

tcp4 (established)
src: [host=127.0.0.1, port=50001]
dst: [host=127.0.0.1, port=50000]

tcp4 (listen)
src: [host=127.0.0.1, port=50002]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=50003]
dst: [host=127.0.0.1, port=49670]

tcp4 (listen)
src: [host=127.0.0.1, port=50007]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=50009]
dst: [host=127.0.0.1, port=50010]

tcp4 (established)
src: [host=127.0.0.1, port=50010]
dst: [host=127.0.0.1, port=50009]

tcp4 (established)
src: [host=127.0.0.1, port=50062]
dst: [host=127.0.0.1, port=50063]

tcp4 (established)
src: [host=127.0.0.1, port=50063]
dst: [host=127.0.0.1, port=50062]

tcp4 (established)
src: [host=127.0.0.1, port=50064]
dst: [host=127.0.0.1, port=50065]

tcp4 (established)
src: [host=127.0.0.1, port=50065]
dst: [host=127.0.0.1, port=50064]

tcp4 (established)
src: [host=127.0.0.1, port=50066]
dst: [host=127.0.0.1, port=50067]

tcp4 (established)
src: [host=127.0.0.1, port=50067]
dst: [host=127.0.0.1, port=50066]

tcp4 (established)
src: [host=127.0.0.1, port=50068]
dst: [host=127.0.0.1, port=50069]

tcp4 (established)
src: [host=127.0.0.1, port=50069]
dst: [host=127.0.0.1, port=50068]

tcp4 (established)
src: [host=127.0.0.1, port=50080]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=50104]
dst: [host=127.0.0.1, port=50105]

tcp4 (established)
src: [host=127.0.0.1, port=50105]
dst: [host=127.0.0.1, port=50104]

tcp4 (established)
src: [host=127.0.0.1, port=50106]
dst: [host=127.0.0.1, port=50107]

tcp4 (established)
src: [host=127.0.0.1, port=50107]
dst: [host=127.0.0.1, port=50106]

tcp4 (established)
src: [host=127.0.0.1, port=50108]
dst: [host=127.0.0.1, port=50109]

tcp4 (established)
src: [host=127.0.0.1, port=50109]
dst: [host=127.0.0.1, port=50108]

tcp4 (established)
src: [host=127.0.0.1, port=50110]
dst: [host=127.0.0.1, port=50111]

tcp4 (established)
src: [host=127.0.0.1, port=50111]
dst: [host=127.0.0.1, port=50110]

tcp4 (established)
src: [host=127.0.0.1, port=50112]
dst: [host=127.0.0.1, port=50113]

tcp4 (established)
src: [host=127.0.0.1, port=50113]
dst: [host=127.0.0.1, port=50112]

tcp4 (established)
src: [host=127.0.0.1, port=50114]
dst: [host=127.0.0.1, port=50115]

tcp4 (established)
src: [host=127.0.0.1, port=50115]
dst: [host=127.0.0.1, port=50114]

tcp4 (established)
src: [host=127.0.0.1, port=50116]
dst: [host=127.0.0.1, port=50117]

tcp4 (established)
src: [host=127.0.0.1, port=50117]
dst: [host=127.0.0.1, port=50116]

tcp4 (established)
src: [host=127.0.0.1, port=50118]
dst: [host=127.0.0.1, port=50119]

tcp4 (established)
src: [host=127.0.0.1, port=50119]
dst: [host=127.0.0.1, port=50118]

tcp4 (established)
src: [host=127.0.0.1, port=50120]
dst: [host=127.0.0.1, port=50121]

tcp4 (established)
src: [host=127.0.0.1, port=50121]
dst: [host=127.0.0.1, port=50120]

tcp4 (established)
src: [host=127.0.0.1, port=50122]
dst: [host=127.0.0.1, port=50123]

tcp4 (established)
src: [host=127.0.0.1, port=50123]
dst: [host=127.0.0.1, port=50122]

tcp4 (established)
src: [host=127.0.0.1, port=50124]
dst: [host=127.0.0.1, port=50125]

tcp4 (established)
src: [host=127.0.0.1, port=50125]
dst: [host=127.0.0.1, port=50124]

tcp4 (established)
src: [host=127.0.0.1, port=50126]
dst: [host=127.0.0.1, port=50127]

tcp4 (established)
src: [host=127.0.0.1, port=50127]
dst: [host=127.0.0.1, port=50126]

tcp4 (established)
src: [host=127.0.0.1, port=50128]
dst: [host=127.0.0.1, port=50129]

tcp4 (established)
src: [host=127.0.0.1, port=50129]
dst: [host=127.0.0.1, port=50128]

tcp4 (established)
src: [host=127.0.0.1, port=50130]
dst: [host=127.0.0.1, port=50131]

tcp4 (established)
src: [host=127.0.0.1, port=50131]
dst: [host=127.0.0.1, port=50130]

tcp4 (established)
src: [host=127.0.0.1, port=50132]
dst: [host=127.0.0.1, port=50133]

tcp4 (established)
src: [host=127.0.0.1, port=50133]
dst: [host=127.0.0.1, port=50132]

tcp4 (established)
src: [host=127.0.0.1, port=50135]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=50136]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=127.0.0.1, port=65280]
dst: [host=127.0.0.1, port=49670]

tcp4 (established)
src: [host=172.17.100.20, port=135]
dst: [host=172.17.100.38, port=54986]

tcp4 (listen)
src: [host=172.17.100.20, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=172.17.100.20, port=443]
dst: [host=152.58.1.210, port=43334]

tcp4 (established)
src: [host=172.17.100.20, port=445]
dst: [host=172.17.100.38, port=54985]

tcp4 (established)
src: [host=172.17.100.20, port=445]
dst: [host=192.168.10.111, port=49725]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.19, port=50165]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.19, port=50166]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.19, port=50171]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.20, port=8975]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.20, port=8991]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.20, port=11130]

tcp4 (established)
src: [host=172.17.100.20, port=1433]
dst: [host=172.17.100.20, port=11139]

tcp4 (listen)
src: [host=172.17.100.20, port=6888]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=172.17.100.20, port=8975]
dst: [host=172.17.100.20, port=1433]

tcp4 (established)
src: [host=172.17.100.20, port=8991]
dst: [host=172.17.100.20, port=1433]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36264]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36278]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36288]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36292]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36294]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36310]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36320]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36332]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36340]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36342]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36358]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36368]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36384]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36394]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36410]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=36418]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48206]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48216]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48230]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48234]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48246]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48256]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48258]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48266]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48272]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48280]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48286]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48292]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48294]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48298]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48310]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48318]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=48324]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54180]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54190]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54196]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54208]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54224]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54238]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54242]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54246]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54262]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54264]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54276]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54286]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54292]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54300]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54310]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=54322]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60800]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60808]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60818]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60828]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60836]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60842]

tcp4 (established)
src: [host=172.17.100.20, port=10050]
dst: [host=172.17.100.18, port=60856]

tcp4 (established)
src: [host=172.17.100.20, port=11130]
dst: [host=172.17.100.20, port=1433]

tcp4 (established)
src: [host=172.17.100.20, port=11139]
dst: [host=172.17.100.20, port=1433]

tcp4 (established)
src: [host=172.17.100.20, port=35009]
dst: [host=172.17.100.38, port=54987]

tcp6 (listen)
src: [host=[::], port=80]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=81]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=443]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=1433]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=2383]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5800]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5900]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=5985]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=10050]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=35009]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=47001]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49664]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49665]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49666]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49667]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49668]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49669]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49752]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49793]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=1434]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=1550]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=1551]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=9850]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=30523]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=50007]
dst: [host=[::], port=0]

udp4 (listen)
src: [host=0.0.0.0, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=161]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=1434]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5353]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=6771]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=6771]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=15000]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=52684]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=6888]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=24100]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=24101]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=24102]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=51731]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.20, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.20, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.17.100.20, port=6888]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=161]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=1434]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=3389]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=4500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=15000]
dst: [host=*, port=*]
174736 - Netstat Ingress Connections
-
Synopsis
External connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' to enumerate any non-private connections to the scan target.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/25, Modified: 2025/12/15
Plugin Output

tcp/0

Netstat output indicated the following connections from non-private IP addresses:

152.58.1.210 connected to port 443 on the scan target.

NOTE: This list may be truncated depending on the scan verbosity settings.
34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus was able to find 41 open ports.

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/80/www

Port 80/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/81/www

Port 81/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/123

Port 123/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/135/epmap

Port 135/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/137/netbios-ns

Port 137/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/138

Port 138/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/139/smb

Port 139/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/161

Port 161/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/443/www

Port 443/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

Port 445/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/500

Port 500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/1433/mssql

Port 1433/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/1434

Port 1434/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/2383

Port 2383/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/3389/msrdp

Port 3389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/3389

Port 3389/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/4500

Port 4500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/5353

Port 5353/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/5355/llmnr

Port 5355/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/5800/www

Port 5800/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/5900/vnc

Port 5900/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/5985/www

Port 5985/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/6111

Port 6111/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/6771

Port 6771/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/6888

Port 6888/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/6888

Port 6888/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/10050

Port 10050/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/15000

Port 15000/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/18018/www

Port 18018/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/35009

Port 35009/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/47001/www

Port 47001/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49664/dce-rpc

Port 49664/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49665/dce-rpc

Port 49665/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49666/dce-rpc

Port 49666/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49667/dce-rpc

Port 49667/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49668/dce-rpc

Port 49668/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49669/dce-rpc

Port 49669/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49752/dce-rpc

Port 49752/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

tcp/49793/dce-rpc

Port 49793/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2025/12/15
Plugin Output

udp/52684

Port 52684/udp was found to be open

24272 - Network Interfaces Enumeration (WMI)
-
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2025/12/15
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000001] Intel(R) 82574L Gigabit Network Connection
- MAC Address = 00:50:56:BC:92:1F
- IPAddress/IPSubnet = 172.17.100.20/255.255.255.0


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 172.17.100.10
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
172.17.100.0 255.255.255.0 0.0.0.0
172.17.100.20 255.255.255.255 0.0.0.0
172.17.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
209654 - OS Fingerprints Detected
-
Synopsis
Multiple OS fingerprints were detected.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/02/26, Modified: 2025/03/03
Plugin Output

tcp/0


Following OS Fingerprints were found

Remote operating system : Microsoft Windows Server 2019
Confidence level : 56
Method : MLSinFP
Type : unknown
Fingerprint : unknown

Remote operating system : Windows
Confidence level : 50
Method : Misc
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 100
Method : SMB_OS
Type : general-purpose
Fingerprint : unknown

Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 70
Method : HTTP
Type : general-purpose
Fingerprint : HTTP:Server: Microsoft-HTTPAPI/2.0


Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 70
Method : SinFP
Type : general-purpose
Fingerprint : SinFP:
P1:B11113:F0x12:W65392:O0204ffff:M1460:
P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:191601_7_p=49667

Following fingerprints could not be used to determine OS :
SSLcert:!:i/CN:GlobalSign RSA OV SSL CA 2018i/O:GlobalSign nv-sas/CN:www.lkp.net.ins/O:LKP SECURITIES LIMITED
f66174c5d8d4f20ea993126eca563ea908172c9b
i/CN:SPINE-HRMSs/CN:SPINE-HRMS
3b428db67e9b1a2a7192607c22e5c36c27f9bd33
i/CN:SSL_Self_Signed_Fallbacks/CN:SSL_Self_Signed_Fallback
98960afd8558d875608d411dacf35c51dfe05eec
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2025/06/03
Plugin Output

tcp/0


Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 100
Method : SMB_OS


The remote host is running Microsoft Windows Server 2019 Datacenter Build 17763

117887 - OS Security Patch Assessment Available
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0516
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output

tcp/445/cifs

OS Security Patch Assessment is available.

Account : 172.17.100.20\tidua
Protocol : SMB

92426 - OpenSaveMRU History
-
Synopsis
Nessus was able to enumerate opened and saved files on the remote host.
Description
Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Open / Save report attached.
66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Published: 2013/07/08, Modified: 2025/12/15
Plugin Output

tcp/0



. You need to take the following 27 actions :

+ Install the following Microsoft patches :
- KB5071544 (37 vulnerabilities)The following KBs would be covered:
KB5063877, KB5065428, KB5066586, KB5055519, KB5052000,
KB5058392, KB5060531, KB5048661, KB5050008, KB5068791,
KB5062557, KB5053596, KB5041578, KB5043050, KB5044277,
KB5036896, KB5037765, KB5034768, KB5039705, KB5039217,
KB5033371, KB5034127, KB5046615, KB5040430, KB5035849,
KB5029247, KB5030214, KB5031361, KB5025229, KB5022840,
KB5026362, KB5027222, KB5021237, KB5022286, KB5032196,
KB5028168, KB5023702
- KB5049608
- KB5044022
- KB5044016
- KB5039886
- KB5039879
- KB5036604
- KB5033904
- KB5031984
- KB5029931
- KB5029925
- KB5028960
- KB5027131
- KB5022511
- KB5022504
- KB2645410

[ Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104) (156103) ]

+ Action to take : Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life.

Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions.


[ Curl Use-After-Free < 7.87 (CVE-2022-43552) (171859) ]

+ Action to take : Upgrade Curl to version 7.87.0 or later


[ JQuery 1.2 < 3.5.0 Multiple XSS (136929) ]

+ Action to take : Upgrade to JQuery version 3.5.0 or later.

+ Impact : Taking this action will resolve the following 2 different vulnerabilities :
CVE-2020-11023, CVE-2020-11022


[ MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) (58333) ]

+ Action to take : Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1.


[ Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203) (192147) ]

+ Action to take : Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.


[ RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088) (248462) ]

+ Action to take : Upgrade to RARLAB WinRAR version 7.13 or later.

+ Impact : Taking this action will resolve the following 7 different vulnerabilities :
CVE-2025-8088, CVE-2025-6218, CVE-2025-31334, CVE-2024-36052, CVE-2024-30370
CVE-2023-40477, CVE-2023-38831


[ Security Updates for Microsoft .NET Framework (January 2025) (214274) ]

+ Action to take : Microsoft has released security updates for Microsoft .NET Framework.

+ Impact : Taking this action will resolve the following 28 different vulnerabilities :
CVE-2025-21176, CVE-2024-43484, CVE-2024-43483, CVE-2024-38081, CVE-2024-29059
CVE-2024-21409, CVE-2024-21312, CVE-2024-0057, CVE-2024-0056, CVE-2023-36899
CVE-2023-36873, CVE-2023-36796, CVE-2023-36794, CVE-2023-36793, CVE-2023-36792
CVE-2023-36788, CVE-2023-36560, CVE-2023-36049, CVE-2023-36042, CVE-2023-32030
CVE-2023-29331, CVE-2023-29330, CVE-2023-29326, CVE-2023-24936, CVE-2023-24897
CVE-2023-24895, CVE-2023-21808, CVE-2023-21722


[ Security Updates for Microsoft SQL Server (November 2025) (275459) ]

+ Action to take : Microsoft has released security updates for Microsoft SQL Server.

+ Impact : Taking this action will resolve the following 102 different vulnerabilities :
CVE-2025-59499, CVE-2025-55227, CVE-2025-53727, CVE-2025-49719, CVE-2025-49718
CVE-2025-49717, CVE-2025-47997, CVE-2024-49043, CVE-2024-49021, CVE-2024-49018
CVE-2024-49017, CVE-2024-49016, CVE-2024-49015, CVE-2024-49014, CVE-2024-49013
CVE-2024-49012, CVE-2024-49011, CVE-2024-49010, CVE-2024-49009, CVE-2024-49008
CVE-2024-49007, CVE-2024-49006, CVE-2024-49005, CVE-2024-49004, CVE-2024-49003
CVE-2024-49002, CVE-2024-49001, CVE-2024-49000, CVE-2024-48999, CVE-2024-48998
CVE-2024-48997, CVE-2024-48996, CVE-2024-48995, CVE-2024-48994, CVE-2024-48993
CVE-2024-43462, CVE-2024-43459, CVE-2024-38255, CVE-2024-38088, CVE-2024-38087
CVE-2024-37980, CVE-2024-37966, CVE-2024-37965, CVE-2024-37342, CVE-2024-37341
CVE-2024-37340, CVE-2024-37339, CVE-2024-37338, CVE-2024-37337, CVE-2024-37336
CVE-2024-37335, CVE-2024-37334, CVE-2024-37333, CVE-2024-37332, CVE-2024-37331
CVE-2024-37330, CVE-2024-37329, CVE-2024-37328, CVE-2024-37327, CVE-2024-37326
CVE-2024-37324, CVE-2024-37323, CVE-2024-37322, CVE-2024-37321, CVE-2024-37320
CVE-2024-37319, CVE-2024-37318, CVE-2024-35272, CVE-2024-35271, CVE-2024-35256
CVE-2024-29043, CVE-2024-28943, CVE-2024-28941, CVE-2024-28938, CVE-2024-28937
CVE-2024-28936, CVE-2024-28935, CVE-2024-28934, CVE-2024-28933, CVE-2024-28932
CVE-2024-28931, CVE-2024-28930, CVE-2024-28929, CVE-2024-28928, CVE-2024-26191
CVE-2024-26186, CVE-2024-21907, CVE-2024-21449, CVE-2024-21428, CVE-2024-21425
CVE-2024-21415, CVE-2024-21414, CVE-2024-21398, CVE-2024-21373, CVE-2024-21335
CVE-2024-21333, CVE-2024-21332, CVE-2024-21331, CVE-2024-21317, CVE-2024-21308
CVE-2024-21303, CVE-2024-20701


[ Security Updates for Microsoft SQL Server OLE DB Driver (July 2024) (205300) ]

+ Action to take : Microsoft has released security updates for the Microsoft SQL OLE DB Driver.

+ Impact : Taking this action will resolve the following 28 different vulnerabilities :
CVE-2024-37334, CVE-2024-29985, CVE-2024-29984, CVE-2024-29983, CVE-2024-29982
CVE-2024-29048, CVE-2024-29047, CVE-2024-29046, CVE-2024-29045, CVE-2024-29044
CVE-2024-28945, CVE-2024-28944, CVE-2024-28942, CVE-2024-28940, CVE-2024-28939
CVE-2024-28927, CVE-2024-28926, CVE-2024-28915, CVE-2024-28914, CVE-2024-28913
CVE-2024-28912, CVE-2024-28911, CVE-2024-28910, CVE-2024-28909, CVE-2024-28908
CVE-2024-28906, CVE-2023-28304, CVE-2023-23375


[ VMware Tools 10.x / 11.x / 12.x < 12.1.5 DoS (VMSA-2022-0029) (168362) ]

+ Action to take : Upgrade to VMware Tools version 12.1.5 or later.

+ Impact : Taking this action will resolve the following 2 different vulnerabilities :
CVE-2022-31693, CVE-2022-22977


[ Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803) (276819) ]

+ Action to take : Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later.

122422 - RARLAB WinRAR Installed (Windows)
-
Synopsis
An archive manager is installed on the remote Windows host.
Description
RARLAB WinRaR, an archive manager, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0706
Plugin Information
Published: 2019/02/26, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WinRAR\WinRAR.exe
Version : 5.91.0.0

92428 - Recent File History
-
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\Users\tidua\AppData\Roaming\Microsoft\Windows\Recent\system32.lnk

Recent files found in registry and appdata attached.
92429 - Recycle Bin Files
-
Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\$Recycle.Bin\\.
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1000
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1009
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1000\.
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1000\..
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1000\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1009\.
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1009\..
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-1009\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\.
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\..
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$IJS84B4
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$IVJS5L7
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\.
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\..
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\App_Themes
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\Atten
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\bin
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\BirthdayList.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\Candidate
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ChangePassword.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ConfigFile
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\CorporateGuidelines.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\DownloadDocs.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\DownloadDocs_Pay.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\EmpProf.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\EmpReqHome.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ErrorInfo
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ErrorPage.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\Expense
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\fdm.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\fonts
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\forgotPass.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\GenerateCaptcha.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\HodReqHome.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\homepage.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\images
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\Leave
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\Login.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\LogOff.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\MyAttendanceReport.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\myLoc.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\navbar_files
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\PrecompiledApp.config
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ProcessMode.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\QryDesk
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\QuickInfo.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ResetPassword.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\SelfService
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ShortTime
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\SpnStarService.asmx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\StdSettings.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\TestPage.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\Training
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\TravelDesk
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\UserControls
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\UserData
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\ViewPlannerReport.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\VirtualIdCard.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\webfonts
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RJS84B4\WorkAnniversaryList.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\.
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\..
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\App_Themes
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\Atten
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\bin
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\BirthdayList.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\Candidate
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ChangePassword.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ConfigFile
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\CorporateGuidelines.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\DownloadDocs.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\DownloadDocs_Pay.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\EmpProf.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\EmpReqHome.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ErrorInfo
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ErrorPage.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\Expense
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\fdm.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\fonts
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\forgotPass.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\GenerateCaptcha.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\HodReqHome.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\homepage.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\images
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\Leave
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\Login.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\LogOff.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\MyAttendanceReport.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\myLoc.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\navbar_files
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\PrecompiledApp.config
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ProcessMode.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\QryDesk
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\QuickInfo.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ResetPassword.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\SelfService
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ShortTime
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\SpnStarService.asmx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\StdSettings.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\TestPage.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\Training
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\TravelDesk
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\UserControls
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\UserData
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\ViewPlannerReport.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\VirtualIdCard.aspx
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\webfonts
C:\\$Recycle.Bin\\S-1-5-21-1687551350-3880216100-4069998428-500\$RVJS5L7\WorkAnniversaryList.aspx
92430 - Registry Editor Last Accessed
-
Synopsis
Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host.
Description
Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

production
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet

10940 - Remote Desktop Protocol Service Detection
-
Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Published: 2002/04/20, Modified: 2023/08/21
Plugin Output

tcp/3389/msrdp

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/443/www

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/1433/mssql

The target TLS server offers no post-quantum ciphers.

277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.

However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output

tcp/3389/msrdp

The target TLS server offers no post-quantum ciphers.

62042 - SMB QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/09/11, Modified: 2022/02/01
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB4502496, Installed on: 2021/12/07
KB4535680, Installed on: 2021/12/07
KB4535684, Installed on: 2021/12/07
KB4535685, Installed on: 2021/12/07
KB4558997, Installed on: 2020/07/11
KB4558998, Installed on: 2020/07/11
KB4565625
KB4587735, Installed on: 2020/12/06
KB4589208, Installed on: 2021/12/07
KB5006754, Installed on: 2021/12/07
KB5008539, Installed on: 2021/12/08
KB5009642, Installed on: 2022/03/24
KB5011574, Installed on: 2022/05/04
KB5020374, Installed on: 2022/12/28
KB5020866, Installed on: 2022/12/28
KB5021237, Installed on: 2022/12/28
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
-
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.

For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2025/12/15
Plugin Output

tcp/0


The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
-
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2025/12/15
Plugin Output

tcp/0


The registry service was successfully stopped after the scan.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/443/www


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/1433/mssql


This port supports TLSv1.2.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output

tcp/3389/msrdp


This port supports TLSv1.2.

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/443/www


The host name known by Nessus is :

spine-hrms

The Common Name in the certificate is :

www.lkp.net.in

The Subject Alternate Names in the certificate are :

admin.pennypal.in
aims.lkp.net.in
allocation.lkp.net.in
api.lkp.net.in
backoffice.lkp.net.in
bo.lkp.net.in
demo.pennypal.in
devtrade.lkp.net.in
devtradekyc.lkp.net.in
druat.pennypal.in
ekyc.lkp.net.in
ekyc.lkponline.com
ekyc.pennypal.in
ekycuat.lkp.net.in
getsetgrow.lkponline.com
hrms.lkp.net.in
ia.lkp.net.in
ipo.lkp.net.in
lkp.net.in
lkpconnect.net.in
lkpsec.com
lms.lkp.net.in
middleware.lkp.net.in
middlewareapi.lkp.net.in
notification.lkponline.com
notification.pennypal.in
pay.lkp.net.in
pennypal.in
ra.lkp.net.in
referral.pennypal.in
rekyc.pennypal.in
spip.lkp.net.in
spip.lkponline.com
trading.lkponline.com
trading.pennypal.in
trilogy.lkp.net.in
uat.lkp.net.in
uat.lkpsec.com
uat.pennypal.in
uatbackoffice.lkp.net.in
uatekyc.lkponline.com
uatgetsetgrow.lkponline.com
uatspip.lkponline.com
uattrading.lkponline.com
uatweb.pennypal.in
wealth.lkp.net.in
welcome.lkp.net.in
www.lkp.net.in
www.lkpfinance.com
www.lkpsec.com

45410 - SSL Certificate 'commonName' Mismatch
-
Synopsis
The 'commonName' (CN) attribute in the SSL certificate does not match the hostname.
Description
The service running on the remote host presents an SSL certificate for which the 'commonName' (CN) attribute does not match the hostname on which the service listens.
Solution
If the machine has several names, make sure that users connect to the service through the DNS hostname that matches the common name in the certificate.
Risk Factor
None
Plugin Information
Published: 2010/04/03, Modified: 2021/03/09
Plugin Output

tcp/1433/mssql


The host name known by Nessus is :

spine-hrms

The Common Name in the certificate is :

ssl_self_signed_fallback

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/443/www

Subject Name:

Country: IN
State/Province: Maharashtra
Locality: Mumbai
Organization: LKP SECURITIES LIMITED
Common Name: www.lkp.net.in

Issuer Name:

Country: BE
Organization: GlobalSign nv-sa
Common Name: GlobalSign RSA OV SSL CA 2018

Serial Number: 19 A0 03 FE 47 ED 49 8F 58 AA 19 0A

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Apr 21 10:26:13 2025 GMT
Not Valid After: May 23 10:26:12 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BF AD CA E4 8E 7F CA 0A 53 22 21 11 61 2F 16 AB A2 1E E1
8C F4 D4 F3 FE BF 71 33 7F E4 DA 14 0C D4 1A 94 23 D5 D8 84
8C F3 88 52 5B E9 16 F0 11 2A 6A 1D C1 04 EE AA 58 0B 41 03
0E 5E E7 E3 7D 19 BF 94 72 12 36 70 3C F8 70 C8 64 98 2E 2D
18 00 93 7E 42 10 0F 11 5A F3 B0 73 8A E6 D2 9B 42 1E 0A A8
25 3B 7E 3D D6 D0 80 D7 47 2D 35 1F BA D1 D0 9A 6E 77 AC BD
95 49 5C 70 61 9A 77 20 EB 41 1B 0E 37 24 59 10 00 FA B7 EF
16 31 13 78 86 6E 73 7B 4C 5F C6 A0 71 97 25 90 24 B2 87 4B
45 E7 D9 5D C7 17 59 01 D8 94 F2 5A 95 BC 3F 3D EC 48 9E 23
B2 B3 7C 71 FB 50 E6 7B 59 F2 3C 02 FB 0C 54 7E 05 05 A8 97
57 69 05 BB 6B DF 05 15 4D EC 4A DC 99 05 A0 64 C5 76 54 7A
C4 31 92 0E 43 D1 53 88 2A ED 81 CD 44 A6 DA 1F 80 55 11 84
EF 92 27 43 DB E2 D4 71 A6 B4 95 1F 35 15 EB 61 8B
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 70 EA 52 F8 6C 82 4B 72 5D FA 42 2E A6 FF 47 33 0B 5E 2F
BF 71 9E 0F C7 F6 17 B4 5C 29 2C BB 72 26 53 6C 4A EA E7 EF
C0 31 95 6A 51 D6 2A A5 9C 99 0C 7B 8E BE 4B 10 4C B6 20 65
91 36 C7 FE 70 7B 31 11 11 A3 02 CD 2D DA 59 46 FA 32 23 73
9D BF AE 3C 9A A0 ED E8 40 EE 96 FB 64 9C 94 03 16 58 C2 21
69 2E 74 44 3F 05 BC 2D A4 E1 A1 11 77 17 10 FC 8A E2 E6 18
E1 25 E4 43 A3 78 38 EB D0 96 85 2C 8D 72 ED 68 15 7F 90 C1
62 DF A9 F1 5C DD 87 84 9C 33 23 1C F2 51 08 C2 AC 17 84 85
F8 F7 93 AB 17 6E 32 D0 DF 2B 69 4A 32 68 6A 53 27 AF C3 5F
4B 7A F0 31 3E CB 4F 48 20 3E 06 D2 3B 0C 65 B4 63 3B D2 7B
45 DC 5B 33 40 97 33 CC 31 99 24 80 E3 C1 F6 C4 5F C6 B0 DC
54 82 A8 01 E7 4F AD 58 5A 1D B1 25 01 1A C3 84 19 EB 32 E7
20 79 07 E6 06 DD EE 28 DC 63 03 7D 2A 90 2C 6E C7

Extension: Key Usage(2.5.29.15)
Critical: 1
Key Usage: Digital Signature, Key Encipherment


Extension: Basic Constraints(2.5.29.19)
Critical: 1


Extension: Authority Information Access(1.3.6.1.5.5.7.1.1)
Critical: 0
Method#1: Certificate Authority Issuers
URI: http://secure.globalsign.com/cacert/gsrsaovsslca2018.crt
Method#2: Online Certificate Status Protocol
URI: http://ocsp.globalsign.com/gsrsaovsslca2018


Extension: Policies(2.5.29.32)
Critical: 0
Policy ID #1: 1.3.6.1.4.1.4146.1.20
Qualifier ID #1: Certification Practice Statement(1.3.6.1.5.5.7.2.1)
CPS URI: https://www.globalsign.com/repository/
Policy ID #2: 2.23.140.1.2.2


Extension: Subject Alternative Name(2.5.29.17)
Critical: 0
DNS: www.lkp.net.in
DNS: www.lkpfinance.com
DNS: uattrading.lkponline.com
DNS: www.lkpsec.com
DNS: trading.lkponline.com
DNS: ekyc.lkponline.com
DNS: lkpsec.com
DNS: uatekyc.lkponline.com
DNS: uat.lkpsec.com
DNS: trading.pennypal.in
DNS: ekyc.pennypal.in
DNS: rekyc.pennypal.in
DNS: uat.pennypal.in
DNS: uatweb.pennypal.in
DNS: pennypal.in
DNS: demo.pennypal.in
DNS: referral.pennypal.in
DNS: notification.lkponline.com
DNS: notification.pennypal.in
DNS: admin.pennypal.in
DNS: uatspip.lkponline.com
DNS: spip.lkponline.com
DNS: druat.pennypal.in
DNS: uatgetsetgrow.lkponline.com
DNS: getsetgrow.lkponline.com
DNS: lkpconnect.net.in
DNS: pay.lkp.net.in
DNS: ekyc.lkp.net.in
DNS: bo.lkp.net.in
DNS: lms.lkp.net.in
DNS: ia.lkp.net.in
DNS: welcome.lkp.net.in
DNS: hrms.lkp.net.in
DNS: devtrade.lkp.net.in
DNS: api.lkp.net.in
DNS: aims.lkp.net.in
DNS: backoffice.lkp.net.in
DNS: devtradekyc.lkp.net.in
DNS: spip.lkp.net.in
DNS: ekycuat.lkp.net.in
DNS: uatbackoffice.lkp.net.in
DNS: wealth.lkp.net.in
DNS: middleware.lkp.net.in
DNS: middlewareapi.lkp.net.in
DNS: ra.lkp.net.in
DNS: ipo.lkp.net.in
DNS: uat.lkp.net.in
DNS: allocation.lkp.net.in
DNS: trilogy.lkp.net.in
DNS: lkp.net.in


Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Purpose#2: Web Client Authentication (1.3.6.1.5.5.7.3.2)


Extension: Authority Key Identifier(2.5.29.35)
Critical: 0
Key Identifier: F8 EF 7F F2 CD 78 67 A8 DE 6F 8F 24 8D 88 F1 87 03 02 B3 EB


Extension: Subject Key Identifier(2.5.29.14)
Critical: 0
Subject Key Identifier: 2E 3D 70 B7 04 25 4A 71 43 B6 6A 6E 85 CA 4F 2C 22 95 28 A3


Extension: 1.3.6.1.4.1.11129.2.4.2
Critical: 0
Data: 04 82 01 69 01 67 00 77 00 64 11 C4 6C A4 12 EC A7 89 1C A2
02 2E 00 BC AB 4F 28 07 D4 1E 35 27 AB EA FE D5 03 C9 7D CD
F0 00 00 01 96 57 E2 69 18 00 00 04 03 00 48 30 46 02 21 00
96 52 8C B8 51 AA B8 D9 42 47 DA 1B FE 27 35 66 2E 2F F8 E8
5F DC 5C C5 C9 80 52 A6 E0 0D E2 84 02 21 00 A1 D6 C8 6D 7C
91 4E EA 19 E7 3D 42 7C 00 6E 97 16 76 1A 20 DB 3A 9A 4B D3
E5 D0 87 00 78 3A 4A 00 75 00 CB 38 F7 15 89 7C 84 A1 44 5F
5B C1 DD FB C9 6E F2 9A 59 CD 47 0A 69 05 85 B0 CB 14 C3 14
58 E7 00 00 01 96 57 E2 67 BA 00 00 04 03 00 46 30 44 02 20
5A 27 C8 01 9F C7 B0 9C D6 52 AB 0C 14 AF 20 CF 47 3B 13 05
66 9C 9C 76 64 D8 63 D2 B2 B2 21 9C 02 20 70 82 E8 32 4F 4C
7E 13 8E EB 91 4E 72 A3 56 7A B3 4F DC E4 F6 24 76 97 97 48
28 ED 03 B4 32 70 00 75 00 25 2F 94 C2 2B 29 E9 6E 9F 41 1A
72 07 2B 69 5C 5B 52 FF 97 A9 0D 25 40 BB FC DC 51 EC 4D EE
0B 00 00 01 96 57 E2 69 53 00 00 04 03 00 46 30 44 02 20 61
5F F2 11 43 94 22 D8 EF 61 0C 44 F3 DE 58 50 0D D1 77 D4 45
F8 61 0A B0 3E 5C EA 8D 8C 25 B4 02 20 50 92 96 1B 3F 90 B7
23 1E 26 ED 3F 40 B4 C4 D7 5B 31 4E D7 B7 8B 1E 05 6D DC 51
65 50 91 04 E4


Fingerprints :

SHA-256 Fingerprint: 19 95 B4 E0 56 30 03 B7 44 C1 47 DE DF 5F 1D 04 45 F1 E6 34
1C 37 B0 18 DE 2B 36 C0 83 16 2F F1
SHA-1 Fingerprint: F6 61 74 C5 D8 D4 F2 0E A9 93 12 6E CA 56 3E A9 08 17 2C 9B
MD5 Fingerprint: 76 94 5C 1D 4F B6 7A 66 12 A9 03 D7 C5 41 35 8A


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIKFTCCCP2gAwIBAgIMGaAD/kftSY9YqhkKMA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMSYwJAYDVQQDEx1HbG9iYWxTaWduIFJTQSBPViBTU0wgQ0EgMjAxODAeFw0yNTA0MjExMDI2MTNaFw0yNjA1MjMxMDI2MTJaMG4xCzAJBgNVBAYTAklOMRQwEgYDVQQIEwtNYWhhcmFzaHRyYTEPMA0GA1UEBxMGTXVtYmFpMR8wHQYDVQQKExZMS1AgU0VDVVJJVElFUyBMSU1JVEVEMRcwFQYDVQQDEw53d3cubGtwLm5ldC5pbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL+tyuSOf8oKUyIhEWEvFquiHuGM9NTz/r9xM3/k2hQM1BqUI9XYhIzziFJb6RbwESpqHcEE7qpYC0EDDl7n430Zv5RyEjZwPPhwyGSYLi0YAJN+QhAPEVrzsHOK5tKbQh4KqCU7fj3W0IDXRy01H7rR0Jpud6y9lUlccGGadyDrQRsONyRZEAD6t+8WMRN4hm5ze0xfxqBxlyWQJLKHS0Xn2V3HF1kB2JTyWpW8Pz3sSJ4jsrN8cftQ5ntZ8jwC+wxUfgUFqJdXaQW7a98FFU3sStyZBaBkxXZUesQxkg5D0VOIKu2BzUSm2h+AVRGE75InQ9vi1HGmtJUfNRXrYYsCAwEAAaOCBs8wggbLMA4GA1UdDwEB/wQEAwIFoDAMBgNVHRMBAf8EAjAAMIGOBggrBgEFBQcBAQSBgTB/MEQGCCsGAQUFBzAChjhodHRwOi8vc2VjdXJlLmdsb2JhbHNpZ24uY29tL2NhY2VydC9nc3JzYW92c3NsY2EyMDE4LmNydDA3BggrBgEFBQcwAYYraHR0cDovL29jc3AuZ2xvYmFsc2lnbi5jb20vZ3Nyc2FvdnNzbGNhMjAxODBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUFBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZngQwBAgIwggPgBgNVHREEggPXMIID04IOd3d3LmxrcC5uZXQuaW6CEnd3dy5sa3BmaW5hbmNlLmNvbYIYdWF0dHJhZGluZy5sa3BvbmxpbmUuY29tgg53d3cubGtwc2VjLmNvbYIVdHJhZGluZy5sa3BvbmxpbmUuY29tghJla3ljLmxrcG9ubGluZS5jb22CCmxrcHNlYy5jb22CFXVhdGVreWMubGtwb25saW5lLmNvbYIOdWF0LmxrcHNlYy5jb22CE3RyYWRpbmcucGVubnlwYWwuaW6CEGVreWMucGVubnlwYWwuaW6CEXJla3ljLnBlbm55cGFsLmlugg91YXQucGVubnlwYWwuaW6CEnVhdHdlYi5wZW5ueXBhbC5pboILcGVubnlwYWwuaW6CEGRlbW8ucGVubnlwYWwuaW6CFHJlZmVycmFsLnBlbm55cGFsLmlughpub3RpZmljYXRpb24ubGtwb25saW5lLmNvbYIYbm90aWZpY2F0aW9uLnBlbm55cGFsLmlughFhZG1pbi5wZW5ueXBhbC5pboIVdWF0c3BpcC5sa3BvbmxpbmUuY29tghJzcGlwLmxrcG9ubGluZS5jb22CEWRydWF0LnBlbm55cGFsLmlught1YXRnZXRzZXRncm93LmxrcG9ubGluZS5jb22CGGdldHNldGdyb3cubGtwb25saW5lLmNvbYIRbGtwY29ubmVjdC5uZXQuaW6CDnBheS5sa3AubmV0Lmlugg9la3ljLmxrcC5uZXQuaW6CDWJvLmxrcC5uZXQuaW6CDmxtcy5sa3AubmV0Lmlugg1pYS5sa3AubmV0LmlughJ3ZWxjb21lLmxrcC5uZXQuaW6CD2hybXMubGtwLm5ldC5pboITZGV2dHJhZGUubGtwLm5ldC5pboIOYXBpLmxrcC5uZXQuaW6CD2FpbXMubGtwLm5ldC5pboIVYmFja29mZmljZS5sa3AubmV0LmlughZkZXZ0cmFkZWt5Yy5sa3AubmV0Lmlugg9zcGlwLmxrcC5uZXQuaW6CEmVreWN1YXQubGtwLm5ldC5pboIYdWF0YmFja29mZmljZS5sa3AubmV0LmlughF3ZWFsdGgubGtwLm5ldC5pboIVbWlkZGxld2FyZS5sa3AubmV0LmlughhtaWRkbGV3YXJlYXBpLmxrcC5uZXQuaW6CDXJhLmxrcC5uZXQuaW6CDmlwby5sa3AubmV0Lmlugg51YXQubGtwLm5ldC5pboIVYWxsb2NhdGlvbi5sa3AubmV0LmlughJ0cmlsb2d5LmxrcC5uZXQuaW6CCmxrcC5uZXQuaW4wHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFPjvf/LNeGeo3m+PJI2I8YcDArPrMB0GA1UdDgQWBBQuPXC3BCVKcUO2am6Fyk8sIpUoozCCAX0GCisGAQQB1nkCBAIEggFtBIIBaQFnAHcAZBHEbKQS7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGWV+JpGAAABAMASDBGAiEAllKMuFGquNlCR9ob/ic1Zi4v+Ohf3FzFyYBSpuAN4oQCIQCh1shtfJFO6hnnPUJ8AG6XFnYaINs6mkvT5dCHAHg6SgB1AMs49xWJfIShRF9bwd37yW7ymlnNRwppBYWwyxTDFFjnAAABllfiZ7oAAAQDAEYwRAIgWifIAZ/HsJzWUqsMFK8gz0c7EwVmnJx2ZNhj0rKyIZwCIHCC6DJPTH4TjuuRTnKjVnqzT9zk9iR2l5dIKO0DtDJwAHUAJS+Uwisp6W6fQRpyBytpXFtS/5epDSVAu/zcUexN7gsAAAGWV+JpUwAABAMARjBEAiBhX/IRQ5Qi2O9hDETz3lhQDdF31EX4YQqwPlzqjYwltAIgUJKWGz+QtyMeJu0/QLTE11sxTte3ix4FbdxRZVCRBOQwDQYJKoZIhvcNAQELBQADggEBAHDqUvhsgktyXfpCLqb/RzMLXi+/cZ4Px/YXtFwpLLtyJlNsSurn78AxlWpR1iqlnJkMe46+SxBMtiBlkTbH/nB7MRERowLNLdpZRvoyI3Odv648mqDt6EDulvtknJQDFljCIWkudEQ/BbwtpOGhEXcXEPyK4uYY4SXkQ6N4OOvQloUsjXLtaBV/kMFi36nxXN2HhJwzIxzyUQjCrBeEhfj3k6sXbjLQ3ytpSjJoalMnr8NfS3rwMT7LT0ggPgbSOwxltGM70ntF3FszQJczzDGZJIDjwfbEX8aw3FSCqAHnT61YWh2xJQEaw4QZ6zLnIHkH5gbd7ijcYwN9KpAsbsc=
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql

Subject Name:

Common Name: SSL_Self_Signed_Fallback

Issuer Name:

Common Name: SSL_Self_Signed_Fallback

Serial Number: 5F A6 47 B4 50 A2 91 B4 4A BF 92 7D BC 69 CE 5A

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Apr 17 09:39:52 2025 GMT
Not Valid After: Apr 17 09:39:52 2055 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 BB A6 D8 50 8B E3 5F AF BA C2 D6 5B 8A C2 46 8A 28 F1 D7
0A 35 5C 06 33 F0 1A E8 6B E0 54 D6 DF 17 F9 D5 9D 8E 05 DF
4D A3 F5 BC 28 EC 73 DE 56 F8 1C E7 2E BC EB 59 84 B4 DD A7
D7 63 F3 3D 7F FA 9A 26 B9 C9 25 97 6C 99 06 69 F0 78 1E 59
07 C3 66 8D 5D 6C 0F 5D 6E EE 19 53 F1 C2 03 7D 12 FE 50 5A
1B 44 8D 77 58 A5 75 4E 62 C4 66 CB CF D2 F3 26 A8 8F 28 13
0D 41 CC 76 03 1E EA 57 3C 6F D5 24 21 49 59 BA BE 57 27 D8
E0 A7 76 17 02 E7 5C 20 60 F2 F8 3E 09 48 2F 78 7C CF 54 31
9A 90 5C 31 85 D0 D1 59 0B 72 00 DB 55 2D BF 94 38 AE 45 63
B9 AE 47 86 FA 88 7F CD EA 81 24 71 96 AF 86 AA AC B4 FF 30
1E 1E D7 AB 4A 93 CD C6 88 BA D9 A7 1D BC B3 EA 15 3B 15 FD
07 90 45 60 BC 33 2A 57 2F C2 07 54 10 EB C3 80 E9 8C 89 95
4C 38 C0 70 59 8C 8B 58 00 6D 22 04 AD FD 01 00 05
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 60 1F CC 85 54 B5 C8 A5 6C 1E FB 42 7D 2D C2 A5 48 7A 69
17 5B 6C D7 C2 42 F5 F4 F5 72 D8 42 55 A8 C2 C0 6B 80 EF 51
00 CC 42 E6 99 57 00 39 29 8C 9E 74 E0 B2 F7 34 85 F8 E9 3C
DF F5 B2 5A 4A 4B 04 D2 BA C8 40 93 56 C2 BE 04 BF 73 F1 24
F6 12 EE 96 EF 59 07 4E 27 64 AE 73 47 D6 1E 36 91 BD DD C2
9E 20 EA 06 1E D7 7E DE EC 47 F6 32 8A 31 79 2F 68 AE 6C F2
53 9B 79 9B BF EB C5 18 F3 9E 97 7D F7 66 84 B9 58 23 22 AA
FF E7 31 1C AB A2 00 3B 4F 9B E8 04 A2 B7 61 F4 F3 D1 66 3F
9E 08 EB AB 9B 08 23 E1 14 53 CE 25 D1 51 B3 54 0A E5 0F 37
65 81 BD 0E D6 08 5C 43 4A BA E2 50 6C DC 3F 4A E8 79 E5 22
95 3A D5 C6 90 EC 8B 9F 66 DB EB 52 04 31 AB 54 58 90 F4 E9
78 6D 0C 18 C6 91 41 57 BB A2 83 E4 CD A9 14 65 92 F9 47 37
2A 98 1C 0C 80 C7 05 FD E8 B0 2C E3 08 40 8A 3B 83

Fingerprints :

SHA-256 Fingerprint: 3E BC 9D CE 98 34 32 F1 96 ED B7 37 42 35 89 DB 17 A1 E8 43
51 9A A2 E5 40 A2 6D FB 41 BF 5B 22
SHA-1 Fingerprint: 98 96 0A FD 85 58 D8 75 60 8D 41 1D AC F3 5C 51 DF E0 5E EC
MD5 Fingerprint: ED B1 C1 B8 C4 26 3C E9 31 40 E4 6F 47 45 66 A8


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDADCCAeigAwIBAgIQX6ZHtFCikbRKv5J9vGnOWjANBgkqhkiG9w0BAQsFADA7MTkwNwYDVQQDHjAAUwBTAEwAXwBTAGUAbABmAF8AUwBpAGcAbgBlAGQAXwBGAGEAbABsAGIAYQBjAGswIBcNMjUwNDE3MDkzOTUyWhgPMjA1NTA0MTcwOTM5NTJaMDsxOTA3BgNVBAMeMABTAFMATABfAFMAZQBsAGYAXwBTAGkAZwBuAGUAZABfAEYAYQBsAGwAYgBhAGMAazCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALum2FCL41+vusLWW4rCRooo8dcKNVwGM/Aa6GvgVNbfF/nVnY4F302j9bwo7HPeVvgc5y6861mEtN2n12PzPX/6mia5ySWXbJkGafB4HlkHw2aNXWwPXW7uGVPxwgN9Ev5QWhtEjXdYpXVOYsRmy8/S8yaojygTDUHMdgMe6lc8b9UkIUlZur5XJ9jgp3YXAudcIGDy+D4JSC94fM9UMZqQXDGF0NFZC3IA21Utv5Q4rkVjua5HhvqIf83qgSRxlq+Gqqy0/zAeHterSpPNxoi62acdvLPqFTsV/QeQRWC8MypXL8IHVBDrw4DpjImVTDjAcFmMi1gAbSIErf0BAAUCAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAYB/MhVS1yKVsHvtCfS3CpUh6aRdbbNfCQvX09XLYQlWowsBrgO9RAMxC5plXADkpjJ504LL3NIX46Tzf9bJaSksE0rrIQJNWwr4Ev3PxJPYS7pbvWQdOJ2Suc0fWHjaRvd3CniDqBh7Xft7sR/YyijF5L2iubPJTm3mbv+vFGPOel333ZoS5WCMiqv/nMRyrogA7T5voBKK3YfTz0WY/ngjrq5sII+EUU84l0VGzVArlDzdlgb0O1ghcQ0q64lBs3D9K6HnlIpU61caQ7IufZtvrUgQxq1RYkPTpeG0MGMaRQVe7ooPkzakUZZL5RzcqmBwMgMcF/eiwLOMIQIo7gw==
-----END CERTIFICATE-----

10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: SPINE-HRMS

Issuer Name:

Common Name: SPINE-HRMS

Serial Number: 52 17 EB 86 EC 4B EA 9A 4C CD DB E8 8F 85 BC DD

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Nov 20 07:47:39 2025 GMT
Not Valid After: May 22 07:47:39 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 FC 63 24 75 E3 8F 0F 32 E5 E9 30 5F 50 47 E1 B7 EB 90 75
34 B8 9A E8 EF 93 77 F0 1A F5 68 A8 86 7A 35 A8 99 99 8C FE
8A C0 18 8A 13 51 E1 1B 5E 23 B1 5E 21 15 AA 1A 85 A3 3F A0
F8 8A 3C 0D 6E 03 76 51 41 F2 B2 EC 92 A6 33 5B D5 D2 45 B7
5F B9 C3 00 DF 8C B7 39 98 E6 48 84 3C 16 F0 0C 59 A4 93 A4
0F 5B 4A CE 4F 3A 01 93 B5 D8 80 51 78 E0 BC 51 8A 1C 1B 6C
49 6C 6E E2 8A DA 82 60 39 11 B4 3C 1B 94 A0 C2 6E D9 4A 7D
40 64 08 72 FB 0D 8B 30 9C 15 FA 9B B3 37 52 D9 8B 5C 1B C2
9A 07 E7 B4 24 1B A8 C0 14 EA DF 0A F4 BB 33 0C FD B8 DD 80
59 4E FC 32 DB 1A 75 1D 71 6A 36 2C A6 D3 1A 03 12 30 E6 37
B6 C5 BB F2 A3 7D E4 F3 B4 08 21 C9 60 21 05 F5 C1 B2 59 1E
96 A1 85 A9 B6 F3 A6 BA 54 A8 4E 1B 13 FA 21 06 C1 7F ED 66
AD A9 A2 84 1C FD 2E 51 44 7B 79 A7 E1 F5 FF D0 D5
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 6B FF 48 57 A2 34 85 41 5E B8 D6 54 1D 37 33 03 86 32 AD
E8 13 24 81 FA 09 4F E9 F0 F8 F0 68 09 E2 B2 43 38 26 66 55
A4 BC 01 1B 05 3F 05 8D 17 BC BA ED D4 F1 F1 FF 44 44 3A A1
32 19 37 58 D8 53 D8 59 60 74 46 62 72 95 F3 81 96 68 7D A8
8C 7F AB 36 A2 47 73 28 50 A1 2C 4C 94 EA BC 1C 6F 9B 1E ED
A1 75 32 0D DC 47 F7 10 C7 D2 E6 3D BC 35 CB 83 45 05 E5 7E
F4 E5 4F 0C 5A D3 6B 3D 50 69 51 6B BE ED 22 08 60 F3 8B 9D
EB F6 3A DC 00 21 3A 80 E0 80 B0 1F BD 0D 5D 8A D9 EA 7D 8E
29 83 D0 86 83 F1 97 8A 31 19 6C 83 80 17 47 1B 4E 2D EA E7
4A E5 26 C3 3A FF 89 10 37 0A F2 BC 3F 44 7F 68 84 60 A8 F2
2D C2 DA 75 7F 93 BC 73 A2 94 F8 76 39 4F B5 FB DA 96 3F E6
EB 45 AC 29 34 4E 92 CC 47 0F 65 0C FB A0 03 8A D8 DE 85 D1
EB 29 4A C7 2C BC 97 4E 99 C1 1B 19 0C 86 29 FE 8C

Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: A6 43 2F 09 03 4B 04 16 0B 2A BB 30 E2 73 45 14 CF 46 02 0D
CF 59 4F 64 68 25 2F 4D FD 70 77 EC
SHA-1 Fingerprint: 3B 42 8D B6 7E 9B 1A 2A 71 92 60 7C 22 E5 C3 6C 27 F9 BD 33
MD5 Fingerprint: 1A 81 5E 1B 42 80 33 F9 8C 49 10 39 8C B2 FC BE


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIC2DCCAcCgAwIBAgIQUhfrhuxL6ppMzdvoj4W83TANBgkqhkiG9w0BAQsFADAVMRMwEQYDVQQDEwpTUElORS1IUk1TMB4XDTI1MTEyMDA3NDczOVoXDTI2MDUyMjA3NDczOVowFTETMBEGA1UEAxMKU1BJTkUtSFJNUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPxjJHXjjw8y5ekwX1BH4bfrkHU0uJro75N38Br1aKiGejWomZmM/orAGIoTUeEbXiOxXiEVqhqFoz+g+Io8DW4DdlFB8rLskqYzW9XSRbdfucMA34y3OZjmSIQ8FvAMWaSTpA9bSs5POgGTtdiAUXjgvFGKHBtsSWxu4oragmA5EbQ8G5Sgwm7ZSn1AZAhy+w2LMJwV+puzN1LZi1wbwpoH57QkG6jAFOrfCvS7Mwz9uN2AWU78MtsadR1xajYsptMaAxIw5je2xbvyo33k87QIIclgIQX1wbJZHpahham286a6VKhOGxP6IQbBf+1mramihBz9LlFEe3mn4fX/0NUCAwEAAaMkMCIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgQwMA0GCSqGSIb3DQEBCwUAA4IBAQBr/0hXojSFQV641lQdNzMDhjKt6BMkgfoJT+nw+PBoCeKyQzgmZlWkvAEbBT8FjRe8uu3U8fH/REQ6oTIZN1jYU9hZYHRGYnKV84GWaH2ojH+rNqJHcyhQoSxMlOq8HG+bHu2hdTIN3Ef3EMfS5j28NcuDRQXlfvTlTwxa02s9UGlRa77tIghg84ud6/Y63AAhOoDggLAfvQ1ditnqfY4pg9CGg/GXijEZbIOAF0cbTi3q50rlJsM6/4kQNwryvD9Ef2iEYKjyLcLadX+TvHOilPh2OU+1+9qWP+brRawpNE6SzEcPZQz7oAOK2N6F0espSscsvJdOmcEbGQyGKf6M
-----END CERTIFICATE-----

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/443/www


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/1433/mssql


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/443/www


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/1433/mssql


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output

tcp/3389/msrdp


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/443/www


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/1433/mssql


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/3389/msrdp


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

94761 - SSL Root Certification Authority Certificate Information
-
Synopsis
A root Certification Authority certificate was found at the top of the certificate chain.
Description
The remote service uses an SSL certificate chain that contains a self-signed root Certification Authority certificate at the top of the chain.
See Also
Solution
Ensure that use of this root Certification Authority certificate complies with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2016/11/14, Modified: 2018/11/15
Plugin Output

tcp/443/www


The following root Certification Authority certificate was found :

|-Subject : OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
|-Issuer : OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign
|-Valid From : Mar 18 10:00:00 2009 GMT
|-Valid To : Mar 18 10:00:00 2029 GMT
|-Signature Algorithm : SHA-256 With RSA Encryption
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/443/www

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/1433/mssql

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/3389/msrdp

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

160486 - Server Message Block (SMB) Protocol Version Detection
-
Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Plugin Information
Published: 2022/05/04, Modified: 2022/05/04
Plugin Output

tcp/445/cifs

- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/80/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/81/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/443/www

A TLSv1.2 server answered on this port.

tcp/443/www

A web server is running on this port through TLSv1.2.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/5800/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/5900/vnc

A vnc server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/5985/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/6888

The service closed the connection without sending any data.
It might be protected by some sort of TCP wrapper.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/18018/www

A web server is running on this port.

22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output

tcp/47001/www

A web server is running on this port.

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/80/www


URL : http://172.17.100.20/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/81/www


URL : http://172.17.100.20:81/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/443/www


URL : https://172.17.100.20/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/5985/www


URL : http://172.17.100.20:5985/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/18018/www


URL : http://172.17.100.20:18018/cgi-bin/meteobridge
Version : unknown
Authenticated : False

278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.

Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output

tcp/47001/www


URL : http://172.17.100.20:47001/cgi-bin/meteobridge
Version : unknown
Authenticated : False

161455 - Supersedence Data Builder
-
Synopsis
Supersedence data.
Description
Collects and stores supersedence patch data for various patch types.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/24, Modified: 2025/07/14
Plugin Output

tcp/0

Supersedence patch data summary :
- MSKB : 60


Plugin debug log has been attached.

84821 - TLS ALPN Supported Protocol Enumeration
-
Synopsis
The remote host supports the TLS ALPN extension.
Description
The remote host supports the TLS ALPN extension. This plugin enumerates the protocols the extension supports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/07/17, Modified: 2024/09/11
Plugin Output

tcp/443/www


http/1.1
h2
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/443/www

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/1433/mssql

TLSv1.2 is enabled and the server supports at least one cipher.

136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/3389/msrdp

TLSv1.2 is enabled and the server supports at least one cipher.

110095 - Target Credential Issues by Authentication Protocol - No Issues Found
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials. No issues were reported with access, privilege, or intermittent failure.
Description
Valid credentials were provided for an authentication protocol on the remote target and Nessus did not log any subsequent errors or failures for the authentication protocol.

When possible, Nessus tracks errors or failures related to otherwise valid credentials in order to highlight issues that may result in incomplete scan results or limited scan coverage. The types of issues that are tracked include errors that indicate that the account used for scanning did not have sufficient permissions for a particular check, intermittent protocol failures which are unexpected after the protocol has been negotiated successfully earlier in the scan, and intermittent authentication failures which are unexpected after a credential set has been accepted as valid earlier in the scan. This plugin reports when none of the above issues have been logged during the course of the scan for at least one authenticated protocol. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for issues to be encountered for one protocol and not another.
For example, authentication to the SSH service on the remote target may have consistently succeeded with no privilege errors encountered, while connections to the SMB service on the remote target may have failed intermittently.

- Resolving logged issues for all available authentication protocols may improve scan coverage, but the value of resolving each issue for a particular protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol and what particular check failed. For example, consistently successful checks via SSH are more critical for Linux targets than for Windows targets, and likewise consistently successful checks via SMB are more critical for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0520
Plugin Information
Published: 2018/05/24, Modified: 2025/08/28
Plugin Output

tcp/445/cifs


Nessus was able to log into the remote host with no privilege or access
problems via the following :

User: '172.17.100.20\tidua'
Port: 445
Proto: SMB
Method: password
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided
-
Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/10/15, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


Nessus was able to log in to the remote host via the following :

User: '172.17.100.20\tidua'
Port: 445
Proto: SMB
Method: password

64814 - Terminal Services Use SSL/TLS
-
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/22, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: SPINE-HRMS

Issuer Name:

Common Name: SPINE-HRMS

Serial Number: 52 17 EB 86 EC 4B EA 9A 4C CD DB E8 8F 85 BC DD

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Nov 20 07:47:39 2025 GMT
Not Valid After: May 22 07:47:39 2026 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 FC 63 24 75 E3 8F 0F 32 E5 E9 30 5F 50 47 E1 B7 EB 90 75
34 B8 9A E8 EF 93 77 F0 1A F5 68 A8 86 7A 35 A8 99 99 8C FE
8A C0 18 8A 13 51 E1 1B 5E 23 B1 5E 21 15 AA 1A 85 A3 3F A0
F8 8A 3C 0D 6E 03 76 51 41 F2 B2 EC 92 A6 33 5B D5 D2 45 B7
5F B9 C3 00 DF 8C B7 39 98 E6 48 84 3C 16 F0 0C 59 A4 93 A4
0F 5B 4A CE 4F 3A 01 93 B5 D8 80 51 78 E0 BC 51 8A 1C 1B 6C
49 6C 6E E2 8A DA 82 60 39 11 B4 3C 1B 94 A0 C2 6E D9 4A 7D
40 64 08 72 FB 0D 8B 30 9C 15 FA 9B B3 37 52 D9 8B 5C 1B C2
9A 07 E7 B4 24 1B A8 C0 14 EA DF 0A F4 BB 33 0C FD B8 DD 80
59 4E FC 32 DB 1A 75 1D 71 6A 36 2C A6 D3 1A 03 12 30 E6 37
B6 C5 BB F2 A3 7D E4 F3 B4 08 21 C9 60 21 05 F5 C1 B2 59 1E
96 A1 85 A9 B6 F3 A6 BA 54 A8 4E 1B 13 FA 21 06 C1 7F ED 66
AD A9 A2 84 1C FD 2E 51 44 7B 79 A7 E1 F5 FF D0 D5
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 6B FF 48 57 A2 34 85 41 5E B8 D6 54 1D 37 33 03 86 32 AD
E8 13 24 81 FA 09 4F E9 F0 F8 F0 68 09 E2 B2 43 38 26 66 55
A4 BC 01 1B 05 3F 05 8D 17 BC BA ED D4 F1 F1 FF 44 44 3A A1
32 19 37 58 D8 53 D8 59 60 74 46 62 72 95 F3 81 96 68 7D A8
8C 7F AB 36 A2 47 73 28 50 A1 2C 4C 94 EA BC 1C 6F 9B 1E ED
A1 75 32 0D DC 47 F7 10 C7 D2 E6 3D BC 35 CB 83 45 05 E5 7E
F4 E5 4F 0C 5A D3 6B 3D 50 69 51 6B BE ED 22 08 60 F3 8B 9D
EB F6 3A DC 00 21 3A 80 E0 80 B0 1F BD 0D 5D 8A D9 EA 7D 8E
29 83 D0 86 83 F1 97 8A 31 19 6C 83 80 17 47 1B 4E 2D EA E7
4A E5 26 C3 3A FF 89 10 37 0A F2 BC 3F 44 7F 68 84 60 A8 F2
2D C2 DA 75 7F 93 BC 73 A2 94 F8 76 39 4F B5 FB DA 96 3F E6
EB 45 AC 29 34 4E 92 CC 47 0F 65 0C FB A0 03 8A D8 DE 85 D1
EB 29 4A C7 2C BC 97 4E 99 C1 1B 19 0C 86 29 FE 8C

Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)
-
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190.

Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.
See Also
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Plugin Information
Published: 2022/05/31, Modified: 2022/07/28
Plugin Output

tcp/445/cifs

The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied.

56468 - Time of Last System Startup
-
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/10/12, Modified: 2018/06/19
Plugin Output

tcp/0


20250417151106.134569+330

10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/12/04
Plugin Output

udp/0

For your information, here is the traceroute from 172.17.100.38 to 172.17.100.20 :
172.17.100.38
172.17.100.20

Hop Count: 1

92434 - User Download Folder Files
-
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

report output too big - ending list here

92431 - User Shell Folders Settings
-
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

tidua
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\tidua\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\tidua\Downloads
- recent : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\tidua\Videos
- my music : C:\Users\tidua\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\tidua\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\tidua\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\tidua\AppData\LocalLow
- sendto : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\tidua\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\tidua\Documents
- administrative tools : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\tidua\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\tidua\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\tidua\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\tidua\AppData\Local
- my pictures : C:\Users\tidua\Pictures
- templates : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\tidua\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\tidua\Desktop
- programs : C:\Users\tidua\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\tidua\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\tidua\Favorites
- appdata : C:\Users\tidua\AppData\Roaming

production
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads
- recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Administrator\Videos
- my music : C:\Users\Administrator\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow
- sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Administrator\Documents
- administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Administrator\AppData\Local
- my pictures : C:\Users\Administrator\Pictures
- templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Administrator\Desktop
- programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Administrator\Favorites
- appdata : C:\Users\Administrator\AppData\Roaming
92435 - UserAssist Execution History
-
Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/11/12
Plugin Output

tcp/0

{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
microsoft.windows.controlpanel
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
microsoft.windows.shell.rundialog
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
microsoft.windows.explorer
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
ueme_ctlsession
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
microsoft.autogenerated.{21a0406e-7390-4dba-8e06-a6804c6dd1c9}
d:\lkpsoft\sqlserver2014sp3-kb4022619-x64-enu(1).exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\advanced\vnc server (user mode).lnk
ueme_ctlsession
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\kes.11.11.0\avpui.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
microsoft.windows.sechealthui_cw5n1h2txyewy!sechealthui
e:\lkpsoft\iiscrypto (1).exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
c:\users\administrator\appdata\local\temp\~nsu1.tmp\un.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
c:\users\administrator\appdata\local\temp\2\nss9ddc.tmp\npcap-1.79.exe
g:\x64\scenarioengine.exe
c:\users\administrator\appdata\local\temp\2\{8eb3b004-8ada-48ad-a961-0aaeab5bf37b}\66211e83.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
d:\setup64.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\configuration tools\sql server 2014 configuration manager.lnk
\\192.168.150.232\lkpsoft\wrar540.exe
e:\fd768c9d137238c036b0825ae16c\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\hostname.exe
c:\users\administrator\desktop\nmap - zenmap gui.lnk
d:\lkpsoft\sql-2019\sqlserver2019-kb5030333-x64.exe
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 19\sql server management studio management studio 19.lnk
c:\spinepayroll\uninstalspinepayroll.exe
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
microsoft.windows.administrativetools
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server\120\tools\binn\managementstudio\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
e:\9357c5a1a9d9f6a7a13bdaec\x64\scenarioengine.exe
\\192.168.10.235\lkpsoft\software\winrar-x64-590.exe
microsoft.windows.explorer
ueme_ctlcuacount:ctor
c:\67a176de2994d5bf6e207c3b47424bd5\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
d:\lkpsoft\chromestandalonesetup64.exe
microsoft.autogenerated.{40815e86-5702-c2c8-a620-1ed06b4da7ee}
c:\users\administrator\downloads\kvrt.exe
c:\users\administrator\desktop\kes agent mover.bat
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dcomcnfg.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
microsoft.autogenerated.{25768b46-0833-0a7e-24a1-35c0ad58dd30}
microsoft.windows.controlpanel
d:\lkpsoft\sanernow_lkp_window_cm_windows_x86_6.3\sanernow_windows_x86_6.3.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gume19e.tmp\googleupdate.exe
microsoft.autogenerated.{bd3f924e-55fb-a1ba-9de6-b50f9f2460ac}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\winver.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
c:\users\administrator\desktop\nmap-7.95-setup.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\kes.12.1.0\avpui.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\ssms.exe
d:\lkpsoft\spine new update\installpay995\installpay995.exe
microsoft.windows.windowsinstaller
c:\b02e3c449f8d102f17\x64\scenarioengine.exe
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
c:\users\administrator\desktop\lkp_securities_9827.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesremote.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\wordpad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{277d9c1c-c3f2-4b3b-b952-7cab68d01617}\.cr\ssms-setup-enu.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\odbcad32.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
visualstudio.10.0
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
c:\users\administrator\desktop\lkp_securities_8304.exe
microsoft.windows.computer
{6d809377-6af0-444b-8957-a3773f02200e}\realvnc\vnc4\vncconfig.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
c:\users\administrator\downloads\chromesetup (1).exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum504c.tmp\googleupdate.exe
d:\lkpsoft\update-06082024\lkp_securities_8304\lkp_securities_8304.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2014\sql server 2014 management studio.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\iisreset.exe
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sql-2019\ssms-setup-enu.exe
d:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
c:\users\public\desktop\google chrome.lnk
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\notepad.exe
g:\setup.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft visual studio 10.0\common7\ide\devenv.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\kaspersky endpoint security for windows\kaspersky endpoint security for windows.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\networkagent\klshwmsg.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\networkagent\klcsngtgui.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
microsoft.autogenerated.{d2872dfe-4ec4-cd29-e597-62fb105e7fda}
\\192.168.150.235\lkpsoft\software\real vnc 4.6.1 enterprise edition\vnc-e4_6_1-x86_x64_win32.exe
g:\x64\landingpage.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
d:\lkpsoft\kesav+netagent_13.2.0.1511_11.11.0.452\installer.exe

Extended userassist report attached.

105793 - VMware Tools Detection
-
Synopsis
A virtual machine management application is installed on the remote host.
Description
VMware Tools, a suite of utilities that enhances the performance of the virtual machines guest operating system is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0738
Plugin Information
Published: 2018/01/13, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


Path : C:\Program Files\VMware\VMware Tools\
Version : 10.1.15.65452

20094 - VMware Virtual Machine Detection
-
Synopsis
The remote host is a VMware virtual machine.
Description
According to the MAC address of its network adapter, the remote host is a VMware virtual machine.
Solution
Since it is physically accessible through the network, ensure that its configuration matches your organization's security policy.
Risk Factor
None
Plugin Information
Published: 2005/10/27, Modified: 2019/12/11
Plugin Output

tcp/0


The remote host is a VMware virtual machine.

10758 - VNC HTTP Server Detection
-
Synopsis
The remote host is running a remote display software (VNC).
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2001/09/14, Modified: 2020/06/12
Plugin Output

tcp/5800/www

19288 - VNC Server Security Type Detection
-
Synopsis
A VNC server is running on the remote host.
Description
This script checks the remote VNC server protocol version and the available 'security types'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/07/22, Modified: 2021/07/13
Plugin Output

tcp/5900/vnc


The remote VNC server supports the following security types :\n\n 5 (RA2)
129
10342 - VNC Software Detection
-
Synopsis
The remote host is running a remote display software (VNC).
Description
The remote host is running VNC (Virtual Network Computing), which uses the RFB (Remote Framebuffer) protocol to provide remote access to graphical user interfaces and thus permits a console on the remote host to be displayed on another.
See Also
Solution
Make sure use of this software is done in accordance with your organization's security policy and filter incoming traffic to this port.
Risk Factor
None
Plugin Information
Published: 2000/03/07, Modified: 2017/06/12
Plugin Output

tcp/5900/vnc


The highest RFB protocol version supported by the server is :

4.1

24269 - WMI Available
-
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2025/12/15
Plugin Output

tcp/445/cifs

The remote host returned the following caption from Win32_OperatingSystem:

Microsoft Windows Server 2019 Datacenter

71637 - WMI IIS ISAPI Extension Enumeration
-
Synopsis
The remote host has ISAPI extensions set up with IIS.
Description
The remote host is running one or more ISAPI IIS extensions such as ASP.NET installed. This plugin enumerates these extensions by examining the ISAPI filters and displays information on whether the extension is enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/20, Modified: 2025/12/15
Plugin Output

tcp/0


IIS component : WebDAV
Component path : %windir%\system32\inetsrv\webdav.dll
Enabled ? : No

IIS component : Active Server Pages
Component path : %windir%\system32\inetsrv\asp.dll
Enabled ? : Yes

IIS component : ASP.NET v2.0.50727
Component path : %windir%\Microsoft.NET\Framework64\v2.0.50727\aspnet_isapi.dll
Enabled ? : Yes

IIS component : ASP.NET v2.0.50727
Component path : %windir%\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
Enabled ? : Yes

IIS component : ASP.NET v4.0.30319
Component path : %windir%\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
Enabled ? : Yes

IIS component : ASP.NET v4.0.30319
Component path : %windir%\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll
Enabled ? : Yes
52001 - WMI QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/16, Modified: 2025/12/15
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB5020866
- Description : Update
- InstalledOn : 12/28/2022
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=5020866

+ KB4535680
- Description : Security Update
- InstalledOn : 12/7/2021
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=4535680

+ KB4558997
- Description : Security Update
- InstalledOn : 7/10/2020
- SystemName : SPINE-HRMS
- Caption : http://support.microsoft.com/?kbid=4558997

+ KB4587735
- Description : Security Update
- InstalledOn : 12/6/2020
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/4587735

+ KB4589208
- Description : Update
- InstalledOn : 12/7/2021
- SystemName : SPINE-HRMS
- InstalledBy : SPINE-HRMS\production
- Caption : https://support.microsoft.com/help/4589208

+ KB5021237
- Description : Security Update
- InstalledOn : 12/28/2022
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/5021237

+ KB5006754
- Description : Update
- InstalledOn : 12/7/2021
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM

+ KB5008539
- Description : Update
- InstalledOn : 12/8/2021
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM

+ KB5009642
- Description : Update
- InstalledOn : 3/24/2022
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM

+ KB5011574
- Description : Update
- InstalledOn : 5/4/2022
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM

+ KB5020374
- Description : Security Update
- InstalledOn : 12/28/2022
- SystemName : SPINE-HRMS
- InstalledBy : NT AUTHORITY\SYSTEM
44871 - WMI Windows Feature Enumeration
-
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0754
Plugin Information
Published: 2010/02/24, Modified: 2025/12/15
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- .NET Environment 3.5
- .NET Extensibility 3.5
- .NET Extensibility 4.7
- .NET Framework 3.5 (includes .NET 2.0 and 3.0)
- .NET Framework 3.5 Features
- .NET Framework 4.7
- .NET Framework 4.7 Features
- ASP
- ASP.NET 3.5
- ASP.NET 4.7
- ASP.NET 4.7
- Application Development
- Application Initialization
- Basic Authentication
- CGI
- Centralized SSL Certificate Support
- Client Certificate Mapping Authentication
- Common HTTP Features
- Configuration APIs
- Custom Logging
- Default Document
- Digest Authentication
- Directory Browsing
- Dynamic Content Compression
- FTP Extensibility
- FTP Server
- FTP Service
- Feature Administration Tools
- File Server
- File and Storage Services
- File and iSCSI Services
- HTTP Activation
- HTTP Activation
- HTTP Errors
- HTTP Logging
- HTTP Redirection
- Health and Diagnostics
- IIS 6 Management Compatibility
- IIS 6 Management Console
- IIS 6 Metabase Compatibility
- IIS 6 Scripting Tools
- IIS 6 WMI Compatibility
- IIS Client Certificate Mapping Authentication
- IIS Management Console
- IIS Management Scripts and Tools
- IP and Domain Restrictions
- ISAPI Extensions
- ISAPI Filters
- Logging Tools
- Management Service
- Management Tools
- Named Pipe Activation
- Non-HTTP Activation
- ODBC Logging
- Performance
- Process Model
- Remote Server Administration Tools
- Request Filtering
- Request Monitor
- SMTP Server
- SMTP Server Tools
- SNMP Service
- SNMP Tools
- Security
- Server Side Includes
- Simple TCP/IP Services
- Static Content
- Static Content Compression
- Storage Services
- System Data Archiver
- TCP Activation
- TCP Port Sharing
- Telnet Client
- Tracing
- URL Authorization
- WCF Services
- Web Server
- Web Server (IIS)
- WebDAV Publishing
- WebSocket Protocol
- Windows Authentication
- Windows PowerShell
- Windows PowerShell 2.0 Engine
- Windows PowerShell 5.1
- Windows PowerShell ISE
- Windows Process Activation Service
- WoW64 Support
- XPS Viewer

33139 - WS-Management Server Detection
-
Synopsis
The remote web server is used for remote management.
Description
The remote web server supports the Web Services for Management (WS-Management) specification, a general web services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information
Published: 2008/06/11, Modified: 2021/05/19
Plugin Output

tcp/5985/www


Here is some information about the WS-Management Server :

Product Vendor : Microsoft Corporation
Product Version : OS: 0.0.0 SP: 0.0 Stack: 3.0

11422 - Web Server Unconfigured - Default Install Page Present
-
Synopsis
The remote web server is not configured or is improperly configured.
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 2003/03/20, Modified: 2018/08/15
Plugin Output

tcp/80/www


The default welcome page is from IIS.

92436 - WinRAR History
-
Synopsis
Nessus was able to enumerate files opened with WinRAR on the remote host.
Description
Nessus was able to gather evidence of compressed files that were opened by WinRAR. Note that only compressed files that were opened and not extracted through the explorer shortcut or command line interface were reported.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

E:\Spine DataBase Backup\Spine DataBase Backup_July2024.rar
E:\Spine DataBase Backup\Spine DataBase Backup_15-OCT-2024.rar
E:\Spine DataBase Backup\Spine DataBase Backup.rar
E:\Spine DataBase Backup\Spine DataBase Backup_Aug2024.rar

WinRAR report attached.

162174 - Windows Always Installed Elevated Status
-
Synopsis
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/06/14, Modified: 2022/06/14
Plugin Output

tcp/445/cifs

AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-1687551350-3880216100-4069998428-1009
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-1687551350-3880216100-4069998428-500

48337 - Windows ComputerSystemProduct Enumeration (WMI)
-
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/16, Modified: 2025/12/15
Plugin Output

tcp/0


+ Computer System Product
- IdentifyingNumber : VMware-56 4d f9 70 8a 6c b9 92-74 be be bc f8 0c d7 3b
- Description : Computer System Product
- Vendor : VMware, Inc.
- Name : VMware Virtual Platform
- UUID : 70F94D56-6C8A-92B9-74BE-BEBCF80CD73B
- Version : None

159817 - Windows Credential Guard Status
-
Synopsis
Retrieves the status of Windows Credential Guard.
Description
Retrieves the status of Windows Credential Guard.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/04/18, Modified: 2023/08/25
Plugin Output

tcp/445/cifs


Windows Credential Guard is not fully enabled.
The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found.
58181 - Windows DNS Server Enumeration
-
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/03/01, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Nessus enumerated DNS servers for the following interfaces :

Interface: {da0c869a-9291-4d69-8682-6a0c842db79b}
Network Connection : LAN
NameServer: 8.8.8.8,4.2.2.2
164690 - Windows Disabled Command Prompt Enumeration
-
Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'

- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/09/06, Modified: 2022/10/05
Plugin Output

tcp/445/cifs


Username: tidua
SID: S-1-5-21-1687551350-3880216100-4069998428-1009
DisableCMD: Unset

Username: DefaultAccount
SID: S-1-5-21-1687551350-3880216100-4069998428-503
DisableCMD: Unset

Username: production
SID: S-1-5-21-1687551350-3880216100-4069998428-500
DisableCMD: Unset

Username: WDAGUtilityAccount
SID: S-1-5-21-1687551350-3880216100-4069998428-504
DisableCMD: Unset

Username: Lkpadmin
SID: S-1-5-21-1687551350-3880216100-4069998428-1000
DisableCMD: Unset

Username: Guest
SID: S-1-5-21-1687551350-3880216100-4069998428-501
DisableCMD: Unset

72482 - Windows Display Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0756
Plugin Information
Published: 2014/02/06, Modified: 2025/12/15
Plugin Output

tcp/0


Device Name : VMware SVGA 3D
Driver File Version : 8.17.2.14
Driver Date : 02/08/2021
Video Processor : VMware Virtual SVGA 3D Graphics Adapter
171956 - Windows Enumerate Accounts
-
Synopsis
Enumerate Windows accounts.
Description
Enumerate Windows accounts.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/28, Modified: 2025/12/15
Plugin Output

tcp/0

Windows accounts enumerated. Results output to DB.
User data gathered in scan starting at : 2026/1/10 0:00 India Standard Time
92423 - Windows Explorer Recently Executed Programs
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/08/15
Plugin Output

tcp/0

InetMgr.exePO :i+00/D:\V1ZnLKPSOFT@U2Zn.)LKPSOFTf1ZnSSL_21042025JZnZn.SSL_21042025
SanerNow_Windows_x86_6.3.exePO :i+00/D:\V1YTLKPSOFT@U2YT.)LKPSOFT1Y`SanerNow_LKP_Window_CM_Windows_x86_6.3~YTY`.\nSanerNow_LKP_Window_CM_Windows_x86_6.36
MSPAINT.exePO :i+00/D:\
Explorer.EXEPO :i+00/C:\V1*V8Sinetpub@UV4*V8S.44#inetpubV1*V/Swwwroot@UV4*V/S.wwwrootV1*VSSpineHR@*VM*VS.egpSpineHRZ1*VYMobileHRB*VM*VY.wMobileHR\1*VaPAYROL~1D*VN*Va.PayrollnxJ1+V0bin8*VN+V0.e=bin
notepad.exePO :i+00.+ezFkp:
IISCrypto (1).exePO :i+00/E:\V1W@FLKPSOFT@HdW@F.#BLKPSOFT
{B5E83989-4076-4ED0-A33E-9B8E9870B07F}PO :i+00.+ezFkp:
cmd\1
ba
appwiz.cpl\1
control panel\1
\\192.168.10.235\1
c:\\1
\\172.17.100.32\1
iisreset\1
appwiz.cpl\1
D:\SpineHR\MobileHR\Payrollnx\1
\\172.17.100.20\1
inetmgr\1
ssms\1
notepad\1
D:\SpineHR\MobileHR\1
winver\1
wmimgmt.msc\1
regedit\1
compmgmt.msc\1
%temp%\1
\\172.17.100.82\1
c:\Program Files\Microsoft SQL Server\1
dcomcnfg\1
frsnolkeqpbmahujzdcytigxwv
services.msc\1
secpol.msc\1
firewall.cpl\1
d:\1
cmd\1
ncpa.cpl\1
SnippingTool.exeVJ3
InetMgr.exed{\rc
SanerNow_Windows_x86_6.3.exeE_{
Explorer.EXElX-\r
{B5E83989-4076-4ED0-A33E-9B8E9870B07F}^_m\nM
IISCrypto (1).exed
mspaint.exe5b
notepad.exe\b7xdu
x@_dP/N
X\r,!PCsg<

MRU programs details in attached report.
92418 - Windows Explorer Typed Paths
-
Synopsis
Nessus was able to enumerate the directory paths that users visited by typing the full directory path into Windows Explorer.
Description
Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path into Windows Explorer. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

D:\SpineHR\MobileHR\Payrollnx
E:\
E:\Spine DataBase Backup
D:\SpineHR\MobileHR
\\172.17.100.82\d$
\\172.17.100.118\d$
D:\SpineDatabase
D:\SpineHR\MobileHR\Payrollnx\UserData\CompanyLogo
D:\SpineHR
Quick access

Extended explorer typed paths report attached.

159929 - Windows LSA Protection Status
-
Synopsis
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/04/20, Modified: 2025/06/16
Plugin Output

tcp/445/cifs


LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.

148541 - Windows Language Settings Detection
-
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/04/14, Modified: 2022/02/01
Plugin Output

tcp/0

Default Install Language Code: 1033

Default Active Language Code: 1033

Other common microsoft Language packs may be scanned as well.

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2021/02/10
Plugin Output

udp/137/netbios-ns

The following 3 NetBIOS names have been gathered :

SPINE-HRMS = Computer name
WORKGROUP = Workgroup / Domain name
SPINE-HRMS = File Server Service

The remote host has the following MAC address on its adapter :

00:50:56:bc:92:1f

155963 - Windows Printer Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the printer drivers on the remote host.
Description
Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/12/09, Modified: 2025/12/15
Plugin Output

tcp/445/cifs


--- Microsoft XPS Document Writer v4 ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_07e28972f85b1456\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64

--- Microsoft Software Printer Driver ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_07e28972f85b1456\Amd64\mxdwdrv.dll
Version : 10.0.17763.1192
Supported Platform : Windows x64

--- Microsoft enhanced Point and Print compatibility driver ---

Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:

Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.17763.3532
Supported Platform : Windows x64

Path : C:\Windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.17763.3532
Supported Platform : Windows NT x86

--- Microsoft Print To PDF ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_07e28972f85b1456\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64

--- Microsoft Shared Fax Driver ---

Path : C:\Windows\system32\spool\DRIVERS\x64\3\FXSDRV.DLL
Version : 10.0.17763.3406
Supported Platform : Windows x64

--- Microsoft IPP Class Driver ---

Path : C:\Windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_07e28972f85b1456\Amd64\mxdwdrv.dll
Version : 10.0.17763.1
Supported Platform : Windows x64

--- Remote Desktop Easy Print ---

Path : C:\Windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.17763.973
Supported Platform : Windows x64
63620 - Windows Product Key Retrieval
-
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

tcp/445/cifs


Product key : XXXXX-XXXXX-XXXXX-XXXXX-BWT4H

Note that all but the final portion of the key has been obfuscated.
160576 - Windows Services Registry ACL
-
Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/05, Modified: 2024/01/15
Plugin Output

tcp/445/cifs

report output too big - ending list here

85736 - Windows Store Application Enumeration
-
Synopsis
It is possible to obtain the list of applications installed from the Windows Store.
Description
This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/09/02, Modified: 2025/12/15
Plugin Output

tcp/0


-1527c705-839a-4832-9118-54d4Bd6a0c89
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-c5e2524a-ea46-4f67-841f-6a9465d9d515
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-E2A4F912-2574-4A75-9BB0-0D023378592B
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-InputApp
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\InputApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AAD.BrokerPlugin
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AccountsControl
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AsyncTextService
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.BioEnrollment
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.CredDialogHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.ECApp
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.LockApp
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Win32WebViewHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Apprep.ChxApp
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CapturePicker
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CloudExperienceHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Cortana
Version : 1.11.6.17763
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.NarratorQuickStart
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.OOBENetworkCaptivePortal
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.OOBENetworkConnectionFlow
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PeopleExperienceHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PinningConfirmationDialog
Version : 1000.17763.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.ShellExperienceHost
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.XGpuEjectDialog
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.CBSPreview
Version : 10.0.17763.1
InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-windows.immersivecontrolpanel
Version : 10.0.2.1000
InstallLocation : C:\Windows\ImmersiveControlPanel
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.PrintDialog
Version : 6.2.1.0
InstallLocation : C:\Windows\PrintDialog
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.SecHealthUI
Version : 10.0.17763.3232
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
204960 - Windows System Driver Enumeration (Windows)
-
Synopsis
One or more kernel or file system drivers were enumerated on the remote Windows host.
Description
One or more kernel or file system drivers were enumerated on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/08/01, Modified: 2025/12/15
Plugin Output

tcp/0


Total : 366

Name : 1394ohci
Path : C:\Windows\system32\drivers\1394ohci.sys
Service Type : Kernel Driver
Description : 1394 OHCI Compliant Host Controller
State : Stopped

Name : 3ware
Path : C:\Windows\system32\drivers\3ware.sys
Service Type : Kernel Driver
Description : 3ware
State : Stopped

Name : ACPI
Path : C:\Windows\system32\drivers\ACPI.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Driver
State : Running

Name : AcpiDev
Path : C:\Windows\system32\drivers\AcpiDev.sys
Service Type : Kernel Driver
Description : ACPI Devices driver
State : Stopped

Name : acpiex
Path : C:\Windows\system32\Drivers\acpiex.sys
Service Type : Kernel Driver
Description : Microsoft ACPIEx Driver
State : Running

Name : acpipagr
Path : C:\Windows\system32\drivers\acpipagr.sys
Service Type : Kernel Driver
Description : ACPI Processor Aggregator Driver
State : Stopped

Name : AcpiPmi
Path : C:\Windows\system32\drivers\acpipmi.sys
Service Type : Kernel Driver
Description : ACPI Power Meter Driver
State : Stopped

Name : acpitime
Path : C:\Windows\system32\drivers\acpitime.sys
Service Type : Kernel Driver
Description : ACPI Wake Alarm Driver
State : Stopped

Name : ADP80XX
Path : C:\Windows\system32\drivers\ADP80XX.SYS
Service Type : Kernel Driver
Description : ADP80XX
State : Stopped

Name : AFD
Path : C:\Windows\system32\drivers\afd.sys
Service Type : Kernel Driver
Description : Ancillary Function Driver for Winsock
State : Running

Name : afunix
Path : C:\Windows\system32\drivers\afunix.sys
Service Type : Kernel Driver
Description : afunix
State : Running

Name : ahcache
Path : C:\Windows\system32\DRIVERS\ahcache.sys
Service Type : Kernel Driver
Description : Application Compatibility Cache
State : Running

Name : AmdK8
Path : C:\Windows\system32\drivers\amdk8.sys
Service Type : Kernel Driver
Description : AMD K8 Processor Driver
State : Stopped

Name : AmdPPM
Path : C:\Windows\system32\drivers\amdppm.sys
Service Type : Kernel Driver
Description : AMD Processor Driver
State : Stopped

Name : amdsata
Path : C:\Windows\system32\drivers\amdsata.sys
Service Type : Kernel Driver
Description : amdsata
State : Stopped

Name : amdsbs
Path : C:\Windows\system32\drivers\amdsbs.sys
Service Type : Kernel Driver
Description : amdsbs
State : Stopped

Name : amdxata
Path : C:\Windows\system32\drivers\amdxata.sys
Service Type : Kernel Driver
Description : amdxata
State : Stopped

Name : AppID
Path : C:\Windows\system32\drivers\appid.sys
Service Type : Kernel Driver
Description : AppID Driver
State : Stopped

Name : applockerfltr
Path : C:\Windows\system32\drivers\applockerfltr.sys
Service Type : Kernel Driver
Description : Smartlocker Filter Driver
State : Stopped

Name : AppvStrm
Path : C:\Windows\system32\drivers\AppvStrm.sys
Service Type : File System Driver
Description : AppvStrm
State : Stopped

Name : AppvVemgr
Path : C:\Windows\system32\drivers\AppvVemgr.sys
Service Type : File System Driver
Description : AppvVemgr
State : Stopped

Name : AppvVfs
Path : C:\Windows\system32\drivers\AppvVfs.sys
Service Type : File System Driver
Description : AppvVfs
State : Stopped

Name : arcsas
Path : C:\Windows\system32\drivers\arcsas.sys
Service Type : Kernel Driver
Description : Adaptec SAS/SATA-II RAID Storport's Miniport Driver
State : Stopped

Name : AsyncMac
Path : C:\Windows\system32\drivers\asyncmac.sys
Service Type : Kernel Driver
Description : RAS Asynchronous Media Driver
State : Stopped

Name : atapi
Path : C:\Windows\system32\drivers\atapi.sys
Service Type : Kernel Driver
Description : IDE Channel
State : Running

Name : b06bdrv
Path : C:\Windows\system32\drivers\bxvbda.sys
Service Type : Kernel Driver
Description : QLogic Network Adapter VBD
State : Stopped

Name : bam
Path : C:\Windows\system32\drivers\bam.sys
Service Type : Kernel Driver
Description : Background Activity Moderator Driver
State : Running

Name : BasicDisplay
Path : C:\Windows\system32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys
Service Type : Kernel Driver
Description : BasicDisplay
State : Running

Name : BasicRender
Path : C:\Windows\system32\DriverStore\FileRepository\basicrender.inf_amd64_efdc64af60c69a6d\BasicRender.sys
Service Type : Kernel Driver
Description : BasicRender
State : Running

Name : bcmfn2
Path : C:\Windows\system32\drivers\bcmfn2.sys
Service Type : Kernel Driver
Description : bcmfn2 Service
State : Stopped

Name : Beep
Path : C:\Windows\system32\drivers\Beep.sys
Service Type : Kernel Driver
Description : Beep
State : Stopped

Name : bfadfcoei
Path : C:\Windows\system32\drivers\bfadfcoei.sys
Service Type : Kernel Driver
Description : bfadfcoei
State : Stopped

Name : bfadi
Path : C:\Windows\system32\drivers\bfadi.sys
Service Type : Kernel Driver
Description : bfadi
State : Stopped

Name : bindflt
Path : C:\Windows\system32\drivers\bindflt.sys
Service Type : File System Driver
Description : Windows Bind Filter Driver
State : Stopped

Name : bowser
Path : C:\Windows\system32\DRIVERS\bowser.sys
Service Type : File System Driver
Description : Browser
State : Running

Name : BthEnum
Path : C:\Windows\system32\drivers\BthEnum.sys
Service Type : Kernel Driver
Description : Bluetooth Enumerator Service
State : Stopped

Name : BthLEEnum
Path : C:\Windows\system32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
Service Type : Kernel Driver
Description : Bluetooth Low Energy Driver
State : Stopped

Name : BthMini
Path : C:\Windows\system32\drivers\BTHMINI.sys
Service Type : Kernel Driver
Description : Bluetooth Radio Driver
State : Stopped

Name : BTHPORT
Path : C:\Windows\system32\drivers\BTHport.sys
Service Type : Kernel Driver
Description : Bluetooth Port Driver
State : Stopped

Name : BTHUSB
Path : C:\Windows\system32\drivers\BTHUSB.sys
Service Type : Kernel Driver
Description : Bluetooth Radio USB Driver
State : Stopped

Name : bttflt
Path : C:\Windows\system32\drivers\bttflt.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V VHDPMEM BTT Filter
State : Stopped

Name : buttonconverter
Path : C:\Windows\system32\drivers\buttonconverter.sys
Service Type : Kernel Driver
Description : Service for Portable Device Control devices
State : Stopped

Name : bxfcoe
Path : C:\Windows\system32\drivers\bxfcoe.sys
Service Type : Kernel Driver
Description : QLogic FCoE Offload driver
State : Stopped

Name : bxois
Path : C:\Windows\system32\drivers\bxois.sys
Service Type : Kernel Driver
Description : QLogic Offload iSCSI Driver
State : Stopped

Name : CapImg
Path : C:\Windows\system32\drivers\capimg.sys
Service Type : Kernel Driver
Description : HID driver for CapImg touch screen
State : Stopped

Name : cdfs
Path : C:\Windows\system32\DRIVERS\cdfs.sys
Service Type : File System Driver
Description : CD/DVD File System Reader
State : Stopped

Name : cdrom
Path : C:\Windows\system32\drivers\cdrom.sys
Service Type : Kernel Driver
Description : CD-ROM Driver
State : Running

Name : cht4iscsi
Path : C:\Windows\system32\drivers\cht4sx64.sys
Service Type : Kernel Driver
Description : cht4iscsi
State : Stopped

Name : cht4vbd
Path : C:\Windows\system32\drivers\cht4vx64.sys
Service Type : Kernel Driver
Description : Chelsio Virtual Bus Driver
State : Stopped

Name : CldFlt
Path : C:\Windows\system32\drivers\cldflt.sys
Service Type : File System Driver
Description : Windows Cloud Files Filter Driver
State : Running

Name : CLFS
Path : C:\Windows\system32\drivers\CLFS.sys
Service Type : Kernel Driver
Description : Common Log (CLFS)
State : Running

Name : CmBatt
Path : C:\Windows\system32\drivers\CmBatt.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Control Method Battery Driver
State : Running

Name : CNG
Path : C:\Windows\system32\Drivers\cng.sys
Service Type : Kernel Driver
Description : CNG
State : Running

Name : cnghwassist
Path : C:\Windows\system32\DRIVERS\cnghwassist.sys
Service Type : Kernel Driver
Description : CNG Hardware Assist algorithm provider
State : Stopped

Name : CompositeBus
Path : C:\Windows\system32\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys
Service Type : Kernel Driver
Description : Composite Bus Enumerator Driver
State : Running

Name : condrv
Path : C:\Windows\system32\drivers\condrv.sys
Service Type : Kernel Driver
Description : Console Driver
State : Running

Name : CSC
Path : C:\Windows\system32\drivers\csc.sys
Service Type : Kernel Driver
Description : Offline Files Driver
State : Stopped

Name : dam
Path : C:\Windows\system32\drivers\dam.sys
Service Type : Kernel Driver
Description : Desktop Activity Moderator Driver
State : Stopped

Name : Dfsc
Path : C:\Windows\system32\Drivers\dfsc.sys
Service Type : File System Driver
Description : DFS Namespace Client Driver
State : Running

Name : Disk
Path : C:\Windows\system32\drivers\disk.sys
Service Type : Kernel Driver
Description : Disk Driver
State : Running

Name : dmvsc
Path : C:\Windows\system32\drivers\dmvsc.sys
Service Type : Kernel Driver
Description : dmvsc
State : Stopped

Name : drmkaud
Path : C:\Windows\system32\drivers\drmkaud.sys
Service Type : Kernel Driver
Description : Microsoft Trusted Audio Drivers
State : Stopped

Name : DXGKrnl
Path : C:\Windows\system32\drivers\dxgkrnl.sys
Service Type : Kernel Driver
Description : LDDM Graphics Subsystem
State : Running

Name : e1iexpress
Path : C:\Windows\system32\drivers\e1i63x64.sys
Service Type : Kernel Driver
Description : Intel(R) PRO/1000 PCI Express Network Connection Driver I
State : Running

Name : ebdrv
Path : C:\Windows\system32\drivers\evbda.sys
Service Type : Kernel Driver
Description : QLogic 10 Gigabit Ethernet Adapter VBD
State : Stopped

Name : EhStorClass
Path : C:\Windows\system32\drivers\EhStorClass.sys
Service Type : Kernel Driver
Description : Enhanced Storage Filter Driver
State : Running

Name : EhStorTcgDrv
Path : C:\Windows\system32\drivers\EhStorTcgDrv.sys
Service Type : Kernel Driver
Description : Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols
State : Stopped

Name : elxfcoe
Path : C:\Windows\system32\drivers\elxfcoe.sys
Service Type : Kernel Driver
Description : elxfcoe
State : Stopped

Name : elxstor
Path : C:\Windows\system32\drivers\elxstor.sys
Service Type : Kernel Driver
Description : elxstor
State : Stopped

Name : ErrDev
Path : C:\Windows\system32\drivers\errdev.sys
Service Type : Kernel Driver
Description : Microsoft Hardware Error Device Driver
State : Stopped

Name : exfat
Path : C:\Windows\system32\drivers\exfat.sys
Service Type : File System Driver
Description : exFAT File System Driver
State : Stopped

Name : fastfat
Path : C:\Windows\system32\drivers\fastfat.sys
Service Type : File System Driver
Description : FAT12/16/32 File System Driver
State : Stopped

Name : fcvsc
Path : C:\Windows\system32\drivers\fcvsc.sys
Service Type : Kernel Driver
Description : fcvsc
State : Stopped

Name : fdc
Path : C:\Windows\system32\drivers\fdc.sys
Service Type : Kernel Driver
Description : Floppy Disk Controller Driver
State : Stopped

Name : FileCrypt
Path : C:\Windows\system32\drivers\filecrypt.sys
Service Type : File System Driver
Description : FileCrypt
State : Running

Name : FileInfo
Path : C:\Windows\system32\drivers\fileinfo.sys
Service Type : File System Driver
Description : File Information FS MiniFilter
State : Stopped

Name : Filetrace
Path : C:\Windows\system32\drivers\filetrace.sys
Service Type : File System Driver
Description : Filetrace
State : Stopped

Name : file_monitor
Path : C:\Windows\system32\DRIVERS\file_monitor.sys
Service Type : File System Driver
Description : file_monitor
State : Running

Name : file_protector
Path : C:\Windows\system32\DRIVERS\file_protector.sys
Service Type : File System Driver
Description : Acronis File Protector Driver
State : Running

Name : flpydisk
Path : C:\Windows\system32\drivers\flpydisk.sys
Service Type : Kernel Driver
Description : Floppy Disk Driver
State : Stopped

Name : FltMgr
Path : C:\Windows\system32\drivers\fltmgr.sys
Service Type : File System Driver
Description : FltMgr
State : Running

Name : fltsrv
Path : C:\Windows\system32\DRIVERS\fltsrv.sys
Service Type : Kernel Driver
Description : Acronis Storage Filter Management
State : Running

Name : FsDepends
Path : C:\Windows\system32\drivers\FsDepends.sys
Service Type : File System Driver
Description : File System Dependency Minifilter
State : Stopped

Name : gencounter
Path : C:\Windows\system32\drivers\vmgencounter.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Generation Counter
State : Running

Name : genericusbfn
Path : C:\Windows\system32\drivers\genericusbfn.sys
Service Type : Kernel Driver
Description : Generic USB Function Class
State : Stopped

Name : GPIOClx0101
Path : C:\Windows\system32\Drivers\msgpioclx.sys
Service Type : Kernel Driver
Description : Microsoft GPIO Class Extension Driver
State : Stopped

Name : HDAudBus
Path : C:\Windows\system32\drivers\HDAudBus.sys
Service Type : Kernel Driver
Description : Microsoft UAA Bus Driver for High Definition Audio
State : Stopped

Name : HidBatt
Path : C:\Windows\system32\drivers\HidBatt.sys
Service Type : Kernel Driver
Description : HID UPS Battery Driver
State : Stopped

Name : hidinterrupt
Path : C:\Windows\system32\drivers\hidinterrupt.sys
Service Type : Kernel Driver
Description : Common Driver for HID Buttons implemented with interrupts
State : Stopped

Name : HidUsb
Path : C:\Windows\system32\drivers\hidusb.sys
Service Type : Kernel Driver
Description : Microsoft HID Class Driver
State : Running

Name : HpSAMD
Path : C:\Windows\system32\drivers\HpSAMD.sys
Service Type : Kernel Driver
Description : HpSAMD
State : Stopped

Name : HTTP
Path : C:\Windows\system32\drivers\HTTP.sys
Service Type : Kernel Driver
Description : HTTP Service
State : Running

Name : hvcrash
Path : C:\Windows\system32\drivers\hvcrash.sys
Service Type : Kernel Driver
Description : hvcrash
State : Stopped

Name : hvservice
Path : C:\Windows\system32\drivers\hvservice.sys
Service Type : Kernel Driver
Description : Hypervisor/Virtual Machine Support Driver
State : Stopped

Name : HwNClx0101
Path : C:\Windows\system32\Drivers\mshwnclx.sys
Service Type : Kernel Driver
Description : Microsoft Hardware Notifications Class Extension Driver
State : Stopped

Name : hwpolicy
Path : C:\Windows\system32\drivers\hwpolicy.sys
Service Type : Kernel Driver
Description : Hardware Policy Driver
State : Stopped

Name : hyperkbd
Path : C:\Windows\system32\drivers\hyperkbd.sys
Service Type : Kernel Driver
Description : hyperkbd
State : Stopped

Name : HyperVideo
Path : C:\Windows\system32\drivers\HyperVideo.sys
Service Type : Kernel Driver
Description : HyperVideo
State : Stopped

Name : i8042prt
Path : C:\Windows\system32\drivers\i8042prt.sys
Service Type : Kernel Driver
Description : PS/2 Keyboard and Mouse Port Driver
State : Running

Name : iaLPSSi_GPIO
Path : C:\Windows\system32\drivers\iaLPSSi_GPIO.sys
Service Type : Kernel Driver
Description : Intel(R) Serial IO GPIO Controller Driver
State : Stopped

Name : iaLPSSi_I2C
Path : C:\Windows\system32\drivers\iaLPSSi_I2C.sys
Service Type : Kernel Driver
Description : Intel(R) Serial IO I2C Controller Driver
State : Stopped

Name : iaStorAVC
Path : C:\Windows\system32\drivers\iaStorAVC.sys
Service Type : Kernel Driver
Description : Intel Chipset SATA RAID Controller
State : Stopped

Name : iaStorV
Path : C:\Windows\system32\drivers\iaStorV.sys
Service Type : Kernel Driver
Description : Intel RAID Controller Windows 7
State : Stopped

Name : ibbus
Path : C:\Windows\system32\drivers\ibbus.sys
Service Type : Kernel Driver
Description : Mellanox InfiniBand Bus/AL (Filter Driver)
State : Stopped

Name : IndirectKmd
Path : C:\Windows\system32\drivers\IndirectKmd.sys
Service Type : Kernel Driver
Description : Indirect Displays Kernel-Mode Driver
State : Stopped

Name : intelide
Path : C:\Windows\system32\drivers\intelide.sys
Service Type : Kernel Driver
Description : intelide
State : Running

Name : intelpep
Path : C:\Windows\system32\drivers\intelpep.sys
Service Type : Kernel Driver
Description : Intel(R) Power Engine Plug-in Driver
State : Running

Name : intelppm
Path : C:\Windows\system32\drivers\intelppm.sys
Service Type : Kernel Driver
Description : Intel Processor Driver
State : Running

Name : IpFilterDriver
Path : C:\Windows\system32\DRIVERS\ipfltdrv.sys
Service Type : Kernel Driver
Description : IP Traffic Filter Driver
State : Stopped

Name : IPMIDRV
Path : C:\Windows\system32\drivers\IPMIDrv.sys
Service Type : Kernel Driver
Description : IPMIDRV
State : Stopped

Name : IPNAT
Path : C:\Windows\system32\drivers\ipnat.sys
Service Type : Kernel Driver
Description : IP Network Address Translator
State : Stopped

Name : IPsecGW
Path : C:\Windows\system32\drivers\ipsecgw.sys
Service Type : Kernel Driver
Description : Windows IPsec Gateway Driver
State : Stopped

Name : IPT
Path : C:\Windows\system32\drivers\ipt.sys
Service Type : Kernel Driver
Description : IPT
State : Stopped

Name : isapnp
Path : C:\Windows\system32\drivers\isapnp.sys
Service Type : Kernel Driver
Description : isapnp
State : Stopped

Name : iScsiPrt
Path : C:\Windows\system32\drivers\msiscsi.sys
Service Type : Kernel Driver
Description : iScsiPort Driver
State : Stopped

Name : ItSas35i
Path : C:\Windows\system32\drivers\ItSas35i.sys
Service Type : Kernel Driver
Description : ItSas35i
State : Stopped

Name : kbdclass
Path : C:\Windows\system32\drivers\kbdclass.sys
Service Type : Kernel Driver
Description : Keyboard Class Driver
State : Running

Name : kbdhid
Path : C:\Windows\system32\drivers\kbdhid.sys
Service Type : Kernel Driver
Description : Keyboard HID Driver
State : Stopped

Name : kdnic
Path : C:\Windows\system32\drivers\kdnic.sys
Service Type : Kernel Driver
Description : Microsoft Kernel Debug Network Miniport (NDIS 6.20)
State : Running

Name : klbackupdisk.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klbackupdisk.sys
Service Type : Kernel Driver
Description : Kaspersky Lab klbackupdisk.KES-21-15
State : Running

Name : klbackupflt.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klbackupflt.sys
Service Type : File System Driver
Description : Kaspersky Lab klbackupflt.KES-21-15
State : Running

Name : klelam
Path : C:\Windows\system32\DRIVERS\klelam.sys
Service Type : Kernel Driver
Description : klelam
State : Stopped

Name : klflt.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klflt.sys
Service Type : Kernel Driver
Description : Kaspersky Lab Kernel DLL.KES-21-15
State : Running

Name : klfltdev.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klfltdev.sys
Service Type : Kernel Driver
Description : Kaspersky Lab KLFltDev.KES-21-15
State : Running

Name : klgse.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klgse.sys
Service Type : File System Driver
Description : Kaspersky Lab Security Extender Driver.KES-21-15
State : Running

Name : KLHK.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klhk.sys
Service Type : Kernel Driver
Description : Kaspersky Lab service driver.KES-21-15
State : Running

Name : KLIF.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klif.sys
Service Type : File System Driver
Description : Kaspersky Lab Driver.KES-21-15
State : Running

Name : klim6
Path : C:\Windows\system32\DRIVERS\klim6.sys
Service Type : Kernel Driver
Description : Kaspersky Anti-Virus NDIS 6 Filter
State : Running

Name : klpd.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klpd.sys
Service Type : File System Driver
Description : Kaspersky Lab format recognizer driver.KES-21-15
State : Running

Name : klpnpflt.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klpnpflt.sys
Service Type : Kernel Driver
Description : Kaspersky Lab klpnpflt.KES-21-15
State : Running

Name : klupd_KES-21-15_arkmon
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_arkmon.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_arkmon
State : Running

Name : klupd_KES-21-15_klark
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_klark.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_klark
State : Running

Name : klupd_KES-21-15_klbg
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_klbg.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_klbg
State : Running

Name : klupd_KES-21-15_mark
Path : C:\Windows\system32\Drivers\klupd_KES-21-15_mark.sys
Service Type : Kernel Driver
Description : klupd_KES-21-15_mark
State : Running

Name : klwfp
Path : C:\Windows\system32\DRIVERS\klwfp.sys
Service Type : Kernel Driver
Description : klwfp
State : Running

Name : klwtp.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\klwtp.sys
Service Type : Kernel Driver
Description : klwtp.KES-21-15
State : Running

Name : kneps.KES-21-15
Path : C:\Windows\system32\DRIVERS\KES-21-15\kneps.sys
Service Type : Kernel Driver
Description : kneps.KES-21-15
State : Running

Name : KSecDD
Path : C:\Windows\system32\Drivers\ksecdd.sys
Service Type : Kernel Driver
Description : KSecDD
State : Running

Name : KSecPkg
Path : C:\Windows\system32\Drivers\ksecpkg.sys
Service Type : Kernel Driver
Description : KSecPkg
State : Running

Name : ksthunk
Path : C:\Windows\system32\drivers\ksthunk.sys
Service Type : Kernel Driver
Description : Kernel Streaming Thunks
State : Stopped

Name : lltdio
Path : C:\Windows\system32\drivers\lltdio.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Mapper I/O Driver
State : Running

Name : LSI_SAS
Path : C:\Windows\system32\drivers\lsi_sas.sys
Service Type : Kernel Driver
Description : LSI_SAS
State : Running

Name : LSI_SAS2i
Path : C:\Windows\system32\drivers\lsi_sas2i.sys
Service Type : Kernel Driver
Description : LSI_SAS2i
State : Stopped

Name : LSI_SAS3i
Path : C:\Windows\system32\drivers\lsi_sas3i.sys
Service Type : Kernel Driver
Description : LSI_SAS3i
State : Stopped

Name : LSI_SSS
Path : C:\Windows\system32\drivers\lsi_sss.sys
Service Type : Kernel Driver
Description : LSI_SSS
State : Stopped

Name : luafv
Path : C:\Windows\system32\drivers\luafv.sys
Service Type : File System Driver
Description : UAC File Virtualization
State : Running

Name : mausbhost
Path : C:\Windows\system32\drivers\mausbhost.sys
Service Type : Kernel Driver
Description : MA-USB Host Controller Driver
State : Stopped

Name : mausbip
Path : C:\Windows\system32\drivers\mausbip.sys
Service Type : Kernel Driver
Description : MA-USB IP Filter Driver
State : Stopped

Name : megasas
Path : C:\Windows\system32\drivers\megasas.sys
Service Type : Kernel Driver
Description : megasas
State : Stopped

Name : megasas2i
Path : C:\Windows\system32\drivers\MegaSas2i.sys
Service Type : Kernel Driver
Description : megasas2i
State : Stopped

Name : megasas35i
Path : C:\Windows\system32\drivers\megasas35i.sys
Service Type : Kernel Driver
Description : megasas35i
State : Stopped

Name : megasr
Path : C:\Windows\system32\drivers\megasr.sys
Service Type : Kernel Driver
Description : megasr
State : Stopped

Name : Microsoft_Bluetooth_AvrcpTransport
Path : C:\Windows\system32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
Service Type : Kernel Driver
Description : Microsoft Bluetooth Avrcp Transport Driver
State : Stopped

Name : mlx4_bus
Path : C:\Windows\system32\drivers\mlx4_bus.sys
Service Type : Kernel Driver
Description : Mellanox ConnectX Bus Enumerator
State : Stopped

Name : MMCSS
Path : C:\Windows\system32\drivers\mmcss.sys
Service Type : Kernel Driver
Description : Multimedia Class Scheduler
State : Stopped

Name : Modem
Path : C:\Windows\system32\drivers\modem.sys
Service Type : Kernel Driver
Description : Modem
State : Stopped

Name : monitor
Path : C:\Windows\system32\drivers\monitor.sys
Service Type : Kernel Driver
Description : Microsoft Monitor Class Function Driver Service
State : Running

Name : mouclass
Path : C:\Windows\system32\drivers\mouclass.sys
Service Type : Kernel Driver
Description : Mouse Class Driver
State : Running

Name : mouhid
Path : C:\Windows\system32\drivers\mouhid.sys
Service Type : Kernel Driver
Description : Mouse HID Driver
State : Running

Name : mountmgr
Path : C:\Windows\system32\drivers\mountmgr.sys
Service Type : Kernel Driver
Description : Mount Point Manager
State : Running

Name : mpsdrv
Path : C:\Windows\system32\drivers\mpsdrv.sys
Service Type : Kernel Driver
Description : Windows Defender Firewall Authorization Driver
State : Running

Name : mrxsmb
Path : C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Type : File System Driver
Description : SMB MiniRedirector Wrapper and Engine
State : Running

Name : mrxsmb20
Path : C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Type : File System Driver
Description : SMB 2.0 MiniRedirector
State : Running

Name : MsBridge
Path : C:\Windows\system32\drivers\bridge.sys
Service Type : Kernel Driver
Description : Microsoft MAC Bridge
State : Stopped

Name : Msfs
Path : C:\Windows\system32\drivers\Msfs.sys
Service Type : File System Driver
Description : Msfs
State : Running

Name : msgpiowin32
Path : C:\Windows\system32\drivers\msgpiowin32.sys
Service Type : Kernel Driver
Description : Common Driver for Buttons, DockMode and Laptop/Slate Indicator
State : Stopped

Name : mshidkmdf
Path : C:\Windows\system32\drivers\mshidkmdf.sys
Service Type : Kernel Driver
Description : Pass-through HID to KMDF Filter Driver
State : Stopped

Name : mshidumdf
Path : C:\Windows\system32\drivers\mshidumdf.sys
Service Type : Kernel Driver
Description : Pass-through HID to UMDF Driver
State : Stopped

Name : msisadrv
Path : C:\Windows\system32\drivers\msisadrv.sys
Service Type : Kernel Driver
Description : msisadrv
State : Running

Name : MSKSSRV
Path : C:\Windows\system32\drivers\MSKSSRV.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Service Proxy
State : Stopped

Name : MsLbfoProvider
Path : C:\Windows\system32\drivers\MsLbfoProvider.sys
Service Type : Kernel Driver
Description : Microsoft Load Balancing/Failover Provider
State : Stopped

Name : MsLldp
Path : C:\Windows\system32\drivers\mslldp.sys
Service Type : Kernel Driver
Description : Microsoft Link-Layer Discovery Protocol
State : Running

Name : MSPCLOCK
Path : C:\Windows\system32\drivers\MSPCLOCK.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Clock Proxy
State : Stopped

Name : MSPQM
Path : C:\Windows\system32\drivers\MSPQM.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Quality Manager Proxy
State : Stopped

Name : MsRPC
Path : C:\Windows\system32\drivers\MsRPC.sys
Service Type : Kernel Driver
Description : MsRPC
State : Stopped

Name : MsSecFlt
Path : C:\Windows\system32\drivers\mssecflt.sys
Service Type : Kernel Driver
Description : Microsoft Security Events Component Minifilter
State : Running

Name : mssmbios
Path : C:\Windows\system32\drivers\mssmbios.sys
Service Type : Kernel Driver
Description : Microsoft System Management BIOS Driver
State : Running

Name : MSTEE
Path : C:\Windows\system32\drivers\MSTEE.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Tee/Sink-to-Sink Converter
State : Stopped

Name : MTConfig
Path : C:\Windows\system32\drivers\MTConfig.sys
Service Type : Kernel Driver
Description : Microsoft Input Configuration Driver
State : Stopped

Name : Mup
Path : C:\Windows\system32\Drivers\mup.sys
Service Type : File System Driver
Description : Mup
State : Running

Name : mvumis
Path : C:\Windows\system32\drivers\mvumis.sys
Service Type : Kernel Driver
Description : mvumis
State : Stopped

Name : ndfltr
Path : C:\Windows\system32\drivers\ndfltr.sys
Service Type : Kernel Driver
Description : NetworkDirect Service
State : Stopped

Name : NDIS
Path : C:\Windows\system32\drivers\ndis.sys
Service Type : Kernel Driver
Description : NDIS System Driver
State : Running

Name : NdisCap
Path : C:\Windows\system32\drivers\ndiscap.sys
Service Type : Kernel Driver
Description : Microsoft NDIS Capture
State : Stopped

Name : NdisImPlatform
Path : C:\Windows\system32\drivers\NdisImPlatform.sys
Service Type : Kernel Driver
Description : Microsoft Network Adapter Multiplexor Protocol
State : Stopped

Name : NdisTapi
Path : C:\Windows\system32\DRIVERS\ndistapi.sys
Service Type : Kernel Driver
Description : Remote Access NDIS TAPI Driver
State : Stopped

Name : Ndisuio
Path : C:\Windows\system32\drivers\ndisuio.sys
Service Type : Kernel Driver
Description : NDIS Usermode I/O Protocol
State : Stopped

Name : NdisVirtualBus
Path : C:\Windows\system32\drivers\NdisVirtualBus.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Network Adapter Enumerator
State : Running

Name : NdisWan
Path : C:\Windows\system32\drivers\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access NDIS WAN Driver
State : Stopped

Name : ndiswanlegacy
Path : C:\Windows\system32\DRIVERS\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access LEGACY NDIS WAN Driver
State : Stopped

Name : ndproxy
Path : C:\Windows\system32\DRIVERS\NDProxy.sys
Service Type : Kernel Driver
Description : NDIS Proxy Driver
State : Stopped

Name : NetAdapterCx
Path : C:\Windows\system32\drivers\NetAdapterCx.sys
Service Type : Kernel Driver
Description : Network Adapter Wdf Class Extension Library
State : Stopped

Name : NetBIOS
Path : C:\Windows\system32\drivers\netbios.sys
Service Type : File System Driver
Description : NetBIOS Interface
State : Running

Name : NetBT
Path : C:\Windows\system32\DRIVERS\netbt.sys
Service Type : Kernel Driver
Description : NetBT
State : Running

Name : netvsc
Path : C:\Windows\system32\drivers\netvsc.sys
Service Type : Kernel Driver
Description : netvsc
State : Stopped

Name : ngelam
Path : C:\Windows\system32\drivers\ngelam.sys
Service Type : Kernel Driver
Description : ngelam
State : Stopped

Name : npcap
Path : C:\Windows\system32\DRIVERS\npcap.sys
Service Type : Kernel Driver
Description : Npcap Packet Driver (NPCAP)
State : Running

Name : npcap_wifi
Path : C:\Windows\system32\DRIVERS\npcap.sys
Service Type : Kernel Driver
Description : Npcap Packet Driver (NPCAP) (Wi-Fi)
State : Stopped

Name : Npfs
Path : C:\Windows\system32\drivers\Npfs.sys
Service Type : File System Driver
Description : Npfs
State : Running

Name : npsvctrig
Path : C:\Windows\system32\drivers\npsvctrig.sys
Service Type : Kernel Driver
Description : Named pipe service trigger provider
State : Running

Name : nsiproxy
Path : C:\Windows\system32\drivers\nsiproxy.sys
Service Type : Kernel Driver
Description : NSI Proxy Service Driver
State : Running

Name : Ntfs
Path : C:\Windows\system32\drivers\Ntfs.sys
Service Type : File System Driver
Description : Ntfs
State : Running

Name : Null
Path : C:\Windows\system32\drivers\Null.sys
Service Type : Kernel Driver
Description : Null
State : Running

Name : nvdimm
Path : C:\Windows\system32\drivers\nvdimm.sys
Service Type : Kernel Driver
Description : Microsoft NVDIMM device driver
State : Stopped

Name : nvraid
Path : C:\Windows\system32\drivers\nvraid.sys
Service Type : Kernel Driver
Description : nvraid
State : Stopped

Name : nvstor
Path : C:\Windows\system32\drivers\nvstor.sys
Service Type : Kernel Driver
Description : nvstor
State : Stopped

Name : Parport
Path : C:\Windows\system32\drivers\parport.sys
Service Type : Kernel Driver
Description : Parallel port driver
State : Stopped

Name : partmgr
Path : C:\Windows\system32\drivers\partmgr.sys
Service Type : Kernel Driver
Description : Partition driver
State : Running

Name : pci
Path : C:\Windows\system32\drivers\pci.sys
Service Type : Kernel Driver
Description : PCI Bus Driver
State : Running

Name : pciide
Path : C:\Windows\system32\drivers\pciide.sys
Service Type : Kernel Driver
Description : pciide
State : Stopped

Name : pcmcia
Path : C:\Windows\system32\drivers\pcmcia.sys
Service Type : Kernel Driver
Description : pcmcia
State : Stopped

Name : pcw
Path : C:\Windows\system32\drivers\pcw.sys
Service Type : Kernel Driver
Description : Performance Counters for Windows Driver
State : Running

Name : pdc
Path : C:\Windows\system32\drivers\pdc.sys
Service Type : Kernel Driver
Description : pdc
State : Running

Name : PEAUTH
Path : C:\Windows\system32\drivers\peauth.sys
Service Type : Kernel Driver
Description : PEAUTH
State : Running

Name : percsas2i
Path : C:\Windows\system32\drivers\percsas2i.sys
Service Type : Kernel Driver
Description : percsas2i
State : Stopped

Name : percsas3i
Path : C:\Windows\system32\drivers\percsas3i.sys
Service Type : Kernel Driver
Description : percsas3i
State : Stopped

Name : PktMon
Path : C:\Windows\system32\drivers\PktMon.sys
Service Type : Kernel Driver
Description : Packet Monitor Driver
State : Stopped

Name : pmem
Path : C:\Windows\system32\drivers\pmem.sys
Service Type : Kernel Driver
Description : Microsoft persistent memory disk driver
State : Stopped

Name : PNPMEM
Path : C:\Windows\system32\drivers\pnpmem.sys
Service Type : Kernel Driver
Description : Microsoft Memory Module Driver
State : Stopped

Name : PptpMiniport
Path : C:\Windows\system32\drivers\raspptp.sys
Service Type : Kernel Driver
Description : WAN Miniport (PPTP)
State : Stopped

Name : Processor
Path : C:\Windows\system32\drivers\processr.sys
Service Type : Kernel Driver
Description : Processor Driver
State : Stopped

Name : Psched
Path : C:\Windows\system32\drivers\pacer.sys
Service Type : Kernel Driver
Description : QoS Packet Scheduler
State : Running

Name : qebdrv
Path : C:\Windows\system32\drivers\qevbda.sys
Service Type : Kernel Driver
Description : QLogic FastLinQ Ethernet VBD
State : Stopped

Name : qefcoe
Path : C:\Windows\system32\drivers\qefcoe.sys
Service Type : Kernel Driver
Description : QLogic FCoE driver
State : Stopped

Name : qeois
Path : C:\Windows\system32\drivers\qeois.sys
Service Type : Kernel Driver
Description : QLogic 40G iSCSI Driver
State : Stopped

Name : ql2300i
Path : C:\Windows\system32\drivers\ql2300i.sys
Service Type : Kernel Driver
Description : QLogic Fibre Channel STOR Miniport Inbox Driver (wx64)
State : Stopped

Name : ql40xx2i
Path : C:\Windows\system32\drivers\ql40xx2i.sys
Service Type : Kernel Driver
Description : QLogic iSCSI Miniport Inbox Driver
State : Stopped

Name : qlfcoei
Path : C:\Windows\system32\drivers\qlfcoei.sys
Service Type : Kernel Driver
Description : QLogic [FCoE] STOR Miniport Inbox Driver (wx64)
State : Stopped

Name : QWAVEdrv
Path : C:\Windows\system32\drivers\qwavedrv.sys
Service Type : Kernel Driver
Description : QWAVE driver
State : Stopped

Name : Ramdisk
Path : C:\Windows\system32\DRIVERS\ramdisk.sys
Service Type : Kernel Driver
Description : Windows RAM Disk Driver
State : Stopped

Name : RasAcd
Path : C:\Windows\system32\DRIVERS\rasacd.sys
Service Type : Kernel Driver
Description : Remote Access Auto Connection Driver
State : Stopped

Name : RasAgileVpn
Path : C:\Windows\system32\drivers\AgileVpn.sys
Service Type : Kernel Driver
Description : WAN Miniport (IKEv2)
State : Stopped

Name : RasGre
Path : C:\Windows\system32\drivers\rasgre.sys
Service Type : Kernel Driver
Description : WAN Miniport (GRE)
State : Stopped

Name : Rasl2tp
Path : C:\Windows\system32\drivers\rasl2tp.sys
Service Type : Kernel Driver
Description : WAN Miniport (L2TP)
State : Stopped

Name : RasPppoe
Path : C:\Windows\system32\DRIVERS\raspppoe.sys
Service Type : Kernel Driver
Description : Remote Access PPPOE Driver
State : Stopped

Name : RasSstp
Path : C:\Windows\system32\drivers\rassstp.sys
Service Type : Kernel Driver
Description : WAN Miniport (SSTP)
State : Stopped

Name : rdbss
Path : C:\Windows\system32\DRIVERS\rdbss.sys
Service Type : File System Driver
Description : Redirected Buffering Sub System
State : Running

Name : rdpbus
Path : C:\Windows\system32\drivers\rdpbus.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Bus Driver
State : Running

Name : RDPDR
Path : C:\Windows\system32\drivers\rdpdr.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Driver
State : Running

Name : RdpVideoMiniport
Path : C:\Windows\system32\drivers\rdpvideominiport.sys
Service Type : Kernel Driver
Description : Remote Desktop Video Miniport Driver
State : Running

Name : ReFS
Path : C:\Windows\system32\drivers\ReFS.sys
Service Type : File System Driver
Description : ReFS
State : Stopped

Name : ReFSv1
Path : C:\Windows\system32\drivers\ReFSv1.sys
Service Type : File System Driver
Description : ReFSv1
State : Stopped

Name : RFCOMM
Path : C:\Windows\system32\drivers\rfcomm.sys
Service Type : Kernel Driver
Description : Bluetooth Device (RFCOMM Protocol TDI)
State : Stopped

Name : rhproxy
Path : C:\Windows\system32\drivers\rhproxy.sys
Service Type : Kernel Driver
Description : Resource Hub proxy driver
State : Stopped

Name : RsFx0603
Path : C:\Windows\system32\DRIVERS\RsFx0603.sys
Service Type : File System Driver
Description : RsFx0603 Driver
State : Stopped

Name : rspndr
Path : C:\Windows\system32\drivers\rspndr.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Responder
State : Running

Name : s3cap
Path : C:\Windows\system32\drivers\vms3cap.sys
Service Type : Kernel Driver
Description : s3cap
State : Stopped

Name : sacdrv
Path : C:\Windows\system32\DRIVERS\sacdrv.sys
Service Type : Kernel Driver
Description : sacdrv
State : Stopped

Name : sbp2port
Path : C:\Windows\system32\drivers\sbp2port.sys
Service Type : Kernel Driver
Description : SBP-2 Transport/Protocol Bus Driver
State : Stopped

Name : scfilter
Path : C:\Windows\system32\DRIVERS\scfilter.sys
Service Type : Kernel Driver
Description : Smart card PnP Class Filter Driver
State : Stopped

Name : scmbus
Path : C:\Windows\system32\drivers\scmbus.sys
Service Type : Kernel Driver
Description : Microsoft Storage Class Memory Bus Driver
State : Stopped

Name : sdbus
Path : C:\Windows\system32\drivers\sdbus.sys
Service Type : Kernel Driver
Description : sdbus
State : Stopped

Name : SDFRd
Path : C:\Windows\system32\drivers\SDFRd.sys
Service Type : Kernel Driver
Description : SDF Reflector
State : Stopped

Name : sdstor
Path : C:\Windows\system32\drivers\sdstor.sys
Service Type : Kernel Driver
Description : SD Storage Port Driver
State : Stopped

Name : SerCx
Path : C:\Windows\system32\drivers\SerCx.sys
Service Type : Kernel Driver
Description : Serial UART Support Library
State : Stopped

Name : SerCx2
Path : C:\Windows\system32\drivers\SerCx2.sys
Service Type : Kernel Driver
Description : Serial UART Support Library
State : Stopped

Name : Serenum
Path : C:\Windows\system32\drivers\serenum.sys
Service Type : Kernel Driver
Description : Serenum Filter Driver
State : Stopped

Name : Serial
Path : C:\Windows\system32\drivers\serial.sys
Service Type : Kernel Driver
Description : Serial port driver
State : Stopped

Name : sermouse
Path : C:\Windows\system32\drivers\sermouse.sys
Service Type : Kernel Driver
Description : Serial Mouse Driver
State : Stopped

Name : sfloppy
Path : C:\Windows\system32\drivers\sfloppy.sys
Service Type : Kernel Driver
Description : High-Capacity Floppy Disk Drive
State : Stopped

Name : SgrmAgent
Path : C:\Windows\system32\drivers\SgrmAgent.sys
Service Type : Kernel Driver
Description : System Guard Runtime Monitor Agent
State : Running

Name : SiSRaid2
Path : C:\Windows\system32\drivers\SiSRaid2.sys
Service Type : Kernel Driver
Description : SiSRaid2
State : Stopped

Name : SiSRaid4
Path : C:\Windows\system32\drivers\sisraid4.sys
Service Type : Kernel Driver
Description : SiSRaid4
State : Stopped

Name : SmartSAMD
Path : C:\Windows\system32\drivers\SmartSAMD.sys
Service Type : Kernel Driver
Description : SmartSAMD
State : Stopped

Name : smbdirect
Path : C:\Windows\system32\DRIVERS\smbdirect.sys
Service Type : File System Driver
Description : smbdirect
State : Stopped

Name : snapman
Path : C:\Windows\system32\DRIVERS\snapman.sys
Service Type : Kernel Driver
Description : Acronis Snapshots Manager
State : Running

Name : spaceport
Path : C:\Windows\system32\drivers\spaceport.sys
Service Type : Kernel Driver
Description : Storage Spaces Driver
State : Running

Name : SpbCx
Path : C:\Windows\system32\drivers\SpbCx.sys
Service Type : Kernel Driver
Description : Simple Peripheral Bus Support Library
State : Stopped

Name : srv2
Path : C:\Windows\system32\DRIVERS\srv2.sys
Service Type : File System Driver
Description : Server SMB 2.xxx Driver
State : Running

Name : srvnet
Path : C:\Windows\system32\DRIVERS\srvnet.sys
Service Type : File System Driver
Description : srvnet
State : Running

Name : stexstor
Path : C:\Windows\system32\drivers\stexstor.sys
Service Type : Kernel Driver
Description : stexstor
State : Stopped

Name : storahci
Path : C:\Windows\system32\drivers\storahci.sys
Service Type : Kernel Driver
Description : Microsoft Standard SATA AHCI Driver
State : Stopped

Name : storflt
Path : C:\Windows\system32\drivers\vmstorfl.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Storage Accelerator
State : Stopped

Name : stornvme
Path : C:\Windows\system32\drivers\stornvme.sys
Service Type : Kernel Driver
Description : Microsoft Standard NVM Express Driver
State : Stopped

Name : storqosflt
Path : C:\Windows\system32\drivers\storqosflt.sys
Service Type : File System Driver
Description : Storage QoS Filter Driver
State : Running

Name : storufs
Path : C:\Windows\system32\drivers\storufs.sys
Service Type : Kernel Driver
Description : Microsoft Universal Flash Storage (UFS) Driver
State : Stopped

Name : storvsc
Path : C:\Windows\system32\drivers\storvsc.sys
Service Type : Kernel Driver
Description : storvsc
State : Stopped

Name : swenum
Path : C:\Windows\system32\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys
Service Type : Kernel Driver
Description : Software Bus Driver
State : Running

Name : Synth3dVsc
Path : C:\Windows\system32\drivers\Synth3dVsc.sys
Service Type : Kernel Driver
Description : Synth3dVsc
State : Stopped

Name : system_monitor
Path : C:\Windows\system32\DRIVERS\system_monitor.sys
Service Type : Kernel Driver
Description : system_monitor
State : Running

Name : Tcpip
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : TCP/IP Protocol Driver
State : Running

Name : Tcpip6
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : @todo.dll,-100;Microsoft IPv6 Protocol Driver
State : Stopped

Name : tcpipreg
Path : C:\Windows\system32\drivers\tcpipreg.sys
Service Type : Kernel Driver
Description : TCP/IP Registry Compatibility
State : Running

Name : tdx
Path : C:\Windows\system32\DRIVERS\tdx.sys
Service Type : Kernel Driver
Description : NetIO Legacy TDI Support Driver
State : Running

Name : terminpt
Path : C:\Windows\system32\drivers\terminpt.sys
Service Type : Kernel Driver
Description : Microsoft Remote Desktop Input Driver
State : Running

Name : tib_mounter
Path : C:\Windows\system32\DRIVERS\tib_mounter.sys
Service Type : Kernel Driver
Description : Acronis TIB Mounter
State : Running

Name : TPM
Path : C:\Windows\system32\drivers\tpm.sys
Service Type : Kernel Driver
Description : TPM
State : Stopped

Name : TsUsbFlt
Path : C:\Windows\system32\drivers\tsusbflt.sys
Service Type : Kernel Driver
Description : Remote Desktop USB Hub Class Filter Driver
State : Stopped

Name : TsUsbGD
Path : C:\Windows\system32\drivers\TsUsbGD.sys
Service Type : Kernel Driver
Description : Remote Desktop Generic USB Device
State : Stopped

Name : tsusbhub
Path : C:\Windows\system32\drivers\tsusbhub.sys
Service Type : Kernel Driver
Description : Remote Desktop USB Hub
State : Stopped

Name : tunnel
Path : C:\Windows\system32\drivers\tunnel.sys
Service Type : Kernel Driver
Description : Microsoft Tunnel Miniport Adapter Driver
State : Stopped

Name : UASPStor
Path : C:\Windows\system32\drivers\uaspstor.sys
Service Type : Kernel Driver
Description : USB Attached SCSI (UAS) Driver
State : Stopped

Name : UcmCx0101
Path : C:\Windows\system32\Drivers\UcmCx.sys
Service Type : Kernel Driver
Description : USB Connector Manager KMDF Class Extension
State : Stopped

Name : UcmTcpciCx0101
Path : C:\Windows\system32\Drivers\UcmTcpciCx.sys
Service Type : Kernel Driver
Description : UCM-TCPCI KMDF Class Extension
State : Stopped

Name : UcmUcsi
Path : C:\Windows\system32\drivers\UcmUcsi.sys
Service Type : Kernel Driver
Description : USB Connector Manager UCSI Client
State : Stopped

Name : UcmUcsiAcpiClient
Path : C:\Windows\system32\drivers\UcmUcsiAcpiClient.sys
Service Type : Kernel Driver
Description : UCM-UCSI ACPI Client
State : Stopped

Name : UcmUcsiCx0101
Path : C:\Windows\system32\Drivers\UcmUcsiCx.sys
Service Type : Kernel Driver
Description : UCM-UCSI KMDF Class Extension
State : Stopped

Name : Ucx01000
Path : C:\Windows\system32\drivers\ucx01000.sys
Service Type : Kernel Driver
Description : USB Host Support Library
State : Running

Name : UdeCx
Path : C:\Windows\system32\drivers\udecx.sys
Service Type : Kernel Driver
Description : USB Device Emulation Support Library
State : Stopped

Name : udfs
Path : C:\Windows\system32\DRIVERS\udfs.sys
Service Type : File System Driver
Description : udfs
State : Stopped

Name : UEFI
Path : C:\Windows\system32\drivers\UEFI.sys
Service Type : Kernel Driver
Description : Microsoft UEFI Driver
State : Stopped

Name : UevAgentDriver
Path : C:\Windows\system32\drivers\UevAgentDriver.sys
Service Type : File System Driver
Description : UevAgentDriver
State : Stopped

Name : Ufx01000
Path : C:\Windows\system32\drivers\ufx01000.sys
Service Type : Kernel Driver
Description : USB Function Class Extension
State : Stopped

Name : UfxChipidea
Path : C:\Windows\system32\drivers\UfxChipidea.sys
Service Type : Kernel Driver
Description : USB Chipidea Controller
State : Stopped

Name : ufxsynopsys
Path : C:\Windows\system32\drivers\ufxsynopsys.sys
Service Type : Kernel Driver
Description : USB Synopsys Controller
State : Stopped

Name : umbus
Path : C:\Windows\system32\drivers\umbus.sys
Service Type : Kernel Driver
Description : UMBus Enumerator Driver
State : Running

Name : UmPass
Path : C:\Windows\system32\drivers\umpass.sys
Service Type : Kernel Driver
Description : Microsoft UMPass Driver
State : Stopped

Name : UrsChipidea
Path : C:\Windows\system32\drivers\urschipidea.sys
Service Type : Kernel Driver
Description : Chipidea USB Role-Switch Driver
State : Stopped

Name : UrsCx01000
Path : C:\Windows\system32\drivers\urscx01000.sys
Service Type : Kernel Driver
Description : USB Role-Switch Support Library
State : Stopped

Name : UrsSynopsys
Path : C:\Windows\system32\drivers\urssynopsys.sys
Service Type : Kernel Driver
Description : Synopsys USB Role-Switch Driver
State : Stopped

Name : usbccgp
Path : C:\Windows\system32\drivers\usbccgp.sys
Service Type : Kernel Driver
Description : Microsoft USB Generic Parent Driver
State : Running

Name : usbehci
Path : C:\Windows\system32\drivers\usbehci.sys
Service Type : Kernel Driver
Description : Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
State : Stopped

Name : usbhub
Path : C:\Windows\system32\drivers\usbhub.sys
Service Type : Kernel Driver
Description : Microsoft USB Standard Hub Driver
State : Stopped

Name : USBHUB3
Path : C:\Windows\system32\drivers\UsbHub3.sys
Service Type : Kernel Driver
Description : SuperSpeed Hub
State : Running

Name : usbohci
Path : C:\Windows\system32\drivers\usbohci.sys
Service Type : Kernel Driver
Description : Microsoft USB Open Host Controller Miniport Driver
State : Stopped

Name : usbprint
Path : C:\Windows\system32\drivers\usbprint.sys
Service Type : Kernel Driver
Description : Microsoft USB PRINTER Class
State : Stopped

Name : usbser
Path : C:\Windows\system32\drivers\usbser.sys
Service Type : Kernel Driver
Description : Microsoft USB Serial Driver
State : Stopped

Name : USBSTOR
Path : C:\Windows\system32\drivers\USBSTOR.SYS
Service Type : Kernel Driver
Description : USB Mass Storage Driver
State : Stopped

Name : usbuhci
Path : C:\Windows\system32\drivers\usbuhci.sys
Service Type : Kernel Driver
Description : Microsoft USB Universal Host Controller Miniport Driver
State : Stopped

Name : USBXHCI
Path : C:\Windows\system32\drivers\USBXHCI.SYS
Service Type : Kernel Driver
Description : USB xHCI Compliant Host Controller
State : Running

Name : vdrvroot
Path : C:\Windows\system32\drivers\vdrvroot.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Drive Enumerator
State : Running

Name : VerifierExt
Path : C:\Windows\system32\drivers\VerifierExt.sys
Service Type : Kernel Driver
Description : Driver Verifier Extension
State : Stopped

Name : vhdmp
Path : C:\Windows\system32\drivers\vhdmp.sys
Service Type : Kernel Driver
Description : vhdmp
State : Stopped

Name : vhf
Path : C:\Windows\system32\drivers\vhf.sys
Service Type : Kernel Driver
Description : Virtual HID Framework (VHF) Driver
State : Stopped

Name : vm3dmp
Path : C:\Windows\system32\DRIVERS\vm3dmp.sys
Service Type : Kernel Driver
Description : vm3dmp
State : Running

Name : vm3dmp-debug
Path : C:\Windows\system32\DRIVERS\vm3dmp-debug.sys
Service Type : Kernel Driver
Description : vm3dmp-debug
State : Stopped

Name : vm3dmp-stats
Path : C:\Windows\system32\DRIVERS\vm3dmp-stats.sys
Service Type : Kernel Driver
Description : vm3dmp-stats
State : Stopped

Name : vm3dmp_loader
Path : C:\Windows\system32\DRIVERS\vm3dmp_loader.sys
Service Type : Kernel Driver
Description : vm3dmp_loader
State : Running

Name : vmbus
Path : C:\Windows\system32\drivers\vmbus.sys
Service Type : Kernel Driver
Description : Virtual Machine Bus
State : Stopped

Name : VMBusHID
Path : C:\Windows\system32\drivers\VMBusHID.sys
Service Type : Kernel Driver
Description : VMBusHID
State : Stopped

Name : vmci
Path : C:\Windows\system32\drivers\vmci.sys
Service Type : Kernel Driver
Description : VMware VMCI Bus Driver
State : Running

Name : vmgid
Path : C:\Windows\system32\drivers\vmgid.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Guest Infrastructure Driver
State : Stopped

Name : VMMemCtl
Path : C:\Windows\system32\DRIVERS\vmmemctl.sys
Service Type : Kernel Driver
Description : Memory Control Driver
State : Running

Name : vmmouse
Path : C:\Windows\system32\drivers\vmmouse.sys
Service Type : Kernel Driver
Description : VMware Pointing Device
State : Running

Name : vmusbmouse
Path : C:\Windows\system32\drivers\vmusbmouse.sys
Service Type : Kernel Driver
Description : VMware USB Pointing Device
State : Running

Name : volmgr
Path : C:\Windows\system32\drivers\volmgr.sys
Service Type : Kernel Driver
Description : Volume Manager Driver
State : Running

Name : volmgrx
Path : C:\Windows\system32\drivers\volmgrx.sys
Service Type : Kernel Driver
Description : Dynamic Volume Manager
State : Running

Name : volsnap
Path : C:\Windows\system32\drivers\volsnap.sys
Service Type : Kernel Driver
Description : Volume Shadow Copy driver
State : Running

Name : volume
Path : C:\Windows\system32\drivers\volume.sys
Service Type : Kernel Driver
Description : Volume driver
State : Running

Name : volume_tracker
Path : C:\Windows\system32\DRIVERS\volume_tracker.sys
Service Type : Kernel Driver
Description : Acronis Volume Tracker
State : Running

Name : vpci
Path : C:\Windows\system32\drivers\vpci.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Virtual PCI Bus
State : Stopped

Name : vsmraid
Path : C:\Windows\system32\drivers\vsmraid.sys
Service Type : Kernel Driver
Description : vsmraid
State : Stopped

Name : VSTXRAID
Path : C:\Windows\system32\drivers\vstxraid.sys
Service Type : Kernel Driver
Description : VIA StorX Storage RAID Controller Windows Driver
State : Stopped

Name : WacomPen
Path : C:\Windows\system32\drivers\wacompen.sys
Service Type : Kernel Driver
Description : Wacom Serial Pen HID Driver
State : Stopped

Name : wanarp
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IP ARP Driver
State : Stopped

Name : wanarpv6
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IPv6 ARP Driver
State : Stopped

Name : wcifs
Path : C:\Windows\system32\drivers\wcifs.sys
Service Type : File System Driver
Description : Windows Container Isolation
State : Running

Name : wcnfs
Path : C:\Windows\system32\drivers\wcnfs.sys
Service Type : File System Driver
Description : Windows Container Name Virtualization
State : Stopped

Name : Wdf01000
Path : C:\Windows\system32\drivers\Wdf01000.sys
Service Type : Kernel Driver
Description : Kernel Mode Driver Frameworks service
State : Running

Name : WdmCompanionFilter
Path : C:\Windows\system32\drivers\WdmCompanionFilter.sys
Service Type : Kernel Driver
Description : WdmCompanionFilter
State : Stopped

Name : WFPLWFS
Path : C:\Windows\system32\drivers\wfplwfs.sys
Service Type : Kernel Driver
Description : Microsoft Windows Filtering Platform
State : Running

Name : WIMMount
Path : C:\Windows\system32\drivers\wimmount.sys
Service Type : File System Driver
Description : WIMMount
State : Stopped

Name : WindowsTrustedRT
Path : C:\Windows\system32\drivers\WindowsTrustedRT.sys
Service Type : Kernel Driver
Description : Windows Trusted Execution Environment Class Extension
State : Running

Name : WindowsTrustedRTProxy
Path : C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
Service Type : Kernel Driver
Description : Microsoft Windows Trusted Runtime Secure Service
State : Running

Name : WinMad
Path : C:\Windows\system32\drivers\winmad.sys
Service Type : Kernel Driver
Description : WinMad Service
State : Stopped

Name : WinNat
Path : C:\Windows\system32\drivers\winnat.sys
Service Type : Kernel Driver
Description : Windows NAT Driver
State : Stopped

Name : WinQuic
Path : C:\Windows\system32\drivers\winquic.sys
Service Type : Kernel Driver
Description : WinQuic
State : Running

Name : WINUSB
Path : C:\Windows\system32\drivers\WinUSB.SYS
Service Type : Kernel Driver
Description : WinUsb Driver
State : Stopped

Name : WinVerbs
Path : C:\Windows\system32\drivers\winverbs.sys
Service Type : Kernel Driver
Description : WinVerbs Service
State : Stopped

Name : WmiAcpi
Path : C:\Windows\system32\drivers\wmiacpi.sys
Service Type : Kernel Driver
Description : Microsoft Windows Management Interface for ACPI
State : Stopped

Name : Wof
Path : C:\Windows\system32\drivers\Wof.sys
Service Type : File System Driver
Description : Windows Overlay File System Filter Driver
State : Running

Name : WpdUpFltr
Path : C:\Windows\system32\drivers\WpdUpFltr.sys
Service Type : Kernel Driver
Description : WPD Upper Class Filter Driver
State : Running

Name : ws2ifsl
Path : C:\Windows\system32\drivers\ws2ifsl.sys
Service Type : Kernel Driver
Description : Windows Socket 2.0 Non-IFS Service Provider Support Environment
State : Running

Name : WudfPf
Path : C:\Windows\system32\drivers\WudfPf.sys
Service Type : Kernel Driver
Description : User Mode Driver Frameworks Platform Driver
State : Stopped

Name : WUDFRd
Path : C:\Windows\system32\drivers\WUDFRd.sys
Service Type : Kernel Driver
Description : Windows Driver Foundation - User-mode Driver Framework Reflector
State : Running

Name : WUDFWpdFs
Path : C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Type : Kernel Driver
Description : WPD File System driver
State : Running
92438 - WordPad History
-
Synopsis
Nessus was able to gather WordPad opened file history on the remote host.
Description
Nessus was able to generate a report of files opened in WordPad on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

C:\Users\Administrator\Documents\Document.rtf

WordPad report attached.

156439 - jQuery UI Detection
-
Synopsis
The web server on the remote host uses jQuery UI.
Description
The web server on the remote host uses jQuery UI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/12/31, Modified: 2023/05/24
Plugin Output

tcp/81/www


URL : http://172.17.100.20:81/Scripts/plugins/jquery-ui/jquery-ui.min.js
Version : 1.12.1
Compliance 'FAILED'
Compliance 'SKIPPED'
Compliance 'PASSED'
Compliance 'INFO', 'WARNING', 'ERROR'
Remediations
Suggested Remediations
Taking the following actions across 10 hosts would resolve 28% of the vulnerabilities on the network.
Action to take Vulns Hosts
KB4577015: Windows 10 Version 1607 and Windows Server 2016 September 2020 Security Update: Apply Cumulative Update KB4577015. 1130 1
Security Updates for Microsoft SQL Server (November 2025): Microsoft has released security updates for Microsoft SQL Server. 714 7
Security Updates for Microsoft Office Products (December 2025): Microsoft has released the following updates to address these issues: - KB5002812 - KB5002818 - KB5002819 545 1
Security Updates for Microsoft Office Products (April 2021): Microsoft has released the following security updates to address this issue: -KB2553491 -KB2589361 -KB3178639 -KB3178643 -KB4504738 -KB4504722 -KB4504726 -KB4504724 -KB4504739 -KB4504727 322 1
Install KB5071544 259 7
Oracle Database Multiple Vulnerabilities (April 2012 CPU): Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory. 174 1
Security Updates for Microsoft .NET Framework (January 2025): Microsoft has released security updates for Microsoft .NET Framework. 168 6
Security Updates for Microsoft SQL Server OLE DB Driver (July 2024): Microsoft has released security updates for the Microsoft SQL OLE DB Driver. 168 6
Oracle Java SE Multiple Vulnerabilities (October 2025 CPU): Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory. 148 2
Mozilla Firefox < 146.0.1: Upgrade to Mozilla Firefox version 146.0.1 or later. 126 1
Install KB5071543 118 2
Security Update for Microsoft .NET Core (October 2025): Update .NET Core, remove vulnerable packages and refer to vendor advisory. 102 2
Security Updates for Microsoft Excel Products (April 2021): Microsoft has released the following security updates to address this issue: -KB3017810 -KB4504721 -KB4504735 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 96 1
Security Updates for Microsoft Word Products (December 2025): Microsoft has released KB5002806 to address this issue. 81 1
RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088): Upgrade to RARLAB WinRAR version 7.13 or later. 63 9
Security Updates for Microsoft Office Products (March 2021): Microsoft has released the following security updates to address this issue: -KB4493228 -KB4493203 -KB4504703 -KB4493225 -KB4493200 -KB4493214 59 1
Security Updates for Outlook (July 2025): Microsoft has released KB5002747 to address this issue. 48 1
Install KB5002406 45 1
Install KB4484243 43 1
Security Updates for Microsoft Word Products (April 2021): Microsoft has released the following security updates to address this issue: -KB4493208 -KB4493218 -KB4493198 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 41 1
7-Zip < 25.01: Upgrade to 7-Zip version 25.01 or later. 33 3
Security Updates for Microsoft .NET Framework (October 2020): Microsoft has released security updates for Microsoft .NET Framework. 30 1
Microsoft ASP.NET Core Security Feature Bypass (October 2025): Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later. 30 2
Install KB4484217 29 1
Security Updates for Outlook (April 2021): Microsoft has released the following security updates to address this issue: -KB4504712 -KB4504733 -KB4493185 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 26 1
Install KB5002253 25 1
Install KB5002427 23 1
Node.js Multiple Vulnerabilities (November 2018 Security Releases): Upgrade Node.js to 6.15 / 8.14.0 / 10.14.0 / 11.3.0 or later. 20 1
Install KB5002820 20 1
Apache Tomcat 9.0.0.M1 < 9.0.110: Upgrade to Apache Tomcat version 9.0.110 or later. 20 1
Install KB4493185 19 1
Install KB4504739 18 1
MS13-085: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080): Microsoft has released a set of patches for Excel 2007, Excel 2010, Excel 2013, Office 2007, Office 2010, Office 2013, Excel Viewer, and Office Compatibility Pack. 18 1
Notepad++ < 8.8.2 Privilege Escalation (CVE-2025-49144): Upgrade to Notepad++ 8.8.2 or later. 18 3
Security Updates for Microsoft PowerPoint Products (October 2025): Microsoft has released KB5002790 to address this issue. 15 1
VMware Tools 11.x < 12.5.4 / 13.x < 13.0.5 Multiple Vulnerabilities (VMSA-2025-0015): Upgrade to VMware Tools version 12.5.4, 13.0.5 or later. 15 5
Install KB5002790 14 1
Security Updates for Outlook (January 2019): Microsoft has released the following security updates to address this issue: -KB4461595 -KB4461601 -KB4461623 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 14 1
Install KB5044280 12 1
MS17-013: Security Update for Microsoft Graphics Component (4013075): Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5. 12 1
Install KB5002806 12 1
Security Updates for Microsoft .NET Framework (October 2024): Microsoft has released security updates for Microsoft .NET Framework. 11 1
Install KB4504707 11 1
Install KB4493218 11 1
Install KB4461625 11 1
Install KB4504702 9 1
Security Updates for Microsoft PowerPoint Products (March 2021): Microsoft has released the following security updates to address this issue: -KB4493227 -KB4504702 -KB4493224 9 1
MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): Microsoft has released a set of patches for Visual Studio .NET 2003, Visual Studio 2005 and 2008, as well as Visual C++ 2005 and 2008. 9 3
Install KB3178687 8 1
Install KB3115197 8 1
Install KB5002683 8 1
Install KB3178702 8 1
Security Updates for Microsoft Excel Products (December 2025): Microsoft has released KB5002820 to address this issue. 6 1
Security Updates for Microsoft Publisher Products (September 2024): Microsoft has released KB5002566 to address this issue. 6 1
Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803): Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later. 6 6
Install KB4032216 5 1
Oracle MySQL Connectors (October 2024 CPU): Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory. 5 1
Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104): Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life. Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions. 5 5
Install KB5002426 4 1
MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514): Microsoft has released a set of patches for Office 2007, 2010, 2013 and 2013 RT. 4 2
Install MS18-01 3 1
Install KB3203467 3 1
Security Updates for Microsoft Publisher Products (April 2020): Microsoft has released the following security updates to address this issue: -KB3162033 -KB4011097 -KB4032216 3 1
Install MS18-01 3 1
Install KB5002221 3 1
JQuery 1.2 < 3.5.0 Multiple XSS: Upgrade to JQuery version 3.5.0 or later. 2 1
VMware Tools 10.x / 11.x / 12.x < 12.1.5 DoS (VMSA-2022-0029): Upgrade to VMware Tools version 12.1.5 or later. 2 1
Install KB4484455 2 1
Install KB3213626 2 1
Install KB3115246 2 1
Install KB3054834 2 1
Install KB2881029 2 1
Install KB5002566 2 1
Install KB3213551 2 1
Install KB3191932 2 1
Curl Use-After-Free < 7.87 (CVE-2022-43552): Upgrade Curl to version 7.87.0 or later 2 2
MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019): Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1. 2 2
Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039): Upgrade Curl to version 8.3.0 or later 2 2
Security Update for Microsoft Visual Studio Code Python Extension (July 2025): Update the Microsoft Visual Studio Code Python Extension to version 2025.8.1 or later. 1 1
Install KB4504738 1 1
Install KB3213636 1 1
Install KB3191908 1 1
Install KB3115248 1 1
Install KB3114885 1 1
Install KB3114565 1 1
Install KB3114400 1 1
Install KB2965313 1 1
Install KB2920812 1 1
Install KB2889841 1 1
Install KB2579115 1 1
MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893): Microsoft has released a set of patches for InfoPath 2007 and 2010, SQL Server 2005, 2008, and 2008 R2, SQL Server Management Studio Express 2005, Visual Studio 2005, 2008, and 2010. 1 1
MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230): Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package. 1 1
Security Updates for Windows Malicious Software Removal Tool (January 2023): Microsoft has released version 5.109 to address this issue. 1 1
Node.js Module node-tar < 6.2.1 DoS: Upgrade to node-tar version 6.2.1 or later. 1 1
Install KB5002622 1 1
Install KB3115419 1 1
Install KB3115279 1 1
Security Updates for Microsoft OneNote Products (April 2025): Microsoft has released KB5002622 to address this issue. 1 1
KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update: Apply Cumulative Update KB4483229. 1 1
Security Updates for SQL Server Management Studio (April 2025): Microsoft has released SSMS version 20.2.1 to address this issue. 1 1
Veeam Agent for Microsoft Windows 6.x < 6.3.2.1205 Privilege Escalation (CVE-2025-24287): Upgrade to Veeam Agent for Microsoft Windows version 6.3.2.1205 or later. 0 1
Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203): Upgrade to Microsoft Azure Data Studio version 1.48.0 or later. 0 5
© 2026 Tenable™, Inc. All rights reserved.