Report generated by Tenable Nessus™
Server 1
Sat, 10 Jan 2026 05:42:13 India Standard Time
TABLE OF CONTENTS
- Vulnerabilities by Host
-
Compliance 'FAILED'
-
Compliance 'SKIPPED'
-
Compliance 'PASSED'
-
Compliance 'INFO', 'WARNING', 'ERROR'
- Remediations
Vulnerabilities by Host
172.17.100.32
2 |
14 |
7 |
1 |
1030 |
Critical |
High |
Medium |
Low |
Info |
Scan Information
| Start time: | Sat Jan 10 01:02:34 2026 |
| End time: | Sat Jan 10 03:04:13 2026 |
Host Information
| Netbios Name: | TECHE_WEB_DB |
| IP: | 172.17.100.32 |
| MAC Address: | D4:F5:EF:60:46:14 D4:F5:EF:60:46:17 |
| OS: | Microsoft Windows Server 2019 Datacenter Build 17763 |
Vulnerabilities
249130 - KB5063877: Windows 10 version 1809 / Windows Server 2019 Security Update (August 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5063877. It is, therefore, affected by multiple vulnerabilities
- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)
- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)
- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- Heap-based buffer overflow in Windows GDI+ allows an unauthorized attacker to execute code over a network.
(CVE-2025-53766)
- Missing synchronization in Windows Hyper-V allows an authorized attacker to deny service over an adjacent network. (CVE-2025-49751)
- Concurrent execution using shared resource with improper synchronization ('race condition') in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally. (CVE-2025-49743)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5063877
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
7.4
EPSS Score
0.017
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/08/12, Modified: 2025/10/29
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5063877
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7671
270378 - KB5066586: Windows 10 version 1809 / Windows Server 2019 Security Update (October 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5066586. It is, therefore, affected by multiple vulnerabilities
- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)
- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that can lead to assertion failures in debug mode, or buffer overflows in release mode, when dealing with unusual tile size like YCbCr with subsampling. Reported as MSVR 35105, aka Predictor heap-buffer-overflow. (CVE-2016-9535)
- In IGEL OS before 11, Secure Boot can be bypassed because the igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. (CVE-2025-47827)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5066586
Risk Factor
High
CVSS v3.0 Base Score
9.9 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.2
EPSS Score
0.0824
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
6.2 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/10/14, Modified: 2025/11/18
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5066586
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7919
242639 - 7-Zip < 25.00
-
Synopsis
The remote host is missing a security update.
Description
The version of 7-Zip installed on the remote host is prior to 25.00. It is, therefore, affected by multiple vulnerabilities:
- 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. (CVE-2025-11001, CVE-2025-11002)
- An error in Z-zip's RAR5 handler's error correction for corrupted items can lead to a buffer overflow, resulting in memory corruption and denial of service.
(CVE-2025-53816)
- A Null pointer dereference in 7-Zip's implementation of the Compound handler can lead to denial of service at specific values. (CVE-2025-53817)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
- 7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this product is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the handling of symbolic links in ZIP files. Crafted data in a ZIP file can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of a service account. (CVE-2025-11001, CVE-2025-11002)
- An error in Z-zip's RAR5 handler's error correction for corrupted items can lead to a buffer overflow, resulting in memory corruption and denial of service.
(CVE-2025-53816)
- A Null pointer dereference in 7-Zip's implementation of the Compound handler can lead to denial of service at specific values. (CVE-2025-53817)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 25.00 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H)
VPR Score
9.2
EPSS Score
0.0031
CVSS v2.0 Base Score
6.2 (CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C)
STIG Severity
I
References
| CVE | CVE-2025-11001 |
| CVE | CVE-2025-11002 |
| CVE | CVE-2025-53816 |
| CVE | CVE-2025-53817 |
| XREF | IAVA:2025-A-0540-S |
Plugin Information
Published: 2025/07/23, Modified: 2025/11/20
Plugin Output
tcp/445/cifs
Path : C:\Program Files\7-Zip
Installed version : 24.9.0.0
Fixed version : 25.00
234046 - KB5055519: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5055519. It is, therefore, affected by multiple vulnerabilities
- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- Use after free in Windows Win32K - GRFX allows an unauthorized attacker to elevate privileges over a network. (CVE-2025-26687)
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-27481)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2025-27740)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5055519
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.2827
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/04/08, Modified: 2025/09/17
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5055519
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7131
235845 - KB5058392: Windows 10 version 1809 / Windows Server 2019 Security Update (May 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5058392. It is, therefore, affected by multiple vulnerabilities
- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)
- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)
- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- Heap-based buffer overflow in Remote Desktop Gateway Service allows an unauthorized attacker to execute code over a network. (CVE-2025-29967)
- Use of uninitialized resource in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29830, CVE-2025-29958, CVE-2025-29959)
- Out-of-bounds read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-29832, CVE-2025-29835, CVE-2025-29836, CVE-2025-29960, CVE-2025-29961)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5058392
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.2127
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/05/13, Modified: 2025/10/29
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5058392
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7309
238080 - KB5060531: Windows 10 version 1809 / Windows Server 2019 Security Update (June 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5060531. It is, therefore, affected by multiple vulnerabilities
- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)
- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)
- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-33066)
- Improper access control in Windows SMB allows an authorized attacker to elevate privileges over a network.
(CVE-2025-33073)
- Use after free in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.
(CVE-2025-32712)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5060531
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.7
EPSS Score
0.5119
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2025/06/10, Modified: 2025/10/21
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5060531
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7434
241548 - KB5062557: Windows 10 version 1809 / Windows Server 2019 Security Update (July 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5062557. It is, therefore, affected by multiple vulnerabilities
- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)
- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)
- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- Buffer over-read in Windows TDX.sys allows an authorized attacker to elevate privileges locally.
(CVE-2025-49659)
- Improper link resolution before file access ('link following') in Windows Update Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48799)
- Improper link resolution before file access ('link following') in Windows AppX Deployment Service allows an authorized attacker to elevate privileges locally. (CVE-2025-48820)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5062557
Risk Factor
Medium
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0055
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/07/08, Modified: 2025/10/29
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5062557
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7558
261799 - KB5065428: Windows 10 version 1809 / Windows Server 2019 Security Update (September 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5065428. It is, therefore, affected by multiple vulnerabilities
- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)
- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)
- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against relay attacks: SMB Server signing SMB Server Extended Protection for Authentication (EPA) Microsoft is releasing this CVE to provide customers with audit capabilities to help them to assess their environment and to identify any potential device or software incompatibility issues before deploying SMB Server hardening measures that protect against relay attacks. If you have not already enabled SMB Server hardening measures, we advise customers to take the following actions to be protected from these relay attacks:
Assess your environment by utilizing the audit capabilities that we are exposing in the September 2025 security updates. See Support for Audit Events to deploy SMB Server HardeningSMB Server Signing & SMB Server EPA. Adopt appropriate SMB Server hardening measures. (CVE-2025-55234)
- Improper restriction of communication channel to intended endpoints in Windows PowerShell allows an authorized attacker to elevate privileges locally. (CVE-2025-49734)
- Buffer over-read in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to disclose information over a network. (CVE-2025-53796, CVE-2025-53797, CVE-2025-53798, CVE-2025-53806)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5065428
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0073
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2025/09/09, Modified: 2025/10/29
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5065428
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.7786
274782 - KB5068791: Windows 10 version 1809 / Windows Server 2019 Security Update (November 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5068791. It is, therefore, affected by multiple vulnerabilities
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)
- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2025-60724, CVE-2025-60714, CVE-2025-60715, CVE-2025-62452)
- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information.
(CVE-2025-59509, CVE-2025-59513, CVE-2025-60706, CVE-2025-62208, CVE-2025-62209)
- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges.
(CVE-2025-59505, CVE-2025-59506, CVE-2025-59507, CVE-2025-59508, CVE-2025-59511, CVE-2025-59512, CVE-2025-59514, CVE-2025-59515, CVE-2025-60703, CVE-2025-60704, CVE-2025-60705, CVE-2025-60707, CVE-2025-60709, CVE-2025-60713, CVE-2025-60716, CVE-2025-60717, CVE-2025-60719, CVE-2025-60720, CVE-2025-62213, CVE-2025-62215, CVE-2025-62217)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5068791
Risk Factor
Critical
CVSS v3.0 Base Score
7.0 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.5 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.4
EPSS Score
0.0009
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
| CVE | CVE-2025-59505 |
| CVE | CVE-2025-59506 |
| CVE | CVE-2025-59507 |
| CVE | CVE-2025-59508 |
| CVE | CVE-2025-59509 |
| CVE | CVE-2025-59510 |
| CVE | CVE-2025-59511 |
| CVE | CVE-2025-59512 |
| CVE | CVE-2025-59513 |
| CVE | CVE-2025-59514 |
| CVE | CVE-2025-59515 |
| CVE | CVE-2025-60703 |
| CVE | CVE-2025-60704 |
| CVE | CVE-2025-60705 |
| CVE | CVE-2025-60706 |
| CVE | CVE-2025-60707 |
| CVE | CVE-2025-60708 |
| CVE | CVE-2025-60709 |
| CVE | CVE-2025-60713 |
| CVE | CVE-2025-60714 |
| CVE | CVE-2025-60715 |
| CVE | CVE-2025-60716 |
| CVE | CVE-2025-60717 |
| CVE | CVE-2025-60719 |
| CVE | CVE-2025-60720 |
| CVE | CVE-2025-60723 |
| CVE | CVE-2025-60724 |
| CVE | CVE-2025-62213 |
| CVE | CVE-2025-62215 |
| CVE | CVE-2025-62217 |
| CVE | CVE-2025-62218 |
| CVE | CVE-2025-62219 |
| CVE | CVE-2025-62452 |
| MSKB | 5068791 |
| XREF | MSFT:MS25-5068791 |
| XREF | CISA-KNOWN-EXPLOITED:2025/12/03 |
| XREF | IAVA:2025-A-0850 |
| XREF | IAVA:2025-A-0851 |
Plugin Information
Published: 2025/11/11, Modified: 2025/11/14
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5068791
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.8024
277987 - KB5071544: Windows 10 version 1809 / Windows Server 2019 Security Update (December 2025)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5071544. It is, therefore, affected by multiple vulnerabilities
- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)
- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)
- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
- Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. (CVE-2025-62549)
- Out-of-bounds read in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. (CVE-2025-62457)
- Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. (CVE-2025-62458)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5071544
Risk Factor
Critical
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
8.1
EPSS Score
0.0821
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
| CVE | CVE-2025-54100 |
| CVE | CVE-2025-55233 |
| CVE | CVE-2025-59516 |
| CVE | CVE-2025-59517 |
| CVE | CVE-2025-62221 |
| CVE | CVE-2025-62454 |
| CVE | CVE-2025-62455 |
| CVE | CVE-2025-62457 |
| CVE | CVE-2025-62458 |
| CVE | CVE-2025-62461 |
| CVE | CVE-2025-62462 |
| CVE | CVE-2025-62464 |
| CVE | CVE-2025-62466 |
| CVE | CVE-2025-62467 |
| CVE | CVE-2025-62470 |
| CVE | CVE-2025-62472 |
| CVE | CVE-2025-62473 |
| CVE | CVE-2025-62474 |
| CVE | CVE-2025-62549 |
| CVE | CVE-2025-62565 |
| CVE | CVE-2025-62567 |
| CVE | CVE-2025-62571 |
| CVE | CVE-2025-62573 |
| CVE | CVE-2025-64658 |
| CVE | CVE-2025-64661 |
| CVE | CVE-2025-64673 |
| MSKB | 5071544 |
| XREF | MSFT:MS25-5071544 |
| XREF | IAVA:2025-A-0916 |
| XREF | IAVA:2025-A-0917 |
| XREF | CISA-KNOWN-EXPLOITED:2025/12/30 |
Plugin Information
Published: 2025/12/09, Modified: 2025/12/17
Plugin Output
tcp/445/cifs
The remote host is missing one of the following rollup KBs :
- 5071544
- C:\Windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.17763.7009
Should be : 10.0.17763.8146
242073 - RARLAB WinRAR < 7.12 Beta 1 Directory Traversal Remote Code Execution (CVE-2025-6218)
-
Synopsis
The remote Windows host has an application installed which is affected by a directory traversal remote code execution vulnerability.
Description
The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.12 Beta 1. It is, therefore, affected by a vulnerability:
- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
- RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of file paths within archive files. A crafted file path can cause the process to traverse to unintended directories. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27198. (CVE-2025-6218)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to RARLAB WinRAR version 7.12 Beta 1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.4
EPSS Score
0.0029
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
| CVE | CVE-2025-6218 |
| XREF | IAVA:2025-A-0227 |
| XREF | ZDI:ZDI-25-409 |
| XREF | CISA-KNOWN-EXPLOITED:2025/12/30 |
Plugin Information
Published: 2025/07/14, Modified: 2025/12/09
Plugin Output
tcp/445/cifs
Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 7.1.0.0
Fixed version : 7.12 Beta 1
248462 - RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088)
-
Synopsis
The remote Windows host has an application installed which is affected by a directory traversal vulnerability.
Description
The remote host is running RARLAB WinRAR, an archive manager for Windows, whose reported version is prior to 7.13. It is, therefore, affected by a vulnerability:
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
- A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýček from ESET. (CVE-2025-8088)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to RARLAB WinRAR version 7.13 or later.
Risk Factor
Critical
CVSS v4.0 Base Score
8.4 (CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N)
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
VPR Score
9.5
EPSS Score
0.0562
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
II
References
| CVE | CVE-2025-8088 |
| XREF | CISA-KNOWN-EXPLOITED:2025/09/02 |
| XREF | IAVA:2025-A-0608 |
Plugin Information
Published: 2025/08/11, Modified: 2025/08/21
Plugin Output
tcp/445/cifs
Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 7.1.0.0
Fixed version : 7.13
42873 - SSL Medium Strength Cipher Suites Supported (SWEET32)
-
Synopsis
The remote service supports the use of medium strength SSL ciphers.
Description
The remote host supports the use of SSL ciphers that offer medium strength encryption. Nessus regards medium strength as any encryption that uses key lengths at least 64 bits and less than 112 bits, or else that uses the 3DES encryption suite.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
Note that it is considerably easier to circumvent medium strength encryption if the attacker is on the same physical network.
See Also
Solution
Reconfigure the affected application if possible to avoid use of medium strength ciphers.
Risk Factor
Medium
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
VPR Score
6.1
EPSS Score
0.4002
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
References
| CVE | CVE-2016-2183 |
Plugin Information
Published: 2009/11/23, Modified: 2025/02/12
Plugin Output
tcp/3389/msrdp
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
241552 - Security Update for Microsoft Visual Studio Code Python Extension (July 2025)
-
Synopsis
The remote host has an application installed that is missing a security update.
Description
The Microsoft Visual Studio Code Python Extension is prior to version 2025.8.1. It is, therefore, affected by an undisclosed remote code execution vulnerability.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Update the Microsoft Visual Studio Code Python Extension to version 2025.8.1 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
5.9
EPSS Score
0.0011
References
| CVE | CVE-2025-49714 |
Plugin Information
Published: 2025/07/08, Modified: 2025/07/08
Plugin Output
tcp/445/cifs
Path : C:\Users\techexcel\.vscode\extensions\.56df8eb0-7757-4c09-8583-05595432d459\
Installed version : 2025.4.0
Fixed version : 2025.8.1
214274 - Security Updates for Microsoft .NET Framework (January 2025)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple denial of service vulnerabilities, as follows:
- A remote code execution vulnerability. An attacker can exploit this issue to cause the affected component to execute unauthorized code. (CVE-2025-21176)
Note that Nessus has relied upon on the application's self-reported version number.
- A remote code execution vulnerability. An attacker can exploit this issue to cause the affected component to execute unauthorized code. (CVE-2025-21176)
Note that Nessus has relied upon on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
VPR Score
6.7
EPSS Score
0.0035
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
| CVE | CVE-2025-21176 |
| MSKB | 5049614 |
| MSKB | 5049618 |
| MSKB | 5049620 |
| MSKB | 5049622 |
| MSKB | 5049624 |
| MSKB | 5049993 |
| MSKB | 5050013 |
| MSKB | 5050180 |
| MSKB | 5050181 |
| MSKB | 5050182 |
| MSKB | 5050183 |
| MSKB | 5050184 |
| MSKB | 5050185 |
| MSKB | 5050186 |
| MSKB | 5050187 |
| MSKB | 5050188 |
| MSKB | 5050416 |
| XREF | MSFT:MS25-5049614 |
| XREF | MSFT:MS25-5049618 |
| XREF | MSFT:MS25-5049620 |
| XREF | MSFT:MS25-5049622 |
| XREF | MSFT:MS25-5049624 |
| XREF | MSFT:MS25-5049993 |
| XREF | MSFT:MS25-5050013 |
| XREF | MSFT:MS25-5050180 |
| XREF | MSFT:MS25-5050181 |
| XREF | MSFT:MS25-5050182 |
| XREF | MSFT:MS25-5050183 |
| XREF | MSFT:MS25-5050184 |
| XREF | MSFT:MS25-5050185 |
| XREF | MSFT:MS25-5050186 |
| XREF | MSFT:MS25-5050187 |
| XREF | MSFT:MS25-5050188 |
| XREF | MSFT:MS25-5050416 |
| XREF | IAVA:2025-A-0028-S |
| XREF | CWE:126 |
Plugin Information
Published: 2025/01/16, Modified: 2025/04/09
Plugin Output
tcp/445/cifs
Microsoft .NET Framework 4.7.2
The remote host is missing one of the following rollup KBs :
Cumulative
- 5049608
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll has not been patched.
Remote version : 4.7.4121.0
Should be : 4.7.4126.0
166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)
-
Synopsis
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
See Also
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2013-3900 |
| http://www.nessus.org/u?9780b9d2 |
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
9.0
EPSS Score
0.7941
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
| CVE | CVE-2013-3900 |
| XREF | CISA-KNOWN-EXPLOITED:2022/07/10 |
| XREF | IAVA:2013-A-0227 |
Plugin Information
Published: 2022/10/26, Modified: 2025/12/17
Plugin Output
tcp/445/cifs
Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.
- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.
- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.
If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2025/06/16
Plugin Output
tcp/3389/msrdp
The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :
|-Subject : CN=TechE_Web_DB
|-Issuer : CN=TechE_Web_DB
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output
tcp/3389/msrdp
The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :
|-Subject : CN=TechE_Web_DB
104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
| XREF | CWE:327 |
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output
tcp/3389/msrdp
TLSv1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Deprecated Protocol
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
| XREF | CWE:327 |
Plugin Information
Published: 2022/04/04, Modified: 2024/05/14
Plugin Output
tcp/3389/msrdp
TLSv1.1 is enabled and the server supports at least one cipher.
241347 - Veeam Agent for Microsoft Windows 6.x < 6.3.2.1205 Privilege Escalation (CVE-2025-24287)
-
Synopsis
The Veeam Agent for Microsoft Windows install on the remote Windows host is affected by a privilege escalation vulnerability.
Description
The version of Veeam Agent for Microsoft Windows installed on the remote Windows host is affected by a privilege escalation vulnerability:
- A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions. (CVE-2025-24287)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
- A vulnerability allowing local system users to modify directory contents, allowing for arbitrary code execution on the local system with elevated permissions. (CVE-2025-24287)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Veeam Agent for Microsoft Windows version 6.3.2.1205 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.1 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L)
VPR Score
4.2
EPSS Score
0.0001
CVSS v2.0 Base Score
5.2 (CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:P)
STIG Severity
I
References
| CVE | CVE-2025-24287 |
| XREF | IAVA:2025-A-0439 |
Plugin Information
Published: 2025/07/04, Modified: 2025/07/04
Plugin Output
tcp/445/cifs
Path : C:\Program Files\Veeam\Endpoint Backup\
Installed version : 6.1.0.349
Fixed version : 6.3.2.1205
234002 - WinRAR < 7.11 Mark of the Web Bypass (CVE-2025-31334)
-
Synopsis
The remote Windows host has an application installed which is affected by a mark of the web bypass vulnerability.
Description
The remote host is running WinRAR, an archive manager for Windows, whose reported version is prior to 7.11. It is, therefore, affected by a vulnerability:
- Issue that bypasses the 'Mark of the Web' security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. (CVE-2025-31334)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
- Issue that bypasses the 'Mark of the Web' security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. (CVE-2025-31334)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to WinRAR version 7.11 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.8 (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)
VPR Score
6.7
EPSS Score
0.0007
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:M/Au:S/C:C/I:C/A:C)
STIG Severity
II
References
| CVE | CVE-2025-31334 |
| XREF | IAVA:2025-A-0227 |
Plugin Information
Published: 2025/04/08, Modified: 2025/04/11
Plugin Output
tcp/445/cifs
Path : C:\Program Files\WinRAR\WinRAR.exe
Installed version : 7.1.0.0
Fixed version : 7.11
132101 - Windows Speculative Execution Configuration Check
-
Synopsis
The remote host has not properly mitigated a series of speculative execution vulnerabilities.
Description
The remote host has not properly mitigated a series of known speculative execution vulnerabilities. It, therefore, may be affected by :
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
- Intel Branch History Injection (BHI) (CVE-2022-0001)
- Branch Target Injection (BTI) (CVE-2017-5715)
- Bounds Check Bypass (BCB) (CVE-2017-5753)
- Rogue Data Cache Load (RDCL) (CVE-2017-5754)
- Rogue System Register Read (RSRE) (CVE-2018-3640)
- Speculative Store Bypass (SSB) (CVE-2018-3639)
- L1 Terminal Fault (L1TF) (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646)
- Microarchitectural Data Sampling Uncacheable Memory (MDSUM) (CVE-2019-11091)
- Microarchitectural Store Buffer Data Sampling (MSBDS) (CVE-2018-12126)
- Microarchitectural Load Port Data Sampling (MLPDS) (CVE-2018-12127)
- Microarchitectural Fill Buffer Data Sampling (MFBDS) (CVE-2018-12130)
- TSX Asynchronous Abort (TAA) (CVE-2019-11135)
- Intel Branch History Injection (BHI) (CVE-2022-0001)
See Also
Solution
Apply vendor recommended settings.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
6.2 (CVSS:3.0/E:H/RL:O/RC:C)
VPR Score
7.9
EPSS Score
0.9433
CVSS v2.0 Base Score
5.4 (CVSS2#AV:L/AC:M/Au:N/C:C/I:P/A:N)
CVSS v2.0 Temporal Score
4.7 (CVSS2#E:H/RL:OF/RC:C)
References
| BID | 102371 |
| BID | 102378 |
| BID | 104232 |
| BID | 105080 |
| BID | 108330 |
| CVE | CVE-2017-5715 |
| CVE | CVE-2017-5753 |
| CVE | CVE-2017-5754 |
| CVE | CVE-2018-3615 |
| CVE | CVE-2018-3620 |
| CVE | CVE-2018-3639 |
| CVE | CVE-2018-3646 |
| CVE | CVE-2018-12126 |
| CVE | CVE-2018-12127 |
| CVE | CVE-2018-12130 |
| CVE | CVE-2019-11135 |
| CVE | CVE-2022-0001 |
| XREF | CEA-ID:CEA-2019-0547 |
| XREF | CEA-ID:CEA-2019-0324 |
Exploitable With
CANVAS (true)
Plugin Information
Published: 2019/12/18, Modified: 2025/08/27
Plugin Output
tcp/445/cifs
Current Settings:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set
-----------------------------------
Recommended Settings 1:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.
-----------------------------------
Recommended Settings 2:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.
-----------------------------------
Recommended Settings 3:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00802048 (8396872)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading disabled.
-----------------------------------
Recommended Settings 4:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00800048 (8388680)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading enabled.
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: Not Set
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: Not Set
-----------------------------------
Recommended Settings 1:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00000048 (72)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading enabled.
-----------------------------------
Recommended Settings 2:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00002048 (8264)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135
Note: Hyper-Threading disabled.
-----------------------------------
Recommended Settings 3:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00802048 (8396872)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading disabled.
-----------------------------------
Recommended Settings 4:
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverrideMask: 0x00000003 (3)
- SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\
FeatureSettingsOverride: 0x00800048 (8388680)
CVEs Covered:
CVE-2017-5715, CVE-2017-5753, CVE-2017-5754, CVE-2018-3615, CVE-2018-3620,
CVE-2018-3639, CVE-2018-3646, CVE-2018-11091, CVE-2018-12126, CVE-2018-12127,
CVE-2018-12130, CVE-2019-11135, CVE-2022-0001
Note: Hyper-Threading enabled.
249179 - 7-Zip < 25.01
-
Synopsis
The remote host is missing a security update.
Description
The version of 7-Zip installed on the remote host is prior to 25.01. It is, therefore, affected by a security bypass vulnerability. The code for handling symbolic links has been changed to provide greater security when extracting files from archives. Command line switch -snld20 can be used to bypass default security checks when creating symbolic links.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to 7-Zip version 25.01 or later.
Risk Factor
Low
CVSS v3.0 Base Score
3.6 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
VPR Score
3.2
EPSS Score
0.0001
CVSS v2.0 Base Score
2.1 (CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)
STIG Severity
I
References
| CVE | CVE-2025-55188 |
| XREF | IAVA:2025-A-0572 |
Plugin Information
Published: 2025/08/13, Modified: 2025/08/15
Plugin Output
tcp/445/cifs
Path : C:\Program Files\7-Zip
Installed version : 24.9.0.0
Fixed version : 25.01
91231 - 7-Zip Installed
-
Synopsis
A compression utility is installed on the remote Windows host.
Description
7-Zip, a compressed archive manager, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0734 |
Plugin Information
Published: 2016/05/19, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Path : C:\Program Files\7-Zip
Version : 24.9.0.0
92413 - 7-Zip Recent Files
-
Synopsis
Nessus was able to enumerate recently accessed 7-Zip compressed files on the remote host.
Description
Nessus was able to query 7-Zip settings on the remote Windows host to find recently accessed compressed files.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
techexcel
- D:\Techexcel\FTP_DNLD\
- D:\Techexcel\FTP_DNLD\VAR090922.gz\
- D:\Techexcel\FTP_DNLD\
- D:\Techexcel\FTP_DNLD\VAR090922.gz\
46180 - Additional DNS Hostnames
-
Synopsis
Nessus has detected potential virtual hosts.
Description
Hostnames different from the current hostname have been collected by miscellaneous plugins. Nessus has generated a list of hostnames that point to the remote host. Note that these are only the alternate hostnames for vhosts discovered on a web server.
Different web servers may be hosted on name-based virtual hosts.
Different web servers may be hosted on name-based virtual hosts.
See Also
Solution
If you want to test them, re-scan using the special vhost syntax, such as :
www.example.com[192.0.32.10]
www.example.com[192.0.32.10]
Risk Factor
None
Plugin Information
Published: 2010/04/29, Modified: 2022/08/15
Plugin Output
tcp/0
The following hostnames point to the remote host :
- teche_web_db
- teche_web_db
130590 - Apache Tomcat Installed (Windows)
-
Synopsis
Apache Tomcat is installed on the remote Windows host.
Description
Apache Tomcat, a web server, was found on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0535 |
Plugin Information
Published: 2019/11/06, Modified: 2025/12/18
Plugin Output
tcp/0
Path : D:\Techexcel\lucee\tomcat\bin\Tomcat9.exe
Version : unknown
Product : Apache Tomcat
92415 - Application Compatibility Cache
-
Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
Application compatibility cache report attached.
34097 - BIOS Info (SMB)
-
Synopsis
BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's SMB interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/08, Modified: 2024/06/11
Plugin Output
tcp/0
Version : U32
Release date : 20230720000000.000000+000
Secure boot : disabled
34096 - BIOS Info (WMI)
-
Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/05, Modified: 2025/12/15
Plugin Output
tcp/0
Vendor : HPE
Version : U32
Release date : 20230720000000.000000+000
UUID : 35333250-3937-4E43-5831-343830373648
Secure boot : disabled
92416 - BagMRU Folder History
-
Synopsis
Nessus was able to enumerate folders that were opened in Windows Explorer.
Description
Nessus was able to enumerate folders that were opened in Windows Explorer. Microsoft Windows maintains folder settings using a registry key known as shellbags or BagMRU. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
BagMRU report attached.
96533 - Chrome Browser Extension Enumeration
-
Synopsis
One or more Chrome browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Chrome browser extensions installed on the remote host.
See Also
Solution
Make sure that the use and configuration of these extensions comply with your organization's acceptable use and security policies.
Risk Factor
None
References
| XREF | IAVT:0001-T-0511 |
Plugin Information
Published: 2017/01/16, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
User : Administrator
|- Browser : Chrome
|- Add-on information :
Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.91.1
Update Date : Apr. 30, 2025 at 13:53:37 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.91.1_0
Name : Chrome Web Store Payments
Description : Chrome Web Store Payments
Version : 1.0.0.6
Update Date : Apr. 30, 2025 at 13:53:33 GMT
Path : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0
User : LKPAdmin
|- Browser : Chrome
|- Add-on information :
Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.75.4
Update Date : Apr. 2, 2024 at 05:22:45 GMT
Path : C:\Users\LKPAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.75.4_0
Name : Chrome Web Store Payments
Description : Chrome Web Store Payments
Version : 1.0.0.6
Update Date : Apr. 2, 2024 at 05:22:45 GMT
Path : C:\Users\LKPAdmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0
User : techexcel
|- Browser : Chrome
|- Add-on information :
Name : Google Docs Offline
Description : Edit, create, and view your documents, spreadsheets, and presentations — all without internet access.
Version : 1.99.1
Update Date : Dec. 23, 2025 at 03:26:31 GMT
Path : C:\Users\techexcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.99.1_0
Name : Chrome Web Store Payments
Description : Chrome Web Store Payments
Version : 1.0.0.6
Update Date : Dec. 23, 2025 at 03:26:24 GMT
Path : C:\Users\techexcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2025/09/29
Plugin Output
tcp/0
The remote operating system matched the following CPE :
cpe:/o:microsoft:windows_server_2019:10.0.17763.7009:-:~~datacenter~~x64~ -> Microsoft Windows Server 2019
Following application CPE's matched on the remote system :
cpe:/a:7-zip:7-zip:24.9.0.0 -> 7-Zip -
cpe:/a:apache:tomcat -> Apache Software Foundation Tomcat
cpe:/a:google:chrome:143.0.7499.171 -> Google Chrome
cpe:/a:haxx:curl:8.9.1.0 -> Haxx Curl
cpe:/a:microsoft:.net_framework:2.0.50727 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.0 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.0.6920.9063 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:3.5 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.2 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.7.4115.0 -> Microsoft .NET Framework
cpe:/a:microsoft:ie:11.1790.17763.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:iis:10.0 -> Microsoft IIS
cpe:/a:microsoft:internet_explorer:11.0.17763.7009 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_information_services:10.0.17763.5830 -> Microsoft Internet Information Server (IIS) -
cpe:/a:microsoft:remote_desktop_connection:10.0.17763.5830 -> Microsoft Remote Desktop Connection
cpe:/a:microsoft:sql_server_management_studio:2019.150.18390.0 -> Microsoft SQL Server Management Studio
cpe:/a:microsoft:visual_studio_code:1.106.1 -> Microsoft Visual Studio Code
cpe:/a:microsoft:visual_studio_tools_for_applications:15.0.27520
cpe:/a:rarlab:winrar:7.1.0.0 -> RARLAB WinRAR
cpe:/a:smartbedded:meteobridge_firmware
cpe:/a:veeam:veeam:6.1.0.349 -> Veeam Veeam
x-cpe:/a:hpe:smart_storage_administrator:6.25.9.0
x-cpe:/a:microsoft:azure_data_studio:1.51.1.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.6.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.7.4.0
x-cpe:/a:microsoft:visual_studio_code:0.0.3
x-cpe:/a:microsoft:visual_studio_code:0.1.6
x-cpe:/a:microsoft:visual_studio_code:0.1.9
x-cpe:/a:microsoft:visual_studio_code:0.5.15
x-cpe:/a:microsoft:visual_studio_code:0.5.4
x-cpe:/a:microsoft:visual_studio_code:1.0.3
x-cpe:/a:microsoft:visual_studio_code:1.1.1
x-cpe:/a:microsoft:visual_studio_code:1.1.2
x-cpe:/a:microsoft:visual_studio_code:1.3.0
x-cpe:/a:microsoft:visual_studio_code:12.15.0
x-cpe:/a:microsoft:visual_studio_code:2.17.0
x-cpe:/a:microsoft:visual_studio_code:2025.16.0
x-cpe:/a:microsoft:visual_studio_code:2025.18.0
x-cpe:/a:microsoft:visual_studio_code:2025.4.0
x-cpe:/a:microsoft:visual_studio_code:2025.7.0
x-cpe:/a:microsoft:visual_studio_code:2025.9.1
x-cpe:/a:microsoft:visual_studio_code:3.0.2
x-cpe:/a:microsoft:visual_studio_code:5.28.0
x-cpe:/a:microsoft:visual_studio_code:5.29.0
24270 - Computer Manufacturer Information (WMI)
-
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/02, Modified: 2025/12/15
Plugin Output
tcp/0
Computer Manufacturer : HPE
Computer Model : ProLiant DL360 Gen10
Computer SerialNumber : CNX148076H
Computer Type : Rack Mount Chassis
Computer Physical CPU's : 2
Computer Logical CPU's : 32
CPU0
Architecture : x64
Physical Cores: 8
Logical Cores : 16
CPU1
Architecture : x64
Physical Cores: 8
Logical Cores : 16
Computer Memory : 196264 MB
Form Factor: DIMM
Type : Unknown
Capacity : 65536 MB
Form Factor: DIMM
Type : Unknown
Capacity : 65536 MB
Form Factor: DIMM
Type : Unknown
Capacity : 65536 MB
171860 - Curl Installed (Windows)
-
Synopsis
Curl is installed on the remote Windows host.
Description
Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.
Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself.
Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/23, Modified: 2025/12/15
Plugin Output
tcp/0
Nessus detected 2 installs of Curl:
Path : c:\windows\system32\curl.exe
Version : 8.9.1.0
Managed by OS : True
Path : c:\windows\syswow64\curl.exe
Version : 8.9.1.0
Managed by OS : True
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/135/epmap
The following DCERPC services are available locally :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01B0EF0
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01B0EF0
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c237461413280cbd1e
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a111f1c5-5923-47c0-9a68-d0bafb577901, version 1.0
Description : Unknown RPC service
Annotation : NetSetup API
Type : Local RPC service
Named pipe : LRPC-e0cd9fe619c8e89b2f
Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000002
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f45f72f7250e19dd01
Object UUID : f8fb2940-f6ad-4a61-b8e8-668d97dc115f
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : OLEF7762F0FB74BDC96AAA3C28AF756
Object UUID : f8fb2940-f6ad-4a61-b8e8-668d97dc115f
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-0ba5471ffbe27fb190
Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000003
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c2daef5e04a81895ce
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0497b57d-2e66-424f-a0c6-157cd5d41700, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-c361e0e33d2e10e4ba
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-c361e0e33d2e10e4ba
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-c361e0e33d2e10e4ba
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-c361e0e33d2e10e4ba
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-c361e0e33d2e10e4ba
Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF6A754985C5B35AC2DB958FFBB01
Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d0f93680d7eae3fc8d
Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF6A754985C5B35AC2DB958FFBB01
Object UUID : 00000003-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d0f93680d7eae3fc8d
Object UUID : 00000003-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEF6A754985C5B35AC2DB958FFBB01
Object UUID : 00000003-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d0f93680d7eae3fc8d
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000003
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc016C19AB53
Object UUID : 52ef130c-08fd-4388-86b3-6edf00000003
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc016C19AB53
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-3255a5c1e33d3ca24b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0
Description : Unknown RPC service
Annotation : LicenseManager
Type : Local RPC service
Named pipe : LicenseServiceEndpoint
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE2301013610352B902CD241F28E72
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-751c7109e05de790fe
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : be7f785e-0e3a-4ab7-91de-7e46e443be29, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac8862dbdc6cac54bc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 54b4c689-969a-476f-8dc2-990885e9f562, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac8862dbdc6cac54bc
Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE6F642F35F01A09D5831190670749
Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 8ec21e98-b5ce-4916-a3d6-449fa428a007, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c96069c23a53ad778a
Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE6F642F35F01A09D5831190670749
Object UUID : 00000002-0000-0000-0000-000000000000
UUID : 0fc77b1a-95d8-4a2e-a0c0-cff54237462b, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c96069c23a53ad778a
Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE6F642F35F01A09D5831190670749
Object UUID : 00000002-0000-0000-0000-000000000000
UUID : b1ef227e-dfa5-421e-82bb-67a6a129c496, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c96069c23a53ad778a
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01563CE2
Object UUID : 52ef130c-08fd-4388-86b3-6edf00000002
UUID : 12e65dd8-887f-41ef-91bf-8d816c42c2e7, version 1.0
Description : Unknown RPC service
Annotation : Secure Desktop LRPC interface
Type : Local RPC service
Named pipe : WMsgKRpc01563CE2
Object UUID : a201db08-b030-4b96-a421-88834662a6d1
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-4c5068374c13517b66
Object UUID : 9e3bff13-1a03-4e39-8280-cf20dee566d6
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-4c5068374c13517b66
Object UUID : 5303b13d-8874-4896-866a-e3c64418ab15
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC-4c5068374c13517b66
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d1c2c07a-d989-48cc-a423-b73ecd518d40, version 1.0
Description : Unknown RPC service
Annotation : Veeam Invoker
Type : Local RPC service
Named pipe : OLE100D65319CD2B2AA9EDE353E8341
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d107c6e0-fc35-49ba-ba03-3e192de6797d, version 1.0
Description : Unknown RPC service
Annotation : Veeam Deployer
Type : Local RPC service
Named pipe : OLE100D65319CD2B2AA9EDE353E8341
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-509f7e985e76746d27
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-509f7e985e76746d27
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-509f7e985e76746d27
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-509f7e985e76746d27
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-509f7e985e76746d27
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-509f7e985e76746d27
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-2d7c2eeb34d5ffa744
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : RasmanLrpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : VpnikeRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Local RPC service
Named pipe : LRPC-025dda0bd844e7b556
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-22847edb40a9d7f9ec
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-22847edb40a9d7f9ec
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-a12bdf011b7c63b851
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-72ee47d067baf7e438
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-72ee47d067baf7e438
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoControl
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-72ee47d067baf7e438
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoControl
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-72ee47d067baf7e438
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoDiagnostics
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoControl
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-14c8f8ece6309fad13
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsacap
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : SidKey Local End Point
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-6af153a1296adfbea8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-6af153a1296adfbea8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-dd9caac608a30dd042
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-6af153a1296adfbea8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-dd9caac608a30dd042
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-a2c0e39fd4de7c9881
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-6af153a1296adfbea8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-dd9caac608a30dd042
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-a2c0e39fd4de7c9881
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-70d93b07c90ef923f1
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLECA128D866F754E6FA2473F839CB7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-fdf13e481e1703de16
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLECA128D866F754E6FA2473F839CB7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-fdf13e481e1703de16
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D0944809FEE88519E4876637733
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0f95431c5b554ea69
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D0944809FEE88519E4876637733
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0f95431c5b554ea69
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D0944809FEE88519E4876637733
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7f76134-9ef5-4949-a2d6-3368cc0988f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0f95431c5b554ea69
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D0944809FEE88519E4876637733
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7aeb6705-3ae6-471a-882d-f39c109edc12, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0f95431c5b554ea69
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D0944809FEE88519E4876637733
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0f95431c5b554ea69
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE8D0944809FEE88519E4876637733
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a0f95431c5b554ea69
Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-c9d6fdd7eadef804cc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c9d6fdd7eadef804cc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-3b9fcadf70698de285
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : 606fc181-6825-444b-9dcc-16a623723d4b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : LRPC-5c47fef0d46f9c7789
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : LRPC-5c47fef0d46f9c7789
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : LRPC-5c47fef0d46f9c7789
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-5e8c2c2acd0e917621
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc
Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-5903206bf3da0c527c
Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-115219b45adfaac50c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-115219b45adfaac50c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-115219b45adfaac50c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-115219b45adfaac50c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fa2fba127b5b923ca9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-115219b45adfaac50c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fa2fba127b5b923ca9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-115219b45adfaac50c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fa2fba127b5b923ca9
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : df4df73a-c52d-4e3a-8003-8437fdf8302a, version 0.0
Description : Unknown RPC service
Annotation : WM_WindowManagerRPC\Server
Type : Local RPC service
Named pipe : LRPC-ac97cc9e7b82d2fb8c
Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-63bbd75591ecf47f9c
Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-e44e7fb591649c353d
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-06409a16fac7be122b
Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000001
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ecb39c519e9d179fec
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Local RPC service
Named pipe : eventlog
Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-00999b8f97776d9e54
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-00999b8f97776d9e54
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-51cbe55597f7e81ca7
Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1c88202590d9b17f77
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-1c88202590d9b17f77
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint for NCB Reset module
Type : Local RPC service
Named pipe : LRPC-7a396c7a10ce6917a8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-1c88202590d9b17f77
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-7a396c7a10ce6917a8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLE7D52E49DFB837B8D509580A541F5
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-b9f2e2e18aaa420959
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-1c88202590d9b17f77
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-7a396c7a10ce6917a8
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : OLE7D52E49DFB837B8D509580A541F5
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Annotation : Network Connection Broker server endpoint
Type : Local RPC service
Named pipe : LRPC-b9f2e2e18aaa420959
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000001
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc01B5531
Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-a6749ae1151cf909fa
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b8cadbaf-e84b-46b9-84f2-6f71c03f9e55, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c521facf-09a9-42c5-b155-72388595cbf0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1832bcf6-cab8-41d4-85d2-c9410764f75a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e7bc3c7c819b9e6ce
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e7bc3c7c819b9e6ce
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a2a58691ea96f9b26c
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e7bc3c7c819b9e6ce
Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a2a58691ea96f9b26c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e7bc3c7c819b9e6ce
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a2a58691ea96f9b26c
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c237461413280cbd1e
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e7bc3c7c819b9e6ce
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a2a58691ea96f9b26c
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c237461413280cbd1e
Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b7e511e2c619175e8b
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE573BF57E2095859FDED010D2A5C4
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac92547bbbaf785f33
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-1686c56fe7a8b42eb7
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e7bc3c7c819b9e6ce
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a2a58691ea96f9b26c
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/445/cifs
The following DCERPC services are available remotely :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\TECHE_WEB_DB
Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 650a7e26-eab8-5533-ce43-9c1dfce11511, version 1.0
Description : Unknown RPC service
Annotation : Vpn APIs
Type : Remote RPC service
Named pipe : \PIPE\ROUTER
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\TECHE_WEB_DB
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\TECHE_WEB_DB
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/6160/dce-rpc
The following DCERPC services are available on TCP port 6160 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d107c6e0-fc35-49ba-ba03-3e192de6797d, version 1.0
Description : Unknown RPC service
Annotation : Veeam Deployer
Type : Remote RPC service
TCP Port : 6160
IP : 172.17.100.32
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d1c2c07a-d989-48cc-a423-b73ecd518d40, version 1.0
Description : Unknown RPC service
Annotation : Veeam RPC Invoker
Type : Remote RPC service
TCP Port : 6160
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/6162/dce-rpc
The following DCERPC services are available on TCP port 6162 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d1c2c07a-d989-48cc-a423-b73ecd518d40, version 1.0
Description : Unknown RPC service
Annotation : Veeam Invoker
Type : Remote RPC service
TCP Port : 6162
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/6183/dce-rpc
The following DCERPC services are available on TCP port 6183 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d1c2c07a-d989-48cc-a423-b73ecd518d40, version 1.0
Description : Unknown RPC service
Annotation : Veeam Invoker
Type : Remote RPC service
TCP Port : 6183
IP : 172.17.100.32
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d107c6e0-fc35-49ba-ba03-3e192de6797d, version 1.0
Description : Unknown RPC service
Annotation : Veeam Deployer
Type : Remote RPC service
TCP Port : 6183
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/6190/dce-rpc
The following DCERPC services are available on TCP port 6190 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d1c2c07a-d989-48cc-a423-b73ecd518d40, version 1.0
Description : Unknown RPC service
Annotation : Veeam Invoker
Type : Remote RPC service
TCP Port : 6190
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/11731/dce-rpc
The following DCERPC services are available on TCP port 11731 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d107c6e0-fc35-49ba-ba03-3e192de6797d, version 1.0
Description : Unknown RPC service
Annotation : Veeam Deployer
Type : Remote RPC service
TCP Port : 11731
IP : 172.17.100.32
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d1c2c07a-d989-48cc-a423-b73ecd518d40, version 1.0
Description : Unknown RPC service
Annotation : Veeam RPC Invoker
Type : Remote RPC service
TCP Port : 11731
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/49664/dce-rpc
The following DCERPC services are available on TCP port 49664 :
Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49664
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/49665/dce-rpc
The following DCERPC services are available on TCP port 49665 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Event log TCPIP
Type : Remote RPC service
TCP Port : 49665
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/49666/dce-rpc
The following DCERPC services are available on TCP port 49666 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.32
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/49667/dce-rpc
The following DCERPC services are available on TCP port 49667 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49667
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/49762/dce-rpc
The following DCERPC services are available on TCP port 49762 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 49762
IP : 172.17.100.32
10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output
tcp/49811/dce-rpc
The following DCERPC services are available on TCP port 49811 :
Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49811
IP : 172.17.100.32
84239 - Debugging Log Report
-
Synopsis
This plugin gathers the logs written by other plugins and reports them.
Description
Logs generated by other plugins are reported by this plugin. Plugin debugging must be enabled in the policy in order for this plugin to run.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/06/17, Modified: 2025/07/14
Plugin Output
tcp/0
Plugin debug log(s) have been attached.
55472 - Device Hostname
-
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/06/30, Modified: 2025/12/15
Plugin Output
tcp/0
Hostname : TECHE_WEB_DB
TECHE_WEB_DB (WMI)
54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2025/03/12
Plugin Output
tcp/0
Remote device type : general-purpose
Confidence level : 100
Confidence level : 100
71246 - Enumerate Local Group Memberships
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Note: Unable to query local Domain Controllers during Agent scans.
Rendering Group data obtained by plugin 171956.
Note: Unable to query local Domain Controllers during Agent scans.
Rendering Group data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/06, Modified: 2025/12/15
Plugin Output
tcp/0
Group Name : Access Control Assistance Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-579
Members :
Group Name : Administrators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-544
Members :
Name : Production
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-500
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : techexcel
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1001
Name : rms
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1005
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Name : tidua
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1011
Group Name : Backup Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-551
Members :
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Certificate Service DCOM Access
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-574
Members :
Group Name : Cryptographic Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-569
Members :
Group Name : Device Owners
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-583
Members :
Group Name : Distributed COM Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-562
Members :
Group Name : Event Log Readers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-573
Members :
Group Name : Guests
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-501
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Hyper-V Administrators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-578
Members :
Group Name : IIS_IUSRS
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-568
Members :
Group Name : Network Configuration Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-556
Members :
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Group Name : Performance Log Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-559
Members :
Group Name : Performance Monitor Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-558
Members :
Name : MSSQLSERVER
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Name : SQLSERVERAGENT
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Group Name : Power Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-547
Members :
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Print Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-550
Members :
Group Name : RDS Endpoint Servers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-576
Members :
Group Name : RDS Management Servers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-577
Members :
Group Name : RDS Remote Access Servers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-575
Members :
Group Name : Remote Desktop Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-555
Members :
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : techapp
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1002
Name : techexcel1
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1008
Group Name : Remote Management Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-580
Members :
Group Name : Replicator
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-552
Members :
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Storage Replica Administrators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-582
Members :
Group Name : System Managed Accounts Group
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-503
Group Name : Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : TECHE_WEB_DB
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : TECHE_WEB_DB
Class : Win32_SystemAccount
SID : S-1-5-11
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : techexcel
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1001
Name : techapp
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1002
Name : rms
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1005
Name : techexcel1
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1008
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Name : tidua
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1011
Group Name : Cyber Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-21-549360554-2228062029-2355455187-1012
Members :
Group Name : SQLRUserGroup
Host Name : TECHE_WEB_DB
Group SID : S-1-5-21-549360554-2228062029-2355455187-1004
Members :
Name : MSSQLLaunchpad
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Group Name : SQLServer2005SQLBrowserUser$TECHE_WEB_DB
Host Name : TECHE_WEB_DB
Group SID : S-1-5-21-549360554-2228062029-2355455187-1003
Members :
Name : SQLBrowser
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-579
Members :
Group Name : Administrators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-544
Members :
Name : Production
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-500
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : techexcel
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1001
Name : rms
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1005
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Name : tidua
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1011
Group Name : Backup Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-551
Members :
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Certificate Service DCOM Access
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-574
Members :
Group Name : Cryptographic Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-569
Members :
Group Name : Device Owners
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-583
Members :
Group Name : Distributed COM Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-562
Members :
Group Name : Event Log Readers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-573
Members :
Group Name : Guests
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-501
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Hyper-V Administrators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-578
Members :
Group Name : IIS_IUSRS
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-568
Members :
Group Name : Network Configuration Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-556
Members :
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Group Name : Performance Log Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-559
Members :
Group Name : Performance Monitor Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-558
Members :
Name : MSSQLSERVER
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Name : SQLSERVERAGENT
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Group Name : Power Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-547
Members :
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Print Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-550
Members :
Group Name : RDS Endpoint Servers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-576
Members :
Group Name : RDS Management Servers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-577
Members :
Group Name : RDS Remote Access Servers
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-575
Members :
Group Name : Remote Desktop Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-555
Members :
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : techapp
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1002
Name : techexcel1
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1008
Group Name : Remote Management Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-580
Members :
Group Name : Replicator
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-552
Members :
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Group Name : Storage Replica Administrators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-582
Members :
Group Name : System Managed Accounts Group
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-503
Group Name : Users
Host Name : TECHE_WEB_DB
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : TECHE_WEB_DB
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : TECHE_WEB_DB
Class : Win32_SystemAccount
SID : S-1-5-11
Name : LKPAdmin
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Name : techexcel
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1001
Name : techapp
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1002
Name : rms
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1005
Name : techexcel1
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1008
Name : Veeam
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Name : tidua
Domain : TECHE_WEB_DB
Class : Win32_UserAccount
SID : S-1-5-21-549360554-2228062029-2355455187-1011
Group Name : Cyber Operators
Host Name : TECHE_WEB_DB
Group SID : S-1-5-21-549360554-2228062029-2355455187-1012
Members :
Group Name : SQLRUserGroup
Host Name : TECHE_WEB_DB
Group SID : S-1-5-21-549360554-2228062029-2355455187-1004
Members :
Name : MSSQLLaunchpad
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
Group Name : SQLServer2005SQLBrowserUser$TECHE_WEB_DB
Host Name : TECHE_WEB_DB
Group SID : S-1-5-21-549360554-2228062029-2355455187-1003
Members :
Name : SQLBrowser
Domain : NT SERVICE
Class : Win32_SystemAccount
SID :
72684 - Enumerate Users via WMI
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.
Description
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin.
Note: Unable to query local Domain Controllers during Agent scans.
Rendering User data obtained by plugin 171956.
Note: Unable to query local Domain Controllers during Agent scans.
Rendering User data obtained by plugin 171956.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/02/25, Modified: 2025/12/15
Plugin Output
tcp/0
Name : DefaultAccount
SID : S-1-5-21-549360554-2228062029-2355455187-503
Disabled : True
Lockout : False
Change password : True
Source : Local
Name : Guest
SID : S-1-5-21-549360554-2228062029-2355455187-501
Disabled : True
Lockout : False
Change password : False
Source : Local
Name : LKPAdmin
SID : S-1-5-21-549360554-2228062029-2355455187-1000
Disabled : False
Lockout : False
Change password : False
Source : Local
Name : Production
SID : S-1-5-21-549360554-2228062029-2355455187-500
Disabled : False
Lockout : False
Change password : True
Source : Local
Name : rms
SID : S-1-5-21-549360554-2228062029-2355455187-1005
Disabled : False
Lockout : False
Change password : False
Source : Local
Name : techapp
SID : S-1-5-21-549360554-2228062029-2355455187-1002
Disabled : False
Lockout : False
Change password : False
Source : Local
Name : techexcel
SID : S-1-5-21-549360554-2228062029-2355455187-1001
Disabled : False
Lockout : False
Change password : False
Source : Local
Name : techexcel1
SID : S-1-5-21-549360554-2228062029-2355455187-1008
Disabled : False
Lockout : False
Change password : False
Source : Local
Name : tidua
SID : S-1-5-21-549360554-2228062029-2355455187-1011
Disabled : False
Lockout : False
Change password : True
Source : Local
Name : Veeam
SID : S-1-5-21-549360554-2228062029-2355455187-1010
Disabled : False
Lockout : False
Change password : True
Source : Local
Name : WDAGUtilityAccount
SID : S-1-5-21-549360554-2228062029-2355455187-504
Disabled : True
Lockout : False
Change password : True
Source : Local
No. Of Users : 11
117530 - Errors in nessusd.dump
-
Synopsis
This plugin parses information from the nessusd.dump log file and reports on errors.
Description
This plugin parses information from the nessusd.dump log file and reports on errors.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/09/17, Modified: 2024/11/04
Plugin Output
tcp/0
The nessusd.dump log file contained errors from the following plugins:
- wmi_start_server_svc.nbin reported 12 errors
- apache_log4j_2_17_0.nasl reported 2 errors
- smb_kb2536275.nbin reported 1 error
- onvif_detect.nbin reported 8 errors
- pivotal_software_spring_projects_win_installed.nbin reported 1 error
- apache_log4j_2_17_1.nasl reported 2 errors
- log4j_log4shell_www.nbin reported 1 error
- amanda_detect.nasl reported 1 error
- smb_enum_software_versions.nasl reported 3 errors
- smb_nt_ms23_aug_sqlserver_odbc_driver.nasl reported 2 errors
- react_CVE-2025-55182.nbin reported 5 errors
- quic_detect.nasl reported 1 error
- windows_enum_accounts.nbin reported 1 error
- wmi_start_server_svc.nbin reported 12 errors
- apache_log4j_2_17_0.nasl reported 2 errors
- smb_kb2536275.nbin reported 1 error
- onvif_detect.nbin reported 8 errors
- pivotal_software_spring_projects_win_installed.nbin reported 1 error
- apache_log4j_2_17_1.nasl reported 2 errors
- log4j_log4shell_www.nbin reported 1 error
- amanda_detect.nasl reported 1 error
- smb_enum_software_versions.nasl reported 3 errors
- smb_nt_ms23_aug_sqlserver_odbc_driver.nasl reported 2 errors
- react_CVE-2025-55182.nbin reported 5 errors
- quic_detect.nasl reported 1 error
- windows_enum_accounts.nbin reported 1 error
35716 - Ethernet Card Manufacturer Detection
-
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/02/19, Modified: 2020/05/13
Plugin Output
tcp/0
The following card manufacturers were identified :
D4:F5:EF:60:46:14 : Hewlett Packard Enterprise
D4:F5:EF:60:46:17 : Hewlett Packard Enterprise
86420 - Ethernet MAC Addresses
-
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/10/16, Modified: 2025/06/10
Plugin Output
tcp/0
The following is a consolidated list of detected MAC addresses:
- D4:F5:EF:60:46:14
- D4:F5:EF:60:46:17
- D4:F5:EF:60:46:14
- D4:F5:EF:60:46:17
92439 - Explorer Search History
-
Synopsis
Nessus was able to gather a list of items searched for in the Windows UI.
Description
Nessus was able to gather evidence of cached search results from Windows Explorer searches.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
Explorer search history report attached.
34196 - Google Chrome Detection (Windows)
-
Synopsis
The remote Windows host contains a web browser.
Description
Google Chrome, a web browser from Google, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0511 |
Plugin Information
Published: 2008/09/12, Modified: 2025/07/10
Plugin Output
tcp/445/cifs
Path : C:\Program Files (x86)\Google\Chrome\Application
Version : 143.0.7499.171
Note that Nessus only looked in the registry for evidence of Google
Chrome. If there are multiple users on this host, you may wish to
enable the 'Perform thorough tests' setting and re-scan. This will
cause Nessus to scan each local user's directory for installs.
97860 - HPE Smart Storage Administrator Installed
-
Synopsis
An enterprise storage controller management application is installed on the remote Windows host.
Description
HPE Smart Storage Administrator, an enterprise storage controller management application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0623 |
Plugin Information
Published: 2017/03/21, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Path : C:\Program Files\Smart Storage Administrator\ssa\
Version : 6.25.9.0
43111 - HTTP Methods Allowed (per directory)
-
Synopsis
This plugin determines which HTTP methods are allowed on various CGI directories.
Description
By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory.
The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
The following HTTP methods are considered insecure:
PUT, DELETE, CONNECT, TRACE, HEAD
Many frameworks and languages treat 'HEAD' as a 'GET' request, albeit one without any body in the response. If a security constraint was set on 'GET' requests such that only 'authenticatedUsers' could access GET requests for a particular servlet or resource, it would be bypassed for the 'HEAD' version. This allowed unauthorized blind submission of any privileged GET request.
As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes'
in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501.
Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities.
See Also
| http://www.nessus.org/u?d9c03a9a |
| http://www.nessus.org/u?b019cbdb |
| https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006) |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/12/10, Modified: 2022/04/11
Plugin Output
tcp/80/www
Based on the response to an OPTIONS request :
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
- HTTP methods GET HEAD POST TRACE OPTIONS are allowed on :
/
10107 - HTTP Server Type and Version
-
Synopsis
A web server is running on the remote host.
Description
This plugin attempts to determine the type and the version of the remote web server.
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0931 |
Plugin Information
Published: 2000/01/04, Modified: 2020/10/30
Plugin Output
tcp/80/www
The remote web server type is :
Microsoft-IIS/10.0
Microsoft-IIS/10.0
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2025/03/13
Plugin Output
tcp/0
172.17.100.32 resolves as TechE_Web_DB.
24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...
This test is informational only and does not denote any security problem.
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output
tcp/80/www
Response Code : HTTP/1.1 200 OK
Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : OPTIONS, TRACE, GET, HEAD, POST
Headers :
Content-Type: text/html
Last-Modified: Fri, 14 Jan 2022 13:47:58 GMT
Accept-Ranges: bytes
ETag: "8c4df574d9d81:0"
Server: Microsoft-IIS/10.0
Date: Fri, 09 Jan 2026 19:41:41 GMT
Content-Length: 703
Response Body :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>IIS Windows Server</title>
<style type="text/css">
<!--
body {
color:#000000;
background-color:#0072C6;
margin:0;
}
#container {
margin-left:auto;
margin-right:auto;
text-align:center;
}
a img {
border:none;
}
-->
</style>
</head>
<body>
<div id="container">
<a href="http://go.microsoft.com/fwlink/?linkid=66138&clcid=0x409"><img src="iisstart.png" alt="IIS" width="960" height="600" /></a>
</div>
</body>
</html>
24260 - HyperText Transfer Protocol (HTTP) Information
-
Synopsis
Some information about the remote HTTP configuration can be extracted.
Description
This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive is enabled, etc...
This test is informational only and does not denote any security problem.
This test is informational only and does not denote any security problem.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/01/30, Modified: 2024/02/26
Plugin Output
tcp/5985/www
Response Code : HTTP/1.1 404 Not Found
Protocol version : HTTP/1.1
HTTP/2 TLS Support: No
HTTP/2 Cleartext Support: No
SSL : no
Keep-Alive : no
Options allowed : (Not implemented)
Headers :
Content-Type: text/html; charset=us-ascii
Date: Fri, 09 Jan 2026 19:41:41 GMT
Connection: close
Content-Length: 315
Response Body :
171410 - IP Assignment Method Detection
-
Synopsis
Enumerates the IP address assignment method(static/dynamic).
Description
Enumerates the IP address assignment method(static/dynamic).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/14, Modified: 2025/12/15
Plugin Output
tcp/0
+ CrossConect
+ IPv4
- Address : 20.20.20.32
Assign Method : static
+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static
+ LAN_32
+ IPv4
- Address : 172.17.100.32
Assign Method : static
+ IPv4
- Address : 20.20.20.32
Assign Method : static
+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static
+ LAN_32
+ IPv4
- Address : 172.17.100.32
Assign Method : static
179947 - Intel CPUID detection
-
Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/08/18, Modified: 2025/12/15
Plugin Output
tcp/135/epmap
Nessus was able to extract the following cpuid: 50654
92421 - Internet Explorer Typed URLs
-
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/05/08
Plugin Output
tcp/0
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://172.17.100.33:8505/
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://www.catalog.update.microsoft.com/Search.aspx?q=kb5046615
http://127.0.0.1:8505/
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
Internet Explorer typed URL report attached.
http://172.17.100.33:8505/
http://go.microsoft.com/fwlink/p/?LinkId=255141
https://www.catalog.update.microsoft.com/Search.aspx?q=kb5046615
http://127.0.0.1:8505/
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
http://go.microsoft.com/fwlink/p/?LinkId=255141
Internet Explorer typed URL report attached.
53513 - Link-Local Multicast Name Resolution (LLMNR) Detection
-
Synopsis
The remote device supports LLMNR.
Description
The remote device answered to a Link-local Multicast Name Resolution (LLMNR) request. This protocol provides a name lookup service similar to NetBIOS or DNS. It is enabled by default on modern Windows versions.
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2011/04/21, Modified: 2023/10/17
Plugin Output
udp/5355/llmnr
According to LLMNR, the name of the remote host is 'TechE_Web_DB'.
160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection
-
Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2022/04/28, Modified: 2022/12/29
Plugin Output
tcp/445/cifs
LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.
24871 - Logical Drive Insecure Filesystem Enumeration (WMI)
-
Synopsis
The remote host is using an insecure filesystem.
Description
By making certain WMI queries, it is possible to extract the list of logical drives of the remote host that do not use NTFS.
Solution
Migrate any reported filesystems to NTFS.
Risk Factor
None
Plugin Information
Published: 2007/03/20, Modified: 2025/12/15
Plugin Output
tcp/0
The following drives are not formatted with NTFS :
Caption : E:
Description : Removable Disk
92424 - MUICache Program Execution History
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
| https://forensicartifacts.com/2010/08/registry-muicache/ |
| http://windowsir.blogspot.com/2005/12/mystery-of-muicachesolved.html |
| http://www.nirsoft.net/utils/muicache_view.html |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output
tcp/0
c:\windows\system32\wscript.exe.friendlyappname : Microsoft ® Windows Based Script Host
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
@%systemroot%\system32\firewallapi.dll,-38527 : Web Management Service (HTTP)
@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%windir%\system32\inetsrv\iisres.dll,-20001 : Web Management Service
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service
@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%windir%\system32\inetsrv\iisres.dll,-20002 : The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\das.dll,-100 : Device Association Service
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy
@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver
@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service
@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver
@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server
@%systemroot%\system32\dnsapi.dll,-101 : DNS Client
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service
@%systemroot%\system32\wkssvc.dll,-2001 : Browser
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker
@combase.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol
@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow
@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver
@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work.
@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider
@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client
@%systemroot%\system32\hnetcfgclient.dll,-201 : HNetCfg Client
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@fssmres.dll,-100 : File Server Remote Management
@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\drivers\mslldp.sys,-211 : Microsoft LLDP Protocol Driver
@%systemroot%\system32\storsvc.dll,-100 : Storage Service
@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%windir%\system32\inetsrv\iisres.dll,-30011 : Application Host Helper Service
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper
@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\firewallapi.dll,-38521 : World Wide Web Services (HTTP)
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System
@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD)
@%windir%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-1 : ASP.NET State Service
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler
@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@gpapi.dll,-114 : Resultant Set of Policy Provider
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service
@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS)
@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker
@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service
@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager
@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service
@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver
@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker
@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service
@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA)
@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr
@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver
@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\srvsvc.dll,-110 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager
@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver
@%systemroot%\system32\cscsvc.dll,-200 : Offline Files
@%systemroot%\system32\firewallapi.dll,-37302 : mDNS
@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service
@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service
@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder
@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage
@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%windir%\system32\inetsrv\iisres.dll,-30001 : Windows Process Activation Service
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\drivers\pdc.sys,-100 : PDC
@firewallapi.dll,-50323 : SNMP Trap
@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver
@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall
@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\drivers\wcnfs.sys,-100 : Windows Container Name Virtualization
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter
@%systemroot%\system32\presentationhost.exe,-3310 : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension
@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service
@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper
@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS)
@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service
@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service
@winlangdb.dll,-1121 : English (United States)
@%systemroot%\system32\walletservice.dll,-1000 : WalletService
@%windir%\system32\inetsrv\iisres.dll,-30008 : Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\drivers\ipsecgw.sys,-10001 : Windows IPsec Gateway Driver
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play
@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness
@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator
@icsvc.dll,-700 : Virtual Machine Monitoring
@%systemroot%\system32\drivers\ws2ifsl.sys,-1000 : Winsock IFS Driver
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\srvsvc.dll,-109 : File and Printer Sharing for Microsoft Networks
@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service
@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service
@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\drivers\tcpip.sys,-10101 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management
@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver
@%systemroot%\system32\drivers\mup.sys,-101 : MUP
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager
@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\drivers\mslldp.sys,-210 : IEEE 802.1AB Link-Layer Discovery Protocol (LLDP). Supports Microsoft Data Center Networking (DCN).
@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service
@%systemroot%\system32\wkssvc.dll,-100 : Workstation
@waasmedicsvc.dll,-100 : Windows Update Medic Service
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%systemroot%\system32\captureservice.dll,-100 : CaptureService
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager
@%systemroot%\system32\drivers\tcpip.sys,-10100 : Internet Protocol Version 4 (TCP/IPv4)
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%windir%\system32\inetsrv\iisres.dll,-30007 : IIS Admin Service
@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager
@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service
@%systemroot%\system32\drivers\tcpip.sys,-10102 : Internet Protocol Version 6 (TCP/IPv6)
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\wkssvc.dll,-1010 : Client for Microsoft Networks
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications
@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver
@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager
@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%windir%\system32\inetsrv\iisres.dll,-30003 : World Wide Web Publishing Service
@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service
@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC)
@combase.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\firewallapi.dll,-38523 : Secure World Wide Web Services (HTTPS)
@%systemroot%\system32\drivers\ndisimplatform.sys,-500 : Provides a platform for network adapter load balancing and fail-over.
@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\system32\lltdres.dll,-4 : Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth.
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client
@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service
@%windir%\system32\lsm.dll,-1001 : Local Session Manager
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
@%systemroot%\system32\btagservice.dll,-101 : Bluetooth Audio Gateway Service
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\usocore.dll,-101 : Update Orchestrator Service
@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@%windir%\system32\inetsrv\iisres.dll,-30014 : W3C Logging Service
@%systemroot%\system32\umpo.dll,-100 : Power
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver
@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver
@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service
@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver
@%systemroot%\system32\usermgr.dll,-100 : User Manager
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver
@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management)
@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service
@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder
@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm
@%systemroot%\system32\wkssvc.dll,-1011 : Allows your computer to access resources on a Microsoft network.
@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service
@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace
@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning
@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service
@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver
@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP)
@gpapi.dll,-112 : Group Policy Client
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface
@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness
@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver
@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service
@c:\windows\syswow64\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-2 : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode
@%systemroot%\system32\srpapi.dll,-100 : AppID Driver
@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@%systemroot%\system32\presentationhost.exe,-3309 : Windows Presentation Foundation Font Cache 3.0.0.0
@%systemroot%\system32\srvsvc.dll,-100 : Server
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector
@%systemroot%\system32\sysmain.dll,-1000 : SysMain
@%systemroot%\system32\bthavctpsvc.dll,-101 : AVCTP service
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\profsvc.dll,-300 : User Profile Service
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation
@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service
@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine
@%systemroot%\system32\sens.dll,-200 : System Event Notification Service
@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\drivers\tcpip.sys,-10103 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS)
@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver
@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver
@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%systemroot%\system32\searchindexer.exe,-103 : Windows Search
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\firewallapi.dll,-38527 : Web Management Service (HTTP)
@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%windir%\system32\inetsrv\iisres.dll,-20001 : Web Management Service
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service
@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%windir%\system32\inetsrv\iisres.dll,-20002 : The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\das.dll,-100 : Device Association Service
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy
@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver
@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service
@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver
@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server
@%systemroot%\system32\dnsapi.dll,-101 : DNS Client
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service
@%systemroot%\system32\wkssvc.dll,-2001 : Browser
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker
@combase.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol
@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow
@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver
@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work.
@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider
@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client
@%systemroot%\system32\hnetcfgclient.dll,-201 : HNetCfg Client
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@fssmres.dll,-100 : File Server Remote Management
@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\drivers\mslldp.sys,-211 : Microsoft LLDP Protocol Driver
@%systemroot%\system32\storsvc.dll,-100 : Storage Service
@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%windir%\system32\inetsrv\iisres.dll,-30011 : Application Host Helper Service
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper
@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\firewallapi.dll,-38521 : World Wide Web Services (HTTP)
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System
@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD)
@%windir%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-1 : ASP.NET State Service
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler
@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@gpapi.dll,-114 : Resultant Set of Policy Provider
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service
@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS)
@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker
@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service
@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager
@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service
@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver
@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker
@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service
@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA)
@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr
@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver
@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\srvsvc.dll,-110 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager
@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver
@%systemroot%\system32\cscsvc.dll,-200 : Offline Files
@%systemroot%\system32\firewallapi.dll,-37302 : mDNS
@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service
@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service
@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder
@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage
@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%windir%\system32\inetsrv\iisres.dll,-30001 : Windows Process Activation Service
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\drivers\pdc.sys,-100 : PDC
@firewallapi.dll,-50323 : SNMP Trap
@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver
@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall
@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\drivers\wcnfs.sys,-100 : Windows Container Name Virtualization
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter
@%systemroot%\system32\presentationhost.exe,-3310 : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension
@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service
@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper
@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS)
@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service
@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service
@winlangdb.dll,-1121 : English (United States)
@%systemroot%\system32\walletservice.dll,-1000 : WalletService
@%windir%\system32\inetsrv\iisres.dll,-30008 : Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\drivers\ipsecgw.sys,-10001 : Windows IPsec Gateway Driver
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play
@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness
@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator
@icsvc.dll,-700 : Virtual Machine Monitoring
@%systemroot%\system32\drivers\ws2ifsl.sys,-1000 : Winsock IFS Driver
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\srvsvc.dll,-109 : File and Printer Sharing for Microsoft Networks
@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service
@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service
@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\drivers\tcpip.sys,-10101 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management
@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver
@%systemroot%\system32\drivers\mup.sys,-101 : MUP
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager
@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\drivers\mslldp.sys,-210 : IEEE 802.1AB Link-Layer Discovery Protocol (LLDP). Supports Microsoft Data Center Networking (DCN).
@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service
@%systemroot%\system32\wkssvc.dll,-100 : Workstation
@waasmedicsvc.dll,-100 : Windows Update Medic Service
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%systemroot%\system32\captureservice.dll,-100 : CaptureService
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager
@%systemroot%\system32\drivers\tcpip.sys,-10100 : Internet Protocol Version 4 (TCP/IPv4)
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%windir%\system32\inetsrv\iisres.dll,-30007 : IIS Admin Service
@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager
@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service
@%systemroot%\system32\drivers\tcpip.sys,-10102 : Internet Protocol Version 6 (TCP/IPv6)
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\wkssvc.dll,-1010 : Client for Microsoft Networks
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications
@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver
@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager
@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%windir%\system32\inetsrv\iisres.dll,-30003 : World Wide Web Publishing Service
@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service
@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC)
@combase.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\firewallapi.dll,-38523 : Secure World Wide Web Services (HTTPS)
@%systemroot%\system32\drivers\ndisimplatform.sys,-500 : Provides a platform for network adapter load balancing and fail-over.
@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\system32\lltdres.dll,-4 : Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth.
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client
@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service
@%windir%\system32\lsm.dll,-1001 : Local Session Manager
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
@%systemroot%\system32\btagservice.dll,-101 : Bluetooth Audio Gateway Service
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\usocore.dll,-101 : Update Orchestrator Service
@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@%windir%\system32\inetsrv\iisres.dll,-30014 : W3C Logging Service
@%systemroot%\system32\umpo.dll,-100 : Power
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver
@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver
@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service
@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver
@%systemroot%\system32\usermgr.dll,-100 : User Manager
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver
@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management)
@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service
@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder
@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm
@%systemroot%\system32\wkssvc.dll,-1011 : Allows your computer to access resources on a Microsoft network.
@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service
@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace
@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning
@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service
@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver
@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP)
@gpapi.dll,-112 : Group Policy Client
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface
@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness
@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver
@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service
@c:\windows\syswow64\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-2 : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode
@%systemroot%\system32\srpapi.dll,-100 : AppID Driver
@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@%systemroot%\system32\presentationhost.exe,-3309 : Windows Presentation Foundation Font Cache 3.0.0.0
@%systemroot%\system32\srvsvc.dll,-100 : Server
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector
@%systemroot%\system32\sysmain.dll,-1000 : SysMain
@%systemroot%\system32\bthavctpsvc.dll,-101 : AVCTP service
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\profsvc.dll,-300 : User Profile Service
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation
@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service
@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine
@%systemroot%\system32\sens.dll,-200 : System Event Notification Service
@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\drivers\tcpip.sys,-10103 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS)
@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver
@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver
@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%systemroot%\system32\searchindexer.exe,-103 : Windows Search
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\wscript.exe.friendlyappname : Microsoft ® Windows Based Script Host
c:\windows\system32\compmgmtlauncher.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\wusa.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\compmgmtlauncher.exe.friendlyappname : Computer Management Snapin Launcher
c:\windows\system32\wusa.exe.friendlyappname : Windows Update Standalone Installer
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\appresolver.dll.friendlyappname : App Resolver
c:\program files (x86)\jam software\treesize free\treesizefree.exe.applicationcompany : JAM Software
c:\program files (x86)\windows media player\wmplayer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\wscript.exe.friendlyappname : Microsoft ® Windows Based Script Host
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.friendlyappname : Internet Explorer
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\openwith.exe.friendlyappname : Pick an app
c:\users\techexcel\appdata\local\programs\microsoft vs code\code.exe.friendlyappname : Visual Studio Code
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\program files\windows nt\accessories\wordpad.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\users\techexcel\appdata\local\programs\microsoft vs code\code.exe.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\openwith.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
c:\program files\windows nt\accessories\wordpad.exe.friendlyappname : WordPad
c:\windows\system32\mspaint.exe.friendlyappname : Paint
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt.exe
c:\program files (x86)\jam software\treesize free\treesizefree.exe.friendlyappname : TreeSize Free hard disk space manager
c:\program files (x86)\windows media player\wmplayer.exe.friendlyappname : Windows Media Player
c:\windows\system32\mspaint.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
MUICache report attached.
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
@%systemroot%\system32\firewallapi.dll,-38527 : Web Management Service (HTTP)
@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%windir%\system32\inetsrv\iisres.dll,-20001 : Web Management Service
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service
@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%windir%\system32\inetsrv\iisres.dll,-20002 : The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\das.dll,-100 : Device Association Service
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy
@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver
@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service
@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver
@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server
@%systemroot%\system32\dnsapi.dll,-101 : DNS Client
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service
@%systemroot%\system32\wkssvc.dll,-2001 : Browser
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker
@combase.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol
@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow
@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver
@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work.
@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider
@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client
@%systemroot%\system32\hnetcfgclient.dll,-201 : HNetCfg Client
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@fssmres.dll,-100 : File Server Remote Management
@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\drivers\mslldp.sys,-211 : Microsoft LLDP Protocol Driver
@%systemroot%\system32\storsvc.dll,-100 : Storage Service
@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%windir%\system32\inetsrv\iisres.dll,-30011 : Application Host Helper Service
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper
@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\firewallapi.dll,-38521 : World Wide Web Services (HTTP)
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System
@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD)
@%windir%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-1 : ASP.NET State Service
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler
@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@gpapi.dll,-114 : Resultant Set of Policy Provider
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service
@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS)
@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker
@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service
@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager
@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service
@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver
@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker
@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service
@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA)
@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr
@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver
@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\srvsvc.dll,-110 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager
@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver
@%systemroot%\system32\cscsvc.dll,-200 : Offline Files
@%systemroot%\system32\firewallapi.dll,-37302 : mDNS
@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service
@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service
@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder
@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage
@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%windir%\system32\inetsrv\iisres.dll,-30001 : Windows Process Activation Service
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\drivers\pdc.sys,-100 : PDC
@firewallapi.dll,-50323 : SNMP Trap
@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver
@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall
@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\drivers\wcnfs.sys,-100 : Windows Container Name Virtualization
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter
@%systemroot%\system32\presentationhost.exe,-3310 : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension
@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service
@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper
@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS)
@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service
@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service
@winlangdb.dll,-1121 : English (United States)
@%systemroot%\system32\walletservice.dll,-1000 : WalletService
@%windir%\system32\inetsrv\iisres.dll,-30008 : Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\drivers\ipsecgw.sys,-10001 : Windows IPsec Gateway Driver
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play
@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness
@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator
@icsvc.dll,-700 : Virtual Machine Monitoring
@%systemroot%\system32\drivers\ws2ifsl.sys,-1000 : Winsock IFS Driver
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\srvsvc.dll,-109 : File and Printer Sharing for Microsoft Networks
@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service
@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service
@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\drivers\tcpip.sys,-10101 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management
@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver
@%systemroot%\system32\drivers\mup.sys,-101 : MUP
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager
@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\drivers\mslldp.sys,-210 : IEEE 802.1AB Link-Layer Discovery Protocol (LLDP). Supports Microsoft Data Center Networking (DCN).
@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service
@%systemroot%\system32\wkssvc.dll,-100 : Workstation
@waasmedicsvc.dll,-100 : Windows Update Medic Service
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%systemroot%\system32\captureservice.dll,-100 : CaptureService
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager
@%systemroot%\system32\drivers\tcpip.sys,-10100 : Internet Protocol Version 4 (TCP/IPv4)
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%windir%\system32\inetsrv\iisres.dll,-30007 : IIS Admin Service
@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager
@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service
@%systemroot%\system32\drivers\tcpip.sys,-10102 : Internet Protocol Version 6 (TCP/IPv6)
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\wkssvc.dll,-1010 : Client for Microsoft Networks
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications
@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver
@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager
@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%windir%\system32\inetsrv\iisres.dll,-30003 : World Wide Web Publishing Service
@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service
@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC)
@combase.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\firewallapi.dll,-38523 : Secure World Wide Web Services (HTTPS)
@%systemroot%\system32\drivers\ndisimplatform.sys,-500 : Provides a platform for network adapter load balancing and fail-over.
@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\system32\lltdres.dll,-4 : Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth.
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client
@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service
@%windir%\system32\lsm.dll,-1001 : Local Session Manager
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
@%systemroot%\system32\btagservice.dll,-101 : Bluetooth Audio Gateway Service
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\usocore.dll,-101 : Update Orchestrator Service
@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@%windir%\system32\inetsrv\iisres.dll,-30014 : W3C Logging Service
@%systemroot%\system32\umpo.dll,-100 : Power
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver
@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver
@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service
@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver
@%systemroot%\system32\usermgr.dll,-100 : User Manager
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver
@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management)
@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service
@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder
@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm
@%systemroot%\system32\wkssvc.dll,-1011 : Allows your computer to access resources on a Microsoft network.
@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service
@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace
@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning
@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service
@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver
@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP)
@gpapi.dll,-112 : Group Policy Client
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface
@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness
@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver
@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service
@c:\windows\syswow64\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-2 : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode
@%systemroot%\system32\srpapi.dll,-100 : AppID Driver
@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@%systemroot%\system32\presentationhost.exe,-3309 : Windows Presentation Foundation Font Cache 3.0.0.0
@%systemroot%\system32\srvsvc.dll,-100 : Server
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector
@%systemroot%\system32\sysmain.dll,-1000 : SysMain
@%systemroot%\system32\bthavctpsvc.dll,-101 : AVCTP service
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\profsvc.dll,-300 : User Profile Service
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation
@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service
@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine
@%systemroot%\system32\sens.dll,-200 : System Event Notification Service
@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\drivers\tcpip.sys,-10103 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS)
@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver
@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver
@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%systemroot%\system32\searchindexer.exe,-103 : Windows Search
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\firewallapi.dll,-38527 : Web Management Service (HTTP)
@%systemroot%\system32\winhttp.dll,-100 : WinHTTP Web Proxy Auto-Discovery Service
@%systemroot%\system32\themeservice.dll,-8192 : Themes
@%systemroot%\system32\firewallapi.dll,-3400 : COM+ Network Access
@%windir%\system32\inetsrv\iisres.dll,-20001 : Web Management Service
@%systemroot%\system32\mprmsg.dll,-32011 : Remote Access IP ARP Driver
@%systemroot%\system32\tabsvc.dll,-100 : Touch Keyboard and Handwriting Panel Service
@%systemroot%\system32\windows.devices.picker.dll,-1006 : DevicePicker
@%systemroot%\system32\bfe.dll,-1002 : The Base Filtering Engine (BFE) is a service that manages firewall and Internet Protocol security (IPsec) policies and implements user mode filtering. Stopping or disabling the BFE service will significantly reduce the security of the system. It will also result in unpredictable behavior in IPsec management and firewall applications.
@%systemroot%\system32\icsvc.dll,-201 : Hyper-V Data Exchange Service
c:\windows\system32,@elscore.dll,-8 : Microsoft Malayalam to Latin Transliteration
@%systemroot%\system32\devicesflowbroker.dll,-103 : DevicesFlow
@%systemroot%\system32\msimsg.dll,-27 : Windows Installer
@%systemroot%\system32\rmapi.dll,-1001 : Radio Management Service
@%systemroot%\system32\drivers\winnat.sys,-10001 : Windows NAT Driver
@%systemroot%\system32\drivers\afd.sys,-1000 : Ancillary Function Driver for Winsock
@%windir%\system32\inetsrv\iisres.dll,-20002 : The Web Management Service enables remote and delegated management capabilities for administrators to manage for the Web server, sites and applications present on this machine.
@%systemroot%\system32\userdataaccessres.dll,-14000 : Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\das.dll,-100 : Device Association Service
@%systemroot%\system32\tieringengineservice.exe,-701 : Optimizes the placement of data in storage tiers on all tiered storage spaces in the system.
@%systemroot%\system32\vssvc.exe,-102 : Volume Shadow Copy
@%systemroot%\system32\drivers\tunnel.sys,-500 : Microsoft Tunnel Miniport Adapter Driver
@%systemroot%\system32\wephostsvc.dll,-100 : Windows Encryption Provider Host Service
@%systemroot%\system32\drivers\ehstorclass.sys,-100 : Enhanced Storage Filter Driver
@%systemroot%\system32\devquerybroker.dll,-100 : DevQuery Background Discovery Broker
@%systemroot%\system32\cscsvc.dll,-201 : The Offline Files service performs maintenance activities on the Offline Files cache, responds to user logon and logoff events, implements the internals of the public API, and dispatches interesting events to those interested in Offline Files activities and changes in cache state.
@%systemroot%\system32\drivers\tsusbflt.sys,-1000 : Remote Desktop USB Hub Class Filter Driver
@%systemroot%\system32\appinfo.dll,-100 : Application Information
@%systemroot%\system32\wevtsvc.dll,-201 : This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
@%systemroot%\system32\sysmain.dll,-1001 : Maintains and improves system performance over time.
@%systemroot%\system32\wecsvc.dll,-201 : This service manages persistent subscriptions to events from remote sources that support WS-Management protocol. This includes Windows Vista event logs, hardware and IPMI-enabled event sources. The service stores forwarded events in a local Event Log. If this service is stopped or disabled event subscriptions cannot be created and forwarded events cannot be accepted.
@%systemroot%\system32\srvsvc.dll,-101 : Supports file, print, and named-pipe sharing over the network for this computer. If this service is stopped, these functions will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\frameserver.dll,-100 : Windows Camera Frame Server
@%systemroot%\system32\dnsapi.dll,-101 : DNS Client
@%systemroot%\system32\btagservice.dll,-102 : Service supporting the audio gateway role of the Bluetooth Handsfree Profile.
@%systemroot%\system32\wcmsvc.dll,-4098 : Makes automatic connect/disconnect decisions based on the network connectivity options currently available to the PC and enables management of network connectivity based on Group Policy settings.
@%systemroot%\system32\phoneserviceres.dll,-10000 : Phone Service
@%systemroot%\system32\wkssvc.dll,-2001 : Browser
@comres.dll,-2947 : Coordinates transactions between the Distributed Transaction Coordinator (MSDTC) and the Kernel Transaction Manager (KTM). If it is not needed, it is recommended that this service remain stopped. If it is needed, both MSDTC and KTM will start this service automatically. If this service is disabled, any MSDTC transaction interacting with a Kernel Resource Manager will fail and any services that explicitly depend on it will fail to start.
@%windir%\system32\rpcepmap.dll,-1002 : Resolves RPC interfaces identifiers to transport endpoints. If this service is stopped or disabled, programs using Remote Procedure Call (RPC) services will not function properly.
@%systemroot%\system32\firewallapi.dll,-3405 : COM+ Remote Administration
@%systemroot%\system32\locator.exe,-3 : In Windows 2003 and earlier versions of Windows, the Remote Procedure Call (RPC) Locator service manages the RPC name service database. In Windows Vista and later versions of Windows, this service does not provide any functionality and is present for application compatibility.
@%systemroot%\system32\fdrespub.dll,-101 : Publishes this computer and resources attached to this computer so they can be discovered over the network. If this service is stopped, network resources will no longer be published and they will not be discovered by other computers on the network.
@%windir%\system32\systemeventsbrokerserver.dll,-1001 : System Events Broker
@combase.dll,-5010 : Remote Procedure Call (RPC)
@%systemroot%\system32\drivers\appvvfs.sys,-101 : AppvVfs
@%systemroot%\system32\wbiosrvc.dll,-101 : The Windows biometric service gives client applications the ability to capture, compare, manipulate, and store biometric data without gaining direct access to any biometric hardware or samples. The service is hosted in a privileged SVCHOST process.
@%systemroot%\system32\qwave.dll,-2 : Quality Windows Audio Video Experience (qWave) is a networking platform for Audio Video (AV) streaming applications on IP home networks. qWave enhances AV streaming performance and reliability by ensuring network quality-of-service (QoS) for AV applications. It provides mechanisms for admission control, run time monitoring and enforcement, application feedback, and traffic prioritization.
@%systemroot%\system32\drivers\ndisimplatform.sys,-501 : Microsoft Network Adapter Multiplexor Protocol
@%systemroot%\system32\printworkflowservice.dll,-100 : PrintWorkflow
@%systemroot%\system32\drivers\mpsdrv.sys,-23092 : Windows Defender Firewall Authorization Driver
@%windir%\system32\inetsrv\iisres.dll,-30015 : Provides W3C logging for Internet Information Services (IIS). If this service is stopped, W3C logging configured by IIS will not work.
@%systemroot%\system32\drivers\mslbfoprovider.sys,-501 : Microsoft Load Balancing/Failover Provider
@%systemroot%\system32\appvclient.exe,-102 : Microsoft App-V Client
@%systemroot%\system32\hnetcfgclient.dll,-201 : HNetCfg Client
@%systemroot%\system32\umpo.dll,-101 : Manages power policy and power policy notification delivery.
@fssmres.dll,-100 : File Server Remote Management
@%systemroot%\system32\sensorservice.dll,-1000 : Sensor Service
@combase.dll,-5011 : The RPCSS service is the Service Control Manager for COM and DCOM servers. It performs object activations requests, object exporter resolutions and distributed garbage collection for COM and DCOM servers. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the RPCSS service running.
@%systemroot%\syswow64\perfhost.exe,-2 : Performance Counter DLL Host
@%systemroot%\system32\upnphost.dll,-214 : Allows UPnP devices to be hosted on this computer. If this service is stopped, any hosted UPnP devices will stop functioning and no additional hosted devices can be added. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lfsvc.dll,-2 : This service monitors the current location of the system and manages geofences (a geographical location with associated events). If you turn off this service, applications will be unable to use or receive notifications for geolocation or geofences.
@%systemroot%\system32\drivers\mslldp.sys,-211 : Microsoft LLDP Protocol Driver
@%systemroot%\system32\storsvc.dll,-100 : Storage Service
@%systemroot%\system32\dssvc.dll,-10003 : Data Sharing Service
@%systemroot%\system32\svsvc.dll,-102 : Verifies potential file system corruptions.
@%systemroot%\system32\sgrmbroker.exe,-101 : Monitors and attests to the integrity of the Windows platform.
@%systemroot%\system32\polstore.dll,-5010 : IPsec Policy Agent
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8201 : Net.Tcp Port Sharing Service
@%windir%\system32\inetsrv\iisres.dll,-30011 : Application Host Helper Service
@%systemroot%\system32\printworkflowservice.dll,-101 : Print Workflow
@peerdistsh.dll,-9002 : BranchCache - Hosted Cache Server (Uses HTTPS)
@%systemroot%\system32\mprmsg.dll,-32012 : Remote Access IPv6 ARP Driver
@%systemroot%\system32\lmhsvc.dll,-101 : TCP/IP NetBIOS Helper
@%systemroot%\system32\cdpsvc.dll,-100 : Connected Devices Platform Service
@%systemroot%\system32\defragsvc.dll,-102 : Helps the computer run more efficiently by optimizing files on storage drives.
@%systemroot%\system32\sppsvc.exe,-100 : Enables the download, installation and enforcement of digital licenses for Windows and Windows applications. If the service is disabled, the operating system and licensed applications may run in a notification mode. It is strongly recommended that you not disable the Software Protection service.
@gpapi.dll,-113 : The service is responsible for applying settings configured by administrators for the computer and users through the Group Policy component. If the service is disabled, the settings will not be applied and applications and components will not be manageable through Group Policy. Any components or applications that depend on the Group Policy component might not be functional if the service is disabled.
@%windir%\system32\bisrv.dll,-101 : Windows infrastructure service that controls which background tasks can run on the system.
@%systemroot%\system32\polstore.dll,-5011 : Internet Protocol security (IPsec) supports network-level peer authentication, data origin authentication, data integrity, data confidentiality (encryption), and replay protection. This service enforces IPsec policies created through the IP Security Policies snap-in or the command-line tool ""netsh ipsec"". If you stop this service, you may experience network connectivity issues if your policy requires that connections use IPsec. Also,remote management of Windows Defender Firewall is not available when this service is stopped.
@%programfiles%\windows media player\wmpnetwk.exe,-101 : Windows Media Player Network Sharing Service
@%systemroot%\system32\tapisrv.dll,-10100 : Telephony
@%systemroot%\system32\wephostsvc.dll,-101 : Windows Encryption Provider Host Service brokers encryption related functionalities from 3rd Party Encryption Providers to processes that need to evaluate and apply EAS policies. Stopping this will compromise EAS compliancy checks that have been established by the connected Mail Accounts
@%systemroot%\system32\themeservice.dll,-8193 : Provides user experience theme management.
@%systemroot%\system32\firewallapi.dll,-38521 : World Wide Web Services (HTTP)
@%systemroot%\system32\wkssvc.dll,-1000 : Redirected Buffering Sub System
@%systemroot%\system32\dosvc.dll,-100 : Delivery Optimization
@%systemroot%\system32\ngcsvc.dll,-101 : Provides process isolation for cryptographic keys used to authenticate to a user’s associated identity providers. If this service is disabled, all uses and management of these keys will not be available, which includes machine logon and single-sign on for apps and websites. This service starts and stops automatically. It is recommended that you do not reconfigure this service.
@%systemroot%\system32\eapsvc.dll,-1 : Extensible Authentication Protocol
@%systemroot%\system32\cdpusersvc.dll,-100 : Connected Devices Platform User Service
@gpapi.dll,-115 : Provides a network service that processes requests to simulate application of Group Policy settings for a target user or computer in various situations and computes the Resultant Set of Policy settings.
@%systemroot%\system32\sensordataservice.exe,-102 : Delivers data from a variety of sensors
@peerdistsh.dll,-9001 : BranchCache - Peer Discovery (Uses WSD)
@%windir%\system32\drivers\pacer.sys,-100 : Quality of Service Packet Scheduler. This component provides network traffic control, including rate-of-flow and prioritization services.
@%systemroot%\system32\bridgeres.dll,-1 : Microsoft MAC Bridge
@%systemroot%\system32\hvhostsvc.dll,-101 : Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-1 : ASP.NET State Service
@%systemroot%\system32\tapisrv.dll,-10101 : Provides Telephony API (TAPI) support for programs that control telephony devices on the local computer and, through the LAN, on servers that are also running the service.
@%systemroot%\system32\ngcctnrsvc.dll,-2 : Manages local user identity keys used to authenticate user to identity providers as well as TPM virtual smart cards. If this service is disabled, local user identity keys and TPM virtual smart cards will not be accessible. It is recommended that you do not reconfigure this service.
@%windir%\system32\lsm.dll,-1002 : Core Windows Service that manages local user sessions. Stopping or disabling this service will result in system instability.
@%windir%\system32\inetsrv\iisres.dll,-30012 : Provides administrative services for IIS, for example configuration history and Application Pool account mapping. If this service is stopped, configuration history and locking down files or directories with Application Pool specific Access Control Entries will not work.
@peerdistsh.dll,-9000 : BranchCache - Content Retrieval (Uses HTTP)
@%systemroot%\system32\smphost.dll,-102 : Microsoft Storage Spaces SMP
@%systemroot%\system32\appreadiness.dll,-1001 : Gets apps ready for use the first time a user signs in to this PC and when adding new apps.
@netlogon.dll,-1010 : Netlogon Service
@%systemroot%\system32\schedsvc.dll,-100 : Task Scheduler
@%systemroot%\system32\lltdres.dll,-1 : Link-Layer Topology Discovery Mapper
@%systemroot%\system32\drivers\fileinfo.sys,-100 : File Information FS MiniFilter
@%systemroot%\system32\sppsvc.exe,-101 : Software Protection
@gpapi.dll,-114 : Resultant Set of Policy Provider
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1000 : Microsoft (R) Diagnostics Hub Standard Collector Service
@%systemroot%\system32\drivers\clfs.sys,-100 : Common Log (CLFS)
@%systemroot%\system32\drivers\wfplwfs.sys,-6000 : Microsoft Windows Filtering Platform
@%systemroot%\system32\fdphost.dll,-101 : The FDPHOST service hosts the Function Discovery (FD) network discovery providers. These FD providers supply network discovery services for the Simple Services Discovery Protocol (SSDP) and Web Services – Discovery (WS-D) protocol. Stopping or disabling the FDPHOST service will disable network discovery for these protocols when using FD. When this service is unavailable, network services using FD and relying on these discovery protocols will be unable to find network devices or resources.
@keyiso.dll,-101 : The CNG key isolation service is hosted in the LSA process. The service provides key process isolation to private keys and associated cryptographic operations as required by the Common Criteria. The service stores and uses long-lived keys in a secure process complying with Common Criteria requirements.
@%windir%\system32\timebrokerserver.dll,-1001 : Time Broker
@%systemroot%\system32\nsisvc.dll,-200 : Network Store Interface Service
@appmgmts.dll,-3251 : Processes installation, removal, and enumeration requests for software deployed through Group Policy. If the service is disabled, users will be unable to install, remove, or enumerate software deployed through Group Policy. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\pushtoinstall.dll,-200 : Windows PushToInstall Service
@%systemroot%\system32\tokenbroker.dll,-100 : Web Account Manager
@%systemroot%\system32\drivers\cnghwassist.sys,-100 : CNG Hardware Assist algorithm provider
@%systemroot%\system32\spoolsv.exe,-2 : This service spools print jobs and handles interaction with the printer. If you turn off this service, you won’t be able to print or see your printers.
@%systemroot%\system32\icsvc.dll,-301 : Hyper-V Guest Shutdown Service
@%systemroot%\system32\drivers\indirectkmd.sys,-100 : Indirect Displays Kernel-Mode Driver
@%systemroot%\system32\defragsvc.dll,-101 : Optimize drives
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : Document Encryption
@%systemroot%\system32\hvhostsvc.dll,-100 : HV Host Service
@%systemroot%\system32\capabilityaccessmanager.dll,-2 : Provides facilities for managing UWP apps access to app capabilities as well as checking an app's access to specific app capabilities
@%systemroot%\system32\sgrmbroker.exe,-100 : System Guard Runtime Monitor Broker
@%systemroot%\system32\windows.internal.management.dll,-100 : Device Management Enrollment Service
@%systemroot%\system32\icsvc.dll,-902 : Provides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.
@%systemroot%\system32\srpapi.dll,-102 : Smartlocker Filter Driver
@%systemroot%\system32\ncasvc.dll,-3008 : Provides DirectAccess status notification for UI components
@%systemroot%\system32\pcasvc.dll,-1 : Program Compatibility Assistant Service
@%systemroot%\system32\wiaservc.dll,-9 : Windows Image Acquisition (WIA)
@%systemroot%\system32\drivers\appvvemgr.sys,-101 : AppvVemgr
@%systemroot%\system32\icsvc.dll,-801 : Hyper-V Guest Service Interface
@%systemroot%\system32\netman.dll,-109 : Network Connections
@%systemroot%\system32\scdeviceenum.dll,-100 : Smart Card Device Enumeration Service
c:\windows\system32,@elscore.dll,-7 : Microsoft Devanagari to Latin Transliteration
@%systemroot%\system32\drivers\volmgrx.sys,-100 : Dynamic Volume Manager
@%systemroot%\system32\fdrespub.dll,-100 : Function Discovery Resource Publication
@comres.dll,-2451 : Supports System Event Notification Service (SENS), which provides automatic distribution of events to subscribing Component Object Model (COM) components. If the service is stopped, SENS will close and will not be able to provide logon and logoff notifications. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\nlasvc.dll,-2 : Collects and stores configuration information for the network and notifies programs when this information is modified. If this service is stopped, configuration information might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\mprmsg.dll,-32002 : Remote Access NDIS WAN Driver
@%systemroot%\system32\ncasvc.dll,-3009 : Network Connectivity Assistant
@%systemroot%\system32\rmapi.dll,-1002 : Radio Management and Airplane Mode Service
c:\windows\system32,@elscore.dll,-3 : Microsoft Traditional Chinese to Simplified Chinese Transliteration
@%systemroot%\system32\alg.exe,-113 : Provides support for 3rd party protocol plug-ins for Internet Connection Sharing
@%systemroot%\system32\das.dll,-101 : Enables pairing between the system and wired or wireless devices.
@%systemroot%\system32\samsrv.dll,-2 : The startup of this service signals other services that the Security Accounts Manager (SAM) is ready to accept requests. Disabling this service will prevent other services in the system from being notified when the SAM is ready, which may in turn cause those services to fail to start correctly. This service should not be disabled.
@%systemroot%\system32\umrdp.dll,-1000 : Remote Desktop Services UserMode Port Redirector
@keyiso.dll,-100 : CNG Key Isolation
@%systemroot%\system32\audiosrv.dll,-200 : Windows Audio
@%systemroot%\system32\powrprof.dll,-15 : Balanced
@%systemroot%\system32\wpdbusenum.dll,-101 : Enforces group policy for removable mass-storage devices. Enables applications such as Windows Media Player and Image Import Wizard to transfer and synchronize content using removable mass-storage devices.
@%systemroot%\system32\srvsvc.dll,-110 : Allows other computers to access resources on your computer using a Microsoft network.
@%systemroot%\system32\termsrv.dll,-268 : Remote Desktop Services
@%systemroot%\system32\ipnathlp.dll,-106 : Internet Connection Sharing (ICS)
@%systemroot%\system32\semgrsvc.dll,-1001 : Payments and NFC/SE Manager
@%systemroot%\system32\samsrv.dll,-1 : Security Accounts Manager
@%systemroot%\system32\powrprof.dll,-13 : High performance
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\usermgr.dll,-101 : User Manager provides the runtime components required for multi-user interaction. If this service is stopped, some applications may not operate correctly.
@%systemroot%\system32\drivers\hvservice.sys,-16 : Hypervisor/Virtual Machine Support Driver
@%systemroot%\system32\cscsvc.dll,-200 : Offline Files
@%systemroot%\system32\firewallapi.dll,-37302 : mDNS
@%systemroot%\system32\windows.staterepository.dll,-1 : State Repository Service
@%systemroot%\system32\fntcache.dll,-100 : Windows Font Cache Service
@%systemroot%\system32\audioendpointbuilder.dll,-204 : Windows Audio Endpoint Builder
@%systemroot%\system32\userdataaccessres.dll,-10003 : User Data Storage
@%systemroot%\system32\mprdim.dll,-200 : Routing and Remote Access
@%systemroot%\system32\tokenbroker.dll,-101 : This service is used by Web Account Manager to provide single-sign-on to apps and services.
@%windir%\system32\inetsrv\iisres.dll,-30001 : Windows Process Activation Service
@%systemroot%\system32\cryptsvc.dll,-1002 : Provides three management services: Catalog Database Service, which confirms the signatures of Windows files and allows new programs to be installed; Protected Root Service, which adds and removes Trusted Root Certification Authority certificates from this computer; and Automatic Root Certificate Update Service, which retrieves root certificates from Windows Update and enable scenarios such as SSL. If this service is stopped, these management services will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\pacer.sys,-101 : QoS Packet Scheduler
@%systemroot%\system32\drivers\msseccore.sys,-1001 : Microsoft Security Core Boot Driver
@%systemroot%\system32\semgrsvc.dll,-1002 : Manages payments and Near Field Communication (NFC) based secure elements.
@%systemroot%\system32\drivers\pdc.sys,-100 : PDC
@firewallapi.dll,-50323 : SNMP Trap
@%systemroot%\system32\mprmsg.dll,-32014 : Remote Access LEGACY NDIS WAN Driver
@%systemroot%\system32\firewallapi.dll,-23090 : Windows Defender Firewall
@%systemroot%\system32\mprmsg.dll,-32013 : IP Traffic Filter Driver
@%systemroot%\system32\drivers\fltmgr.sys,-10001 : FltMgr
@%systemroot%\system32\moshost.dll,-101 : Windows service for application access to downloaded maps. This service is started on-demand by application accessing downloaded maps. Disabling this service will prevent apps from accessing maps.
@%systemroot%\system32\drivers\wcnfs.sys,-100 : Windows Container Name Virtualization
@%systemroot%\system32\devicesflowbroker.dll,-104 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\wdi.dll,-502 : Diagnostic Service Host
@%systemroot%\system32\drivers\mssecflt.sys,-1001 : Microsoft Security Events Component Minifilter
@%systemroot%\system32\presentationhost.exe,-3310 : Optimizes performance of Windows Presentation Foundation (WPF) applications by caching commonly used font data. WPF applications will start this service if it is not already running. It can be disabled, though doing so will degrade the performance of WPF applications.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\drivers\verifierext.sys,-1000 : Driver Verifier Extension
@%systemroot%\system32\wpnuserservice.dll,-1 : Windows Push Notifications User Service
@%systemroot%\system32\tzautoupdate.dll,-200 : Auto Time Zone Updater
@%systemroot%\system32\cdpsvc.dll,-101 : This service is used for Connected Devices Platform scenarios
@%systemroot%\system32\userdataaccessres.dll,-15001 : Contact Data
@%systemroot%\system32\securityhealthagent.dll,-1001 : Windows Security Service handles unified device protection and health information
@%windir%\system32\rpcepmap.dll,-1001 : RPC Endpoint Mapper
@%systemroot%\system32\drivers\mshidkmdf.sys,-100 : Pass-through HID to KMDF Filter Driver
@%systemroot%\system32\powrprof.dll,-12 : Favors performance, but may use more energy.
@%systemroot%\system32\sessenv.dll,-1027 : Remote Desktop Configuration service (RDCS) is responsible for all Remote Desktop Services and Remote Desktop related configuration and session maintenance activities that require SYSTEM context. These include per-session temporary folders, RD themes, and RD certificates.
@%systemroot%\system32\w32time.dll,-200 : Windows Time
@%systemroot%\system32\kpssvc.dll,-100 : KDC Proxy Server service (KPS)
@%systemroot%\system32\tetheringservice.dll,-4097 : Windows Mobile Hotspot Service
@%systemroot%\system32\windows.staterepository.dll,-2 : Provides required infrastructure support for the application model.
@%systemroot%\system32\rasauto.dll,-201 : Creates a connection to a remote network whenever a program references a remote DNS or NetBIOS name or address.
@%systemroot%\system32\flightsettings.dll,-103 : Windows Insider Service
@%systemroot%\system32\drivers\http.sys,-1 : HTTP Service
@winlangdb.dll,-1121 : English (United States)
@%systemroot%\system32\walletservice.dll,-1000 : WalletService
@%windir%\system32\inetsrv\iisres.dll,-30008 : Enables this server to administer the IIS metabase. The IIS metabase stores configuration for the SMTP and FTP services. If this service is stopped, the server will be unable to configure SMTP or FTP. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umpnpmgr.dll,-101 : Enables a computer to recognize and adapt to hardware changes with little or no user input. Stopping or disabling this service will result in system instability.
@%systemroot%\system32\drivers\netbt.sys,-2 : NETBT
@%systemroot%\system32\drivers\ipsecgw.sys,-10001 : Windows IPsec Gateway Driver
@%systemroot%\servicing\trustedinstaller.exe,-101 : Enables installation, modification, and removal of Windows updates and optional components. If this service is disabled, install or uninstall of Windows updates might fail for this computer.
@%systemroot%\system32\icsvc.dll,-202 : Provides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\certprop.dll,-13 : Smart Card Removal Policy
@%systemroot%\system32\umpnpmgr.dll,-200 : Plug and Play
@%systemroot%\system32\nlasvc.dll,-1 : Network Location Awareness
@comres.dll,-2946 : KtmRm for Distributed Transaction Coordinator
@icsvc.dll,-700 : Virtual Machine Monitoring
@%systemroot%\system32\drivers\ws2ifsl.sys,-1000 : Winsock IFS Driver
c:\windows\system32,@elscore.dll,-4 : Microsoft Simplified Chinese to Traditional Chinese Transliteration
@%systemroot%\system32\srvsvc.dll,-109 : File and Printer Sharing for Microsoft Networks
@%systemroot%\system32\iscsidsc.dll,-5000 : Microsoft iSCSI Initiator Service
@%systemroot%\system32\drivers\wdf01000.sys,-1000 : Kernel Mode Driver Frameworks service
@%systemroot%\system32\coremessaging.dll,-1 : CoreMessaging
@%systemroot%\system32\audioendpointbuilder.dll,-205 : Manages audio devices for the Windows Audio service. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\scdeviceenum.dll,-101 : Creates software device nodes for all smart card readers accessible to a given session. If this service is disabled, WinRT APIs will not be able to enumerate smart card readers.
@%systemroot%\system32\msimsg.dll,-32 : Adds, modifies, and removes applications provided as a Windows Installer (*.msi, *.msp) package. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ajrouter.dll,-1 : Routes AllJoyn messages for the local AllJoyn clients. If this service is stopped the AllJoyn clients that do not have their own bundled routers will be unable to run.
@%systemroot%\system32\drivers\tcpip.sys,-10101 : Transmission Control Protocol/Internet Protocol. The default wide area network protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\ngcctnrsvc.dll,-1 : Microsoft Passport Container
@%systemroot%\system32\powrprof.dll,-10 : Saves energy by reducing your computer’s performance where possible.
@%systemroot%\system32\vds.exe,-112 : Provides management services for disks, volumes, file systems, and storage arrays.
@%systemroot%\system32\ssdpsrv.dll,-100 : SSDP Discovery
@%systemroot%\system32\sstpsvc.dll,-202 : WAN Miniport (SSTP)
@%systemroot%\system32\embeddedmodesvc.dll,-202 : The Embedded Mode service enables scenarios related to Background Applications. Disabling this service will prevent Background Applications from being activated.
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1002 : Windows Defender Advanced Threat Protection service helps protect against advanced threats by monitoring and reporting security events that happen on the computer.
@%systemroot%\system32\windows.warp.jitservice.dll,-101 : Provides a JIT out of process service for WARP when running with ACG enabled.
@%systemroot%\system32\drivers\sgrmagent.sys,-1001 : System Guard Runtime Monitor Agent
@%systemroot%\system32\profsvc.dll,-301 : This service is responsible for loading and unloading user profiles. If this service is stopped or disabled, users will no longer be able to successfully sign in or sign out, apps might have problems getting to users' data, and components registered to receive profile event notifications won't receive them.
@%systemroot%\system32\seclogon.dll,-7001 : Secondary Logon
@appmgmts.dll,-3250 : Application Management
@%systemroot%\system32\iscsidsc.dll,-5001 : Manages Internet SCSI (iSCSI) sessions from this computer to remote iSCSI target devices. If this service is stopped, this computer will not be able to login or access iSCSI targets. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\umrdp.dll,-1001 : Allows the redirection of Printers/Drives/Ports for RDP connections
@%systemroot%\system32\wkssvc.dll,-1008 : DFS Namespace Client Driver
@%systemroot%\system32\lmhsvc.dll,-102 : Provides support for the NetBIOS over TCP/IP (NetBT) service and NetBIOS name resolution for clients on the network, therefore enabling users to share files, print, and log on to the network. If this service is stopped, these functions might be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\lltdres.dll,-6 : Link-Layer Topology Discovery Mapper I/O Driver
@%systemroot%\system32\pla.dll,-501 : Performance Logs and Alerts Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wcmsvc.dll,-4097 : Windows Connection Manager
@%systemroot%\system32\drivers\hwpolicy.sys,-101 : Hardware Policy Driver
@%systemroot%\system32\wsmsvc.dll,-102 : Windows Remote Management (WinRM) service implements the WS-Management protocol for remote management. WS-Management is a standard web services protocol used for remote software and hardware management. The WinRM service listens on the network for WS-Management requests and processes them. The WinRM Service needs to be configured with a listener using winrm.cmd command line tool or through Group Policy in order for it to listen over the network. The WinRM service provides access to WMI data and enables event collection. Event collection and subscription to events require that the service is running. WinRM messages use HTTP and HTTPS as transports. The WinRM service does not depend on IIS but is preconfigured to share a port with IIS on the same machine. The WinRM service reserves the /wsman URL prefix. To prevent conflicts with IIS, administrators should ensure that any websites hosted on IIS do not use the /wsman URL prefix.
@%systemroot%\system32\tieringengineservice.exe,-702 : Storage Tiers Management
@%systemroot%\system32\dps.dll,-500 : Diagnostic Policy Service
@%systemroot%\system32\sensrsvc.dll,-1001 : Monitors various sensors in order to expose data and adapt to system and user state. If this service is stopped or disabled, the display brightness will not adapt to lighting conditions. Stopping this service may affect other system functionality and features as well.
@%systemroot%\system32\dnsapi.dll,-103 : Domain Name System (DNS) Server Trust
c:\windows\system32,@elscore.dll,-1 : Microsoft Language Detection
@%systemroot%\system32\axinstsv.dll,-104 : Provides User Account Control validation for the installation of ActiveX controls from the Internet and enables management of ActiveX control installation based on Group Policy settings. This service is started on demand and if disabled the installation of ActiveX controls will behave according to default browser settings.
@%systemroot%\system32\mprmsg.dll,-32001 : Remote Access NDIS TAPI Driver
@%systemroot%\system32\drivers\mup.sys,-101 : MUP
@%systemroot%\system32\storsvc.dll,-101 : Provides enabling services for storage settings and external storage expansion
@enterpriseappmgmtsvc.dll,-2 : Enables enterprise application management.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-100 : Shared PC Account Manager
@%systemroot%\system32\netsetupsvc.dll,-3 : Network Setup Service
@%systemroot%\system32\netlogon.dll,-103 : Maintains a secure channel between this computer and the domain controller for authenticating users and services. If this service is stopped, the computer may not authenticate users and services and the domain controller cannot register DNS records. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\scardsvr.dll,-1 : Smart Card
@%systemroot%\system32\clipsvc.dll,-104 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled applications bought using Windows Store will not behave correctly.
@%systemroot%\servicing\trustedinstaller.exe,-100 : Windows Modules Installer
@%systemroot%\system32\pushtoinstall.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started automatically and if disabled then remote installations will not function properly.
@%systemroot%\system32\drivers\mslldp.sys,-210 : IEEE 802.1AB Link-Layer Discovery Protocol (LLDP). Supports Microsoft Data Center Networking (DCN).
@%systemroot%\system32\icsvcext.dll,-601 : Hyper-V Remote Desktop Virtualization Service
@%systemroot%\system32\phoneserviceres.dll,-10001 : Manages the telephony state on the device
@%systemroot%\system32\dot3svc.dll,-1103 : The Wired AutoConfig (DOT3SVC) service is responsible for performing IEEE 802.1X authentication on Ethernet interfaces. If your current wired network deployment enforces 802.1X authentication, the DOT3SVC service should be configured to run for establishing Layer 2 connectivity and/or providing access to network resources. Wired networks that do not enforce 802.1X authentication are unaffected by the DOT3SVC service.
@comres.dll,-948 : Manages the configuration and tracking of Component Object Model (COM)+-based components. If the service is stopped, most COM+-based components will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dmwappushsvc.dll,-201 : Routes Wireless Application Protocol (WAP) Push messages received by the device and synchronizes Device Management sessions
@%systemroot%\system32\netprofmsvc.dll,-202 : Network List Service
@%systemroot%\system32\wkssvc.dll,-100 : Workstation
@waasmedicsvc.dll,-100 : Windows Update Medic Service
@%systemroot%\system32\wkssvc.dll,-1002 : SMB MiniRedirector Wrapper and Engine
@%systemroot%\system32\drivers\filecrypt.sys,-100 : FileCrypt
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%systemroot%\system32\captureservice.dll,-100 : CaptureService
@%systemroot%\system32\powrprof.dll,-14 : Automatically balances performance with energy consumption on capable hardware.
@%windir%\system32\systemeventsbrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\shsvcs.dll,-12289 : Provides notifications for AutoPlay hardware events.
@%systemroot%\system32\icsvcext.dll,-602 : Provides a platform for communication between the virtual machine and the operating system running on the physical computer.
@%systemroot%\system32\dhcpcore.dll,-101 : Registers and updates IP addresses and DNS records for this computer. If this service is stopped, this computer will not receive dynamic IP addresses and DNS updates. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wercplsupport.dll,-101 : Problem Reports and Solutions Control Panel Support
@%windir%\system32\inetsrv\iisres.dll,-30004 : Provides Web connectivity and administration through the Internet Information Services Manager
@%systemroot%\system32\drivers\tcpip.sys,-10100 : Internet Protocol Version 4 (TCP/IPv4)
@%systemroot%\system32\rasmans.dll,-200 : Remote Access Connection Manager
@%windir%\system32\inetsrv\iisres.dll,-30007 : IIS Admin Service
@%systemroot%\system32\devicesetupmanager.dll,-1000 : Device Setup Manager
@%systemroot%\system32\dmwappushsvc.dll,-200 : Device Management Wireless Application Protocol (WAP) Push message Routing Service
@%systemroot%\system32\drivers\tcpip.sys,-10102 : Internet Protocol Version 6 (TCP/IPv6)
@%systemroot%\system32\swprv.dll,-103 : Microsoft Software Shadow Copy Provider
c:\windows\system32,@elscore.dll,-9 : Microsoft Bengali to Latin Transliteration
@%systemroot%\system32\icsvc.dll,-402 : Synchronizes the system time of this virtual machine with the system time of the physical computer.
@%systemroot%\system32\firewallapi.dll,-23091 : Windows Defender Firewall helps protect your computer by preventing unauthorized users from gaining access to your computer through the Internet or a network.
@%systemroot%\system32\wkssvc.dll,-1010 : Client for Microsoft Networks
@%systemroot%\system32\tzautoupdate.dll,-201 : Automatically sets the system time zone.
@%systemroot%\system32\usocore.dll,-102 : Manages Windows Updates. If stopped, your devices will not be able download and install latest udpates.
@%systemroot%\system32\cbdhsvc.dll,-100 : Clipboard User Service
@%systemroot%\system32\iphlpsvc.dll,-501 : Provides tunnel connectivity using IPv6 transition technologies (6to4, ISATAP, Port Proxy, and Teredo), and IP-HTTPS. If this service is stopped, the computer will not have the enhanced connectivity benefits that these technologies offer.
@%systemroot%\system32\seclogon.dll,-7000 : Enables starting processes under alternate credentials. If this service is stopped, this type of logon access will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ncbservice.dll,-500 : Network Connection Broker
@%systemroot%\system32\iphlpsvc.dll,-500 : IP Helper
@%systemroot%\system32\drivers\ahcache.sys,-102 : Application Compatibility Cache
@%systemroot%\system32\diagsvcs\diagnosticshub.standardcollector.serviceres.dll,-1001 : Diagnostics Hub Standard Collector Service. When running, this service collects real time ETW events and processes them.
@%systemroot%\system32\icsvc.dll,-901 : Hyper-V PowerShell Direct Service
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-1 : Printer Extensions and Notifications
@%systemroot%\system32\installservice.dll,-200 : Microsoft Store Install Service
@%systemroot%\system32\searchindexer.exe,-104 : Provides content indexing, property caching, and search results for files, e-mail, and other content.
@%systemroot%\system32\windows.warp.jitservice.dll,-100 : WarpJITSvc
@%systemroot%\system32\icsvcext.dll,-502 : Coordinates the communications that are required to use Volume Shadow Copy Service to back up applications and data on this virtual machine from the operating system on the physical computer.
@%systemroot%\system32\lfsvc.dll,-1 : Geolocation Service
@%systemroot%\system32\wbem\wmiapsrv.exe,-111 : Provides performance library information from Windows Management Instrumentation (WMI) providers to clients on the network. This service only runs when Performance Data Helper is activated.
@%systemroot%\system32\drivers\mshidumdf.sys,-100 : Pass-through HID to UMDF Driver
@%systemroot%\system32\licensemanagersvc.dll,-200 : Windows License Manager Service
@%systemroot%\system32\appvclient.exe,-101 : Manages App-V users and virtual applications
@%systemroot%\system32\lltdres.dll,-2 : Creates a Network Map, consisting of PC and device topology (connectivity) information, and metadata describing each PC and device. If this service is disabled, the Network Map will not function properly.
@%systemroot%\system32\vaultsvc.dll,-1003 : Credential Manager
@%systemroot%\system32\drivers\storqosflt.sys,-101 : Storage QoS Filter Driver
@%systemroot%\system32\wpnuserservice.dll,-2 : This service hosts Windows notification platform which provides support for local and push notifications. Supported notifications are tile, toast and raw.
@%systemroot%\system32\wersvc.dll,-100 : Windows Error Reporting Service
@%windir%\system32\inetsrv\iisres.dll,-30003 : World Wide Web Publishing Service
@%systemroot%\system32\ualsvc.dll,-102 : User Access Logging Service
@%systemroot%\system32\clipsvc.dll,-103 : Client License Service (ClipSVC)
@combase.dll,-5012 : DCOM Server Process Launcher
@%systemroot%\system32\scardsvr.dll,-5 : Manages access to smart cards read by this computer. If this service is stopped, this computer will be unable to read smart cards. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\firewallapi.dll,-38523 : Secure World Wide Web Services (HTTPS)
@%systemroot%\system32\drivers\ndisimplatform.sys,-500 : Provides a platform for network adapter load balancing and fail-over.
@%systemroot%\system32\mprmsg.dll,-32007 : Remote Access PPPOE Driver
@%systemroot%\system32\shsvcs.dll,-12288 : Shell Hardware Detection
@%systemroot%\system32\wlidsvc.dll,-101 : Enables user sign-in through Microsoft account identity services. If this service is stopped, users will not be able to logon to the computer with their Microsoft account.
@%systemroot%\system32\dosvc.dll,-101 : Performs content delivery optimization tasks
@%systemroot%\system32\lltdres.dll,-4 : Used to discover and locate other PCs, devices, and network infrastructure components on the network. Also used to determine network bandwidth.
@%systemroot%\system32\wkssvc.dll,-101 : Creates and maintains client network connections to remote servers using the SMB protocol. If this service is stopped, these connections will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\cbdhsvc.dll,-101 : This user service is used for Clipboard scenarios
@%systemroot%\system32\trkwks.dll,-1 : Distributed Link Tracking Client
@%systemroot%\system32\sensrsvc.dll,-1000 : Sensor Monitoring Service
@%windir%\system32\lsm.dll,-1001 : Local Session Manager
@%systemroot%\system32\dps.dll,-501 : The Diagnostic Policy Service enables problem detection, troubleshooting and resolution for Windows components. If this service is stopped, diagnostics will no longer function.
@%systemroot%\system32\drivers\luafv.sys,-100 : UAC File Virtualization
@%systemroot%\system32\userdataaccessres.dll,-15000 : Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results.
@%systemroot%\system32\windows.devices.picker.dll,-1007 : This user service is used for managing the Miracast, DLNA, and DIAL UI
@%systemroot%\system32\icsvc.dll,-802 : Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
@%systemroot%\system32\sessenv.dll,-1026 : Remote Desktop Configuration
@%systemroot%\system32\nsisvc.dll,-201 : This service delivers network notifications (e.g. interface addition/deleting etc) to user mode clients. Stopping this service will cause loss of network connectivity. If this service is disabled, any other services that explicitly depend on this service will fail to start.
@%systemroot%\system32\btagservice.dll,-101 : Bluetooth Audio Gateway Service
c:\windows\system32,@elscore.dll,-10 : Microsoft Hangul Decomposition Transliteration
@%systemroot%\system32\userdataaccessres.dll,-10002 : Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly.
@%systemroot%\system32\windows.sharedpc.accountmanager.dll,-101 : Manages profiles and accounts on a SharedPC configured device
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Recovery Key Encryption
@%systemroot%\system32\usocore.dll,-101 : Update Orchestrator Service
@%systemroot%\system32\mprmsg.dll,-32005 : WAN Miniport (L2TP)
@%systemroot%\system32\bthserv.dll,-101 : Bluetooth Support Service
@%systemroot%\system32\tetheringservice.dll,-4098 : Provides the ability to share a cellular data connection with another device.
@%systemroot%\system32\smphost.dll,-101 : Host service for the Microsoft Storage Spaces management provider. If this service is stopped or disabled, Storage Spaces cannot be managed.
@comres.dll,-947 : COM+ System Application
@%systemroot%\system32\drivers\wimmount.sys,-101 : WIMMount
@%systemroot%\system32\ssdpsrv.dll,-101 : Discovers networked devices and services that use the SSDP discovery protocol, such as UPnP devices. Also announces SSDP devices and services running on the local computer. If this service is stopped, SSDP-based devices will not be discovered. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\devicesetupmanager.dll,-1001 : Enables the detection, download and installation of device-related software. If this service is disabled, devices may be configured with outdated software, and may not work correctly.
@%systemroot%\system32\swprv.dll,-102 : Manages software-based volume shadow copies taken by the Volume Shadow Copy service. If this service is stopped, software-based volume shadow copies cannot be managed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\qmgr.dll,-1001 : Transfers files in the background using idle network bandwidth. If the service is disabled, then any applications that depend on BITS, such as Windows Update or MSN Explorer, will be unable to automatically download programs and other information.
@%systemroot%\system32\certprop.dll,-11 : Certificate Propagation
@comres.dll,-2798 : Coordinates transactions that span multiple resource managers, such as databases, message queues, and file systems. If this service is stopped, these transactions will fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\dssvc.dll,-10002 : Provides data brokering between applications.
@%windir%\system32\inetsrv\iisres.dll,-30014 : W3C Logging Service
@%systemroot%\system32\umpo.dll,-100 : Power
@comres.dll,-2797 : Distributed Transaction Coordinator
@%systemroot%\system32\cdpusersvc.dll,-101 : This user service is used for Connected Devices Platform scenarios
@%systemroot%\system32\wercplsupport.dll,-100 : This service provides support for viewing, sending and deletion of system-level problem reports for the Problem Reports and Solutions control panel.
@%systemroot%\system32\drivers\tcpip.sys,-10001 : TCP/IP Protocol Driver
@%systemroot%\system32\qwave.dll,-1 : Quality Windows Audio Video Experience
@firewallapi.dll,-50324 : Receives trap messages generated by local or remote Simple Network Management Protocol (SNMP) agents and forwards the messages to SNMP management programs running on this computer. If this service is stopped, SNMP-based programs on this computer will not receive SNMP trap messages. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\certprop.dll,-14 : Allows the system to be configured to lock the user desktop upon smart card removal.
@%systemroot%\system32\firewallapi.dll,-36902 : Software Load Balancer
@%systemroot%\system32\wuaueng.dll,-106 : Enables the detection, download, and installation of updates for Windows and other programs. If this service is disabled, users of this computer will not be able to use Windows Update or its automatic updating feature, and programs will not be able to use the Windows Update Agent (WUA) API.
@%systemroot%\system32\ikeext.dll,-502 : The IKEEXT service hosts the Internet Key Exchange (IKE) and Authenticated Internet Protocol (AuthIP) keying modules. These keying modules are used for authentication and key exchange in Internet Protocol security (IPsec). Stopping or disabling the IKEEXT service will disable IKE and AuthIP key exchange with peer computers. IPsec is typically configured to use IKE or AuthIP; therefore, stopping or disabling the IKEEXT service might result in an IPsec failure and might compromise the security of the system. It is strongly recommended that you have the IKEEXT service running.
@%systemroot%\system32\sensorservice.dll,-1001 : A service for sensors that manages different sensors' functionality. Manages Simple Device Orientation (SDO) and History for sensors. Loads the SDO sensor that reports device orientation changes. If this service is stopped or disabled, the SDO sensor will not be loaded and so auto-rotation will not occur. History collection from Sensors will also be stopped.
@%systemroot%\system32\drivers\dam.sys,-100 : Desktop Activity Moderator Driver
@%systemroot%\system32\capabilityaccessmanager.dll,-1 : Capability Access Manager Service
@%systemroot%\system32\agentservice.exe,-102 : User Experience Virtualization Service
@%systemroot%\system32\drivers\mountmgr.sys,-100 : Mount Point Manager
@%systemroot%\system32\wiaservc.dll,-10 : Provides image acquisition services for scanners and cameras
@%systemroot%\syswow64\perfhost.exe,-1 : Enables remote users and 64-bit processes to query performance counters provided by 32-bit DLLs. If this service is stopped, only local users and 32-bit processes will be able to query performance counters provided by 32-bit DLLs.
@%systemroot%\system32\bthserv.dll,-102 : The Bluetooth service supports discovery and association of remote Bluetooth devices. Stopping or disabling this service may cause already installed Bluetooth devices to fail to operate properly and prevent new devices from being discovered or associated.
@%systemroot%\system32\lltdres.dll,-3 : Allows this PC to be discovered and located on the network.
@%systemroot%\system32\wpnservice.dll,-2 : This service runs in session 0 and hosts the notification platform and connection provider which handles the connection between the device and WNS server.
@%windir%\system32\timebrokerserver.dll,-1002 : Coordinates execution of background work for WinRT application. If this service is stopped or disabled, then background work might not be triggered.
@%systemroot%\system32\wkssvc.dll,-1006 : SMB 2.0 MiniRedirector
@%systemroot%\system32\cscsvc.dll,-202 : Offline Files Driver
@%systemroot%\system32\usermgr.dll,-100 : User Manager
@%systemroot%\system32\alg.exe,-112 : Application Layer Gateway Service
@%systemroot%\system32\drivers\ndproxy.sys,-6000 : NDIS Proxy Driver
@%programfiles%\windows defender advanced threat protection\mssense.exe,-1001 : Windows Defender Advanced Threat Protection Service
@%systemroot%\system32\frameserver.dll,-101 : Enables multiple clients to access video frames from camera devices.
@c:\windows\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\icsvcext.dll,-501 : Hyper-V Volume Shadow Copy Requestor
@%systemroot%\system32\sacsvr.dll,-500 : Special Administration Console Helper
@%systemroot%\system32\wbem\wmisvc.dll,-204 : Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\schedsvc.dll,-101 : Enables a user to configure and schedule automated tasks on this computer. The service also hosts multiple Windows system-critical tasks. If this service is stopped or disabled, these tasks will not be run at their scheduled times. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\bisrv.dll,-100 : Background Tasks Infrastructure Service
@%systemroot%\system32\wersvc.dll,-101 : Allows errors to be reported when programs stop working or responding and allows existing solutions to be delivered. Also allows logs to be generated for diagnostic and repair services. If this service is stopped, error reporting might not work correctly and results of diagnostic services and repairs might not be displayed.
@%systemroot%\system32\termsrv.dll,-267 : Allows users to connect interactively to a remote computer. Remote Desktop and Remote Desktop Session Host Server depend on this service. To prevent remote use of this computer, clear the checkboxes on the Remote tab of the System properties control panel item.
@%systemroot%\system32\sens.dll,-201 : Monitors system events and notifies subscribers to COM+ Event System of these events.
@%systemroot%\system32\drivers\mssecwfp.sys,-1001 : Microsoft Security WFP Callout Driver
@%systemroot%\system32\devquerybroker.dll,-101 : Enables apps to discover devices with a backgroud task
@%systemroot%\system32\tabsvc.dll,-101 : Enables Touch Keyboard and Handwriting Panel pen and ink functionality
@%systemroot%\system32\drivers\scfilter.sys,-11 : Smart card PnP Class Filter Driver
@%systemroot%\system32\wsmsvc.dll,-101 : Windows Remote Management (WS-Management)
@%systemroot%\system32\userdataaccessres.dll,-14001 : User Data Access
@%systemroot%\system32\ncbservice.dll,-501 : Brokers connections that allow Windows Store Apps to receive notifications from the internet.
@%systemroot%\system32\wpnservice.dll,-1 : Windows Push Notifications System Service
@%systemroot%\system32\drivers\volsnap.sys,-100 : Volume Shadow Copy driver
@%systemroot%\system32\hidserv.dll,-102 : Activates and maintains the use of hot buttons on keyboards, remote controls, and other multimedia devices. It is recommended that you keep this service running.
@%systemroot%\system32\efssvc.dll,-101 : Provides the core file encryption technology used to store encrypted files on NTFS file system volumes. If this service is stopped or disabled, applications will be unable to access encrypted files.
@%systemroot%\system32\vds.exe,-100 : Virtual Disk
@%systemroot%\system32\drivers\rdpdr.sys,-100 : Remote Desktop Device Redirector Driver
@%systemroot%\system32\wdi.dll,-500 : Diagnostic System Host
@%systemroot%\system32\lltdres.dll,-5 : Link-Layer Topology Discovery Responder
@%systemroot%\system32\drivers\appvstrm.sys,-101 : AppvStrm
@%systemroot%\system32\wkssvc.dll,-1011 : Allows your computer to access resources on a Microsoft network.
@%systemroot%\system32\wbiosrvc.dll,-100 : Windows Biometric Service
@%systemroot%\system32\umpnpmgr.dll,-100 : Device Install Service
@%systemroot%\system32\consentuxclient.dll,-101 : Allows ConnectUX and PC Settings to Connect and Pair with WiFi displays and Bluetooth devices.
@%systemroot%\system32\captureservice.dll,-101 : OneCore Capture Service
@%systemroot%\system32\sstpsvc.dll,-201 : Provides support for the Secure Socket Tunneling Protocol (SSTP) to connect to remote computers using VPN. If this service is disabled, users will not be able to use SSTP to access remote servers.
@%systemroot%\system32\upnphost.dll,-213 : UPnP Device Host
@%systemroot%\system32\wevtsvc.dll,-200 : Windows Event Log
@%systemroot%\system32\windows.internal.management.dll,-101 : Performs Device Enrollment Activities for Device Management
@%systemroot%\system32\diagtrack.dll,-3002 : The Connected User Experiences and Telemetry service enables features that support in-application and connected user experiences. Additionally, this service manages the event driven collection and transmission of diagnostic and usage information (used to improve the experience and quality of the Windows Platform) when the diagnostics and usage privacy option settings are enabled under Feedback and Diagnostics.
@%systemroot%\system32\svsvc.dll,-101 : Spot Verifier
@%systemroot%\system32\trkwks.dll,-2 : Maintains links between NTFS files within a computer or across computers in a network.
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@%systemroot%\system32\drivers\partmgr.sys,-100 : Partition driver
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\drivers\filetrace.sys,-10001 : FileTrace
@%systemroot%\system32\urlmon.dll,-4200 : Open File - Security Warning
@%systemroot%\system32\drivers\wudfpf.sys,-1000 : User Mode Driver Frameworks Platform Driver
@%systemroot%\system32\wecsvc.dll,-200 : Windows Event Collector
@%systemroot%\system32\icsvc.dll,-302 : Provides a mechanism to shut down the operating system of this virtual machine from the management interfaces on the physical computer.
@%systemroot%\system32\wpdbusenum.dll,-100 : Portable Device Enumerator Service
@%systemroot%\system32\drivers\bam.sys,-100 : Background Activity Moderator Driver
@%systemroot%\system32\pla.dll,-500 : Performance Logs & Alerts
@%systemroot%\system32\sstpsvc.dll,-200 : Secure Socket Tunneling Protocol Service
@comres.dll,-2450 : COM+ Event System
@%systemroot%\system32\vaultsvc.dll,-1004 : Provides secure storage and retrieval of credentials to users, applications and security service packages.
@%systemroot%\system32\installservice.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then installations will not function properly.
@%systemroot%\system32\mprmsg.dll,-32006 : WAN Miniport (PPTP)
@gpapi.dll,-112 : Group Policy Client
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\vssvc.exe,-101 : Manages and implements Volume Shadow Copies used for backup and other purposes. If this service is stopped, shadow copies will be unavailable for backup and the backup may fail. If this service is disabled, any services that explicitly depend on it will fail to start.
@%windir%\system32\drivers\netbios.sys,-503 : NetBIOS Interface
@%systemroot%\system32\appreadiness.dll,-1000 : App Readiness
@%systemroot%\system32\drivers\qwavedrv.sys,-1 : QWAVE driver
c:\windows\system32,@elscore.dll,-5 : Microsoft Transliteration Engine
@%systemroot%\system32\certprop.dll,-12 : Copies user certificates and root certificates from smart cards into the current user's certificate store, detects when a smart card is inserted into a smart card reader, and, if needed, installs the smart card Plug and Play minidriver.
@%systemroot%\system32\drivers\bindflt.sys,-100 : Windows Bind Filter Driver
@%systemroot%\system32\sensordataservice.exe,-101 : Sensor Data Service
@c:\windows\syswow64\firewallcontrolpanel.dll,-12122 : Windows Defender Firewall
@%systemroot%\system32\flightsettings.dll,-104 : Provides infrastructure support for the Windows Insider Program. This service must remain enabled for the Windows Insider Program to work.
@%systemroot%\microsoft.net\framework64\v4.0.30319\aspnet_rc.dll,-2 : Provides support for out-of-process session states for ASP.NET. If this service is stopped, out-of-process requests will not be processed. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\moshost.dll,-100 : Downloaded Maps Manager
@%systemroot%\system32\hidserv.dll,-101 : Human Interface Device Service
@%systemroot%\system32\powrprof.dll,-11 : Power saver
@%systemroot%\system32\sacsvr.dll,-501 : Allows administrators to remotely access a command prompt using Emergency Management Services.
@%systemroot%\system32\graphicsperfsvc.dll,-101 : Graphics performance monitor service
@%systemroot%\system32\graphicsperfsvc.dll,-100 : GraphicsPerfSvc
@c:\windows\system32\spool\drivers\x64\3\printconfig.dll,-2 : This service opens custom printer dialog boxes and handles notifications from a remote print server or a printer. If you turn off this service, you won’t be able to see printer extensions or notifications.
@%systemroot%\system32\dnsapi.dll,-102 : The DNS Client service (dnscache) caches Domain Name System (DNS) names and registers the full computer name for this computer. If the service is stopped, DNS names will continue to be resolved. However, the results of DNS name queries will not be cached and the computer's name will not be registered. If the service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\ualsvc.dll,-101 : This service logs unique client access requests, in the form of IP addresses and user names, of installed products and roles on the local server. This information can be queried, via Powershell, by administrators needing to quantify client demand of server software for offline Client Access License (CAL) management. If the service is disabled, client requests will not be logged and will not be retrievable via Powershell queries. Stopping the service will not affect query of historical data (see supporting documentation for steps to delete historical data). The local system administrator must consult his, or her, Windows Server license terms to determine the number of CALs that are required for the server software to be appropriately licensed; use of the UAL service and data does not alter this obligation.
@%systemroot%\system32\ikeext.dll,-501 : IKE and AuthIP IPsec Keying Modules
@%systemroot%\system32\cryptsvc.dll,-1001 : Cryptographic Services
@%systemroot%\system32\appidsvc.dll,-100 : Application Identity
@%systemroot%\system32\embeddedmodesvc.dll,-201 : Embedded Mode
@%systemroot%\system32\srpapi.dll,-100 : AppID Driver
@%systemroot%\system32\ajrouter.dll,-2 : AllJoyn Router Service
@%systemroot%\system32\licensemanagersvc.dll,-201 : Provides infrastructure support for the Microsoft Store. This service is started on demand and if disabled then content acquired through the Microsoft Store will not function properly.
@%systemroot%\system32\rasauto.dll,-200 : Remote Access Auto Connection Manager
@%systemroot%\system32\ngcsvc.dll,-100 : Microsoft Passport
@%systemroot%\system32\w32time.dll,-201 : Maintains date and time synchronization on all clients and servers in the network. If this service is stopped, date and time synchronization will be unavailable. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\drivers\ndiscap.sys,-5000 : Microsoft NDIS Capture
@%systemroot%\system32\drivers\ndis.sys,-200 : NDIS System Driver
@%systemroot%\system32\presentationhost.exe,-3309 : Windows Presentation Foundation Font Cache 3.0.0.0
@%systemroot%\system32\srvsvc.dll,-100 : Server
@%systemroot%\system32\winhttp.dll,-101 : WinHTTP implements the client HTTP stack and provides developers with a Win32 API and COM Automation component for sending HTTP requests and receiving responses. In addition, WinHTTP provides support for auto-discovering a proxy configuration via its implementation of the Web Proxy Auto-Discovery (WPAD) protocol.
@%systemroot%\system32\diagtrack.dll,-3001 : Connected User Experiences and Telemetry
@%systemroot%\system32\kpssvc.dll,-101 : KDC Proxy Server service runs on edge servers to proxy Kerberos protocol messages to domain controllers on the corporate network.
@%systemroot%\system32\appxdeploymentserver.dll,-2 : Provides infrastructure support for deploying Store applications. This service is started on demand and if disabled Store applications will not be deployed to the system, and may not function properly.
c:\windows\system32,@elscore.dll,-6 : Microsoft Cyrillic to Latin Transliteration
@%systemroot%\system32\mprdim.dll,-201 : Offers routing services to businesses in local area and wide area network environments.
@%systemroot%\system32\drivers\wudfrd.sys,-1000 : Windows Driver Foundation - User-mode Driver Framework Reflector
@%systemroot%\system32\sysmain.dll,-1000 : SysMain
@%systemroot%\system32\bthavctpsvc.dll,-101 : AVCTP service
@%systemroot%\system32\bthavctpsvc.dll,-102 : This is Audio Video Control Transport Protocol service
c:\windows\system32,@elscore.dll,-2 : Microsoft Script Detection
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wiarpc.dll,-1 : Launches applications associated with still image acquisition events.
@sstpsvc.dll,-35001 : Secure Socket Tunneling Protocol
@%systemroot%\system32\drivers\mslldp.sys,-200 : Microsoft Link-Layer Discovery Protocol
@%systemroot%\system32\wbem\wmisvc.dll,-205 : Windows Management Instrumentation
@%systemroot%\system32\consentuxclient.dll,-100 : ConsentUX
@%systemroot%\system32\appidsvc.dll,-101 : Determines and verifies the identity of an application. Disabling this service will prevent AppLocker from being enforced.
@%systemroot%\system32\rasmans.dll,-201 : Manages dial-up and virtual private network (VPN) connections from this computer to the Internet or other remote networks. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\profsvc.dll,-300 : User Profile Service
@%systemroot%\system32\icsvc.dll,-102 : Monitors the state of this virtual machine by reporting a heartbeat at regular intervals. This service helps you identify running virtual machines that have stopped responding.
@%windir%\system32\inetsrv\iisres.dll,-30002 : The Windows Process Activation Service (WAS) provides process activation, resource management and health management services for message-activated applications.
@%systemroot%\system32\netsetupsvc.dll,-4 : The Network Setup Service manages the installation of network drivers and permits the configuration of low-level network settings. If this service is stopped, any driver installations that are in-progress may be cancelled.
@%systemroot%\system32\drivers\wcifs.sys,-100 : Windows Container Isolation
@%systemroot%\system32\fdphost.dll,-100 : Function Discovery Provider Host
@%systemroot%\system32\ipnathlp.dll,-107 : Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network.
@%systemroot%\system32\agentservice.exe,-101 : Provides support for application and OS settings roaming
@%systemroot%\system32\wbem\wmiapsrv.exe,-110 : WMI Performance Adapter
@waasmedicsvc.dll,-101 : Enables remediation and protection of Windows Update components.
@%systemroot%\microsoft.net\framework64\v4.0.30319\servicemodelinstallrc.dll,-8200 : Provides ability to share TCP ports over the net.tcp protocol.
@combase.dll,-5013 : The DCOMLAUNCH service launches COM and DCOM servers in response to object activation requests. If this service is stopped or disabled, programs using COM or DCOM will not function properly. It is strongly recommended that you have the DCOMLAUNCH service running.
@%systemroot%\system32\drivers\mmcss.sys,-100 : Multimedia Class Scheduler
@%systemroot%\system32\walletservice.dll,-1001 : Hosts objects used by clients of the wallet
@%systemroot%\system32\icsvc.dll,-401 : Hyper-V Time Synchronization Service
@%systemroot%\system32\drivers\ndisvirtualbus.sys,-200 : Microsoft Virtual Network Adapter Enumerator
@%systemroot%\system32\audiosrv.dll,-201 : Manages audio for Windows-based programs. If this service is stopped, audio devices and effects will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start
@%systemroot%\system32\pcasvc.dll,-2 : This service provides support for the Program Compatibility Assistant (PCA). PCA monitors programs installed and run by the user and detects known compatibility problems. If this service is stopped, PCA will not function properly.
@%systemroot%\system32\bfe.dll,-1001 : Base Filtering Engine
@%systemroot%\system32\sens.dll,-200 : System Event Notification Service
@%systemroot%\system32\mprmsg.dll,-32000 : RAS Asynchronous Media Driver
@%systemroot%\system32\netman.dll,-110 : Manages objects in the Network and Dial-Up Connections folder, in which you can view both local area network and remote connections.
@regsvc.dll,-2 : Enables remote users to modify registry settings on this computer. If this service is stopped, the registry can be modified only by users on this computer. If this service is disabled, any services that explicitly depend on it will fail to start.
@%systemroot%\system32\wdi.dll,-503 : The Diagnostic Service Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local Service context. If this service is stopped, any diagnostics that depend on it will no longer function.
@%systemroot%\system32\icsvc.dll,-101 : Hyper-V Heartbeat Service
@%systemroot%\system32\srvsvc.dll,-104 : Server SMB 2.xxx Driver
@%systemroot%\system32\netprofmsvc.dll,-203 : Identifies the networks to which the computer has connected, collects and stores properties for these networks, and notifies applications when these properties change.
@%systemroot%\system32\drivers\tcpip.sys,-10103 : TCP/IP version 6. The latest version of the internet protocol that provides communication across diverse interconnected networks.
@%systemroot%\system32\dot3svc.dll,-1102 : Wired AutoConfig
@peerdistsh.dll,-9003 : BranchCache - Hosted Cache Client (Uses HTTPS)
@%systemroot%\system32\drivers\uevagentdriver.sys,-101 : UevAgentDriver
@%systemroot%\system32\tcpipcfg.dll,-50004 : NetIO Legacy TDI Support Driver
@%systemroot%\system32\dhcpcore.dll,-100 : DHCP Client
@%systemroot%\system32\appinfo.dll,-101 : Facilitates the running of interactive applications with additional administrative privileges. If this service is stopped, users will be unable to launch applications with the additional administrative privileges they may require to perform desired user tasks.
@%systemroot%\system32\wiarpc.dll,-2 : Still Image Acquisition Events
@%systemroot%\system32\eapsvc.dll,-2 : The Extensible Authentication Protocol (EAP) service provides network authentication in such scenarios as 802.1x wired and wireless, VPN, and Network Access Protection (NAP). EAP also provides application programming interfaces (APIs) that are used by network access clients, including wireless and VPN clients, during the authentication process. If you disable this service, this computer is prevented from accessing networks that require EAP authentication.
@%systemroot%\system32\securityhealthagent.dll,-1002 : Windows Security Service
@%systemroot%\system32\wdi.dll,-501 : The Diagnostic System Host is used by the Diagnostic Policy Service to host diagnostics that need to run in a Local System context. If this service is stopped, any diagnostics that depend on it will no longer function.
@enterpriseappmgmtsvc.dll,-1 : Enterprise App Management Service
@%systemroot%\system32\coremessaging.dll,-2 : Manages communication between system components.
@%systemroot%\system32\drivers\nsiproxy.sys,-2 : NSI Proxy Service Driver
@%systemroot%\system32\drivers\fsdepends.sys,-10001 : File System Dependency Minifilter
@%programfiles%\windows media player\wmpnetwk.exe,-102 : Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play
@%systemroot%\system32\fntcache.dll,-101 : Optimizes performance of applications by caching commonly used font data. Applications will start this service if it is not already running. It can be disabled, though doing so will degrade application performance.
@%systemroot%\system32\searchindexer.exe,-103 : Windows Search
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\wscript.exe.friendlyappname : Microsoft ® Windows Based Script Host
c:\windows\system32\compmgmtlauncher.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\wusa.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\compmgmtlauncher.exe.friendlyappname : Computer Management Snapin Launcher
c:\windows\system32\wusa.exe.friendlyappname : Windows Update Standalone Installer
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\appresolver.dll.friendlyappname : App Resolver
c:\program files (x86)\jam software\treesize free\treesizefree.exe.applicationcompany : JAM Software
c:\program files (x86)\windows media player\wmplayer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\wscript.exe.friendlyappname : Microsoft ® Windows Based Script Host
c:\windows\system32\notepad.exe.friendlyappname : Notepad
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.friendlyappname : Internet Explorer
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\windows\system32\openwith.exe.friendlyappname : Pick an app
c:\users\techexcel\appdata\local\programs\microsoft vs code\code.exe.friendlyappname : Visual Studio Code
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\program files\internet explorer\iexplore.exe.applicationcompany : Microsoft Corporation
c:\windows\explorer.exe.friendlyappname : Windows Explorer
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
c:\program files\windows nt\accessories\wordpad.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\mmc.exe.friendlyappname : Microsoft Management Console
c:\users\techexcel\appdata\local\programs\microsoft vs code\code.exe.applicationcompany : Microsoft Corporation
langid : .
c:\windows\system32\openwith.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\shell32.dll.friendlyappname : Windows Shell Common Dll
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
c:\program files\windows nt\accessories\wordpad.exe.friendlyappname : WordPad
c:\windows\system32\mspaint.exe.friendlyappname : Paint
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt.exe
c:\program files (x86)\jam software\treesize free\treesizefree.exe.friendlyappname : TreeSize Free hard disk space manager
c:\program files (x86)\windows media player\wmplayer.exe.friendlyappname : Windows Media Player
c:\windows\system32\mspaint.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
MUICache report attached.
51351 - Microsoft .NET Framework Detection
-
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0655 |
Plugin Information
Published: 2010/12/20, Modified: 2025/10/15
Plugin Output
tcp/445/cifs
Nessus detected 5 installs of Microsoft .NET Framework:
Path : C:\Windows\Microsoft.NET\Framework64\v2.0.50727
Version : 2.0.50727
Full Version : 2.0.50727.4927
SP : 2
Path : C:\Windows\Microsoft.NET\Framework64\v3.0
Version : 3.0
Full Version : 3.0.30729.4926
SP : 2
Path : C:\Windows\Microsoft.NET\Framework64\v3.5\
Version : 3.5
Full Version : 3.5.30729.4926
SP : 1
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Full
Release : 461814
Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.7.2
Full Version : 4.7.03190
Install Type : Client
Release : 461814
99364 - Microsoft .NET Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/04/14, Modified: 2025/10/23
Plugin Output
tcp/445/cifs
Nessus detected 2 installs of Microsoft .NET Framework:
Path : C:\Windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll
Version : 4.7.4115.0
.NET Version : 4.7.2
Associated KB : 5044016
Latest effective update level : 10_2024
Path : C:\Windows\winsxs\*system.printing_31bf3856ad364e35*
Version : 3.0.6920.9063
.NET Version : 3.5
Associated KB : 5044022
Latest effective update level : 10_2024
192148 - Microsoft Azure Data Studio Installed (Windows)
-
Synopsis
Microsoft Azure Data Studio is installed on the remote Windows host.
Description
Microsoft Azure Data Studio is installed on the remote Windows host.
See Also
| https://github.com/microsoft/azuredatastudio |
| https://azure.microsoft.com/en-us/products/data-studio/ |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/03/15, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Program Files\Azure Data Studio\
Version : 1.51.1.0
72879 - Microsoft Internet Explorer Enhanced Security Configuration Detection
-
Synopsis
The remote host supports IE Enhanced Security Configuration.
Description
Nessus detects if the remote Windows host supports IE Enhanced Security Configuration (ESC) and if IE ESC features are enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/03/07, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Type : Admin Groups
Is Enabled : True
Type : User Groups
Is Enabled : True
162560 - Microsoft Internet Explorer Installed
-
Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/06/28, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Windows\system32\mshtml.dll
Version : 11.0.17763.7009
72367 - Microsoft Internet Explorer Version Detection
-
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0509 |
Plugin Information
Published: 2014/02/06, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Version : 11.1790.17763.0
139615 - Microsoft Internet Information Services (IIS) Installed
-
Synopsis
Checks Windows registry keys and executables for a Microsoft Internet Information Services (IIS) installation.
Description
Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows host.
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0030 |
| XREF | IAVT:0001-T-0944 |
Plugin Information
Published: 2020/08/17, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Windows\system32\inetsrv
Version : 10.0.17763.5830
140655 - Microsoft Internet Information Services (IIS) Sites Enumeration
-
Synopsis
Checks IIS configuration file for configured sites and their bound addresses.
Description
Microsoft Internet Information Services configuration file has been parsed to extract information about the existing sites, their protocols, domains and IP addresses.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/09/18, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Nessus found the following sites configured on the remote host:
+ site name: Default Web Site
+ binding 0
- IP address : *
- port : 80
- domain :
- protocol : http
+ site name: Default Web Site
+ binding 0
- IP address : *
- port : 80
- domain :
- protocol : http
66424 - Microsoft Malicious Software Removal Tool Installed
-
Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/05/15, Modified: 2023/01/10
Plugin Output
tcp/445/cifs
File : C:\Windows\system32\MRT.exe
Version : 5.130.24110.1001
Release at last run : unknown
Report infection information to Microsoft : Yes
174413 - Microsoft ODBC Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.6.1
174405 - Microsoft OLE DB Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Path : C:\Windows\System32\msoledbsql.dll
Version : 18.7.4.0
92427 - Microsoft Paint Recent File History
-
Synopsis
Nessus was able to enumerate files opened in Microsoft Paint on the remote host.
Description
Nessus was able to generate a list of files opened using the Microsoft Paint program.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
Production
- D:\Techexcel Setup\Raid Conf1.jpg
- D:\Techexcel Setup\Raid Conf3.jpg
- D:\Techexcel Setup\Raid Conf2.jpg
- C:\Users\Administrator\Desktop\32error.jpg
techexcel
- F:\SQLPatch_Prerequisite\All_Services.png
- F:\SQLPatch_Prerequisite\DB_Logins_Linkserver.png
- F:\SQLPatch_Prerequisite\Jobs_Screen.png
- C:\Users\techexcel\Documents\MAIN-CommonReport-Collection-Scr1.png
- F:\SQLPatch_Prerequisite\Recovery_Version_Sname.png
- \\172.17.100.31\techexcel$\SignatureFiles\B 1203000001626003.png
- C:\Users\techexcel\Documents\MAIN-CommonReport-Collection-Scr2.png
- \\172.17.100.31\techexcel$\SignatureFiles\B12030000016260031626003.PNG
- \\172.17.100.31\techexcel$\SignatureFiles\B1203000001626003RENAMEDSIG.JPG
- D:\Techexcel Setup\Raid Conf1.jpg
- D:\Techexcel Setup\Raid Conf3.jpg
- D:\Techexcel Setup\Raid Conf2.jpg
- C:\Users\Administrator\Desktop\32error.jpg
techexcel
- F:\SQLPatch_Prerequisite\All_Services.png
- F:\SQLPatch_Prerequisite\DB_Logins_Linkserver.png
- F:\SQLPatch_Prerequisite\Jobs_Screen.png
- C:\Users\techexcel\Documents\MAIN-CommonReport-Collection-Scr1.png
- F:\SQLPatch_Prerequisite\Recovery_Version_Sname.png
- \\172.17.100.31\techexcel$\SignatureFiles\B 1203000001626003.png
- C:\Users\techexcel\Documents\MAIN-CommonReport-Collection-Scr2.png
- \\172.17.100.31\techexcel$\SignatureFiles\B12030000016260031626003.PNG
- \\172.17.100.31\techexcel$\SignatureFiles\B1203000001626003RENAMEDSIG.JPG
57033 - Microsoft Patch Bulletin Feasibility Check
-
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.
Note that this plugin is purely informational.
Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/06, Modified: 2021/07/12
Plugin Output
tcp/445/cifs
Nessus is able to test for missing patches using :
Nessus
125835 - Microsoft Remote Desktop Connection Installed
-
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/06/12, Modified: 2022/10/10
Plugin Output
tcp/0
Path : C:\Windows\\System32\\mstsc.exe
Version : 10.0.17763.5830
118095 - Microsoft SQL Server Management Studio (SSMS) Installed
-
Synopsis
A SQL Server Management solution is installed on the remote Windows host.
Description
Microsoft SQL Server Management Studio (SSMS) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0805 |
Plugin Information
Published: 2018/10/12, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\
Version : 2019.150.18390.0
93962 - Microsoft Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/10/11, Modified: 2025/11/18
Plugin Output
tcp/445/cifs
Cumulative Rollup : 03_2025 [KB5053596]
Cumulative Rollup : 02_2025
Cumulative Rollup : 01_2025
Cumulative Rollup : 12_2024
Cumulative Rollup : 11_2024
Cumulative Rollup : 10_2024
Cumulative Rollup : 09_2024
Cumulative Rollup : 08_2024
Cumulative Rollup : 07_2024
Cumulative Rollup : 06_2024
Cumulative Rollup : 05_2024
Cumulative Rollup : 04_2024
Cumulative Rollup : 03_2024
Cumulative Rollup : 02_2024
Cumulative Rollup : 01_2024
Cumulative Rollup : 12_2023
Cumulative Rollup : 11_2023
Cumulative Rollup : 10_2023
Cumulative Rollup : 09_2023
Cumulative Rollup : 08_2023
Cumulative Rollup : 07_2023
Cumulative Rollup : 06_2023
Cumulative Rollup : 05_2023
Cumulative Rollup : 04_2023
Cumulative Rollup : 03_2023
Cumulative Rollup : 02_2023
Cumulative Rollup : 01_2023
Cumulative Rollup : 12_2022
Cumulative Rollup : 11_2022
Cumulative Rollup : 10_2022
Cumulative Rollup : 09_2022
Cumulative Rollup : 08_2022
Cumulative Rollup : 07_2022
Cumulative Rollup : 06_2022
Cumulative Rollup : 05_2022
Cumulative Rollup : 04_2022
Cumulative Rollup : 03_2022
Cumulative Rollup : 02_2022
Cumulative Rollup : 01_2022
Cumulative Rollup : 12_2021
Cumulative Rollup : 11_2021
Cumulative Rollup : 10_2021
Cumulative Rollup : 09_2021
Cumulative Rollup : 08_2021 [KB5005030]
Cumulative Rollup : 07_2021
Cumulative Rollup : 06_2021_07_01
Cumulative Rollup : 06_2021
Cumulative Rollup : 05_2021
Cumulative Rollup : 04_2021
Cumulative Rollup : 03_2021
Cumulative Rollup : 02_2021
Cumulative Rollup : 01_2021
Cumulative Rollup : 12_2020
Cumulative Rollup : 11_2020
Cumulative Rollup : 10_2020
Cumulative Rollup : 09_2020
Cumulative Rollup : 08_2020
Cumulative Rollup : 07_2020
Cumulative Rollup : 06_2020
Cumulative Rollup : 05_2020
Cumulative Rollup : 04_2020
Cumulative Rollup : 03_2020
Cumulative Rollup : 02_2020
Cumulative Rollup : 01_2020
Cumulative Rollup : 12_2019
Cumulative Rollup : 11_2019
Cumulative Rollup : 10_2019
Cumulative Rollup : 09_2019
Cumulative Rollup : 08_2019
Cumulative Rollup : 07_2019
Cumulative Rollup : 06_2019
Cumulative Rollup : 05_2019
Cumulative Rollup : 04_2019
Cumulative Rollup : 03_2019
Cumulative Rollup : 02_2019
Cumulative Rollup : 01_2019
Cumulative Rollup : 12_2018
Cumulative Rollup : 11_2018
Cumulative Rollup : 10_2018
Latest effective update level : 03_2025
File checked : C:\Windows\system32\ntoskrnl.exe
File version : 10.0.17763.7009
Associated KB : 5053596
50346 - Microsoft Update Installed
-
Synopsis
A software updating service is installed.
Description
Microsoft Update, an expanded version of Windows Update, is installed on the remote Windows host. This service provides updates for the operating system and Internet Explorer as well as other Windows software such as Microsoft Office, Exchange, and SQL Server.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/10/26, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
136618 - Microsoft Visual Studio Code Extensions Installed
-
Synopsis
One or more extensions for an integrated development environment software application are installed on the remote Windows host.
Description
One or more extensions for Microsoft Visual Studio Code, an integrated development environment software application, are installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/05/15, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
The following extensions of Visual Studio code were found:
Extension : vs-code::python
Path : C:\Users\techexcel\.vscode\extensions\.56df8eb0-7757-4c09-8583-05595432d459\
Version : 2025.4.0
Extension : vs-code::better-comments
Path : C:\Users\techexcel\.vscode\extensions\aaron-bond.better-comments-3.0.2\
Version : 3.0.2
Extension : vs-code::coldfusionsymbols
Path : C:\Users\techexcel\.vscode\extensions\dalucema.coldfusionsymbols-0.0.3\
Version : 0.0.3
Extension : vs-code::auto-close-tag
Path : C:\Users\techexcel\.vscode\extensions\formulahendry.auto-close-tag-0.5.15\
Version : 0.5.15
Extension : vs-code::svn-scm
Path : C:\Users\techexcel\.vscode\extensions\johnstoncode.svn-scm-2.17.0\
Version : 2.17.0
Extension : vs-code::vscode-cfml
Path : C:\Users\techexcel\.vscode\extensions\kamasamak.vscode-cfml-0.5.4\
Version : 0.5.4
Extension : vs-code::debugpy
Path : C:\Users\techexcel\.vscode\extensions\ms-python.debugpy-2025.16.0-win32-x64\
Version : 2025.16.0
Extension : vs-code::python
Path : C:\Users\techexcel\.vscode\extensions\ms-python.python-2025.18.0-win32-x64\
Version : 2025.18.0
Extension : vs-code::vscode-pylance
Path : C:\Users\techexcel\.vscode\extensions\ms-python.vscode-pylance-2025.9.1\
Version : 2025.9.1
Extension : vs-code::jupyter
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-2025.7.0-win32-x64\
Version : 2025.7.0
Extension : vs-code::jupyter
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-2025.9.1-win32-x64\
Version : 2025.9.1
Extension : vs-code::jupyter-keymap
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-keymap-1.1.2\
Version : 1.1.2
Extension : vs-code::jupyter-renderers
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-renderers-1.3.0\
Version : 1.3.0
Extension : vs-code::vscode-jupyter-cell-tags
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.vscode-jupyter-cell-tags-0.1.9\
Version : 0.1.9
Extension : vs-code::vscode-jupyter-slideshow
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.vscode-jupyter-slideshow-0.1.6\
Version : 0.1.6
Extension : vs-code::vscode-coldbox
Path : C:\Users\techexcel\.vscode\extensions\ortus-solutions.vscode-coldbox-1.0.3\
Version : 1.0.3
Extension : vs-code::vscode-coldbox
Path : C:\Users\techexcel\.vscode\extensions\ortus-solutions.vscode-coldbox-1.1.1\
Version : 1.1.1
Extension : vs-code::material-icon-theme
Path : C:\Users\techexcel\.vscode\extensions\pkief.material-icon-theme-5.28.0\
Version : 5.28.0
Extension : vs-code::material-icon-theme
Path : C:\Users\techexcel\.vscode\extensions\pkief.material-icon-theme-5.29.0\
Version : 5.29.0
Extension : vs-code::cfgoto
Path : C:\Users\techexcel\.vscode\extensions\rohithkrajan.cfgoto-0.0.3\
Version : 0.0.3
Extension : vs-code::vscode-icons
Path : C:\Users\techexcel\.vscode\extensions\vscode-icons-team.vscode-icons-12.15.0\
Version : 12.15.0
Extension : vs-code::python
Path : C:\Users\techexcel\.vscode\extensions\.56df8eb0-7757-4c09-8583-05595432d459\
Version : 2025.4.0
Extension : vs-code::better-comments
Path : C:\Users\techexcel\.vscode\extensions\aaron-bond.better-comments-3.0.2\
Version : 3.0.2
Extension : vs-code::coldfusionsymbols
Path : C:\Users\techexcel\.vscode\extensions\dalucema.coldfusionsymbols-0.0.3\
Version : 0.0.3
Extension : vs-code::auto-close-tag
Path : C:\Users\techexcel\.vscode\extensions\formulahendry.auto-close-tag-0.5.15\
Version : 0.5.15
Extension : vs-code::svn-scm
Path : C:\Users\techexcel\.vscode\extensions\johnstoncode.svn-scm-2.17.0\
Version : 2.17.0
Extension : vs-code::vscode-cfml
Path : C:\Users\techexcel\.vscode\extensions\kamasamak.vscode-cfml-0.5.4\
Version : 0.5.4
Extension : vs-code::debugpy
Path : C:\Users\techexcel\.vscode\extensions\ms-python.debugpy-2025.16.0-win32-x64\
Version : 2025.16.0
Extension : vs-code::python
Path : C:\Users\techexcel\.vscode\extensions\ms-python.python-2025.18.0-win32-x64\
Version : 2025.18.0
Extension : vs-code::vscode-pylance
Path : C:\Users\techexcel\.vscode\extensions\ms-python.vscode-pylance-2025.9.1\
Version : 2025.9.1
Extension : vs-code::jupyter
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-2025.7.0-win32-x64\
Version : 2025.7.0
Extension : vs-code::jupyter
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-2025.9.1-win32-x64\
Version : 2025.9.1
Extension : vs-code::jupyter-keymap
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-keymap-1.1.2\
Version : 1.1.2
Extension : vs-code::jupyter-renderers
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.jupyter-renderers-1.3.0\
Version : 1.3.0
Extension : vs-code::vscode-jupyter-cell-tags
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.vscode-jupyter-cell-tags-0.1.9\
Version : 0.1.9
Extension : vs-code::vscode-jupyter-slideshow
Path : C:\Users\techexcel\.vscode\extensions\ms-toolsai.vscode-jupyter-slideshow-0.1.6\
Version : 0.1.6
Extension : vs-code::vscode-coldbox
Path : C:\Users\techexcel\.vscode\extensions\ortus-solutions.vscode-coldbox-1.0.3\
Version : 1.0.3
Extension : vs-code::vscode-coldbox
Path : C:\Users\techexcel\.vscode\extensions\ortus-solutions.vscode-coldbox-1.1.1\
Version : 1.1.1
Extension : vs-code::material-icon-theme
Path : C:\Users\techexcel\.vscode\extensions\pkief.material-icon-theme-5.28.0\
Version : 5.28.0
Extension : vs-code::material-icon-theme
Path : C:\Users\techexcel\.vscode\extensions\pkief.material-icon-theme-5.29.0\
Version : 5.29.0
Extension : vs-code::cfgoto
Path : C:\Users\techexcel\.vscode\extensions\rohithkrajan.cfgoto-0.0.3\
Version : 0.0.3
Extension : vs-code::vscode-icons
Path : C:\Users\techexcel\.vscode\extensions\vscode-icons-team.vscode-icons-12.15.0\
Version : 12.15.0
122256 - Microsoft Visual Studio Code Installed
-
Synopsis
An integrated development environment software application is installed on the remote Windows host.
Description
Microsoft Visual Studio Code, an integrated development environment software application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/02/15, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\
Version : 1.106.1
File Version : 1.106.0.0
265694 - Microsoft Visual Studio Tools for Applications Installed (Windows)
-
Synopsis
The remote Windows host has an integrated development environment installed.
Description
Microsoft Visual Studio Tools for Applications (VSTA) is a set of tools that independent software vendors (ISVs) can use to build customization abilities into their applications for both automation and extensibility, is installed on the remote Windows host.
See Also
| https://www.microsoft.com/en-us/download/details.aspx?id=105122 |
| https://www.microsoft.com/en-us/download/details.aspx?id=105123 |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/09/22, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Program Files\Common Files\Microsoft Shared\VSTA\15.0\Bin\VstaCore.dll
Version : 15.0.27520
product_version : 2017
10902 - Microsoft Windows 'Administrators' Group User List
-
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output
tcp/445/cifs
The following users are members of the 'Administrators' group :
- TECHE_WEB_DB\Production (User)
- TECHE_WEB_DB\LKPAdmin (User)
- TECHE_WEB_DB\techexcel (User)
- TECHE_WEB_DB\rms (User)
- TECHE_WEB_DB\Veeam (User)
- TECHE_WEB_DB\tidua (User)
10904 - Microsoft Windows 'Backup Operators' Group User List
-
Synopsis
There is at least one user in the 'Backup Operators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Backup Operators' group. Members of this group can logon to the remote host and perform backup operations (read/write files) but have no administrative rights.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output
tcp/0
The following user is a member of the 'Backup Operators' group :
- TECHE_WEB_DB\Veeam (User)
48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
-
Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:
- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)
- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)
- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)
- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)
- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/26, Modified: 2019/12/20
Plugin Output
tcp/445/cifs
Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing
10906 - Microsoft Windows 'Replicator' Group User List
-
Synopsis
There is at least one user in the 'Replicator' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Replicator' group. Members of this group can replicate (or copy) files or directories within a domain.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output
tcp/0
The following user is a member of the 'Replicator' group :
- TECHE_WEB_DB\Veeam (User)
70615 - Microsoft Windows AutoRuns Boot Execute
-
Synopsis
Report programs that startup associates with session manager subsystem.
Description
Report registry startup locations associated with the session manager subsystem during boot time.
These registry keys start-up with the smss.exe service during boot time and perform system tasks that cannot be performed while Windows is running.
These registry keys start-up with the smss.exe service during boot time and perform system tasks that cannot be performed while Windows is running.
See Also
| https://support.microsoft.com/en-us/help/102985 |
| https://en.wikipedia.org/wiki/Service_Control_Manager |
| https://www.2-spyware.com/file-smss-exe.html |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\System\CurrentControlSet\Control\Session Manager\bootexecute
- autocheck autochk /q /v *
- autocheck autochk /q /v *
70616 - Microsoft Windows AutoRuns Codecs
-
Synopsis
Report programs set to normally start with multimedia.
Description
Codecs are encoders and decoders for digital data streams commonly associated with video and audio playback.
The following keys are codecs that are set to start automatically to control different types of digital media encoding and decoding.
The following keys are codecs that are set to start automatically to control different types of digital media encoding and decoding.
See Also
| https://en.wikipedia.org/wiki/Codec |
| https://support.microsoft.com/en-us/help/102972 |
| http://www.nessus.org/u?51a21182 |
| http://www.nessus.org/u?4ed43f4b |
| http://www.nessus.org/u?7bbdfed2 |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\System32\l3codeca.acm
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll
+ HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\SysWOW64\l3codeca.acm
- vidc.cvid : iccvid.dll
- vidc.yvyu : msyuv.dll
- midimapper : midimap.dll
- vidc.i420 : iyuv_32.dll
+ HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll
+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll
+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll
+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax
+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax
+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax
+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll
+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll
+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll
+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll
+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\
+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax
+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll
+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax
+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll
+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\
+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll
+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax
+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax
+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll
+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll
+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll
+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax
+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\
+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll
+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax
+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll
+ HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll
+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll
+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll
+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax
+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax
+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax
+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll
+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll
+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll
+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll
+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\
+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax
+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll
+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : %SystemRoot%\System32\vbisurf.ax
+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll
+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\
+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll
+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax
+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax
+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll
+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll
+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll
+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax
+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\
+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll
+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll
+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll
+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll
+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax
+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll
+ HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll
+ HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {5FDD51E2-A9D0-44CE-8C8D-162BA0C591A0}
- Name : Microsoft Camera Raw Decoder
- Value : C:\Windows\System32\WindowsCodecsRaw.dll
70617 - Microsoft Windows AutoRuns Explorer
-
Synopsis
Reports programs that startup associates with the explorer process.
Description
Report the startup locations associated with the explorer.exe process.
These items could add controls to menus, add extensions for common protocols such as HTTP or FTP, or set control user activity with the desktop and control panels.
These items could add controls to menus, add extensions for common protocols such as HTTP or FTP, or set control user activity with the desktop and control panels.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\SOFTWARE\Classes\Protocols\Filter
+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/octet-stream
- Value : C:\Windows\System32\mscoree.dll
+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/x-complus
- Value : C:\Windows\System32\mscoree.dll
+ CLSID : {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
- Name : application/x-msdownload
- Value : C:\Windows\System32\mscoree.dll
+ HKLM\SOFTWARE\Classes\Protocols\Handler
+ CLSID : {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
- Name : about
- Value : C:\Windows\System32\mshtml.dll
+ CLSID : {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
- Name : cdl
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {12D51199-0DB5-46FE-A120-47A3D7D937CC}
- Name : dvd
- Value : C:\Windows\System32\msvidctl.dll
+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : file
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
- Name : ftp
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
- Name : http
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
- Name : https
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : its
- Value : C:\Windows\System32\itss.dll
+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : javascript
- Value : C:\Windows\System32\mshtml.dll
+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : local
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
- Name : mailto
- Value : C:\Windows\System32\mshtml.dll
+ CLSID : {05300401-BCBC-11d0-85E3-00C04FD85AB4}
- Name : mhtml
- Value : C:\Windows\System32\inetcomm.dll
+ CLSID : {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
- Name : mk
- Value : C:\Windows\System32\urlmon.dll
+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : ms-its
- Value : C:\Windows\System32\itss.dll
+ CLSID : {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
- Name : res
- Value : C:\Windows\System32\mshtml.dll
+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : tbauth
- Value : C:\Windows\System32\tbauth.dll
+ CLSID : {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
- Name : tv
- Value : C:\Windows\System32\msvidctl.dll
+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : vbscript
- Value : C:\Windows\System32\mshtml.dll
+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : windows.tbauth
- Value : C:\Windows\System32\tbauth.dll
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :
+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :
+ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ CLSID : {23170F69-40C1-278A-1000-000100020000}
- Name : 7-Zip
- Value : C:\Program Files\7-Zip\7-zip.dll
+ CLSID : {B298D29A-A6ED-11DE-BA8C-A68E55D89593}
- Name : ANotepad++64
- Value : C:\Program Files (x86)\Notepad++\NppShell_06.dll
+ CLSID : {e2bf9676-5f8f-435c-97eb-11607a5bedf7}
- Name : ModernSharing
- Value : %SystemRoot%\system32\ntshrui.dll
+ CLSID : {09799AFB-AD67-11d1-ABCD-00C04FC30936}
- Name : Open With
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : Open With EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll
+ CLSID : {244bcb42-d214-46b8-aa32-e3cc2e6662ee}
- Name : SimpleShlExt
- Value : C:\Program Files\BackupClient\ShellExtensions\ATPShellExt.dll
+ CLSID : {4E716236-AA30-4C65-B225-D68BBA81E9C2}
- Name : WinMerge
- Value : C:\Program Files\WinMerge\ShellExtensionX64.dll
+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll
+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :
+ CLSID : {90AA3A4E-1CBA-4233-B8BB-535773D48449}
- Name : Taskband Pin
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {C539A15A-3AF9-4c92-B771-50CB78F5C751}
- Name :
- Value : C:\Program Files\BackupClient\ShellExtensions\tishell64.dll
+ HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers
+ CLSID : {7444C719-39BF-11D1-8CD9-00C04FC29D45}
- Name : CryptoSignMenu
- Value : %SystemRoot%\system32\cryptext.dll
+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll
+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll
+ CLSID : {3EA48300-8CF6-101B-84FB-666CCB9BCD32}
- Name : OLE DocFile Property Page
- Value : %SystemRoot%\system32\docprop.dll
+ CLSID : {883373C3-BF89-11D1-BE35-080036B11A03}
- Name : Summary Properties Page
- Value : %SystemRoot%\system32\shell32.dll
+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ CLSID : {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
- Name : CopyAsPathMenu
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {7BA4C740-9E81-11CF-99D3-00AA004AE837}
- Name : SendTo
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name :
- Value : %SystemRoot%\System32\cscui.dll
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll
+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll
+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name :
- Value : %SystemRoot%\System32\cscui.dll
+ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ CLSID : {23170F69-40C1-278A-1000-000100020000}
- Name : 7-Zip
- Value : C:\Program Files\7-Zip\7-zip.dll
+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll
+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll
+ CLSID : {4E716236-AA30-4C65-B225-D68BBA81E9C2}
- Name : WinMerge
- Value : C:\Program Files\WinMerge\ShellExtensionX64.dll
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll
+ HKLM\Software\Classes\Directory\Shellex\DragDropHandlers
+ CLSID : {23170F69-40C1-278A-1000-000100020000}
- Name : 7-Zip
- Value : C:\Program Files\7-Zip\7-zip.dll
+ CLSID : {4E716236-AA30-4C65-B225-D68BBA81E9C2}
- Name : WinMerge
- Value : C:\Program Files\WinMerge\ShellExtensionX64.dll
+ HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll
+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll
+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll
+ CLSID : {4a7ded0a-ad25-11d0-98a8-0800361b1103}
- Name :
- Value : %SystemRoot%\system32\mydocs.dll
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll
+ CLSID : {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}
- Name :
- Value : C:\Windows\System32\DfsShlEx.dll
+ CLSID : {ef43ecfe-2ab9-4632-bf21-58909dd177f0}
- Name :
- Value : %SystemRoot%\system32\shell32.dll
+ HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ CLSID : {217FC9C0-3AEA-1069-A2DB-08002B30309D}
- Name : FileSystem
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll
+ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ CLSID : {D969A300-E7FF-11d0-A93B-00A0C90F2719}
- Name : New
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll
+ CLSID : {4E716236-AA30-4C65-B225-D68BBA81E9C2}
- Name : WinMerge
- Value : C:\Program Files\WinMerge\ShellExtensionX64.dll
+ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ CLSID : {23170F69-40C1-278A-1000-000100020000}
- Name : 7-Zip
- Value : C:\Program Files\7-Zip\7-zip.dll
+ CLSID : {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
- Name : Library Location
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll
+ CLSID : {470C0EBD-5D73-4d58-9CED-E91E22E23282}
- Name : PintoStartScreen
- Value : C:\Windows\System32\appresolver.dll
+ CLSID : {244bcb42-d214-46b8-aa32-e3cc2e6662ee}
- Name : SimpleShlExt
- Value : C:\Program Files\BackupClient\ShellExtensions\ATPShellExt.dll
+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll
+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :
+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll
+ CLSID : {C539A15A-3AF9-4c92-B771-50CB78F5C751}
- Name :
- Value : C:\Program Files\BackupClient\ShellExtensions\tishell64.dll
+ HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
+ CLSID : {B41DB860-64E4-11D2-9906-E49FADC173CA}
- Name : WinRAR
- Value : C:\Program Files\WinRAR\rarext.dll
+ CLSID : {B41DB860-8EE4-11D2-9906-E49FADC173CA}
- Name : WinRAR32
- Value :
+ CLSID : {BD472F60-27FA-11cf-B8B4-444553540000}
- Name :
- Value : %SystemRoot%\system32\zipfldr.dll
+ HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers
+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ CLSID : {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
- Name : EnhancedStorageShell
- Value : C:\Windows\System32\EhStorShell.dll
+ CLSID : {4E77131D-3629-431c-9818-C5679DC83E81}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll
70620 - Microsoft Windows AutoRuns Known DLLs
-
Synopsis
DLLs listed to be shared by processes.
Description
The known DLLs registry setting is used to define DLLs that are shared between processes without a process having to search for the DLL location.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
- imagehlp : IMAGEHLP.dll
- shcore : SHCORE.dll
- oleaut32 : OLEAUT32.dll
- normaliz : NORMALIZ.dll
- msvcrt : MSVCRT.dll
- shell32 : SHELL32.dll
- msctf : MSCTF.dll
- gdi32 : gdi32.dll
- nsi : NSI.dll
- advapi32 : advapi32.dll
- coml2 : coml2.dll
- _wowarmhw : wowarmhw.dll
- clbcatq : clbcatq.dll
- wow64win : wow64win.dll
- shlwapi : SHLWAPI.dll
- psapi : PSAPI.DLL
- imm32 : IMM32.dll
- combase : combase.dll
- user32 : user32.dll
- sechost : sechost.dll
- _xtajit : xtajit.dll
- _wow64cpu : wow64cpu.dll
- wow64 : wow64.dll
- rpcrt4 : rpcrt4.dll
- kernel32 : kernel32.dll
- ws2_32 : WS2_32.dll
- wldap32 : WLDAP32.dll
- ole32 : ole32.dll
- difxapi : difxapi.dll
- setupapi : Setupapi.dll
- comdlg32 : COMDLG32.dll
- gdiplus : gdiplus.dll
- imagehlp : IMAGEHLP.dll
- shcore : SHCORE.dll
- oleaut32 : OLEAUT32.dll
- normaliz : NORMALIZ.dll
- msvcrt : MSVCRT.dll
- shell32 : SHELL32.dll
- msctf : MSCTF.dll
- gdi32 : gdi32.dll
- nsi : NSI.dll
- advapi32 : advapi32.dll
- coml2 : coml2.dll
- _wowarmhw : wowarmhw.dll
- clbcatq : clbcatq.dll
- wow64win : wow64win.dll
- shlwapi : SHLWAPI.dll
- psapi : PSAPI.DLL
- imm32 : IMM32.dll
- combase : combase.dll
- user32 : user32.dll
- sechost : sechost.dll
- _xtajit : xtajit.dll
- _wow64cpu : wow64cpu.dll
- wow64 : wow64.dll
- rpcrt4 : rpcrt4.dll
- kernel32 : kernel32.dll
- ws2_32 : WS2_32.dll
- wldap32 : WLDAP32.dll
- ole32 : ole32.dll
- difxapi : difxapi.dll
- setupapi : Setupapi.dll
- comdlg32 : COMDLG32.dll
- gdiplus : gdiplus.dll
70613 - Microsoft Windows AutoRuns LSA Providers
-
Synopsis
Programs set to start as Local Security Authority.
Description
An LSA (Local Security Authority) is an application that can be used to authorize users to their systems. The reported autoruns are available to provide this service or features to this service.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\authentication packages
- msv1_0
+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\notification packages
- rassfm
- scecli
+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\security packages
- ""
70621 - Microsoft Windows AutoRuns Logon
-
Synopsis
Report programs that start-up from the most common registry locations.
Description
Report the most common startup locations used by programs. These are commonly associated with programs that start automatically when the computer is turned on, users log in, users log off, or remote sessions are started.
Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
- rdpclip
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
- C:\Windows\system32\userinit.exe
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\vmapplet
- SystemPropertiesPerformance.exe /pagefile
+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
- explorer.exe
+ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- AlternateShell : cmd.exe
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Name : securityhealth
- Value : %windir%\system32\SecurityHealthSystray.exe
- Name : mmsmonitor.exe
- Value : C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe
- Name : acronis scheduler2 service
- Value : "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
- Name : veeam.endpoint.tray.exe
- Value : C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe -NoControlPanel -CheckNumberOfRunningAgents
+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Name : acronistibmountermonitor
- Value : C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP
+ CLSID : {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
- Name : Themes Setup
- Value : /UserInstall
+ CLSID : {49210152-871f-4ffa-961d-a172abcbc09d}
- Name : Google Platform Experience Helper
- Value : "C:\Program Files (x86)\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe" --first-run
+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon
+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4340}
- Name : Windows Desktop Update
- Value : U
+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4383}
- Name : Web Platform Customizations
- Value : C:\Windows\System32\ie4uinit.exe -UserConfig
+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install
+ CLSID : {8A69D345-D564-463c-AFF1-A69D9E530F96}
- Name : Google Chrome
- Value : "C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.171\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --channel=stable
+ CLSID : {A509B1A7-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenAdmin
+ CLSID : {A509B1A8-37EF-4b3f-8CFC-4F3A74704073}
- Name : Applying Enhanced Security Configuration
- Value : "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iesetup.dll",IEHardenUser
+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP
+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon
+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
- iconservicelib : IconCodecService.dll
- Load :
70622 - Microsoft Windows AutoRuns Network Providers
-
Synopsis
Report programs set to automatically start-up as a Network Provider.
Description
The DLLs listed under the registry key are used to provide network services for new protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
70623 - Microsoft Windows AutoRuns Print Monitor
-
Synopsis
Report programs set to start automatically as a print monitor.
Description
Report the DLLs that control print monitor functions for multiple programs and systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
- Local Port : localspl.dll
- Standard TCP/IP Port : tcpmon.dll
- USB Monitor : usbmon.dll
- WSD Port : APMon.dll
- Local Port : localspl.dll
- Standard TCP/IP Port : tcpmon.dll
- USB Monitor : usbmon.dll
- WSD Port : APMon.dll
70618 - Microsoft Windows AutoRuns Registry Hijack Possible Locations
-
Synopsis
Report common registry keys used to hijack execution.
Description
Report common registry keys that can be used to hijack system process execution.
These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.
These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command
- Command : "%1" %*
+ HKLM\Software\Classes\.exe : exefile
- open : "%1" %*
- runas : "%1" %*
- runasuser :
+ HKLM\Software\Classes\.cmd : cmdfile
- edit : %SystemRoot%\System32\NOTEPAD.EXE %1
- open : "%1" %*
- print : %SystemRoot%\System32\NOTEPAD.EXE /p %1
- runas : %SystemRoot%\System32\cmd.exe /C "%1" %*
- runasuser :
+ HKLM\Software\Classes\.htm : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"
+ HKLM\Software\Classes\.html : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"
+ HKLM\Software\Classes\.docx : docxfile
- open : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" "%1"
- print : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /p "%1"
- printto : "%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE" /pt "%1" "%2" "%3" "%4"
+ HKLM\Software\Classes\.vbs : VBSFile
- Edit : "%SystemRoot%\System32\Notepad.exe" %1
- Open : "%SystemRoot%\System32\WScript.exe" "%1" %*
- Open2 : "%SystemRoot%\System32\CScript.exe" "%1" %*
- Print : "%SystemRoot%\System32\Notepad.exe" /p %1
+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
+ HKLM\Software\Classes\.xml : xmlfile
- Open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
+ HKLM\Software\Classes\.pif : piffile
- open : "%1" %*
+ HKLM\Software\Classes\.txt : txtfile
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
- print : %SystemRoot%\system32\NOTEPAD.EXE /p %1
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"
HKU : \Users\techexcel : S-1-5-21-549360554-2228062029-2355455187-1001
+ HKU\Software\Classes\.xls : xls_auto_file
- edit : %SystemRoot%\system32\NOTEPAD.EXE %1
- open : %SystemRoot%\system32\NOTEPAD.EXE %1
70624 - Microsoft Windows AutoRuns Report
-
Synopsis
Generate a CSV report of all autoruns.
Description
Collect all autoruns listed in the Windows autoruns plugins and report the primary content in a CSV report.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+Enabled Autoruns Detection Types
- LSA Provider
- Boot Execute
- WinLogon
- Known DLLs
- Winsock Provider
- Service
- Explorer
- Logon
- Codecs
- Driver
- Image Hijack
- Network Provider
- Print Monitor
The attached CSV contains information about Windows autoruns.
70626 - Microsoft Windows AutoRuns Services and Drivers
-
Synopsis
Report programs that are set to start automatically on boot as a service or driver.
Description
Report the registry keys that track programs that are set to start on boot as a service.
These programs can start as a system wide service or be loaded as a driver.
These programs can start as a system wide service or be loaded as a driver.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\System\CurrentControlSet\Services
Drivers :
+ Acronis Agent Core Service
- "C:\Program Files\Common Files\Acronis\Agent\aakore.exe" run
- Auto Load
- Enables Acronis Agent Core Service.
+ Acronis Active Protection Service
- "C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe"
- Auto Load
- Acronis Active Protection Service
+ Acronis Cyber Protection Service
- "C:\Program Files\BackupClient\CyberProtect\cyber-protect-service.exe"
- Auto Load
- Acronis Cyber Protection Service
+ Acronis Scheduler2 Service
- "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
- Auto Load
- Provides scheduling for tasks of Acronis components.
+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1
+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113
+ Agentless Management Service
- "C:\Program Files\OEM\AMS\service\ams.exe"
- Auto Load
- Provides out of band management system with OS-level Agentless Management information and Active Health System events.
+ @%windir%\system32\inetsrv\iisres.dll,-30011
- %windir%\system32\svchost.exe -k apphost
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30012
+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101
+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101
+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @appmgmts.dll,-3251
+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness -p
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001
+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101
+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2
+ @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- Load on Demand
- @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-2
+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205
+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201
+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- disabled
- @%SystemRoot%\system32\AxInstSV.dll,-104
+ AzureAttestService
- C:\Windows\system32\svchost.exe -k AzureAttestService
- Auto Load
-
+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002
+ Background Intelligent Transfer Service
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\qmgr.dll,-1001
+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\bisrv.dll,-101
+ @%SystemRoot%\system32\BTAGService.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\BTAGService.dll,-102
+ @%SystemRoot%\system32\BthAvctpSvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\BthAvctpSvc.dll,-102
+ @%SystemRoot%\System32\bthserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\System32\bthserv.dll,-102
+ @%SystemRoot%\system32\CapabilityAccessManager.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\CapabilityAccessManager.dll,-2
+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101
+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12
+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104
+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948
+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2
+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002
+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- disabled
- @%systemroot%\system32\cscsvc.dll,-201
+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @combase.dll,-5013
+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102
+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101
+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101
+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101
+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101
+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001
+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc -p
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002
+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101
+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\dmwappushsvc.dll,-201
+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102
+ @%systemroot%\system32\dosvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%systemroot%\system32\dosvc.dll,-101
+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103
+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%systemroot%\system32\dps.dll,-501
+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001
+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002
+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2
+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101
+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202
+ Acronis Emergency Updater 0.0.1.2826
- "C:\Program Files (x86)\Common Files\Acronis\EmergencyUpdater\0.0.1.2826\emergency-updater.exe" --emergency-updater
- Auto Load
- Enables Acronis Emergency Updater.
+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2
+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201
+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @comres.dll,-2451
+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101
+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101
+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101
+ @%SystemRoot%\system32\PresentationHost.exe,-3309
- %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
- Load on Demand
- @%SystemRoot%\system32\PresentationHost.exe,-3310
+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101
+ Google Chrome Elevation Service (GoogleChromeElevationService)
- "C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.171\elevation_service.exe"
- Load on Demand
- Provides encryption services and a secure way for recovering Google Chrome if it gets out of date. If this service is disabled, Google Chrome may lose access to encrypted data, and Google Chrome may not be able recover itself.
+ Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe" --system --windows-service --service=update-internal
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
+ Google Updater Service (GoogleUpdaterService144.0.7547.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe" --system --windows-service --service=update
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @gpapi.dll,-113
+ @%SystemRoot%\system32\GraphicsPerfSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup
- disabled
- @%SystemRoot%\system32\GraphicsPerfSvc.dll,-101
+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102
+ HPE Smart Array SR Event Notification Service
- "C:\Program Files\HPE\HpePqiESrv\hpepqiesrv.exe"
- Auto Load
- The HPE Smart Array SR Notification Service provides event notification to the Windows system event log, HPE ProLiant Integrated Management Log and HPE Integrity System Event Log for systems using the HPE Smart Array controller driver.
+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101
+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- disabled
- @%SystemRoot%\System32\tetheringservice.dll,-4098
+ @%windir%\system32\inetsrv\iisres.dll,-30007
- %windir%\system32\inetsrv\inetinfo.exe
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30008
+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502
+ @%SystemRoot%\system32\InstallService.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\InstallService.dll,-201
+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501
+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101
+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101
+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
- Load on Demand
- @comres.dll,-2947
+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101
+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101
+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\lfsvc.dll,-2
+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201
+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\lltdres.dll,-2
+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102
+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\lsm.dll,-1002
+ Apache Tomcat 9.0 Lucee
- D:\Techexcel\lucee\tomcat\bin\Tomcat9.exe //RS//Lucee
- Auto Load
- Apache Tomcat 9.0.45 Server - https://tomcat.apache.org/
+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- disabled
- @%SystemRoot%\System32\moshost.dll,-101
+ Acronis Managed Machine Service
- "C:\Program Files\BackupClient\BackupAndRecovery\mms.exe"
- Auto Load
- Enables data backup and recovery on the machine.
+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091
+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798
+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\iscsidsc.dll,-5001
+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32
+ MS-MPI Launch Service
- "C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe"
- Load on Demand
- Service for launching MS-MPI applications
+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
- Load on Demand
- Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable.
+ SQL Server Launchpad (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\launchpad.exe" -launcher RLauncher.dll -launcher Pythonlauncher.dll -launcher commonlauncher.dll -pipename sqlsatellitelaunch -timeout 600000 -logPath "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\LOG\ExtensibilityLog" -workingDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExtensibilityData" -externalLanguagesTempDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLanguagesTemp" -externalLanguagesDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLanguages" -externalLibrariesTempDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLibrariesTemp" -externalLibrariesDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLibraries" -satelliteDllPath "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlsatellite.dll"
- Auto Load
- Service to launch Advanced Analytics Extensions Launchpad process that enables integration with Microsoft R Open using standard T-SQL statements. Disabling this service will make Advanced Analytics features of SQL Server unavailable.
+ SQL Server (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- Provides storage, processing and controlled access of data, and rapid transaction processing.
+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008
+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501
+ Netlogon
- %systemroot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\System32\netlogon.dll,-103
+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110
+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203
+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4
+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- disabled
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200
+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2
+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101
+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2
+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201
+ NXLog
- "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
- Auto Load
- This service is responsible for running the NXLog agent. See www.nxlog.co.
+ Office 64 Source Engine
- "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
- Load on Demand
- Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\pcasvc.dll,-2
+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1
+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001
+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Load on Demand
- @%systemroot%\system32\pla.dll,-501
+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101
+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011
+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101
+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301
+ @%SystemRoot%\system32\pushtoinstall.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\pushtoinstall.dll,-201
+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2
+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201
+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%Systemroot%\system32\rasmans.dll,-201
+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201
+ Remote Registry
- %SystemRoot%\system32\svchost.exe -k localService -p
- Load on Demand
- @regsvc.dll,-2
+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- disabled
- @%SystemRoot%\system32\RMapi.dll,-1002
+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS -p
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002
+ Remote Procedure Call (RPC) Locator
- %SystemRoot%\system32\locator.exe
- Auto Load
- @%systemroot%\system32\Locator.exe,-3
+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss -p
- Auto Load
- @combase.dll,-5011
+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115
+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501
+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2
+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\System32\SCardSvr.dll,-5
+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101
+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101
+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14
+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000
+ @%systemroot%\system32\SecurityHealthAgent.dll,-1002
- %SystemRoot%\system32\SecurityHealthService.exe
- Load on Demand
- @%systemroot%\system32\SecurityHealthAgent.dll,-1001
+ @%SystemRoot%\System32\SEMgrSvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\System32\SEMgrSvc.dll,-1002
+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201
+ @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001
- "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe"
- Load on Demand
- @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1002
+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- disabled
- @%SystemRoot%\system32\SensorDataService.exe,-102
+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001
+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001
+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027
+ @%SystemRoot%\System32\SgrmBroker.exe,-100
- %SystemRoot%\system32\SgrmBroker.exe
- Load on Demand
- @%SystemRoot%\System32\SgrmBroker.exe,-101
+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\ipnathlp.dll,-107
+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289
+ @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-101
+ System Management Assistant Service
- "C:\Program Files\OEM\AMS\service\sma.exe"
- disabled
- Provides OS-level inband and out of band Agentless Management information and Active Health System events.
+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101
+ @firewallapi.dll,-50323
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @firewallapi.dll,-50324
+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100
+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- disabled
- Provides SQL Server connection information to client computers.
+ SQL Server Agent (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Auto Load
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.
+ SQL Server CEIP service (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
- Auto Load
- CEIP service for Sql server
+ SQL Server VSS Writer
- "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
- Auto Load
- Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.
+ @%systemroot%\system32\ssdpsrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\ssdpsrv.dll,-101
+ OpenSSH Authentication Agent
- %SystemRoot%\System32\OpenSSH\ssh-agent.exe
- disabled
- Agent to hold private keys used for public key authentication.
+ @%SystemRoot%\system32\sstpsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\sstpsvc.dll,-201
+ @%SystemRoot%\system32\windows.staterepository.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\windows.staterepository.dll,-2
+ @%SystemRoot%\system32\wiaservc.dll,-9
- %SystemRoot%\system32\svchost.exe -k imgsvc
- Load on Demand
- @%SystemRoot%\system32\wiaservc.dll,-10
+ @%SystemRoot%\System32\StorSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\StorSvc.dll,-101
+ @%SystemRoot%\system32\svsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\svsvc.dll,-102
+ @%SystemRoot%\System32\swprv.dll,-103
- %SystemRoot%\System32\svchost.exe -k swprv
- Load on Demand
- @%SystemRoot%\System32\swprv.dll,-102
+ @%SystemRoot%\system32\sysmain.dll,-1000
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\sysmain.dll,-1001
+ @%windir%\system32\SystemEventsBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\SystemEventsBrokerServer.dll,-1002
+ @%SystemRoot%\system32\TabSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\TabSvc.dll,-101
+ @%SystemRoot%\system32\tapisrv.dll,-10100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\tapisrv.dll,-10101
+ @%SystemRoot%\System32\termsrv.dll,-268
- %SystemRoot%\System32\svchost.exe -k termsvcs
- Load on Demand
- @%SystemRoot%\System32\termsrv.dll,-267
+ @%SystemRoot%\System32\themeservice.dll,-8192
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\themeservice.dll,-8193
+ Tib Mounter Service
- "C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe"
- Load on Demand
-
+ @%SystemRoot%\system32\TieringEngineService.exe,-702
- %SystemRoot%\system32\TieringEngineService.exe
- Load on Demand
- @%SystemRoot%\system32\TieringEngineService.exe,-701
+ @%windir%\system32\TimeBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%windir%\system32\TimeBrokerServer.dll,-1002
+ @%systemroot%\system32\tokenbroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\tokenbroker.dll,-101
+ @%SystemRoot%\system32\trkwks.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\trkwks.dll,-2
+ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
- %SystemRoot%\servicing\TrustedInstaller.exe
- Load on Demand
- @%SystemRoot%\servicing\TrustedInstaller.exe,-101
+ @%SystemRoot%\system32\tzautoupdate.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\tzautoupdate.dll,-201
+ @%systemroot%\system32\ualsvc.dll,-102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%systemroot%\system32\ualsvc.dll,-101
+ @%systemroot%\system32\AgentService.exe,-102
- %systemroot%\system32\AgentService.exe
- disabled
- @%systemroot%\system32\AgentService.exe,-101
+ @%SystemRoot%\system32\umrdp.dll,-1000
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\umrdp.dll,-1001
+ @%systemroot%\system32\upnphost.dll,-213
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\upnphost.dll,-214
+ @%systemroot%\system32\usermgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usermgr.dll,-101
+ @%systemroot%\system32\usocore.dll,-101
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usocore.dll,-102
+ @%SystemRoot%\system32\vaultsvc.dll,-1003
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\vaultsvc.dll,-1004
+ @%SystemRoot%\system32\vds.exe,-100
- %SystemRoot%\System32\vds.exe
- Load on Demand
- @%SystemRoot%\system32\vds.exe,-112
+ Veeam Installer Service
- "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160
- Auto Load
- Enables installing, updating and configuring Veeam Backup & Replication components.
+ Veeam Agent for Microsoft Windows
- "C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe"
- Auto Load
- Performs periodic backups of this computer.
+ Veeam Data Mover Service
- "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe"
- Auto Load
- Sends and receives protected data during backup, replication and restore processes.
+ @%systemroot%\system32\icsvc.dll,-801
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-802
+ @%systemroot%\system32\icsvc.dll,-101
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-102
+ @%systemroot%\system32\icsvc.dll,-201
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-202
+ @%systemroot%\system32\icsvcext.dll,-601
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-602
+ @%systemroot%\system32\icsvc.dll,-301
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-302
+ @%systemroot%\system32\icsvc.dll,-401
- %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-402
+ @%systemroot%\system32\icsvc.dll,-901
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-902
+ @%systemroot%\system32\icsvcext.dll,-501
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-502
+ @%systemroot%\system32\vssvc.exe,-102
- %systemroot%\system32\vssvc.exe
- Load on Demand
- @%systemroot%\system32\vssvc.exe,-101
+ @%SystemRoot%\system32\w32time.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\w32time.dll,-201
+ @%windir%\system32\inetsrv\iisres.dll,-30014
- %windir%\system32\svchost.exe -k apphost
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30015
+ @%windir%\system32\inetsrv\iisres.dll,-30003
- %windir%\system32\svchost.exe -k iissvcs
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30004
+ @WaaSMedicSvc.dll,-100
- %systemroot%\system32\svchost.exe -k wusvcs -p
- Load on Demand
- @WaaSMedicSvc.dll,-101
+ @%SystemRoot%\System32\WalletService.dll,-1000
- %SystemRoot%\System32\svchost.exe -k appmodel -p
- disabled
- @%SystemRoot%\System32\WalletService.dll,-1001
+ @%SystemRoot%\System32\Windows.WARP.JITService.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\Windows.WARP.JITService.dll,-101
+ @%windir%\system32\inetsrv\iisres.dll,-30001
- %windir%\system32\svchost.exe -k iissvcs
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30002
+ @%systemroot%\system32\wbiosrvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
- Load on Demand
- @%systemroot%\system32\wbiosrvc.dll,-101
+ @%SystemRoot%\System32\wcmsvc.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\System32\wcmsvc.dll,-4098
+ @%systemroot%\system32\wdi.dll,-502
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-503
+ @%systemroot%\system32\wdi.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-501
+ @%SystemRoot%\system32\wecsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\wecsvc.dll,-201
+ @%systemroot%\system32\wephostsvc.dll,-100
- %systemroot%\system32\svchost.exe -k WepHostSvcGroup
- Load on Demand
- @%systemroot%\system32\wephostsvc.dll,-101
+ @%SystemRoot%\System32\wercplsupport.dll,-101
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\wercplsupport.dll,-100
+ @%SystemRoot%\System32\wersvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k WerSvcGroup
- Load on Demand
- @%SystemRoot%\System32\wersvc.dll,-101
+ @%SystemRoot%\system32\wiarpc.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\wiarpc.dll,-1
+ @%SystemRoot%\system32\winhttp.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\winhttp.dll,-101
+ @%Systemroot%\system32\wbem\wmisvc.dll,-205
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%Systemroot%\system32\wbem\wmisvc.dll,-204
+ @%Systemroot%\system32\wsmsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%Systemroot%\system32\wsmsvc.dll,-102
+ VNC Server Version 4
- "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
- Auto Load
-
+ @%SystemRoot%\system32\flightsettings.dll,-103
- %systemroot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\flightsettings.dll,-104
+ @%SystemRoot%\system32\wlidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\wlidsvc.dll,-101
+ @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
- %systemroot%\system32\wbem\WmiApSrv.exe
- Load on Demand
- @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
+ @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
- "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
- Load on Demand
- @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
+ @%windir%\system32\inetsrv\iisres.dll,-20001
- %windir%\system32\inetsrv\wmsvc.exe
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-20002
+ @%SystemRoot%\system32\wpdbusenum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wpdbusenum.dll,-101
+ @%SystemRoot%\system32\wpnservice.dll,-1
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\wpnservice.dll,-2
+ @%systemroot%\system32\SearchIndexer.exe,-103
- %systemroot%\system32\SearchIndexer.exe /Embedding
- disabled
- @%systemroot%\system32\SearchIndexer.exe,-104
+ Windows Update
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\wuaueng.dll,-106
+ @wpdfs.inf,%WPDFS_SvcName%;WPD File System driver
- \SystemRoot\system32\DRIVERS\WUDFRd.sys
- Load on Demand
- @wpdfs.inf,%WPDFS_SvcDesc%;User mode driver that enables communication with removable storage devices via the WPD interface
Services :
+ Acronis Agent Core Service
- "C:\Program Files\Common Files\Acronis\Agent\aakore.exe" run
- Auto Load
- Enables Acronis Agent Core Service.
+ Acronis Active Protection Service
- "C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe"
- Auto Load
- Acronis Active Protection Service
+ Acronis Cyber Protection Service
- "C:\Program Files\BackupClient\CyberProtect\cyber-protect-service.exe"
- Auto Load
- Acronis Cyber Protection Service
+ Acronis Scheduler2 Service
- "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
- Auto Load
- Provides scheduling for tasks of Acronis components.
+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1
+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113
+ Agentless Management Service
- "C:\Program Files\OEM\AMS\service\ams.exe"
- Auto Load
- Provides out of band management system with OS-level Agentless Management information and Active Health System events.
+ @%windir%\system32\inetsrv\iisres.dll,-30011
- %windir%\system32\svchost.exe -k apphost
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30012
+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101
+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101
+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @appmgmts.dll,-3251
+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness -p
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001
+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101
+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2
+ @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-1
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
- Load on Demand
- @%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_rc.dll,-2
+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205
+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\audiosrv.dll,-201
+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- disabled
- @%SystemRoot%\system32\AxInstSV.dll,-104
+ AzureAttestService
- C:\Windows\system32\svchost.exe -k AzureAttestService
- Auto Load
-
+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002
+ Background Intelligent Transfer Service
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\qmgr.dll,-1001
+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\bisrv.dll,-101
+ @%SystemRoot%\system32\BTAGService.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\BTAGService.dll,-102
+ @%SystemRoot%\system32\BthAvctpSvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\BthAvctpSvc.dll,-102
+ @%SystemRoot%\System32\bthserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\System32\bthserv.dll,-102
+ @%SystemRoot%\system32\CapabilityAccessManager.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\CapabilityAccessManager.dll,-2
+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101
+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12
+ @%SystemRoot%\system32\ClipSVC.dll,-103
- %SystemRoot%\System32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\ClipSVC.dll,-104
+ @comres.dll,-947
- %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
- Load on Demand
- @comres.dll,-948
+ @%SystemRoot%\system32\coremessaging.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%SystemRoot%\system32\coremessaging.dll,-2
+ @%SystemRoot%\system32\cryptsvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\system32\cryptsvc.dll,-1002
+ @%systemroot%\system32\cscsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- disabled
- @%systemroot%\system32\cscsvc.dll,-201
+ @combase.dll,-5012
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @combase.dll,-5013
+ @%SystemRoot%\system32\defragsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k defragsvc
- Load on Demand
- @%SystemRoot%\system32\defragsvc.dll,-102
+ @%SystemRoot%\system32\das.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\das.dll,-101
+ @%SystemRoot%\system32\umpnpmgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101
+ @%SystemRoot%\system32\DevQueryBroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\DevQueryBroker.dll,-101
+ @%SystemRoot%\system32\dhcpcore.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\dhcpcore.dll,-101
+ @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000
- %SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
- Load on Demand
- @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1001
+ @%SystemRoot%\system32\diagtrack.dll,-3001
- %SystemRoot%\System32\svchost.exe -k utcsvc -p
- Auto Load
- @%SystemRoot%\system32\diagtrack.dll,-3002
+ @%systemroot%\system32\Windows.Internal.Management.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\Windows.Internal.Management.dll,-101
+ @%SystemRoot%\system32\dmwappushsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\dmwappushsvc.dll,-201
+ @%SystemRoot%\System32\dnsapi.dll,-101
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\dnsapi.dll,-102
+ @%systemroot%\system32\dosvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%systemroot%\system32\dosvc.dll,-101
+ @%systemroot%\system32\dot3svc.dll,-1102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\dot3svc.dll,-1103
+ @%systemroot%\system32\dps.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Auto Load
- @%systemroot%\system32\dps.dll,-501
+ @%SystemRoot%\system32\DeviceSetupManager.dll,-1000
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\DeviceSetupManager.dll,-1001
+ @%SystemRoot%\system32\dssvc.dll,-10003
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\dssvc.dll,-10002
+ @%systemroot%\system32\eapsvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\eapsvc.dll,-2
+ @%SystemRoot%\system32\efssvc.dll,-100
- %SystemRoot%\System32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\efssvc.dll,-101
+ @%SystemRoot%\system32\embeddedmodesvc.dll,-201
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\embeddedmodesvc.dll,-202
+ Acronis Emergency Updater 0.0.1.2826
- "C:\Program Files (x86)\Common Files\Acronis\EmergencyUpdater\0.0.1.2826\emergency-updater.exe" --emergency-updater
- Auto Load
- Enables Acronis Emergency Updater.
+ @EnterpriseAppMgmtSvc.dll,-1
- %systemroot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @EnterpriseAppMgmtSvc.dll,-2
+ @%SystemRoot%\system32\wevtsvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\wevtsvc.dll,-201
+ @comres.dll,-2450
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @comres.dll,-2451
+ @%systemroot%\system32\fdPHost.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\fdPHost.dll,-101
+ @%systemroot%\system32\fdrespub.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%systemroot%\system32\fdrespub.dll,-101
+ @%systemroot%\system32\FntCache.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%systemroot%\system32\FntCache.dll,-101
+ @%SystemRoot%\system32\PresentationHost.exe,-3309
- %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
- Load on Demand
- @%SystemRoot%\system32\PresentationHost.exe,-3310
+ @%systemroot%\system32\FrameServer.dll,-100
- %SystemRoot%\System32\svchost.exe -k Camera
- Load on Demand
- @%systemroot%\system32\FrameServer.dll,-101
+ Google Chrome Elevation Service (GoogleChromeElevationService)
- "C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.171\elevation_service.exe"
- Load on Demand
- Provides encryption services and a secure way for recovering Google Chrome if it gets out of date. If this service is disabled, Google Chrome may lose access to encrypted data, and Google Chrome may not be able recover itself.
+ Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe" --system --windows-service --service=update-internal
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
+ Google Updater Service (GoogleUpdaterService144.0.7547.0)
- "C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe" --system --windows-service --service=update
- Auto Load
- Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
+ @gpapi.dll,-112
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @gpapi.dll,-113
+ @%SystemRoot%\system32\GraphicsPerfSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k GraphicsPerfSvcGroup
- disabled
- @%SystemRoot%\system32\GraphicsPerfSvc.dll,-101
+ @%SystemRoot%\System32\hidserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\hidserv.dll,-102
+ HPE Smart Array SR Event Notification Service
- "C:\Program Files\HPE\HpePqiESrv\hpepqiesrv.exe"
- Auto Load
- The HPE Smart Array SR Notification Service provides event notification to the Windows system event log, HPE ProLiant Integrated Management Log and HPE Integrity System Event Log for systems using the HPE Smart Array controller driver.
+ @%SystemRoot%\system32\hvhostsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\hvhostsvc.dll,-101
+ @%SystemRoot%\System32\tetheringservice.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- disabled
- @%SystemRoot%\System32\tetheringservice.dll,-4098
+ @%windir%\system32\inetsrv\iisres.dll,-30007
- %windir%\system32\inetsrv\inetinfo.exe
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30008
+ @%SystemRoot%\system32\ikeext.dll,-501
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\ikeext.dll,-502
+ @%SystemRoot%\system32\InstallService.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\InstallService.dll,-201
+ @%SystemRoot%\system32\iphlpsvc.dll,-500
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Auto Load
- @%SystemRoot%\system32\iphlpsvc.dll,-501
+ @keyiso.dll,-100
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @keyiso.dll,-101
+ @%systemroot%\system32\kpssvc.dll,-100
- %systemroot%\system32\svchost.exe -k KpsSvcGroup
- Load on Demand
- @%systemroot%\system32\kpssvc.dll,-101
+ @comres.dll,-2946
- %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
- Load on Demand
- @comres.dll,-2947
+ @%systemroot%\system32\srvsvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k smbsvcs
- Auto Load
- @%systemroot%\system32\srvsvc.dll,-101
+ @%systemroot%\system32\wkssvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%systemroot%\system32\wkssvc.dll,-101
+ @%SystemRoot%\System32\lfsvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\lfsvc.dll,-2
+ @%SystemRoot%\system32\licensemanagersvc.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\licensemanagersvc.dll,-201
+ @%SystemRoot%\system32\lltdres.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\lltdres.dll,-2
+ @%SystemRoot%\system32\lmhsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\lmhsvc.dll,-102
+ @%windir%\system32\lsm.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\lsm.dll,-1002
+ Apache Tomcat 9.0 Lucee
- D:\Techexcel\lucee\tomcat\bin\Tomcat9.exe //RS//Lucee
- Auto Load
- Apache Tomcat 9.0.45 Server - https://tomcat.apache.org/
+ @%SystemRoot%\System32\moshost.dll,-100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- disabled
- @%SystemRoot%\System32\moshost.dll,-101
+ Acronis Managed Machine Service
- "C:\Program Files\BackupClient\BackupAndRecovery\mms.exe"
- Auto Load
- Enables data backup and recovery on the machine.
+ @%SystemRoot%\system32\FirewallAPI.dll,-23090
- %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\FirewallAPI.dll,-23091
+ @comres.dll,-2797
- %SystemRoot%\System32\msdtc.exe
- Auto Load
- @comres.dll,-2798
+ @%SystemRoot%\system32\iscsidsc.dll,-5000
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\iscsidsc.dll,-5001
+ @%SystemRoot%\system32\msimsg.dll,-27
- %systemroot%\system32\msiexec.exe /V
- Load on Demand
- @%SystemRoot%\system32\msimsg.dll,-32
+ MS-MPI Launch Service
- "C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe"
- Load on Demand
- Service for launching MS-MPI applications
+ SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
- Load on Demand
- Service to launch full-text filter daemon process which will perform document filtering and word breaking for SQL Server full-text search. Disabling this service will make full-text search features of SQL Server unavailable.
+ SQL Server Launchpad (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\launchpad.exe" -launcher RLauncher.dll -launcher Pythonlauncher.dll -launcher commonlauncher.dll -pipename sqlsatellitelaunch -timeout 600000 -logPath "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\LOG\ExtensibilityLog" -workingDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExtensibilityData" -externalLanguagesTempDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLanguagesTemp" -externalLanguagesDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLanguages" -externalLibrariesTempDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLibrariesTemp" -externalLibrariesDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLibraries" -satelliteDllPath "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlsatellite.dll"
- Auto Load
- Service to launch Advanced Analytics Extensions Launchpad process that enables integration with Microsoft R Open using standard T-SQL statements. Disabling this service will make Advanced Analytics features of SQL Server unavailable.
+ SQL Server (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
- Auto Load
- Provides storage, processing and controlled access of data, and rapid transaction processing.
+ @%SystemRoot%\system32\ncasvc.dll,-3009
- %SystemRoot%\System32\svchost.exe -k NetSvcs -p
- Load on Demand
- @%SystemRoot%\system32\ncasvc.dll,-3008
+ @%SystemRoot%\system32\ncbservice.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\ncbservice.dll,-501
+ Netlogon
- %systemroot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\System32\netlogon.dll,-103
+ @%SystemRoot%\system32\netman.dll,-109
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\netman.dll,-110
+ @%SystemRoot%\system32\netprofmsvc.dll,-202
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\netprofmsvc.dll,-203
+ @%SystemRoot%\system32\NetSetupSvc.dll,-3
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\NetSetupSvc.dll,-4
+ @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8201
- %systemroot%\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
- disabled
- @%systemroot%\Microsoft.NET\Framework64\v4.0.30319\ServiceModelInstallRC.dll,-8200
+ @%SystemRoot%\System32\NgcCtnrSvc.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\NgcCtnrSvc.dll,-2
+ @%SystemRoot%\System32\ngcsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\ngcsvc.dll,-101
+ @%SystemRoot%\System32\nlasvc.dll,-1
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%SystemRoot%\System32\nlasvc.dll,-2
+ @%SystemRoot%\system32\nsisvc.dll,-200
- %systemroot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\nsisvc.dll,-201
+ NXLog
- "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
- Auto Load
- This service is responsible for running the NXLog agent. See www.nxlog.co.
+ Office 64 Source Engine
- "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
- Load on Demand
- Saves installation files used for updates and repairs and is required for the downloading of Setup updates and Watson error reports.
+ @%SystemRoot%\system32\pcasvc.dll,-1
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\pcasvc.dll,-2
+ @%systemroot%\sysWow64\perfhost.exe,-2
- %SystemRoot%\SysWow64\perfhost.exe
- Load on Demand
- @%systemroot%\SysWow64\perfhost.exe,-1
+ @%SystemRoot%\system32\PhoneserviceRes.dll,-10000
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\PhoneserviceRes.dll,-10001
+ @%systemroot%\system32\pla.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork -p
- Load on Demand
- @%systemroot%\system32\pla.dll,-501
+ @%SystemRoot%\system32\umpnpmgr.dll,-200
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Load on Demand
- @%SystemRoot%\system32\umpnpmgr.dll,-101
+ @%SystemRoot%\System32\polstore.dll,-5010
- %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\polstore.dll,-5011
+ @%SystemRoot%\system32\umpo.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%SystemRoot%\system32\umpo.dll,-101
+ @%systemroot%\system32\profsvc.dll,-300
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\profsvc.dll,-301
+ @%SystemRoot%\system32\pushtoinstall.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\pushtoinstall.dll,-201
+ @%SystemRoot%\system32\qwave.dll,-1
- %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\system32\qwave.dll,-2
+ @%Systemroot%\system32\rasauto.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%Systemroot%\system32\rasauto.dll,-201
+ @%Systemroot%\system32\rasmans.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- Auto Load
- @%Systemroot%\system32\rasmans.dll,-201
+ @%Systemroot%\system32\mprdim.dll,-200
- %SystemRoot%\System32\svchost.exe -k netsvcs
- disabled
- @%Systemroot%\system32\mprdim.dll,-201
+ Remote Registry
- %SystemRoot%\system32\svchost.exe -k localService -p
- Load on Demand
- @regsvc.dll,-2
+ @%SystemRoot%\system32\RMapi.dll,-1001
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- disabled
- @%SystemRoot%\system32\RMapi.dll,-1002
+ @%windir%\system32\RpcEpMap.dll,-1001
- %SystemRoot%\system32\svchost.exe -k RPCSS -p
- Auto Load
- @%windir%\system32\RpcEpMap.dll,-1002
+ Remote Procedure Call (RPC) Locator
- %SystemRoot%\system32\locator.exe
- Auto Load
- @%systemroot%\system32\Locator.exe,-3
+ @combase.dll,-5010
- %SystemRoot%\system32\svchost.exe -k rpcss -p
- Auto Load
- @combase.dll,-5011
+ @gpapi.dll,-114
- %SystemRoot%\system32\RSoPProv.exe
- Load on Demand
- @gpapi.dll,-115
+ @%systemroot%\system32\sacsvr.dll,-500
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\sacsvr.dll,-501
+ @%SystemRoot%\system32\samsrv.dll,-1
- %SystemRoot%\system32\lsass.exe
- Auto Load
- @%SystemRoot%\system32\samsrv.dll,-2
+ @%SystemRoot%\System32\SCardSvr.dll,-1
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
- Load on Demand
- @%SystemRoot%\System32\SCardSvr.dll,-5
+ @%SystemRoot%\System32\ScDeviceEnum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- disabled
- @%SystemRoot%\System32\ScDeviceEnum.dll,-101
+ @%SystemRoot%\system32\schedsvc.dll,-100
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\schedsvc.dll,-101
+ @%SystemRoot%\System32\certprop.dll,-13
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-14
+ @%SystemRoot%\system32\seclogon.dll,-7001
- %windir%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\seclogon.dll,-7000
+ @%systemroot%\system32\SecurityHealthAgent.dll,-1002
- %SystemRoot%\system32\SecurityHealthService.exe
- Load on Demand
- @%systemroot%\system32\SecurityHealthAgent.dll,-1001
+ @%SystemRoot%\System32\SEMgrSvc.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\System32\SEMgrSvc.dll,-1002
+ @%SystemRoot%\system32\Sens.dll,-200
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\Sens.dll,-201
+ @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001
- "%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe"
- Load on Demand
- @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1002
+ @%SystemRoot%\system32\SensorDataService.exe,-101
- %SystemRoot%\System32\SensorDataService.exe
- disabled
- @%SystemRoot%\system32\SensorDataService.exe,-102
+ @%SystemRoot%\System32\sensorservice.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\sensorservice.dll,-1001
+ @%SystemRoot%\System32\sensrsvc.dll,-1000
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- Load on Demand
- @%SystemRoot%\System32\sensrsvc.dll,-1001
+ @%SystemRoot%\System32\SessEnv.dll,-1026
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\SessEnv.dll,-1027
+ @%SystemRoot%\System32\SgrmBroker.exe,-100
- %SystemRoot%\system32\SgrmBroker.exe
- Load on Demand
- @%SystemRoot%\System32\SgrmBroker.exe,-101
+ @%SystemRoot%\system32\ipnathlp.dll,-106
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\ipnathlp.dll,-107
+ @%SystemRoot%\System32\shsvcs.dll,-12288
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\shsvcs.dll,-12289
+ @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-100
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\System32\Windows.SharedPC.AccountManager.dll,-101
+ System Management Assistant Service
- "C:\Program Files\OEM\AMS\service\sma.exe"
- disabled
- Provides OS-level inband and out of band Agentless Management information and Active Health System events.
+ @%SystemRoot%\System32\smphost.dll,-102
- %SystemRoot%\System32\svchost.exe -k smphost
- Load on Demand
- @%SystemRoot%\System32\smphost.dll,-101
+ @firewallapi.dll,-50323
- %SystemRoot%\System32\snmptrap.exe
- Load on Demand
- @firewallapi.dll,-50324
+ @%SystemRoot%\system32\sppsvc.exe,-101
- %SystemRoot%\system32\sppsvc.exe
- Auto Load
- @%SystemRoot%\system32\sppsvc.exe,-100
+ SQL Server Browser
- "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
- disabled
- Provides SQL Server connection information to client computers.
+ SQL Server Agent (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
- Auto Load
- Executes jobs, monitors SQL Server, fires alerts, and allows automation of some administrative tasks.
+ SQL Server CEIP service (MSSQLSERVER)
- "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
- Auto Load
- CEIP service for Sql server
+ SQL Server VSS Writer
- "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
- Auto Load
- Provides the interface to backup/restore Microsoft SQL server through the Windows VSS infrastructure.
+ @%systemroot%\system32\ssdpsrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\ssdpsrv.dll,-101
+ OpenSSH Authentication Agent
- %SystemRoot%\System32\OpenSSH\ssh-agent.exe
- disabled
- Agent to hold private keys used for public key authentication.
+ @%SystemRoot%\system32\sstpsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\sstpsvc.dll,-201
+ @%SystemRoot%\system32\windows.staterepository.dll,-1
- %SystemRoot%\system32\svchost.exe -k appmodel -p
- Load on Demand
- @%SystemRoot%\system32\windows.staterepository.dll,-2
+ @%SystemRoot%\system32\wiaservc.dll,-9
- %SystemRoot%\system32\svchost.exe -k imgsvc
- Load on Demand
- @%SystemRoot%\system32\wiaservc.dll,-10
+ @%SystemRoot%\System32\StorSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\System32\StorSvc.dll,-101
+ @%SystemRoot%\system32\svsvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\svsvc.dll,-102
+ @%SystemRoot%\System32\swprv.dll,-103
- %SystemRoot%\System32\svchost.exe -k swprv
- Load on Demand
- @%SystemRoot%\System32\swprv.dll,-102
+ @%SystemRoot%\system32\sysmain.dll,-1000
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\sysmain.dll,-1001
+ @%windir%\system32\SystemEventsBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\SystemEventsBrokerServer.dll,-1002
+ @%SystemRoot%\system32\TabSvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\TabSvc.dll,-101
+ @%SystemRoot%\system32\tapisrv.dll,-10100
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\tapisrv.dll,-10101
+ @%SystemRoot%\System32\termsrv.dll,-268
- %SystemRoot%\System32\svchost.exe -k termsvcs
- Load on Demand
- @%SystemRoot%\System32\termsrv.dll,-267
+ @%SystemRoot%\System32\themeservice.dll,-8192
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\System32\themeservice.dll,-8193
+ Tib Mounter Service
- "C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe"
- Load on Demand
-
+ @%SystemRoot%\system32\TieringEngineService.exe,-702
- %SystemRoot%\system32\TieringEngineService.exe
- Load on Demand
- @%SystemRoot%\system32\TieringEngineService.exe,-701
+ @%windir%\system32\TimeBrokerServer.dll,-1001
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%windir%\system32\TimeBrokerServer.dll,-1002
+ @%systemroot%\system32\tokenbroker.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\tokenbroker.dll,-101
+ @%SystemRoot%\system32\trkwks.dll,-1
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\system32\trkwks.dll,-2
+ @%SystemRoot%\servicing\TrustedInstaller.exe,-100
- %SystemRoot%\servicing\TrustedInstaller.exe
- Load on Demand
- @%SystemRoot%\servicing\TrustedInstaller.exe,-101
+ @%SystemRoot%\system32\tzautoupdate.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- disabled
- @%SystemRoot%\system32\tzautoupdate.dll,-201
+ @%systemroot%\system32\ualsvc.dll,-102
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%systemroot%\system32\ualsvc.dll,-101
+ @%systemroot%\system32\AgentService.exe,-102
- %systemroot%\system32\AgentService.exe
- disabled
- @%systemroot%\system32\AgentService.exe,-101
+ @%SystemRoot%\system32\umrdp.dll,-1000
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\umrdp.dll,-1001
+ @%systemroot%\system32\upnphost.dll,-213
- %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
- disabled
- @%systemroot%\system32\upnphost.dll,-214
+ @%systemroot%\system32\usermgr.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usermgr.dll,-101
+ @%systemroot%\system32\usocore.dll,-101
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%systemroot%\system32\usocore.dll,-102
+ @%SystemRoot%\system32\vaultsvc.dll,-1003
- %SystemRoot%\system32\lsass.exe
- Load on Demand
- @%SystemRoot%\system32\vaultsvc.dll,-1004
+ @%SystemRoot%\system32\vds.exe,-100
- %SystemRoot%\System32\vds.exe
- Load on Demand
- @%SystemRoot%\system32\vds.exe,-112
+ Veeam Installer Service
- "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160
- Auto Load
- Enables installing, updating and configuring Veeam Backup & Replication components.
+ Veeam Agent for Microsoft Windows
- "C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe"
- Auto Load
- Performs periodic backups of this computer.
+ Veeam Data Mover Service
- "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe"
- Auto Load
- Sends and receives protected data during backup, replication and restore processes.
+ @%systemroot%\system32\icsvc.dll,-801
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-802
+ @%systemroot%\system32\icsvc.dll,-101
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-102
+ @%systemroot%\system32\icsvc.dll,-201
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-202
+ @%systemroot%\system32\icsvcext.dll,-601
- %systemroot%\system32\svchost.exe -k ICService -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-602
+ @%systemroot%\system32\icsvc.dll,-301
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-302
+ @%systemroot%\system32\icsvc.dll,-401
- %systemroot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-402
+ @%systemroot%\system32\icsvc.dll,-901
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvc.dll,-902
+ @%systemroot%\system32\icsvcext.dll,-501
- %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\icsvcext.dll,-502
+ @%systemroot%\system32\vssvc.exe,-102
- %systemroot%\system32\vssvc.exe
- Load on Demand
- @%systemroot%\system32\vssvc.exe,-101
+ @%SystemRoot%\system32\w32time.dll,-200
- %SystemRoot%\system32\svchost.exe -k LocalService
- Load on Demand
- @%SystemRoot%\system32\w32time.dll,-201
+ @%windir%\system32\inetsrv\iisres.dll,-30014
- %windir%\system32\svchost.exe -k apphost
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30015
+ @%windir%\system32\inetsrv\iisres.dll,-30003
- %windir%\system32\svchost.exe -k iissvcs
- Auto Load
- @%windir%\system32\inetsrv\iisres.dll,-30004
+ @WaaSMedicSvc.dll,-100
- %systemroot%\system32\svchost.exe -k wusvcs -p
- Load on Demand
- @WaaSMedicSvc.dll,-101
+ @%SystemRoot%\System32\WalletService.dll,-1000
- %SystemRoot%\System32\svchost.exe -k appmodel -p
- disabled
- @%SystemRoot%\System32\WalletService.dll,-1001
+ @%SystemRoot%\System32\Windows.WARP.JITService.dll,-100
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\System32\Windows.WARP.JITService.dll,-101
+ @%windir%\system32\inetsrv\iisres.dll,-30001
- %windir%\system32\svchost.exe -k iissvcs
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-30002
+ @%systemroot%\system32\wbiosrvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
- Load on Demand
- @%systemroot%\system32\wbiosrvc.dll,-101
+ @%SystemRoot%\System32\wcmsvc.dll,-4097
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\System32\wcmsvc.dll,-4098
+ @%systemroot%\system32\wdi.dll,-502
- %SystemRoot%\System32\svchost.exe -k LocalService -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-503
+ @%systemroot%\system32\wdi.dll,-500
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\wdi.dll,-501
+ @%SystemRoot%\system32\wecsvc.dll,-200
- %SystemRoot%\system32\svchost.exe -k NetworkService -p
- Load on Demand
- @%SystemRoot%\system32\wecsvc.dll,-201
+ @%systemroot%\system32\wephostsvc.dll,-100
- %systemroot%\system32\svchost.exe -k WepHostSvcGroup
- Load on Demand
- @%systemroot%\system32\wephostsvc.dll,-101
+ @%SystemRoot%\System32\wercplsupport.dll,-101
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\System32\wercplsupport.dll,-100
+ @%SystemRoot%\System32\wersvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k WerSvcGroup
- Load on Demand
- @%SystemRoot%\System32\wersvc.dll,-101
+ @%SystemRoot%\system32\wiarpc.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\wiarpc.dll,-1
+ @%SystemRoot%\system32\winhttp.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\winhttp.dll,-101
+ @%Systemroot%\system32\wbem\wmisvc.dll,-205
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%Systemroot%\system32\wbem\wmisvc.dll,-204
+ @%Systemroot%\system32\wsmsvc.dll,-101
- %SystemRoot%\System32\svchost.exe -k NetworkService -p
- Auto Load
- @%Systemroot%\system32\wsmsvc.dll,-102
+ VNC Server Version 4
- "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
- Auto Load
-
+ @%SystemRoot%\system32\flightsettings.dll,-103
- %systemroot%\system32\svchost.exe -k netsvcs -p
- disabled
- @%SystemRoot%\system32\flightsettings.dll,-104
+ @%SystemRoot%\system32\wlidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\wlidsvc.dll,-101
+ @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
- %systemroot%\system32\wbem\WmiApSrv.exe
- Load on Demand
- @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
+ @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
- "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
- Load on Demand
- @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
+ @%windir%\system32\inetsrv\iisres.dll,-20001
- %windir%\system32\inetsrv\wmsvc.exe
- Load on Demand
- @%windir%\system32\inetsrv\iisres.dll,-20002
+ @%SystemRoot%\system32\wpdbusenum.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\wpdbusenum.dll,-101
+ @%SystemRoot%\system32\wpnservice.dll,-1
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\wpnservice.dll,-2
+ @%systemroot%\system32\SearchIndexer.exe,-103
- %systemroot%\system32\SearchIndexer.exe /Embedding
- disabled
- @%systemroot%\system32\SearchIndexer.exe,-104
+ Windows Update
- %systemroot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\wuaueng.dll,-106
70629 - Microsoft Windows AutoRuns Winlogon
-
Synopsis
Report programs that startup associates with the winlogon process.
Description
Report the startup locations associated with the winlogon process.
These values could add features to the logon process, assist in authentication, or set screen savers.
These values could add features to the logon process, assist in authentication, or set screen savers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
+ CLSID : {1b283861-754f-4022-ad47-a5eaaa618894}
- Name : Smartcard Reader Selection Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll
+ CLSID : {1ee7337f-85ac-45e2-a23c-37c753209769}
- Name : Smartcard WinRT Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll
+ CLSID : {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
- Name : PicturePasswordLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll
+ CLSID : {25CBB996-92ED-457e-B28C-4774084BD562}
- Name : GenericProvider
- Value : %SystemRoot%\system32\credprovs.dll
+ CLSID : {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}
- Name : TrustedSignal Credential Provider
- Value : %systemroot%\system32\TrustedSignalCredProv.dll
+ CLSID : {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
- Name : NPProvider
- Value : %SystemRoot%\system32\credprovs.dll
+ CLSID : {48B4E58D-2791-456C-9091-D524C6C706F2}
- Name : Secondary Authentication Factor Credential Provider
- Value : C:\Windows\System32\devicengccredprov.dll
+ CLSID : {600e7adb-da3e-41a4-9225-3c0399e88c0c}
- Name : CngCredUICredentialProvider
- Value : %systemroot%\system32\cngcredui.dll
+ CLSID : {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
- Name : PasswordProvider
- Value : %SystemRoot%\system32\credprovs.dll
+ CLSID : {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
- Name : Smartcard Credential Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll
+ CLSID : {94596c7e-3744-41ce-893e-bbf09122f76a}
- Name : Smartcard Pin Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll
+ CLSID : {BEC09223-B018-416D-A0AC-523971B639F5}
- Name : WinBio Credential Provider
- Value : %SystemRoot%\System32\BioCredProv.dll
+ CLSID : {C5D7540A-CD51-453B-B22B-05305BA03F07}
- Name : Cloud Experience Credential Provider
- Value : C:\Windows\System32\cxcredprov.dll
+ CLSID : {cb82ea12-9f71-446d-89e1-8d0924e1256e}
- Name : PINLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll
+ CLSID : {D6886603-9D2F-4EB2-B667-1971041FA96B}
- Name : NGC Credential Provider
- Value : C:\Windows\System32\ngccredprov.dll
+ CLSID : {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
- Name : CertCredProvider
- Value : %systemroot%\system32\certCredProvider.dll
+ CLSID : {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
- Name : WLIDCredentialProvider
- Value : %SystemRoot%\system32\wlidcredprov.dll
+ CLSID : {F8A1793B-7873-4046-B2A7-1F318747F427}
- Name : FIDO Credential Provider
- Value : %systemroot%\system32\fidocredprov.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
+ CLSID : {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
- Name : GenericFilter
- Value : %SystemRoot%\system32\credprovs.dll
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
+ CLSID : {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}
- Name : RasProvider
- Value : %SystemRoot%\system32\rasplap.dll
70630 - Microsoft Windows AutoRuns Winsock Provider
-
Synopsis
Report Winsock providers extensions.
Description
A Winsock provider is a type of Layered Service Provider (LSP) that can be used to control protocols by inserting itself into the TCP/IP stack. This can commonly be used to help filter web traffic, enable QoS type services, or anything to hook network traffic controls.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2025/12/15
Plugin Output
tcp/0
+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll
+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll
+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\NLAapi.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll
92363 - Microsoft Windows Device Logs
-
Synopsis
Nessus was able to collect available device logs from the remote host.
Description
Nessus was able to collect available device logs from the remote Windows host and add them as attachments.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
Device logs attached.
92364 - Microsoft Windows Environment Variables
-
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0757 |
Plugin Information
Published: 2016/07/19, Modified: 2022/06/24
Plugin Output
tcp/0
Global Environment Variables :
msmpi_benchmarks : C:\Program Files\Microsoft MPI\Benchmarks\
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 32
username : SYSTEM
os : Windows_NT
temp : %SystemRoot%\TEMP
processor_revision : 5504
path : C:\Program Files\Microsoft MPI\Bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;D:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;D:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;D:\Program Files\Microsoft SQL Server\150\Tools\Binn\;D:\Program Files\Microsoft SQL Server\150\DTS\Binn\;D:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Azure Data Studio\bin;C:\Program Files\\SUT\bin;C:\Program Files\BackupClient\CommandLineTool\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files\BackupClient\PyShell\bin\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
tmp : %SystemRoot%\TEMP
msmpi_bin : C:\Program Files\Microsoft MPI\Bin\
processor_identifier : Intel64 Family 6 Model 85 Stepping 4, GenuineIntel
driverdata : C:\Windows\System32\Drivers\DriverData
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;D:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\
windir : %SystemRoot%
Active User Environment Variables
- S-1-5-21-549360554-2228062029-2355455187-500
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
- S-1-5-21-549360554-2228062029-2355455187-1001
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin;C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\bin
tmp : %USERPROFILE%\AppData\Local\Temp
- S-1-5-21-549360554-2228062029-2355455187-1002
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
msmpi_benchmarks : C:\Program Files\Microsoft MPI\Benchmarks\
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
number_of_processors : 32
username : SYSTEM
os : Windows_NT
temp : %SystemRoot%\TEMP
processor_revision : 5504
path : C:\Program Files\Microsoft MPI\Bin\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;%SYSTEMROOT%\System32\OpenSSH\;D:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;D:\Program Files (x86)\Microsoft SQL Server\150\Tools\Binn\;D:\Program Files\Microsoft SQL Server\150\Tools\Binn\;D:\Program Files\Microsoft SQL Server\150\DTS\Binn\;D:\Program Files (x86)\Microsoft SQL Server\150\DTS\Binn\;C:\Program Files\Azure Data Studio\bin;C:\Program Files\\SUT\bin;C:\Program Files\BackupClient\CommandLineTool\;C:\Program Files (x86)\Common Files\Acronis\FileProtector\;C:\Program Files (x86)\Common Files\Acronis\FileProtector64\;C:\Program Files\BackupClient\PyShell\bin\;C:\Program Files (x86)\Common Files\Acronis\SnapAPI\
tmp : %SystemRoot%\TEMP
msmpi_bin : C:\Program Files\Microsoft MPI\Bin\
processor_identifier : Intel64 Family 6 Model 85 Stepping 4, GenuineIntel
driverdata : C:\Windows\System32\Drivers\DriverData
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
processor_architecture : AMD64
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;D:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\
windir : %SystemRoot%
Active User Environment Variables
- S-1-5-21-549360554-2228062029-2355455187-500
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
- S-1-5-21-549360554-2228062029-2355455187-1001
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin;C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\bin
tmp : %USERPROFILE%\AppData\Local\Temp
- S-1-5-21-549360554-2228062029-2355455187-1002
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;
tmp : %USERPROFILE%\AppData\Local\Temp
92365 - Microsoft Windows Hosts File
-
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/01/27
Plugin Output
tcp/0
Windows hosts file attached.
MD5: 8a930f9850af8fcf222b7e0f25480118
SHA-1: 06125cd11a4b6bddb8d49f2185206190adf0f55b
SHA-256: 6aff879922ed65590edd1c9af99c92316288f11bbe6b40d41d7f442b35256edf
MD5: 8a930f9850af8fcf222b7e0f25480118
SHA-1: 06125cd11a4b6bddb8d49f2185206190adf0f55b
SHA-256: 6aff879922ed65590edd1c9af99c92316288f11bbe6b40d41d7f442b35256edf
187318 - Microsoft Windows Installed
-
Synopsis
The remote host is running Microsoft Windows.
Description
The remote host is running Microsoft Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/12/27, Modified: 2025/12/10
Plugin Output
tcp/0
OS Name : Microsoft Windows Server 2019 1809
Vendor : Microsoft
Product : Windows Server
Release : 2019 1809
Edition : Datacenter
Version : 10.0.17763.7009
Role : server
Kernel : Windows NT 10.0
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_server_2019:10.0.17763.7009:-:~~datacenter~~x64~
CPE v2.3 : cpe:2.3:o:microsoft:windows_server_2019:10.0.17763.7009:-:*:*:datacenter:*:x64:*
Type : local
Method : SMB
Confidence : 100
20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
-
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates
Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates
Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
| XREF | IAVT:0001-T-0501 |
Plugin Information
Published: 2006/01/26, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
The following software are installed on the remote host :
7-Zip 24.09 (x64) [version 24.09]
Acronis Cyber Protect [version 24.11.39130]
Google Chrome [version 143.0.7499.171] [installed on 2026/01/07]
Agentless Management Service [version 2.51.4.1]
Hotfix 4188 for SQL Server 2019 (KB5007182) (64-bit) [version 15.0.4188.2] [installed on 2022/01/14]
Hotfix 4355 for SQL Server 2019 (KB5033688) (64-bit) [version 15.0.4355.3] [installed on 2024/04/06]
Hotfix 4365 for SQL Server 2019 (KB5035123) (64-bit) [version 15.0.4365.2] [installed on 2024/05/08]
Hotfix 4410 for SQL Server 2019 (KB5046860) (64-bit) [version 15.0.4410.1] [installed on 2024/12/21]
Hotfix 4415 for SQL Server 2019 (KB5049235) (64-bit) [version 15.0.4415.2] [installed on 2024/12/21]
Hotfix 4420 for SQL Server 2019 (KB5049296) (64-bit) [version 15.0.4420.2] [installed on 2025/02/15]
Lucee [version 5.3.8.201] [installed on 2022/08/10]
Matrox Graphics Software (remove only) [version 4.5.0.5]
Microsoft Help Viewer 2.3 [version 2.3.28107]
Microsoft SQL Server 2019 (64-bit)
VNC Enterprise Edition E4.6.1 [version E4.6.1] [installed on 2022/01/08]
TreeSize Free V4.4.2 [version 4.4.2] [installed on 2022/12/02]
Veeam Installer Service [version 12.1.0.2131]
WinMerge 2.16.36.0 x64 [version 2.16.36.0] [installed on 2023/12/27]
WinRAR 7.01 (64-bit) [version 7.01.0]
wkhtmltopdf
SQL Server Management Studio for Reporting Services [version 15.0.18390.0] [installed on 2022/01/14]
Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429 [version 14.14.26429] [installed on 2022/01/14]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.6.1] [installed on 2024/05/08]
SQL Server 2019 Common Files [version 15.0.2000.5] [installed on 2025/02/15]
Smart Storage Administrator [version 6.25.9.0] [installed on 2024/06/07]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 [version 12.0.21005] [installed on 2022/01/14]
Microsoft SQL Server 2019 RsFx Driver [version 15.0.4420.2] [installed on 2025/02/15]
Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429 [version 14.14.26429.4]
SQL Server 2019 XEvent [version 15.0.2000.5] [installed on 2025/02/15]
Integrated Smart Update Tools for Windows [version 4.5.0.0] [installed on 2024/06/07]
SQL Server 2019 sql_inst_java [version 15.0.2000.5] [installed on 2022/01/14]
SQL Server 2019 SQL Diagnostics [version 15.0.2000.5] [installed on 2022/01/14]
Microsoft VSS Writer for SQL Server 2019 [version 15.0.2000.5] [installed on 2025/02/15]
Microsoft SQL Server 2019 T-SQL Language Service [version 15.0.2000.5] [installed on 2022/01/14]
NVMe Drive Eject NMI Fix [version 1.1.0.0] [installed on 2022/01/07]
MergeModule2012 [version 1.0.0] [installed on 2022/01/07]
SQL Server Management Studio [version 15.0.18390.0] [installed on 2022/01/14]
HPE Lights-Out Online Configuration Utility [version 6.0.0.0] [installed on 2024/06/07]
Integration Services [version 15.0.2000.168] [installed on 2022/01/14]
Microsoft SQL Server 2019 Setup (English) [version 15.0.4420.2] [installed on 2025/02/15]
SSMS Post Install Tasks [version 15.0.18390.0] [installed on 2022/01/14]
Microsoft Analysis Services OLE DB Provider [version 15.0.2000.568] [installed on 2022/01/14]
Smart Storage Administrator Diagnostics and SSD Wear Gauge Utility [version 6.25.9.0] [installed on 2024/06/07]
Browser for SQL Server 2019 [version 15.0.2000.5] [installed on 2025/02/15]
SQL Server 2019 Database Engine Shared [version 15.0.2000.5] [installed on 2022/01/14]
SQL Server 2019 Shared Management Objects [version 15.0.2000.5] [installed on 2025/02/15]
Azure Data Studio [version 1.51.1] [installed on 2025/03/26]
Microsoft Visual C++ 2017 x86 Additional Runtime - 14.14.26429 [version 14.14.26429] [installed on 2022/01/14]
Microsoft OLE DB Driver for SQL Server [version 18.7.4.0] [installed on 2024/12/21]
Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.14.26429 [version 14.14.26429] [installed on 2022/01/14]
Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429 [version 14.14.26429.4]
SQL Server 2019 DMF [version 15.0.2000.5] [installed on 2025/02/15]
Microsoft MPI (10.1.12498.17) [version 10.1.12498.17] [installed on 2022/01/14]
HPE Smart Array SR Event Notification Service [version 1.2.1.67] [installed on 2024/06/07]
SQL Server 2019 Shared Management Objects Extensions [version 15.0.2000.5] [installed on 2025/02/15]
Microsoft Access database engine 2010 (English) [version 14.0.4763.1000] [installed on 2023/01/07]
Microsoft Access database engine 2016 (English) [version 16.0.4519.1000] [installed on 2024/12/21]
Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support [version 15.0.27520] [installed on 2022/01/14]
Cyber Protect [version 24.11.39130] [installed on 2024/12/20]
SQL Server 2019 Connection Info [version 15.0.2000.5] [installed on 2022/01/14]
SQL Server Management Studio for Analysis Services [version 15.0.18390.0] [installed on 2022/01/14]
SQL Server 2019 Database Engine Services [version 15.0.2000.5] [installed on 2025/02/15]
Smart Storage Administrator CLI [version 6.25.9.0] [installed on 2024/06/07]
Visual Studio 2017 Isolated Shell for SSMS [version 15.0.28307.421] [installed on 2022/01/14]
Veeam Agent for Microsoft Windows [version 6.1.0.349] [installed on 2024/03/22]
Microsoft SQL Server 2012 Native Client [version 11.4.7515.2] [installed on 2024/12/21]
Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support [version 15.0.27520] [installed on 2022/01/14]
SQL Server 2019 sql_inst_mr [version 15.0.2000.5] [installed on 2025/02/15]
Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429 [version 14.14.26429] [installed on 2022/01/14]
SQL Server 2019 Advanced Analytics [version 15.0.2000.5] [installed on 2025/02/15]
NXLog-CE [version 3.2.2329] [installed on 2023/10/11]
SQL Server 2019 Full text search [version 15.0.2000.5] [installed on 2025/02/15]
Veeam Backup Transport [version 12.1.0.2131] [installed on 2024/05/07]
SQL Server 2019 Batch Parser [version 15.0.2000.5] [installed on 2025/02/15]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 [version 12.0.21005] [installed on 2022/01/14]
SQL Server 2019 sql_azul_java [version 15.0.2000.5] [installed on 2025/02/15]
Microsoft SQL Server Management Studio - 18.10 [version 15.0.18390.0]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 [version 12.0.30501.0]
Microsoft Visual Studio Tools for Applications 2017 [version 15.0.27520]
178102 - Microsoft Windows Installed Software Version Enumeration
-
Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.
Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2024/07/15
Plugin Output
tcp/445/cifs
The following software information is available on the remote host :
- Microsoft MPI (10.1.12498.17)
Best Confidence Version : 10.1.12498.17
Version Confidence Level : 2
All Possible Versions : 10.1.12498.17
Other Version Data
[InstallDate] :
Raw Value : 2022/01/14
[InstallLocation] :
Raw Value : C:\Program Files\Microsoft MPI\
[UninstallString] :
Raw Value : MsiExec.exe /X{8499ACD3-C1E3-45AB-BF96-DA491727EBE1}
[VersionMinor] :
Raw Value : 1
[Version] :
Raw Value : 167850194
[VersionMajor] :
Raw Value : 10
[Publisher] :
Raw Value : Microsoft Corporation
[DisplayVersion] :
Raw Value : 10.1.12498.17
[DisplayName] :
Raw Value : Microsoft MPI (10.1.12498.17)
- Veeam Agent for Microsoft Windows
Best Confidence Version : 6.1.0.349
Version Confidence Level : 2
All Possible Versions : 6.1.0.349
Other Version Data
[InstallDate] :
Raw Value : 2024/03/22
[InstallLocation] :
Raw Value : C:\Program Files\Veeam\Endpoint Backup\
[UninstallString] :
Raw Value : MsiExec.exe /X{ABD0AE66-A804-4FCB-8969-CC0DF6ACA027}
[VersionMinor] :
Raw Value : 1
[Version] :
Raw Value : 100728832
[VersionMajor] :
Raw Value : 6
[Publisher] :
Raw Value : Veeam Software Group GmbH
[DisplayVersion] :
Raw Value : 6.1.0.349
[DisplayName] :
Raw Value : Veeam Agent for Microsoft Windows
- WinRAR 7.01 (64-bit)
Best Confidence Version : 7.1.0.0
Version Confidence Level : 3
All Possible Versions : 7.1.0.0, 7.01.0
Other Version Data
[VersionMajor] :
Raw Value : 7
[InstallLocation] :
Raw Value : C:\Program Files\WinRAR
[DisplayName] :
Raw Value : WinRAR 7.01 (64-bit)
[UninstallString] :
Raw Value : C:\Program Files\WinRAR\uninstall.exe
Parsed File Path : C:\Program Files\WinRAR\uninstall.exe
Parsed File Version : 7.1.0.0
[DisplayVersion] :
Raw Value : 7.01.0
[Publisher] :
Raw Value : win.rar GmbH
[VersionMinor] :
Raw Value : 1
[DisplayIcon] :
Raw Value : C:\Program Files\WinRAR\WinRAR.exe
Parsed File Path : C:\Program Files\WinRAR\WinRAR.exe
Parsed File Version : 7.1.0.0
- Matrox Graphics Software (remove only)
Best Confidence Version : 4.5.0.5
Version Confidence Level : 2
All Possible Versions : 4.5.0.5
Other Version Data
[DisplayName] :
Raw Value : Matrox Graphics Software (remove only)
[UninstallString] :
Raw Value : %SystemRoot%\SysWOW64\Matrox\Matrox.WddmUninstaller.exe
[DisplayVersion] :
Raw Value : 4.5.0.5
- Hotfix 4420 for SQL Server 2019 (KB5049296) (64-bit)
Best Confidence Version : 2019.150.4420.2
Version Confidence Level : 3
All Possible Versions : 2019.150.4420.2, 15.0.4420.2
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4420 for SQL Server 2019 (KB5049296) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5049296\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5049296\QFE\setup.exe
Parsed File Version : 2019.150.4420.2
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.4420.2
[Publisher] :
Raw Value : Microsoft Corporation
- Hotfix 4365 for SQL Server 2019 (KB5035123) (64-bit)
Best Confidence Version : 2019.150.4365.2
Version Confidence Level : 3
All Possible Versions : 2019.150.4365.2, 15.0.4365.2
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4365 for SQL Server 2019 (KB5035123) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5035123\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5035123\QFE\setup.exe
Parsed File Version : 2019.150.4365.2
[InstallDate] :
Raw Value : 2024/05/08
[DisplayVersion] :
Raw Value : 15.0.4365.2
[Publisher] :
Raw Value : Microsoft Corporation
- Microsoft Access database engine 2010 (English)
Best Confidence Version : 14.0.4763.1000
Version Confidence Level : 2
All Possible Versions : 14.0.4763.1000
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 234885787
[DisplayName] :
Raw Value : Microsoft Access database engine 2010 (English)
[UninstallString] :
Raw Value : MsiExec.exe /I{90140000-00D1-0409-1000-0000000FF1CE}
[InstallDate] :
Raw Value : 2023/01/07
[DisplayVersion] :
Raw Value : 14.0.4763.1000
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 Database Engine Shared
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Database Engine Shared
[UninstallString] :
Raw Value : MsiExec.exe /I{DE5B7937-D5B5-4157-BC30-BB87F021CFF0}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft Help Viewer 2.3
Best Confidence Version : 2.3.28107
Version Confidence Level : 2
All Possible Versions : 51.119.37191, 2.3.28107
Other Version Data
[InstallDate] :
Raw Value : 2022/01/14
[DisplayIcon] :
Raw Value : msiexec.exe
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Microsoft Help Viewer\v2.3\
[UninstallString] :
Raw Value : msiexec.exe /X{BEFC10C1-7032-3C8E-80BC-621A77BFEABD}
[VersionMinor] :
Raw Value : 0
[Version] :
Raw Value : 33779147
Parsed Version : 51.119.37191
[VersionMajor] :
Raw Value : 2
[DisplayVersion] :
Raw Value : 2.3.28107
[DisplayName] :
Raw Value : Microsoft Help Viewer 2.3
- Browser for SQL Server 2019
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Browser for SQL Server 2019
[UninstallString] :
Raw Value : MsiExec.exe /X{5E366957-8D78-4BB5-A790-96F97A9766BD}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 XEvent
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 XEvent
[UninstallString] :
Raw Value : MsiExec.exe /I{2129312E-5204-4F3A-9039-B6D34DBB00FB}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 Full text search
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Full text search
[UninstallString] :
Raw Value : MsiExec.exe /I{BFF9440C-BC5B-4326-A861-916CC3788A4A}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 Shared Management Objects Extensions
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Shared Management Objects Extensions
[UninstallString] :
Raw Value : MsiExec.exe /I{C7E6D4B7-CB10-4239-BA04-D9339B39D0BD}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 sql_azul_java
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 sql_azul_java
[UninstallString] :
Raw Value : MsiExec.exe /I{FF7B55CB-CDC3-4084-B27A-6C3B65800DD4}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Hotfix 4410 for SQL Server 2019 (KB5046860) (64-bit)
Best Confidence Version : 2019.150.4410.1
Version Confidence Level : 3
All Possible Versions : 2019.150.4410.1, 15.0.4410.1
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4410 for SQL Server 2019 (KB5046860) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5046860\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5046860\QFE\setup.exe
Parsed File Version : 2019.150.4410.1
[InstallDate] :
Raw Value : 2024/12/21
[DisplayVersion] :
Raw Value : 15.0.4410.1
[Publisher] :
Raw Value : Microsoft Corporation
- Microsoft ODBC Driver 17 for SQL Server
Best Confidence Version : 17.10.6.1
Version Confidence Level : 2
All Possible Versions : 17.10.6.1
Other Version Data
[VersionMajor] :
Raw Value : 17
[Version] :
Raw Value : 285868038
[DisplayName] :
Raw Value : Microsoft ODBC Driver 17 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{0E0F96AC-80DE-4400-A40C-429D63293651}
[InstallDate] :
Raw Value : 2024/05/08
[DisplayVersion] :
Raw Value : 17.10.6.1
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 10
- SQL Server Management Studio
Best Confidence Version : 15.0.18390.0
Version Confidence Level : 2
All Possible Versions : 15.0.18390.0
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251676630
[DisplayName] :
Raw Value : SQL Server Management Studio
[UninstallString] :
Raw Value : MsiExec.exe /I{3F338A1B-1DCF-458F-8189-416B09B7D077}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.18390.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Agentless Management Service
Best Confidence Version : 2.51.4.1
Version Confidence Level : 2
All Possible Versions : 54.137.26482, 2.51.4.1
Other Version Data
[InstallDate] :
Raw Value : 2024/06/07
[InstallLocation] :
Raw Value : %ProgramFiles%\OEM\AMS\Service
[UninstallString] :
Raw Value : MsiExec.exe /X{51E9FF2E-A4C2-4ADC-A3BE-651CE43A9F00}
[VersionMinor] :
Raw Value : 51
[Version] :
Raw Value : 36896772
Parsed Version : 54.137.26482
[VersionMajor] :
Raw Value : 2
[Publisher] :
Raw Value : Hewlett Packard Enterprise Development LP
[DisplayVersion] :
Raw Value : 2.51.4.1
[DisplayName] :
Raw Value : Agentless Management Service
- Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429
Best Confidence Version : 14.14.26429
Version Confidence Level : 2
All Possible Versions : 14.14.26429
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 235824957
[DisplayName] :
Raw Value : Microsoft Visual C++ 2017 x64 Minimum Runtime - 14.14.26429
[UninstallString] :
Raw Value : MsiExec.exe /X{03EBF679-E886-38AD-8E70-28658449F7F9}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 14.14.26429
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 14
- NXLog-CE
Best Confidence Version : 3.2.2329
Version Confidence Level : 2
All Possible Versions : 80.70.20553, 3.2.2329
Other Version Data
[InstallDate] :
Raw Value : 2023/10/11
[InstallLocation] :
Raw Value : C:\Program Files\nxlog\
[UninstallString] :
Raw Value : MsiExec.exe /X{BE5E656D-853E-4570-AE57-A45967208689}
[VersionMinor] :
Raw Value : 2
[Version] :
Raw Value : 50465049
Parsed Version : 80.70.20553
[VersionMajor] :
Raw Value : 3
[Publisher] :
Raw Value : NXLog Ltd
[DisplayVersion] :
Raw Value : 3.2.2329
[DisplayName] :
Raw Value : NXLog-CE
- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
Best Confidence Version : 12.0.30501.0
Version Confidence Level : 3
All Possible Versions : 12.0.30501.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
Parsed File Version : 12.0.30501.0
[DisplayVersion] :
Raw Value : 12.0.30501.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe
Parsed File Version : 12.0.30501.0
- Microsoft Analysis Services OLE DB Provider
Best Confidence Version : 15.0.2000.568
Version Confidence Level : 2
All Possible Versions : 15.0.2000.568
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Microsoft Analysis Services OLE DB Provider
[UninstallString] :
Raw Value : MsiExec.exe /I{4F1405AB-36A8-4383-9C1A-AE00491C255F}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.568
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server Management Studio for Reporting Services
Best Confidence Version : 15.0.18390.0
Version Confidence Level : 2
All Possible Versions : 15.0.18390.0
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251676630
[DisplayName] :
Raw Value : SQL Server Management Studio for Reporting Services
[UninstallString] :
Raw Value : MsiExec.exe /I{0278A8F5-4DDC-40FF-95CC-1D4725CA074B}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.18390.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Integration Services
Best Confidence Version : 15.0.2000.168
Version Confidence Level : 2
All Possible Versions : 15.0.2000.168
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Integration Services
[UninstallString] :
Raw Value : MsiExec.exe /I{4938A647-7EA4-4496-A843-5E338B91C07E}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.168
[VersionMinor] :
Raw Value : 0
- Smart Storage Administrator CLI
Best Confidence Version : 6.25.9.0
Version Confidence Level : 2
All Possible Versions : 6.25.9.0
Other Version Data
[InstallDate] :
Raw Value : 2024/06/07
[InstallLocation] :
Raw Value : C:\Program Files\Smart Storage Administrator\ssacli
[UninstallString] :
Raw Value : MsiExec.exe /X{A67FA8FD-6773-4BA9-81E4-9B20943AAE83}
[VersionMinor] :
Raw Value : 25
[Version] :
Raw Value : 102301705
[VersionMajor] :
Raw Value : 6
[Publisher] :
Raw Value : Microchip Technology Inc.
[DisplayVersion] :
Raw Value : 6.25.9.0
[DisplayName] :
Raw Value : Smart Storage Administrator CLI
- SQL Server 2019 DMF
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 DMF
[UninstallString] :
Raw Value : MsiExec.exe /I{FC8DC283-4A85-467F-8D0E-2FE4606DCCA1}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- HPE Smart Array SR Event Notification Service
Best Confidence Version : 1.2.1.67
Version Confidence Level : 2
All Possible Versions : 22.144.33417, 1.2.1.67
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16908289
Parsed Version : 22.144.33417
[DisplayName] :
Raw Value : HPE Smart Array SR Event Notification Service
[UninstallString] :
Raw Value : MsiExec.exe /X{8719FECF-5DF9-4C94-B288-AF9A1B5067F0}
[InstallDate] :
Raw Value : 2024/06/07
[DisplayVersion] :
Raw Value : 1.2.1.67
[Publisher] :
Raw Value : Hewlett Packard Enterprise Development LP
[VersionMinor] :
Raw Value : 2
- Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429
Best Confidence Version : 14.14.26429.4
Version Confidence Level : 3
All Possible Versions : 14.14.26429.4
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2017 Redistributable (x86) - 14.14.26429
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}\VC_redist.x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}\VC_redist.x86.exe
Parsed File Version : 14.14.26429.4
[DisplayVersion] :
Raw Value : 14.14.26429.4
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}\VC_redist.x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{2019b6a0-8533-4a04-ac0e-b2c10bdb9841}\VC_redist.x86.exe
Parsed File Version : 14.14.26429.4
- Microsoft SQL Server 2019 T-SQL Language Service
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 T-SQL Language Service
[UninstallString] :
Raw Value : MsiExec.exe /I{31D27B41-A051-49D8-907A-62E0F4A2188C}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 Connection Info
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Connection Info
[UninstallString] :
Raw Value : MsiExec.exe /I{99B940D5-1A49-4B6C-B26C-6A88B2C061CA}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Veeam Backup Transport
Best Confidence Version : 12.1.0.2131
Version Confidence Level : 2
All Possible Versions : 12.1.0.2131
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201392128
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Veeam\Backup Transport\
[DisplayName] :
Raw Value : Veeam Backup Transport
[UninstallString] :
Raw Value : MsiExec.exe /X{C04B7DFA-3B96-4783-8D3E-25C34FD2DAE4}
[InstallDate] :
Raw Value : 2024/05/07
[DisplayVersion] :
Raw Value : 12.1.0.2131
[VersionMinor] :
Raw Value : 1
- Visual Studio 2017 Isolated Shell for SSMS
Best Confidence Version : 15.0.28307.421
Version Confidence Level : 2
All Possible Versions : 15.0.28307.421
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251686547
[DisplayName] :
Raw Value : Visual Studio 2017 Isolated Shell for SSMS
[UninstallString] :
Raw Value : MsiExec.exe /I{AAA9F15B-AF45-4562-9991-93A848D3A902}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.28307.421
[VersionMinor] :
Raw Value : 0
- 7-Zip 24.09 (x64)
Best Confidence Version : 24.9.0.0
Version Confidence Level : 3
All Possible Versions : 24.9.0.0, 24.09
Other Version Data
[VersionMajor] :
Raw Value : 24
[InstallLocation] :
Raw Value : C:\Program Files\7-Zip\
[DisplayName] :
Raw Value : 7-Zip 24.09 (x64)
[UninstallString] :
Raw Value : "C:\Program Files\7-Zip\Uninstall.exe"
Parsed File Path : C:\Program Files\7-Zip\Uninstall.exe
Parsed File Version : 24.9.0.0
[DisplayVersion] :
Raw Value : 24.09
[Publisher] :
Raw Value : Igor Pavlov
[VersionMinor] :
Raw Value : 9
[DisplayIcon] :
Raw Value : C:\Program Files\7-Zip\7zFM.exe
Parsed File Path : C:\Program Files\7-Zip\7zFM.exe
Parsed File Version : 24.9.0.0
- Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support
Best Confidence Version : 15.0.27520
Version Confidence Level : 2
All Possible Versions : 15.0.27520
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251685760
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2017 x86 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{9594C97E-6A20-38B3-81BB-2778C4780BE1}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.27520
[VersionMinor] :
Raw Value : 0
- Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support
Best Confidence Version : 15.0.27520
Version Confidence Level : 2
All Possible Versions : 15.0.27520
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251685760
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2017 x64 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{AFFB9D8D-6E58-38A0-A7DD-F6F1F4247B36}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.27520
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft SQL Server 2012 Native Client
Best Confidence Version : 11.4.7515.2
Version Confidence Level : 2
All Possible Versions : 11.4.7515.2
Other Version Data
[VersionMajor] :
Raw Value : 11
[Version] :
Raw Value : 184819035
[DisplayName] :
Raw Value : Microsoft SQL Server 2012 Native Client
[UninstallString] :
Raw Value : MsiExec.exe /I{ADA823D7-2A3F-4FC6-96AC-C11656168D1E}
[InstallDate] :
Raw Value : 2024/12/21
[DisplayVersion] :
Raw Value : 11.4.7515.2
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 4
- Acronis Cyber Protect
Best Confidence Version : 24.11.1.39130
Version Confidence Level : 3
All Possible Versions : 24.11.1.39130, 24.11.39130
Other Version Data
[DisplayName] :
Raw Value : Acronis Cyber Protect
[UninstallString] :
Raw Value : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Path : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Version : 24.11.1.39130
[DisplayVersion] :
Raw Value : 24.11.39130
[Publisher] :
Raw Value : Acronis
[DisplayIcon] :
Raw Value : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Path : C:\Program Files\Common Files\Acronis\BackupAndRecovery\AcronisUninstaller.exe
Parsed File Version : 24.11.1.39130
- Hotfix 4415 for SQL Server 2019 (KB5049235) (64-bit)
Best Confidence Version : 2019.150.4415.2
Version Confidence Level : 3
All Possible Versions : 2019.150.4415.2, 15.0.4415.2
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4415 for SQL Server 2019 (KB5049235) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5049235\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5049235\QFE\setup.exe
Parsed File Version : 2019.150.4415.2
[InstallDate] :
Raw Value : 2024/12/21
[DisplayVersion] :
Raw Value : 15.0.4415.2
[Publisher] :
Raw Value : Microsoft Corporation
- Microsoft Visual C++ 2017 x86 Additional Runtime - 14.14.26429
Best Confidence Version : 14.14.26429
Version Confidence Level : 2
All Possible Versions : 14.14.26429
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 235824957
[DisplayName] :
Raw Value : Microsoft Visual C++ 2017 x86 Additional Runtime - 14.14.26429
[UninstallString] :
Raw Value : MsiExec.exe /X{6F0267F3-7467-350D-A8C8-33B72E3658D8}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 14.14.26429
[VersionMinor] :
Raw Value : 14
- NVMe Drive Eject NMI Fix
Best Confidence Version : 1.1.0.0
Version Confidence Level : 2
All Possible Versions : 22.132.10066, 1.1.0.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16842752
Parsed Version : 22.132.10066
[DisplayName] :
Raw Value : NVMe Drive Eject NMI Fix
[UninstallString] :
Raw Value : MsiExec.exe /X{3D99D1D6-9479-419B-A5E4-D1470755E856}
[InstallDate] :
Raw Value : 2022/01/07
[DisplayVersion] :
Raw Value : 1.1.0.0
[Publisher] :
Raw Value : Hewlett Packard Enterprise
[VersionMinor] :
Raw Value : 1
- Microsoft VSS Writer for SQL Server 2019
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : Microsoft VSS Writer for SQL Server 2019
[UninstallString] :
Raw Value : MsiExec.exe /I{2C33F4D4-E9A5-4DE1-ACFE-3A13464E6703}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft SQL Server Management Studio - 18.10
Best Confidence Version : 15.0.18390.0
Version Confidence Level : 3
All Possible Versions : 15.0.18390.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft SQL Server Management Studio - 18.10
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{c09f71ef-fff8-435a-bdc9-3c242a7c36f3}\SSMS-Setup-ENU.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{c09f71ef-fff8-435a-bdc9-3c242a7c36f3}\SSMS-Setup-ENU.exe
Parsed File Version : 15.0.18390.0
[DisplayVersion] :
Raw Value : 15.0.18390.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{c09f71ef-fff8-435a-bdc9-3c242a7c36f3}\SSMS-Setup-ENU.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{c09f71ef-fff8-435a-bdc9-3c242a7c36f3}\SSMS-Setup-ENU.exe
Parsed File Version : 15.0.18390.0
- SQL Server 2019 Database Engine Services
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Database Engine Services
[UninstallString] :
Raw Value : MsiExec.exe /I{A60B3D8E-5311-4BF1-AF7A-D1AC15F9152E}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Lucee
Best Confidence Version : 5.3.8.201
Version Confidence Level : 2
All Possible Versions : 5.3.8.201
Other Version Data
[VersionMajor] :
Raw Value : 5
[InstallLocation] :
Raw Value : D:\Techexcel\lucee
[DisplayName] :
Raw Value : Lucee
[UninstallString] :
Raw Value : "D:\Techexcel\lucee\uninstall.exe"
Parsed File Path : D:\Techexcel\lucee\uninstall.exe
[InstallDate] :
Raw Value : 2022/08/10
[DisplayVersion] :
Raw Value : 5.3.8.201
[Publisher] :
Raw Value : Lucee Association Switzerland
[VersionMinor] :
Raw Value : 3
[DisplayIcon] :
Raw Value : D:\Techexcel\lucee/lucee.ico
- Smart Storage Administrator
Best Confidence Version : 6.25.9.0
Version Confidence Level : 2
All Possible Versions : 6.25.9.0
Other Version Data
[InstallDate] :
Raw Value : 2024/06/07
[InstallLocation] :
Raw Value : C:\Program Files\Smart Storage Administrator\ssa
[UninstallString] :
Raw Value : MsiExec.exe /X{120D5DCD-19B3-4B6D-B7DE-8880DA9CECB4}
[VersionMinor] :
Raw Value : 25
[Version] :
Raw Value : 102301705
[VersionMajor] :
Raw Value : 6
[Publisher] :
Raw Value : Microchip Technology Inc.
[DisplayVersion] :
Raw Value : 6.25.9.0
[DisplayName] :
Raw Value : Smart Storage Administrator
- Hotfix 4188 for SQL Server 2019 (KB5007182) (64-bit)
Best Confidence Version : 2019.150.4188.2
Version Confidence Level : 3
All Possible Versions : 2019.150.4188.2, 15.0.4188.2
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4188 for SQL Server 2019 (KB5007182) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5007182\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5007182\QFE\setup.exe
Parsed File Version : 2019.150.4188.2
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.4188.2
[Publisher] :
Raw Value : Microsoft Corporation
- Microsoft Visual Studio Tools for Applications 2017
Best Confidence Version : 15.0.27520.0
Version Confidence Level : 3
All Possible Versions : 15.0.27520.0, 15.0.27520
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2017
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe
Parsed File Version : 15.0.27520.0
[DisplayVersion] :
Raw Value : 15.0.27520
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{f895a2f1-ae3f-4212-8af1-7fa1f8c212ea}\vsta_setup.exe
Parsed File Version : 15.0.27520.0
- SQL Server 2019 Shared Management Objects
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Shared Management Objects
[UninstallString] :
Raw Value : MsiExec.exe /I{A8581199-F913-443B-B058-8E8BF317E71C}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Hotfix 4355 for SQL Server 2019 (KB5033688) (64-bit)
Best Confidence Version : 2019.150.4355.3
Version Confidence Level : 3
All Possible Versions : 2019.150.4355.3, 15.0.4355.3
Other Version Data
[DisplayName] :
Raw Value : Hotfix 4355 for SQL Server 2019 (KB5033688) (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5033688\QFE\setup.exe" /Action=RemovePatch /AllInstances
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\Update Cache\KB5033688\QFE\setup.exe
Parsed File Version : 2019.150.4355.3
[InstallDate] :
Raw Value : 2024/04/06
[DisplayVersion] :
Raw Value : 15.0.4355.3
[Publisher] :
Raw Value : Microsoft Corporation
- SQL Server 2019 sql_inst_mr
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 sql_inst_mr
[UninstallString] :
Raw Value : MsiExec.exe /I{B0523C0B-B56B-4C63-9B00-5A91EFF8F948}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server Management Studio for Analysis Services
Best Confidence Version : 15.0.18390.0
Version Confidence Level : 2
All Possible Versions : 15.0.18390.0
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251676630
[DisplayName] :
Raw Value : SQL Server Management Studio for Analysis Services
[UninstallString] :
Raw Value : MsiExec.exe /I{A1CAC3E0-B321-40FE-8907-4739297D5338}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.18390.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- TreeSize Free V4.4.2
Best Confidence Version : 51.1052.0.0
Version Confidence Level : 3
All Possible Versions : 51.1052.0.0, 4.4.2, 4.4.2.514
Other Version Data
[VersionMajor] :
Raw Value : 4
[InstallLocation] :
Raw Value : C:\Program Files (x86)\JAM Software\TreeSize Free\
[DisplayName] :
Raw Value : TreeSize Free V4.4.2
[UninstallString] :
Raw Value : "C:\Program Files (x86)\JAM Software\TreeSize Free\unins000.exe"
Parsed File Path : C:\Program Files (x86)\JAM Software\TreeSize Free\unins000.exe
Parsed File Version : 51.1052.0.0
[InstallDate] :
Raw Value : 2022/12/02
[DisplayVersion] :
Raw Value : 4.4.2
[VersionMinor] :
Raw Value : 4
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Parsed File Path : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Parsed File Version : 4.4.2.514
- Integrated Smart Update Tools for Windows
Best Confidence Version : 4.5.0.0
Version Confidence Level : 2
All Possible Versions : 103.67.25924, 4.5.0.0
Other Version Data
[InstallDate] :
Raw Value : 2024/06/07
[InstallLocation] :
Raw Value : C:\Program Files\\SUT
[UninstallString] :
Raw Value : MsiExec.exe /I{264D20A1-AA3B-4EE8-B1F6-E8174055A4DE}
[VersionMinor] :
Raw Value : 5
[Version] :
Raw Value : 67436544
Parsed Version : 103.67.25924
[VersionMajor] :
Raw Value : 4
[Publisher] :
Raw Value : Hewlett Packard Enterprise
[DisplayVersion] :
Raw Value : 4.5.0.0
[DisplayName] :
Raw Value : Integrated Smart Update Tools for Windows
- VNC Enterprise Edition E4.6.1
Best Confidence Version : 51.52.0.0
Version Confidence Level : 3
All Possible Versions : 51.52.0.0, E4.6.1, 4.6.1.54321
Other Version Data
[InstallLocation] :
Raw Value : C:\Program Files\RealVNC\VNC4\
[DisplayName] :
Raw Value : VNC Enterprise Edition E4.6.1
[UninstallString] :
Raw Value : "C:\Program Files\RealVNC\VNC4\unins000.exe"
Parsed File Path : C:\Program Files\RealVNC\VNC4\unins000.exe
Parsed File Version : 51.52.0.0
[InstallDate] :
Raw Value : 2022/01/08
[DisplayVersion] :
Raw Value : E4.6.1
[Publisher] :
Raw Value : RealVNC Ltd
[DisplayIcon] :
Raw Value : C:\Program Files\RealVNC\VNC4\VNCViewer.exe,0
Parsed File Path : C:\Program Files\RealVNC\VNC4\VNCViewer.exe
Parsed File Version : 4.6.1.54321
- Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429
Best Confidence Version : 14.14.26429.4
Version Confidence Level : 3
All Possible Versions : 14.14.26429.4
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2017 Redistributable (x64) - 14.14.26429
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{80586c77-db42-44bb-bfc8-7aebbb220c00}\VC_redist.x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{80586c77-db42-44bb-bfc8-7aebbb220c00}\VC_redist.x64.exe
Parsed File Version : 14.14.26429.4
[DisplayVersion] :
Raw Value : 14.14.26429.4
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{80586c77-db42-44bb-bfc8-7aebbb220c00}\VC_redist.x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{80586c77-db42-44bb-bfc8-7aebbb220c00}\VC_redist.x64.exe
Parsed File Version : 14.14.26429.4
- Veeam Installer Service
Best Confidence Version : 12.1.0.2131
Version Confidence Level : 3
All Possible Versions : 12.1.0.2131
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 12
[InstallLocation] :
Raw Value : C:\Windows\Veeam\Backup
[DisplayName] :
Raw Value : Veeam Installer Service
[UninstallString] :
Raw Value : C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe -uninstall
Parsed File Path : C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe
Parsed File Version : 12.1.0.2131
[DisplayVersion] :
Raw Value : 12.1.0.2131
[VersionMinor] :
Raw Value : 2131
[DisplayIcon] :
Raw Value : C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe
Parsed File Path : C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe
Parsed File Version : 12.1.0.2131
- Microsoft SQL Server 2019 Setup (English)
Best Confidence Version : 15.0.4420.2
Version Confidence Level : 2
All Possible Versions : 15.0.4420.2
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251662660
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 Setup (English)
[UninstallString] :
Raw Value : MsiExec.exe /X{4AE84379-2D63-45B6-8F44-0F729001EF80}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.4420.2
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.14.26429
Best Confidence Version : 14.14.26429
Version Confidence Level : 2
All Possible Versions : 14.14.26429
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 235824957
[DisplayName] :
Raw Value : Microsoft Visual C++ 2017 x86 Minimum Runtime - 14.14.26429
[UninstallString] :
Raw Value : MsiExec.exe /X{7753EC39-3039-3629-98BE-447C5D869C09}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 14.14.26429
[VersionMinor] :
Raw Value : 14
- Cyber Protect
Best Confidence Version : 24.11.39130
Version Confidence Level : 2
All Possible Versions : 24.11.39130
Other Version Data
[InstallDate] :
Raw Value : 2024/12/20
[InstallLocation] :
Raw Value : C:\Program Files\BackupClient\
[UninstallString] :
Raw Value : MsiExec.exe /X{96A18E80-64FC-4886-9516-CADCF1BBDD82}
[VersionMinor] :
Raw Value : 11
[Version] :
Raw Value : 403413210
[VersionMajor] :
Raw Value : 24
[Publisher] :
Raw Value : Acronis
[DisplayVersion] :
Raw Value : 24.11.39130
[DisplayName] :
Raw Value : Cyber Protect
- SSMS Post Install Tasks
Best Confidence Version : 15.0.18390.0
Version Confidence Level : 2
All Possible Versions : 15.0.18390.0
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251676630
[DisplayName] :
Raw Value : SSMS Post Install Tasks
[UninstallString] :
Raw Value : MsiExec.exe /I{4CB8C759-75FE-492C-8CEB-EEB9D07E2E8D}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.18390.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft SQL Server 2019 RsFx Driver
Best Confidence Version : 15.0.4420.2
Version Confidence Level : 2
All Possible Versions : 15.0.4420.2
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251662660
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 RsFx Driver
[UninstallString] :
Raw Value : MsiExec.exe /I{1904402A-A6FD-4151-9C8E-24942899DD00}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.4420.2
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 Common Files
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Common Files
[UninstallString] :
Raw Value : MsiExec.exe /I{0FB552DD-543E-48E7-A6F4-2F8D82723C6A}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Google Chrome
Best Confidence Version : 143.0.7499.171
Version Confidence Level : 3
All Possible Versions : 143.0.7499.171
Other Version Data
[InstallDate] :
Raw Value : 2026/01/07
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe,0
Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Parsed File Version : 143.0.7499.171
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Google\Chrome\Application
[UninstallString] :
Raw Value : "C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.171\Installer\setup.exe" --uninstall --channel=stable --system-level --verbose-logging
Parsed File Path : C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.171\Installer\setup.exe
Parsed File Version : 143.0.7499.171
[VersionMinor] :
Raw Value : 171
[Version] :
Raw Value : 143.0.7499.171
[VersionMajor] :
Raw Value : 7499
[DisplayVersion] :
Raw Value : 143.0.7499.171
[DisplayName] :
Raw Value : Google Chrome
- Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
Best Confidence Version : 12.0.21005
Version Confidence Level : 2
All Possible Versions : 12.0.21005
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201347597
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005
[UninstallString] :
Raw Value : MsiExec.exe /X{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 12.0.21005
[VersionMinor] :
Raw Value : 0
- Azure Data Studio
Best Confidence Version : 51.1052.0.0
Version Confidence Level : 3
All Possible Versions : 51.1052.0.0, 1.51.1, 1.51.1.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[InstallLocation] :
Raw Value : C:\Program Files\Azure Data Studio\
[DisplayName] :
Raw Value : Azure Data Studio
[UninstallString] :
Raw Value : "C:\Program Files\Azure Data Studio\unins000.exe"
Parsed File Path : C:\Program Files\Azure Data Studio\unins000.exe
Parsed File Version : 51.1052.0.0
[InstallDate] :
Raw Value : 2025/03/26
[DisplayVersion] :
Raw Value : 1.51.1
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 51
[DisplayIcon] :
Raw Value : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Path : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Version : 1.51.1.0
- Microsoft OLE DB Driver for SQL Server
Best Confidence Version : 18.7.4.0
Version Confidence Level : 2
All Possible Versions : 18.7.4.0
Other Version Data
[VersionMajor] :
Raw Value : 18
[Version] :
Raw Value : 302448644
[DisplayName] :
Raw Value : Microsoft OLE DB Driver for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{76EB75D2-CCF6-41A9-90B6-922DE9146276}
[InstallDate] :
Raw Value : 2024/12/21
[DisplayVersion] :
Raw Value : 18.7.4.0
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 7
- MergeModule2012
Best Confidence Version : 1.0.0
Version Confidence Level : 2
All Possible Versions : 22.119.29206, 1.0.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16777216
Parsed Version : 22.119.29206
[DisplayName] :
Raw Value : MergeModule2012
[UninstallString] :
Raw Value : MsiExec.exe /X{3E0D2B4B-CA5F-40D6-B0AE-648008897125}
[InstallDate] :
Raw Value : 2022/01/07
[DisplayVersion] :
Raw Value : 1.0.0
[Publisher] :
Raw Value : Microsoft
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 sql_inst_java
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 sql_inst_java
[UninstallString] :
Raw Value : MsiExec.exe /I{286E30FF-F22E-463E-ACAB-708AE6D50AF0}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- wkhtmltopdf
Version Confidence Level : 3
All Possible Versions :
Other Version Data
[DisplayName] :
Raw Value : wkhtmltopdf
[UninstallString] :
Raw Value : "C:\Program Files (x86)\wkhtmltopdf\uninstall.exe"
Parsed File Path : C:\Program Files (x86)\wkhtmltopdf\uninstall.exe
- Smart Storage Administrator Diagnostics and SSD Wear Gauge Utility
Best Confidence Version : 6.25.9.0
Version Confidence Level : 2
All Possible Versions : 6.25.9.0
Other Version Data
[InstallDate] :
Raw Value : 2024/06/07
[InstallLocation] :
Raw Value : C:\Program Files\Smart Storage Administrator\ssaducli
[UninstallString] :
Raw Value : MsiExec.exe /X{58B68773-0692-4A9A-80B8-B1E89604CDBA}
[VersionMinor] :
Raw Value : 25
[Version] :
Raw Value : 102301705
[VersionMajor] :
Raw Value : 6
[Publisher] :
Raw Value : Microchip Technology Inc.
[DisplayVersion] :
Raw Value : 6.25.9.0
[DisplayName] :
Raw Value : Smart Storage Administrator Diagnostics and SSD Wear Gauge Utility
- SQL Server 2019 SQL Diagnostics
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 SQL Diagnostics
[UninstallString] :
Raw Value : MsiExec.exe /I{28ED6838-D8E5-454C-A813-12C5EB447CAB}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429
Best Confidence Version : 14.14.26429
Version Confidence Level : 2
All Possible Versions : 14.14.26429
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 235824957
[DisplayName] :
Raw Value : Microsoft Visual C++ 2017 x64 Additional Runtime - 14.14.26429
[UninstallString] :
Raw Value : MsiExec.exe /X{B12F584A-DE7A-3EE3-8EC4-8A64DBC0F2A7}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 14.14.26429
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 14
- SQL Server 2019 Advanced Analytics
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Advanced Analytics
[UninstallString] :
Raw Value : MsiExec.exe /I{BD408334-78B9-4024-A8B5-53184C2E8CB3}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
Best Confidence Version : 12.0.21005
Version Confidence Level : 2
All Possible Versions : 12.0.21005
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201347597
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005
[UninstallString] :
Raw Value : MsiExec.exe /X{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}
[InstallDate] :
Raw Value : 2022/01/14
[DisplayVersion] :
Raw Value : 12.0.21005
[VersionMinor] :
Raw Value : 0
- WinMerge 2.16.36.0 x64
Best Confidence Version : 51.1052.0.0
Version Confidence Level : 3
All Possible Versions : 51.1052.0.0, 2.16.36.0
Other Version Data
[VersionMajor] :
Raw Value : 2
[InstallLocation] :
Raw Value : C:\Program Files\WinMerge\
[DisplayName] :
Raw Value : WinMerge 2.16.36.0 x64
[UninstallString] :
Raw Value : "C:\Program Files\WinMerge\unins000.exe"
Parsed File Path : C:\Program Files\WinMerge\unins000.exe
Parsed File Version : 51.1052.0.0
[InstallDate] :
Raw Value : 2023/12/27
[DisplayVersion] :
Raw Value : 2.16.36.0
[Publisher] :
Raw Value : Thingamahoochie Software
[VersionMinor] :
Raw Value : 16
[DisplayIcon] :
Raw Value : C:\Program Files\WinMerge\WinMergeU.exe
Parsed File Path : C:\Program Files\WinMerge\WinMergeU.exe
Parsed File Version : 2.16.36.0
- Microsoft SQL Server 2019 (64-bit)
Best Confidence Version : 15.0.4420.2
Version Confidence Level : 3
All Possible Versions : 15.0.4420.2
Other Version Data
[DisplayName] :
Raw Value : Microsoft SQL Server 2019 (64-bit)
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe"
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe
Parsed File Version : 15.0.4420.2
[Publisher] :
Raw Value : Microsoft Corporation
[DisplayIcon] :
Raw Value : "C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe"
Parsed File Path : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\SetupARP.exe
Parsed File Version : 15.0.4420.2
- Microsoft Access database engine 2016 (English)
Best Confidence Version : 16.0.4519.1000
Version Confidence Level : 2
All Possible Versions : 16.0.4519.1000
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268439975
[DisplayName] :
Raw Value : Microsoft Access database engine 2016 (English)
[UninstallString] :
Raw Value : MsiExec.exe /I{90160000-00D1-0409-1000-0000000FF1CE}
[InstallDate] :
Raw Value : 2024/12/21
[DisplayVersion] :
Raw Value : 16.0.4519.1000
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- SQL Server 2019 Batch Parser
Best Confidence Version : 15.0.2000.5
Version Confidence Level : 2
All Possible Versions : 15.0.2000.5
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251660240
[DisplayName] :
Raw Value : SQL Server 2019 Batch Parser
[UninstallString] :
Raw Value : MsiExec.exe /I{D459615B-83B0-408F-8F39-6CC07C277BA6}
[InstallDate] :
Raw Value : 2025/02/15
[DisplayVersion] :
Raw Value : 15.0.2000.5
[Publisher] :
Raw Value : Microsoft Corporation
[VersionMinor] :
Raw Value : 0
- HPE Lights-Out Online Configuration Utility
Best Confidence Version : 6.0.0.0
Version Confidence Level : 2
All Possible Versions : 6.0.0.0
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 100663296
[DisplayName] :
Raw Value : HPE Lights-Out Online Configuration Utility
[UninstallString] :
Raw Value : MsiExec.exe /X{452BFA2A-7E5A-46CE-B045-3B9834B419D5}
[InstallDate] :
Raw Value : 2024/06/07
[DisplayVersion] :
Raw Value : 6.0.0.0
[Publisher] :
Raw Value : Hewlett Packard Enterprise
[VersionMinor] :
Raw Value : 0
92366 - Microsoft Windows Last Boot Time
-
Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/07/09
Plugin Output
tcp/0
Last reboot : 2026-01-04T21:32:59+05:30 (20260104213259.378439+330)
161502 - Microsoft Windows Logged On Users
-
Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enumerate the SIDs of logged on users
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/05/25, Modified: 2025/10/01
Plugin Output
tcp/445/cifs
Logged on users :
- S-1-5-21-549360554-2228062029-2355455187-1001
Domain : TECHE_WEB_DB
Username : techexcel
- S-1-5-21-549360554-2228062029-2355455187-1002
Domain :
Username :
- S-1-5-21-549360554-2228062029-2355455187-500
Domain : TECHE_WEB_DB
Username : Production
- S-1-5-21-549360554-2228062029-2355455187-1001
Domain : TECHE_WEB_DB
Username : techexcel
- S-1-5-21-549360554-2228062029-2355455187-1002
Domain :
Username :
- S-1-5-21-549360554-2228062029-2355455187-500
Domain : TECHE_WEB_DB
Username : Production
63080 - Microsoft Windows Mounted Devices
-
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/11/28, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Name : \dosdevices\g:
Data : DMIO:ID:DX55|A-E';7
Raw data : 444d494f3a49443a445835357c021141a82db79e45273b37
Name : \dosdevices\h:
Data : DMIO:ID:/-QLK9ac
Raw data : 444d494f3a49443a2f2d8251b64ca44b84ba3961639adaec
Name : \dosdevices\e:
Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC_CRW&Rev_1.00#29203008282014000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f005300440023004d004d0043005f0043005200570026005200650076005f0031002e00300030002300320039003200300033003000300038003200380032003000310034003000300030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00
Name : \??\volume{803b07ef-6fbe-11ec-88f9-806e6f6e6963}
Data : _??_USBSTOR#Disk&Ven_Generic-&Prod_SD#MMC_CRW&Rev_1.00#29203008282014000&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00470065006e0065007200690063002d002600500072006f0064005f005300440023004d004d0043005f0043005200570026005200650076005f0031002e00300030002300320039003200300033003000300038003200380032003000310034003000300030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00
Name : \dosdevices\f:
Data : DMIO:ID:v7"H#C=
Raw data : 444d494f3a49443ad67637a4229f0648b3ea2393ce43f13d
Name : \dosdevices\c:
Data : DMIO:ID:AJd.,y
Raw data : 444d494f3a49443adc0b12048c41fb4a91e507642e2c798e
Name : \dosdevices\d:
Data : DMIO:ID:V0HP4T
Raw data : 444d494f3a49443abf56dda8cb30cb488450e2aae7349654
103871 - Microsoft Windows Network Adapters
-
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
References
| XREF | IAVT:0001-T-0758 |
Plugin Information
Published: 2017/10/17, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
Network Adapter Driver Description : HPE Ethernet 1Gb 4-port 366FLR Adapter
Network Adapter Driver Version : 12.18.13.0
65791 - Microsoft Windows Portable Devices
-
Synopsis
It is possible to get a list of portable devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that use of the portable devices agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2013/04/03, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Friendly name : E:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC_CRW&REV_1.00#29203008282014000&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
Friendly name : SPP2021100
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.00#4C530001090613114581&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
Friendly name : SPP2020091
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_SANDISK&PROD_ULTRA&REV_1.00#4C530001220313109523&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
Friendly name : DATA
Device : SWD#WPDBUSENUM#{3478E128-6455-11EE-8926-D4F5EF604614}#0000000000100000
Friendly name : G:\
Device : SWD#WPDBUSENUM#{6E30B60F-24F0-11EF-893A-D4F5EF604614}#0000000000100000
92367 - Microsoft Windows PowerShell Execution Policy
-
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/06/12
Plugin Output
tcp/0
HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : RemoteSigned
151440 - Microsoft Windows Print Spooler Service Enabled
-
Synopsis
The Microsoft Windows Print Spooler service on the remote host is enabled.
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/07, Modified: 2021/07/07
Plugin Output
tcp/445/cifs
The Microsoft Windows Print Spooler service on the remote host is enabled.
70329 - Microsoft Windows Process Information
-
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.
This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2025/12/15
Plugin Output
tcp/0
Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (696)
2 : winlogon.exe (11732)
2 : |- LogonUI.exe (11000)
2 : |- fontdrvhost.exe (14132)
2 : |- dwm.exe (2344)
3 : csrss.exe (13244)
2 : explorer.exe (13296)
2 : |- MmsMonitor.exe (12772)
2 : |- MmsMonitor.exe (15520)
2 : |- MmsMonitor.exe (1900)
2 : |- MmsMonitor.exe (320)
2 : |- schedhlp.exe (15040)
2 : |- Veeam.EndPoint.Tray.exe (6808)
2 : tib_mounter_monitor.exe (15992)
3 : winlogon.exe (16064)
3 : |- LogonUI.exe (14680)
3 : |- fontdrvhost.exe (15500)
3 : |- dwm.exe (4016)
3 : tib_mounter_monitor.exe (18400)
0 : Registry (272)
3 : explorer.exe (5708)
3 : |- schedhlp.exe (16468)
3 : |- Veeam.EndPoint.Tray.exe (18192)
3 : |- MmsMonitor.exe (2772)
3 : |- MmsMonitor.exe (15224)
3 : |- MmsMonitor.exe (17688)
3 : |- MmsMonitor.exe (17768)
1 : winlogon.exe (764)
1 : |- fontdrvhost.exe (1040)
1 : |- LogonUI.exe (1488)
1 : |- dwm.exe (1496)
2 : csrss.exe (7688)
0 : csrss.exe (864)
0 : wininit.exe (936)
0 : |- fontdrvhost.exe (1048)
0 : |- lsass.exe (188)
0 : |- services.exe (628)
0 : |- svchost.exe (10348)
3 : |- svchost.exe (10588)
0 : |- svchost.exe (10620)
0 : |- svchost.exe (1136)
0 : |- fdlauncher.exe (11772)
0 : |- fdhost.exe (11960)
0 : |- conhost.exe (11980)
0 : |- SQLAGENT.EXE (11824)
0 : |- conhost.exe (11868)
0 : |- svchost.exe (1184)
0 : |- Launchpad.exe (11844)
0 : |- svchost.exe (12028)
3 : |- MusNotifyIcon.exe (13816)
0 : |- svchost.exe (1296)
2 : |- rdpclip.exe (5712)
3 : |- rdpclip.exe (6468)
0 : |- schedul2.exe (13196)
0 : |- msdtc.exe (13680)
3 : |- svchost.exe (13776)
0 : |- svchost.exe (13780)
0 : |- svchost.exe (13828)
0 : |- svchost.exe (1384)
0 : |- nxlog.exe (13864)
2 : |- svchost.exe (13876)
0 : |- svchost.exe (1396)
0 : |- svchost.exe (1400)
0 : |- svchost.exe (1408)
0 : |- mms.exe (14180)
0 : |- dllhost.exe (14620)
0 : |- svchost.exe (15864)
2 : |- svchost.exe (1588)
0 : |- svchost.exe (1592)
0 : |- svchost.exe (16232)
0 : |- svchost.exe (16408)
0 : |- svchost.exe (16528)
0 : |- svchost.exe (1696)
0 : |- svchost.exe (1712)
0 : |- svchost.exe (1736)
0 : |- svchost.exe (1812)
0 : |- svchost.exe (1848)
0 : |- svchost.exe (1884)
2 : |- taskhostw.exe (10364)
3 : |- taskhostw.exe (10776)
3 : |- taskhostw.exe (18056)
0 : |- svchost.exe (1952)
0 : |- svchost.exe (1988)
0 : |- svchost.exe (1996)
0 : |- WUDFHost.exe (2008)
0 : |- svchost.exe (2016)
0 : |- svchost.exe (2304)
0 : |- svchost.exe (2420)
0 : |- svchost.exe (2488)
0 : |- svchost.exe (2496)
0 : |- svchost.exe (2588)
0 : |- svchost.exe (2616)
3 : |- sihost.exe (16120)
2 : |- sihost.exe (6896)
0 : |- svchost.exe (2640)
0 : |- svchost.exe (2728)
0 : |- svchost.exe (2804)
0 : |- svchost.exe (2820)
0 : |- svchost.exe (2828)
0 : |- svchost.exe (3232)
0 : |- svchost.exe (3316)
3 : |- ctfmon.exe (17084)
2 : |- ctfmon.exe (4692)
0 : |- svchost.exe (3328)
0 : |- svchost.exe (3348)
0 : |- svchost.exe (3356)
0 : |- svchost.exe (3364)
0 : |- aakore.exe (3376)
0 : |- sh-inventory.exe (4952)
0 : |- conhost.exe (6176)
0 : |- updater.exe (6756)
0 : |- conhost.exe (6204)
0 : |- task-manager.exe (7068)
0 : |- conhost.exe (7096)
0 : |- mi-monitoring.exe (7084)
0 : |- conhost.exe (7120)
0 : |- grpm.exe (7108)
0 : |- conhost.exe (7140)
0 : |- cyber-desktop-service.exe (7124)
0 : |- conhost.exe (7184)
0 : |- network-isolation-unit.exe (7156)
0 : |- conhost.exe (4736)
0 : |- acp-update-controller.exe (7176)
0 : |- conhost.exe (7252)
0 : |- feedback-collector.exe (7216)
0 : |- conhost.exe (7268)
0 : |- adp-agent.exe (7276)
0 : |- conhost.exe (7344)
0 : |- cred-store.exe (7320)
0 : |- conhost.exe (7376)
0 : |- cyber-scripting-executor.exe (7336)
0 : |- conhost.exe (7432)
0 : |- device-sense.exe (7404)
0 : |- conhost.exe (7492)
0 : |- private-cloud-proxy.exe (7480)
0 : |- conhost.exe (7548)
0 : |- grpm-sync-unit.exe (7532)
0 : |- conhost.exe (7588)
0 : |- ams.exe (3392)
0 : |- svchost.exe (3400)
0 : |- hpepqiesrv.exe (3408)
0 : |- svchost.exe (3416)
0 : |- svchost.exe (3428)
0 : |- svchost.exe (3436)
0 : |- svchost.exe (3444)
0 : |- w3wp.exe (15840)
0 : |- svchost.exe (3452)
0 : |- Locator.exe (3468)
0 : |- svchost.exe (3496)
0 : |- svchost.exe (3536)
0 : |- sqlwriter.exe (3556)
0 : |- winvnc4.exe (3568)
1 : |- winvnc4.exe (4628)
0 : |- emergency-updater.exe (3724)
0 : |- svchost.exe (4184)
0 : |- VeeamTransportSvc.exe (4192)
0 : |- Veeam.Guest.Interaction.Proxy.exe (6524)
0 : |- conhost.exe (6576)
0 : |- VeeamDeploymentSvc.exe (4208)
0 : |- cyber-protect-service.exe (4256)
0 : |- Veeam.EndPoint.Service.exe (4368)
0 : |- svchost.exe (4700)
0 : |- svchost.exe (4836)
0 : |- inetinfo.exe (5544)
0 : |- sqlservr.exe (5560)
0 : |- sqlceip.exe (5568)
0 : |- tomcat9.exe (5576)
0 : |- conhost.exe (4048)
0 : |- active_protection_service.exe (5612)
0 : |- svchost.exe (5672)
0 : |- svchost.exe (5788)
0 : |- svchost.exe (6828)
0 : |- svchost.exe (7024)
0 : |- svchost.exe (720)
0 : |- svchost.exe (7292)
0 : |- svchost.exe (820)
0 : |- svchost.exe (824)
2 : |- RuntimeBroker.exe (11312)
2 : |- SearchUI.exe (13276)
2 : |- dllhost.exe (14692)
2 : |- RuntimeBroker.exe (15272)
2 : |- smartscreen.exe (1612)
3 : |- ShellExperienceHost.exe (16436)
3 : |- SearchUI.exe (16624)
3 : |- RuntimeBroker.exe (16776)
3 : |- RuntimeBroker.exe (16828)
0 : |- WmiPrvSE.exe (17304)
3 : |- RuntimeBroker.exe (17980)
3 : |- smartscreen.exe (18100)
2 : |- ShellExperienceHost.exe (2460)
0 : |- WmiPrvSE.exe (6516)
2 : |- RuntimeBroker.exe (732)
0 : |- svchost.exe (8496)
1 : csrss.exe (964)
Process_Information_.csv : information about the running process.
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- smss.exe (696)
2 : winlogon.exe (11732)
2 : |- LogonUI.exe (11000)
2 : |- fontdrvhost.exe (14132)
2 : |- dwm.exe (2344)
3 : csrss.exe (13244)
2 : explorer.exe (13296)
2 : |- MmsMonitor.exe (12772)
2 : |- MmsMonitor.exe (15520)
2 : |- MmsMonitor.exe (1900)
2 : |- MmsMonitor.exe (320)
2 : |- schedhlp.exe (15040)
2 : |- Veeam.EndPoint.Tray.exe (6808)
2 : tib_mounter_monitor.exe (15992)
3 : winlogon.exe (16064)
3 : |- LogonUI.exe (14680)
3 : |- fontdrvhost.exe (15500)
3 : |- dwm.exe (4016)
3 : tib_mounter_monitor.exe (18400)
0 : Registry (272)
3 : explorer.exe (5708)
3 : |- schedhlp.exe (16468)
3 : |- Veeam.EndPoint.Tray.exe (18192)
3 : |- MmsMonitor.exe (2772)
3 : |- MmsMonitor.exe (15224)
3 : |- MmsMonitor.exe (17688)
3 : |- MmsMonitor.exe (17768)
1 : winlogon.exe (764)
1 : |- fontdrvhost.exe (1040)
1 : |- LogonUI.exe (1488)
1 : |- dwm.exe (1496)
2 : csrss.exe (7688)
0 : csrss.exe (864)
0 : wininit.exe (936)
0 : |- fontdrvhost.exe (1048)
0 : |- lsass.exe (188)
0 : |- services.exe (628)
0 : |- svchost.exe (10348)
3 : |- svchost.exe (10588)
0 : |- svchost.exe (10620)
0 : |- svchost.exe (1136)
0 : |- fdlauncher.exe (11772)
0 : |- fdhost.exe (11960)
0 : |- conhost.exe (11980)
0 : |- SQLAGENT.EXE (11824)
0 : |- conhost.exe (11868)
0 : |- svchost.exe (1184)
0 : |- Launchpad.exe (11844)
0 : |- svchost.exe (12028)
3 : |- MusNotifyIcon.exe (13816)
0 : |- svchost.exe (1296)
2 : |- rdpclip.exe (5712)
3 : |- rdpclip.exe (6468)
0 : |- schedul2.exe (13196)
0 : |- msdtc.exe (13680)
3 : |- svchost.exe (13776)
0 : |- svchost.exe (13780)
0 : |- svchost.exe (13828)
0 : |- svchost.exe (1384)
0 : |- nxlog.exe (13864)
2 : |- svchost.exe (13876)
0 : |- svchost.exe (1396)
0 : |- svchost.exe (1400)
0 : |- svchost.exe (1408)
0 : |- mms.exe (14180)
0 : |- dllhost.exe (14620)
0 : |- svchost.exe (15864)
2 : |- svchost.exe (1588)
0 : |- svchost.exe (1592)
0 : |- svchost.exe (16232)
0 : |- svchost.exe (16408)
0 : |- svchost.exe (16528)
0 : |- svchost.exe (1696)
0 : |- svchost.exe (1712)
0 : |- svchost.exe (1736)
0 : |- svchost.exe (1812)
0 : |- svchost.exe (1848)
0 : |- svchost.exe (1884)
2 : |- taskhostw.exe (10364)
3 : |- taskhostw.exe (10776)
3 : |- taskhostw.exe (18056)
0 : |- svchost.exe (1952)
0 : |- svchost.exe (1988)
0 : |- svchost.exe (1996)
0 : |- WUDFHost.exe (2008)
0 : |- svchost.exe (2016)
0 : |- svchost.exe (2304)
0 : |- svchost.exe (2420)
0 : |- svchost.exe (2488)
0 : |- svchost.exe (2496)
0 : |- svchost.exe (2588)
0 : |- svchost.exe (2616)
3 : |- sihost.exe (16120)
2 : |- sihost.exe (6896)
0 : |- svchost.exe (2640)
0 : |- svchost.exe (2728)
0 : |- svchost.exe (2804)
0 : |- svchost.exe (2820)
0 : |- svchost.exe (2828)
0 : |- svchost.exe (3232)
0 : |- svchost.exe (3316)
3 : |- ctfmon.exe (17084)
2 : |- ctfmon.exe (4692)
0 : |- svchost.exe (3328)
0 : |- svchost.exe (3348)
0 : |- svchost.exe (3356)
0 : |- svchost.exe (3364)
0 : |- aakore.exe (3376)
0 : |- sh-inventory.exe (4952)
0 : |- conhost.exe (6176)
0 : |- updater.exe (6756)
0 : |- conhost.exe (6204)
0 : |- task-manager.exe (7068)
0 : |- conhost.exe (7096)
0 : |- mi-monitoring.exe (7084)
0 : |- conhost.exe (7120)
0 : |- grpm.exe (7108)
0 : |- conhost.exe (7140)
0 : |- cyber-desktop-service.exe (7124)
0 : |- conhost.exe (7184)
0 : |- network-isolation-unit.exe (7156)
0 : |- conhost.exe (4736)
0 : |- acp-update-controller.exe (7176)
0 : |- conhost.exe (7252)
0 : |- feedback-collector.exe (7216)
0 : |- conhost.exe (7268)
0 : |- adp-agent.exe (7276)
0 : |- conhost.exe (7344)
0 : |- cred-store.exe (7320)
0 : |- conhost.exe (7376)
0 : |- cyber-scripting-executor.exe (7336)
0 : |- conhost.exe (7432)
0 : |- device-sense.exe (7404)
0 : |- conhost.exe (7492)
0 : |- private-cloud-proxy.exe (7480)
0 : |- conhost.exe (7548)
0 : |- grpm-sync-unit.exe (7532)
0 : |- conhost.exe (7588)
0 : |- ams.exe (3392)
0 : |- svchost.exe (3400)
0 : |- hpepqiesrv.exe (3408)
0 : |- svchost.exe (3416)
0 : |- svchost.exe (3428)
0 : |- svchost.exe (3436)
0 : |- svchost.exe (3444)
0 : |- w3wp.exe (15840)
0 : |- svchost.exe (3452)
0 : |- Locator.exe (3468)
0 : |- svchost.exe (3496)
0 : |- svchost.exe (3536)
0 : |- sqlwriter.exe (3556)
0 : |- winvnc4.exe (3568)
1 : |- winvnc4.exe (4628)
0 : |- emergency-updater.exe (3724)
0 : |- svchost.exe (4184)
0 : |- VeeamTransportSvc.exe (4192)
0 : |- Veeam.Guest.Interaction.Proxy.exe (6524)
0 : |- conhost.exe (6576)
0 : |- VeeamDeploymentSvc.exe (4208)
0 : |- cyber-protect-service.exe (4256)
0 : |- Veeam.EndPoint.Service.exe (4368)
0 : |- svchost.exe (4700)
0 : |- svchost.exe (4836)
0 : |- inetinfo.exe (5544)
0 : |- sqlservr.exe (5560)
0 : |- sqlceip.exe (5568)
0 : |- tomcat9.exe (5576)
0 : |- conhost.exe (4048)
0 : |- active_protection_service.exe (5612)
0 : |- svchost.exe (5672)
0 : |- svchost.exe (5788)
0 : |- svchost.exe (6828)
0 : |- svchost.exe (7024)
0 : |- svchost.exe (720)
0 : |- svchost.exe (7292)
0 : |- svchost.exe (820)
0 : |- svchost.exe (824)
2 : |- RuntimeBroker.exe (11312)
2 : |- SearchUI.exe (13276)
2 : |- dllhost.exe (14692)
2 : |- RuntimeBroker.exe (15272)
2 : |- smartscreen.exe (1612)
3 : |- ShellExperienceHost.exe (16436)
3 : |- SearchUI.exe (16624)
3 : |- RuntimeBroker.exe (16776)
3 : |- RuntimeBroker.exe (16828)
0 : |- WmiPrvSE.exe (17304)
3 : |- RuntimeBroker.exe (17980)
3 : |- smartscreen.exe (18100)
2 : |- ShellExperienceHost.exe (2460)
0 : |- WmiPrvSE.exe (6516)
2 : |- RuntimeBroker.exe (732)
0 : |- svchost.exe (8496)
1 : csrss.exe (964)
Process_Information_.csv : information about the running process.
70331 - Microsoft Windows Process Module Information
-
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.
This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2025/12/15
Plugin Output
tcp/0
Process_Modules_172.17.100.32.csv : lists the loaded modules for each process.
126527 - Microsoft Windows SAM user enumeration
-
Synopsis
Nessus was able to enumerate domain users from the local SAM.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager.
Note: Unable to obtain SMB SAMR user data during Agent scans.
Rendering User data obtained by plugin 171956
Note: Unable to obtain SMB SAMR user data during Agent scans.
Rendering User data obtained by plugin 171956
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/07/08, Modified: 2025/06/04
Plugin Output
tcp/0
- DefaultAccount (id S-1-5-21-549360554-2228062029-503, A user account managed by the system.)
- Guest (id S-1-5-21-549360554-2228062029-501, Built-in account for guest access to the computer/domain, Guest account)
- LKPAdmin (id S-1-5-21-549360554-2228062029-1000, IT)
- Production (id S-1-5-21-549360554-2228062029-500, Administrator account, Built-in account for administering the computer/domain)
- rms (id S-1-5-21-549360554-2228062029-1005, Live Trade)
- techapp (id S-1-5-21-549360554-2228062029-1002, techapp)
- techexcel (id S-1-5-21-549360554-2228062029-1001, techexcel)
- techexcel1 (id S-1-5-21-549360554-2228062029-1008, User Remote)
- tidua (id S-1-5-21-549360554-2228062029-1011, tidua)
- Veeam (id S-1-5-21-549360554-2228062029-1010, Veeam)
- WDAGUtilityAccount (id S-1-5-21-549360554-2228062029-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.)
- Guest (id S-1-5-21-549360554-2228062029-501, Built-in account for guest access to the computer/domain, Guest account)
- LKPAdmin (id S-1-5-21-549360554-2228062029-1000, IT)
- Production (id S-1-5-21-549360554-2228062029-500, Administrator account, Built-in account for administering the computer/domain)
- rms (id S-1-5-21-549360554-2228062029-1005, Live Trade)
- techapp (id S-1-5-21-549360554-2228062029-1002, techapp)
- techexcel (id S-1-5-21-549360554-2228062029-1001, techexcel)
- techexcel1 (id S-1-5-21-549360554-2228062029-1008, User Remote)
- tidua (id S-1-5-21-549360554-2228062029-1011, tidua)
- Veeam (id S-1-5-21-549360554-2228062029-1010, Veeam)
- WDAGUtilityAccount (id S-1-5-21-549360554-2228062029-504, A user account managed and used by the system for Windows Defender Application Guard scenarios.)
17651 - Microsoft Windows SMB : Obtains the Password Policy
-
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output
tcp/445/cifs
The following password policy is defined on the remote host:
Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
Minimum password len: 0
Password history len: 0
Maximum password age (d): 42
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 1800
Time between failed logon (s): 1800
Number of invalid logon before locked out (s): 0
38689 - Microsoft Windows SMB Last Logged On User Disclosure
-
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.
Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/05/05, Modified: 2019/09/02
Plugin Output
tcp/445/cifs
Last Successful logon : .\Production
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :
- Guest account
- Supplied credentials
- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/07/21
Plugin Output
tcp/445/cifs
- The SMB tests will be done as tidua/******
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
-
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).
The host SID can then be used to get the list of local users.
The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.
Refer to the 'See also' section for guidance.
Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2024/01/31
Plugin Output
tcp/445/cifs
The remote host SID value is : S-1-5-21-549360554-2228062029-2355455187
The value of 'RestrictAnonymous' setting is : 0
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/10/17, Modified: 2021/09/20
Plugin Output
tcp/445/cifs
Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:
Target Name: TECHE_WEB_DB
NetBIOS Domain Name: TECHE_WEB_DB
NetBIOS Computer Name: TECHE_WEB_DB
DNS Domain Name: TechE_Web_DB
DNS Computer Name: TechE_Web_DB
DNS Tree Name: unknown
Product Version: 10.0.17763
parsing the SMB2 Protocol's NTLM SSP message:
Target Name: TECHE_WEB_DB
NetBIOS Domain Name: TECHE_WEB_DB
NetBIOS Computer Name: TECHE_WEB_DB
DNS Domain Name: TechE_Web_DB
DNS Computer Name: TechE_Web_DB
DNS Tree Name: unknown
Product Version: 10.0.17763
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
-
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/31, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Operating system version = 10.17763
Architecture = x64
Build lab extended = 17763.1.amd64fre.rs5_release.180914-1434
Architecture = x64
Build lab extended = 17763.1.amd64fre.rs5_release.180914-1434
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
-
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).
Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
| http://www.nessus.org/u?184d3eab |
| http://www.nessus.org/u?fe16cea8 |
| https://technet.microsoft.com/en-us/library/cc957390.aspx |
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Plugin Information
Published: 2003/03/24, Modified: 2018/06/05
Plugin Output
tcp/445/cifs
Max cached logons : 10
10400 - Microsoft Windows SMB Registry Remotely Accessible
-
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2025/12/16
Plugin Output
tcp/445/cifs
44401 - Microsoft Windows SMB Service Config Enumeration
-
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
| XREF | IAVT:0001-T-0752 |
Plugin Information
Published: 2010/02/05, Modified: 2022/05/16
Plugin Output
tcp/445/cifs
The following services are set to start automatically :
AcrSch2Svc startup parameters :
Display name : Acronis Scheduler2 Service
Service name : AcrSch2Svc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
Dependencies : RpcSs/
AcronisActiveProtectionService startup parameters :
Display name : Acronis Active Protection Service
Service name : AcronisActiveProtectionService
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Acronis\ActiveProtection\active_protection_service.exe"
Dependencies : file_protector/CryptSvc/
AcronisCyberProtectionService startup parameters :
Display name : Acronis Cyber Protection Service
Service name : AcronisCyberProtectionService
Log on as : LocalSystem
Executable path : "C:\Program Files\BackupClient\CyberProtect\cyber-protect-service.exe"
Dependencies : CryptSvc/
AppHostSvc startup parameters :
Display name : Application Host Helper Service
Service name : AppHostSvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost
AzureAttestService startup parameters :
Display name : AzureAttestService
Service name : AzureAttestService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AzureAttestService
BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : RpcSs/
BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
BrokerInfrastructure startup parameters :
Display name : Background Tasks Infrastructure Service
Service name : BrokerInfrastructure
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/
CDPSvc startup parameters :
Display name : Connected Devices Platform Service
Service name : CDPSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : ncbservice/RpcSS/Tcpip/
CDPUserSvc_1643ee startup parameters :
Display name : Connected Devices Platform User Service_1643ee
Service name : CDPUserSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
CDPUserSvc_16c1fce2 startup parameters :
Display name : Connected Devices Platform User Service_16c1fce2
Service name : CDPUserSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
CoreMessagingRegistrar startup parameters :
Display name : CoreMessaging
Service name : CoreMessagingRegistrar
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : rpcss/
CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/
DPS startup parameters :
Display name : Diagnostic Policy Service
Service name : DPS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
DcomLaunch startup parameters :
Display name : DCOM Server Process Launcher
Service name : DcomLaunch
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : NSI/Afd/
DiagTrack startup parameters :
Display name : Connected User Experiences and Telemetry
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k utcsvc -p
Dependencies : RpcSs/
Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : nsi/
EventLog startup parameters :
Display name : Windows Event Log
Service name : EventLog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/
FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
GoogleUpdaterInternalService144.0.7547.0 startup parameters :
Display name : Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0)
Service name : GoogleUpdaterInternalService144.0.7547.0
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe" --system --windows-service --service=update-internal
Dependencies : RPCSS/
GoogleUpdaterService144.0.7547.0 startup parameters :
Display name : Google Updater Service (GoogleUpdaterService144.0.7547.0)
Service name : GoogleUpdaterService144.0.7547.0
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\GoogleUpdater\144.0.7547.0\updater.exe" --system --windows-service --service=update
Dependencies : RPCSS/
HpePqiESrv startup parameters :
Display name : HPE Smart Array SR Event Notification Service
Service name : HpePqiESrv
Log on as : LocalSystem
Executable path : "C:\Program Files\HPE\HpePqiESrv\hpepqiesrv.exe"
IISADMIN startup parameters :
Display name : IIS Admin Service
Service name : IISADMIN
Log on as : localSystem
Executable path : C:\Windows\system32\inetsrv\inetinfo.exe
Dependencies : RPCSS/SamSS/HTTP/
IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : BFE/nsi/
LSM startup parameters :
Display name : Local Session Manager
Service name : LSM
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/
LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k smbsvcs
Dependencies : SamSS/Srv2/
LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : Bowser/MRxSmb20/NSI/
Lucee startup parameters :
Display name : Apache Tomcat 9.0 Lucee
Service name : Lucee
Log on as : .\techapp
Executable path : D:\Techexcel\lucee\tomcat\bin\Tomcat9.exe //RS//Lucee
Dependencies : Tcpip/Afd/
MMS startup parameters :
Display name : Acronis Managed Machine Service
Service name : MMS
Log on as : LocalSystem
Executable path : "C:\Program Files\BackupClient\BackupAndRecovery\mms.exe"
Dependencies : AcrSch2Svc/aakore/
MSDTC startup parameters :
Display name : Distributed Transaction Coordinator
Service name : MSDTC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\msdtc.exe
Dependencies : RPCSS/SamSS/
MSSQLLaunchpad startup parameters :
Display name : SQL Server Launchpad (MSSQLSERVER)
Service name : MSSQLLaunchpad
Log on as : NT Service\MSSQLLaunchpad
Executable path : "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\launchpad.exe" -launcher RLauncher.dll -launcher Pythonlauncher.dll -launcher commonlauncher.dll -pipename sqlsatellitelaunch -timeout 600000 -logPath "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\LOG\ExtensibilityLog" -workingDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExtensibilityData" -externalLanguagesTempDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLanguagesTemp" -externalLanguagesDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLanguages" -externalLibrariesTempDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLibrariesTemp" -externalLibrariesDir "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\ExternalLibraries" -satelliteDllPath "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlsatellite.dll"
Dependencies : MSSQLServer/
MSSQLSERVER startup parameters :
Display name : SQL Server (MSSQLSERVER)
Service name : MSSQLSERVER
Log on as : .\techexcel
Executable path : "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
Dependencies : KEYISO/
Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : LanmanWorkstation/
NlaSvc startup parameters :
Display name : Network Location Awareness
Service name : NlaSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : NSI/RpcSs/TcpIp/Dhcp/Eventlog/
Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
RasMan startup parameters :
Display name : Remote Access Connection Manager
Service name : RasMan
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : SstpSvc/DnsCache/
RpcEptMapper startup parameters :
Display name : RPC Endpoint Mapper
Service name : RpcEptMapper
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k RPCSS -p
RpcLocator startup parameters :
Display name : Remote Procedure Call (RPC) Locator
Service name : RpcLocator
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\locator.exe
RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k rpcss -p
Dependencies : RpcEptMapper/DcomLaunch/
SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : EventSystem/
SQLSERVERAGENT startup parameters :
Display name : SQL Server Agent (MSSQLSERVER)
Service name : SQLSERVERAGENT
Log on as : .\techexcel
Executable path : "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE" -i MSSQLSERVER
Dependencies : MSSQLSERVER/
SQLTELEMETRY startup parameters :
Display name : SQL Server CEIP service (MSSQLSERVER)
Service name : SQLTELEMETRY
Log on as : NT Service\SQLTELEMETRY
Executable path : "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe" -Service
SQLWriter startup parameters :
Display name : SQL Server VSS Writer
Service name : SQLWriter
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RPCSS/
Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/SystemEventsBroker/
ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
SysMain startup parameters :
Display name : SysMain
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : rpcss/
SystemEventsBroker startup parameters :
Display name : System Events Broker
Service name : SystemEventsBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/RpcSs/
Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/
UALSVC startup parameters :
Display name : User Access Logging Service
Service name : UALSVC
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : WinMgmt/
UserManager startup parameters :
Display name : User Manager
Service name : UserManager
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/
UsoSvc startup parameters :
Display name : Update Orchestrator Service
Service name : UsoSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
VeeamDeploySvc startup parameters :
Display name : Veeam Installer Service
Service name : VeeamDeploySvc
Log on as : LocalSystem
Executable path : "C:\Windows\Veeam\Backup\VeeamDeploymentSvc.exe" -port 6160
Dependencies : RPCSS/WINMGMT/
VeeamEndpointBackupSvc startup parameters :
Display name : Veeam Agent for Microsoft Windows
Service name : VeeamEndpointBackupSvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Service.exe"
Dependencies : Winmgmt/RpcSs/vds/
VeeamTransportSvc startup parameters :
Display name : Veeam Data Mover Service
Service name : VeeamTransportSvc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Veeam\Backup Transport\VeeamTransportSvc.exe"
Dependencies : Winmgmt/RpcSs/
W3SVC startup parameters :
Display name : World Wide Web Publishing Service
Service name : W3SVC
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : WAS/HTTP/
Wcmsvc startup parameters :
Display name : Windows Connection Manager
Service name : Wcmsvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/NSI/
WinRM startup parameters :
Display name : Windows Remote Management (WS-Management)
Service name : WinRM
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : RPCSS/HTTP/
WinVNC4 startup parameters :
Display name : VNC Server Version 4
Service name : WinVNC4
Log on as : LocalSystem
Executable path : "C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service
Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/
WpnService startup parameters :
Display name : Windows Push Notifications System Service
Service name : WpnService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
WpnUserService_1643ee startup parameters :
Display name : Windows Push Notifications User Service_1643ee
Service name : WpnUserService_1643ee
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
WpnUserService_16c1fce2 startup parameters :
Display name : Windows Push Notifications User Service_16c1fce2
Service name : WpnUserService_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
aakore startup parameters :
Display name : Acronis Agent Core Service
Service name : aakore
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Acronis\Agent\aakore.exe" run
ams startup parameters :
Display name : Agentless Management Service
Service name : ams
Log on as : LocalSystem
Executable path : "C:\Program Files\OEM\AMS\service\ams.exe"
emergency-updater-0.0.1.2826 startup parameters :
Display name : Acronis Emergency Updater 0.0.1.2826
Service name : emergency-updater-0.0.1.2826
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Acronis\EmergencyUpdater\0.0.1.2826\emergency-updater.exe" --emergency-updater
gpsvc startup parameters :
Display name : Group Policy Client
Service name : gpsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/Mup/
iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p
Dependencies : RpcSS/winmgmt/tcpip/nsi/WinHttpAutoProxySvc/
mpssvc startup parameters :
Display name : Windows Defender Firewall
Service name : mpssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : mpsdrv/bfe/
nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/nsiproxy/
nxlog startup parameters :
Display name : nxlog
Service name : nxlog
Log on as : LocalSystem
Executable path : "C:\Program Files\nxlog\nxlog.exe" -c "C:\Program Files\nxlog\conf\nxlog.conf"
Dependencies : eventlog/
sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\sppsvc.exe
Dependencies : RpcSs/
The following services must be started manually :
AJRouter startup parameters :
Display name : AllJoyn Router Service
Service name : AJRouter
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\alg.exe
AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/AppID/CryptSvc/
AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
AppReadiness startup parameters :
Display name : App Readiness
Service name : AppReadiness
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k AppReadiness -p
AppXSvc startup parameters :
Display name : AppX Deployment Service (AppXSVC)
Service name : AppXSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wsappx -p
Dependencies : rpcss/staterepository/
Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/
AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : AudioEndpointBuilder/RpcSs/
BTAGService startup parameters :
Display name : Bluetooth Audio Gateway Service
Service name : BTAGService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : bthserv/rpcss/
BthAvctpSvc startup parameters :
Display name : AVCTP service
Service name : BthAvctpSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/
COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\Windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/
CaptureService_1643ee startup parameters :
Display name : CaptureService_1643ee
Service name : CaptureService_1643ee
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
CaptureService_16c1fce2 startup parameters :
Display name : CaptureService_16c1fce2
Service name : CaptureService_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
CertPropSvc startup parameters :
Display name : Certificate Propagation
Service name : CertPropSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/
ClipSVC startup parameters :
Display name : Client License Service (ClipSVC)
Service name : ClipSVC
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k wsappx -p
Dependencies : rpcss/
ConsentUxUserSvc_1643ee startup parameters :
Display name : ConsentUX_1643ee
Service name : ConsentUxUserSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow
ConsentUxUserSvc_16c1fce2 startup parameters :
Display name : ConsentUX_16c1fce2
Service name : ConsentUxUserSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow
DevQueryBroker startup parameters :
Display name : DevQuery Background Discovery Broker
Service name : DevQueryBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
DeviceAssociationService startup parameters :
Display name : Device Association Service
Service name : DeviceAssociationService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
DeviceInstall startup parameters :
Display name : Device Install Service
Service name : DeviceInstall
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
DevicesFlowUserSvc_1643ee startup parameters :
Display name : DevicesFlow_1643ee
Service name : DevicesFlowUserSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow
DevicesFlowUserSvc_16c1fce2 startup parameters :
Display name : DevicesFlow_16c1fce2
Service name : DevicesFlowUserSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow
DmEnrollmentSvc startup parameters :
Display name : Device Management Enrollment Service
Service name : DmEnrollmentSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
DoSvc startup parameters :
Display name : Delivery Optimization
Service name : DoSvc
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/
DsSvc startup parameters :
Display name : Data Sharing Service
Service name : DsSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
DsmSvc startup parameters :
Display name : Device Setup Manager
Service name : DsmSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
EFS startup parameters :
Display name : Encrypting File System (EFS)
Service name : EFS
Log on as : LocalSystem
Executable path : C:\Windows\System32\lsass.exe
Dependencies : RPCSS/
Eaphost startup parameters :
Display name : Extensible Authentication Protocol
Service name : Eaphost
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/KeyIso/
EntAppSvc startup parameters :
Display name : Enterprise App Management Service
Service name : EntAppSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/
FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : RpcSs/http/fdphost/
FontCache3.0.0.0 startup parameters :
Display name : Windows Presentation Foundation Font Cache 3.0.0.0
Service name : FontCache3.0.0.0
Log on as : NT Authority\LocalService
Executable path : C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
FrameServer startup parameters :
Display name : Windows Camera Frame Server
Service name : FrameServer
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k Camera
Dependencies : rpcss/
GoogleChromeElevationService startup parameters :
Display name : Google Chrome Elevation Service (GoogleChromeElevationService)
Service name : GoogleChromeElevationService
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Google\Chrome\Application\143.0.7499.171\elevation_service.exe"
Dependencies : RPCSS/
HvHost startup parameters :
Display name : HV Host Service
Service name : HvHost
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : hvservice/
InstallService startup parameters :
Display name : Microsoft Store Install Service
Service name : InstallService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
KPSSVC startup parameters :
Display name : KDC Proxy Server service (KPS)
Service name : KPSSVC
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k KpsSvcGroup
Dependencies : rpcss/http/
KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : RpcSs/
KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
Dependencies : RPCSS/SamSS/
LicenseManager startup parameters :
Display name : Windows License Manager Service
Service name : LicenseManager
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/
MSSQLFDLauncher startup parameters :
Display name : SQL Full-text Filter Daemon Launcher (MSSQLSERVER)
Service name : MSSQLFDLauncher
Log on as : NT Service\MSSQLFDLauncher
Executable path : "D:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe" -s MSSQL15.MSSQLSERVER
MSiSCSI startup parameters :
Display name : Microsoft iSCSI Initiator Service
Service name : MSiSCSI
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
MsMpiLaunchSvc startup parameters :
Display name : MS-MPI Launch Service
Service name : MsMpiLaunchSvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft MPI\Bin\msmpilaunchsvc.exe"
NcaSvc startup parameters :
Display name : Network Connectivity Assistant
Service name : NcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k NetSvcs -p
Dependencies : BFE/dnscache/NSI/iphlpsvc/
NcbService startup parameters :
Display name : Network Connection Broker
Service name : NcbService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSS/tcpip/
NetSetupSvc startup parameters :
Display name : Network Setup Service
Service name : NetSetupSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
Netman startup parameters :
Display name : Network Connections
Service name : Netman
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/nsi/
NgcCtnrSvc startup parameters :
Display name : Microsoft Passport Container
Service name : NgcCtnrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/
NgcSvc startup parameters :
Display name : Microsoft Passport
Service name : NgcSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/
PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/
PerfHost startup parameters :
Display name : Performance Counter DLL Host
Service name : PerfHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\SysWow64\perfhost.exe
Dependencies : RPCSS/
PimIndexMaintenanceSvc_1643ee startup parameters :
Display name : Contact Data_1643ee
Service name : PimIndexMaintenanceSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
PimIndexMaintenanceSvc_16c1fce2 startup parameters :
Display name : Contact Data_16c1fce2
Service name : PimIndexMaintenanceSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
PlugPlay startup parameters :
Display name : Plug and Play
Service name : PlugPlay
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k DcomLaunch -p
PolicyAgent startup parameters :
Display name : IPsec Policy Agent
Service name : PolicyAgent
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p
Dependencies : Tcpip/bfe/
PrintNotify startup parameters :
Display name : Printer Extensions and Notifications
Service name : PrintNotify
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k print
Dependencies : RpcSs/
PrintWorkflowUserSvc_1643ee startup parameters :
Display name : PrintWorkflow_1643ee
Service name : PrintWorkflowUserSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow
PrintWorkflowUserSvc_16c1fce2 startup parameters :
Display name : PrintWorkflow_16c1fce2
Service name : PrintWorkflowUserSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k PrintWorkflow
QWAVE startup parameters :
Display name : Quality Windows Audio Video Experience
Service name : QWAVE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : rpcss/psched/QWAVEdrv/LLTDIO/
RSoPProv startup parameters :
Display name : Resultant Set of Policy Provider
Service name : RSoPProv
Log on as : LocalSystem
Executable path : C:\Windows\system32\RSoPProv.exe
Dependencies : RPCSS/
RasAuto startup parameters :
Display name : Remote Access Auto Connection Manager
Service name : RasAuto
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RasAcd/
RemoteRegistry startup parameters :
Display name : Remote Registry
Service name : RemoteRegistry
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k localService -p
Dependencies : RPCSS/
SCPolicySvc startup parameters :
Display name : Smart Card Removal Policy
Service name : SCPolicySvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/
SCardSvr startup parameters :
Display name : Smart Card
Service name : SCardSvr
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
SNMPTRAP startup parameters :
Display name : SNMP Trap
Service name : SNMPTRAP
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\snmptrap.exe
SecurityHealthService startup parameters :
Display name : Windows Security Service
Service name : SecurityHealthService
Log on as : LocalSystem
Executable path : C:\Windows\system32\SecurityHealthService.exe
Dependencies : RpcSs/
Sense startup parameters :
Display name : Windows Defender Advanced Threat Protection Service
Service name : Sense
Log on as : LocalSystem
Executable path : "C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe"
SensorService startup parameters :
Display name : Sensor Service
Service name : SensorService
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
SensrSvc startup parameters :
Display name : Sensor Monitoring Service
Service name : SensrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
SessionEnv startup parameters :
Display name : Remote Desktop Configuration
Service name : SessionEnv
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/LanmanWorkstation/
SgrmBroker startup parameters :
Display name : System Guard Runtime Monitor Broker
Service name : SgrmBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\SgrmBroker.exe
Dependencies : RpcSs/
Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\Windows\System32\spoolsv.exe
Dependencies : RPCSS/http/
SstpSvc startup parameters :
Display name : Secure Socket Tunneling Protocol Service
Service name : SstpSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
StateRepository startup parameters :
Display name : State Repository Service
Service name : StateRepository
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/
StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
TabletInputService startup parameters :
Display name : Touch Keyboard and Handwriting Panel Service
Service name : TabletInputService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/
TermService startup parameters :
Display name : Remote Desktop Services
Service name : TermService
Log on as : NT Authority\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k termsvcs
Dependencies : RPCSS/
Tib Mounter Service startup parameters :
Display name : Tib Mounter Service
Service name : Tib Mounter Service
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Acronis\TibMounter64\tib_mounter_service.exe"
Dependencies : RPCSS/
TieringEngineService startup parameters :
Display name : Storage Tiers Management
Service name : TieringEngineService
Log on as : localSystem
Executable path : C:\Windows\system32\TieringEngineService.exe
TimeBrokerSvc startup parameters :
Display name : Time Broker
Service name : TimeBrokerSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
TokenBroker startup parameters :
Display name : Web Account Manager
Service name : TokenBroker
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : UserManager/
TrustedInstaller startup parameters :
Display name : Windows Modules Installer
Service name : TrustedInstaller
Log on as : localSystem
Executable path : C:\Windows\servicing\TrustedInstaller.exe
UmRdpService startup parameters :
Display name : Remote Desktop Services UserMode Port Redirector
Service name : UmRdpService
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : TermService/RDPDR/
UnistoreSvc_1643ee startup parameters :
Display name : User Data Storage_1643ee
Service name : UnistoreSvc_1643ee
Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup
UnistoreSvc_16c1fce2 startup parameters :
Display name : User Data Storage_16c1fce2
Service name : UnistoreSvc_16c1fce2
Executable path : C:\Windows\System32\svchost.exe -k UnistackSvcGroup
UserDataSvc_1643ee startup parameters :
Display name : User Data Access_1643ee
Service name : UserDataSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
UserDataSvc_16c1fce2 startup parameters :
Display name : User Data Access_16c1fce2
Service name : UserDataSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k UnistackSvcGroup
VSS startup parameters :
Display name : Volume Shadow Copy
Service name : VSS
Log on as : LocalSystem
Executable path : C:\Windows\system32\vssvc.exe
Dependencies : RPCSS/
VaultSvc startup parameters :
Display name : Credential Manager
Service name : VaultSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\lsass.exe
Dependencies : rpcss/
W32Time startup parameters :
Display name : Windows Time
Service name : W32Time
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService
WAS startup parameters :
Display name : Windows Process Activation Service
Service name : WAS
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k iissvcs
Dependencies : RPCSS/
WEPHOSTSVC startup parameters :
Display name : Windows Encryption Provider Host Service
Service name : WEPHOSTSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k WepHostSvcGroup
Dependencies : rpcss/
WMPNetworkSvc startup parameters :
Display name : Windows Media Player Network Sharing Service
Service name : WMPNetworkSvc
Log on as : NT AUTHORITY\NetworkService
Executable path : "C:\Program Files\Windows Media Player\wmpnetwk.exe"
Dependencies : http/WSearch/
WMSVC startup parameters :
Display name : Web Management Service
Service name : WMSVC
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\inetsrv\wmsvc.exe
Dependencies : HTTP/
WPDBusEnum startup parameters :
Display name : Portable Device Enumerator Service
Service name : WPDBusEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
Dependencies : RpcSs/
WaaSMedicSvc startup parameters :
Display name : Windows Update Medic Service
Service name : WaaSMedicSvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k wusvcs -p
Dependencies : rpcss/
WarpJITSvc startup parameters :
Display name : WarpJITSvc
Service name : WarpJITSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
WbioSrvc startup parameters :
Display name : Windows Biometric Service
Service name : WbioSrvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k WbioSvcGroup
Dependencies : RpcSs/
WdiServiceHost startup parameters :
Display name : Diagnostic Service Host
Service name : WdiServiceHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
WdiSystemHost startup parameters :
Display name : Diagnostic System Host
Service name : WdiSystemHost
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Wecsvc startup parameters :
Display name : Windows Event Collector
Service name : Wecsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\system32\svchost.exe -k NetworkService -p
Dependencies : HTTP/Eventlog/
WerSvc startup parameters :
Display name : Windows Error Reporting Service
Service name : WerSvc
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k WerSvcGroup
WiaRpc startup parameters :
Display name : Still Image Acquisition Events
Service name : WiaRpc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/
WinHttpAutoProxySvc startup parameters :
Display name : WinHTTP Web Proxy Auto-Discovery Service
Service name : WinHttpAutoProxySvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : Dhcp/
aspnet_state startup parameters :
Display name : ASP.NET State Service
Service name : aspnet_state
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
bthserv startup parameters :
Display name : Bluetooth Support Service
Service name : bthserv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
camsvc startup parameters :
Display name : Capability Access Manager Service
Service name : camsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k appmodel -p
cbdhsvc_1643ee startup parameters :
Display name : Clipboard User Service_1643ee
Service name : cbdhsvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p
cbdhsvc_16c1fce2 startup parameters :
Display name : Clipboard User Service_16c1fce2
Service name : cbdhsvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p
defragsvc startup parameters :
Display name : Optimize drives
Service name : defragsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k defragsvc
Dependencies : RPCSS/
diagnosticshub.standardcollector.service startup parameters :
Display name : Microsoft (R) Diagnostics Hub Standard Collector Service
Service name : diagnosticshub.standardcollector.service
Log on as : LocalSystem
Executable path : C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
dot3svc startup parameters :
Display name : Wired AutoConfig
Service name : dot3svc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/Ndisuio/Eaphost/
embeddedmode startup parameters :
Display name : Embedded Mode
Service name : embeddedmode
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : BrokerInfrastructure/
fdPHost startup parameters :
Display name : Function Discovery Provider Host
Service name : fdPHost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/http/
hidserv startup parameters :
Display name : Human Interface Device Service
Service name : hidserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
lmhosts startup parameters :
Display name : TCP/IP NetBIOS Helper
Service name : lmhosts
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : Afd/
msiserver startup parameters :
Display name : Windows Installer
Service name : msiserver
Log on as : LocalSystem
Executable path : C:\Windows\system32\msiexec.exe /V
Dependencies : rpcss/
netprofm startup parameters :
Display name : Network List Service
Service name : netprofm
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : RpcSs/nlasvc/
ose64 startup parameters :
Display name : Office 64 Source Engine
Service name : ose64
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
pla startup parameters :
Display name : Performance Logs & Alerts
Service name : pla
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : RPCSS/
sacsvr startup parameters :
Display name : Special Administration Console Helper
Service name : sacsvr
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
seclogon startup parameters :
Display name : Secondary Logon
Service name : seclogon
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
smphost startup parameters :
Display name : Microsoft Storage Spaces SMP
Service name : smphost
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k smphost
Dependencies : RPCSS/
stisvc startup parameters :
Display name : Windows Image Acquisition (WIA)
Service name : stisvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k imgsvc
Dependencies : RpcSs/
svsvc startup parameters :
Display name : Spot Verifier
Service name : svsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
swprv startup parameters :
Display name : Microsoft Software Shadow Copy Provider
Service name : swprv
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k swprv
Dependencies : RPCSS/
tapisrv startup parameters :
Display name : Telephony
Service name : tapisrv
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/
vds startup parameters :
Display name : Virtual Disk
Service name : vds
Log on as : LocalSystem
Executable path : C:\Windows\System32\vds.exe
Dependencies : RpcSs/
vmicguestinterface startup parameters :
Display name : Hyper-V Guest Service Interface
Service name : vmicguestinterface
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
vmicheartbeat startup parameters :
Display name : Hyper-V Heartbeat Service
Service name : vmicheartbeat
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService -p
vmickvpexchange startup parameters :
Display name : Hyper-V Data Exchange Service
Service name : vmickvpexchange
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
vmicrdv startup parameters :
Display name : Hyper-V Remote Desktop Virtualization Service
Service name : vmicrdv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k ICService -p
vmicshutdown startup parameters :
Display name : Hyper-V Guest Shutdown Service
Service name : vmicshutdown
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
vmictimesync startup parameters :
Display name : Hyper-V Time Synchronization Service
Service name : vmictimesync
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : VmGid/
vmicvmsession startup parameters :
Display name : Hyper-V PowerShell Direct Service
Service name : vmicvmsession
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
vmicvss startup parameters :
Display name : Hyper-V Volume Shadow Copy Requestor
Service name : vmicvss
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
w3logsvc startup parameters :
Display name : W3C Logging Service
Service name : w3logsvc
Log on as : localSystem
Executable path : C:\Windows\system32\svchost.exe -k apphost
Dependencies : HTTP/
wercplsupport startup parameters :
Display name : Problem Reports and Solutions Control Panel Support
Service name : wercplsupport
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
wlidsvc startup parameters :
Display name : Microsoft Account Sign-in Assistant
Service name : wlidsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
wmiApSrv startup parameters :
Display name : WMI Performance Adapter
Service name : wmiApSrv
Log on as : localSystem
Executable path : C:\Windows\system32\wbem\WmiApSrv.exe
wuauserv startup parameters :
Display name : Windows Update
Service name : wuauserv
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
The following services are disabled :
AppVClient startup parameters :
Display name : Microsoft App-V Client
Service name : AppVClient
Log on as : LocalSystem
Executable path : C:\Windows\system32\AppVClient.exe
Dependencies : RpcSS/netprofm/AppvVfs/AppVStrm/
AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/
CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/
DevicePickerUserSvc_1643ee startup parameters :
Display name : DevicePicker_1643ee
Service name : DevicePickerUserSvc_1643ee
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow
DevicePickerUserSvc_16c1fce2 startup parameters :
Display name : DevicePicker_16c1fce2
Service name : DevicePickerUserSvc_16c1fce2
Executable path : C:\Windows\system32\svchost.exe -k DevicesFlow
GraphicsPerfSvc startup parameters :
Display name : GraphicsPerfSvc
Service name : GraphicsPerfSvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k GraphicsPerfSvcGroup
MapsBroker startup parameters :
Display name : Downloaded Maps Manager
Service name : MapsBroker
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\Windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/
NetTcpPortSharing startup parameters :
Display name : Net.Tcp Port Sharing Service
Service name : NetTcpPortSharing
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
PhoneSvc startup parameters :
Display name : Phone Service
Service name : PhoneSvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/
PushToInstall startup parameters :
Display name : Windows PushToInstall Service
Service name : PushToInstall
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
RemoteAccess startup parameters :
Display name : Routing and Remote Access
Service name : RemoteAccess
Log on as : localSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs
Dependencies : RpcSS/Bfe/RasMan/Http/+NetBIOSGroup/
RmSvc startup parameters :
Display name : Radio Management Service
Service name : RmSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : RpcSs/
SEMgrSvc startup parameters :
Display name : Payments and NFC/SE Manager
Service name : SEMgrSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSs/
SQLBrowser startup parameters :
Display name : SQL Server Browser
Service name : SQLBrowser
Log on as : NT AUTHORITY\LOCALSERVICE
Executable path : "C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe"
SSDPSRV startup parameters :
Display name : SSDP Discovery
Service name : SSDPSRV
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : HTTP/NSI/
ScDeviceEnum startup parameters :
Display name : Smart Card Device Enumeration Service
Service name : ScDeviceEnum
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
SensorDataService startup parameters :
Display name : Sensor Data Service
Service name : SensorDataService
Log on as : LocalSystem
Executable path : C:\Windows\System32\SensorDataService.exe
SharedAccess startup parameters :
Display name : Internet Connection Sharing (ICS)
Service name : SharedAccess
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : BFE/
UevAgentService startup parameters :
Display name : User Experience Virtualization Service
Service name : UevAgentService
Log on as : LocalSystem
Executable path : C:\Windows\system32\AgentService.exe
WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\Windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/BrokerInfrastructure/
WalletService startup parameters :
Display name : WalletService
Service name : WalletService
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k appmodel -p
dmwappushservice startup parameters :
Display name : Device Management Wireless Application Protocol (WAP) Push message Routing Service
Service name : dmwappushservice
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
icssvc startup parameters :
Display name : Windows Mobile Hotspot Service
Service name : icssvc
Log on as : NT Authority\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/wcmsvc/
lfsvc startup parameters :
Display name : Geolocation Service
Service name : lfsvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/
lltdsvc startup parameters :
Display name : Link-Layer Topology Discovery Mapper
Service name : lltdsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/lltdio/
shpamsvc startup parameters :
Display name : Shared PC Account Manager
Service name : shpamsvc
Log on as : LocalSystem
Executable path : C:\Windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/
sma startup parameters :
Display name : System Management Assistant Service
Service name : sma
Log on as : LocalSystem
Executable path : "C:\Program Files\OEM\AMS\service\sma.exe"
ssh-agent startup parameters :
Display name : OpenSSH Authentication Agent
Service name : ssh-agent
Log on as : LocalSystem
Executable path : C:\Windows\System32\OpenSSH\ssh-agent.exe
tzautoupdate startup parameters :
Display name : Auto Time Zone Updater
Service name : tzautoupdate
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalService -p
upnphost startup parameters :
Display name : UPnP Device Host
Service name : upnphost
Log on as : NT AUTHORITY\LocalService
Executable path : C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : SSDPSRV/HTTP/
wisvc startup parameters :
Display name : Windows Insider Service
Service name : wisvc
Log on as : LocalSystem
Executable path : C:\Windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/
11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output
tcp/139/smb
An SMB server is running on this port.
11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output
tcp/445/cifs
A CIFS server is running on this port.
10456 - Microsoft Windows SMB Service Enumeration
-
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.
An attacker may use this feature to gain better knowledge of the remote host.
An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
| XREF | IAVT:0001-T-0751 |
Plugin Information
Published: 2000/07/03, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Active Services :
Acronis Agent Core Service [ aakore ]
Acronis Active Protection Service [ AcronisActiveProtectionService ]
Acronis Cyber Protection Service [ AcronisCyberProtectionService ]
Acronis Scheduler2 Service [ AcrSch2Svc ]
Agentless Management Service [ ams ]
Application Host Helper Service [ AppHostSvc ]
Application Information [ Appinfo ]
AzureAttestService [ AzureAttestService ]
Base Filtering Engine [ BFE ]
Background Intelligent Transfer Service [ BITS ]
Background Tasks Infrastructure Service [ BrokerInfrastructure ]
Connected Devices Platform Service [ CDPSvc ]
Certificate Propagation [ CertPropSvc ]
COM+ System Application [ COMSysApp ]
CoreMessaging [ CoreMessagingRegistrar ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
Connected User Experiences and Telemetry [ DiagTrack ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Data Sharing Service [ DsSvc ]
Acronis Emergency Updater 0.0.1.2826 [ emergency-updater-0.0.1.2826 ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
HPE Smart Array SR Event Notification Service [ HpePqiESrv ]
IIS Admin Service [ IISADMIN ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
IP Helper [ iphlpsvc ]
CNG Key Isolation [ KeyIso ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
Windows License Manager Service [ LicenseManager ]
TCP/IP NetBIOS Helper [ lmhosts ]
Local Session Manager [ LSM ]
Apache Tomcat 9.0 Lucee [ Lucee ]
Acronis Managed Machine Service [ MMS ]
Windows Defender Firewall [ mpssvc ]
Distributed Transaction Coordinator [ MSDTC ]
SQL Full-text Filter Daemon Launcher (MSSQLSERVER) [ MSSQLFDLauncher ]
SQL Server Launchpad (MSSQLSERVER) [ MSSQLLaunchpad ]
SQL Server (MSSQLSERVER) [ MSSQLSERVER ]
Network Connection Broker [ NcbService ]
Network Connections [ Netman ]
Network List Service [ netprofm ]
Network Setup Service [ NetSetupSvc ]
Network Location Awareness [ NlaSvc ]
Network Store Interface Service [ nsi ]
nxlog [ nxlog ]
Program Compatibility Assistant Service [ PcaSvc ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Access Connection Manager [ RasMan ]
Remote Registry [ RemoteRegistry ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) Locator [ RpcLocator ]
Remote Procedure Call (RPC) [ RpcSs ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
Shell Hardware Detection [ ShellHWDetection ]
SQL Server Agent (MSSQLSERVER) [ SQLSERVERAGENT ]
SQL Server CEIP service (MSSQLSERVER) [ SQLTELEMETRY ]
SQL Server VSS Writer [ SQLWriter ]
Secure Socket Tunneling Protocol Service [ SstpSvc ]
State Repository Service [ StateRepository ]
Storage Service [ StorSvc ]
SysMain [ SysMain ]
System Events Broker [ SystemEventsBroker ]
Touch Keyboard and Handwriting Panel Service [ TabletInputService ]
Remote Desktop Services [ TermService ]
Themes [ Themes ]
Time Broker [ TimeBrokerSvc ]
Web Account Manager [ TokenBroker ]
Distributed Link Tracking Client [ TrkWks ]
Windows Modules Installer [ TrustedInstaller ]
User Access Logging Service [ UALSVC ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
User Manager [ UserManager ]
Update Orchestrator Service [ UsoSvc ]
Veeam Installer Service [ VeeamDeploySvc ]
Veeam Agent for Microsoft Windows [ VeeamEndpointBackupSvc ]
Veeam Data Mover Service [ VeeamTransportSvc ]
World Wide Web Publishing Service [ W3SVC ]
Windows Process Activation Service [ WAS ]
Windows Connection Manager [ Wcmsvc ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
Windows Remote Management (WS-Management) [ WinRM ]
VNC Server Version 4 [ WinVNC4 ]
Windows Push Notifications System Service [ WpnService ]
Windows Update [ wuauserv ]
Connected Devices Platform User Service_1643ee [ CDPUserSvc_1643ee ]
Windows Push Notifications User Service_1643ee [ WpnUserService_1643ee ]
Connected Devices Platform User Service_16c1fce2 [ CDPUserSvc_16c1fce2 ]
Windows Push Notifications User Service_16c1fce2 [ WpnUserService_16c1fce2 ]
Inactive Services :
AllJoyn Router Service [ AJRouter ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Management [ AppMgmt ]
App Readiness [ AppReadiness ]
Microsoft App-V Client [ AppVClient ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
ASP.NET State Service [ aspnet_state ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
Bluetooth Audio Gateway Service [ BTAGService ]
AVCTP service [ BthAvctpSvc ]
Bluetooth Support Service [ bthserv ]
Capability Access Manager Service [ camsvc ]
Client License Service (ClipSVC) [ ClipSVC ]
Offline Files [ CscService ]
Optimize drives [ defragsvc ]
Device Association Service [ DeviceAssociationService ]
Device Install Service [ DeviceInstall ]
DevQuery Background Discovery Broker [ DevQueryBroker ]
Microsoft (R) Diagnostics Hub Standard Collector Service [ diagnosticshub.standardcollector.service ]
Device Management Enrollment Service [ DmEnrollmentSvc ]
Device Management Wireless Application Protocol (WAP) Push message Routing Service [ dmwappushservice ]
Delivery Optimization [ DoSvc ]
Wired AutoConfig [ dot3svc ]
Device Setup Manager [ DsmSvc ]
Extensible Authentication Protocol [ Eaphost ]
Encrypting File System (EFS) [ EFS ]
Embedded Mode [ embeddedmode ]
Enterprise App Management Service [ EntAppSvc ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
Windows Presentation Foundation Font Cache 3.0.0.0 [ FontCache3.0.0.0 ]
Windows Camera Frame Server [ FrameServer ]
Google Chrome Elevation Service (GoogleChromeElevationService) [ GoogleChromeElevationService ]
Google Updater Internal Service (GoogleUpdaterInternalService144.0.7547.0) [ GoogleUpdaterInternalService144.0.7547.0 ]
Google Updater Service (GoogleUpdaterService144.0.7547.0) [ GoogleUpdaterService144.0.7547.0 ]
GraphicsPerfSvc [ GraphicsPerfSvc ]
Human Interface Device Service [ hidserv ]
HV Host Service [ HvHost ]
Windows Mobile Hotspot Service [ icssvc ]
Microsoft Store Install Service [ InstallService ]
KDC Proxy Server service (KPS) [ KPSSVC ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Geolocation Service [ lfsvc ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
Downloaded Maps Manager [ MapsBroker ]
Microsoft iSCSI Initiator Service [ MSiSCSI ]
Windows Installer [ msiserver ]
MS-MPI Launch Service [ MsMpiLaunchSvc ]
Network Connectivity Assistant [ NcaSvc ]
Netlogon [ Netlogon ]
Net.Tcp Port Sharing Service [ NetTcpPortSharing ]
Microsoft Passport Container [ NgcCtnrSvc ]
Microsoft Passport [ NgcSvc ]
Office 64 Source Engine [ ose64 ]
Performance Counter DLL Host [ PerfHost ]
Phone Service [ PhoneSvc ]
Performance Logs & Alerts [ pla ]
Printer Extensions and Notifications [ PrintNotify ]
Windows PushToInstall Service [ PushToInstall ]
Quality Windows Audio Video Experience [ QWAVE ]
Remote Access Auto Connection Manager [ RasAuto ]
Routing and Remote Access [ RemoteAccess ]
Radio Management Service [ RmSvc ]
Resultant Set of Policy Provider [ RSoPProv ]
Special Administration Console Helper [ sacsvr ]
Smart Card [ SCardSvr ]
Smart Card Device Enumeration Service [ ScDeviceEnum ]
Smart Card Removal Policy [ SCPolicySvc ]
Secondary Logon [ seclogon ]
Windows Security Service [ SecurityHealthService ]
Payments and NFC/SE Manager [ SEMgrSvc ]
Windows Defender Advanced Threat Protection Service [ Sense ]
Sensor Data Service [ SensorDataService ]
Sensor Service [ SensorService ]
Sensor Monitoring Service [ SensrSvc ]
System Guard Runtime Monitor Broker [ SgrmBroker ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Shared PC Account Manager [ shpamsvc ]
System Management Assistant Service [ sma ]
Microsoft Storage Spaces SMP [ smphost ]
SNMP Trap [ SNMPTRAP ]
Print Spooler [ Spooler ]
Software Protection [ sppsvc ]
SQL Server Browser [ SQLBrowser ]
SSDP Discovery [ SSDPSRV ]
OpenSSH Authentication Agent [ ssh-agent ]
Windows Image Acquisition (WIA) [ stisvc ]
Spot Verifier [ svsvc ]
Microsoft Software Shadow Copy Provider [ swprv ]
Telephony [ tapisrv ]
Tib Mounter Service [ Tib Mounter Service ]
Storage Tiers Management [ TieringEngineService ]
Auto Time Zone Updater [ tzautoupdate ]
User Experience Virtualization Service [ UevAgentService ]
UPnP Device Host [ upnphost ]
Credential Manager [ VaultSvc ]
Virtual Disk [ vds ]
Hyper-V Guest Service Interface [ vmicguestinterface ]
Hyper-V Heartbeat Service [ vmicheartbeat ]
Hyper-V Data Exchange Service [ vmickvpexchange ]
Hyper-V Remote Desktop Virtualization Service [ vmicrdv ]
Hyper-V Guest Shutdown Service [ vmicshutdown ]
Hyper-V Time Synchronization Service [ vmictimesync ]
Hyper-V PowerShell Direct Service [ vmicvmsession ]
Hyper-V Volume Shadow Copy Requestor [ vmicvss ]
Volume Shadow Copy [ VSS ]
Windows Time [ W32Time ]
W3C Logging Service [ w3logsvc ]
Windows Update Medic Service [ WaaSMedicSvc ]
WalletService [ WalletService ]
WarpJITSvc [ WarpJITSvc ]
Windows Biometric Service [ WbioSrvc ]
Diagnostic Service Host [ WdiServiceHost ]
Diagnostic System Host [ WdiSystemHost ]
Windows Event Collector [ Wecsvc ]
Windows Encryption Provider Host Service [ WEPHOSTSVC ]
Problem Reports and Solutions Control Panel Support [ wercplsupport ]
Windows Error Reporting Service [ WerSvc ]
Still Image Acquisition Events [ WiaRpc ]
Windows Insider Service [ wisvc ]
Microsoft Account Sign-in Assistant [ wlidsvc ]
WMI Performance Adapter [ wmiApSrv ]
Windows Media Player Network Sharing Service [ WMPNetworkSvc ]
Web Management Service [ WMSVC ]
Portable Device Enumerator Service [ WPDBusEnum ]
Windows Search [ WSearch ]
CaptureService_1643ee [ CaptureService_1643ee ]
Clipboard User Service_1643ee [ cbdhsvc_1643ee ]
ConsentUX_1643ee [ ConsentUxUserSvc_1643ee ]
DevicePicker_1643ee [ DevicePickerUserSvc_1643ee ]
DevicesFlow_1643ee [ DevicesFlowUserSvc_1643ee ]
Contact Data_1643ee [ PimIndexMaintenanceSvc_1643ee ]
PrintWorkflow_1643ee [ PrintWorkflowUserSvc_1643ee ]
User Data Storage_1643ee [ UnistoreSvc_1643ee ]
User Data Access_1643ee [ UserDataSvc_1643ee ]
CaptureService_16c1fce2 [ CaptureService_16c1fce2 ]
Clipboard User Service_16c1fce2 [ cbdhsvc_16c1fce2 ]
ConsentUX_16c1fce2 [ ConsentUxUserSvc_16c1fce2 ]
DevicePicker_16c1fce2 [ DevicePickerUserSvc_16c1fce2 ]
DevicesFlow_16c1fce2 [ DevicesFlowUserSvc_16c1fce2 ]
Contact Data_16c1fce2 [ PimIndexMaintenanceSvc_16c1fce2 ]
PrintWorkflow_16c1fce2 [ PrintWorkflowUserSvc_16c1fce2 ]
User Data Storage_16c1fce2 [ UnistoreSvc_16c1fce2 ]
User Data Access_16c1fce2 [ UserDataSvc_16c1fce2 ]
23974 - Microsoft Windows SMB Share Hosting Office Files
-
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output
tcp/445/cifs
Here is a list of office files which have been found on the remote SMB
shares :
+ C$ :
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\f\msoirmprotector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\r\msoirmprotector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\f\msoirmprotector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\r\msoirmprotector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\MsoIrmProtector.doc
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\f\msoirmprotector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\r\msoirmprotector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\f\msoirmprotector.ppt
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\r\msoirmprotector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\MsoIrmProtector.ppt
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_06062023124614.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_06062023124810.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\5000021_EMP0329_07072023142553.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CLIENTMASTEREXPORT_02082023113807.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ExportData.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113530.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113621.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113659.xls
- C:\Users\techexcel\Downloads\666164733_21032023164812.xls
- C:\Users\techexcel\Downloads\666203400_1987_02022023203401.xls
- C:\Users\techexcel\Downloads\Trade Summary with Exp_09082023_121708.xls
- C:\Users\techexcel\Downloads\xls_5000021_EMP0329_07072023_04434053378640.xls
- C:\Users\techexcel\Downloads\xls_666074326_EMP0583_23042025_07432914860250.xls
- C:\Users\techexcel\Downloads\xls_666141840_1229_02022023_02184052665250.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_5b402724c75d80d6\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.1697_none_6594d176fbbe42d1\MsoIrmProtector.xls
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\MsoIrmProtector.xls
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\r\msoirmprotector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_6579d6f2fbd323de\f\msoirmprotector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\r\msoirmprotector.xls
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.17763.5830_none_5b252ca0c77261e3\f\msoirmprotector.xls
- C:\Users\techexcel\Downloads\xls_666171124_2022_24072025_05112481846690.xls
- C:\Users\techexcel\Downloads\666130159_23042025130204.xls
- C:\Users\techexcel\Downloads\5000021_EMP0329_07072023164359.xls
- C:\Users\techexcel\Desktop\642_24032023_05593612301576554147_TECHEXCEL.xls
- C:\Users\techexcel\Desktop\642_24032023_05573765460414805801_TECHEXCEL.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113758.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\BSE_20230711.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\996_27062023_07055489515280_TECHEXCEL.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\996_26062023_04434859649780_TECHEXCEL.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\895_26062023_0448457497980_TECHEXCEL.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\666110052_05062023110054.xls
- C:\$Recycle.Bin\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12004819_GlobalP&LStatementofNSE_FNO_06072023_062249.xlsx
- C:\Users\techexcel\Downloads\xlsx_666155012_5505_23062023_03501352399990.xlsx
- C:\Users\techexcel\Downloads\xlsx_666155804_5505_23062023_03580586305200.xlsx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\r\wdagplaceholder.xlsx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\f\wdagplaceholder.xlsx
- C:\Users\techexcel\Downloads\xlsx_66629122351_techexcel_09082023_12235183118524960059.xlsx
- C:\Users\techexcel\Downloads\xlsx_666183541_techexcel_29022024_06354122316298569794.xlsx
- C:\Users\techexcel\Downloads\xlsx_666173433_5505_23062023_05343348927150.xlsx
- C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Licenses\1033\SSMS License Terms.docx
- C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Licenses\Third Party Notices SQL Server.docx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\f\wdagplaceholder.docx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\r\wdagplaceholder.docx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\f\wdagplaceholder.pptx
- C:\Windows\servicing\LCU\Package_for_RollupFix~31bf3856ad364e35~amd64~~17763.6659.1.7\amd64_microsoft-windows-hvsi-office_31bf3856ad364e35_10.0.17763.2989_none_b92210e4eb27bace\r\wdagplaceholder.pptx
11777 - Microsoft Windows SMB Share Hosting Possibly Copyrighted Material
-
Synopsis
The remote host may contain material (movies/audio) infringing copyright.
Description
This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission.
If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.
Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission.
If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.
Solution
Delete the files infringing copyright.
Risk Factor
None
Plugin Information
Published: 2003/06/26, Modified: 2012/11/29
Plugin Output
tcp/445/cifs
Here is a list of files which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.
+ C$ :
C:\P64606_001_gen10spp-2023.09.00.00-SPP2023090000.2023_0902.19\packages\assets\media\notify.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\break.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\chatRequestSent.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\diffLineDeleted.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\diffLineInserted.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\diffLineModified.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\error.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\foldedAreas.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\break.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\chatEditModifiedFile.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\chatUserActionRequired.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\clear.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\codeActionApplied.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\editsUndone.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\error.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\foldedAreas.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\format.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\nextEditSuggestion.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived3.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived4.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\save.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\success.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\taskCompleted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\warning.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\break.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\chatEditModifiedFile.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\chatUserActionRequired.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\clear.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\editsKept.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\editsUndone.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\error.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\foldedAreas.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\format.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived3.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived4.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\save.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\success.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\taskCompleted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\taskFailed.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\warning.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\voiceRecordingStopped.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\voiceRecordingStarted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\terminalCommandSucceeded.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\terminalBell.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived2.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived1.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\requestSent.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\quickFixes.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\progress.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\nextEditSuggestion.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\diffLineModified.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\diffLineInserted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\diffLineDeleted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\codeActionTriggered.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\_\resources\app\out\vs\platform\accessibilitySignal\browser\media\codeActionApplied.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\voiceRecordingStopped.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\voiceRecordingStarted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\terminalCommandSucceeded.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\terminalBell.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\taskFailed.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived2.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\responseReceived1.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\requestSent.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\quickFixes.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\progress.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\editsKept.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\diffLineModified.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\diffLineInserted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\diffLineDeleted.mp3
C:\Users\techexcel\AppData\Local\Programs\Microsoft VS Code\resources\app\out\vs\platform\accessibilitySignal\browser\media\codeActionTriggered.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\warning.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\terminalBell.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\taskFailed.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\taskCompleted.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\quickFixes.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\chatResponseReceived4.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\chatResponseReceived3.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\chatResponseReceived2.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\chatResponseReceived1.mp3
C:\Program Files\Azure Data Studio\resources\app\out\vs\platform\audioCues\browser\media\chatResponsePending.mp3
60119 - Microsoft Windows SMB Share Permissions Enumeration
-
Synopsis
It was possible to enumerate the permissions of remote network shares.
Description
By using the supplied credentials, Nessus was able to enumerate the permissions of network shares. User permissions are enumerated for each network share that has a list of access control entries (ACEs).
See Also
| https://technet.microsoft.com/en-us/library/bb456988.aspx |
| https://technet.microsoft.com/en-us/library/cc783530.aspx |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/07/25, Modified: 2022/08/11
Plugin Output
tcp/445/cifs
Share path : \\TECHE_WEB_DB\ADMIN$
Local path : C:\Windows
Comment : Remote Admin
[*] Allow ACE for TECHE_WEB_DB\tidua (S-1-5-21-549360554-2228062029-2355455187-1011): 0x001200a9
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: NO
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: NO
FILE_ADD_FILE: NO
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: NO
DELETE: NO
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: NO
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: NO
FILE_CREATE_PIPE_INSTANCE: NO
FILE_WRITE_ATTRIBUTES: NO
Share path : \\TECHE_WEB_DB\backup$
Local path : F:\backup
[*] Allow ACE for TECHE_WEB_DB\Production (S-1-5-21-549360554-2228062029-2355455187-500): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for TECHE_WEB_DB\techapp (S-1-5-21-549360554-2228062029-2355455187-1002): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for TECHE_WEB_DB\techexcel (S-1-5-21-549360554-2228062029-2355455187-1001): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
Share path : \\TECHE_WEB_DB\BackupOLDDB$
Local path : H:\BackupOLDDB
[*] Allow ACE for TECHE_WEB_DB\techapp (S-1-5-21-549360554-2228062029-2355455187-1002): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for TECHE_WEB_DB\techexcel (S-1-5-21-549360554-2228062029-2355455187-1001): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
Share path : \\TECHE_WEB_DB\Backup_RMS$
Local path : D:\Backup_RMS
[*] Allow ACE for Everyone (S-1-1-0): 0x001200a9
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: NO
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: NO
FILE_ADD_FILE: NO
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: NO
DELETE: NO
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: NO
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: NO
FILE_CREATE_PIPE_INSTANCE: NO
FILE_WRITE_ATTRIBUTES: NO
[*] Allow ACE for TECHE_WEB_DB\Production (S-1-5-21-549360554-2228062029-2355455187-500): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
Share path : \\TECHE_WEB_DB\C$
Local path : C:\
Comment : Default share
[*] Allow ACE for TECHE_WEB_DB\tidua (S-1-5-21-549360554-2228062029-2355455187-1011): 0x001200a9
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: NO
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: NO
FILE_ADD_FILE: NO
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: NO
DELETE: NO
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: NO
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: NO
FILE_CREATE_PIPE_INSTANCE: NO
FILE_WRITE_ATTRIBUTES: NO
Share path : \\TECHE_WEB_DB\TechExcel
Local path : D:\Techexcel
Comment : Live Trade
[*] Allow ACE for Everyone (S-1-1-0): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
Share path : \\TECHE_WEB_DB\Techexcel$
Local path : D:\Techexcel
[*] Allow ACE for BUILTIN\Administrators (S-1-5-32-544): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
[*] Allow ACE for Everyone (S-1-1-0): 0x001f01ff
MAXIMUM_ALLOWED: NO
FILE_TRAVERSE: YES
FILE_GENERIC_READ: YES
STANDARD_RIGHTS_ALL: YES
ACCESS_ALL: YES
FILE_LIST_DIRECTORY: YES
GENERIC_ALL: NO
FILE_DELETE_CHILD: YES
ACCESS_SYSTEM_SECURITY: NO
FILE_WRITE_EA: YES
FILE_ADD_FILE: YES
FILE_READ_EA: YES
FILE_READ_ATTRIBUTES: YES
STANDARD_RIGHTS_EXECUTE: YES
FILE_ALL_ACCESS: YES
GENERIC_READ: NO
WRITE_DAC: YES
DELETE: YES
ACCESS_GROUP: NO
STANDARD_RIGHTS_REQUIRED: YES
WRITE_OWNER: YES
FILE_GENERIC_EXECUTE: YES
GENERIC_WRITE: NO
SYNCHRONIZE: YES
FILE_GENERIC_WRITE: YES
FILE_CREATE_PIPE_INSTANCE: YES
FILE_WRITE_ATTRIBUTES: YES
10396 - Microsoft Windows SMB Shares Access
-
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.
Depending on the share rights, it may allow an attacker to read / write confidential data.
Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2021/10/04
Plugin Output
tcp/445/cifs
The following shares can be accessed as tidua :
- ADMIN$ - (readable)
+ Content of this share :
..
ADFS
appcompat
apppatch
AppReadiness
assembly
bcastdvr
bfsvc.exe
Boot
bootstat.dat
Branding
CbsTemp
Containers
CSC
Cursors
debug
DfsrAdmin.exe
DfsrAdmin.exe.config
diagnostics
DigitalLocker
Downloaded Program Files
drivers
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Fonts
Globalization
Help
HelpPane.exe
hh.exe
IdentityCRL
iis.log
IME
ImmersiveControlPanel
INF
InputMethod
Installer
L2Schemas
LiveKernelReports
Logs
lsasetup.log
media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Provisioning
regedit.exe
Registration
RemotePackages
rescache
Resources
SchCache
schemas
security
ServerDataCenter.xml
ServiceProfiles
ServiceState
servicing
Setup
setuperr.log
ShellComponents
ShellExperiences
SKB
SoftwareDistribution
Speech
Speech_OneCore
splwow64.exe
storelibdebug.txt
System
system.ini
System32
SystemApps
SystemResources
SystemTemp
SysWOW64
TAPI
Tasks
Temp
TextInput
tracing
twain_32
twain_32.dll
- Techexcel$ - (readable,writable)
+ Content of this share :
..
7za.exe
7zip.bat
Backup_VAPT
BSE.txt
BSE1.TXT
cdbse1.txt
cd_contract.txt
cd_participant.txt
cd_spd_contract.txt
contact1.txt
E-payment
Exportfiles
ExportPDF
FormList.csv
FTP1.txt
FTP_DNLD
GenerateSpan.bat
gzip.bat
gzip.exe
ImportTradeFiles
Liverisk
Lucee
Lucee only for RMS Schedule.txt
Lucee_old
Lucee_Update
Margin Detail Report 20251205.csv
MCX.txt
MCX_ProductMaster.csv
NSDLTEXTFILES
ODINDATA
PDFExport
Program Files
railo
Report
Reports
ServerConfig.txt
SPAN4
SPAN4_Calc
span4_cd
SPAN4_CDMCX
SPAN4_Copy
SPAN4_LiveRisk
SPAN4_MCX
spanopt.txt
SQL-2019
SQLLOGS
SYMPHONY
TECHEXCEL
techexcel_Margin
temp
Temp.txt
TE_RM_Master.xlsx
TradeAPI
TRADEFO.txt
Trade_cd.txt
Trade_cm.txt
Trade_FO.txt
update.txt
VarFile.txt
webclientoutsidelog.txt
WindKB
ws_ftp
- TechExcel - (readable,writable)
+ Content of this share :
..
7za.exe
7zip.bat
Backup_VAPT
BSE.txt
BSE1.TXT
cdbse1.txt
cd_contract.txt
cd_participant.txt
cd_spd_contract.txt
contact1.txt
E-payment
Exportfiles
ExportPDF
FormList.csv
FTP1.txt
FTP_DNLD
GenerateSpan.bat
gzip.bat
gzip.exe
ImportTradeFiles
Liverisk
Lucee
Lucee only for RMS Schedule.txt
Lucee_old
Lucee_Update
Margin Detail Report 20251205.csv
MCX.txt
MCX_ProductMaster.csv
NSDLTEXTFILES
ODINDATA
PDFExport
Program Files
railo
Report
Reports
ServerConfig.txt
SPAN4
SPAN4_Calc
span4_cd
SPAN4_CDMCX
SPAN4_Copy
SPAN4_LiveRisk
SPAN4_MCX
spanopt.txt
SQL-2019
SQLLOGS
SYMPHONY
TECHEXCEL
techexcel_Margin
temp
Temp.txt
TE_RM_Master.xlsx
TradeAPI
TRADEFO.txt
Trade_cd.txt
Trade_cm.txt
Trade_FO.txt
update.txt
VarFile.txt
webclientoutsidelog.txt
WindKB
ws_ftp
- C$ - (readable)
+ Content of this share :
bsefo2.txt
Config.Msi
cpqsystem
Documents and Settings
ExportFiles
inetpub
P64606_001_gen10spp-2023.09.00.00-SPP2023090000.2023_0902.19
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Recovery
Reports
System Volume Information
Techexcel
temp
Users
Windows
- Backup_RMS$ - (readable)
+ Content of this share :
..
CFM.ZIP
FTPDOWNLOAD.ZIP
LIVERISK.ZIP
Old
Price.bak
Scheduler.ZIP
TechExcel_EXE.ZIP
TechExcel_EXE_86.ZIP
TechExcel_installer_EXE.ZIP
10395 - Microsoft Windows SMB Shares Enumeration
-
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Here are the SMB shares available on the remote host when logged in as tidua:
- ADMIN$
- backup$
- BackupOLDDB$
- Backup_RMS$
- C$
- IPC$
- TechExcel
- Techexcel$
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.
Note that this plugin is a remote check and does not work on agents.
Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/06/19, Modified: 2019/11/22
Plugin Output
tcp/445/cifs
The remote host supports the following versions of SMB :
SMBv2
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/09, Modified: 2020/03/11
Plugin Output
tcp/445/cifs
The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10
The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10
92368 - Microsoft Windows Scripting Host Settings
-
Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1
Windows scripting host configuration attached.
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1
Windows scripting host configuration attached.
200493 - Microsoft Windows Start Menu Software Version Enumeration
-
Synopsis
Enumerates Start Menu software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.
Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2024/06/13, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
The following software information is available on the remote host :
- Google Chrome.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Google Chrome.lnk
Target : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Version : 143.0.7499.171
- Immersive Control Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Immersive Control Panel.lnk
Target : C:\Windows\System32\Control.exe
Version : 10.0.17763.2300
- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.17763.168
- 7-Zip File Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\7-Zip\7-Zip File Manager.lnk
Target : C:\Program Files\7-Zip\7zFM.exe
Version : 24.9.0.0
- 7-Zip Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\7-Zip\7-Zip Help.lnk
Target : C:\Program Files\7-Zip\7-zip.chm
Version : unknown
- Speech Recognition.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessibility\Speech Recognition.lnk
Target : C:\Windows\Speech\Common\sapisvr.exe
Version : 5.3.22514.0
- Calculator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Calculator.lnk
Target : C:\Windows\system32\win32calc.exe
Version : 10.0.17763.4377
- Math Input Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Math Input Panel.lnk
Target : C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
Version : 10.0.17763.1697
- Paint.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Paint.lnk
Target : C:\Windows\system32\mspaint.exe
Version : 10.0.17763.1697
- Remote Desktop Connection.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Remote Desktop Connection.lnk
Target : C:\Windows\system32\mstsc.exe
Version : 10.0.17763.5830
- Snipping Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Snipping Tool.lnk
Target : C:\Windows\system32\SnippingTool.exe
Version : 10.0.17763.1697
- Steps Recorder.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Steps Recorder.lnk
Target : C:\Windows\system32\psr.exe
Version : 10.0.17763.1697
- Windows Media Player.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows Media Player.lnk
Target : C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Version : 12.0.17763.5830
- Wordpad.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Wordpad.lnk
Target : C:\Program Files\Windows NT\Accessories\wordpad.exe
Version : 10.0.17763.5328
- XPS Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\XPS Viewer.lnk
Target : C:\Windows\system32\xpsrchvw.exe
Version : 10.0.17763.5830
- Character Map.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Character Map.lnk
Target : C:\Windows\system32\charmap.exe
Version : 5.2.3668.0
- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown
- Acronis Cyber Protect Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Acronis\Acronis Cyber Protect Monitor.lnk
Target : C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe
Version : 24.11.1008.0
- Acronis System Report.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Acronis\Acronis System Report.lnk
Target : C:\Program Files\Common Files\Acronis\AdvReport\systeminfo.exe
Version : 24.11.1.39130
- Component Services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Component Services.lnk
Target : C:\Windows\system32\comexp.msc
Version : unknown
- Computer Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Computer Management.lnk
Target : C:\Windows\system32\compmgmt.msc
Version : unknown
- dfrgui.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\dfrgui.lnk
Target : C:\Windows\system32\dfrgui.exe
Version : 10.0.17763.1697
- Disk Cleanup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Disk Cleanup.lnk
Target : C:\Windows\system32\cleanmgr.exe
Version : 10.0.17763.6893
- Event Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Event Viewer.lnk
Target : C:\Windows\system32\eventvwr.msc
Version : unknown
- IIS Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\IIS Manager.lnk
Target : C:\Windows\system32\inetsrv\InetMgr.exe
Version : 10.0.17763.5830
- iSCSI Initiator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\iSCSI Initiator.lnk
Target : C:\Windows\system32\iscsicpl.exe
Version : 10.0.17763.1
- Memory Diagnostics Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Memory Diagnostics Tool.lnk
Target : C:\Windows\system32\MdSched.exe
Version : 10.0.17763.1
- Microsoft Azure services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Microsoft Azure services.lnk
Target : C:\Windows\explorer.exe
Version : 10.0.17763.6530
- ODBC Data Sources (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (32-bit).lnk
Target : C:\Windows\syswow64\odbcad32.exe
Version : 10.0.17763.1
- ODBC Data Sources (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (64-bit).lnk
Target : C:\Windows\system32\odbcad32.exe
Version : 10.0.17763.1
- Performance Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Performance Monitor.lnk
Target : C:\Windows\system32\perfmon.msc
Version : unknown
- Print Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Print Management.lnk
Target : C:\Windows\system32\printmanagement.msc
Version : unknown
- RecoveryDrive.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\RecoveryDrive.lnk
Target : C:\Windows\system32\RecoveryDrive.exe
Version : 10.0.17763.7009
- Registry Editor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Registry Editor.lnk
Target : C:\Windows\regedit.exe
Version : 10.0.17763.1697
- Resource Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Resource Monitor.lnk
Target : C:\Windows\system32\perfmon.exe
Version : 10.0.17763.5830
- Security Configuration Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Security Configuration Management.lnk
Target : C:\Windows\system32\secpol.msc
Version : unknown
- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.17763.168
- services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\services.lnk
Target : C:\Windows\system32\services.msc
Version : unknown
- System Configuration.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Configuration.lnk
Target : C:\Windows\system32\msconfig.exe
Version : 10.0.17763.2061
- System Information.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Information.lnk
Target : C:\Windows\system32\msinfo32.exe
Version : 10.0.17763.5830
- Task Scheduler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Task Scheduler.lnk
Target : C:\Windows\system32\taskschd.msc
Version : unknown
- Windows Defender Firewall with Advanced Security.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk
Target : C:\Windows\system32\WF.msc
Version : unknown
- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown
- Azure Data Studio.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Azure Data Studio\Azure Data Studio.lnk
Target : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Version : 1.51.1.0
- HPE Lights-Out Online Configuration Utility.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\HPE System Tools\HPE Lights-Out Online Configuration Utility\HPE Lights-Out Online Configuration Utility.lnk
Target : C:\Windows\Installer\{452BFA2A-7E5A-46CE-B045-3B9834B419D5}\icon.ico
Version : unknown
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\HPE System Tools\HPE Lights-Out Online Configuration Utility\README.lnk
Target :
Version : unknown
- Lucee-Tomcat Service Control.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Lucee-Tomcat Service Control.lnk
Target : D:\Techexcel\lucee\tomcat\bin\Luceew.exe
Version : unknown
- Lucee-Tomcat Service Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Lucee-Tomcat Service Monitor.lnk
Target : D:\Techexcel\lucee\tomcat\bin\Luceew.exe
Version : unknown
- Tomcat Host Config.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Tomcat Host Config.lnk
Target : C:\Windows\system32\notepad.exe
Version : 10.0.17763.5328
- Uninstall Lucee.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Uninstall Lucee.lnk
Target : D:\Techexcel\lucee\uninstall.exe
Version : unknown
- SQL Server 2019 Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\SQL Server 2019 Import and Export Data (64-bit).lnk
Target : D:\Program Files\Microsoft SQL Server\150\DTS\Binn\DTSWizard.exe
Version : unknown
- SQL Server 2019 Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.17763.7009
- SQL Server 2019 Error and Usage Reporting.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Error and Usage Reporting.lnk
Target : C:\Program Files\Microsoft SQL Server\150\Shared\SqlWtsn.exe
Version : 15.0.2000.5
- SQL Server 2019 Installation Center (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Installation Center (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\LandingPage.exe
Version : 15.0.4420.2
- Analysis Services Deployment Wizard 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Analysis Services Deployment Wizard 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Microsoft.AnalysisServices.Deployment.exe
Version : 15.0.19714.0
- Microsoft SQL Server Management Studio 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Microsoft SQL Server Management Studio 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe
Version : 2019.150.18390.0
- Database Engine Tuning Advisor 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Performance Tools\Database Engine Tuning Advisor 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\DTASHELL.EXE
Version : 15.0.18390.0
- SQL Server Profiler 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Performance Tools\SQL Server Profiler 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\PROFILER.EXE
Version : 2019.150.18390.0
- VNC Address Book.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Address Book.lnk
Target : C:\Program Files\RealVNC\VNC4\vncaddrbook.exe
Version : 4.6.1.54321
- VNC Server.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Server.lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321
- VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321
- Enter VNC Server License Key.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Enter VNC Server License Key.lnk
Target : C:\Program Files\RealVNC\VNC4\vncconfig.exe
Version : 4.6.1.54321
- Start Listening VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Start Listening VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321
- VNC Server (User Mode).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\VNC Server (User Mode).lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321
- Task Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Task Manager.lnk
Target : C:\Windows\system32\taskmgr.exe
Version : 10.0.17763.2989
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\README.TXT
Version : unknown
- Smart Storage Administrator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\Smart Storage Administrator.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\bin\ssaclient.exe
Version : 6.25.9.0
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator CLI\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssacli\README.txt
Version : unknown
- Smart Storage Administrator CLI.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator CLI\Smart Storage Administrator CLI.lnk
Target : C:\Program Files\Smart Storage Administrator\ssacli\bin\ssacli.exe
Version : 6.25.9.0
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator Diagnostics and SSD Wear Gauge Utility\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssaducli\README.TXT
Version : unknown
- TreeSize Free (Administrator).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free (Administrator).lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Version : 4.4.2.514
- TreeSize Free Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free Help.lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.chm
Version : unknown
- TreeSize Free.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free.lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Version : 4.4.2.514
- User's Guide.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinMerge\User's Guide.lnk
Target : C:\Program Files\WinMerge\Docs\WinMerge.chm
Version : unknown
- WinMerge.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinMerge\WinMerge.lnk
Target : C:\Program Files\WinMerge\WinMergeU.exe
Version : 2.16.36.0
- Console RAR manual.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\Console RAR manual.lnk
Target : C:\Program Files\WinRAR\Rar.txt
Version : unknown
- What is new in the latest version.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\What is new in the latest version.lnk
Target : C:\Program Files\WinRAR\WhatsNew.txt
Version : unknown
- WinRAR help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR help.lnk
Target : C:\Program Files\WinRAR\WinRAR.chm
Version : unknown
- WinRAR.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR.lnk
Target : C:\Program Files\WinRAR\WinRAR.exe
Version : 7.1.0.0
- Google Chrome.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Google Chrome.lnk
Target : C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Version : 143.0.7499.171
- Immersive Control Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Immersive Control Panel.lnk
Target : C:\Windows\System32\Control.exe
Version : 10.0.17763.2300
- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.17763.168
- 7-Zip File Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\7-Zip\7-Zip File Manager.lnk
Target : C:\Program Files\7-Zip\7zFM.exe
Version : 24.9.0.0
- 7-Zip Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\7-Zip\7-Zip Help.lnk
Target : C:\Program Files\7-Zip\7-zip.chm
Version : unknown
- Speech Recognition.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessibility\Speech Recognition.lnk
Target : C:\Windows\Speech\Common\sapisvr.exe
Version : 5.3.22514.0
- Calculator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Calculator.lnk
Target : C:\Windows\system32\win32calc.exe
Version : 10.0.17763.4377
- Math Input Panel.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Math Input Panel.lnk
Target : C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
Version : 10.0.17763.1697
- Paint.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Paint.lnk
Target : C:\Windows\system32\mspaint.exe
Version : 10.0.17763.1697
- Remote Desktop Connection.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Remote Desktop Connection.lnk
Target : C:\Windows\system32\mstsc.exe
Version : 10.0.17763.5830
- Snipping Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Snipping Tool.lnk
Target : C:\Windows\system32\SnippingTool.exe
Version : 10.0.17763.1697
- Steps Recorder.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Steps Recorder.lnk
Target : C:\Windows\system32\psr.exe
Version : 10.0.17763.1697
- Windows Media Player.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Windows Media Player.lnk
Target : C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Version : 12.0.17763.5830
- Wordpad.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\Wordpad.lnk
Target : C:\Program Files\Windows NT\Accessories\wordpad.exe
Version : 10.0.17763.5328
- XPS Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\XPS Viewer.lnk
Target : C:\Windows\system32\xpsrchvw.exe
Version : 10.0.17763.5830
- Character Map.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Character Map.lnk
Target : C:\Windows\system32\charmap.exe
Version : 5.2.3668.0
- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Accessories\System Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown
- Acronis Cyber Protect Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Acronis\Acronis Cyber Protect Monitor.lnk
Target : C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe
Version : 24.11.1008.0
- Acronis System Report.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Acronis\Acronis System Report.lnk
Target : C:\Program Files\Common Files\Acronis\AdvReport\systeminfo.exe
Version : 24.11.1.39130
- Component Services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Component Services.lnk
Target : C:\Windows\system32\comexp.msc
Version : unknown
- Computer Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Computer Management.lnk
Target : C:\Windows\system32\compmgmt.msc
Version : unknown
- dfrgui.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\dfrgui.lnk
Target : C:\Windows\system32\dfrgui.exe
Version : 10.0.17763.1697
- Disk Cleanup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Disk Cleanup.lnk
Target : C:\Windows\system32\cleanmgr.exe
Version : 10.0.17763.6893
- Event Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Event Viewer.lnk
Target : C:\Windows\system32\eventvwr.msc
Version : unknown
- IIS Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\IIS Manager.lnk
Target : C:\Windows\system32\inetsrv\InetMgr.exe
Version : 10.0.17763.5830
- iSCSI Initiator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\iSCSI Initiator.lnk
Target : C:\Windows\system32\iscsicpl.exe
Version : 10.0.17763.1
- Memory Diagnostics Tool.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Memory Diagnostics Tool.lnk
Target : C:\Windows\system32\MdSched.exe
Version : 10.0.17763.1
- Microsoft Azure services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Microsoft Azure services.lnk
Target : C:\Windows\explorer.exe
Version : 10.0.17763.6530
- ODBC Data Sources (32-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (32-bit).lnk
Target : C:\Windows\syswow64\odbcad32.exe
Version : 10.0.17763.1
- ODBC Data Sources (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\ODBC Data Sources (64-bit).lnk
Target : C:\Windows\system32\odbcad32.exe
Version : 10.0.17763.1
- Performance Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Performance Monitor.lnk
Target : C:\Windows\system32\perfmon.msc
Version : unknown
- Print Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Print Management.lnk
Target : C:\Windows\system32\printmanagement.msc
Version : unknown
- RecoveryDrive.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\RecoveryDrive.lnk
Target : C:\Windows\system32\RecoveryDrive.exe
Version : 10.0.17763.7009
- Registry Editor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Registry Editor.lnk
Target : C:\Windows\regedit.exe
Version : 10.0.17763.1697
- Resource Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Resource Monitor.lnk
Target : C:\Windows\system32\perfmon.exe
Version : 10.0.17763.5830
- Security Configuration Management.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Security Configuration Management.lnk
Target : C:\Windows\system32\secpol.msc
Version : unknown
- Server Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Server Manager.lnk
Target : C:\Windows\system32\ServerManager.exe
Version : 10.0.17763.168
- services.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\services.lnk
Target : C:\Windows\system32\services.msc
Version : unknown
- System Configuration.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Configuration.lnk
Target : C:\Windows\system32\msconfig.exe
Version : 10.0.17763.2061
- System Information.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\System Information.lnk
Target : C:\Windows\system32\msinfo32.exe
Version : 10.0.17763.5830
- Task Scheduler.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Task Scheduler.lnk
Target : C:\Windows\system32\taskschd.msc
Version : unknown
- Windows Defender Firewall with Advanced Security.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Defender Firewall with Advanced Security.lnk
Target : C:\Windows\system32\WF.msc
Version : unknown
- Windows Server Backup.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Administrative Tools\Windows Server Backup.lnk
Target : C:\Windows\system32\wbadmin.msc
Version : unknown
- Azure Data Studio.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Azure Data Studio\Azure Data Studio.lnk
Target : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Version : 1.51.1.0
- HPE Lights-Out Online Configuration Utility.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\HPE System Tools\HPE Lights-Out Online Configuration Utility\HPE Lights-Out Online Configuration Utility.lnk
Target : C:\Windows\Installer\{452BFA2A-7E5A-46CE-B045-3B9834B419D5}\icon.ico
Version : unknown
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\HPE System Tools\HPE Lights-Out Online Configuration Utility\README.lnk
Target :
Version : unknown
- Lucee-Tomcat Service Control.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Lucee-Tomcat Service Control.lnk
Target : D:\Techexcel\lucee\tomcat\bin\Luceew.exe
Version : unknown
- Lucee-Tomcat Service Monitor.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Lucee-Tomcat Service Monitor.lnk
Target : D:\Techexcel\lucee\tomcat\bin\Luceew.exe
Version : unknown
- Tomcat Host Config.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Tomcat Host Config.lnk
Target : C:\Windows\system32\notepad.exe
Version : 10.0.17763.5328
- Uninstall Lucee.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Lucee\Uninstall Lucee.lnk
Target : D:\Techexcel\lucee\uninstall.exe
Version : unknown
- SQL Server 2019 Import and Export Data (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\SQL Server 2019 Import and Export Data (64-bit).lnk
Target : D:\Program Files\Microsoft SQL Server\150\DTS\Binn\DTSWizard.exe
Version : unknown
- SQL Server 2019 Configuration Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Configuration Manager.lnk
Target : C:\Windows\SysWOW64\mmc.exe
Version : 10.0.17763.7009
- SQL Server 2019 Error and Usage Reporting.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Error and Usage Reporting.lnk
Target : C:\Program Files\Microsoft SQL Server\150\Shared\SqlWtsn.exe
Version : 15.0.2000.5
- SQL Server 2019 Installation Center (64-bit).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server 2019\Configuration Tools\SQL Server 2019 Installation Center (64-bit).lnk
Target : C:\Program Files\Microsoft SQL Server\150\Setup Bootstrap\SQL2019\x64\LandingPage.exe
Version : 15.0.4420.2
- Analysis Services Deployment Wizard 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Analysis Services Deployment Wizard 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Microsoft.AnalysisServices.Deployment.exe
Version : 15.0.19714.0
- Microsoft SQL Server Management Studio 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Microsoft SQL Server Management Studio 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\IDE\Ssms.exe
Version : 2019.150.18390.0
- Database Engine Tuning Advisor 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Performance Tools\Database Engine Tuning Advisor 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\DTASHELL.EXE
Version : 15.0.18390.0
- SQL Server Profiler 18.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\Microsoft SQL Server Tools 18\Performance Tools\SQL Server Profiler 18.lnk
Target : C:\Program Files (x86)\Microsoft SQL Server Management Studio 18\Common7\PROFILER.EXE
Version : 2019.150.18390.0
- VNC Address Book.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Address Book.lnk
Target : C:\Program Files\RealVNC\VNC4\vncaddrbook.exe
Version : 4.6.1.54321
- VNC Server.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Server.lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321
- VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321
- Enter VNC Server License Key.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Enter VNC Server License Key.lnk
Target : C:\Program Files\RealVNC\VNC4\vncconfig.exe
Version : 4.6.1.54321
- Start Listening VNC Viewer.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\Start Listening VNC Viewer.lnk
Target : C:\Program Files\RealVNC\VNC4\vncviewer.exe
Version : 4.6.1.54321
- VNC Server (User Mode).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\RealVNC\Advanced\VNC Server (User Mode).lnk
Target : C:\Program Files\RealVNC\VNC4\winvnc4.exe
Version : 4.6.1.54321
- Task Manager.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Task Manager.lnk
Target : C:\Windows\system32\taskmgr.exe
Version : 10.0.17763.2989
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\README.TXT
Version : unknown
- Smart Storage Administrator.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator\Smart Storage Administrator.lnk
Target : C:\Program Files\Smart Storage Administrator\ssa\bin\ssaclient.exe
Version : 6.25.9.0
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator CLI\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssacli\README.txt
Version : unknown
- Smart Storage Administrator CLI.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator CLI\Smart Storage Administrator CLI.lnk
Target : C:\Program Files\Smart Storage Administrator\ssacli\bin\ssacli.exe
Version : 6.25.9.0
- README.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\System Tools\Smart Storage Administrator Diagnostics and SSD Wear Gauge Utility\README.lnk
Target : C:\Program Files\Smart Storage Administrator\ssaducli\README.TXT
Version : unknown
- TreeSize Free (Administrator).lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free (Administrator).lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Version : 4.4.2.514
- TreeSize Free Help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free Help.lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.chm
Version : unknown
- TreeSize Free.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\TreeSize Free\TreeSize Free.lnk
Target : C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
Version : 4.4.2.514
- User's Guide.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinMerge\User's Guide.lnk
Target : C:\Program Files\WinMerge\Docs\WinMerge.chm
Version : unknown
- WinMerge.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinMerge\WinMerge.lnk
Target : C:\Program Files\WinMerge\WinMergeU.exe
Version : 2.16.36.0
- Console RAR manual.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\Console RAR manual.lnk
Target : C:\Program Files\WinRAR\Rar.txt
Version : unknown
- What is new in the latest version.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\What is new in the latest version.lnk
Target : C:\Program Files\WinRAR\WhatsNew.txt
Version : unknown
- WinRAR help.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR help.lnk
Target : C:\Program Files\WinRAR\WinRAR.chm
Version : unknown
- WinRAR.lnk
.lnk Path : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\\WinRAR\WinRAR.lnk
Target : C:\Program Files\WinRAR\WinRAR.exe
Version : 7.1.0.0
58452 - Microsoft Windows Startup Software Enumeration
-
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/03/23, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
The following startup item was found :
Acronis Scheduler2 Service - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
AcronisTibMounterMonitor - C:\Program Files (x86)\Common Files\Acronis\TibMounter\tib_mounter_monitor.exe
MmsMonitor.exe - C:\Program Files\BackupClient\TrayMonitor\MmsMonitor.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
Veeam.EndPoint.Tray.exe - C:\Program Files\Veeam\Endpoint Backup\Veeam.EndPoint.Tray.exe -NoControlPanel -CheckNumberOfRunningAgents
38153 - Microsoft Windows Summary of Missing Patches
-
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.
Note the results of missing patches also include superseded patches.
Review the summary and apply any missing updates in order to be up to date.
Note the results of missing patches also include superseded patches.
Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information
Published: 2009/04/24, Modified: 2019/06/13
Plugin Output
tcp/445/cifs
The patches for the following bulletins or KBs are missing on the remote host :
- KB5049608 ( https://support.microsoft.com/en-us/help/5049608 )
- KB5055519 ( https://support.microsoft.com/en-us/help/5055519 )
- KB5058392 ( https://support.microsoft.com/en-us/help/5058392 )
- KB5060531 ( https://support.microsoft.com/en-us/help/5060531 )
- KB5062557 ( https://support.microsoft.com/en-us/help/5062557 )
- KB5063877 ( https://support.microsoft.com/en-us/help/5063877 )
- KB5065428 ( https://support.microsoft.com/en-us/help/5065428 )
- KB5066586 ( https://support.microsoft.com/en-us/help/5066586 )
- KB5068791 ( https://support.microsoft.com/en-us/help/5068791 )
- KB5071544 ( https://support.microsoft.com/en-us/help/5071544 )
- KB5049608 ( https://support.microsoft.com/en-us/help/5049608 )
- KB5055519 ( https://support.microsoft.com/en-us/help/5055519 )
- KB5058392 ( https://support.microsoft.com/en-us/help/5058392 )
- KB5060531 ( https://support.microsoft.com/en-us/help/5060531 )
- KB5062557 ( https://support.microsoft.com/en-us/help/5062557 )
- KB5063877 ( https://support.microsoft.com/en-us/help/5063877 )
- KB5065428 ( https://support.microsoft.com/en-us/help/5065428 )
- KB5066586 ( https://support.microsoft.com/en-us/help/5066586 )
- KB5068791 ( https://support.microsoft.com/en-us/help/5068791 )
- KB5071544 ( https://support.microsoft.com/en-us/help/5071544 )
92369 - Microsoft Windows Time Zone Information
-
Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2023/06/06
Plugin Output
tcp/0
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : India Standard Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-492
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-491
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-492
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-491
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0xFFFFFEB6
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000000000000000000000000000000
35730 - Microsoft Windows USB Device Usage Report
-
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.
Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.
See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.
Risk Factor
None
Plugin Information
Published: 2009/02/24, Modified: 2022/06/01
Plugin Output
tcp/445/cifs
The following is a list of USB devices that have been connected
to remote system at least once in the past :
Device Name : Generic- SD/MMC CRW USB Device
Last Inserted Time : Jan. 4, 2026 at 16:03:01 GMT
First used : unknown
Device Name : hp x740w USB Device
Last Inserted Time : Jun. 7, 2024 at 18:07:04 GMT
First used : unknown
Device Name : SanDisk Ultra USB Device
Last Inserted Time : Jan. 7, 2022 at 13:35:59 GMT
First used : unknown
Device Name : SanDisk Ultra USB Device
Last Inserted Time : Jan. 8, 2022 at 01:24:20 GMT
First used : unknown
Device Name : Seagate Expansion USB Device
Last Inserted Time : Oct. 6, 2023 at 14:55:24 GMT
First used : unknown
(Note that for a complete listing of 'First used' times you should
run this test with the option 'thorough_tests' enabled.)
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/80/www
Port 80/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/135/epmap
Port 135/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/139/smb
Port 139/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/445/cifs
Port 445/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/3389/msrdp
Port 3389/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/5985/www
Port 5985/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/6160/dce-rpc
Port 6160/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/6162/dce-rpc
Port 6162/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/6183/dce-rpc
Port 6183/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/6184
Port 6184/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/6190/dce-rpc
Port 6190/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/6290
Port 6290/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/11731/dce-rpc
Port 11731/tcp was found to be open
11219 - Nessus SYN scanner
-
Synopsis
It is possible to determine which TCP ports are open.
Description
This plugin is a SYN 'half-open' port scanner. It shall be reasonably quick even against a firewalled target.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Note that SYN scans are less intrusive than TCP (full connect) scans against broken services, but they might cause problems for less robust firewalls and also leave unclosed connections on the remote target, if the network is loaded.
Solution
Protect your target with an IP filter.
Risk Factor
None
Plugin Information
Published: 2009/02/04, Modified: 2025/07/14
Plugin Output
tcp/56328
Port 56328/tcp was found to be open
19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2025/10/29
Plugin Output
tcp/0
Information about this scan :
Nessus version : 10.11.1
Nessus build : 20021
Plugin feed version : 202601041845
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : Server 1
Scan policy used : Server
Scanner IP : 172.17.100.38
Port scanner(s) : nessus_syn_scanner
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : yes (at debugging level 4)
Paranoia level : 0
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '172.17.100.32\tidua' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2026/1/10 1:02 India Standard Time (UTC +05:30)
Scan duration : 7270 sec
Scan for malware : no
Nessus version : 10.11.1
Nessus build : 20021
Plugin feed version : 202601041845
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : Server 1
Scan policy used : Server
Scanner IP : 172.17.100.38
Port scanner(s) : nessus_syn_scanner
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Scan for Unpatched Vulnerabilities : yes
Plugin debugging enabled : yes (at debugging level 4)
Paranoia level : 0
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as '172.17.100.32\tidua' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : disabled
Web application tests : disabled
Max hosts : 2
Max checks : 2
Recv timeout : 5
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2026/1/10 1:02 India Standard Time (UTC +05:30)
Scan duration : 7270 sec
Scan for malware : no
43815 - NetBIOS Multiple IP Address Enumeration
-
Synopsis
The remote host is configured with multiple IP addresses.
Description
By sending a special NetBIOS query, Nessus was able to detect the use of multiple IP addresses on the remote host. This indicates the host may be running virtualization software, a VPN client, or has multiple network interfaces.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/01/06, Modified: 2011/09/02
Plugin Output
udp/137/netbios-ns
The remote host appears to be using the following IP addresses :
- 172.17.100.32
- 20.20.20.32
24272 - Network Interfaces Enumeration (WMI)
-
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2025/12/15
Plugin Output
tcp/0
+ Network Interface Information :
- Network Interface = [00000001] HPE Ethernet 1Gb 4-port 366FLR Adapter
- MAC Address = D4:F5:EF:60:46:14
- IPAddress/IPSubnet = 172.17.100.32/255.255.255.0
+ Network Interface Information :
- Network Interface = [00000002] HPE Ethernet 1Gb 4-port 366FLR Adapter
- MAC Address = D4:F5:EF:60:46:17
- IPAddress/IPSubnet = 20.20.20.32/255.255.255.0
+ Routing Information :
Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 172.17.100.10
20.20.20.0 255.255.255.0 0.0.0.0
20.20.20.32 255.255.255.255 0.0.0.0
20.20.20.255 255.255.255.255 0.0.0.0
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
172.17.100.0 255.255.255.0 0.0.0.0
172.17.100.32 255.255.255.255 0.0.0.0
172.17.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
- Network Interface = [00000001] HPE Ethernet 1Gb 4-port 366FLR Adapter
- MAC Address = D4:F5:EF:60:46:14
- IPAddress/IPSubnet = 172.17.100.32/255.255.255.0
+ Network Interface Information :
- Network Interface = [00000002] HPE Ethernet 1Gb 4-port 366FLR Adapter
- MAC Address = D4:F5:EF:60:46:17
- IPAddress/IPSubnet = 20.20.20.32/255.255.255.0
+ Routing Information :
Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 172.17.100.10
20.20.20.0 255.255.255.0 0.0.0.0
20.20.20.32 255.255.255.255 0.0.0.0
20.20.20.255 255.255.255.255 0.0.0.0
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
172.17.100.0 255.255.255.0 0.0.0.0
172.17.100.32 255.255.255.255 0.0.0.0
172.17.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
209654 - OS Fingerprints Detected
-
Synopsis
Multiple OS fingerprints were detected.
Description
Using a combination of remote probes (TCP/IP, SMB, HTTP, NTP, SNMP, etc), it was possible to gather one or more fingerprints from the remote system. While the highest-confidence result was reported in plugin 11936, “OS Identification”, the complete set of fingerprints detected are reported here.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/02/26, Modified: 2025/03/03
Plugin Output
tcp/0
Following OS Fingerprints were found
Remote operating system : Microsoft Windows Server 2019
Confidence level : 56
Method : MLSinFP
Type : unknown
Fingerprint : unknown
Remote operating system : Windows
Confidence level : 50
Method : Misc
Type : general-purpose
Fingerprint : unknown
Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 100
Method : SMB_OS
Type : general-purpose
Fingerprint : unknown
Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 75
Method : HTTP
Type : general-purpose
Fingerprint : HTTP:Server: Microsoft-IIS/10.0
Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 59
Method : SinFP
Type : general-purpose
Fingerprint : SinFP:
P1:B11113:F0x12:W65392:O0204ffff:M1460:
P2:B11113:F0x12:W65535:O0204ffff0103030801010402:M1460:
P3:B00000:F0x00:W0:O0:M0
P4:191601_7_p=6162
Following fingerprints could not be used to determine OS :
SSLcert:!:i/CN:TechE_Web_DBs/CN:TechE_Web_DB
e12cccb2e5461dc23251e30fc3683e703f73a924
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2025/06/03
Plugin Output
tcp/0
Remote operating system : Microsoft Windows Server 2019 Datacenter Build 17763
Confidence level : 100
Method : SMB_OS
The remote host is running Microsoft Windows Server 2019 Datacenter Build 17763
117887 - OS Security Patch Assessment Available
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.
Solution
n/a
Risk Factor
None
References
| XREF | IAVB:0001-B-0516 |
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output
tcp/445/cifs
OS Security Patch Assessment is available.
Account : 172.17.100.32\tidua
Protocol : SMB
Account : 172.17.100.32\tidua
Protocol : SMB
92426 - OpenSaveMRU History
-
Synopsis
Nessus was able to enumerate opened and saved files on the remote host.
Description
Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
Open / Save report attached.
66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.
Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Published: 2013/07/08, Modified: 2025/12/15
Plugin Output
tcp/0
. You need to take the following 7 actions :
+ Install the following Microsoft patches :
- KB5071544 (9 vulnerabilities)The following KBs would be covered:
KB5063877, KB5065428, KB5066586, KB5055519, KB5058392,
KB5060531, KB5068791, KB5062557, KB5053596
- KB5049608
[ 7-Zip < 25.01 (249179) ]
+ Action to take : Upgrade to 7-Zip version 25.01 or later.
+ Impact : Taking this action will resolve the following 5 different vulnerabilities :
CVE-2025-55188, CVE-2025-53817, CVE-2025-53816, CVE-2025-11002, CVE-2025-11001
[ RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088) (248462) ]
+ Action to take : Upgrade to RARLAB WinRAR version 7.13 or later.
+ Impact : Taking this action will resolve the following 3 different vulnerabilities :
CVE-2025-8088, CVE-2025-6218, CVE-2025-31334
[ Security Update for Microsoft Visual Studio Code Python Extension (July 2025) (241552) ]
+ Action to take : Update the Microsoft Visual Studio Code Python Extension to version 2025.8.1 or later.
[ Security Updates for Microsoft .NET Framework (January 2025) (214274) ]
+ Action to take : Microsoft has released security updates for Microsoft .NET Framework.
[ Veeam Agent for Microsoft Windows 6.x < 6.3.2.1205 Privilege Escalation (CVE-2025-24287) (241347) ]
+ Action to take : Upgrade to Veeam Agent for Microsoft Windows version 6.3.2.1205 or later.
122422 - RARLAB WinRAR Installed (Windows)
-
Synopsis
An archive manager is installed on the remote Windows host.
Description
RARLAB WinRaR, an archive manager, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0706 |
Plugin Information
Published: 2019/02/26, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
Path : C:\Program Files\WinRAR\WinRAR.exe
Version : 7.1.0.0
92428 - Recent File History
-
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
C:\\Users\techexcel1\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini
Recent files found in registry and appdata attached.
Recent files found in registry and appdata attached.
92429 - Recycle Bin Files
-
Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
C:\\$Recycle.Bin\\.
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$I1E33X7
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\04072023045506.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12004819_GlobalP&LStatementofNSE_FNO_06072023_062249.xlsx
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12072023034008.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12072023105824.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12072023120216.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\15072023012830.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\17052023112221.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\17052023112510.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_06062023124614.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_06062023124810.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_1800_06062023_1245287803970_124536.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\22062023_TATASTEEL_NSE_FNO_CORPORATE_ACTION_DIVIDEND.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\23052023014432.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\23052023014544.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2600D200_Other4.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\26042023065126.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\30062023121118.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\40DP37U.738347
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\44DP57U.03072023.013.OLF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\44DP57U.16122023.EOD
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\5000021_EMP0329_07072023142553.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\666110052_05062023110054.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\895_26062023_0448457497980_TECHEXCEL.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\996_26062023_04434859649780_TECHEXCEL.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\996_27062023_07055489515280_TECHEXCEL.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\BSE_20230711.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CacheClearTechBoRest.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CADETAILS_20230731
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CADETAILS_20230731 (1)
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CADETAILS_20230731 (3)
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CLIENTMASTEREXPORT_02082023113807.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CloseChrome.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\Closed_All_VCP
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ClosePostman.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CloseVsCode.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_12072023_105839.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_12072023_120221.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_17052023_112244.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_17052023_112522.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_23052023_134436.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_30062023_121124.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\EdisTransactionDetails_03072023.txt
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ExportData.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113530.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113621.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113659.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113758.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\lkpppp.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\MarginRegister_20042023_163537.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\NAVDWLD_02062023.txt
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\OpenVSCode.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_666105725_techexcel_26052023_10572614993253629627.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_886090244_1200_13032023_09024659900710.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_886104909_techexcel_26052023_10490964719063858039.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_886191109_1200_10032023_07111047451540.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\R symp04.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\StartChrome.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\TechBorest.postman_collection.json
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\WL_ACCOUNTCODE_06072023.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500\desktop.ini
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1000\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$I1E33X7
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\04072023045506.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12004819_GlobalP&LStatementofNSE_FNO_06072023_062249.xlsx
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12072023034008.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12072023105824.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\12072023120216.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\15072023012830.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\17052023112221.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\17052023112510.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_06062023124614.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_06062023124810.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2002_1800_06062023_1245287803970_124536.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\22062023_TATASTEEL_NSE_FNO_CORPORATE_ACTION_DIVIDEND.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\23052023014432.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\23052023014544.zip
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\2600D200_Other4.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\26042023065126.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\30062023121118.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\40DP37U.738347
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\44DP57U.03072023.013.OLF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\44DP57U.16122023.EOD
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\5000021_EMP0329_07072023142553.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\666110052_05062023110054.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\895_26062023_0448457497980_TECHEXCEL.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\996_26062023_04434859649780_TECHEXCEL.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\996_27062023_07055489515280_TECHEXCEL.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\BSE_20230711.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CacheClearTechBoRest.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CADETAILS_20230731
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CADETAILS_20230731 (1)
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CADETAILS_20230731 (3)
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CLIENTMASTEREXPORT_02082023113807.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CloseChrome.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\Closed_All_VCP
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ClosePostman.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\CloseVsCode.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_12072023_105839.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_12072023_120221.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_17052023_112244.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_17052023_112522.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_23052023_134436.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ContractRegister_30062023_121124.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\EdisTransactionDetails_03072023.txt
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\ExportData.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113530.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113621.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113659.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\instdata06062023113758.xls
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\lkpppp.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\MarginRegister_20042023_163537.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\NAVDWLD_02062023.txt
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\OpenVSCode.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_666105725_techexcel_26052023_10572614993253629627.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_886090244_1200_13032023_09024659900710.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_886104909_techexcel_26052023_10490964719063858039.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\PDF_886191109_1200_10032023_07111047451540.PDF
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\R symp04.csv
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\StartChrome.bat
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\TechBorest.postman_collection.json
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1001\$R1E33X7\WL_ACCOUNTCODE_06072023.pdf
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1002\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-1008\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500\.
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500\..
C:\\$Recycle.Bin\\S-1-5-21-549360554-2228062029-2355455187-500\desktop.ini
92430 - Registry Editor Last Accessed
-
Synopsis
Nessus was able to find the last key accessed by the Registry Editor when it was closed on the remote host.
Description
Nessus was able to find evidence of the last key that was opened when the Registry Editor was closed for each user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
Production
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Wintrust
techexcel
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\Wintrust
techexcel
- Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
10940 - Remote Desktop Protocol Service Detection
-
Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on the remote host).
If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.
Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Published: 2002/04/20, Modified: 2023/08/21
Plugin Output
tcp/3389/msrdp
277650 - Remote Services Not Using Post-Quantum Ciphers
-
Synopsis
Reports remote services that do not offer post-quantum ciphers.
Description
This plugin reports network services that do not offer post-quantum ciphers. Tenable makes no attempt to determine whether the remote service would be vulnerable to a post-quantum attack.
However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
However, cryptography that depends on the classic difficulty of solving the discrete logarithm problem or on the classic difficulty of large prime factorization is broken by Shor's algorithm. Examples of this are RSA asymmetric encryption and Diffie-Hellman key exchange.
See Also
| http://www.nessus.org/u?7a390f87 |
| http://www.nessus.org/u?ad7d6b3b |
| http://www.nessus.org/u?1c0c61e0 |
| http://www.nessus.org/u?5eec4b28 |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/08, Modified: 2025/12/08
Plugin Output
tcp/3389/msrdp
The target TLS server offers no post-quantum ciphers.
62042 - SMB QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/09/11, Modified: 2022/02/01
Plugin Output
tcp/0
Here is a list of quick-fix engineering updates installed on the
remote system :
KB4502496, Installed on: 2022/01/08
KB4535680, Installed on: 2022/01/08
KB4535684, Installed on: 2022/01/08
KB4535685, Installed on: 2022/01/08
KB4589208, Installed on: 2022/01/08
KB5004335
KB5005030, Installed on: 2021/08/06
KB5005112, Installed on: 2021/08/06
KB5008287, Installed on: 2022/01/08
KB5014797, Installed on: 2022/07/22
KB5015896, Installed on: 2022/07/22
KB5020374, Installed on: 2023/01/05
KB5046268, Installed on: 2024/12/21
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
-
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.
For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2025/12/15
Plugin Output
tcp/0
The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
-
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2025/12/15
Plugin Output
tcp/0
The registry service was successfully stopped after the scan.
56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2025/06/16
Plugin Output
tcp/3389/msrdp
This port supports TLSv1.0/TLSv1.1/TLSv1.2.
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output
tcp/3389/msrdp
Subject Name:
Common Name: TechE_Web_DB
Issuer Name:
Common Name: TechE_Web_DB
Serial Number: 64 18 62 4A 5E E9 B8 8B 45 37 72 EE 1D 5B B9 AD
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Oct 05 05:14:41 2025 GMT
Not Valid After: Apr 06 05:14:41 2026 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DC 30 07 60 F1 04 4F 44 ED 71 B1 11 41 90 2A 4A 88 34 53
4D 89 A2 51 73 3D 9F BF B1 33 FA 50 52 5C 3F EF F5 97 52 87
71 86 2A FB BC 41 BA A3 6B 22 01 67 46 04 12 4D 89 DC 1E DF
DD 0A E7 C4 12 78 B9 15 D3 B9 B1 C2 C1 39 D7 B7 B8 BE 9D 1C
E9 AA 28 AA D6 AF 02 2F FC 8E A3 ED 3D 34 B6 F5 82 28 BA F1
90 AD FE F0 7D C3 61 7B A6 A5 ED 00 56 91 03 78 50 40 E6 66
F5 99 F2 FC A5 D3 D5 E6 61 3D 3E E1 DE EA 4E D7 5B 87 A6 A7
25 CD 5B 4E 6A D9 85 04 52 D2 B5 5A 09 5E 50 4C A1 63 30 BD
B3 7C C9 39 90 70 2A CB EC 1F 4E 78 26 2C D7 86 CD 04 9F 61
EA A1 5C 3A 79 23 25 D7 F2 EE 83 63 BA 77 24 56 AB 76 B4 83
06 C1 42 08 52 E4 37 E2 E0 A1 82 A1 7A 79 52 39 7A 61 45 59
68 01 AB 77 A9 1D 4F 49 A2 DD D8 C0 2E 4D 55 2E 8C 0D AC DC
7B BC 3F CD 78 57 FB 16 6B 56 18 8C 07 B4 49 8A B1
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 8D 32 98 93 00 DB 5D A6 0C E0 1C 32 D1 DE F8 E3 B5 AF 00
CD C6 FD 04 4D C1 EB 8D A5 E9 87 7C CD DB F5 84 A0 F7 24 BF
38 79 72 D0 38 59 25 4F 0A 79 AF 62 D1 F3 98 4D 59 14 AE AB
01 45 2E 48 17 40 BD 6E 00 67 EE 02 A9 DE 0D 00 D0 0C 80 E4
E5 2A 42 7C 95 94 89 9B 5D F3 4F 33 6A BD 2B D4 9F 73 E0 C7
7F 15 5D 45 02 26 E6 DC EA 84 92 AC 12 D2 CE 70 DC 05 E7 05
13 D1 16 B1 16 93 B6 E3 8F 5C 81 E5 2C 52 54 DE 41 35 67 DB
AA 5B 9B B9 3F 4A 6E F1 13 D0 BE 15 2F 6C 03 82 6E 61 37 B6
9B 8A 8B 0F 7F 68 BF 25 09 0F 4B 83 36 D5 F9 74 F9 18 03 DC
25 BA AD 61 F2 6F 98 7B E4 C2 4D 0F A7 C6 19 C5 A9 39 12 D1
90 15 97 32 48 19 59 67 15 7F ED 15 56 AC B2 5E C9 23 ED A7
7F 61 36 B3 F3 22 04 7F 06 75 53 65 18 C8 F6 6F 8B BA 69 75
F2 87 73 80 39 ED A0 8C E9 81 55 62 B5 95 88 ED 9F
Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment
Fingerprints :
SHA-256 Fingerprint: EF 1D EF EB 56 1E 0A DB 2D 6F C2 3F 6E 97 2C 71 9D 6D 9E 2D
38 FD 18 48 13 29 FF 61 7B F7 18 C1
SHA-1 Fingerprint: E1 2C CC B2 E5 46 1D C2 32 51 E3 0F C3 68 3E 70 3F 73 A9 24
MD5 Fingerprint: 9F FB CB AD 9D 02 42 94 A8 A5 3B CF F0 BC 34 E3
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC9DCCAdygAwIBAgIQZBhiSl7puItFN3LuHVu5rTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDHhgAVABlAGMAaABFAF8AVwBlAGIAXwBEAEIwHhcNMjUxMDA1MDUxNDQxWhcNMjYwNDA2MDUxNDQxWjAjMSEwHwYDVQQDHhgAVABlAGMAaABFAF8AVwBlAGIAXwBEAEIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcMAdg8QRPRO1xsRFBkCpKiDRTTYmiUXM9n7+xM/pQUlw/7/WXUodxhir7vEG6o2siAWdGBBJNidwe390K58QSeLkV07mxwsE517e4vp0c6aooqtavAi/8jqPtPTS29YIouvGQrf7wfcNhe6al7QBWkQN4UEDmZvWZ8vyl09XmYT0+4d7qTtdbh6anJc1bTmrZhQRS0rVaCV5QTKFjML2zfMk5kHAqy+wfTngmLNeGzQSfYeqhXDp5IyXX8u6DY7p3JFardrSDBsFCCFLkN+LgoYKhenlSOXphRVloAat3qR1PSaLd2MAuTVUujA2s3Hu8P814V/sWa1YYjAe0SYqxAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsFAAOCAQEAjTKYkwDbXaYM4Bwy0d7447WvAM3G/QRNweuNpemHfM3b9YSg9yS/OHly0DhZJU8Kea9i0fOYTVkUrqsBRS5IF0C9bgBn7gKp3g0A0AyA5OUqQnyVlImbXfNPM2q9K9Sfc+DHfxVdRQIm5tzqhJKsEtLOcNwF5wUT0RaxFpO2449cgeUsUlTeQTVn26pbm7k/Sm7xE9C+FS9sA4JuYTe2m4qLD39ovyUJD0uDNtX5dPkYA9wluq1h8m+Ye+TCTQ+nxhnFqTkS0ZAVlzJIGVlnFX/tFVassl7JI+2nf2E2s/MiBH8GdVNlGMj2b4u6aXXyh3OAOe2gjOmBVWK1lYjtnw==
-----END CERTIFICATE-----
Common Name: TechE_Web_DB
Issuer Name:
Common Name: TechE_Web_DB
Serial Number: 64 18 62 4A 5E E9 B8 8B 45 37 72 EE 1D 5B B9 AD
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Oct 05 05:14:41 2025 GMT
Not Valid After: Apr 06 05:14:41 2026 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DC 30 07 60 F1 04 4F 44 ED 71 B1 11 41 90 2A 4A 88 34 53
4D 89 A2 51 73 3D 9F BF B1 33 FA 50 52 5C 3F EF F5 97 52 87
71 86 2A FB BC 41 BA A3 6B 22 01 67 46 04 12 4D 89 DC 1E DF
DD 0A E7 C4 12 78 B9 15 D3 B9 B1 C2 C1 39 D7 B7 B8 BE 9D 1C
E9 AA 28 AA D6 AF 02 2F FC 8E A3 ED 3D 34 B6 F5 82 28 BA F1
90 AD FE F0 7D C3 61 7B A6 A5 ED 00 56 91 03 78 50 40 E6 66
F5 99 F2 FC A5 D3 D5 E6 61 3D 3E E1 DE EA 4E D7 5B 87 A6 A7
25 CD 5B 4E 6A D9 85 04 52 D2 B5 5A 09 5E 50 4C A1 63 30 BD
B3 7C C9 39 90 70 2A CB EC 1F 4E 78 26 2C D7 86 CD 04 9F 61
EA A1 5C 3A 79 23 25 D7 F2 EE 83 63 BA 77 24 56 AB 76 B4 83
06 C1 42 08 52 E4 37 E2 E0 A1 82 A1 7A 79 52 39 7A 61 45 59
68 01 AB 77 A9 1D 4F 49 A2 DD D8 C0 2E 4D 55 2E 8C 0D AC DC
7B BC 3F CD 78 57 FB 16 6B 56 18 8C 07 B4 49 8A B1
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 8D 32 98 93 00 DB 5D A6 0C E0 1C 32 D1 DE F8 E3 B5 AF 00
CD C6 FD 04 4D C1 EB 8D A5 E9 87 7C CD DB F5 84 A0 F7 24 BF
38 79 72 D0 38 59 25 4F 0A 79 AF 62 D1 F3 98 4D 59 14 AE AB
01 45 2E 48 17 40 BD 6E 00 67 EE 02 A9 DE 0D 00 D0 0C 80 E4
E5 2A 42 7C 95 94 89 9B 5D F3 4F 33 6A BD 2B D4 9F 73 E0 C7
7F 15 5D 45 02 26 E6 DC EA 84 92 AC 12 D2 CE 70 DC 05 E7 05
13 D1 16 B1 16 93 B6 E3 8F 5C 81 E5 2C 52 54 DE 41 35 67 DB
AA 5B 9B B9 3F 4A 6E F1 13 D0 BE 15 2F 6C 03 82 6E 61 37 B6
9B 8A 8B 0F 7F 68 BF 25 09 0F 4B 83 36 D5 F9 74 F9 18 03 DC
25 BA AD 61 F2 6F 98 7B E4 C2 4D 0F A7 C6 19 C5 A9 39 12 D1
90 15 97 32 48 19 59 67 15 7F ED 15 56 AC B2 5E C9 23 ED A7
7F 61 36 B3 F3 22 04 7F 06 75 53 65 18 C8 F6 6F 8B BA 69 75
F2 87 73 80 39 ED A0 8C E9 81 55 62 B5 95 88 ED 9F
Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment
Fingerprints :
SHA-256 Fingerprint: EF 1D EF EB 56 1E 0A DB 2D 6F C2 3F 6E 97 2C 71 9D 6D 9E 2D
38 FD 18 48 13 29 FF 61 7B F7 18 C1
SHA-1 Fingerprint: E1 2C CC B2 E5 46 1D C2 32 51 E3 0F C3 68 3E 70 3F 73 A9 24
MD5 Fingerprint: 9F FB CB AD 9D 02 42 94 A8 A5 3B CF F0 BC 34 E3
PEM certificate :
-----BEGIN CERTIFICATE-----
MIIC9DCCAdygAwIBAgIQZBhiSl7puItFN3LuHVu5rTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDHhgAVABlAGMAaABFAF8AVwBlAGIAXwBEAEIwHhcNMjUxMDA1MDUxNDQxWhcNMjYwNDA2MDUxNDQxWjAjMSEwHwYDVQQDHhgAVABlAGMAaABFAF8AVwBlAGIAXwBEAEIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDcMAdg8QRPRO1xsRFBkCpKiDRTTYmiUXM9n7+xM/pQUlw/7/WXUodxhir7vEG6o2siAWdGBBJNidwe390K58QSeLkV07mxwsE517e4vp0c6aooqtavAi/8jqPtPTS29YIouvGQrf7wfcNhe6al7QBWkQN4UEDmZvWZ8vyl09XmYT0+4d7qTtdbh6anJc1bTmrZhQRS0rVaCV5QTKFjML2zfMk5kHAqy+wfTngmLNeGzQSfYeqhXDp5IyXX8u6DY7p3JFardrSDBsFCCFLkN+LgoYKhenlSOXphRVloAat3qR1PSaLd2MAuTVUujA2s3Hu8P814V/sWa1YYjAe0SYqxAgMBAAGjJDAiMBMGA1UdJQQMMAoGCCsGAQUFBwMBMAsGA1UdDwQEAwIEMDANBgkqhkiG9w0BAQsFAAOCAQEAjTKYkwDbXaYM4Bwy0d7447WvAM3G/QRNweuNpemHfM3b9YSg9yS/OHly0DhZJU8Kea9i0fOYTVkUrqsBRS5IF0C9bgBn7gKp3g0A0AyA5OUqQnyVlImbXfNPM2q9K9Sfc+DHfxVdRQIm5tzqhJKsEtLOcNwF5wUT0RaxFpO2449cgeUsUlTeQTVn26pbm7k/Sm7xE9C+FS9sA4JuYTe2m4qLD39ovyUJD0uDNtX5dPkYA9wluq1h8m+Ye+TCTQ+nxhnFqTkS0ZAVlzJIGVlnFX/tFVassl7JI+2nf2E2s/MiBH8GdVNlGMj2b4u6aXXyh3OAOe2gjOmBVWK1lYjtnw==
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
| https://www.openssl.org/docs/manmaster/man1/ciphers.html |
| http://www.nessus.org/u?cc4a822a |
| https://www.openssl.org/~bodo/tls-cbc.txt |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output
tcp/3389/msrdp
Here is the list of SSL CBC ciphers supported by the remote server :
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2024/09/11
Plugin Output
tcp/3389/msrdp
Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.
SSL Version : TLSv12
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
SSL Version : TLSv11
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
SSL Version : TLSv1
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
| https://www.openssl.org/docs/manmaster/man1/ciphers.html |
| https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange |
| https://en.wikipedia.org/wiki/Perfect_forward_secrecy |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output
tcp/3389/msrdp
Here is the list of SSL PFS ciphers supported by the remote server :
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDHE RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDHE RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256
TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305
This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output
tcp/3389/msrdp
The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
Medium Strength Ciphers (> 64-bit and < 112-bit key, or 3DES)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DES-CBC3-SHA 0x00, 0x0A RSA RSA 3DES-CBC(168) SHA1
High Strength Ciphers (>= 112-bit key)
Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
DHE-RSA-AES128-SHA256 0x00, 0x9E DHE RSA AES-GCM(128) SHA256
DHE-RSA-AES256-SHA384 0x00, 0x9F DHE RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDHE RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDHE RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDHE RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDHE RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256
The fields above are :
{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
160486 - Server Message Block (SMB) Protocol Version Detection
-
Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Plugin Information
Published: 2022/05/04, Modified: 2022/05/04
Plugin Output
tcp/445/cifs
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output
tcp/80/www
A web server is running on this port.
22964 - Service Detection
-
Synopsis
The remote service could be identified.
Description
Nessus was able to identify the remote service by its banner or by looking at the error message it sends when it receives an HTTP request.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/08/19, Modified: 2025/12/08
Plugin Output
tcp/5985/www
A web server is running on this port.
278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.
Note: Basic HTTP Authentication credentials are required to obtain the version.
Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output
tcp/80/www
URL : http://172.17.100.32/cgi-bin/meteobridge
Version : unknown
Authenticated : False
278501 - Smartbedded Meteobridge Web Detection
-
Synopsis
The web UI for Smartbedded Meteobridge was detected on the remote host.
Description
Smartbedded Meteobridge, a dedicated weather monitoring application, is running on the remote host.
Note: Basic HTTP Authentication credentials are required to obtain the version.
Note: Basic HTTP Authentication credentials are required to obtain the version.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2025/12/12, Modified: 2025/12/15
Plugin Output
tcp/5985/www
URL : http://172.17.100.32:5985/cgi-bin/meteobridge
Version : unknown
Authenticated : False
161455 - Supersedence Data Builder
-
Synopsis
Supersedence data.
Description
Collects and stores supersedence patch data for various patch types.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/24, Modified: 2025/07/14
Plugin Output
tcp/0
Supersedence patch data summary :
- MSKB : 10
Plugin debug log has been attached.
- MSKB : 10
Plugin debug log has been attached.
121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1
As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
| https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-00 |
| http://www.nessus.org/u?c8ae820d |
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
| XREF | CWE:327 |
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output
tcp/3389/msrdp
TLSv1.1 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output
tcp/3389/msrdp
TLSv1.2 is enabled and the server supports at least one cipher.
150799 - Target Access Problems by Authentication Protocol - Maximum Privilege Account Used in Scan
-
Synopsis
Nessus scanned the target host with the highest available privilege level. Yet Nessus encountered permissions issues while accessing one or more items during the scan.
Description
Nessus was able to log in to the remote host using the provided credentials. The provided credentials have the highest privilege possible on the remote host. Yet Nessus encountered permissions issues while accessing items during the scan.
It is likely that this condition is caused by one or more of the following:
1) A plugin tried to access a resource that requires a special privilege level such as NT_AUTHORITY on Windows. The resource may have had its permissions altered since the plugin was written.
2) Environmental issues may have caused an intermittent failure in authentication that caused Nessus to stop attempting privilege escalation.
3) A resource on the host that Nessus attempts to access multiple times may be configured with access limits. Related lockouts may look like permissions failures.
4) Nessus may have tried to access a resource that does not exist on a target that fails to properly report permissions issues.
For instance, on some legacy unix systems such as AIX or HP-UX there is no way to distinguish a missing resource from a permissions error.
If you believe that the plugin indicated attempted to access the wrong resource or a resource that has recently received special OS protection, please contact Tenable Support.
It is likely that this condition is caused by one or more of the following:
1) A plugin tried to access a resource that requires a special privilege level such as NT_AUTHORITY on Windows. The resource may have had its permissions altered since the plugin was written.
2) Environmental issues may have caused an intermittent failure in authentication that caused Nessus to stop attempting privilege escalation.
3) A resource on the host that Nessus attempts to access multiple times may be configured with access limits. Related lockouts may look like permissions failures.
4) Nessus may have tried to access a resource that does not exist on a target that fails to properly report permissions issues.
For instance, on some legacy unix systems such as AIX or HP-UX there is no way to distinguish a missing resource from a permissions error.
If you believe that the plugin indicated attempted to access the wrong resource or a resource that has recently received special OS protection, please contact Tenable Support.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/06, Modified: 2021/07/06
Plugin Output
tcp/445/cifs
Nessus was able to log in to the remote host via the following
protocol as tidua. During the scan Nessus encountered
the following permissions issues while performing the planned checks:
Protocol : SMB
Port : 445
Problems:
Plugin 134050: Permission was denied while opening 'TEMP\nessus_LNNMGGOR.TXT'.
Plugin 139785: Permission was denied while opening 'TEMP\nessus_B10A2C5O.TXT'.
Plugin 140578: Permission was denied while opening 'TEMP\nessus_A45FJ0AH.TXT'.
Plugin 152100: Permission was denied while opening 'TEMP\nessus_VPFLM63E.TXT'.
Plugin 155470: Permission was denied while opening 'TEMP\nessus_enumerate_oci_winBC7X1GI2.TXT'.
Plugin 156001: Permission was denied while opening 'TEMP\nessus_DCMFMU3V.TXT'.
Plugin 171956: Permission was denied while opening 'TEMP\nessus_Z554XUSL.TXT'.
Plugin 177646: Permission was denied while opening 'TEMP\nessus_azure_ad_join_3P9PO6OE.txt'.
Plugin 25197: Permission was denied while opening 'TEMP\nessus_3SL4OFQO.TXT'.
Plugin 34220: Permission was denied while opening 'TEMP\nessus_6FBCFLMT.TXT'.
Plugin 61797: Permission was denied while opening 'TEMP\nessus_RIOK2HP5.TXT'.
Plugin 70625: Permission was denied while opening 'TEMP\nessus_W52RZEHW.TXT'.
Plugin 85736: Permission was denied while opening 'TEMP\nessus_8GS7IM3W.TXT'.
Plugin 92370: Permission was denied while opening 'temp\nessus_3002AMC4.txt'.
Plugin 92371: Permission was denied while opening 'temp\nessus_OSU3OWO7.txt'.
Plugin 92372: Permission was denied while opening 'temp\nessus_3TJ7B1BB.txt'.
Plugin 92373: Permission was denied while opening 'temp\nessus_M4PJLBLC.txt'.
Note: Nessus was unable to determine the privilege of
the logged in user and therefore is reporting permissions
problems here. Please check to see whether privilege escalation
failed or whether the scan can be configured to supply more access.
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided
-
Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.
Please note the following :
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Please note the following :
- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.
- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/10/15, Modified: 2024/03/25
Plugin Output
tcp/445/cifs
Nessus was able to log in to the remote host via the following :
User: '172.17.100.32\tidua'
Port: 445
Proto: SMB
Method: password
92433 - Terminal Services History
-
Synopsis
Nessus was able to gather terminal service connection information.
Description
Nessus was able to generate a report on terminal service connections on the target system.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
Terminal Services Client
- Production
- techexcel
- techexcel
- techexcel
- techexcel
Terminal Services Server
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
Extended Terminal Services report attached.
- Production
- techexcel
- techexcel
- techexcel
- techexcel
Terminal Services Server
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582_Classes
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- Production
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- techexcel
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-21-549360554-2228062029-2355455187-500_Classes
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1001_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002_Classes
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-21-549360554-2228062029-2355455187-1002
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
- S-1-5-80-3477044410-376262199-2110164357-2030828471-4165405235_Classes
Extended Terminal Services report attached.
64814 - Terminal Services Use SSL/TLS
-
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/22, Modified: 2023/07/10
Plugin Output
tcp/3389/msrdp
Subject Name:
Common Name: TechE_Web_DB
Issuer Name:
Common Name: TechE_Web_DB
Serial Number: 64 18 62 4A 5E E9 B8 8B 45 37 72 EE 1D 5B B9 AD
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Oct 05 05:14:41 2025 GMT
Not Valid After: Apr 06 05:14:41 2026 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DC 30 07 60 F1 04 4F 44 ED 71 B1 11 41 90 2A 4A 88 34 53
4D 89 A2 51 73 3D 9F BF B1 33 FA 50 52 5C 3F EF F5 97 52 87
71 86 2A FB BC 41 BA A3 6B 22 01 67 46 04 12 4D 89 DC 1E DF
DD 0A E7 C4 12 78 B9 15 D3 B9 B1 C2 C1 39 D7 B7 B8 BE 9D 1C
E9 AA 28 AA D6 AF 02 2F FC 8E A3 ED 3D 34 B6 F5 82 28 BA F1
90 AD FE F0 7D C3 61 7B A6 A5 ED 00 56 91 03 78 50 40 E6 66
F5 99 F2 FC A5 D3 D5 E6 61 3D 3E E1 DE EA 4E D7 5B 87 A6 A7
25 CD 5B 4E 6A D9 85 04 52 D2 B5 5A 09 5E 50 4C A1 63 30 BD
B3 7C C9 39 90 70 2A CB EC 1F 4E 78 26 2C D7 86 CD 04 9F 61
EA A1 5C 3A 79 23 25 D7 F2 EE 83 63 BA 77 24 56 AB 76 B4 83
06 C1 42 08 52 E4 37 E2 E0 A1 82 A1 7A 79 52 39 7A 61 45 59
68 01 AB 77 A9 1D 4F 49 A2 DD D8 C0 2E 4D 55 2E 8C 0D AC DC
7B BC 3F CD 78 57 FB 16 6B 56 18 8C 07 B4 49 8A B1
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 8D 32 98 93 00 DB 5D A6 0C E0 1C 32 D1 DE F8 E3 B5 AF 00
CD C6 FD 04 4D C1 EB 8D A5 E9 87 7C CD DB F5 84 A0 F7 24 BF
38 79 72 D0 38 59 25 4F 0A 79 AF 62 D1 F3 98 4D 59 14 AE AB
01 45 2E 48 17 40 BD 6E 00 67 EE 02 A9 DE 0D 00 D0 0C 80 E4
E5 2A 42 7C 95 94 89 9B 5D F3 4F 33 6A BD 2B D4 9F 73 E0 C7
7F 15 5D 45 02 26 E6 DC EA 84 92 AC 12 D2 CE 70 DC 05 E7 05
13 D1 16 B1 16 93 B6 E3 8F 5C 81 E5 2C 52 54 DE 41 35 67 DB
AA 5B 9B B9 3F 4A 6E F1 13 D0 BE 15 2F 6C 03 82 6E 61 37 B6
9B 8A 8B 0F 7F 68 BF 25 09 0F 4B 83 36 D5 F9 74 F9 18 03 DC
25 BA AD 61 F2 6F 98 7B E4 C2 4D 0F A7 C6 19 C5 A9 39 12 D1
90 15 97 32 48 19 59 67 15 7F ED 15 56 AC B2 5E C9 23 ED A7
7F 61 36 B3 F3 22 04 7F 06 75 53 65 18 C8 F6 6F 8B BA 69 75
F2 87 73 80 39 ED A0 8C E9 81 55 62 B5 95 88 ED 9F
Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment
Common Name: TechE_Web_DB
Issuer Name:
Common Name: TechE_Web_DB
Serial Number: 64 18 62 4A 5E E9 B8 8B 45 37 72 EE 1D 5B B9 AD
Version: 3
Signature Algorithm: SHA-256 With RSA Encryption
Not Valid Before: Oct 05 05:14:41 2025 GMT
Not Valid After: Apr 06 05:14:41 2026 GMT
Public Key Info:
Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 DC 30 07 60 F1 04 4F 44 ED 71 B1 11 41 90 2A 4A 88 34 53
4D 89 A2 51 73 3D 9F BF B1 33 FA 50 52 5C 3F EF F5 97 52 87
71 86 2A FB BC 41 BA A3 6B 22 01 67 46 04 12 4D 89 DC 1E DF
DD 0A E7 C4 12 78 B9 15 D3 B9 B1 C2 C1 39 D7 B7 B8 BE 9D 1C
E9 AA 28 AA D6 AF 02 2F FC 8E A3 ED 3D 34 B6 F5 82 28 BA F1
90 AD FE F0 7D C3 61 7B A6 A5 ED 00 56 91 03 78 50 40 E6 66
F5 99 F2 FC A5 D3 D5 E6 61 3D 3E E1 DE EA 4E D7 5B 87 A6 A7
25 CD 5B 4E 6A D9 85 04 52 D2 B5 5A 09 5E 50 4C A1 63 30 BD
B3 7C C9 39 90 70 2A CB EC 1F 4E 78 26 2C D7 86 CD 04 9F 61
EA A1 5C 3A 79 23 25 D7 F2 EE 83 63 BA 77 24 56 AB 76 B4 83
06 C1 42 08 52 E4 37 E2 E0 A1 82 A1 7A 79 52 39 7A 61 45 59
68 01 AB 77 A9 1D 4F 49 A2 DD D8 C0 2E 4D 55 2E 8C 0D AC DC
7B BC 3F CD 78 57 FB 16 6B 56 18 8C 07 B4 49 8A B1
Exponent: 01 00 01
Signature Length: 256 bytes / 2048 bits
Signature: 00 8D 32 98 93 00 DB 5D A6 0C E0 1C 32 D1 DE F8 E3 B5 AF 00
CD C6 FD 04 4D C1 EB 8D A5 E9 87 7C CD DB F5 84 A0 F7 24 BF
38 79 72 D0 38 59 25 4F 0A 79 AF 62 D1 F3 98 4D 59 14 AE AB
01 45 2E 48 17 40 BD 6E 00 67 EE 02 A9 DE 0D 00 D0 0C 80 E4
E5 2A 42 7C 95 94 89 9B 5D F3 4F 33 6A BD 2B D4 9F 73 E0 C7
7F 15 5D 45 02 26 E6 DC EA 84 92 AC 12 D2 CE 70 DC 05 E7 05
13 D1 16 B1 16 93 B6 E3 8F 5C 81 E5 2C 52 54 DE 41 35 67 DB
AA 5B 9B B9 3F 4A 6E F1 13 D0 BE 15 2F 6C 03 82 6E 61 37 B6
9B 8A 8B 0F 7F 68 BF 25 09 0F 4B 83 36 D5 F9 74 F9 18 03 DC
25 BA AD 61 F2 6F 98 7B E4 C2 4D 0F A7 C6 19 C5 A9 39 12 D1
90 15 97 32 48 19 59 67 15 7F ED 15 56 AC B2 5E C9 23 ED A7
7F 61 36 B3 F3 22 04 7F 06 75 53 65 18 C8 F6 6F 8B BA 69 75
F2 87 73 80 39 ED A0 8C E9 81 55 62 B5 95 88 ED 9F
Extension: Extended Key Usage(2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)
Extension: Key Usage(2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment
161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)
-
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190.
Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.
Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.
See Also
| http://www.nessus.org/u?440e4ba1 |
| https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190 |
| http://www.nessus.org/u?b9345997 |
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Plugin Information
Published: 2022/05/31, Modified: 2022/07/28
Plugin Output
tcp/445/cifs
The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied.
56468 - Time of Last System Startup
-
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/10/12, Modified: 2018/06/19
Plugin Output
tcp/0
20260104213259.378439+330
10287 - Traceroute Information
-
Synopsis
It was possible to obtain traceroute information.
Description
Makes a traceroute to the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/11/27, Modified: 2023/12/04
Plugin Output
udp/0
For your information, here is the traceroute from 172.17.100.38 to 172.17.100.32 :
172.17.100.38
172.17.100.32
Hop Count: 1
172.17.100.38
172.17.100.32
Hop Count: 1
24274 - USB Drives Enumeration (WMI)
-
Synopsis
It is possible to obtain the list of USB drives on the remote host.
Description
By connecting to the remote host with the supplied credentials, it is possible to extract the list of USB drives of the remote host and the drive name attached to each.
Solution
Make sure that use of external USB drives matches your organization's security policy.
Risk Factor
None
Plugin Information
Published: 2007/02/05, Modified: 2025/12/15
Plugin Output
tcp/0
+ Generic- SD/MMC CRW USB Device
92434 - User Download Folder Files
-
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output
tcp/0
C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\LKPAdmin\Downloads\desktop.ini
C:\\Users\LKPAdmin\Downloads\mimikatz_trunk.zip
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\techapp\Downloads\desktop.ini
C:\\Users\techexcel\Downloads\020220230758428105_69406_0_0502562424226.pdf
C:\\Users\techexcel\Downloads\1.tiff
C:\\Users\techexcel\Downloads\10102023055119.zip
C:\\Users\techexcel\Downloads\1105.003
C:\\Users\techexcel\Downloads\12068293_GlobalDetailsAson31032023andFinancialYear2022-23_30032023_114819 (1).PDF
C:\\Users\techexcel\Downloads\12068293_GlobalDetailsAson31032023andFinancialYear2022-23_30032023_114819.PDF
C:\\Users\techexcel\Downloads\12068293_GlobalDetailsAson31032023andFinancialYear2022-23_30032023_114849.PDF
C:\\Users\techexcel\Downloads\15770340001410_1695282123174.txt
C:\\Users\techexcel\Downloads\15770340001410_1695282123174.txt.gz
C:\\Users\techexcel\Downloads\15770340001410_1695282229236.txt
C:\\Users\techexcel\Downloads\15770340001410_1695282229236.txt.gz
C:\\Users\techexcel\Downloads\15770340001410_20230921_1695282909384
C:\\Users\techexcel\Downloads\15770340001410_20230921_1695282909384.gz
C:\\Users\techexcel\Downloads\16049746_Other4.pdf
C:\\Users\techexcel\Downloads\18092023125215.zip
C:\\Users\techexcel\Downloads\2002_6832_24102024_06184512383130_061935.pdf
C:\\Users\techexcel\Downloads\2023&ClientCode1=fp122931&Styr=2022&UCCMerge=&KINDOFACCOUNT=&ShowMargin=false&reporttype=pdf&TransType1= (1).0j77ava.partial
C:\\Users\techexcel\Downloads\2023&ClientCode1=fp122931&Styr=2022&UCCMerge=&KINDOFACCOUNT=&ShowMargin=false&reporttype=pdf&TransType1=.0ii6i7l.partial
C:\\Users\techexcel\Downloads\2023&ClientCode1=fp122931&Styr=2022&UCCMerge=Y&KINDOFACCOUNT=&ShowMargin=false&reporttype=pdf&TransType1=.6rc2a1l.partial
C:\\Users\techexcel\Downloads\23102023\SYMPHONYClientCreation_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYClientModification_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYClient_Registration_19102023_23102023_2310202301261737638561288261.zip
C:\\Users\techexcel\Downloads\23102023\SYMPHONYDealerMapping_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVClientCreation_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYInvMFSSCLIENT_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVMODClientCreation_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVPOA_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVProductENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVSEGMENTENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYMFSSCLIENT_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYPCODEFILE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYProductENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYSEGMENTENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYZERORMSLIMIT_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\27022023064823899_3190063_0_0603930607877.pdf
C:\\Users\techexcel\Downloads\28062023\28062023032055.zip
C:\\Users\techexcel\Downloads\28062023\AAACL0963A_CE_24062023_01.csv
C:\\Users\techexcel\Downloads\28062023\AAACL0963A_CE_24062023_01.zip
C:\\Users\techexcel\Downloads\28062023\MCX\AAACL0963A_CE_24062023_01.csv
C:\\Users\techexcel\Downloads\28062023\MCX\AAACL0963A_CE_24062023_01.zip
C:\\Users\techexcel\Downloads\28062023\ProClientListMeargeinCashBalances.csv
C:\\Users\techexcel\Downloads\28062023032055.zip
C:\\Users\techexcel\Downloads\5000021_EMP0329_07072023164359.xls
C:\\Users\techexcel\Downloads\50100001063206_1689257206076.txt.gz
C:\\Users\techexcel\Downloads\63_31012023_0357051507729069624_TECHEXCEL.csv
C:\\Users\techexcel\Downloads\666130159_23042025130204.xls
C:\\Users\techexcel\Downloads\666164733_21032023164812.xls
C:\\Users\techexcel\Downloads\666203400_1987_02022023203401.xls
C:\\Users\techexcel\Downloads\7z2409-x64.exe
C:\\Users\techexcel\Downloads\9062_723_techexcel_05042023_09005413594044688812 (1).pdf
C:\\Users\techexcel\Downloads\9062_723_techexcel_05042023_09005413594044688812.pdf
C:\\Users\techexcel\Downloads\9494_723_techexcel_05042023_12333463286013347049.pdf
C:\\Users\techexcel\Downloads\9496_723_techexcel_05042023_12364524432815480507.pdf
C:\\Users\techexcel\Downloads\9505_723_techexcel_05042023_01351669425567777411.pdf
C:\\Users\techexcel\Downloads\AnnualPL_l040_2023.pdf
C:\\Users\techexcel\Downloads\AnyDesk.exe
C:\\Users\techexcel\Downloads\BoFreeze_Letter_ACCOUNTCODE_25082023.pdf
C:\\Users\techexcel\Downloads\ChromeSetup.exe
C:\\Users\techexcel\Downloads\CVS398_other1.pdf
C:\\Users\techexcel\Downloads\desktop.ini
C:\\Users\techexcel\Downloads\ho_1.csv
C:\\Users\techexcel\Downloads\LD_12000134,12000134_F_31032023_9696730003022023124344.pdf
C:\\Users\techexcel\Downloads\LD_55050238,55050238_F_31032023_5479453027022023063623.pdf
C:\\Users\techexcel\Downloads\LD_fp122931,fp122931_F_31032023_5792767001022023014246.pdf
C:\\Users\techexcel\Downloads\Margin_04032023_043435.zip
C:\\Users\techexcel\Downloads\Margin_21032024_035505.zip
C:\\Users\techexcel\Downloads\Margin_21032024_035752.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-0558-01-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-0730-02-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-0930-03-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-1100-04-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20250401-1300-04-i.zip
C:\\Users\techexcel\Downloads\PDF_666125938_1800_06062023_12593815811760.PDF
C:\\Users\techexcel\Downloads\PDF_666153006_techexcel_27022023_03300785188076874590.PDF
C:\\Users\techexcel\Downloads\PDF_666155525_5505_23062023_03552617037310.PDF
C:\\Users\techexcel\Downloads\PDF_666155744_5505_23062023_03574443243600.PDF
C:\\Users\techexcel\Downloads\PDF_666173443_5505_23062023_05344392236030.PDF
C:\\Users\techexcel\Downloads\PDF_666180352_1987_02022023_06035286602550.PDF
C:\\Users\techexcel\Downloads\PDF_666180410_1987_02022023_06041031371920.PDF
C:\\Users\techexcel\Downloads\PDF_886191854_1200_10032023_07185539426180.PDF
C:\\Users\techexcel\Downloads\PENNY PAL.csv
C:\\Users\techexcel\Downloads\SMS_FILE27042023115318.CSV
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_14032023_1403202306271218249465888383.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_14032023_1403202306292064824492566208.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYClientCreation_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYDealerMapping_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVClientCreation_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYInvMFSSCLIENT_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVPOA_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVProductENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVSEGMENTENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYMFSSCLIENT_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYPCODEFILE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYProductENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYSEGMENTENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYZERORMSLIMIT_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_17022023_2202202305132658331388230672.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYClientCreation_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYDealerMapping_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVClientCreation_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYInvMFSSCLIENT_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVPOA_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVProductENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVSEGMENTENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYMFSSCLIENT_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYPCODEFILE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYProductENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYSEGMENTENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYZERORMSLIMIT_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356.zip
C:\\Users\techexcel\Downloads\SYMPHONY_ISINHOLDING_0707202302430253194914441019.csv
C:\\Users\techexcel\Downloads\SYMPHONY_ISINHOLDING_2806202305435191905572701969.csv
C:\\Users\techexcel\Downloads\test\10102023055119.zip
C:\\Users\techexcel\Downloads\test\AAACL0963A_HS_09102023_01.csv
C:\\Users\techexcel\Downloads\test\AAACL0963A_HS_09102023_01.zip
C:\\Users\techexcel\Downloads\test\BSE\AAACL0963A_BA_09102023.zip
C:\\Users\techexcel\Downloads\test\BSE\AAACL0963A_BA_09102023_01.csv
C:\\Users\techexcel\Downloads\test\MCX\AAACL0963A_BA_09102023.csv
C:\\Users\techexcel\Downloads\test\MCX\AAACL0963A_HS_09102023_01.csv
C:\\Users\techexcel\Downloads\test\MCX\AAACL0963A_HS_09102023_01.zip
C:\\Users\techexcel\Downloads\test\MSE\AAACL0963A_BA_09102023.csv
C:\\Users\techexcel\Downloads\test\MSE\AAACL0963A_BA_09102023.zip
C:\\Users\techexcel\Downloads\test\New folder\08030000.00641
C:\\Users\techexcel\Downloads\test\New folder\08030000.00641.enc.21.zip
C:\\Users\techexcel\Downloads\test\NSE\AAACL0963A_BA_09102023.csv
C:\\Users\techexcel\Downloads\test\NSE\AAACL0963A_BA_09102023.zip
C:\\Users\techexcel\Downloads\test\ProClientListMeargeinCashBalances.csv
C:\\Users\techexcel\Downloads\Trade Summary with Exp_09082023_121708.xls
C:\\Users\techexcel\Downloads\WelComeLatters.pdf
C:\\Users\techexcel\Downloads\WinMerge-2.16.36-x64-Setup.exe
C:\\Users\techexcel\Downloads\WL_ACCOUNTCODE_25092023.pdf
C:\\Users\techexcel\Downloads\WL_ACCOUNTCODE_27092023.pdf
C:\\Users\techexcel\Downloads\xlsx_5014129_1951_17072023_02004882178920.csv
C:\\Users\techexcel\Downloads\xlsx_666155012_5505_23062023_03501352399990.xlsx
C:\\Users\techexcel\Downloads\xlsx_666155804_5505_23062023_03580586305200.xlsx
C:\\Users\techexcel\Downloads\xlsx_666173433_5505_23062023_05343348927150.xlsx
C:\\Users\techexcel\Downloads\xlsx_666183541_techexcel_29022024_06354122316298569794.xlsx
C:\\Users\techexcel\Downloads\xlsx_66629122351_techexcel_09082023_12235183118524960059.xlsx
C:\\Users\techexcel\Downloads\xls_5000021_EMP0329_07072023_04434053378640.xls
C:\\Users\techexcel\Downloads\xls_666074326_EMP0583_23042025_07432914860250.xls
C:\\Users\techexcel\Downloads\xls_666141840_1229_02022023_02184052665250.xls
C:\\Users\techexcel\Downloads\xls_666171124_2022_24072025_05112481846690.xls
C:\\Users\techexcel1\Downloads\desktop.ini
Download folder content report attached.
C:\\Users\LKPAdmin\Downloads\desktop.ini
C:\\Users\LKPAdmin\Downloads\mimikatz_trunk.zip
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\techapp\Downloads\desktop.ini
C:\\Users\techexcel\Downloads\020220230758428105_69406_0_0502562424226.pdf
C:\\Users\techexcel\Downloads\1.tiff
C:\\Users\techexcel\Downloads\10102023055119.zip
C:\\Users\techexcel\Downloads\1105.003
C:\\Users\techexcel\Downloads\12068293_GlobalDetailsAson31032023andFinancialYear2022-23_30032023_114819 (1).PDF
C:\\Users\techexcel\Downloads\12068293_GlobalDetailsAson31032023andFinancialYear2022-23_30032023_114819.PDF
C:\\Users\techexcel\Downloads\12068293_GlobalDetailsAson31032023andFinancialYear2022-23_30032023_114849.PDF
C:\\Users\techexcel\Downloads\15770340001410_1695282123174.txt
C:\\Users\techexcel\Downloads\15770340001410_1695282123174.txt.gz
C:\\Users\techexcel\Downloads\15770340001410_1695282229236.txt
C:\\Users\techexcel\Downloads\15770340001410_1695282229236.txt.gz
C:\\Users\techexcel\Downloads\15770340001410_20230921_1695282909384
C:\\Users\techexcel\Downloads\15770340001410_20230921_1695282909384.gz
C:\\Users\techexcel\Downloads\16049746_Other4.pdf
C:\\Users\techexcel\Downloads\18092023125215.zip
C:\\Users\techexcel\Downloads\2002_6832_24102024_06184512383130_061935.pdf
C:\\Users\techexcel\Downloads\2023&ClientCode1=fp122931&Styr=2022&UCCMerge=&KINDOFACCOUNT=&ShowMargin=false&reporttype=pdf&TransType1= (1).0j77ava.partial
C:\\Users\techexcel\Downloads\2023&ClientCode1=fp122931&Styr=2022&UCCMerge=&KINDOFACCOUNT=&ShowMargin=false&reporttype=pdf&TransType1=.0ii6i7l.partial
C:\\Users\techexcel\Downloads\2023&ClientCode1=fp122931&Styr=2022&UCCMerge=Y&KINDOFACCOUNT=&ShowMargin=false&reporttype=pdf&TransType1=.6rc2a1l.partial
C:\\Users\techexcel\Downloads\23102023\SYMPHONYClientCreation_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYClientModification_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYClient_Registration_19102023_23102023_2310202301261737638561288261.zip
C:\\Users\techexcel\Downloads\23102023\SYMPHONYDealerMapping_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVClientCreation_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYInvMFSSCLIENT_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVMODClientCreation_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVPOA_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVProductENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYINVSEGMENTENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYMFSSCLIENT_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYPCODEFILE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYProductENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYSEGMENTENABLE_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\23102023\SYMPHONYZERORMSLIMIT_19102023_23102023_2310202301261737638561288261.csv
C:\\Users\techexcel\Downloads\27022023064823899_3190063_0_0603930607877.pdf
C:\\Users\techexcel\Downloads\28062023\28062023032055.zip
C:\\Users\techexcel\Downloads\28062023\AAACL0963A_CE_24062023_01.csv
C:\\Users\techexcel\Downloads\28062023\AAACL0963A_CE_24062023_01.zip
C:\\Users\techexcel\Downloads\28062023\MCX\AAACL0963A_CE_24062023_01.csv
C:\\Users\techexcel\Downloads\28062023\MCX\AAACL0963A_CE_24062023_01.zip
C:\\Users\techexcel\Downloads\28062023\ProClientListMeargeinCashBalances.csv
C:\\Users\techexcel\Downloads\28062023032055.zip
C:\\Users\techexcel\Downloads\5000021_EMP0329_07072023164359.xls
C:\\Users\techexcel\Downloads\50100001063206_1689257206076.txt.gz
C:\\Users\techexcel\Downloads\63_31012023_0357051507729069624_TECHEXCEL.csv
C:\\Users\techexcel\Downloads\666130159_23042025130204.xls
C:\\Users\techexcel\Downloads\666164733_21032023164812.xls
C:\\Users\techexcel\Downloads\666203400_1987_02022023203401.xls
C:\\Users\techexcel\Downloads\7z2409-x64.exe
C:\\Users\techexcel\Downloads\9062_723_techexcel_05042023_09005413594044688812 (1).pdf
C:\\Users\techexcel\Downloads\9062_723_techexcel_05042023_09005413594044688812.pdf
C:\\Users\techexcel\Downloads\9494_723_techexcel_05042023_12333463286013347049.pdf
C:\\Users\techexcel\Downloads\9496_723_techexcel_05042023_12364524432815480507.pdf
C:\\Users\techexcel\Downloads\9505_723_techexcel_05042023_01351669425567777411.pdf
C:\\Users\techexcel\Downloads\AnnualPL_l040_2023.pdf
C:\\Users\techexcel\Downloads\AnyDesk.exe
C:\\Users\techexcel\Downloads\BoFreeze_Letter_ACCOUNTCODE_25082023.pdf
C:\\Users\techexcel\Downloads\ChromeSetup.exe
C:\\Users\techexcel\Downloads\CVS398_other1.pdf
C:\\Users\techexcel\Downloads\desktop.ini
C:\\Users\techexcel\Downloads\ho_1.csv
C:\\Users\techexcel\Downloads\LD_12000134,12000134_F_31032023_9696730003022023124344.pdf
C:\\Users\techexcel\Downloads\LD_55050238,55050238_F_31032023_5479453027022023063623.pdf
C:\\Users\techexcel\Downloads\LD_fp122931,fp122931_F_31032023_5792767001022023014246.pdf
C:\\Users\techexcel\Downloads\Margin_04032023_043435.zip
C:\\Users\techexcel\Downloads\Margin_21032024_035505.zip
C:\\Users\techexcel\Downloads\Margin_21032024_035752.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-0558-01-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-0730-02-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-0930-03-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20240611-1100-04-i.zip
C:\\Users\techexcel\Downloads\mcxrpf-20250401-1300-04-i.zip
C:\\Users\techexcel\Downloads\PDF_666125938_1800_06062023_12593815811760.PDF
C:\\Users\techexcel\Downloads\PDF_666153006_techexcel_27022023_03300785188076874590.PDF
C:\\Users\techexcel\Downloads\PDF_666155525_5505_23062023_03552617037310.PDF
C:\\Users\techexcel\Downloads\PDF_666155744_5505_23062023_03574443243600.PDF
C:\\Users\techexcel\Downloads\PDF_666173443_5505_23062023_05344392236030.PDF
C:\\Users\techexcel\Downloads\PDF_666180352_1987_02022023_06035286602550.PDF
C:\\Users\techexcel\Downloads\PDF_666180410_1987_02022023_06041031371920.PDF
C:\\Users\techexcel\Downloads\PDF_886191854_1200_10032023_07185539426180.PDF
C:\\Users\techexcel\Downloads\PENNY PAL.csv
C:\\Users\techexcel\Downloads\SMS_FILE27042023115318.CSV
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_14032023_1403202306271218249465888383.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_14032023_1403202306292064824492566208.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYClientCreation_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYDealerMapping_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVClientCreation_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYInvMFSSCLIENT_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVPOA_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVProductENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYINVSEGMENTENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYMFSSCLIENT_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYPCODEFILE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYProductENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYSEGMENTENABLE_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840\SYMPHONYZERORMSLIMIT_01011900_24022023_2402202301042039647607778840.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_01011900_24022023_2402202301042039647607778840.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_17022023_2202202305132658331388230672.zip
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYClientCreation_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYDealerMapping_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVClientCreation_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYInvMFSSCLIENT_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVPOA_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVProductENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYINVSEGMENTENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYMFSSCLIENT_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYPCODEFILE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYProductENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYSEGMENTENABLE_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356\SYMPHONYZERORMSLIMIT_16022023_22022023_2202202305145724512239425356.csv
C:\\Users\techexcel\Downloads\SYMPHONYClient_Registration_16022023_22022023_2202202305145724512239425356.zip
C:\\Users\techexcel\Downloads\SYMPHONY_ISINHOLDING_0707202302430253194914441019.csv
C:\\Users\techexcel\Downloads\SYMPHONY_ISINHOLDING_2806202305435191905572701969.csv
C:\\Users\techexcel\Downloads\test\10102023055119.zip
C:\\Users\techexcel\Downloads\test\AAACL0963A_HS_09102023_01.csv
C:\\Users\techexcel\Downloads\test\AAACL0963A_HS_09102023_01.zip
C:\\Users\techexcel\Downloads\test\BSE\AAACL0963A_BA_09102023.zip
C:\\Users\techexcel\Downloads\test\BSE\AAACL0963A_BA_09102023_01.csv
C:\\Users\techexcel\Downloads\test\MCX\AAACL0963A_BA_09102023.csv
C:\\Users\techexcel\Downloads\test\MCX\AAACL0963A_HS_09102023_01.csv
C:\\Users\techexcel\Downloads\test\MCX\AAACL0963A_HS_09102023_01.zip
C:\\Users\techexcel\Downloads\test\MSE\AAACL0963A_BA_09102023.csv
C:\\Users\techexcel\Downloads\test\MSE\AAACL0963A_BA_09102023.zip
C:\\Users\techexcel\Downloads\test\New folder\08030000.00641
C:\\Users\techexcel\Downloads\test\New folder\08030000.00641.enc.21.zip
C:\\Users\techexcel\Downloads\test\NSE\AAACL0963A_BA_09102023.csv
C:\\Users\techexcel\Downloads\test\NSE\AAACL0963A_BA_09102023.zip
C:\\Users\techexcel\Downloads\test\ProClientListMeargeinCashBalances.csv
C:\\Users\techexcel\Downloads\Trade Summary with Exp_09082023_121708.xls
C:\\Users\techexcel\Downloads\WelComeLatters.pdf
C:\\Users\techexcel\Downloads\WinMerge-2.16.36-x64-Setup.exe
C:\\Users\techexcel\Downloads\WL_ACCOUNTCODE_25092023.pdf
C:\\Users\techexcel\Downloads\WL_ACCOUNTCODE_27092023.pdf
C:\\Users\techexcel\Downloads\xlsx_5014129_1951_17072023_02004882178920.csv
C:\\Users\techexcel\Downloads\xlsx_666155012_5505_23062023_03501352399990.xlsx
C:\\Users\techexcel\Downloads\xlsx_666155804_5505_23062023_03580586305200.xlsx
C:\\Users\techexcel\Downloads\xlsx_666173433_5505_23062023_05343348927150.xlsx
C:\\Users\techexcel\Downloads\xlsx_666183541_techexcel_29022024_06354122316298569794.xlsx
C:\\Users\techexcel\Downloads\xlsx_66629122351_techexcel_09082023_12235183118524960059.xlsx
C:\\Users\techexcel\Downloads\xls_5000021_EMP0329_07072023_04434053378640.xls
C:\\Users\techexcel\Downloads\xls_666074326_EMP0583_23042025_07432914860250.xls
C:\\Users\techexcel\Downloads\xls_666141840_1229_02022023_02184052665250.xls
C:\\Users\techexcel\Downloads\xls_666171124_2022_24072025_05112481846690.xls
C:\\Users\techexcel1\Downloads\desktop.ini
Download folder content report attached.
92431 - User Shell Folders Settings
-
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :
- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output
tcp/0
Production
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads
- recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Administrator\Videos
- my music : C:\Users\Administrator\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow
- sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Administrator\Documents
- administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Administrator\AppData\Local
- my pictures : C:\Users\Administrator\Pictures
- templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Administrator\Desktop
- programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Administrator\Favorites
- appdata : C:\Users\Administrator\AppData\Roaming
techexcel
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\techexcel\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\techexcel\Downloads
- recent : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\techexcel\Videos
- my music : C:\Users\techexcel\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\techexcel\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\techexcel\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\techexcel\AppData\LocalLow
- sendto : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\techexcel\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\techexcel\Documents
- administrative tools : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\techexcel\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\techexcel\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\techexcel\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\techexcel\AppData\Local
- my pictures : C:\Users\techexcel\Pictures
- templates : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\techexcel\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\techexcel\Desktop
- programs : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\techexcel\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\techexcel\Favorites
- appdata : C:\Users\techexcel\AppData\Roaming
S-1-5-21-549360554-2228062029-2355455187-1002
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\techapp\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\techapp\Downloads
- recent : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\techapp\Videos
- my music : C:\Users\techapp\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\techapp\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\techapp\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\techapp\AppData\LocalLow
- sendto : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\techapp\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\techapp\Documents
- administrative tools : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\techapp\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\techapp\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\techapp\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\techapp\AppData\Local
- my pictures : C:\Users\techapp\Pictures
- templates : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\techapp\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\techapp\Desktop
- programs : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\techapp\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\techapp\Favorites
- appdata : C:\Users\techapp\AppData\Roaming
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator\Downloads
- recent : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Administrator\Videos
- my music : C:\Users\Administrator\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator\AppData\LocalLow
- sendto : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Administrator\Documents
- administrative tools : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Administrator\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Administrator\AppData\Local
- my pictures : C:\Users\Administrator\Pictures
- templates : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Administrator\Desktop
- programs : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\Administrator\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Administrator\Favorites
- appdata : C:\Users\Administrator\AppData\Roaming
techexcel
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\techexcel\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\techexcel\Downloads
- recent : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\techexcel\Videos
- my music : C:\Users\techexcel\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\techexcel\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\techexcel\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\techexcel\AppData\LocalLow
- sendto : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\techexcel\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\techexcel\Documents
- administrative tools : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\techexcel\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\techexcel\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\techexcel\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\techexcel\AppData\Local
- my pictures : C:\Users\techexcel\Pictures
- templates : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\techexcel\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\techexcel\Desktop
- programs : C:\Users\techexcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\techexcel\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\techexcel\Favorites
- appdata : C:\Users\techexcel\AppData\Roaming
S-1-5-21-549360554-2228062029-2355455187-1002
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\techapp\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\techapp\Downloads
- recent : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\techapp\Videos
- my music : C:\Users\techapp\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\techapp\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\techapp\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\techapp\AppData\LocalLow
- sendto : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\techapp\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\techapp\Documents
- administrative tools : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\techapp\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\techapp\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\techapp\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\techapp\AppData\Local
- my pictures : C:\Users\techapp\Pictures
- templates : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\techapp\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\techapp\Desktop
- programs : C:\Users\techapp\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\Windows\Fonts
- cd burning : C:\Users\techapp\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\techapp\Favorites
- appdata : C:\Users\techapp\AppData\Roaming
92435 - UserAssist Execution History
-
Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/11/12
Plugin Output
tcp/0
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
d:\df7982946dae70a49032a3d3d272d335\x64\scenarioengine.exe
ueme_ctlsession
c:\users\techexcel\downloads\anydesk.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
f:\69d120264054d06bf4a0\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
f:\4422a1287b505c9d68e4c5dbd0\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
f:\backup\sqlserver2019-kb5033688-x64_a781728ac862e8cd97c508314f3ea4886b70bd84.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
d:\techexcel setup\wkhtmltox-0.11.0_rc1-installer.exe
d:\lkpsoft\ssms-setup-enu.exe
thingamahoochie.winmerge
d:\techexcel setup\accessdatabaseengine_x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\lucee\lucee-tomcat service control.lnk
d:\techexcel service restart\service restart.bat
f:\lkpsoft\sqlserver2019-kb5049235-x64_a17df28b9f89ec829ef865add26d75b4958ec802.exe
d:\techexcel setup\done\visual sudio code\vscodeusersetup-x64-1.41.1.exe
h:\bcdd9735be9b61f6eda5b4e5a9\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
f:\techexcel setup\iiscryptowithtls1.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2019\configuration tools\sql server 2019 configuration manager.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gumd01f.tmp\googleupdate.exe
h:\0dbf04e73d8f4ea09c1d565f9175\x64\scenarioengine.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\windows defender firewall with advanced security.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
f:\lkpsoft\sqlserver2019-kb5049296-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\performance tools\sql server profiler 18.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
microsoft.windows.explorer
ueme_ctlcuacount:ctor
microsoft.windows.photoviewer
f:\techexcel setup\liverisk setup\smsniff-x64\smsniff.exe
c:\users\techexcel\desktop\test\closevscode.bat
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft sql server management studio 18.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\notepad++\notepad++.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\profiler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\visual studio code\visual studio code.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum880a.tmp\googleupdate.exe
microsoft.windows.controlpanel
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
d:\techexcel setup\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\techexcel\desktop\test\openvscode.bat
d:\techexcel setup\liverisk setup\lucee-5.3.8.201-pl0-windows-installer.exe
c:\users\techexcel\desktop\chromestandalonesetup64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
c:\users\techexcel\desktop\visual studio code.lnk
d:\techexcel setup\accessdatabaseengine_x64_2016.exe
d:\techexcel setup\npp.6.9.installer.exe
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
chrome.devtoolsapp
c:\users\techexcel\appdata\local\temp\3\npp.8.5.6.installer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\dtashell.exe
d:\techexcel\lucee\tomcat\bin\luceew.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\jam software\treesize free\treesizefree.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zfm.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\ide\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
microsoft.visualstudiocode
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
c:\users\techexcel\desktop\test\startchrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\sessionmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\7-zip\7-zip file manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
d:\a2e360206790007af141a3\x64\scenarioengine.exe
microsoft.windows.remotedesktop
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sqlserver2019-kb5007182-x64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.tray.exe
f:\techexcel setup\7z2409-x64.exe
prokzult ad
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
d:\techexcel setup\treesizefreesetup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
c:\users\techexcel\appdata\local\temp\~nsu.tmp\au_.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
c:\users\techexcel\desktop\test\closechrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
d:\techexcel\lucee\tomcat\webapps\root\liverisk\7za.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
f:\sqlpatch_prerequisite\sql_patch_cu26\sqlserver2019-kb5035123-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\conhost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
h:\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
microsoft.autogenerated.{a16c4efe-38da-ef82-3713-fad638cfb297}
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\techexcel\appdata\local\temp\3\npp.8.4.8.installer.exe
d:\techexcel setup\7z1900-x64.exe
c:\users\techexcel\downloads\7z2409-x64.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\realvnc\vnc4\vncviewer.exe
microsoft.autogenerated.{21a0406e-7390-4dba-8e06-a6804c6dd1c9}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\advanced\vnc server (user mode).lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\google chrome.lnk
d:\lkpsoft\veeamagentwindows_6.1.0.349\veeamagentwindows_6.1.0.349.exe
d:\df7982946dae70a49032a3d3d272d335\x64\scenarioengine.exe
c:\users\administrator\desktop\ssms.lnk
ueme_ctlsession
c:\users\techexcel\downloads\anydesk.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
microsoft.windows.sechealthui_cw5n1h2txyewy!sechealthui
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
f:\69d120264054d06bf4a0\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
f:\4422a1287b505c9d68e4c5dbd0\x64\scenarioengine.exe
c:\users\administrator\appdata\local\temp\~nsu1.tmp\un.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
f:\backup\sqlserver2019-kb5033688-x64_a781728ac862e8cd97c508314f3ea4886b70bd84.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\microsoft sql server management studio 18.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.recoverymedia.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
c:\users\administrator\appdata\local\temp\b459712a-18fd-4c14-8e4d-e743fe1dc949\cyber_cloud_uninstaller_enterprise.exe
d:\techexcel setup\wkhtmltox-0.11.0_rc1-installer.exe
d:\lkpsoft\ssms-setup-enu.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\pnputil.exe
thingamahoochie.winmerge
d:\techexcel setup\accessdatabaseengine_x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
\\192.168.10.234\soft\real vnc 4.6.1 enterprise edition\vnc-e4_6_1-x86_x64_win32.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk
microsoft.autogenerated.{03dbc9de-d77b-8213-8542-ad4a82e046e5}
f:\lkpsoft\winrar-x64-701.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\compmgmt.msc
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\lucee\lucee-tomcat service control.lnk
d:\techexcel service restart\service restart.bat
f:\lkpsoft\sqlserver2019-kb5049235-x64_a17df28b9f89ec829ef865add26d75b4958ec802.exe
d:\techexcel setup\done\visual sudio code\vscodeusersetup-x64-1.41.1.exe
h:\bcdd9735be9b61f6eda5b4e5a9\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
microsoft.autogenerated.{5b29b9ae-8060-1960-9833-2f50c0175c01}
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
f:\techexcel setup\iiscryptowithtls1.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hpe system tools\hp lights-out online configuration utility\hp lights-out online configuration utility.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2019\configuration tools\sql server 2019 configuration manager.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gumd01f.tmp\googleupdate.exe
h:\0dbf04e73d8f4ea09c1d565f9175\x64\scenarioengine.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
microsoft.windows.administrativetools
d:\kesav+netagent_13.2.0.1511_11.11.0.452\installer.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\security configuration management.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shrpubw.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\windows defender firewall with advanced security.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
f:\lkpsoft\sqlserver2019-kb5049296-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\performance tools\sql server profiler 18.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
microsoft.windows.explorer
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
microsoft.windows.photoviewer
f:\techexcel setup\liverisk setup\smsniff-x64\smsniff.exe
microsoft.autogenerated.{40815e86-5702-c2c8-a620-1ed06b4da7ee}
c:\users\techexcel\desktop\test\closevscode.bat
c:\users\administrator\desktop\kes agent mover.bat
d:\lkpsoft\ppinventory\ppinfo.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft sql server management studio 18.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\notepad++\notepad++.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
\\192.168.10.234\soft\winrar-x64-590.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dcomcnfg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\profiler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\azure data studio\azure data studio.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\visual studio code\visual studio code.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum880a.tmp\googleupdate.exe
d:\lkpsoft\sanernow_lkp_window_cm_windows_x86_6.3\sanernow_windows_x86_6.3.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\credentialuibroker.exe
microsoft.windows.controlpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\treesize free\treesize free.lnk
microsoft.autogenerated.{bd3f924e-55fb-a1ba-9de6-b50f9f2460ac}
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
d:\techexcel setup\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\techexcel\desktop\test\openvscode.bat
d:\techexcel setup\liverisk setup\lucee-5.3.8.201-pl0-windows-installer.exe
c:\users\techexcel\desktop\chromestandalonesetup64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\sut\bin\sut.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
c:\users\techexcel\desktop\visual studio code.lnk
d:\techexcel setup\accessdatabaseengine_x64_2016.exe
d:\techexcel setup\npp.6.9.installer.exe
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
chrome.devtoolsapp
c:\users\administrator\appdata\local\temp\fcbea475-1c96-438a-9c84-5332c7cc4ac1\cyber_cloud_uninstaller_enterprise.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesremote.exe
c:\users\techexcel\appdata\local\temp\3\npp.8.5.6.installer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\dtashell.exe
d:\techexcel\lucee\tomcat\bin\luceew.exe
d:\launch_sum.bat
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\jam software\treesize free\treesizefree.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zfm.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\ide\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
microsoft.visualstudiocode
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
microsoft.windows.computer
{6d809377-6af0-444b-8957-a3773f02200e}\realvnc\vnc4\vncconfig.exe
c:\users\techexcel\desktop\test\startchrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\sessionmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\7-zip\7-zip file manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
d:\a2e360206790007af141a3\x64\scenarioengine.exe
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wuauclt.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\advanced\start listening vnc viewer.lnk
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sqlserver2019-kb5007182-x64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.tray.exe
microsoft.azuredatastudio
f:\techexcel setup\7z2409-x64.exe
d:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
prokzult ad
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
d:\techexcel setup\treesizefreesetup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
c:\users\techexcel\appdata\local\temp\~nsu.tmp\au_.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
c:\users\techexcel\desktop\test\closechrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
d:\techexcel\lucee\tomcat\webapps\root\liverisk\7za.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
f:\sqlpatch_prerequisite\sql_patch_cu26\sqlserver2019-kb5035123-x64.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\vnc viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\conhost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wusa.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
h:\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\networkagent\klshwmsg.exe
microsoft.autogenerated.{a16c4efe-38da-ef82-3713-fad638cfb297}
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe
{6d809377-6af0-444b-8957-a3773f02200e}\hewlett packard enterprise\hponcfg\hponcfg_gui.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
f:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\csrss.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\techexcel\appdata\local\temp\3\npp.8.4.8.installer.exe
d:\techexcel setup\7z1900-x64.exe
c:\users\techexcel\downloads\7z2409-x64.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
d:\df7982946dae70a49032a3d3d272d335\x64\scenarioengine.exe
ueme_ctlsession
c:\users\techexcel\downloads\anydesk.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
f:\69d120264054d06bf4a0\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
f:\4422a1287b505c9d68e4c5dbd0\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
f:\backup\sqlserver2019-kb5033688-x64_a781728ac862e8cd97c508314f3ea4886b70bd84.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
d:\techexcel setup\wkhtmltox-0.11.0_rc1-installer.exe
d:\lkpsoft\ssms-setup-enu.exe
thingamahoochie.winmerge
d:\techexcel setup\accessdatabaseengine_x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\lucee\lucee-tomcat service control.lnk
d:\techexcel service restart\service restart.bat
f:\lkpsoft\sqlserver2019-kb5049235-x64_a17df28b9f89ec829ef865add26d75b4958ec802.exe
d:\techexcel setup\done\visual sudio code\vscodeusersetup-x64-1.41.1.exe
h:\bcdd9735be9b61f6eda5b4e5a9\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
f:\techexcel setup\iiscryptowithtls1.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2019\configuration tools\sql server 2019 configuration manager.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gumd01f.tmp\googleupdate.exe
h:\0dbf04e73d8f4ea09c1d565f9175\x64\scenarioengine.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\windows defender firewall with advanced security.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
f:\lkpsoft\sqlserver2019-kb5049296-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\performance tools\sql server profiler 18.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
microsoft.windows.explorer
ueme_ctlcuacount:ctor
microsoft.windows.photoviewer
f:\techexcel setup\liverisk setup\smsniff-x64\smsniff.exe
c:\users\techexcel\desktop\test\closevscode.bat
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft sql server management studio 18.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\notepad++\notepad++.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\profiler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\visual studio code\visual studio code.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum880a.tmp\googleupdate.exe
microsoft.windows.controlpanel
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
d:\techexcel setup\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\techexcel\desktop\test\openvscode.bat
d:\techexcel setup\liverisk setup\lucee-5.3.8.201-pl0-windows-installer.exe
c:\users\techexcel\desktop\chromestandalonesetup64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
c:\users\techexcel\desktop\visual studio code.lnk
d:\techexcel setup\accessdatabaseengine_x64_2016.exe
d:\techexcel setup\npp.6.9.installer.exe
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
chrome.devtoolsapp
c:\users\techexcel\appdata\local\temp\3\npp.8.5.6.installer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\dtashell.exe
d:\techexcel\lucee\tomcat\bin\luceew.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\jam software\treesize free\treesizefree.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zfm.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\ide\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
microsoft.visualstudiocode
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
c:\users\techexcel\desktop\test\startchrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\sessionmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\7-zip\7-zip file manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
d:\a2e360206790007af141a3\x64\scenarioengine.exe
microsoft.windows.remotedesktop
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sqlserver2019-kb5007182-x64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.tray.exe
f:\techexcel setup\7z2409-x64.exe
prokzult ad
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
d:\techexcel setup\treesizefreesetup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
c:\users\techexcel\appdata\local\temp\~nsu.tmp\au_.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
c:\users\techexcel\desktop\test\closechrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
d:\techexcel\lucee\tomcat\webapps\root\liverisk\7za.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
f:\sqlpatch_prerequisite\sql_patch_cu26\sqlserver2019-kb5035123-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\conhost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
h:\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
microsoft.autogenerated.{a16c4efe-38da-ef82-3713-fad638cfb297}
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\techexcel\appdata\local\temp\3\npp.8.4.8.installer.exe
d:\techexcel setup\7z1900-x64.exe
c:\users\techexcel\downloads\7z2409-x64.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
Extended userassist report attached.
d:\df7982946dae70a49032a3d3d272d335\x64\scenarioengine.exe
ueme_ctlsession
c:\users\techexcel\downloads\anydesk.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
f:\69d120264054d06bf4a0\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
f:\4422a1287b505c9d68e4c5dbd0\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
f:\backup\sqlserver2019-kb5033688-x64_a781728ac862e8cd97c508314f3ea4886b70bd84.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
d:\techexcel setup\wkhtmltox-0.11.0_rc1-installer.exe
d:\lkpsoft\ssms-setup-enu.exe
thingamahoochie.winmerge
d:\techexcel setup\accessdatabaseengine_x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\lucee\lucee-tomcat service control.lnk
d:\techexcel service restart\service restart.bat
f:\lkpsoft\sqlserver2019-kb5049235-x64_a17df28b9f89ec829ef865add26d75b4958ec802.exe
d:\techexcel setup\done\visual sudio code\vscodeusersetup-x64-1.41.1.exe
h:\bcdd9735be9b61f6eda5b4e5a9\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
f:\techexcel setup\iiscryptowithtls1.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2019\configuration tools\sql server 2019 configuration manager.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gumd01f.tmp\googleupdate.exe
h:\0dbf04e73d8f4ea09c1d565f9175\x64\scenarioengine.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\windows defender firewall with advanced security.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
f:\lkpsoft\sqlserver2019-kb5049296-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\performance tools\sql server profiler 18.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
microsoft.windows.explorer
ueme_ctlcuacount:ctor
microsoft.windows.photoviewer
f:\techexcel setup\liverisk setup\smsniff-x64\smsniff.exe
c:\users\techexcel\desktop\test\closevscode.bat
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft sql server management studio 18.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\notepad++\notepad++.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\profiler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\visual studio code\visual studio code.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum880a.tmp\googleupdate.exe
microsoft.windows.controlpanel
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
d:\techexcel setup\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\techexcel\desktop\test\openvscode.bat
d:\techexcel setup\liverisk setup\lucee-5.3.8.201-pl0-windows-installer.exe
c:\users\techexcel\desktop\chromestandalonesetup64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
c:\users\techexcel\desktop\visual studio code.lnk
d:\techexcel setup\accessdatabaseengine_x64_2016.exe
d:\techexcel setup\npp.6.9.installer.exe
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
chrome.devtoolsapp
c:\users\techexcel\appdata\local\temp\3\npp.8.5.6.installer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\dtashell.exe
d:\techexcel\lucee\tomcat\bin\luceew.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\jam software\treesize free\treesizefree.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zfm.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\ide\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
microsoft.visualstudiocode
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
c:\users\techexcel\desktop\test\startchrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\sessionmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\7-zip\7-zip file manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
d:\a2e360206790007af141a3\x64\scenarioengine.exe
microsoft.windows.remotedesktop
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sqlserver2019-kb5007182-x64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.tray.exe
f:\techexcel setup\7z2409-x64.exe
prokzult ad
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
d:\techexcel setup\treesizefreesetup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
c:\users\techexcel\appdata\local\temp\~nsu.tmp\au_.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
c:\users\techexcel\desktop\test\closechrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
d:\techexcel\lucee\tomcat\webapps\root\liverisk\7za.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
f:\sqlpatch_prerequisite\sql_patch_cu26\sqlserver2019-kb5035123-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\conhost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
h:\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
microsoft.autogenerated.{a16c4efe-38da-ef82-3713-fad638cfb297}
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\techexcel\appdata\local\temp\3\npp.8.4.8.installer.exe
d:\techexcel setup\7z1900-x64.exe
c:\users\techexcel\downloads\7z2409-x64.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\realvnc\vnc4\vncviewer.exe
microsoft.autogenerated.{21a0406e-7390-4dba-8e06-a6804c6dd1c9}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\advanced\vnc server (user mode).lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\google chrome.lnk
d:\lkpsoft\veeamagentwindows_6.1.0.349\veeamagentwindows_6.1.0.349.exe
d:\df7982946dae70a49032a3d3d272d335\x64\scenarioengine.exe
c:\users\administrator\desktop\ssms.lnk
ueme_ctlsession
c:\users\techexcel\downloads\anydesk.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
microsoft.windows.sechealthui_cw5n1h2txyewy!sechealthui
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
f:\69d120264054d06bf4a0\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
f:\4422a1287b505c9d68e4c5dbd0\x64\scenarioengine.exe
c:\users\administrator\appdata\local\temp\~nsu1.tmp\un.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
f:\backup\sqlserver2019-kb5033688-x64_a781728ac862e8cd97c508314f3ea4886b70bd84.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\microsoft sql server management studio 18.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.recoverymedia.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
c:\users\administrator\appdata\local\temp\b459712a-18fd-4c14-8e4d-e743fe1dc949\cyber_cloud_uninstaller_enterprise.exe
d:\techexcel setup\wkhtmltox-0.11.0_rc1-installer.exe
d:\lkpsoft\ssms-setup-enu.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\pnputil.exe
thingamahoochie.winmerge
d:\techexcel setup\accessdatabaseengine_x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
\\192.168.10.234\soft\real vnc 4.6.1 enterprise edition\vnc-e4_6_1-x86_x64_win32.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk
microsoft.autogenerated.{03dbc9de-d77b-8213-8542-ad4a82e046e5}
f:\lkpsoft\winrar-x64-701.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\compmgmt.msc
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\lucee\lucee-tomcat service control.lnk
d:\techexcel service restart\service restart.bat
f:\lkpsoft\sqlserver2019-kb5049235-x64_a17df28b9f89ec829ef865add26d75b4958ec802.exe
d:\techexcel setup\done\visual sudio code\vscodeusersetup-x64-1.41.1.exe
h:\bcdd9735be9b61f6eda5b4e5a9\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
microsoft.autogenerated.{5b29b9ae-8060-1960-9833-2f50c0175c01}
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
f:\techexcel setup\iiscryptowithtls1.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hpe system tools\hp lights-out online configuration utility\hp lights-out online configuration utility.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2019\configuration tools\sql server 2019 configuration manager.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gumd01f.tmp\googleupdate.exe
h:\0dbf04e73d8f4ea09c1d565f9175\x64\scenarioengine.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
microsoft.windows.administrativetools
d:\kesav+netagent_13.2.0.1511_11.11.0.452\installer.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\security configuration management.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shrpubw.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\windows defender firewall with advanced security.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
f:\lkpsoft\sqlserver2019-kb5049296-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\performance tools\sql server profiler 18.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
microsoft.windows.explorer
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
microsoft.windows.photoviewer
f:\techexcel setup\liverisk setup\smsniff-x64\smsniff.exe
microsoft.autogenerated.{40815e86-5702-c2c8-a620-1ed06b4da7ee}
c:\users\techexcel\desktop\test\closevscode.bat
c:\users\administrator\desktop\kes agent mover.bat
d:\lkpsoft\ppinventory\ppinfo.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft sql server management studio 18.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\notepad++\notepad++.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
\\192.168.10.234\soft\winrar-x64-590.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\dcomcnfg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\profiler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\azure data studio\azure data studio.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\visual studio code\visual studio code.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum880a.tmp\googleupdate.exe
d:\lkpsoft\sanernow_lkp_window_cm_windows_x86_6.3\sanernow_windows_x86_6.3.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\credentialuibroker.exe
microsoft.windows.controlpanel
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\treesize free\treesize free.lnk
microsoft.autogenerated.{bd3f924e-55fb-a1ba-9de6-b50f9f2460ac}
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
d:\techexcel setup\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\techexcel\desktop\test\openvscode.bat
d:\techexcel setup\liverisk setup\lucee-5.3.8.201-pl0-windows-installer.exe
c:\users\techexcel\desktop\chromestandalonesetup64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\sut\bin\sut.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
c:\users\techexcel\desktop\visual studio code.lnk
d:\techexcel setup\accessdatabaseengine_x64_2016.exe
d:\techexcel setup\npp.6.9.installer.exe
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
chrome.devtoolsapp
c:\users\administrator\appdata\local\temp\fcbea475-1c96-438a-9c84-5332c7cc4ac1\cyber_cloud_uninstaller_enterprise.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesremote.exe
c:\users\techexcel\appdata\local\temp\3\npp.8.5.6.installer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\dtashell.exe
d:\techexcel\lucee\tomcat\bin\luceew.exe
d:\launch_sum.bat
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\jam software\treesize free\treesizefree.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zfm.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\ide\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
microsoft.visualstudiocode
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
microsoft.windows.computer
{6d809377-6af0-444b-8957-a3773f02200e}\realvnc\vnc4\vncconfig.exe
c:\users\techexcel\desktop\test\startchrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\sessionmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\7-zip\7-zip file manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
d:\a2e360206790007af141a3\x64\scenarioengine.exe
microsoft.windows.remotedesktop
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wuauclt.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\advanced\start listening vnc viewer.lnk
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sqlserver2019-kb5007182-x64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.tray.exe
microsoft.azuredatastudio
f:\techexcel setup\7z2409-x64.exe
d:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
prokzult ad
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
d:\techexcel setup\treesizefreesetup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
c:\users\techexcel\appdata\local\temp\~nsu.tmp\au_.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
c:\users\techexcel\desktop\test\closechrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
d:\techexcel\lucee\tomcat\webapps\root\liverisk\7za.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
f:\sqlpatch_prerequisite\sql_patch_cu26\sqlserver2019-kb5035123-x64.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\realvnc\vnc viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\conhost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wusa.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
h:\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\kaspersky lab\networkagent\klshwmsg.exe
microsoft.autogenerated.{a16c4efe-38da-ef82-3713-fad638cfb297}
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe
{6d809377-6af0-444b-8957-a3773f02200e}\hewlett packard enterprise\hponcfg\hponcfg_gui.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
f:\lkpsoft\acroniscyberprotect_agentforwindows_web.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\csrss.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\techexcel\appdata\local\temp\3\npp.8.4.8.installer.exe
d:\techexcel setup\7z1900-x64.exe
c:\users\techexcel\downloads\7z2409-x64.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\calculator.lnk
d:\df7982946dae70a49032a3d3d272d335\x64\scenarioengine.exe
ueme_ctlsession
c:\users\techexcel\downloads\anydesk.exe
f:\x64\landingpage.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\snippingtool.exe
f:\setup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\rundll32.exe
f:\69d120264054d06bf4a0\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
f:\4422a1287b505c9d68e4c5dbd0\x64\scenarioengine.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
f:\x64\scenarioengine.exe
kasperskylab.kis.ui.toasts
f:\backup\sqlserver2019-kb5033688-x64_a781728ac862e8cd97c508314f3ea4886b70bd84.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
microsoft.internetexplorer.default
d:\techexcel setup\wkhtmltox-0.11.0_rc1-installer.exe
d:\lkpsoft\ssms-setup-enu.exe
thingamahoochie.winmerge
d:\techexcel setup\accessdatabaseengine_x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mmc.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\lucee\lucee-tomcat service control.lnk
d:\techexcel service restart\service restart.bat
f:\lkpsoft\sqlserver2019-kb5049235-x64_a17df28b9f89ec829ef865add26d75b4958ec802.exe
d:\techexcel setup\done\visual sudio code\vscodeusersetup-x64-1.41.1.exe
h:\bcdd9735be9b61f6eda5b4e5a9\x64\scenarioengine.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\task scheduler.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\smart storage administrator\smart storage administrator.lnk
{d65231b0-b2f1-4857-a4ce-a8e7c6ea7d27}\cmd.exe
f:\techexcel setup\iiscryptowithtls1.3.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server 2019\configuration tools\sql server 2019 configuration manager.lnk
microsoft.autogenerated.{923dd477-5846-686b-a659-0fccd73851a8}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\temp\gumd01f.tmp\googleupdate.exe
h:\0dbf04e73d8f4ea09c1d565f9175\x64\scenarioengine.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\updater\gup.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\windows defender firewall with advanced security.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\paint.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\shutdown.exe
f:\lkpsoft\sqlserver2019-kb5049296-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 18\performance tools\sql server profiler 18.lnk
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\internet explorer.lnk
microsoft.windows.explorer
ueme_ctlcuacount:ctor
microsoft.windows.photoviewer
f:\techexcel setup\liverisk setup\smsniff-x64\smsniff.exe
c:\users\techexcel\desktop\test\closevscode.bat
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft sql server management studio 18.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\notepad++\notepad++.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\notepad++\notepad++.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft\azureattestservice\azureattestserviceinstaller.exe
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\iis manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\profiler.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\regedit.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\visual studio code\visual studio code.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\gum880a.tmp\googleupdate.exe
microsoft.windows.controlpanel
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
d:\techexcel setup\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\winrar\winrar.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\unlodctr.exe
c:\users\techexcel\desktop\test\openvscode.bat
d:\techexcel setup\liverisk setup\lucee-5.3.8.201-pl0-windows-installer.exe
c:\users\techexcel\desktop\chromestandalonesetup64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\win32calc.exe
c:\users\techexcel\desktop\visual studio code.lnk
d:\techexcel setup\accessdatabaseengine_x64_2016.exe
d:\techexcel setup\npp.6.9.installer.exe
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\computer management.lnk
microsoft.autogenerated.{bb044bfd-25b7-2faa-22a8-6371a93e0456}
chrome.devtoolsapp
c:\users\techexcel\appdata\local\temp\3\npp.8.5.6.installer.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\administrative tools.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\file explorer.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\dtashell.exe
d:\techexcel\lucee\tomcat\bin\luceew.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\jam software\treesize free\treesizefree.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zfm.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 18\common7\ide\ssms.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\mspaint.exe
microsoft.visualstudiocode
microsoft.autogenerated.{c804bba7-fa5f-cbf7-8b55-2096e5f972cb}
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
c:\users\techexcel\desktop\test\startchrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\event viewer.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\sessionmsg.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\7-zip\7-zip file manager.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
d:\a2e360206790007af141a3\x64\scenarioengine.exe
microsoft.windows.remotedesktop
microsoft.windows.cortana_cw5n1h2txyewy!cortanaui
d:\lkpsoft\sqlserver2019-kb5007182-x64.exe
{6d809377-6af0-444b-8957-a3773f02200e}\veeam\endpoint backup\veeam.endpoint.tray.exe
f:\techexcel setup\7z2409-x64.exe
prokzult ad
c:\users\public\desktop\google chrome.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\server manager.lnk
microsoft.autogenerated.{8abd94fb-e7d6-84a6-a997-c918edde0ae5}
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\google\update\googleupdate.exe
microsoft.windows.shell.rundialog
{6d809377-6af0-444b-8957-a3773f02200e}\smart storage administrator\ssa\bin\ssaclient.exe
d:\techexcel setup\treesizefreesetup.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\lodctr.exe
c:\users\techexcel\appdata\local\temp\~nsu.tmp\au_.exe
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
c:\users\techexcel\desktop\test\closechrome.bat
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\snipping tool.lnk
d:\techexcel\lucee\tomcat\webapps\root\liverisk\7za.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
f:\sqlpatch_prerequisite\sql_patch_cu26\sqlserver2019-kb5035123-x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\conhost.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\servermanager.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wf.msc
h:\as-ssd-benchmark2.0.7316\as ssd benchmark.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\inetsrv\inetmgr.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\ping.exe
microsoft.autogenerated.{a16c4efe-38da-ef82-3713-fad638cfb297}
{6d809377-6af0-444b-8957-a3773f02200e}\7-zip\7zg.exe
microsoft.autogenerated.{c1c6f8ac-40a3-0f5c-146f-65a9dc70bbb4}
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\openwith.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\techexcel\appdata\local\temp\3\npp.8.4.8.installer.exe
d:\techexcel setup\7z1900-x64.exe
c:\users\techexcel\downloads\7z2409-x64.exe
chrome
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\accessories\notepad.lnk
Extended userassist report attached.
178103 - Veeam Agent for Microsoft Windows (Windows)
-
Synopsis
Veeam Agent for Microsoft Windows was detected on the remote Windows host.
Description
Veeam Agent for Microsoft Windows was detected on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2025/12/15
Plugin Output
tcp/0
Path : C:\Program Files\Veeam\Endpoint Backup\
Version : 6.1.0.349
Product : Veeam Agent for Microsoft Windows
24269 - WMI Available
-
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.
These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2025/12/15
Plugin Output
tcp/445/cifs
The remote host returned the following caption from Win32_OperatingSystem:
Microsoft Windows Server 2019 Datacenter
Microsoft Windows Server 2019 Datacenter
71637 - WMI IIS ISAPI Extension Enumeration
-
Synopsis
The remote host has ISAPI extensions set up with IIS.
Description
The remote host is running one or more ISAPI IIS extensions such as ASP.NET installed. This plugin enumerates these extensions by examining the ISAPI filters and displays information on whether the extension is enabled or disabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/20, Modified: 2025/12/15
Plugin Output
tcp/0
IIS component : WebDAV
Component path : %windir%\system32\inetsrv\webdav.dll
Enabled ? : Yes
52001 - WMI QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/16, Modified: 2025/12/15
Plugin Output
tcp/0
Here is a list of quick-fix engineering updates installed on the
remote system :
+ KB5046268
- Description : Update
- InstalledOn : 12/21/2024
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=5046268
+ KB4535680
- Description : Security Update
- InstalledOn : 1/8/2022
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=4535680
+ KB4589208
- Description : Update
- InstalledOn : 1/8/2022
- SystemName : TECHE_WEB_DB
- InstalledBy : TECHE_WEB_DB\Production
- Caption : https://support.microsoft.com/help/4589208
+ KB5005112
- Description : Security Update
- InstalledOn : 8/5/2021
- SystemName : TECHE_WEB_DB
- Caption : https://support.microsoft.com/help/5005112
+ KB5053596
- Description : Security Update
- InstalledOn : 3/24/2025
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/5053596
+ KB5008287
- Description : Security Update
- InstalledOn : 1/8/2022
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
+ KB5014797
- Description : Update
- InstalledOn : 7/22/2022
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
+ KB5015896
- Description : Update
- InstalledOn : 7/22/2022
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
+ KB5020374
- Description : Security Update
- InstalledOn : 1/5/2023
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
+ KB5043126
- Description : Security Update
- InstalledOn : 12/21/2024
- SystemName : TECHE_WEB_DB
- InstalledBy : NT AUTHORITY\SYSTEM
+ KB5050110
- Description : Security Update
- InstalledOn : 3/22/2025
- SystemName : TECHE_WEB_DB
- InstalledBy : TECHE_WEB_DB\Production
+ KB5054007
- Description : Security Update
- InstalledOn : 3/24/2025
- SystemName : TECHE_WEB_DB
- InstalledBy : TECHE_WEB_DB\Production
44871 - WMI Windows Feature Enumeration
-
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.
Note that Features can only be enumerated for Windows 7 and later for desktop versions.
Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
| https://msdn.microsoft.com/en-us/library/cc280268 |
| https://docs.microsoft.com/en-us/windows/desktop/WmiSdk/querying-the-status-of-optional-features |
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0754 |
Plugin Information
Published: 2010/02/24, Modified: 2025/12/15
Plugin Output
tcp/0
Nessus enumerated the following Windows features :
- .NET Framework 3.5 (includes .NET 2.0 and 3.0)
- .NET Framework 3.5 Features
- .NET Framework 4.7
- .NET Framework 4.7 Features
- ASP.NET 4.7
- Application Development
- Basic Authentication
- Centralized SSL Certificate Support
- Client Certificate Mapping Authentication
- Common HTTP Features
- Custom Logging
- Default Document
- Digest Authentication
- Directory Browsing
- Dynamic Content Compression
- File Server
- File and Storage Services
- File and iSCSI Services
- HTTP Errors
- HTTP Logging
- HTTP Redirection
- Health and Diagnostics
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
- IIS Client Certificate Mapping Authentication
- IIS Hostable Web Core
- IIS Management Console
- IIS Management Scripts and Tools
- IP and Domain Restrictions
- Logging Tools
- Management Service
- Management Tools
- ODBC Logging
- Performance
- Request Filtering
- Request Monitor
- Security
- Static Content
- Static Content Compression
- Storage Services
- System Data Archiver
- TCP Port Sharing
- Telnet Client
- Tracing
- URL Authorization
- WCF Services
- Web Server
- Web Server (IIS)
- WebDAV Publishing
- Windows Authentication
- Windows PowerShell
- Windows PowerShell 2.0 Engine
- Windows PowerShell 5.1
- Windows PowerShell ISE
- WoW64 Support
- XPS Viewer
33139 - WS-Management Server Detection
-
Synopsis
The remote web server is used for remote management.
Description
The remote web server supports the Web Services for Management (WS-Management) specification, a general web services protocol based on SOAP for managing systems, applications, and other such entities.
See Also
Solution
Limit incoming traffic to this port if desired.
Risk Factor
None
Plugin Information
Published: 2008/06/11, Modified: 2021/05/19
Plugin Output
tcp/5985/www
Here is some information about the WS-Management Server :
Product Vendor : Microsoft Corporation
Product Version : OS: 0.0.0 SP: 0.0 Stack: 3.0
11422 - Web Server Unconfigured - Default Install Page Present
-
Synopsis
The remote web server is not configured or is improperly configured.
Description
The remote web server uses its default welcome page. Therefore, it's probable that this server is not used at all or is serving content that is meant to be hidden.
Solution
Disable this service if you do not use it.
Risk Factor
None
Plugin Information
Published: 2003/03/20, Modified: 2018/08/15
Plugin Output
tcp/80/www
The default welcome page is from IIS.
92436 - WinRAR History
-
Synopsis
Nessus was able to enumerate files opened with WinRAR on the remote host.
Description
Nessus was able to gather evidence of compressed files that were opened by WinRAR. Note that only compressed files that were opened and not extracted through the explorer shortcut or command line interface were reported.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
D:\Backup_RMS\Scheduler.ZIP
D:\Backup_RMS\TechExcel_EXE.ZIP
D:\Backup_RMS\LIVERISKDATABASE.ZIP
D:\Backup_RMS\Price_02022023.rar
D:\Backup_RMS\LIVERISKDATABASE.ZIP
C:\Users\techexcel\Downloads\Margin_21032024_035505.zip
F:\Techexcel Setup\Liverisk Setup\2-XceedZip.zip
D:\Backup_RMS\TechExcel_EXE.ZIP
WinRAR report attached.
D:\Backup_RMS\TechExcel_EXE.ZIP
D:\Backup_RMS\LIVERISKDATABASE.ZIP
D:\Backup_RMS\Price_02022023.rar
D:\Backup_RMS\LIVERISKDATABASE.ZIP
C:\Users\techexcel\Downloads\Margin_21032024_035505.zip
F:\Techexcel Setup\Liverisk Setup\2-XceedZip.zip
D:\Backup_RMS\TechExcel_EXE.ZIP
WinRAR report attached.
162174 - Windows Always Installed Elevated Status
-
Synopsis
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/06/14, Modified: 2022/06/14
Plugin Output
tcp/445/cifs
AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-549360554-2228062029-2355455187-1001
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-549360554-2228062029-2355455187-1002
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-549360554-2228062029-2355455187-500
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-549360554-2228062029-2355455187-1001
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-549360554-2228062029-2355455187-1002
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-549360554-2228062029-2355455187-500
48337 - Windows ComputerSystemProduct Enumeration (WMI)
-
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/16, Modified: 2025/12/15
Plugin Output
tcp/0
+ Computer System Product
- IdentifyingNumber : CNX148076H
- Description : Computer System Product
- Vendor : HPE
- Name : ProLiant DL360 Gen10
- UUID : 35333250-3937-4E43-5831-343830373648
159817 - Windows Credential Guard Status
-
Synopsis
Retrieves the status of Windows Credential Guard.
Description
Retrieves the status of Windows Credential Guard.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/04/18, Modified: 2023/08/25
Plugin Output
tcp/445/cifs
Windows Credential Guard is not fully enabled.
The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found.
58181 - Windows DNS Server Enumeration
-
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/03/01, Modified: 2022/02/01
Plugin Output
tcp/445/cifs
Nessus enumerated DNS servers for the following interfaces :
Interface: {be1be397-b909-4e16-a088-c88ef90d2788}
Network Connection : LAN_32
NameServer: 8.8.8.8,4.2.2.2
164690 - Windows Disabled Command Prompt Enumeration
-
Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'
- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'
- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/09/06, Modified: 2022/10/05
Plugin Output
tcp/445/cifs
Username: Production
SID: S-1-5-21-549360554-2228062029-2355455187-500
DisableCMD: Unset
Username: WDAGUtilityAccount
SID: S-1-5-21-549360554-2228062029-2355455187-504
DisableCMD: Unset
Username: techexcel
SID: S-1-5-21-549360554-2228062029-2355455187-1001
DisableCMD: Unset
Username: tidua
SID: S-1-5-21-549360554-2228062029-2355455187-1011
DisableCMD: Unset
Username: Veeam
SID: S-1-5-21-549360554-2228062029-2355455187-1010
DisableCMD: Unset
Username: Guest
SID: S-1-5-21-549360554-2228062029-2355455187-501
DisableCMD: Unset
Username: DefaultAccount
SID: S-1-5-21-549360554-2228062029-2355455187-503
DisableCMD: Unset
Username: rms
SID: S-1-5-21-549360554-2228062029-2355455187-1005
DisableCMD: Unset
Username: techapp
SID: S-1-5-21-549360554-2228062029-2355455187-1002
DisableCMD: Unset
Username: LKPAdmin
SID: S-1-5-21-549360554-2228062029-2355455187-1000
DisableCMD: Unset
Username: techexcel1
SID: S-1-5-21-549360554-2228062029-2355455187-1008
DisableCMD: Unset
72482 - Windows Display Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
References
| XREF | IAVT:0001-T-0756 |
Plugin Information
Published: 2014/02/06, Modified: 2025/12/15
Plugin Output
tcp/0
Device Name : Matrox G200eh3 (HPE) WDDM 2.0
Driver File Version : 4.5.0.5
Driver Date : 05/26/2021
Video Processor : Matrox G200eH
92423 - Windows Explorer Recently Executed Programs
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
| http://www.forensicswiki.org/wiki/LastVisitedMRU |
| http://www.nessus.org/u?7e00b191 |
| http://www.nessus.org/u?ac4dd3fb |
| http://www.nessus.org/u?c409cb41 |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/08/15
Plugin Output
tcp/0
SanerNow_Windows_x86_6.3.exePO :i+00/D:\V1Y`lkpsoft@YY`.;zlkpsoft1Y`SanerNow_LKP_Window_CM_Windows_x86_6.3~Y`Y`.;nSanerNow_LKP_Window_CM_Windows_x86_6.36
ssaclient.exePO :i+00:.:,LB)A&&c??
InetMgr.exePO :i+00/D:\V1.T35LKPSOFT@(T1\r.TN5.$P5LKPSOFT
mspaint.exePO :i+00:.:,LB)A&&c(wL(wL
msiexec.exePO :i+00/C:\p1XbPROGRA~2X/Ma:Xb..Program Files (x86)Z1.T'fMSECacheB.T'f.T'f. KMSECache\1.T'fACERED~1D.T'f.T'f. KAceRedistN1.T-f1033:.T'f.T-f.=71033
iexplore.exePO :i+00.9#K&]B_
Profiler.exePO :i+00.+ezFkp:
mspaint.exePO :i+00/F:\1X[SQLPatch_Prerequisite\X[X[.^SQLPatch_Prerequisite$
Ssms.exePO :i+00/F:\n1OZ)/Techexcel SetupP-TkOZ)/.mqtwTechexcel Setupr1OZ#0Web SQL_15022025ROZ\n/OZ#0.{QtWeb SQL_15022025
\n
mmc.exePO :i+00/D:\1.TedTechexcel Service Restartd.Ted.Ted.GTechexcel Service Restart(
DTAShell.exePO :i+00:.:,LB)A&&tSwLMwLM
chrome.exePO :i+00/D:\N1Z=TTEST:yTTZ=T.uTEST
notepad.exeX\r,!PCsg<;-1SPSsC\nCOi3nI1SPS0%G`-\n172.17.100.31-1SPS:7CD)5\\172.17.100.31\Techexcel$Microsoft NetworkP1lSmLucee<.Tm>.Ty>.,`cLuceeT1lSmtomcat>.Tm>.To>.`|ftomcatV1GVk5webapps@.Tm>GVk5.eqwebappsN1W+ROOT:.Tm>W+.eROOT`1WC0staticDataF.Tm>WC.{staticDatal1WCBOFreezeLetterNWCWC.rUQBOFreezeLetter
notepad++.exeX\r,!PCsg<;-1SPSsC\nCOi3nI1SPS0%G`-\n172.17.100.33-1SPS:7CD)5\\172.17.100.33\techexcel$Microsoft NetworkP1:UbLucee<WTs:Ub.1mLuceeT1WTutomcat>WT\rsWTu.3wtomcatV1X.!webapps@WTsX.!.:A$webappsN1 X ROOT:WTsX .:PFROOTJ1 WTt0kra8WTtWTu.}v8kra`1 WTt0exportdataFWTtWTu.I+pexportdata
OpenWith.exePO :i+00/C:\p1.TnPROGRA~2X/Ma:.Tn..[Program Files (x86)\1.TCfNOTEPA~1D.TBf.TCf.~ _Notepad++
Code.exePO :i+00/D:\\1n[4TechexcelD.T^n[4.!I!TechexcelP1OZ50Lucee<\nUfn[)6.CKLuceeT1OZ30tomcat>\nUfn[)6.LzqtomcatV1OZ30webapps@\nUfn[4.{}qwebappsN1Zs0ROOT:\nUfn[`/.ROOTb1n[#0FTPDOWNLOADH\nUGgn[U4.FTPDOWNLOAD
SnippingTool.exePO :i+00/H:\1X-AS-SSD-Benchmark2.0.7316bX-X-.*_3AS-SSD-Benchmark2.0.7316(
\\172.17.100.187\xtpl\1
cba
\\172.17.100.51\c$\Users\rms\Desktop\BSEALLTRADE\1
\\172.17.100.61\Rtrade\1
F:\backup\\1
\\192.168.10.234\1
\\172.17.100.31\\1
D:\Techexcel\Lucee\tomcat\webapps\ROOT\techesign\1
\\172.17.100.33\\1
services.msc\1
compmgmt.msc\1
\\172.17.100.33\1
\\20.20.20.32\BackupOLDDB$\1
regedit\1
\\172.17.100.31\1
appwiz.cpl\1
\\172.17.100.224\\1
calc\1
secpol.msc\1
wmimgmt.msc\1
\\20.20.20.32\backup$\\1
ncpa.cpl\1
notepad\1
mstsc\1
eiycmvsaubqtgxfdpnowkjhzlr
mspaint\1
dcomcnfg\1
\\localhost\1
control\1
\\20.20.20.31\\1
cmd\1
\\172.17.100.31\Techexcel$\\1
D:\Techexcel\techexcel_Margin\1
\\172.17.100.32\1
D:\SQL_log\\1
services.msc\1
\\172.17.100.91\1
\\172.17.100.33\Techexcel$\\lucee\tomcat\webapps\ROOT\1
\\172.17.100.91\\1
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD\1
\\172.17.100.91\C$\\1
cmd\1
D:\Techexcel\techexcel\\1
D:\Techexcel\SQLLOGS\1
chrome\1
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD\\1
\\172.17.100.32\techexcel$\Lucee\tomcat\webapps\ROOT\\1
\\172.17.100.51\OTD\\1
D:\TECHEXCEL\SPAN4\DATA\\1
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT\1
gpedit.msc\1
uazlfibhdrqyvjxkgpnwoscmet
mstsc\1
\\TECH_UAT\Backup_Old$\1
D:\Techexcel\SQLLOGS\\1
\\172.17.100.51\otd\1
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT\\1
\\172.17.100.91\C$\PROGRAM FILES (X86)\TATA CONSULTANCY SERVICES\MEMBER CONTROL STATION(MCS)\DATA\56630\RTRADE\\1
regedit.exe+;4
InetMgr.exeLU^TtT
SanerNow_Windows_x86_6.3.exeE_{
mmc.exe^
ssaclient.exeWjv
msiexec.exew
wuauclt.exe|0
mspaint.exeL]`
IEXPLORE.EXE;V6^V
Profiler.exe[X~zZ
mspaint.exe>PSz
\n
notepad++.exe^U.
Ssms.exe^`g
DTAShell.exe\i$
chrome.exe^#
mmc.exenirm
OpenWith.exet
notepad.exe^+
Code.exe@
SnippingTool.exeqQy39O
x@_dP/N
X\r,!PCsg<
MRU programs details in attached report.
ssaclient.exePO :i+00:.:,LB)A&&c??
InetMgr.exePO :i+00/D:\V1.T35LKPSOFT@(T1\r.TN5.$P5LKPSOFT
mspaint.exePO :i+00:.:,LB)A&&c(wL(wL
msiexec.exePO :i+00/C:\p1XbPROGRA~2X/Ma:Xb..Program Files (x86)Z1.T'fMSECacheB.T'f.T'f. KMSECache\1.T'fACERED~1D.T'f.T'f. KAceRedistN1.T-f1033:.T'f.T-f.=71033
iexplore.exePO :i+00.9#K&]B_
Profiler.exePO :i+00.+ezFkp:
mspaint.exePO :i+00/F:\1X[SQLPatch_Prerequisite\X[X[.^SQLPatch_Prerequisite$
Ssms.exePO :i+00/F:\n1OZ)/Techexcel SetupP-TkOZ)/.mqtwTechexcel Setupr1OZ#0Web SQL_15022025ROZ\n/OZ#0.{QtWeb SQL_15022025
\n
mmc.exePO :i+00/D:\1.TedTechexcel Service Restartd.Ted.Ted.GTechexcel Service Restart(
DTAShell.exePO :i+00:.:,LB)A&&tSwLMwLM
chrome.exePO :i+00/D:\N1Z=TTEST:yTTZ=T.uTEST
notepad.exeX\r,!PCsg<;-1SPSsC\nCOi3nI1SPS0%G`-\n172.17.100.31-1SPS:7CD)5\\172.17.100.31\Techexcel$Microsoft NetworkP1lSmLucee<.Tm>.Ty>.,`cLuceeT1lSmtomcat>.Tm>.To>.`|ftomcatV1GVk5webapps@.Tm>GVk5.eqwebappsN1W+ROOT:.Tm>W+.eROOT`1WC0staticDataF.Tm>WC.{staticDatal1WCBOFreezeLetterNWCWC.rUQBOFreezeLetter
notepad++.exeX\r,!PCsg<;-1SPSsC\nCOi3nI1SPS0%G`-\n172.17.100.33-1SPS:7CD)5\\172.17.100.33\techexcel$Microsoft NetworkP1:UbLucee<WTs:Ub.1mLuceeT1WTutomcat>WT\rsWTu.3wtomcatV1X.!webapps@WTsX.!.:A$webappsN1 X ROOT:WTsX .:PFROOTJ1 WTt0kra8WTtWTu.}v8kra`1 WTt0exportdataFWTtWTu.I+pexportdata
OpenWith.exePO :i+00/C:\p1.TnPROGRA~2X/Ma:.Tn..[Program Files (x86)\1.TCfNOTEPA~1D.TBf.TCf.~ _Notepad++
Code.exePO :i+00/D:\\1n[4TechexcelD.T^n[4.!I!TechexcelP1OZ50Lucee<\nUfn[)6.CKLuceeT1OZ30tomcat>\nUfn[)6.LzqtomcatV1OZ30webapps@\nUfn[4.{}qwebappsN1Zs0ROOT:\nUfn[`/.ROOTb1n[#0FTPDOWNLOADH\nUGgn[U4.FTPDOWNLOAD
SnippingTool.exePO :i+00/H:\1X-AS-SSD-Benchmark2.0.7316bX-X-.*_3AS-SSD-Benchmark2.0.7316(
\\172.17.100.187\xtpl\1
cba
\\172.17.100.51\c$\Users\rms\Desktop\BSEALLTRADE\1
\\172.17.100.61\Rtrade\1
F:\backup\\1
\\192.168.10.234\1
\\172.17.100.31\\1
D:\Techexcel\Lucee\tomcat\webapps\ROOT\techesign\1
\\172.17.100.33\\1
services.msc\1
compmgmt.msc\1
\\172.17.100.33\1
\\20.20.20.32\BackupOLDDB$\1
regedit\1
\\172.17.100.31\1
appwiz.cpl\1
\\172.17.100.224\\1
calc\1
secpol.msc\1
wmimgmt.msc\1
\\20.20.20.32\backup$\\1
ncpa.cpl\1
notepad\1
mstsc\1
eiycmvsaubqtgxfdpnowkjhzlr
mspaint\1
dcomcnfg\1
\\localhost\1
control\1
\\20.20.20.31\\1
cmd\1
\\172.17.100.31\Techexcel$\\1
D:\Techexcel\techexcel_Margin\1
\\172.17.100.32\1
D:\SQL_log\\1
services.msc\1
\\172.17.100.91\1
\\172.17.100.33\Techexcel$\\lucee\tomcat\webapps\ROOT\1
\\172.17.100.91\\1
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD\1
\\172.17.100.91\C$\\1
cmd\1
D:\Techexcel\techexcel\\1
D:\Techexcel\SQLLOGS\1
chrome\1
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD\\1
\\172.17.100.32\techexcel$\Lucee\tomcat\webapps\ROOT\\1
\\172.17.100.51\OTD\\1
D:\TECHEXCEL\SPAN4\DATA\\1
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT\1
gpedit.msc\1
uazlfibhdrqyvjxkgpnwoscmet
mstsc\1
\\TECH_UAT\Backup_Old$\1
D:\Techexcel\SQLLOGS\\1
\\172.17.100.51\otd\1
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT\\1
\\172.17.100.91\C$\PROGRAM FILES (X86)\TATA CONSULTANCY SERVICES\MEMBER CONTROL STATION(MCS)\DATA\56630\RTRADE\\1
regedit.exe+;4
InetMgr.exeLU^TtT
SanerNow_Windows_x86_6.3.exeE_{
mmc.exe^
ssaclient.exeWjv
msiexec.exew
wuauclt.exe|0
mspaint.exeL]`
IEXPLORE.EXE;V6^V
Profiler.exe[X~zZ
mspaint.exe>PSz
\n
notepad++.exe^U.
Ssms.exe^`g
DTAShell.exe\i$
chrome.exe^#
mmc.exenirm
OpenWith.exet
notepad.exe^+
Code.exe@
SnippingTool.exeqQy39O
x@_dP/N
X\r,!PCsg<
MRU programs details in attached report.
92418 - Windows Explorer Typed Paths
-
Synopsis
Nessus was able to enumerate the directory paths that users visited by typing the full directory path into Windows Explorer.
Description
Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path into Windows Explorer. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
F:\
D:\
\\172.17.100.31\
\\20.20.20.32\backupolddb$
\\20.20.20.32\BackupOLDDB$
\\172.17.100.91
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD
D:\Techexcel\SQLLOGS\risk_backup(form)
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\staticData\wsdl
\\172.17.100.33\techexcel$
cmd
D:\test
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\VAPT
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\kra\exportdata\ckycbottom.cfm
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\kra\exportdata\
D:\Techexcel\techexcel_Margin
This PC
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT
C:\
\\172.17.100.35\Techexcel\Upload
D:\Techexcel
H:\
\\172.17.100.91\C$\PROGRAM FILES (X86)\TATA CONSULTANCY SERVICES\MEMBER CONTROL STATION(MCS)\DATA\56630\RTRADE
D:\Techexcel\Lucee\tomcat\webapps\ROOT
H:\Last year Backup
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD\MCXLTP.cfm
D:\Techexcel\SQLLOGS
\\172.17.100.32\techexcel$\Lucee\tomcat\webapps\ROOT
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\focaps\fa_focaps\forms
Extended explorer typed paths report attached.
D:\
\\172.17.100.31\
\\20.20.20.32\backupolddb$
\\20.20.20.32\BackupOLDDB$
\\172.17.100.91
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD
D:\Techexcel\SQLLOGS\risk_backup(form)
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\staticData\wsdl
\\172.17.100.33\techexcel$
cmd
D:\test
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\VAPT
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\kra\exportdata\ckycbottom.cfm
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\kra\exportdata\
D:\Techexcel\techexcel_Margin
This PC
\\172.17.100.31\techexcel$\Lucee\tomcat\webapps\ROOT
C:\
\\172.17.100.35\Techexcel\Upload
D:\Techexcel
H:\
\\172.17.100.91\C$\PROGRAM FILES (X86)\TATA CONSULTANCY SERVICES\MEMBER CONTROL STATION(MCS)\DATA\56630\RTRADE
D:\Techexcel\Lucee\tomcat\webapps\ROOT
H:\Last year Backup
D:\Techexcel\Lucee\tomcat\webapps\ROOT\FTPDOWNLOAD\MCXLTP.cfm
D:\Techexcel\SQLLOGS
\\172.17.100.32\techexcel$\Lucee\tomcat\webapps\ROOT
\\172.17.100.33\techexcel$\Lucee\tomcat\webapps\ROOT\focaps\fa_focaps\forms
Extended explorer typed paths report attached.
159929 - Windows LSA Protection Status
-
Synopsis
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/04/20, Modified: 2025/06/16
Plugin Output
tcp/445/cifs
LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.
148541 - Windows Language Settings Detection
-
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/04/14, Modified: 2022/02/01
Plugin Output
tcp/0
Default Install Language Code: 1033
Default Active Language Code: 1033
Other common microsoft Language packs may be scanned as well.
Default Active Language Code: 1033
Other common microsoft Language packs may be scanned as well.
92422 - Windows Mapped Network Drives
-
Synopsis
Nessus was able to enumerate mapped network drives on the remote host.
Description
Nessus was able to generate a report of mapped network drives on the remote Windows host.
See Also
| http://www.nessus.org/u?73356601 |
| https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc770902(v=ws.11) |
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output
tcp/0
mrulist : a
a : \\172.17.100.187\xtpl
b : \\172.17.100.61\Rtrade
mrulist : cba
c : \\172.17.100.51\c$\Users\rms\Desktop\BSEALLTRADE
a : \\172.17.100.187\xtpl
Extended mapped network drive report attached.
a : \\172.17.100.187\xtpl
b : \\172.17.100.61\Rtrade
mrulist : cba
c : \\172.17.100.51\c$\Users\rms\Desktop\BSEALLTRADE
a : \\172.17.100.187\xtpl
Extended mapped network drive report attached.
10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2021/02/10
Plugin Output
udp/137/netbios-ns
The following 3 NetBIOS names have been gathered :
TECHE_WEB_DB = File Server Service
TECHE_WEB_DB = Computer name
WORKGROUP = Workgroup / Domain name
The remote host has the following MAC address on its adapter :
d4:f5:ef:60:46:14
TECHE_WEB_DB = File Server Service
TECHE_WEB_DB = Computer name
WORKGROUP = Workgroup / Domain name
The remote host has the following MAC address on its adapter :
d4:f5:ef:60:46:14
63620 - Windows Product Key Retrieval
-
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output
tcp/445/cifs
Product key : XXXXX-XXXXX-XXXXX-XXXXX-BWT4H
Note that all but the final portion of the key has been obfuscated.
160576 - Windows Services Registry ACL
-
Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/05, Modified: 2024/01/15
Plugin Output
tcp/445/cifs
report output too big - ending list here
204960 - Windows System Driver Enumeration (Windows)
-
Synopsis
One or more kernel or file system drivers were enumerated on the remote Windows host.
Description
One or more kernel or file system drivers were enumerated on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/08/01, Modified: 2025/12/15
Plugin Output
tcp/0
Total : 349
Name : 1394ohci
Path : C:\Windows\system32\drivers\1394ohci.sys
Service Type : Kernel Driver
Description : 1394 OHCI Compliant Host Controller
State : Stopped
Name : 3ware
Path : C:\Windows\system32\drivers\3ware.sys
Service Type : Kernel Driver
Description : 3ware
State : Stopped
Name : ACPI
Path : C:\Windows\system32\drivers\ACPI.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Driver
State : Running
Name : AcpiDev
Path : C:\Windows\system32\drivers\AcpiDev.sys
Service Type : Kernel Driver
Description : ACPI Devices driver
State : Stopped
Name : acpiex
Path : C:\Windows\system32\Drivers\acpiex.sys
Service Type : Kernel Driver
Description : Microsoft ACPIEx Driver
State : Running
Name : acpipagr
Path : C:\Windows\system32\drivers\acpipagr.sys
Service Type : Kernel Driver
Description : ACPI Processor Aggregator Driver
State : Stopped
Name : AcpiPmi
Path : C:\Windows\system32\drivers\acpipmi.sys
Service Type : Kernel Driver
Description : ACPI Power Meter Driver
State : Running
Name : acpitime
Path : C:\Windows\system32\drivers\acpitime.sys
Service Type : Kernel Driver
Description : ACPI Wake Alarm Driver
State : Running
Name : ADP80XX
Path : C:\Windows\system32\drivers\ADP80XX.SYS
Service Type : Kernel Driver
Description : ADP80XX
State : Stopped
Name : AFD
Path : C:\Windows\system32\drivers\afd.sys
Service Type : Kernel Driver
Description : Ancillary Function Driver for Winsock
State : Running
Name : afunix
Path : C:\Windows\system32\drivers\afunix.sys
Service Type : Kernel Driver
Description : afunix
State : Running
Name : ahcache
Path : C:\Windows\system32\DRIVERS\ahcache.sys
Service Type : Kernel Driver
Description : Application Compatibility Cache
State : Running
Name : AmdK8
Path : C:\Windows\system32\drivers\amdk8.sys
Service Type : Kernel Driver
Description : AMD K8 Processor Driver
State : Stopped
Name : AmdPPM
Path : C:\Windows\system32\drivers\amdppm.sys
Service Type : Kernel Driver
Description : AMD Processor Driver
State : Stopped
Name : amdsata
Path : C:\Windows\system32\drivers\amdsata.sys
Service Type : Kernel Driver
Description : amdsata
State : Stopped
Name : amdsbs
Path : C:\Windows\system32\drivers\amdsbs.sys
Service Type : Kernel Driver
Description : amdsbs
State : Stopped
Name : amdxata
Path : C:\Windows\system32\drivers\amdxata.sys
Service Type : Kernel Driver
Description : amdxata
State : Stopped
Name : AppID
Path : C:\Windows\system32\drivers\appid.sys
Service Type : Kernel Driver
Description : AppID Driver
State : Stopped
Name : applockerfltr
Path : C:\Windows\system32\drivers\applockerfltr.sys
Service Type : Kernel Driver
Description : Smartlocker Filter Driver
State : Stopped
Name : AppvStrm
Path : C:\Windows\system32\drivers\AppvStrm.sys
Service Type : File System Driver
Description : AppvStrm
State : Stopped
Name : AppvVemgr
Path : C:\Windows\system32\drivers\AppvVemgr.sys
Service Type : File System Driver
Description : AppvVemgr
State : Stopped
Name : AppvVfs
Path : C:\Windows\system32\drivers\AppvVfs.sys
Service Type : File System Driver
Description : AppvVfs
State : Stopped
Name : arcsas
Path : C:\Windows\system32\drivers\arcsas.sys
Service Type : Kernel Driver
Description : Adaptec SAS/SATA-II RAID Storport's Miniport Driver
State : Stopped
Name : AsyncMac
Path : C:\Windows\system32\drivers\asyncmac.sys
Service Type : Kernel Driver
Description : RAS Asynchronous Media Driver
State : Stopped
Name : atapi
Path : C:\Windows\system32\drivers\atapi.sys
Service Type : Kernel Driver
Description : IDE Channel
State : Stopped
Name : b06bdrv
Path : C:\Windows\system32\drivers\bxvbda.sys
Service Type : Kernel Driver
Description : QLogic Network Adapter VBD
State : Stopped
Name : bam
Path : C:\Windows\system32\drivers\bam.sys
Service Type : Kernel Driver
Description : Background Activity Moderator Driver
State : Running
Name : BasicDisplay
Path : C:\Windows\system32\DriverStore\FileRepository\basicdisplay.inf_amd64_5103ac179273be89\BasicDisplay.sys
Service Type : Kernel Driver
Description : BasicDisplay
State : Running
Name : BasicRender
Path : C:\Windows\system32\DriverStore\FileRepository\basicrender.inf_amd64_efdc64af60c69a6d\BasicRender.sys
Service Type : Kernel Driver
Description : BasicRender
State : Running
Name : bcmfn2
Path : C:\Windows\system32\drivers\bcmfn2.sys
Service Type : Kernel Driver
Description : bcmfn2 Service
State : Stopped
Name : BdDci
Path : C:\Windows\system32\DRIVERS\bddci.sys
Service Type : Kernel Driver
Description : BdDci Service
State : Running
Name : Beep
Path : C:\Windows\system32\drivers\Beep.sys
Service Type : Kernel Driver
Description : Beep
State : Stopped
Name : bfadfcoei
Path : C:\Windows\system32\drivers\bfadfcoei.sys
Service Type : Kernel Driver
Description : bfadfcoei
State : Stopped
Name : bfadi
Path : C:\Windows\system32\drivers\bfadi.sys
Service Type : Kernel Driver
Description : bfadi
State : Stopped
Name : bindflt
Path : C:\Windows\system32\drivers\bindflt.sys
Service Type : File System Driver
Description : Windows Bind Filter Driver
State : Stopped
Name : bowser
Path : C:\Windows\system32\DRIVERS\bowser.sys
Service Type : File System Driver
Description : Browser
State : Running
Name : BthEnum
Path : C:\Windows\system32\drivers\BthEnum.sys
Service Type : Kernel Driver
Description : Bluetooth Enumerator Service
State : Stopped
Name : BthLEEnum
Path : C:\Windows\system32\drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
Service Type : Kernel Driver
Description : Bluetooth Low Energy Driver
State : Stopped
Name : BthMini
Path : C:\Windows\system32\drivers\BTHMINI.sys
Service Type : Kernel Driver
Description : Bluetooth Radio Driver
State : Stopped
Name : BTHPORT
Path : C:\Windows\system32\drivers\BTHport.sys
Service Type : Kernel Driver
Description : Bluetooth Port Driver
State : Stopped
Name : BTHUSB
Path : C:\Windows\system32\drivers\BTHUSB.sys
Service Type : Kernel Driver
Description : Bluetooth Radio USB Driver
State : Stopped
Name : bttflt
Path : C:\Windows\system32\drivers\bttflt.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V VHDPMEM BTT Filter
State : Stopped
Name : buttonconverter
Path : C:\Windows\system32\drivers\buttonconverter.sys
Service Type : Kernel Driver
Description : Service for Portable Device Control devices
State : Stopped
Name : bxfcoe
Path : C:\Windows\system32\drivers\bxfcoe.sys
Service Type : Kernel Driver
Description : QLogic FCoE Offload driver
State : Stopped
Name : bxois
Path : C:\Windows\system32\drivers\bxois.sys
Service Type : Kernel Driver
Description : QLogic Offload iSCSI Driver
State : Stopped
Name : CapImg
Path : C:\Windows\system32\drivers\capimg.sys
Service Type : Kernel Driver
Description : HID driver for CapImg touch screen
State : Stopped
Name : cdfs
Path : C:\Windows\system32\DRIVERS\cdfs.sys
Service Type : File System Driver
Description : CD/DVD File System Reader
State : Stopped
Name : cdrom
Path : C:\Windows\system32\drivers\cdrom.sys
Service Type : Kernel Driver
Description : CD-ROM Driver
State : Running
Name : cht4iscsi
Path : C:\Windows\system32\drivers\cht4sx64.sys
Service Type : Kernel Driver
Description : cht4iscsi
State : Stopped
Name : cht4vbd
Path : C:\Windows\system32\drivers\cht4vx64.sys
Service Type : Kernel Driver
Description : Chelsio Virtual Bus Driver
State : Stopped
Name : CldFlt
Path : C:\Windows\system32\drivers\cldflt.sys
Service Type : File System Driver
Description : Windows Cloud Files Filter Driver
State : Running
Name : CLFS
Path : C:\Windows\system32\drivers\CLFS.sys
Service Type : Kernel Driver
Description : Common Log (CLFS)
State : Running
Name : CmBatt
Path : C:\Windows\system32\drivers\CmBatt.sys
Service Type : Kernel Driver
Description : Microsoft ACPI Control Method Battery Driver
State : Stopped
Name : CNG
Path : C:\Windows\system32\Drivers\cng.sys
Service Type : Kernel Driver
Description : CNG
State : Running
Name : cnghwassist
Path : C:\Windows\system32\DRIVERS\cnghwassist.sys
Service Type : Kernel Driver
Description : CNG Hardware Assist algorithm provider
State : Stopped
Name : CompositeBus
Path : C:\Windows\system32\DriverStore\FileRepository\compositebus.inf_amd64_e4d35af746093dc3\CompositeBus.sys
Service Type : Kernel Driver
Description : Composite Bus Enumerator Driver
State : Running
Name : condrv
Path : C:\Windows\system32\drivers\condrv.sys
Service Type : Kernel Driver
Description : Console Driver
State : Running
Name : CSC
Path : C:\Windows\system32\drivers\csc.sys
Service Type : Kernel Driver
Description : Offline Files Driver
State : Stopped
Name : dam
Path : C:\Windows\system32\drivers\dam.sys
Service Type : Kernel Driver
Description : Desktop Activity Moderator Driver
State : Stopped
Name : Dfsc
Path : C:\Windows\system32\Drivers\dfsc.sys
Service Type : File System Driver
Description : DFS Namespace Client Driver
State : Running
Name : Disk
Path : C:\Windows\system32\drivers\disk.sys
Service Type : Kernel Driver
Description : Disk Driver
State : Running
Name : dmvsc
Path : C:\Windows\system32\drivers\dmvsc.sys
Service Type : Kernel Driver
Description : dmvsc
State : Stopped
Name : drmkaud
Path : C:\Windows\system32\drivers\drmkaud.sys
Service Type : Kernel Driver
Description : Microsoft Trusted Audio Drivers
State : Stopped
Name : DXGKrnl
Path : C:\Windows\system32\drivers\dxgkrnl.sys
Service Type : Kernel Driver
Description : LDDM Graphics Subsystem
State : Running
Name : e1iexpress
Path : C:\Windows\system32\drivers\e1i63x64.sys
Service Type : Kernel Driver
Description : Intel(R) PRO/1000 PCI Express Network Connection Driver I
State : Stopped
Name : e1rexpress
Path : C:\Windows\system32\drivers\e1r68x64.sys
Service Type : Kernel Driver
Description : Intel(R) PCI Express Network Connection Driver R
State : Running
Name : ebdrv
Path : C:\Windows\system32\drivers\evbda.sys
Service Type : Kernel Driver
Description : QLogic 10 Gigabit Ethernet Adapter VBD
State : Stopped
Name : EhStorClass
Path : C:\Windows\system32\drivers\EhStorClass.sys
Service Type : Kernel Driver
Description : Enhanced Storage Filter Driver
State : Stopped
Name : EhStorTcgDrv
Path : C:\Windows\system32\drivers\EhStorTcgDrv.sys
Service Type : Kernel Driver
Description : Microsoft driver for storage devices supporting IEEE 1667 and TCG protocols
State : Stopped
Name : elxfcoe
Path : C:\Windows\system32\drivers\elxfcoe.sys
Service Type : Kernel Driver
Description : elxfcoe
State : Stopped
Name : elxstor
Path : C:\Windows\system32\drivers\elxstor.sys
Service Type : Kernel Driver
Description : elxstor
State : Stopped
Name : ErrDev
Path : C:\Windows\system32\drivers\errdev.sys
Service Type : Kernel Driver
Description : Microsoft Hardware Error Device Driver
State : Running
Name : exfat
Path : C:\Windows\system32\drivers\exfat.sys
Service Type : File System Driver
Description : exFAT File System Driver
State : Stopped
Name : fastfat
Path : C:\Windows\system32\drivers\fastfat.sys
Service Type : File System Driver
Description : FAT12/16/32 File System Driver
State : Running
Name : fcvsc
Path : C:\Windows\system32\drivers\fcvsc.sys
Service Type : Kernel Driver
Description : fcvsc
State : Stopped
Name : fdc
Path : C:\Windows\system32\drivers\fdc.sys
Service Type : Kernel Driver
Description : Floppy Disk Controller Driver
State : Stopped
Name : FileCrypt
Path : C:\Windows\system32\drivers\filecrypt.sys
Service Type : File System Driver
Description : FileCrypt
State : Running
Name : FileInfo
Path : C:\Windows\system32\drivers\fileinfo.sys
Service Type : File System Driver
Description : File Information FS MiniFilter
State : Stopped
Name : Filetrace
Path : C:\Windows\system32\drivers\filetrace.sys
Service Type : File System Driver
Description : Filetrace
State : Stopped
Name : file_monitor
Path : C:\Windows\system32\DRIVERS\file_monitor.sys
Service Type : File System Driver
Description : file_monitor
State : Running
Name : file_protector
Path : C:\Windows\system32\DRIVERS\file_protector.sys
Service Type : File System Driver
Description : Acronis File Protector Driver
State : Running
Name : flpydisk
Path : C:\Windows\system32\drivers\flpydisk.sys
Service Type : Kernel Driver
Description : Floppy Disk Driver
State : Stopped
Name : FltMgr
Path : C:\Windows\system32\drivers\fltmgr.sys
Service Type : File System Driver
Description : FltMgr
State : Running
Name : fltsrv
Path : C:\Windows\system32\DRIVERS\fltsrv.sys
Service Type : Kernel Driver
Description : Acronis Storage Filter Management
State : Running
Name : FsDepends
Path : C:\Windows\system32\drivers\FsDepends.sys
Service Type : File System Driver
Description : File System Dependency Minifilter
State : Stopped
Name : gencounter
Path : C:\Windows\system32\drivers\vmgencounter.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Generation Counter
State : Stopped
Name : genericusbfn
Path : C:\Windows\system32\drivers\genericusbfn.sys
Service Type : Kernel Driver
Description : Generic USB Function Class
State : Stopped
Name : GPIOClx0101
Path : C:\Windows\system32\Drivers\msgpioclx.sys
Service Type : Kernel Driver
Description : Microsoft GPIO Class Extension Driver
State : Stopped
Name : HDAudBus
Path : C:\Windows\system32\drivers\HDAudBus.sys
Service Type : Kernel Driver
Description : Microsoft UAA Bus Driver for High Definition Audio
State : Stopped
Name : HidBatt
Path : C:\Windows\system32\drivers\HidBatt.sys
Service Type : Kernel Driver
Description : HID UPS Battery Driver
State : Stopped
Name : hidinterrupt
Path : C:\Windows\system32\drivers\hidinterrupt.sys
Service Type : Kernel Driver
Description : Common Driver for HID Buttons implemented with interrupts
State : Stopped
Name : HidUsb
Path : C:\Windows\system32\drivers\hidusb.sys
Service Type : Kernel Driver
Description : Microsoft HID Class Driver
State : Stopped
Name : HpSAMD
Path : C:\Windows\system32\drivers\HpSAMD.sys
Service Type : Kernel Driver
Description : HpSAMD
State : Stopped
Name : HTTP
Path : C:\Windows\system32\drivers\HTTP.sys
Service Type : Kernel Driver
Description : HTTP Service
State : Running
Name : hvcrash
Path : C:\Windows\system32\drivers\hvcrash.sys
Service Type : Kernel Driver
Description : hvcrash
State : Stopped
Name : hvservice
Path : C:\Windows\system32\drivers\hvservice.sys
Service Type : Kernel Driver
Description : Hypervisor/Virtual Machine Support Driver
State : Stopped
Name : HwNClx0101
Path : C:\Windows\system32\Drivers\mshwnclx.sys
Service Type : Kernel Driver
Description : Microsoft Hardware Notifications Class Extension Driver
State : Stopped
Name : hwpolicy
Path : C:\Windows\system32\drivers\hwpolicy.sys
Service Type : Kernel Driver
Description : Hardware Policy Driver
State : Stopped
Name : hyperkbd
Path : C:\Windows\system32\drivers\hyperkbd.sys
Service Type : Kernel Driver
Description : hyperkbd
State : Stopped
Name : HyperVideo
Path : C:\Windows\system32\drivers\HyperVideo.sys
Service Type : Kernel Driver
Description : HyperVideo
State : Stopped
Name : i8042prt
Path : C:\Windows\system32\drivers\i8042prt.sys
Service Type : Kernel Driver
Description : i8042 Keyboard and PS/2 Mouse Port Driver
State : Stopped
Name : iaLPSSi_GPIO
Path : C:\Windows\system32\drivers\iaLPSSi_GPIO.sys
Service Type : Kernel Driver
Description : Intel(R) Serial IO GPIO Controller Driver
State : Stopped
Name : iaLPSSi_I2C
Path : C:\Windows\system32\drivers\iaLPSSi_I2C.sys
Service Type : Kernel Driver
Description : Intel(R) Serial IO I2C Controller Driver
State : Stopped
Name : iaStorAVC
Path : C:\Windows\system32\drivers\iaStorAVC.sys
Service Type : Kernel Driver
Description : Intel Chipset SATA RAID Controller
State : Stopped
Name : iaStorV
Path : C:\Windows\system32\drivers\iaStorV.sys
Service Type : Kernel Driver
Description : Intel RAID Controller Windows 7
State : Stopped
Name : ibbus
Path : C:\Windows\system32\drivers\ibbus.sys
Service Type : Kernel Driver
Description : Mellanox InfiniBand Bus/AL (Filter Driver)
State : Stopped
Name : IndirectKmd
Path : C:\Windows\system32\drivers\IndirectKmd.sys
Service Type : Kernel Driver
Description : Indirect Displays Kernel-Mode Driver
State : Stopped
Name : intelide
Path : C:\Windows\system32\drivers\intelide.sys
Service Type : Kernel Driver
Description : intelide
State : Stopped
Name : intelpep
Path : C:\Windows\system32\drivers\intelpep.sys
Service Type : Kernel Driver
Description : Intel(R) Power Engine Plug-in Driver
State : Running
Name : intelppm
Path : C:\Windows\system32\drivers\intelppm.sys
Service Type : Kernel Driver
Description : Intel Processor Driver
State : Running
Name : IpFilterDriver
Path : C:\Windows\system32\DRIVERS\ipfltdrv.sys
Service Type : Kernel Driver
Description : IP Traffic Filter Driver
State : Stopped
Name : IPMIDRV
Path : C:\Windows\system32\drivers\IPMIDrv.sys
Service Type : Kernel Driver
Description : IPMIDRV
State : Running
Name : IPNAT
Path : C:\Windows\system32\drivers\ipnat.sys
Service Type : Kernel Driver
Description : IP Network Address Translator
State : Stopped
Name : IPsecGW
Path : C:\Windows\system32\drivers\ipsecgw.sys
Service Type : Kernel Driver
Description : Windows IPsec Gateway Driver
State : Stopped
Name : IPT
Path : C:\Windows\system32\drivers\ipt.sys
Service Type : Kernel Driver
Description : IPT
State : Stopped
Name : isapnp
Path : C:\Windows\system32\drivers\isapnp.sys
Service Type : Kernel Driver
Description : isapnp
State : Stopped
Name : iScsiPrt
Path : C:\Windows\system32\drivers\msiscsi.sys
Service Type : Kernel Driver
Description : iScsiPort Driver
State : Stopped
Name : ItSas35i
Path : C:\Windows\system32\drivers\ItSas35i.sys
Service Type : Kernel Driver
Description : ItSas35i
State : Stopped
Name : kbdclass
Path : C:\Windows\system32\drivers\kbdclass.sys
Service Type : Kernel Driver
Description : Keyboard Class Driver
State : Running
Name : kbdhid
Path : C:\Windows\system32\drivers\kbdhid.sys
Service Type : Kernel Driver
Description : Keyboard HID Driver
State : Stopped
Name : kdnic
Path : C:\Windows\system32\drivers\kdnic.sys
Service Type : Kernel Driver
Description : Microsoft Kernel Debug Network Miniport (NDIS 6.20)
State : Running
Name : KSecDD
Path : C:\Windows\system32\Drivers\ksecdd.sys
Service Type : Kernel Driver
Description : KSecDD
State : Running
Name : KSecPkg
Path : C:\Windows\system32\Drivers\ksecpkg.sys
Service Type : Kernel Driver
Description : KSecPkg
State : Running
Name : ksthunk
Path : C:\Windows\system32\drivers\ksthunk.sys
Service Type : Kernel Driver
Description : Kernel Streaming Thunks
State : Stopped
Name : lltdio
Path : C:\Windows\system32\drivers\lltdio.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Mapper I/O Driver
State : Running
Name : LSI_SAS
Path : C:\Windows\system32\drivers\lsi_sas.sys
Service Type : Kernel Driver
Description : LSI_SAS
State : Stopped
Name : LSI_SAS2i
Path : C:\Windows\system32\drivers\lsi_sas2i.sys
Service Type : Kernel Driver
Description : LSI_SAS2i
State : Stopped
Name : LSI_SAS3i
Path : C:\Windows\system32\drivers\lsi_sas3i.sys
Service Type : Kernel Driver
Description : LSI_SAS3i
State : Stopped
Name : LSI_SSS
Path : C:\Windows\system32\drivers\lsi_sss.sys
Service Type : Kernel Driver
Description : LSI_SSS
State : Stopped
Name : luafv
Path : C:\Windows\system32\drivers\luafv.sys
Service Type : File System Driver
Description : UAC File Virtualization
State : Running
Name : mausbhost
Path : C:\Windows\system32\drivers\mausbhost.sys
Service Type : Kernel Driver
Description : MA-USB Host Controller Driver
State : Stopped
Name : mausbip
Path : C:\Windows\system32\drivers\mausbip.sys
Service Type : Kernel Driver
Description : MA-USB IP Filter Driver
State : Stopped
Name : megasas
Path : C:\Windows\system32\drivers\megasas.sys
Service Type : Kernel Driver
Description : megasas
State : Stopped
Name : megasas2i
Path : C:\Windows\system32\drivers\MegaSas2i.sys
Service Type : Kernel Driver
Description : megasas2i
State : Stopped
Name : megasas35i
Path : C:\Windows\system32\drivers\megasas35i.sys
Service Type : Kernel Driver
Description : megasas35i
State : Stopped
Name : megasr
Path : C:\Windows\system32\drivers\megasr.sys
Service Type : Kernel Driver
Description : megasr
State : Stopped
Name : Microsoft_Bluetooth_AvrcpTransport
Path : C:\Windows\system32\drivers\Microsoft.Bluetooth.AvrcpTransport.sys
Service Type : Kernel Driver
Description : Microsoft Bluetooth Avrcp Transport Driver
State : Stopped
Name : mlx4_bus
Path : C:\Windows\system32\drivers\mlx4_bus.sys
Service Type : Kernel Driver
Description : Mellanox ConnectX Bus Enumerator
State : Stopped
Name : MMCSS
Path : C:\Windows\system32\drivers\mmcss.sys
Service Type : Kernel Driver
Description : Multimedia Class Scheduler
State : Stopped
Name : Modem
Path : C:\Windows\system32\drivers\modem.sys
Service Type : Kernel Driver
Description : Modem
State : Stopped
Name : monitor
Path : C:\Windows\system32\drivers\monitor.sys
Service Type : Kernel Driver
Description : Microsoft Monitor Class Function Driver Service
State : Stopped
Name : mouclass
Path : C:\Windows\system32\drivers\mouclass.sys
Service Type : Kernel Driver
Description : Mouse Class Driver
State : Running
Name : mouhid
Path : C:\Windows\system32\drivers\mouhid.sys
Service Type : Kernel Driver
Description : Mouse HID Driver
State : Stopped
Name : mountmgr
Path : C:\Windows\system32\drivers\mountmgr.sys
Service Type : Kernel Driver
Description : Mount Point Manager
State : Running
Name : mpsdrv
Path : C:\Windows\system32\drivers\mpsdrv.sys
Service Type : Kernel Driver
Description : Windows Defender Firewall Authorization Driver
State : Running
Name : mrxsmb
Path : C:\Windows\system32\DRIVERS\mrxsmb.sys
Service Type : File System Driver
Description : SMB MiniRedirector Wrapper and Engine
State : Running
Name : mrxsmb20
Path : C:\Windows\system32\DRIVERS\mrxsmb20.sys
Service Type : File System Driver
Description : SMB 2.0 MiniRedirector
State : Running
Name : MsBridge
Path : C:\Windows\system32\drivers\bridge.sys
Service Type : Kernel Driver
Description : Microsoft MAC Bridge
State : Stopped
Name : Msfs
Path : C:\Windows\system32\drivers\Msfs.sys
Service Type : File System Driver
Description : Msfs
State : Running
Name : msgpiowin32
Path : C:\Windows\system32\drivers\msgpiowin32.sys
Service Type : Kernel Driver
Description : Common Driver for Buttons, DockMode and Laptop/Slate Indicator
State : Stopped
Name : mshidkmdf
Path : C:\Windows\system32\drivers\mshidkmdf.sys
Service Type : Kernel Driver
Description : Pass-through HID to KMDF Filter Driver
State : Stopped
Name : mshidumdf
Path : C:\Windows\system32\drivers\mshidumdf.sys
Service Type : Kernel Driver
Description : Pass-through HID to UMDF Driver
State : Stopped
Name : msisadrv
Path : C:\Windows\system32\drivers\msisadrv.sys
Service Type : Kernel Driver
Description : msisadrv
State : Running
Name : MSKSSRV
Path : C:\Windows\system32\drivers\MSKSSRV.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Service Proxy
State : Stopped
Name : MsLbfoProvider
Path : C:\Windows\system32\drivers\MsLbfoProvider.sys
Service Type : Kernel Driver
Description : Microsoft Load Balancing/Failover Provider
State : Stopped
Name : MsLldp
Path : C:\Windows\system32\drivers\mslldp.sys
Service Type : Kernel Driver
Description : Microsoft Link-Layer Discovery Protocol
State : Running
Name : MSPCLOCK
Path : C:\Windows\system32\drivers\MSPCLOCK.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Clock Proxy
State : Stopped
Name : MSPQM
Path : C:\Windows\system32\drivers\MSPQM.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Quality Manager Proxy
State : Stopped
Name : MsRPC
Path : C:\Windows\system32\drivers\MsRPC.sys
Service Type : Kernel Driver
Description : MsRPC
State : Stopped
Name : MsSecCore
Path : C:\Windows\system32\drivers\msseccore.sys
Service Type : Kernel Driver
Description : Microsoft Security Core Boot Driver
State : Running
Name : MsSecFlt
Path : C:\Windows\system32\drivers\mssecflt.sys
Service Type : Kernel Driver
Description : Microsoft Security Events Component Minifilter
State : Stopped
Name : MsSecWfp
Path : C:\Windows\system32\drivers\mssecwfp.sys
Service Type : Kernel Driver
Description : Microsoft Security WFP Callout Driver
State : Stopped
Name : mssmbios
Path : C:\Windows\system32\drivers\mssmbios.sys
Service Type : Kernel Driver
Description : Microsoft System Management BIOS Driver
State : Running
Name : MSTEE
Path : C:\Windows\system32\drivers\MSTEE.sys
Service Type : Kernel Driver
Description : Microsoft Streaming Tee/Sink-to-Sink Converter
State : Stopped
Name : MTConfig
Path : C:\Windows\system32\drivers\MTConfig.sys
Service Type : Kernel Driver
Description : Microsoft Input Configuration Driver
State : Stopped
Name : Mup
Path : C:\Windows\system32\Drivers\mup.sys
Service Type : File System Driver
Description : Mup
State : Running
Name : mvumis
Path : C:\Windows\system32\drivers\mvumis.sys
Service Type : Kernel Driver
Description : mvumis
State : Stopped
Name : MxG2hDO64
Path : C:\Windows\system32\DRIVERS\MxG2hDO64.sys
Service Type : Kernel Driver
Description : MxG2hDO64
State : Running
Name : ndfltr
Path : C:\Windows\system32\drivers\ndfltr.sys
Service Type : Kernel Driver
Description : NetworkDirect Service
State : Stopped
Name : NDIS
Path : C:\Windows\system32\drivers\ndis.sys
Service Type : Kernel Driver
Description : NDIS System Driver
State : Running
Name : NdisCap
Path : C:\Windows\system32\drivers\ndiscap.sys
Service Type : Kernel Driver
Description : Microsoft NDIS Capture
State : Stopped
Name : NdisImPlatform
Path : C:\Windows\system32\drivers\NdisImPlatform.sys
Service Type : Kernel Driver
Description : Microsoft Network Adapter Multiplexor Protocol
State : Stopped
Name : NdisTapi
Path : C:\Windows\system32\DRIVERS\ndistapi.sys
Service Type : Kernel Driver
Description : Remote Access NDIS TAPI Driver
State : Running
Name : Ndisuio
Path : C:\Windows\system32\drivers\ndisuio.sys
Service Type : Kernel Driver
Description : NDIS Usermode I/O Protocol
State : Stopped
Name : NdisVirtualBus
Path : C:\Windows\system32\drivers\NdisVirtualBus.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Network Adapter Enumerator
State : Running
Name : NdisWan
Path : C:\Windows\system32\drivers\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access NDIS WAN Driver
State : Running
Name : ndiswanlegacy
Path : C:\Windows\system32\DRIVERS\ndiswan.sys
Service Type : Kernel Driver
Description : Remote Access LEGACY NDIS WAN Driver
State : Stopped
Name : ndproxy
Path : C:\Windows\system32\DRIVERS\NDProxy.sys
Service Type : Kernel Driver
Description : NDIS Proxy Driver
State : Running
Name : nechesasr
Path : C:\Windows\system32\drivers\nechesasr.sys
Service Type : Kernel Driver
Description : iLO 5 ASR Driver
State : Running
Name : necheschif
Path : C:\Windows\system32\drivers\necheschif.sys
Service Type : Kernel Driver
Description : iLO 5 CHIF Driver
State : Running
Name : NetAdapterCx
Path : C:\Windows\system32\drivers\NetAdapterCx.sys
Service Type : Kernel Driver
Description : Network Adapter Wdf Class Extension Library
State : Stopped
Name : NetBIOS
Path : C:\Windows\system32\drivers\netbios.sys
Service Type : File System Driver
Description : NetBIOS Interface
State : Running
Name : NetBT
Path : C:\Windows\system32\DRIVERS\netbt.sys
Service Type : Kernel Driver
Description : NetBT
State : Running
Name : netvsc
Path : C:\Windows\system32\drivers\netvsc.sys
Service Type : Kernel Driver
Description : netvsc
State : Stopped
Name : ng-netfilter
Path : C:\Windows\system32\DRIVERS\ng-netfilter.sys
Service Type : Kernel Driver
Description : ng-netfilter
State : Stopped
Name : ngelam
Path : C:\Windows\system32\drivers\ngelam.sys
Service Type : Kernel Driver
Description : ngelam
State : Stopped
Name : NgScan
Path : C:\Windows\system32\DRIVERS\ngscan.sys
Service Type : File System Driver
Description : NgScan
State : Running
Name : Npfs
Path : C:\Windows\system32\drivers\Npfs.sys
Service Type : File System Driver
Description : Npfs
State : Running
Name : npsvctrig
Path : C:\Windows\system32\drivers\npsvctrig.sys
Service Type : Kernel Driver
Description : Named pipe service trigger provider
State : Running
Name : nsiproxy
Path : C:\Windows\system32\drivers\nsiproxy.sys
Service Type : Kernel Driver
Description : NSI Proxy Service Driver
State : Running
Name : Ntfs
Path : C:\Windows\system32\drivers\Ntfs.sys
Service Type : File System Driver
Description : Ntfs
State : Running
Name : Null
Path : C:\Windows\system32\drivers\Null.sys
Service Type : Kernel Driver
Description : Null
State : Running
Name : nvdimm
Path : C:\Windows\system32\drivers\nvdimm.sys
Service Type : Kernel Driver
Description : Microsoft NVDIMM device driver
State : Stopped
Name : nvraid
Path : C:\Windows\system32\drivers\nvraid.sys
Service Type : Kernel Driver
Description : nvraid
State : Stopped
Name : nvstor
Path : C:\Windows\system32\drivers\nvstor.sys
Service Type : Kernel Driver
Description : nvstor
State : Stopped
Name : Parport
Path : C:\Windows\system32\drivers\parport.sys
Service Type : Kernel Driver
Description : Parallel port driver
State : Stopped
Name : partmgr
Path : C:\Windows\system32\drivers\partmgr.sys
Service Type : Kernel Driver
Description : Partition driver
State : Running
Name : pci
Path : C:\Windows\system32\drivers\pci.sys
Service Type : Kernel Driver
Description : PCI Bus Driver
State : Running
Name : pciide
Path : C:\Windows\system32\drivers\pciide.sys
Service Type : Kernel Driver
Description : pciide
State : Stopped
Name : pcmcia
Path : C:\Windows\system32\drivers\pcmcia.sys
Service Type : Kernel Driver
Description : pcmcia
State : Stopped
Name : pcw
Path : C:\Windows\system32\drivers\pcw.sys
Service Type : Kernel Driver
Description : Performance Counters for Windows Driver
State : Running
Name : pdc
Path : C:\Windows\system32\drivers\pdc.sys
Service Type : Kernel Driver
Description : pdc
State : Running
Name : PEAUTH
Path : C:\Windows\system32\drivers\peauth.sys
Service Type : Kernel Driver
Description : PEAUTH
State : Running
Name : percsas2i
Path : C:\Windows\system32\drivers\percsas2i.sys
Service Type : Kernel Driver
Description : percsas2i
State : Stopped
Name : percsas3i
Path : C:\Windows\system32\drivers\percsas3i.sys
Service Type : Kernel Driver
Description : percsas3i
State : Stopped
Name : PktMon
Path : C:\Windows\system32\drivers\PktMon.sys
Service Type : Kernel Driver
Description : Packet Monitor Driver
State : Stopped
Name : pmem
Path : C:\Windows\system32\drivers\pmem.sys
Service Type : Kernel Driver
Description : Microsoft persistent memory disk driver
State : Stopped
Name : PNPMEM
Path : C:\Windows\system32\drivers\pnpmem.sys
Service Type : Kernel Driver
Description : Microsoft Memory Module Driver
State : Stopped
Name : PptpMiniport
Path : C:\Windows\system32\drivers\raspptp.sys
Service Type : Kernel Driver
Description : WAN Miniport (PPTP)
State : Running
Name : Processor
Path : C:\Windows\system32\drivers\processr.sys
Service Type : Kernel Driver
Description : Processor Driver
State : Stopped
Name : Psched
Path : C:\Windows\system32\drivers\pacer.sys
Service Type : Kernel Driver
Description : QoS Packet Scheduler
State : Running
Name : qebdrv
Path : C:\Windows\system32\drivers\qevbda.sys
Service Type : Kernel Driver
Description : QLogic FastLinQ Ethernet VBD
State : Stopped
Name : qefcoe
Path : C:\Windows\system32\drivers\qefcoe.sys
Service Type : Kernel Driver
Description : QLogic FCoE driver
State : Stopped
Name : qeois
Path : C:\Windows\system32\drivers\qeois.sys
Service Type : Kernel Driver
Description : QLogic 40G iSCSI Driver
State : Stopped
Name : ql2300i
Path : C:\Windows\system32\drivers\ql2300i.sys
Service Type : Kernel Driver
Description : QLogic Fibre Channel STOR Miniport Inbox Driver (wx64)
State : Stopped
Name : ql40xx2i
Path : C:\Windows\system32\drivers\ql40xx2i.sys
Service Type : Kernel Driver
Description : QLogic iSCSI Miniport Inbox Driver
State : Stopped
Name : qlfcoei
Path : C:\Windows\system32\drivers\qlfcoei.sys
Service Type : Kernel Driver
Description : QLogic [FCoE] STOR Miniport Inbox Driver (wx64)
State : Stopped
Name : QWAVEdrv
Path : C:\Windows\system32\drivers\qwavedrv.sys
Service Type : Kernel Driver
Description : QWAVE driver
State : Stopped
Name : Ramdisk
Path : C:\Windows\system32\DRIVERS\ramdisk.sys
Service Type : Kernel Driver
Description : Windows RAM Disk Driver
State : Stopped
Name : RasAcd
Path : C:\Windows\system32\DRIVERS\rasacd.sys
Service Type : Kernel Driver
Description : Remote Access Auto Connection Driver
State : Stopped
Name : RasAgileVpn
Path : C:\Windows\system32\drivers\AgileVpn.sys
Service Type : Kernel Driver
Description : WAN Miniport (IKEv2)
State : Running
Name : RasGre
Path : C:\Windows\system32\drivers\rasgre.sys
Service Type : Kernel Driver
Description : WAN Miniport (GRE)
State : Running
Name : Rasl2tp
Path : C:\Windows\system32\drivers\rasl2tp.sys
Service Type : Kernel Driver
Description : WAN Miniport (L2TP)
State : Running
Name : RasPppoe
Path : C:\Windows\system32\DRIVERS\raspppoe.sys
Service Type : Kernel Driver
Description : Remote Access PPPOE Driver
State : Running
Name : RasSstp
Path : C:\Windows\system32\drivers\rassstp.sys
Service Type : Kernel Driver
Description : WAN Miniport (SSTP)
State : Running
Name : rdbss
Path : C:\Windows\system32\DRIVERS\rdbss.sys
Service Type : File System Driver
Description : Redirected Buffering Sub System
State : Running
Name : rdpbus
Path : C:\Windows\system32\drivers\rdpbus.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Bus Driver
State : Running
Name : RDPDR
Path : C:\Windows\system32\drivers\rdpdr.sys
Service Type : Kernel Driver
Description : Remote Desktop Device Redirector Driver
State : Running
Name : RdpVideoMiniport
Path : C:\Windows\system32\drivers\rdpvideominiport.sys
Service Type : Kernel Driver
Description : Remote Desktop Video Miniport Driver
State : Running
Name : ReFS
Path : C:\Windows\system32\drivers\ReFS.sys
Service Type : File System Driver
Description : ReFS
State : Stopped
Name : ReFSv1
Path : C:\Windows\system32\drivers\ReFSv1.sys
Service Type : File System Driver
Description : ReFSv1
State : Stopped
Name : RegCacheFilter
Path : C:\Windows\system32\DRIVERS\RegCacheFilter.sys
Service Type : File System Driver
Description : RegCacheFilter
State : Running
Name : RFCOMM
Path : C:\Windows\system32\drivers\rfcomm.sys
Service Type : Kernel Driver
Description : Bluetooth Device (RFCOMM Protocol TDI)
State : Stopped
Name : rhproxy
Path : C:\Windows\system32\drivers\rhproxy.sys
Service Type : Kernel Driver
Description : Resource Hub proxy driver
State : Stopped
Name : RsFx0603
Path : C:\Windows\system32\DRIVERS\RsFx0603.sys
Service Type : File System Driver
Description : RsFx0603 Driver
State : Stopped
Name : rspndr
Path : C:\Windows\system32\drivers\rspndr.sys
Service Type : Kernel Driver
Description : Link-Layer Topology Discovery Responder
State : Running
Name : s3cap
Path : C:\Windows\system32\drivers\vms3cap.sys
Service Type : Kernel Driver
Description : s3cap
State : Stopped
Name : sacdrv
Path : C:\Windows\system32\DRIVERS\sacdrv.sys
Service Type : Kernel Driver
Description : sacdrv
State : Stopped
Name : sbp2port
Path : C:\Windows\system32\drivers\sbp2port.sys
Service Type : Kernel Driver
Description : SBP-2 Transport/Protocol Bus Driver
State : Stopped
Name : scfilter
Path : C:\Windows\system32\DRIVERS\scfilter.sys
Service Type : Kernel Driver
Description : Smart card PnP Class Filter Driver
State : Stopped
Name : scmbus
Path : C:\Windows\system32\drivers\scmbus.sys
Service Type : Kernel Driver
Description : Microsoft Storage Class Memory Bus Driver
State : Stopped
Name : sdbus
Path : C:\Windows\system32\drivers\sdbus.sys
Service Type : Kernel Driver
Description : sdbus
State : Stopped
Name : SDFRd
Path : C:\Windows\system32\drivers\SDFRd.sys
Service Type : Kernel Driver
Description : SDF Reflector
State : Stopped
Name : sdstor
Path : C:\Windows\system32\drivers\sdstor.sys
Service Type : Kernel Driver
Description : SD Storage Port Driver
State : Stopped
Name : SerCx
Path : C:\Windows\system32\drivers\SerCx.sys
Service Type : Kernel Driver
Description : Serial UART Support Library
State : Stopped
Name : SerCx2
Path : C:\Windows\system32\drivers\SerCx2.sys
Service Type : Kernel Driver
Description : Serial UART Support Library
State : Stopped
Name : Serenum
Path : C:\Windows\system32\drivers\serenum.sys
Service Type : Kernel Driver
Description : Serenum Filter Driver
State : Running
Name : Serial
Path : C:\Windows\system32\drivers\serial.sys
Service Type : Kernel Driver
Description : Serial port driver
State : Running
Name : sermouse
Path : C:\Windows\system32\drivers\sermouse.sys
Service Type : Kernel Driver
Description : Serial Mouse Driver
State : Stopped
Name : sfloppy
Path : C:\Windows\system32\drivers\sfloppy.sys
Service Type : Kernel Driver
Description : High-Capacity Floppy Disk Drive
State : Stopped
Name : SgrmAgent
Path : C:\Windows\system32\drivers\SgrmAgent.sys
Service Type : Kernel Driver
Description : System Guard Runtime Monitor Agent
State : Running
Name : SiSRaid2
Path : C:\Windows\system32\drivers\SiSRaid2.sys
Service Type : Kernel Driver
Description : SiSRaid2
State : Stopped
Name : SiSRaid4
Path : C:\Windows\system32\drivers\sisraid4.sys
Service Type : Kernel Driver
Description : SiSRaid4
State : Stopped
Name : SmartPqi
Path : C:\Windows\system32\drivers\SmartPqi.sys
Service Type : Kernel Driver
Description : SmartPqi
State : Running
Name : SmartSAMD
Path : C:\Windows\system32\drivers\SmartSAMD.sys
Service Type : Kernel Driver
Description : SmartSAMD
State : Stopped
Name : smbdirect
Path : C:\Windows\system32\DRIVERS\smbdirect.sys
Service Type : File System Driver
Description : smbdirect
State : Stopped
Name : snapman
Path : C:\Windows\system32\DRIVERS\snapman.sys
Service Type : Kernel Driver
Description : Acronis Snapshots Manager
State : Running
Name : spaceport
Path : C:\Windows\system32\drivers\spaceport.sys
Service Type : Kernel Driver
Description : Storage Spaces Driver
State : Running
Name : SpbCx
Path : C:\Windows\system32\drivers\SpbCx.sys
Service Type : Kernel Driver
Description : Simple Peripheral Bus Support Library
State : Stopped
Name : srv2
Path : C:\Windows\system32\DRIVERS\srv2.sys
Service Type : File System Driver
Description : Server SMB 2.xxx Driver
State : Running
Name : srvnet
Path : C:\Windows\system32\DRIVERS\srvnet.sys
Service Type : File System Driver
Description : srvnet
State : Running
Name : stexstor
Path : C:\Windows\system32\drivers\stexstor.sys
Service Type : Kernel Driver
Description : stexstor
State : Stopped
Name : storahci
Path : C:\Windows\system32\drivers\storahci.sys
Service Type : Kernel Driver
Description : Microsoft Standard SATA AHCI Driver
State : Stopped
Name : storflt
Path : C:\Windows\system32\drivers\vmstorfl.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Storage Accelerator
State : Stopped
Name : stornvme
Path : C:\Windows\system32\drivers\stornvme.sys
Service Type : Kernel Driver
Description : Microsoft Standard NVM Express Driver
State : Stopped
Name : storqosflt
Path : C:\Windows\system32\drivers\storqosflt.sys
Service Type : File System Driver
Description : Storage QoS Filter Driver
State : Running
Name : storufs
Path : C:\Windows\system32\drivers\storufs.sys
Service Type : Kernel Driver
Description : Microsoft Universal Flash Storage (UFS) Driver
State : Stopped
Name : storvsc
Path : C:\Windows\system32\drivers\storvsc.sys
Service Type : Kernel Driver
Description : storvsc
State : Stopped
Name : swenum
Path : C:\Windows\system32\DriverStore\FileRepository\swenum.inf_amd64_31f554b660026323\swenum.sys
Service Type : Kernel Driver
Description : Software Bus Driver
State : Running
Name : Synth3dVsc
Path : C:\Windows\system32\drivers\Synth3dVsc.sys
Service Type : Kernel Driver
Description : Synth3dVsc
State : Stopped
Name : system_monitor
Path : C:\Windows\system32\DRIVERS\system_monitor.sys
Service Type : Kernel Driver
Description : system_monitor
State : Running
Name : Tcpip
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : TCP/IP Protocol Driver
State : Running
Name : Tcpip6
Path : C:\Windows\system32\drivers\tcpip.sys
Service Type : Kernel Driver
Description : @todo.dll,-100;Microsoft IPv6 Protocol Driver
State : Stopped
Name : tcpipreg
Path : C:\Windows\system32\drivers\tcpipreg.sys
Service Type : Kernel Driver
Description : TCP/IP Registry Compatibility
State : Running
Name : tdx
Path : C:\Windows\system32\DRIVERS\tdx.sys
Service Type : Kernel Driver
Description : NetIO Legacy TDI Support Driver
State : Running
Name : terminpt
Path : C:\Windows\system32\drivers\terminpt.sys
Service Type : Kernel Driver
Description : Microsoft Remote Desktop Input Driver
State : Running
Name : tib_mounter
Path : C:\Windows\system32\DRIVERS\tib_mounter.sys
Service Type : Kernel Driver
Description : Acronis TIB Mounter
State : Running
Name : TPM
Path : C:\Windows\system32\drivers\tpm.sys
Service Type : Kernel Driver
Description : TPM
State : Stopped
Name : TsUsbFlt
Path : C:\Windows\system32\drivers\tsusbflt.sys
Service Type : Kernel Driver
Description : Remote Desktop USB Hub Class Filter Driver
State : Stopped
Name : TsUsbGD
Path : C:\Windows\system32\drivers\TsUsbGD.sys
Service Type : Kernel Driver
Description : Remote Desktop Generic USB Device
State : Stopped
Name : tsusbhub
Path : C:\Windows\system32\drivers\tsusbhub.sys
Service Type : Kernel Driver
Description : Remote Desktop USB Hub
State : Stopped
Name : tunnel
Path : C:\Windows\system32\drivers\tunnel.sys
Service Type : Kernel Driver
Description : Microsoft Tunnel Miniport Adapter Driver
State : Stopped
Name : UASPStor
Path : C:\Windows\system32\drivers\uaspstor.sys
Service Type : Kernel Driver
Description : USB Attached SCSI (UAS) Driver
State : Stopped
Name : UcmCx0101
Path : C:\Windows\system32\Drivers\UcmCx.sys
Service Type : Kernel Driver
Description : USB Connector Manager KMDF Class Extension
State : Stopped
Name : UcmTcpciCx0101
Path : C:\Windows\system32\Drivers\UcmTcpciCx.sys
Service Type : Kernel Driver
Description : UCM-TCPCI KMDF Class Extension
State : Stopped
Name : UcmUcsi
Path : C:\Windows\system32\drivers\UcmUcsi.sys
Service Type : Kernel Driver
Description : USB Connector Manager UCSI Client
State : Stopped
Name : UcmUcsiAcpiClient
Path : C:\Windows\system32\drivers\UcmUcsiAcpiClient.sys
Service Type : Kernel Driver
Description : UCM-UCSI ACPI Client
State : Stopped
Name : UcmUcsiCx0101
Path : C:\Windows\system32\Drivers\UcmUcsiCx.sys
Service Type : Kernel Driver
Description : UCM-UCSI KMDF Class Extension
State : Stopped
Name : Ucx01000
Path : C:\Windows\system32\drivers\ucx01000.sys
Service Type : Kernel Driver
Description : USB Host Support Library
State : Running
Name : UdeCx
Path : C:\Windows\system32\drivers\udecx.sys
Service Type : Kernel Driver
Description : USB Device Emulation Support Library
State : Stopped
Name : udfs
Path : C:\Windows\system32\DRIVERS\udfs.sys
Service Type : File System Driver
Description : udfs
State : Stopped
Name : UEFI
Path : C:\Windows\system32\drivers\UEFI.sys
Service Type : Kernel Driver
Description : Microsoft UEFI Driver
State : Stopped
Name : UevAgentDriver
Path : C:\Windows\system32\drivers\UevAgentDriver.sys
Service Type : File System Driver
Description : UevAgentDriver
State : Stopped
Name : Ufx01000
Path : C:\Windows\system32\drivers\ufx01000.sys
Service Type : Kernel Driver
Description : USB Function Class Extension
State : Stopped
Name : UfxChipidea
Path : C:\Windows\system32\drivers\UfxChipidea.sys
Service Type : Kernel Driver
Description : USB Chipidea Controller
State : Stopped
Name : ufxsynopsys
Path : C:\Windows\system32\drivers\ufxsynopsys.sys
Service Type : Kernel Driver
Description : USB Synopsys Controller
State : Stopped
Name : umbus
Path : C:\Windows\system32\drivers\umbus.sys
Service Type : Kernel Driver
Description : UMBus Enumerator Driver
State : Running
Name : UmPass
Path : C:\Windows\system32\drivers\umpass.sys
Service Type : Kernel Driver
Description : Microsoft UMPass Driver
State : Stopped
Name : UrsChipidea
Path : C:\Windows\system32\drivers\urschipidea.sys
Service Type : Kernel Driver
Description : Chipidea USB Role-Switch Driver
State : Stopped
Name : UrsCx01000
Path : C:\Windows\system32\drivers\urscx01000.sys
Service Type : Kernel Driver
Description : USB Role-Switch Support Library
State : Stopped
Name : UrsSynopsys
Path : C:\Windows\system32\drivers\urssynopsys.sys
Service Type : Kernel Driver
Description : Synopsys USB Role-Switch Driver
State : Stopped
Name : usbccgp
Path : C:\Windows\system32\drivers\usbccgp.sys
Service Type : Kernel Driver
Description : Microsoft USB Generic Parent Driver
State : Stopped
Name : usbehci
Path : C:\Windows\system32\drivers\usbehci.sys
Service Type : Kernel Driver
Description : Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
State : Running
Name : usbhub
Path : C:\Windows\system32\drivers\usbhub.sys
Service Type : Kernel Driver
Description : Microsoft USB Standard Hub Driver
State : Running
Name : USBHUB3
Path : C:\Windows\system32\drivers\UsbHub3.sys
Service Type : Kernel Driver
Description : SuperSpeed Hub
State : Running
Name : usbohci
Path : C:\Windows\system32\drivers\usbohci.sys
Service Type : Kernel Driver
Description : Microsoft USB Open Host Controller Miniport Driver
State : Stopped
Name : usbprint
Path : C:\Windows\system32\drivers\usbprint.sys
Service Type : Kernel Driver
Description : Microsoft USB PRINTER Class
State : Stopped
Name : usbser
Path : C:\Windows\system32\drivers\usbser.sys
Service Type : Kernel Driver
Description : Microsoft USB Serial Driver
State : Stopped
Name : USBSTOR
Path : C:\Windows\system32\drivers\USBSTOR.SYS
Service Type : Kernel Driver
Description : USB Mass Storage Driver
State : Running
Name : usbuhci
Path : C:\Windows\system32\drivers\usbuhci.sys
Service Type : Kernel Driver
Description : Microsoft USB Universal Host Controller Miniport Driver
State : Stopped
Name : USBXHCI
Path : C:\Windows\system32\drivers\USBXHCI.SYS
Service Type : Kernel Driver
Description : USB xHCI Compliant Host Controller
State : Running
Name : vdrvroot
Path : C:\Windows\system32\drivers\vdrvroot.sys
Service Type : Kernel Driver
Description : Microsoft Virtual Drive Enumerator
State : Running
Name : VerifierExt
Path : C:\Windows\system32\drivers\VerifierExt.sys
Service Type : Kernel Driver
Description : Driver Verifier Extension
State : Stopped
Name : vhdmp
Path : C:\Windows\system32\drivers\vhdmp.sys
Service Type : Kernel Driver
Description : vhdmp
State : Stopped
Name : vhf
Path : C:\Windows\system32\drivers\vhf.sys
Service Type : Kernel Driver
Description : Virtual HID Framework (VHF) Driver
State : Stopped
Name : vmbus
Path : C:\Windows\system32\drivers\vmbus.sys
Service Type : Kernel Driver
Description : Virtual Machine Bus
State : Stopped
Name : VMBusHID
Path : C:\Windows\system32\drivers\VMBusHID.sys
Service Type : Kernel Driver
Description : VMBusHID
State : Stopped
Name : vmgid
Path : C:\Windows\system32\drivers\vmgid.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Guest Infrastructure Driver
State : Stopped
Name : volmgr
Path : C:\Windows\system32\drivers\volmgr.sys
Service Type : Kernel Driver
Description : Volume Manager Driver
State : Running
Name : volmgrx
Path : C:\Windows\system32\drivers\volmgrx.sys
Service Type : Kernel Driver
Description : Dynamic Volume Manager
State : Running
Name : volsnap
Path : C:\Windows\system32\drivers\volsnap.sys
Service Type : Kernel Driver
Description : Volume Shadow Copy driver
State : Running
Name : volume
Path : C:\Windows\system32\drivers\volume.sys
Service Type : Kernel Driver
Description : Volume driver
State : Running
Name : volume_tracker
Path : C:\Windows\system32\DRIVERS\volume_tracker.sys
Service Type : Kernel Driver
Description : Acronis Volume Tracker
State : Running
Name : vpci
Path : C:\Windows\system32\drivers\vpci.sys
Service Type : Kernel Driver
Description : Microsoft Hyper-V Virtual PCI Bus
State : Stopped
Name : vsmraid
Path : C:\Windows\system32\drivers\vsmraid.sys
Service Type : Kernel Driver
Description : vsmraid
State : Stopped
Name : VSTXRAID
Path : C:\Windows\system32\drivers\vstxraid.sys
Service Type : Kernel Driver
Description : VIA StorX Storage RAID Controller Windows Driver
State : Stopped
Name : WacomPen
Path : C:\Windows\system32\drivers\wacompen.sys
Service Type : Kernel Driver
Description : Wacom Serial Pen HID Driver
State : Stopped
Name : wanarp
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IP ARP Driver
State : Running
Name : wanarpv6
Path : C:\Windows\system32\DRIVERS\wanarp.sys
Service Type : Kernel Driver
Description : Remote Access IPv6 ARP Driver
State : Stopped
Name : wcifs
Path : C:\Windows\system32\drivers\wcifs.sys
Service Type : File System Driver
Description : Windows Container Isolation
State : Running
Name : wcnfs
Path : C:\Windows\system32\drivers\wcnfs.sys
Service Type : File System Driver
Description : Windows Container Name Virtualization
State : Stopped
Name : Wdf01000
Path : C:\Windows\system32\drivers\Wdf01000.sys
Service Type : Kernel Driver
Description : Kernel Mode Driver Frameworks service
State : Running
Name : WdmCompanionFilter
Path : C:\Windows\system32\drivers\WdmCompanionFilter.sys
Service Type : Kernel Driver
Description : WdmCompanionFilter
State : Stopped
Name : WFPLWFS
Path : C:\Windows\system32\drivers\wfplwfs.sys
Service Type : Kernel Driver
Description : Microsoft Windows Filtering Platform
State : Running
Name : WIMMount
Path : C:\Windows\system32\drivers\wimmount.sys
Service Type : File System Driver
Description : WIMMount
State : Stopped
Name : WindowsTrustedRT
Path : C:\Windows\system32\drivers\WindowsTrustedRT.sys
Service Type : Kernel Driver
Description : Windows Trusted Execution Environment Class Extension
State : Running
Name : WindowsTrustedRTProxy
Path : C:\Windows\system32\drivers\WindowsTrustedRTProxy.sys
Service Type : Kernel Driver
Description : Microsoft Windows Trusted Runtime Secure Service
State : Running
Name : WinMad
Path : C:\Windows\system32\drivers\winmad.sys
Service Type : Kernel Driver
Description : WinMad Service
State : Stopped
Name : WinNat
Path : C:\Windows\system32\drivers\winnat.sys
Service Type : Kernel Driver
Description : Windows NAT Driver
State : Stopped
Name : WinQuic
Path : C:\Windows\system32\drivers\winquic.sys
Service Type : Kernel Driver
Description : WinQuic
State : Running
Name : WINUSB
Path : C:\Windows\system32\drivers\WinUSB.SYS
Service Type : Kernel Driver
Description : WinUsb Driver
State : Stopped
Name : WinVerbs
Path : C:\Windows\system32\drivers\winverbs.sys
Service Type : Kernel Driver
Description : WinVerbs Service
State : Stopped
Name : WmiAcpi
Path : C:\Windows\system32\drivers\wmiacpi.sys
Service Type : Kernel Driver
Description : Microsoft Windows Management Interface for ACPI
State : Running
Name : Wof
Path : C:\Windows\system32\drivers\Wof.sys
Service Type : File System Driver
Description : Windows Overlay File System Filter Driver
State : Running
Name : WpdUpFltr
Path : C:\Windows\system32\drivers\WpdUpFltr.sys
Service Type : Kernel Driver
Description : WPD Upper Class Filter Driver
State : Running
Name : ws2ifsl
Path : C:\Windows\system32\drivers\ws2ifsl.sys
Service Type : Kernel Driver
Description : Winsock IFS Driver
State : Stopped
Name : WudfPf
Path : C:\Windows\system32\drivers\WudfPf.sys
Service Type : Kernel Driver
Description : User Mode Driver Frameworks Platform Driver
State : Stopped
Name : WUDFRd
Path : C:\Windows\system32\drivers\WUDFRd.sys
Service Type : Kernel Driver
Description : Windows Driver Foundation - User-mode Driver Framework Reflector
State : Running
Name : WUDFWpdFs
Path : C:\Windows\system32\DRIVERS\WUDFRd.sys
Service Type : Kernel Driver
Description : WPD File System driver
State : Running
92438 - WordPad History
-
Synopsis
Nessus was able to gather WordPad opened file history on the remote host.
Description
Nessus was able to generate a report of files opened in WordPad on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output
tcp/0
C:\Users\Administrator\Desktop\Trade_cd.txt
D:\Techexcel Setup\Disable_administrative_shares.docx
C:\Users\techexcel\AppData\Local\Temp\5\Rar$DIa9436.30133\EQ_MRTM_0408.M03
D:\Techexcel\temp\ld_fp122931,fp122931_f_31032023_264496001022023012431.pdf
C:\Users\techexcel\AppData\Local\Temp\5\Rar$DIa9436.31859\EQ_MRTM_0408.M03
WordPad report attached.
D:\Techexcel Setup\Disable_administrative_shares.docx
C:\Users\techexcel\AppData\Local\Temp\5\Rar$DIa9436.30133\EQ_MRTM_0408.M03
D:\Techexcel\temp\ld_fp122931,fp122931_f_31032023_264496001022023012431.pdf
C:\Users\techexcel\AppData\Local\Temp\5\Rar$DIa9436.31859\EQ_MRTM_0408.M03
WordPad report attached.
Compliance 'FAILED'
Compliance 'SKIPPED'
Compliance 'PASSED'
Compliance 'INFO', 'WARNING', 'ERROR'
Remediations
Suggested Remediations
Taking the following actions across 10 hosts would resolve 28% of the vulnerabilities on the network.
| Action to take | Vulns | Hosts | ||
| KB4577015: Windows 10 Version 1607 and Windows Server 2016 September 2020 Security Update: Apply Cumulative Update KB4577015. | 1130 | 1 | ||
| Security Updates for Microsoft SQL Server (November 2025): Microsoft has released security updates for Microsoft SQL Server. | 714 | 7 | ||
| Security Updates for Microsoft Office Products (December 2025): Microsoft has released the following updates to address these issues: - KB5002812 - KB5002818 - KB5002819 | 545 | 1 | ||
| Security Updates for Microsoft Office Products (April 2021): Microsoft has released the following security updates to address this issue: -KB2553491 -KB2589361 -KB3178639 -KB3178643 -KB4504738 -KB4504722 -KB4504726 -KB4504724 -KB4504739 -KB4504727 | 322 | 1 | ||
| Install KB5071544 | 259 | 7 | ||
| Oracle Database Multiple Vulnerabilities (April 2012 CPU): Apply the appropriate patch according to the April 2012 Oracle Critical Patch Update advisory. | 174 | 1 | ||
| Security Updates for Microsoft .NET Framework (January 2025): Microsoft has released security updates for Microsoft .NET Framework. | 168 | 6 | ||
| Security Updates for Microsoft SQL Server OLE DB Driver (July 2024): Microsoft has released security updates for the Microsoft SQL OLE DB Driver. | 168 | 6 | ||
| Oracle Java SE Multiple Vulnerabilities (October 2025 CPU): Apply the appropriate patch according to the October 2025 Oracle Critical Patch Update advisory. | 148 | 2 | ||
| Mozilla Firefox < 146.0.1: Upgrade to Mozilla Firefox version 146.0.1 or later. | 126 | 1 | ||
| Install KB5071543 | 118 | 2 | ||
| Security Update for Microsoft .NET Core (October 2025): Update .NET Core, remove vulnerable packages and refer to vendor advisory. | 102 | 2 | ||
| Security Updates for Microsoft Excel Products (April 2021): Microsoft has released the following security updates to address this issue: -KB3017810 -KB4504721 -KB4504735 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. | 96 | 1 | ||
| Security Updates for Microsoft Word Products (December 2025): Microsoft has released KB5002806 to address this issue. | 81 | 1 | ||
| RARLAB WinRAR < 7.13 Directory Traversal (CVE-2025-8088): Upgrade to RARLAB WinRAR version 7.13 or later. | 63 | 9 | ||
| Security Updates for Microsoft Office Products (March 2021): Microsoft has released the following security updates to address this issue: -KB4493228 -KB4493203 -KB4504703 -KB4493225 -KB4493200 -KB4493214 | 59 | 1 | ||
| Security Updates for Outlook (July 2025): Microsoft has released KB5002747 to address this issue. | 48 | 1 | ||
| Install KB5002406 | 45 | 1 | ||
| Install KB4484243 | 43 | 1 | ||
| Security Updates for Microsoft Word Products (April 2021): Microsoft has released the following security updates to address this issue: -KB4493208 -KB4493218 -KB4493198 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. | 41 | 1 | ||
| 7-Zip < 25.01: Upgrade to 7-Zip version 25.01 or later. | 33 | 3 | ||
| Security Updates for Microsoft .NET Framework (October 2020): Microsoft has released security updates for Microsoft .NET Framework. | 30 | 1 | ||
| Microsoft ASP.NET Core Security Feature Bypass (October 2025): Update .NET Core to version 8.0.21, 9.0.10, 10.0.0-rc.2.25502.107 or later. | 30 | 2 | ||
| Install KB4484217 | 29 | 1 | ||
| Security Updates for Outlook (April 2021): Microsoft has released the following security updates to address this issue: -KB4504712 -KB4504733 -KB4493185 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. | 26 | 1 | ||
| Install KB5002253 | 25 | 1 | ||
| Install KB5002427 | 23 | 1 | ||
| Node.js Multiple Vulnerabilities (November 2018 Security Releases): Upgrade Node.js to 6.15 / 8.14.0 / 10.14.0 / 11.3.0 or later. | 20 | 1 | ||
| Install KB5002820 | 20 | 1 | ||
| Apache Tomcat 9.0.0.M1 < 9.0.110: Upgrade to Apache Tomcat version 9.0.110 or later. | 20 | 1 | ||
| Install KB4493185 | 19 | 1 | ||
| Install KB4504739 | 18 | 1 | ||
| MS13-085: Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution (2885080): Microsoft has released a set of patches for Excel 2007, Excel 2010, Excel 2013, Office 2007, Office 2010, Office 2013, Excel Viewer, and Office Compatibility Pack. | 18 | 1 | ||
| Notepad++ < 8.8.2 Privilege Escalation (CVE-2025-49144): Upgrade to Notepad++ 8.8.2 or later. | 18 | 3 | ||
| Security Updates for Microsoft PowerPoint Products (October 2025): Microsoft has released KB5002790 to address this issue. | 15 | 1 | ||
| VMware Tools 11.x < 12.5.4 / 13.x < 13.0.5 Multiple Vulnerabilities (VMSA-2025-0015): Upgrade to VMware Tools version 12.5.4, 13.0.5 or later. | 15 | 5 | ||
| Install KB5002790 | 14 | 1 | ||
| Security Updates for Outlook (January 2019): Microsoft has released the following security updates to address this issue: -KB4461595 -KB4461601 -KB4461623 For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. | 14 | 1 | ||
| Install KB5044280 | 12 | 1 | ||
| MS17-013: Security Update for Microsoft Graphics Component (4013075): Microsoft has released a set of patches for Windows XP, 2003, Vista, 2008, 7, 2008 R2, 2012, 8.1, RT 8.1, 2012 R2, 10, and 2016. Additionally, Microsoft has released a set of patches for Office 2007, Office 2010, Word Viewer, Skype for Business 2016, Lync 2010, Lync 2010 Attendee, Lync 2013, Lync Basic 2013, Live Meeting 2007 Console, and Silverlight 5. | 12 | 1 | ||
| Install KB5002806 | 12 | 1 | ||
| Security Updates for Microsoft .NET Framework (October 2024): Microsoft has released security updates for Microsoft .NET Framework. | 11 | 1 | ||
| Install KB4504707 | 11 | 1 | ||
| Install KB4493218 | 11 | 1 | ||
| Install KB4461625 | 11 | 1 | ||
| Install KB4504702 | 9 | 1 | ||
| Security Updates for Microsoft PowerPoint Products (March 2021): Microsoft has released the following security updates to address this issue: -KB4493227 -KB4504702 -KB4493224 | 9 | 1 | ||
| MS09-035: Vulnerabilities in Visual Studio Active Template Library Could Allow Remote Code Execution (969706): Microsoft has released a set of patches for Visual Studio .NET 2003, Visual Studio 2005 and 2008, as well as Visual C++ 2005 and 2008. | 9 | 3 | ||
| Install KB3178687 | 8 | 1 | ||
| Install KB3115197 | 8 | 1 | ||
| Install KB5002683 | 8 | 1 | ||
| Install KB3178702 | 8 | 1 | ||
| Security Updates for Microsoft Excel Products (December 2025): Microsoft has released KB5002820 to address this issue. | 6 | 1 | ||
| Security Updates for Microsoft Publisher Products (September 2024): Microsoft has released KB5002566 to address this issue. | 6 | 1 | ||
| Visual Studio Tools for Applications Elevation of Privilege (CVE-2025-29803): Upgrade to VSTA 16.0.35907.0, 17.0.35906.0 or later. | 6 | 6 | ||
| Install KB4032216 | 5 | 1 | ||
| Oracle MySQL Connectors (October 2024 CPU): Apply the appropriate patch according to the October 2024 Oracle Critical Patch Update advisory. | 5 | 1 | ||
| Apache Log4j 1.2 JMSAppender Remote Code Execution (CVE-2021-4104): Upgrade to Apache Log4j version 2.16.0 or later since 1.x is end of life. Upgrading to the latest versions for Apache Log4j is highly recommended as intermediate versions / patches have known high severity vulnerabilities and the vendor is updating their advisories often as new research and knowledge about the impact of Log4j is discovered. Refer to https://logging.apache.org/log4j/2.x/security.html for the latest versions. | 5 | 5 | ||
| Install KB5002426 | 4 | 1 | ||
| MS13-094: Vulnerability in Microsoft Outlook Could Allow Information Disclosure (2894514): Microsoft has released a set of patches for Office 2007, 2010, 2013 and 2013 RT. | 4 | 2 | ||
| Install MS18-01 | 3 | 1 | ||
| Install KB3203467 | 3 | 1 | ||
| Security Updates for Microsoft Publisher Products (April 2020): Microsoft has released the following security updates to address this issue: -KB3162033 -KB4011097 -KB4032216 | 3 | 1 | ||
| Install MS18-01 | 3 | 1 | ||
| Install KB5002221 | 3 | 1 | ||
| JQuery 1.2 < 3.5.0 Multiple XSS: Upgrade to JQuery version 3.5.0 or later. | 2 | 1 | ||
| VMware Tools 10.x / 11.x / 12.x < 12.1.5 DoS (VMSA-2022-0029): Upgrade to VMware Tools version 12.1.5 or later. | 2 | 1 | ||
| Install KB4484455 | 2 | 1 | ||
| Install KB3213626 | 2 | 1 | ||
| Install KB3115246 | 2 | 1 | ||
| Install KB3054834 | 2 | 1 | ||
| Install KB2881029 | 2 | 1 | ||
| Install KB5002566 | 2 | 1 | ||
| Install KB3213551 | 2 | 1 | ||
| Install KB3191932 | 2 | 1 | ||
| Curl Use-After-Free < 7.87 (CVE-2022-43552): Upgrade Curl to version 7.87.0 or later | 2 | 2 | ||
| MS12-021: Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019): Microsoft has released a set of patches for Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1. | 2 | 2 | ||
| Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039): Upgrade Curl to version 8.3.0 or later | 2 | 2 | ||
| Security Update for Microsoft Visual Studio Code Python Extension (July 2025): Update the Microsoft Visual Studio Code Python Extension to version 2025.8.1 or later. | 1 | 1 | ||
| Install KB4504738 | 1 | 1 | ||
| Install KB3213636 | 1 | 1 | ||
| Install KB3191908 | 1 | 1 | ||
| Install KB3115248 | 1 | 1 | ||
| Install KB3114885 | 1 | 1 | ||
| Install KB3114565 | 1 | 1 | ||
| Install KB3114400 | 1 | 1 | ||
| Install KB2965313 | 1 | 1 | ||
| Install KB2920812 | 1 | 1 | ||
| Install KB2889841 | 1 | 1 | ||
| Install KB2579115 | 1 | 1 | ||
| MS11-049: Vulnerability in the Microsoft XML Editor Could Allow Information Disclosure (2543893): Microsoft has released a set of patches for InfoPath 2007 and 2010, SQL Server 2005, 2008, and 2008 R2, SQL Server Management Studio Express 2005, Visual Studio 2005, 2008, and 2010. | 1 | 1 | ||
| MS11-067: Vulnerability in Microsoft Report Viewer Could Allow Information Disclosure (2578230): Microsoft has released a set of patches for Microsoft Visual Studio 2005 SP1 and the Microsoft Report Viewer 2005 SP1 Redistributable Package. | 1 | 1 | ||
| Security Updates for Windows Malicious Software Removal Tool (January 2023): Microsoft has released version 5.109 to address this issue. | 1 | 1 | ||
| Node.js Module node-tar < 6.2.1 DoS: Upgrade to node-tar version 6.2.1 or later. | 1 | 1 | ||
| Install KB5002622 | 1 | 1 | ||
| Install KB3115419 | 1 | 1 | ||
| Install KB3115279 | 1 | 1 | ||
| Security Updates for Microsoft OneNote Products (April 2025): Microsoft has released KB5002622 to address this issue. | 1 | 1 | ||
| KB4483229: Windows 10 Version 1607 and Windows Server 2016 December 2018 OOB Security Update: Apply Cumulative Update KB4483229. | 1 | 1 | ||
| Security Updates for SQL Server Management Studio (April 2025): Microsoft has released SSMS version 20.2.1 to address this issue. | 1 | 1 | ||
| Veeam Agent for Microsoft Windows 6.x < 6.3.2.1205 Privilege Escalation (CVE-2025-24287): Upgrade to Veeam Agent for Microsoft Windows version 6.3.2.1205 or later. | 0 | 1 | ||
| Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203): Upgrade to Microsoft Azure Data Studio version 1.48.0 or later. | 0 | 5 |