Nessus Report

Report generated by Nessus™

masked_systemname Pre V6 masked_hostname

Tue, 23 Apr 2024 10:41:07 Tokyo Standard Time

TABLE OF CONTENTS
Vulnerabilities by HostExpand All | Collapse All
ipaddr
10
61
18
0
243
Critical
High
Medium
Low
Info
Scan Information
Start time: Tue Apr 23 10:10:51 2024
End time: Tue Apr 23 10:41:06 2024
Host Information
Netbios Name: masked_hostname
IP: ipaddr
MAC Address: E0:73:E7:11:35:2F
OS: Microsoft Windows 11 Pro Build 22621
Vulnerabilities

179491 - KB5029263: Windows 11 version 22H2 Security Update (August 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5029263. It is, therefore, affected by multiple vulnerabilities

- Microsoft Message Queuing Remote Code Execution Vulnerability (CVE-2023-35385, CVE-2023-36910, CVE-2023-36911)

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36882)

- Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability (CVE-2023-35387)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5029263
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-20569
CVE CVE-2023-35359
CVE CVE-2023-35376
CVE CVE-2023-35377
CVE CVE-2023-35378
CVE CVE-2023-35380
CVE CVE-2023-35381
CVE CVE-2023-35382
CVE CVE-2023-35383
CVE CVE-2023-35384
CVE CVE-2023-35385
CVE CVE-2023-35386
CVE CVE-2023-35387
CVE CVE-2023-36882
CVE CVE-2023-36884
CVE CVE-2023-36889
CVE CVE-2023-36898
CVE CVE-2023-36900
CVE CVE-2023-36903
CVE CVE-2023-36904
CVE CVE-2023-36905
CVE CVE-2023-36906
CVE CVE-2023-36907
CVE CVE-2023-36908
CVE CVE-2023-36909
CVE CVE-2023-36910
CVE CVE-2023-36911
CVE CVE-2023-36912
CVE CVE-2023-36913
CVE CVE-2023-36914
CVE CVE-2023-38172
CVE CVE-2023-38184
CVE CVE-2023-38186
CVE CVE-2023-38254
MSKB 5029263
XREF MSFT:MS23-5029263
XREF IAVA:2023-A-0416
XREF CISA-KNOWN-EXPLOITED:2023/08/07
XREF IAVA:2023-A-0418-S
XREF IAVA:2023-A-0409-S
XREF IAVA:2023-A-0402-S
XREF IAVA:2023-A-0412-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/08/08, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5029263

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.2134
182855 - KB5031354: Windows 11 version 22H2 Security Update (October 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5031354. It is, therefore, affected by multiple vulnerabilities

- The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. (CVE-2023-44487)

- Microsoft QUIC Denial of Service Vulnerability (CVE-2023-36435, CVE-2023-38171)
- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36577)

- Windows IIS Server Elevation of Privilege Vulnerability (CVE-2023-36434)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5031354
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-35349
CVE CVE-2023-36431
CVE CVE-2023-36434
CVE CVE-2023-36435
CVE CVE-2023-36436
CVE CVE-2023-36438
CVE CVE-2023-36557
CVE CVE-2023-36563
CVE CVE-2023-36564
CVE CVE-2023-36567
CVE CVE-2023-36570
CVE CVE-2023-36571
CVE CVE-2023-36572
CVE CVE-2023-36573
CVE CVE-2023-36574
CVE CVE-2023-36575
CVE CVE-2023-36576
CVE CVE-2023-36577
CVE CVE-2023-36578
CVE CVE-2023-36579
CVE CVE-2023-36581
CVE CVE-2023-36582
CVE CVE-2023-36583
CVE CVE-2023-36584
CVE CVE-2023-36585
CVE CVE-2023-36589
CVE CVE-2023-36590
CVE CVE-2023-36591
CVE CVE-2023-36592
CVE CVE-2023-36593
CVE CVE-2023-36594
CVE CVE-2023-36596
CVE CVE-2023-36598
CVE CVE-2023-36602
CVE CVE-2023-36603
CVE CVE-2023-36605
CVE CVE-2023-36606
CVE CVE-2023-36697
CVE CVE-2023-36698
CVE CVE-2023-36701
CVE CVE-2023-36702
CVE CVE-2023-36709
CVE CVE-2023-36710
CVE CVE-2023-36711
CVE CVE-2023-36712
CVE CVE-2023-36713
CVE CVE-2023-36717
CVE CVE-2023-36718
CVE CVE-2023-36720
CVE CVE-2023-36721
CVE CVE-2023-36722
CVE CVE-2023-36723
CVE CVE-2023-36724
CVE CVE-2023-36725
CVE CVE-2023-36726
CVE CVE-2023-36729
CVE CVE-2023-36731
CVE CVE-2023-36732
CVE CVE-2023-36743
CVE CVE-2023-36776
CVE CVE-2023-36902
CVE CVE-2023-38159
CVE CVE-2023-38166
CVE CVE-2023-38171
CVE CVE-2023-41765
CVE CVE-2023-41766
CVE CVE-2023-41767
CVE CVE-2023-41768
CVE CVE-2023-41769
CVE CVE-2023-41770
CVE CVE-2023-41771
CVE CVE-2023-41772
CVE CVE-2023-41773
CVE CVE-2023-41774
CVE CVE-2023-44487
MSKB 5031354
XREF MSFT:MS23-5031354
XREF IAVA:2023-A-0552-S
XREF IAVA:2023-A-0553-S
XREF CISA-KNOWN-EXPLOITED:2023/12/07
XREF CISA-KNOWN-EXPLOITED:2023/10/31
XREF CEA-ID:CEA-2024-0004
XREF IAVB:2023-B-0083-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2023/10/10, Modified: 2024/02/23
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5031354

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.2428
185582 - KB5032190: Windows 11 version 22H2 Security Update (November 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5032190. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36402)

- Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-36397)

- Microsoft Protected Extensible Authentication Protocol (PEAP) Remote Code Execution Vulnerability (CVE-2023-36028)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5032190
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24023
CVE CVE-2023-36017
CVE CVE-2023-36025
CVE CVE-2023-36028
CVE CVE-2023-36033
CVE CVE-2023-36036
CVE CVE-2023-36046
CVE CVE-2023-36047
CVE CVE-2023-36393
CVE CVE-2023-36396
CVE CVE-2023-36397
CVE CVE-2023-36398
CVE CVE-2023-36399
CVE CVE-2023-36400
CVE CVE-2023-36401
CVE CVE-2023-36402
CVE CVE-2023-36403
CVE CVE-2023-36404
CVE CVE-2023-36405
CVE CVE-2023-36406
CVE CVE-2023-36407
CVE CVE-2023-36408
CVE CVE-2023-36423
CVE CVE-2023-36424
CVE CVE-2023-36425
CVE CVE-2023-36427
CVE CVE-2023-36428
CVE CVE-2023-36705
CVE CVE-2023-36719
CVE CVE-2023-38039
CVE CVE-2023-38545
CVE CVE-2024-21315
MSKB 5032190
XREF MSFT:MS23-5032190
XREF CISA-KNOWN-EXPLOITED:2023/12/05
XREF CEA-ID:CEA-2023-0052
XREF IAVA:2023-A-0638-S
XREF IAVA:2023-A-0636-S
XREF IAVA:2024-A-0105
Plugin Information
Published: 2023/11/14, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5032190

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.2715
181483 - Microsoft Edge (Chromium) < 117.0.2045.31 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.31. It is, therefore, affected by multiple vulnerabilities as referenced in the September 15, 2023 advisory.

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36562, CVE-2023-36735)

- Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2023-36727)

- Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863)

- Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity:
Medium) (CVE-2023-4900)

- Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4901)

- Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4902)

- Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity:
Medium) (CVE-2023-4903)

- Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity:
Medium) (CVE-2023-4904)

- Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4905)

- Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4906)

- Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4907)

- Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4908)

- Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-4909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 117.0.2045.31 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.2 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/09/15, Modified: 2023/10/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 117.0.2045.31
186447 - Microsoft Edge (Chromium) < 118.0.2088.122 / 119.0.2151.97 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.122 / 119.0.2151.97. It is, therefore, affected by multiple vulnerabilities as referenced in the November 29, 2023 advisory.

- Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) (CVE-2023-6345)

- Use after free in WebAudio in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6346)

- Use after free in Mojo in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6347)

- Type Confusion in Spellcheck in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6348)

- Use after free in libavif in Google Chrome prior to 119.0.6045.199 allowed a remote attacker to potentially exploit heap corruption via a crafted avif file. (Chromium security severity: High) (CVE-2023-6350, CVE-2023-6351)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 118.0.2088.122 / 119.0.2151.97 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.9 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
CVE CVE-2023-6345
CVE CVE-2023-6346
CVE CVE-2023-6347
CVE CVE-2023-6348
CVE CVE-2023-6350
CVE CVE-2023-6351
XREF CISA-KNOWN-EXPLOITED:2023/12/21
Plugin Information
Published: 2023/11/29, Modified: 2023/12/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 119.0.2151.97
186681 - Microsoft Edge (Chromium) < 120.0.2210.61 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.61. It is, therefore, affected by multiple vulnerabilities as referenced in the December 7, 2023 advisory.

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-35618)

- Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-36880, CVE-2023-38174)

- Use after free in Media Stream in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6508)

- Use after free in Side Panel Search in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: High) (CVE-2023-6509)

- Use after free in Media Capture in Google Chrome prior to 120.0.6099.62 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) (CVE-2023-6510)

- Inappropriate implementation in Autofill in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-6511)

- Inappropriate implementation in Web Browser UI in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to potentially spoof the contents of an iframe dialog context menu via a crafted HTML page.
(Chromium security severity: Low) (CVE-2023-6512)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.61 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
9.6 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.3 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/12/07, Modified: 2023/12/22
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 120.0.2210.61
187901 - Security Updates for Microsoft .NET Framework (January 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Denial of service vulnerability in Microsoft .NET Framework. (CVE-2023-36042, CVE-2024-21312)

- Security feature bypass in System.Data.SqlClient SQL data provider. An attacker can perform a man-in-the-middle attack on the connection between the client and server in order to read and modify the TLS traffic. (CVE-2024-0056)

- Security feature bypass in applications that use the X.509 chain building APIs. When processing an untrusted certificate with malformed signatures, the framework returns an incorrect reason code.
Applications which make use of this reason code may treat this scenario as a successful chain build, potentially bypassing the application's typical authentication logic. (CVE-2024-0057)
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36042
CVE CVE-2024-0056
CVE CVE-2024-0057
CVE CVE-2024-21312
MSKB 5033898
MSKB 5033899
MSKB 5033904
MSKB 5033907
MSKB 5033909
MSKB 5033910
MSKB 5033911
MSKB 5033912
MSKB 5033914
MSKB 5033916
MSKB 5033917
MSKB 5033918
MSKB 5033919
MSKB 5033920
MSKB 5033922
MSKB 5033945
MSKB 5033946
MSKB 5033947
MSKB 5033948
XREF MSFT:MS24-5033898
XREF MSFT:MS24-5033899
XREF MSFT:MS24-5033904
XREF MSFT:MS24-5033907
XREF MSFT:MS24-5033909
XREF MSFT:MS24-5033910
XREF MSFT:MS24-5033911
XREF MSFT:MS24-5033912
XREF MSFT:MS24-5033914
XREF MSFT:MS24-5033916
XREF MSFT:MS24-5033917
XREF MSFT:MS24-5033918
XREF MSFT:MS24-5033919
XREF MSFT:MS24-5033920
XREF MSFT:MS24-5033922
XREF MSFT:MS24-5033945
XREF MSFT:MS24-5033946
XREF MSFT:MS24-5033947
XREF MSFT:MS24-5033948
XREF IAVA:2024-A-0011-S
Plugin Information
Published: 2024/01/10, Modified: 2024/03/29
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5033920

C:\windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.9032.0
Should be : 4.8.9214.0

185887 - Security Updates for Microsoft .NET Framework (November 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Security feature bypass in ASP.NET. An attacker can bypass the security checks that prevents an attacker from accessing internal applications in a website. (CVE-2023-36560)

- Privilege escalation vulnerability in FTP component of .NET Framework. An attacker can inject arbitrary commands to the FTP server. (CVE-2023-36049)

- Information disclosure vulnerability in .NET Framework. An attacker can obtain the ObjRef URI which could lead to remote code execution. (CVE-2024-29059
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.8 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36049
CVE CVE-2023-36560
CVE CVE-2024-29059
MSKB 5031984
MSKB 5031987
MSKB 5031988
MSKB 5031989
MSKB 5031990
MSKB 5031991
MSKB 5031993
MSKB 5031995
MSKB 5031999
MSKB 5032000
MSKB 5032004
MSKB 5032005
MSKB 5032006
MSKB 5032007
MSKB 5032008
MSKB 5032009
MSKB 5032010
MSKB 5032011
MSKB 5032012
XREF MSFT:MS23-5031984
XREF MSFT:MS23-5031987
XREF MSFT:MS23-5031988
XREF MSFT:MS23-5031989
XREF MSFT:MS23-5031990
XREF MSFT:MS23-5031991
XREF MSFT:MS23-5031993
XREF MSFT:MS23-5031995
XREF MSFT:MS23-5031999
XREF MSFT:MS23-5032000
XREF MSFT:MS23-5032004
XREF MSFT:MS23-5032005
XREF MSFT:MS23-5032006
XREF MSFT:MS23-5032007
XREF MSFT:MS23-5032008
XREF MSFT:MS23-5032009
XREF MSFT:MS23-5032010
XREF MSFT:MS23-5032011
XREF MSFT:MS23-5032012
XREF IAVA:2023-A-0618-S
XREF IAVA:2024-A-0178-S
Plugin Information
Published: 2023/11/16, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5032007

C:\windows\Microsoft.NET\Framework\v4.0.30319\system.web.dll has not been patched.
Remote version : 4.8.9032.0
Should be : 4.8.9206.0

190541 - Security Updates for Microsoft Office Products C2R (February 2024)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability. (CVE-2024-21413)

- A remote code execution vulnerability. (CVE-2024-20673)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
9.1 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21413
CVE CVE-2024-20673
XREF IAVA:2024-A-0101
XREF IAVA:2024-A-0099
XREF IAVA:2024-A-0094
XREF IAVA:2024-A-0100
XREF IAVA:2024-A-0095
XREF IAVA:2024-A-0097
XREF IAVA:2024-A-0096-S
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/02/14, Modified: 2024/04/11
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2021
- C:\Program Files\Microsoft Office\root\Office16\graph.exe has not been patched.
Remote version : 16.0.14332.20529
Should be : 16.0.14332.20637
181345 - Security Updates for Microsoft Office Products C2R Multiple Vulnerabilities (September 2023)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A heap buffer overflow. (CVE-2023-27911)

- A security feature bypass. (CVE-2023-36767)

- A spoofing vulnerability. (CVE-2023-41764)

- An elevation of privilege vulnerability. (CVE-2023-36765)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Critical
CVSS v3.0 Base Score
9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-27911
CVE CVE-2023-36765
CVE CVE-2023-36767
CVE CVE-2023-41764
XREF IAVA:2023-A-0474-S
Plugin Information
Published: 2023/09/13, Modified: 2023/10/13
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2021
- C:\Program Files\Microsoft Office\root\Office16\graph.exe has not been patched.
Remote version : 16.0.14332.20529
Should be : 16.0.14332.20565
179482 - Adobe Acrobat < 20.005.30514.10514 / 23.003.20269 Multiple Vulnerabilities (APSB23-30)
-
Synopsis
The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30514.10514 or 23.003.20269. It is, therefore, affected by multiple vulnerabilities.

- Improper Access Control (CWE-284) potentially leading to Security feature bypass (CVE-2023-29320)

- Improper Input Validation (CWE-20) potentially leading to Application denial-of-service (CVE-2023-29299)

- Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-29303, CVE-2023-38238, CVE-2023-38243)

- Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-38222, CVE-2023-38224, CVE-2023-38225, CVE-2023-38227, CVE-2023-38228)

- Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-38223, CVE-2023-38226, CVE-2023-38234, CVE-2023-38246)

- Out-of-bounds Read (CWE-125) potentially leading to Memory Leak (CVE-2023-38229, CVE-2023-38232, CVE-2023-38235)

- Use After Free (CWE-416) potentially leading to Memory Leak (CVE-2023-38230)

- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-38231, CVE-2023-38233)

- Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-38236, CVE-2023-38237, CVE-2023-38239, CVE-2023-38240, CVE-2023-38241, CVE-2023-38242, CVE-2023-38244, CVE-2023-38247, CVE-2023-38248)

- Improper Input Validation (CWE-20) potentially leading to Arbitrary code execution (CVE-2023-38245)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Acrobat version 20.005.30514.10514 / 23.003.20269 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/08/08, Modified: 2023/10/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Adobe\Acrobat DC
Installed version : 23.3.20244
Fixed version : 23.003.20269
181274 - Adobe Acrobat < 20.005.30524 / 23.006.20320 Vulnerability (APSB23-34)
-
Synopsis
The version of Adobe Acrobat installed on the remote Windows host is affected by a vulnerability.
Description
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30524 or 23.006.20320. It is, therefore, affected by a vulnerability.

- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-26369)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Acrobat version 20.005.30524 / 23.006.20320 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.0 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-26369
XREF CISA-KNOWN-EXPLOITED:2023/10/05
XREF IAVA:2023-A-0473-S
XREF CWE:787
Plugin Information
Published: 2023/09/12, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Adobe\Acrobat DC
Installed version : 23.3.20244
Fixed version : 23.006.20320
185552 - Adobe Acrobat < 20.005.30539 / 23.006.20380 Multiple Vulnerabilities (APSB23-54)
-
Synopsis
The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30539 or 23.006.20380. It is, therefore, affected by multiple vulnerabilities.

- Use After Free (CWE-416) potentially leading to Arbitrary code execution (CVE-2023-44336, CVE-2023-44359, CVE-2023-44367, CVE-2023-44371, CVE-2023-44372)

- Out-of-bounds Read (CWE-125) potentially leading to Arbitrary code execution (CVE-2023-44337, CVE-2023-44338)

- Access of Uninitialized Pointer (CWE-824) potentially leading to Arbitrary code execution (CVE-2023-44365)

- Out-of-bounds Write (CWE-787) potentially leading to Arbitrary code execution (CVE-2023-44366)

- Out-of-bounds Read (CWE-125) potentially leading to Memory leak (CVE-2023-44339, CVE-2023-44340, CVE-2023-44348, CVE-2023-44356, CVE-2023-44357, CVE-2023-44358, CVE-2023-44360)

- Use After Free (CWE-416) potentially leading to Memory leak (CVE-2023-44361)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Acrobat version 20.005.30539 / 23.006.20380 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/11/14, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Adobe\Acrobat DC
Installed version : 23.3.20244
Fixed version : 23.006.20380
190457 - Adobe Acrobat < 20.005.30574 / 23.008.20533 Multiple Vulnerabilities (APSB24-07)
-
Synopsis
The version of Adobe Acrobat installed on the remote Windows host is affected by multiple vulnerabilities.
Description
The version of Adobe Acrobat installed on the remote Windows host is a version prior to 20.005.30574 or 23.008.20533. It is, therefore, affected by multiple vulnerabilities.

- Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open a malicious file.
(CVE-2024-20726, CVE-2024-20727, CVE-2024-20728)

- Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open a malicious file.
(CVE-2024-20729, CVE-2024-20731, CVE-2024-20765)

- Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user.
Exploitation of this issue requires user interaction in that a victim must open a malicious file.
(CVE-2024-20730)

- Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20733)

- Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20734)

- Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20735, CVE-2024-20736, CVE-2024-20747, CVE-2024-20748, CVE-2024-20749)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Adobe Acrobat version 20.005.30574 / 23.008.20533 or later.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/02/13, Modified: 2024/03/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Adobe\Acrobat DC
Installed version : 23.3.20244
Fixed version : 23.008.20533
181409 - Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039)
-
Synopsis
The remote Windows host has a program that is affected by a denial of service vulnerability.
Description
The version of Curl installed on the remote host is affected by a denial of service vulnerability due to accepting and storing unlimited large headers.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade Curl to version 8.3.0 or later
Risk Factor
High
CVSS v3.0 Base Score
7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
CVSS v3.0 Temporal Score
6.7 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS v2.0 Temporal Score
6.1 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-38039
XREF IAVA:2023-A-0485-S
Plugin Information
Published: 2023/09/14, Modified: 2023/10/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\SysWOW64\curl.exe
Installed version : 8.0.1.0
Fixed version : 8.3.0

tcp/445/cifs


Path : C:\Windows\System32\curl.exe
Installed version : 8.0.1.0
Fixed version : 8.3.0
181311 - KB5030219: Windows 11 version 22H2 Security Update (September 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5030219. It is, therefore, affected by multiple vulnerabilities

- Windows Themes Remote Code Execution Vulnerability (CVE-2023-38146)

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-35355)

- Windows GDI Elevation of Privilege Vulnerability (CVE-2023-36804, CVE-2023-38161)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5030219
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-35355
CVE CVE-2023-36802
CVE CVE-2023-36803
CVE CVE-2023-36804
CVE CVE-2023-36805
CVE CVE-2023-38139
CVE CVE-2023-38141
CVE CVE-2023-38142
CVE CVE-2023-38143
CVE CVE-2023-38144
CVE CVE-2023-38146
CVE CVE-2023-38147
CVE CVE-2023-38148
CVE CVE-2023-38149
CVE CVE-2023-38150
CVE CVE-2023-38160
CVE CVE-2023-38161
MSKB 5030219
XREF MSFT:MS23-5030219
XREF CISA-KNOWN-EXPLOITED:2023/10/03
XREF IAVA:2023-A-0472-S
XREF IAVA:2023-A-0471-S
Exploitable With
Core Impact (true) Metasploit (true)
Plugin Information
Published: 2023/09/12, Modified: 2024/01/05
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5030219

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.2283
186790 - KB5033375: Windows 11 version 22H2 Security Update (December 2023)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5033375. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2023-36006)

- Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability (CVE-2023-36696)

- Local Security Authority Subsystem Service Elevation of Privilege Vulnerability (CVE-2023-36391)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5033375
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/12/12, Modified: 2024/01/15
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5033375

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.2861
187797 - KB5034123: Windows 11 version 22H2 Security Update (January 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034123. It is, therefore, affected by multiple vulnerabilities

- Microsoft ODBC Driver Remote Code Execution Vulnerability (CVE-2024-20654)

- BitLocker Security Feature Bypass Vulnerability (CVE-2024-20666)

- Windows Kerberos Security Feature Bypass Vulnerability (CVE-2024-20674)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034123
Risk Factor
High
CVSS v3.0 Base Score
8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.3 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/01/09, Modified: 2024/02/16
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034123

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.3007
190484 - KB5034765: Windows 11 version 22H2 Security Update (February 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5034765. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21350, CVE-2024-21352, CVE-2024-21358, CVE-2024-21359, CVE-2024-21360, CVE-2024-21361, CVE-2024-21365, CVE-2024-21366, CVE-2024-21367, CVE-2024-21368, CVE-2024-21369, CVE-2024-21370, CVE-2024-21375, CVE-2024-21391, CVE-2024-21420)

- Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338, CVE-2024-21371)

- Windows Kernel Information Disclosure Vulnerability (CVE-2024-21340)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5034765
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
Exploitable With
Core Impact (true)
Plugin Information
Published: 2024/02/13, Modified: 2024/03/15
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5034765

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.3155
191937 - KB5035853: Windows 11 version 22H2 / 23H2 Security Update (March 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5035853. It is, therefore, affected by multiple vulnerabilities

- Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability (CVE-2024-21441, CVE-2024-21444, CVE-2024-21450, CVE-2024-26161, CVE-2024-26166)

- Windows USB Hub Driver Remote Code Execution Vulnerability (CVE-2024-21429)

- Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability (CVE-2024-21430)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5035853
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/03/12, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5035853

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.3296
193096 - KB5036893: Windows 11 version 22H2 Security Update (April 2024)
-
Synopsis
The remote Windows host is affected by multiple vulnerabilities.
Description
The remote Windows host is missing security update 5036893. It is, therefore, affected by multiple vulnerabilities

- SmartScreen Prompt Security Feature Bypass Vulnerability (CVE-2024-29988)

- Secure Boot Security Feature Bypass Vulnerability (CVE-2024-20669, CVE-2024-26168, CVE-2024-26171, CVE-2024-26175, CVE-2024-26180, CVE-2024-26189, CVE-2024-26194, CVE-2024-26240, CVE-2024-26250, CVE-2024-28896, CVE-2024-28897, CVE-2024-28898, CVE-2024-28903, CVE-2024-28919, CVE-2024-28920, CVE-2024-28921, CVE-2024-28922, CVE-2024-28923, CVE-2024-28924, CVE-2024-28925, CVE-2024-29061, CVE-2024-29062)

- Windows rndismp6.sys Remote Code Execution Vulnerability (CVE-2024-26252, CVE-2024-26253)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Apply Security Update 5036893
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/09, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


The remote host is missing one of the following rollup KBs :
- 5036893

- C:\windows\system32\ntoskrnl.exe has not been patched.
Remote version : 10.0.22621.1992
Should be : 10.0.22621.3447
192147 - Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203)
-
Synopsis
An application installed on the remote Windows host is affected by an elevation of privilege vulnerability.
Description
The version of Microsoft Azure Data Studio installed on the remote Windows host is prior to 1.48.0. It is, therefore, affected by an unspecified elevation of privilege vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-26203
XREF IAVA:2024-A-0157
Plugin Information
Published: 2024/03/15, Modified: 2024/03/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Azure Data Studio\
Installed version : 1.44.0.0
Fixed version : 1.48.0
179408 - Microsoft Edge (Chromium) < 114.0.1823.106 / 115.0.1901.200 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 114.0.1823.106 / 115.0.1901.200. It is, therefore, affected by multiple vulnerabilities as referenced in the August 7, 2023 advisory.

- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-38157)

- Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4068, CVE-2023-4070)

- Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4069)

- Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4071)

- Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4072)

- Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
High) (CVE-2023-4073)

- Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4074)

- Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4075)

- Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High) (CVE-2023-4076)

- Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4077)

- Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-4078)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 114.0.1823.106 / 115.0.1901.200 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/08/07, Modified: 2023/10/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 115.0.1901.200
180040 - Microsoft Edge (Chromium) < 116.0.1938.54 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.54. It is, therefore, affected by multiple vulnerabilities as referenced in the August 21, 2023 advisory.

- Use after free in Offline in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-2312)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36787)

- Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2023-38158)

- Use after free in Device Trust Connectors in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:
High) (CVE-2023-4349)

- Inappropriate implementation in Fullscreen in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-4350)

- Use after free in Network in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has elicited a browser shutdown to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4351)

- Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4352)

- Heap buffer overflow in ANGLE in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4353)

- Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4354)

- Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4355)

- Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4356)

- Insufficient validation of untrusted input in XML in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4357)

- Use after free in DNS in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4358)

- Inappropriate implementation in App Launcher in Google Chrome on iOS prior to 116.0.5845.96 allowed a remote attacker to potentially spoof elements of the security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4359)

- Inappropriate implementation in Color in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4360)

- Inappropriate implementation in Autofill in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity:
Medium) (CVE-2023-4361)

- Heap buffer overflow in Mojom IDL in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process and gained control of a WebUI process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4362)

- Inappropriate implementation in WebShare in Google Chrome on Android prior to 116.0.5845.96 allowed a remote attacker to spoof the contents of a dialog URL via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4363)

- Inappropriate implementation in Permission Prompts in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4364)

- Inappropriate implementation in Fullscreen in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4365)

- Use after free in Extensions in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: Medium) (CVE-2023-4366)

- Insufficient policy enforcement in Extensions API in Google Chrome prior to 116.0.5845.96 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4367, CVE-2023-4368)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
http://www.nessus.org/u?9ae99e73
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-2312
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36787
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-38158
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4349
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4350
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4351
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4352
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4353
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4354
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4355
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4356
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4357
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4358
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4359
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4360
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4361
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4362
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4363
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4364
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4365
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4366
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4367
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-4368
Solution
Upgrade to Microsoft Edge version 116.0.1938.54 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/08/23, Modified: 2023/09/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 116.0.1938.54
180197 - Microsoft Edge (Chromium) < 116.0.1938.62 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.62. It is, therefore, affected by multiple vulnerabilities as referenced in the August 25, 2023 advisory.

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36741)

- Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4427)

- Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4428)

- Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4429)

- Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4430)

- Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-4431)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 116.0.1938.62 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-4427
CVE CVE-2023-4428
CVE CVE-2023-4429
CVE CVE-2023-4430
CVE CVE-2023-4431
CVE CVE-2023-36741
XREF IAVA:2023-A-0453-S
Plugin Information
Published: 2023/08/26, Modified: 2023/10/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 116.0.1938.62
180416 - Microsoft Edge (Chromium) < 116.0.1938.69 (CVE-2023-4572)
-
Synopsis
The remote host has an web browser installed that is affected by a vulnerability.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.69. It is, therefore, affected by a vulnerability as referenced in the August 31, 2023 advisory.

- Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4572)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 116.0.1938.69 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2023/08/31, Modified: 2023/09/25
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 116.0.1938.69
181128 - Microsoft Edge (Chromium) < 116.0.1938.76 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.76. It is, therefore, affected by multiple vulnerabilities as referenced in the September 7, 2023 advisory.

- Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-4761)

- Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4762)

- Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4763)

- Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) (CVE-2023-4764)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 116.0.1938.76 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-4761
CVE CVE-2023-4762
CVE CVE-2023-4763
CVE CVE-2023-4764
XREF IAVA:2023-A-0457-S
XREF CISA-KNOWN-EXPLOITED:2024/02/27
Plugin Information
Published: 2023/09/07, Modified: 2024/02/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 116.0.1938.76
181314 - Microsoft Edge (Chromium) < 116.0.1938.81 (CVE-2023-4863)
-
Synopsis
The remote host has an web browser installed that is affected by a vulnerability.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.81. It is, therefore, affected by a vulnerability as referenced in the September 12, 2023 advisory.

- Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-4863)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 116.0.1938.81 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.4 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.7 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-4863
XREF CISA-KNOWN-EXPLOITED:2023/10/04
XREF IAVA:2023-A-0494-S
Plugin Information
Published: 2023/09/12, Modified: 2023/10/06
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 116.0.1938.81
182419 - Microsoft Edge (Chromium) < 116.0.1938.98 / 117.0.2045.47 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 116.0.1938.98 / 117.0.2045.47. It is, therefore, affected by multiple vulnerabilities as referenced in the September 29, 2023 advisory.

- There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. (CVE-2023-1999)

- Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) (CVE-2023-5186)

- Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-5187)

- Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5217)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 116.0.1938.98 / 117.0.2045.47 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-1999
CVE CVE-2023-5186
CVE CVE-2023-5187
CVE CVE-2023-5217
XREF CISA-KNOWN-EXPLOITED:2023/10/23
XREF IAVA:2023-A-0523-S
Plugin Information
Published: 2023/10/02, Modified: 2023/10/23
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 117.0.2045.47
182556 - Microsoft Edge (Chromium) < 117.0.2045.55 (CVE-2023-5346)
-
Synopsis
The remote host has an web browser installed that is affected by a vulnerability.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 117.0.2045.55. It is, therefore, affected by a vulnerability as referenced in the October 4, 2023 advisory.

- Type Confusion in V8. (CVE-2023-5346)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 117.0.2045.55 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2023/10/04, Modified: 2023/10/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 117.0.2045.55
185436 - Microsoft Edge (Chromium) < 118.0.2088.102 / 119.0.2151.58 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.102 / 119.0.2151.58. It is, therefore, affected by multiple vulnerabilities as referenced in the November 9, 2023 advisory.

- Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability (CVE-2023-36014)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2023-36024)

- Use after free in WebAudio in Google Chrome prior to 119.0.6045.123 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5996)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 118.0.2088.102 / 119.0.2151.58 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36014
CVE CVE-2023-36024
CVE CVE-2023-5996
XREF IAVA:2023-A-0610-S
Plugin Information
Published: 2023/11/09, Modified: 2024/01/26
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 119.0.2151.58
185901 - Microsoft Edge (Chromium) < 118.0.2088.109 / 119.0.2151.72 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.109 / 119.0.2151.72. It is, therefore, affected by multiple vulnerabilities as referenced in the November 16, 2023 advisory.

- Use after free in Garbage Collection in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5997)

- Use after free in Navigation in Google Chrome prior to 119.0.6045.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-6112)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 118.0.2088.109 / 119.0.2151.72 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.8 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-5997
CVE CVE-2023-6112
CVE CVE-2023-36008
CVE CVE-2023-36026
XREF IAVA:2023-A-0649-S
Plugin Information
Published: 2023/11/16, Modified: 2024/01/29
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 119.0.2151.72
183055 - Microsoft Edge (Chromium) < 118.0.2088.46 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by a vulnerability.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.46. It is, therefore, affected by multiple vulnerabilities as referenced in the October 13, 2023 advisory.

- Use after free in Site Isolation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2023-5218)

- Use after free in Cast in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5473)

- Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) (CVE-2023-5474)

- Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5475)

- Use after free in Blink History in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5476)

- Inappropriate implementation in Installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control via a crafted command. (Chromium security severity: Low) (CVE-2023-5477)

- Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5478)

- Inappropriate implementation in Extensions API in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass an enterprise policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5479)

- Inappropriate implementation in Downloads in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5481)

- Inappropriate implementation in Intents in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5483)

- Inappropriate implementation in Navigation in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5484)

- Inappropriate implementation in Autofill in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5485)

- Inappropriate implementation in Input in Google Chrome prior to 118.0.5993.70 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5486)

- Inappropriate implementation in Fullscreen in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) (CVE-2023-5487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 118.0.2088.46 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/10/13, Modified: 2023/11/09
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 118.0.2088.46
183979 - Microsoft Edge (Chromium) < 118.0.2088.76 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.76. It is, therefore, affected by multiple vulnerabilities as referenced in the October 27, 2023 advisory.

- Use after free in Profiles in Google Chrome prior to 118.0.5993.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5472)

- Use After Free vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2023-44323)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 118.0.2088.76 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-5472
CVE CVE-2023-44323
XREF IAVA:2023-A-0600-S
Plugin Information
Published: 2023/10/27, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 118.0.2088.76
184320 - Microsoft Edge (Chromium) < 118.0.2088.88 / 119.0.2151.44 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 118.0.2088.88 / 119.0.2151.44. It is, therefore, affected by multiple vulnerabilities as referenced in the November 2, 2023 advisory.

- Inappropriate implementation in Payments in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to bypass XSS preventions via a malicious file. (Chromium security severity: High) (CVE-2023-5480)

- Insufficient data validation in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5482)

- Integer overflow in USB in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2023-5849)

- Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) (CVE-2023-5850)

- Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5851)

- Use after free in Printing in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5852)

- Incorrect security UI in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5853)

- Use after free in Profiles in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5854)

- Use after free in Reading Mode in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) (CVE-2023-5855)

- Use after free in Side Panel in Google Chrome prior to 119.0.6045.105 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-5856)

- Inappropriate implementation in Downloads in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to potentially execute arbitrary code via a malicious file. (Chromium security severity: Medium) (CVE-2023-5857)

- Inappropriate implementation in WebApp Provider in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2023-5858)

- Incorrect security UI in Picture In Picture in Google Chrome prior to 119.0.6045.105 allowed a remote attacker to perform domain spoofing via a crafted local HTML page. (Chromium security severity: Low) (CVE-2023-5859)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 118.0.2088.88 / 119.0.2151.44 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/11/03, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 119.0.2151.44
187660 - Microsoft Edge (Chromium) < 120.0.2210.121 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.121. It is, therefore, affected by multiple vulnerabilities as referenced in the January 5, 2024 advisory.

- Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0222)

- Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0223)

- Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0224)

- Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0225)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.121 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-0222
CVE CVE-2024-0223
CVE CVE-2024-0224
CVE CVE-2024-0225
XREF IAVA:2024-A-0009-S
Plugin Information
Published: 2024/01/05, Modified: 2024/01/18
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 120.0.2210.121
189126 - Microsoft Edge (Chromium) < 120.0.2210.144 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.144. It is, therefore, affected by multiple vulnerabilities as referenced in the January 17, 2024 advisory.

- Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0517)

- Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0518)

- Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0519)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.144 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-0517
CVE CVE-2024-0518
CVE CVE-2024-0519
XREF CISA-KNOWN-EXPLOITED:2024/02/07
XREF IAVA:2024-A-0040-S
Plugin Information
Published: 2024/01/17, Modified: 2024/02/02
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 120.0.2210.144
186985 - Microsoft Edge (Chromium) < 120.0.2210.77 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.77. It is, therefore, affected by multiple vulnerabilities as referenced in the December 14, 2023 advisory.

- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2023-36878)

- Use after free in FedCM in Google Chrome prior to 120.0.6099.109 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page.
(Chromium security severity: High) (CVE-2023-6706)

- Use after free in CSS in Google Chrome prior to 120.0.6099.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2023-6707)

- Type Confusion in V8. (CVE-2023-6702)

- Use after free in Blink. (CVE-2023-6703)

- Use after free in libavif. (CVE-2023-6704)

- Use after free in WebRTC. (CVE-2023-6705)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.77 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2023/12/15, Modified: 2024/01/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 120.0.2210.77
187184 - Microsoft Edge (Chromium) < 120.0.2210.91 (CVE-2023-7024)
-
Synopsis
The remote host has an web browser installed that is affected by a vulnerability.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.91. It is, therefore, affected by a vulnerability as referenced in the December 21, 2023 advisory.

- Heap buffer overflow in WebRTC. (CVE-2023-7024)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.91 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
8.2 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
8.3 (CVSS2#E:F/RL:OF/RC:C)
References
CVE CVE-2023-7024
XREF CISA-KNOWN-EXPLOITED:2024/01/23
Plugin Information
Published: 2023/12/21, Modified: 2024/01/02
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 120.0.2210.91
192634 - Microsoft Edge (Chromium) < 122.0.2365.113 / 123.0.2420.65 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.113 / 123.0.2420.65. It is, therefore, affected by multiple vulnerabilities as referenced in the March 27, 2024 advisory.

- Use after free in ANGLE in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) (CVE-2024-2883)

- Use after free in Dawn in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2885)

- Use after free in WebCodecs in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2886)

- Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2887)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 122.0.2365.113 / 123.0.2420.65 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-2883
CVE CVE-2024-2885
CVE CVE-2024-2886
CVE CVE-2024-2887
XREF IAVA:2024-A-0177
Plugin Information
Published: 2024/03/27, Modified: 2024/03/29
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 123.0.2420.65
191023 - Microsoft Edge (Chromium) < 122.0.2365.52 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.52. It is, therefore, affected by multiple vulnerabilities as referenced in the February 23, 2024 advisory.

- Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2024-1669)

- Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-1670)

- Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-1671)

- Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity:
Medium) (CVE-2024-1672)

- Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures.
(Chromium security severity: Medium) (CVE-2024-1673)

- Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-1674)

- Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-1675)

- Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-1676)

- Microsoft Edge (Chromium-based) Information Disclosure Vulnerability (CVE-2024-21423, CVE-2024-26192)

- Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-26188)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 122.0.2365.52 or later.
Risk Factor
High
CVSS v3.0 Base Score
8.2 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L)
CVSS v3.0 Temporal Score
7.1 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
8.5 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:P)
CVSS v2.0 Temporal Score
6.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/02/26, Modified: 2024/03/08
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 122.0.2365.52
191442 - Microsoft Edge (Chromium) < 122.0.2365.63 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.63. It is, therefore, affected by multiple vulnerabilities as referenced in the February 29, 2024 advisory.

- Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-1938)

- Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-1939)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 122.0.2365.63 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-1938
CVE CVE-2024-1939
XREF IAVA:2024-A-0116-S
Plugin Information
Published: 2024/02/29, Modified: 2024/03/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 122.0.2365.63
191717 - Microsoft Edge (Chromium) < 122.0.2365.80 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.80. It is, therefore, affected by multiple vulnerabilities as referenced in the March 7, 2024 advisory.

- Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2173)

- Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2174)

- Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2176)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 122.0.2365.80 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-2173
CVE CVE-2024-2174
CVE CVE-2024-2176
XREF IAVA:2024-A-0143-S
XREF IAVA:2024-A-0173
Plugin Information
Published: 2024/03/07, Modified: 2024/03/22
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 122.0.2365.80
192478 - Microsoft Edge (Chromium) < 123.0.2420.53 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 123.0.2420.53. It is, therefore, affected by multiple vulnerabilities as referenced in the March 22, 2024 advisory.

- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-26247)

- Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2625)

- Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2626)

- Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2627)

- Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) (CVE-2024-2628)

- Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2629)

- Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) (CVE-2024-2630)

- Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) (CVE-2024-2631)

- Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-29057)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 123.0.2420.53 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/03/22, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 123.0.2420.53
193282 - Microsoft Edge (Chromium) < 123.0.2420.97 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 123.0.2420.97. It is, therefore, affected by multiple vulnerabilities as referenced in the April 12, 2024 advisory.

- Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via specific UI gestures. (Chromium security severity: High) (CVE-2024-3157)

- Use after free in Dawn in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3515)

- Heap buffer overflow in ANGLE in Google Chrome prior to 123.0.6312.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-3516)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 123.0.2420.97 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2024/04/12, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 123.0.2420.97
179635 - Microsoft Teams < 1.6.0.18681 RCE
-
Synopsis
The version of Microsoft Teams installed on the remote Windows host is affected by a Remote Code Execution vulnerability.
Description
The version of Microsoft Teams installed on the remote Windows host is version prior to 1.6.0.18681. It is, therefore, affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Teams 1.6.0.18681 or later.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29328
CVE CVE-2023-29330
XREF IAVA:2023-A-0417
Plugin Information
Published: 2023/08/10, Modified: 2023/08/14
Plugin Output

tcp/445/cifs


Path : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

tcp/445/cifs


Path : C:\Users\Administrator\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

tcp/445/cifs


Path : C:\Users\DBAdmin\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

tcp/445/cifs


Path : C:\Users\EVEMAAdmin\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

tcp/445/cifs


Path : C:\Users\ikeda\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

tcp/445/cifs


Path : C:\Users\testuser1\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

tcp/445/cifs


Path : C:\Users\testuser2\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.18681

179632 - Microsoft Windows HEVC Video Extension from Device Manufacturer RCE (August 2023)
-
Synopsis
The Windows app installed on the remote host is affected by a remote code execution vulnerability.
Description
The Windows 'HEVC from Device Manufacturer' app installed on the remote host is affected by a remote code execution vulnerability. An attacker who successfully exploits this vulnerability could execute arbitrary code. Exploitation of the vulnerability requires that a program process a specially crafted file.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to app version 2.0.61931.0 or later via the Microsoft Store.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2023/08/10, Modified: 2024/04/08
Plugin Output

tcp/0


Path : C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_2.0.61591.0_x64__8wekyb3d8bbwe
Installed version : 2.0.61591.0
Fixed version : 2.0.61931.0

193217 - Security Updates for Microsoft .NET Framework (April 2024)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability.
See Also
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.4 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.0 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21409
MSKB 5036604
MSKB 5036605
MSKB 5036606
MSKB 5036607
MSKB 5036608
MSKB 5036609
MSKB 5036610
MSKB 5036611
MSKB 5036612
MSKB 5036613
MSKB 5036614
MSKB 5036615
MSKB 5036618
MSKB 5036619
MSKB 5036620
MSKB 5036621
MSKB 5036624
MSKB 5036625
MSKB 5036626
MSKB 5036627
MSKB 5036631
MSKB 5036632
MSKB 5036633
MSKB 5036634
MSKB 5036636
MSKB 5036637
XREF MSFT:MS24-5036604
XREF MSFT:MS24-5036605
XREF MSFT:MS24-5036606
XREF MSFT:MS24-5036607
XREF MSFT:MS24-5036608
XREF MSFT:MS24-5036609
XREF MSFT:MS24-5036610
XREF MSFT:MS24-5036611
XREF MSFT:MS24-5036612
XREF MSFT:MS24-5036613
XREF MSFT:MS24-5036614
XREF MSFT:MS24-5036615
XREF MSFT:MS24-5036618
XREF MSFT:MS24-5036619
XREF MSFT:MS24-5036620
XREF MSFT:MS24-5036621
XREF MSFT:MS24-5036624
XREF MSFT:MS24-5036625
XREF MSFT:MS24-5036626
XREF MSFT:MS24-5036627
XREF MSFT:MS24-5036631
XREF MSFT:MS24-5036632
XREF MSFT:MS24-5036633
XREF MSFT:MS24-5036634
XREF MSFT:MS24-5036636
XREF MSFT:MS24-5036637
XREF IAVA:2024-A-0219
Plugin Information
Published: 2024/04/11, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5036620

C:\windows\Microsoft.NET\Framework\v4.0.30319\system.runtime.serialization.dll has not been patched.
Remote version : 4.8.9032.0
Should be : 4.8.9236.0

179664 - Security Updates for Microsoft .NET Framework (August 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in applications running on IIS using their parent application's Application Pool which can lead to privilege escalation and other security bypasses. (CVE-2023-36899)

- A spoofing vulnerability where an unauthenticated remote attacker can sign ClickOnce deployments without a valid code signing certificate. (CVE-2023-36873)
See Also
http://www.nessus.org/u?31a7e1cb
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899
https://support.microsoft.com/en-us/help/5028946
https://support.microsoft.com/en-us/help/5028947
https://support.microsoft.com/en-us/help/5028948
https://support.microsoft.com/en-us/help/5028950
https://support.microsoft.com/en-us/help/5028951
https://support.microsoft.com/en-us/help/5028952
https://support.microsoft.com/en-us/help/5028953
https://support.microsoft.com/en-us/help/5028954
https://support.microsoft.com/en-us/help/5028955
https://support.microsoft.com/en-us/help/5028956
https://support.microsoft.com/en-us/help/5028957
https://support.microsoft.com/en-us/help/5028958
https://support.microsoft.com/en-us/help/5028960
https://support.microsoft.com/en-us/help/5028961
https://support.microsoft.com/en-us/help/5028962
https://support.microsoft.com/en-us/help/5028963
https://support.microsoft.com/en-us/help/5028967
https://support.microsoft.com/en-us/help/5028968
https://support.microsoft.com/en-us/help/5028969
https://support.microsoft.com/en-us/help/5028970
https://support.microsoft.com/en-us/help/5028973
https://support.microsoft.com/en-us/help/5028974
https://support.microsoft.com/en-us/help/5028975
https://support.microsoft.com/en-us/help/5028976
https://support.microsoft.com/en-us/help/5028977
https://support.microsoft.com/en-us/help/5028978
https://support.microsoft.com/en-us/help/5028979
https://support.microsoft.com/en-us/help/5028980
https://support.microsoft.com/en-us/help/5028981
https://support.microsoft.com/en-us/help/5028982
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
9.0 (CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36873
CVE CVE-2023-36899
MSKB 5028946
MSKB 5028947
MSKB 5028948
MSKB 5028950
MSKB 5028951
MSKB 5028952
MSKB 5028953
MSKB 5028954
MSKB 5028955
MSKB 5028956
MSKB 5028957
MSKB 5028958
MSKB 5028960
MSKB 5028961
MSKB 5028962
MSKB 5028963
MSKB 5028967
MSKB 5028968
MSKB 5028969
MSKB 5028970
MSKB 5028973
MSKB 5028974
MSKB 5028975
MSKB 5028976
MSKB 5028977
MSKB 5028978
MSKB 5028979
MSKB 5028980
MSKB 5028981
MSKB 5028982
XREF MSFT:MS23-5028946
XREF MSFT:MS23-5028947
XREF MSFT:MS23-5028948
XREF MSFT:MS23-5028950
XREF MSFT:MS23-5028951
XREF MSFT:MS23-5028952
XREF MSFT:MS23-5028953
XREF MSFT:MS23-5028954
XREF MSFT:MS23-5028955
XREF MSFT:MS23-5028956
XREF MSFT:MS23-5028957
XREF MSFT:MS23-5028958
XREF MSFT:MS23-5028960
XREF MSFT:MS23-5028961
XREF MSFT:MS23-5028962
XREF MSFT:MS23-5028963
XREF MSFT:MS23-5028967
XREF MSFT:MS23-5028968
XREF MSFT:MS23-5028969
XREF MSFT:MS23-5028970
XREF MSFT:MS23-5028973
XREF MSFT:MS23-5028974
XREF MSFT:MS23-5028975
XREF MSFT:MS23-5028976
XREF MSFT:MS23-5028977
XREF MSFT:MS23-5028978
XREF MSFT:MS23-5028979
XREF MSFT:MS23-5028980
XREF MSFT:MS23-5028981
XREF MSFT:MS23-5028982
XREF IAVA:2023-A-0406-S
Plugin Information
Published: 2023/08/10, Modified: 2023/09/15
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5028948

C:\windows\Microsoft.NET\Framework\v4.0.30319\system.windows.forms.dll has not been patched.
Remote version : 4.8.9075.0
Should be : 4.8.9176.0

181375 - Security Updates for Microsoft .NET Framework (September 2023)
-
Synopsis
The Microsoft .NET Framework installation on the remote host is missing a security update.
Description
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Multiple vulnerabilities in DiaSymReader.dll where parsing an corrupted PDB can result in remote code execution. (CVE-2023-36792, CVE-2023-36793, CVE-2023-36794 CVE-2023-36796)

- A vulnerability in the WPF XML parser where an unsandboxed parser can lead to remote code execution.
(CVE-2023-36788)
See Also
http://www.nessus.org/u?3bbdfd35
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796
https://support.microsoft.com/en-us/help/5029915
https://support.microsoft.com/en-us/help/5029916
https://support.microsoft.com/en-us/help/5029917
https://support.microsoft.com/en-us/help/5029919
https://support.microsoft.com/en-us/help/5029920
https://support.microsoft.com/en-us/help/5029921
https://support.microsoft.com/en-us/help/5029922
https://support.microsoft.com/en-us/help/5029923
https://support.microsoft.com/en-us/help/5029924
https://support.microsoft.com/en-us/help/5029925
https://support.microsoft.com/en-us/help/5029926
https://support.microsoft.com/en-us/help/5029927
https://support.microsoft.com/en-us/help/5029928
https://support.microsoft.com/en-us/help/5029929
https://support.microsoft.com/en-us/help/5029931
https://support.microsoft.com/en-us/help/5029932
https://support.microsoft.com/en-us/help/5029933
https://support.microsoft.com/en-us/help/5029937
https://support.microsoft.com/en-us/help/5029938
https://support.microsoft.com/en-us/help/5029940
https://support.microsoft.com/en-us/help/5029941
https://support.microsoft.com/en-us/help/5029942
https://support.microsoft.com/en-us/help/5029943
https://support.microsoft.com/en-us/help/5029944
https://support.microsoft.com/en-us/help/5029945
https://support.microsoft.com/en-us/help/5029946
https://support.microsoft.com/en-us/help/5029947
https://support.microsoft.com/en-us/help/5029948
https://support.microsoft.com/en-us/help/5030030
https://support.microsoft.com/en-us/help/5030160
Solution
Microsoft has released security updates for Microsoft .NET Framework.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36788
CVE CVE-2023-36792
CVE CVE-2023-36793
CVE CVE-2023-36794
CVE CVE-2023-36796
MSKB 5029915
MSKB 5029916
MSKB 5029917
MSKB 5029919
MSKB 5029920
MSKB 5029921
MSKB 5029922
MSKB 5029923
MSKB 5029924
MSKB 5029925
MSKB 5029926
MSKB 5029927
MSKB 5029928
MSKB 5029929
MSKB 5029931
MSKB 5029932
MSKB 5029933
MSKB 5029937
MSKB 5029938
MSKB 5029940
MSKB 5029941
MSKB 5029942
MSKB 5029943
MSKB 5029944
MSKB 5029945
MSKB 5029946
MSKB 5029947
MSKB 5029948
MSKB 5030030
MSKB 5030160
XREF MSFT:MS23-5029916
XREF MSFT:MS23-5029917
XREF MSFT:MS23-5029919
XREF MSFT:MS23-5029920
XREF MSFT:MS23-5029921
XREF MSFT:MS23-5029922
XREF MSFT:MS23-5029923
XREF MSFT:MS23-5029924
XREF MSFT:MS23-5029925
XREF MSFT:MS23-5029926
XREF MSFT:MS23-5029927
XREF MSFT:MS23-5029928
XREF MSFT:MS23-5029929
XREF MSFT:MS23-5029931
XREF MSFT:MS23-5029932
XREF MSFT:MS23-5029933
XREF MSFT:MS23-5029937
XREF MSFT:MS23-5029938
XREF MSFT:MS23-5029940
XREF MSFT:MS23-5029941
XREF MSFT:MS23-5029942
XREF MSFT:MS23-5029943
XREF MSFT:MS23-5029944
XREF MSFT:MS23-5029945
XREF MSFT:MS23-5029946
XREF MSFT:MS23-5029947
XREF MSFT:MS23-5029948
XREF MSFT:MS23-5030030
XREF MSFT:MS23-5030160
XREF IAVA:2023-A-0470-S
Plugin Information
Published: 2023/09/13, Modified: 2023/11/16
Plugin Output

tcp/445/cifs


Microsoft .NET Framework 4.8.1
The remote host is missing one of the following rollup KBs :

Cumulative
- 5029921

C:\windows\Microsoft.NET\Framework\v4.0.30319\diasymreader.dll has not been patched.
Remote version : 14.8.9166.0
Should be : 14.8.9186.0

179613 - Security Updates for Microsoft Excel Products C2R (August 2023)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Two remote code execution vulnerabilities. (CVE-2023-36896, CVE-2023-35371)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36896
CVE CVE-2023-35371
XREF IAVA:2023-A-0405-S
XREF IAVA:2023-A-0419-S
Plugin Information
Published: 2023/08/09, Modified: 2023/09/18
Plugin Output

tcp/445/cifs



Product : Excel LTSC 2021
- C:\Program Files\Microsoft Office\root\Office16\Excel.exe has not been patched.
Remote version : 16.0.14332.20529
Fixed version : 16.0.14332.20546
185742 - Security Updates for Microsoft Excel Products C2R Information Disclosure (November 2023)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability. (CVE-2023-36041)

- A security feature bypass vulnerability. (CVE-2023-36037)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.0 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36041
CVE CVE-2023-36037
XREF IAVA:2023-A-0620-S
Plugin Information
Published: 2023/11/15, Modified: 2024/02/16
Plugin Output

tcp/445/cifs



Product : Excel LTSC 2021
- C:\Program Files\Microsoft Office\root\Office16\Excel.exe has not been patched.
Remote version : 16.0.14332.20529
Fixed version : 16.0.14332.20604
179614 - Security Updates for Microsoft Office Products C2R (August 2023)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability. (CVE-2023-36895)

- A runtime spoofing vulnerability. (CVE-2023-36897)

The missing office update will also enhances security as a defense in depth measure. The update stops the attack chain that can lead to the Windows Search Remote Code Execution Vulnerability (CVE-2023-36884). Note that this does not mean the product is necessarily vulnerable to this CVE, only that this update provides extra mitigation. (ADV230003)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36897
CVE CVE-2023-36895
XREF IAVA:2023-A-0419-S
Plugin Information
Published: 2023/08/09, Modified: 2023/09/18
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2021
- C:\Program Files\Microsoft Office\root\Office16\graph.exe has not been patched.
Remote version : 16.0.14332.20529
Should be : 16.0.14332.20546
185741 - Security Updates for Microsoft Office Products C2R Multiple Vulnerabilities (November 2023)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- A remote code execution vulnerability in Microsoft Office Graphics. (CVE-2023-36045)

- A security feature bypass vulnerability. (CVE-2023-36413)


Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36045
CVE CVE-2023-36413
XREF IAVA:2023-A-0623-S
Plugin Information
Published: 2023/11/15, Modified: 2023/12/15
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2021
- C:\Program Files\Microsoft Office\root\Office16\graph.exe has not been patched.
Remote version : 16.0.14332.20529
Should be : 16.0.14332.20604
183032 - Security Updates for Microsoft Office Products C2R Multiple Vulnerabilities (October 2023)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
The Microsoft Office Products are missing a security update. It is, therefore, affected by two elevation of privilege vulnerabilities.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
8.4 (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.3 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36568
CVE CVE-2023-36569
XREF IAVA:2023-A-0549-S
Plugin Information
Published: 2023/10/13, Modified: 2023/11/16
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2021
- C:\Program Files\Microsoft Office\root\Office16\graph.exe has not been patched.
Remote version : 16.0.14332.20529
Should be : 16.0.14332.20582
187973 - Security Updates for Microsoft Office Products C2R RCE (January 2024)
-
Synopsis
The Microsoft Office Products are missing a security update.
Description
A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-20677
XREF IAVA:2024-A-0012-S
Plugin Information
Published: 2024/01/12, Modified: 2024/04/08
Plugin Output

tcp/445/cifs



Product : Microsoft Office 2021
- C:\Program Files\Microsoft Office\root\Office16\graph.exe has not been patched.
Remote version : 16.0.14332.20529
Should be : 16.0.14332.20624

193160 - Security Updates for Microsoft SQL Server ODBC Driver (April 2024)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28929)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28930)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28931)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2024/04/12
Plugin Output

tcp/0


Path : C:\Windows\System32\msodbcsql17.dll
Installed version : 17.10.4.1
Fixed version : 17.10.6
183036 - Security Updates for Microsoft SQL Server ODBC Driver (October 2023)
-
Synopsis
The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server ODBC Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.

- An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36417, CVE-2023-36420, CVE-2023-36730, CVE-2023-36785)

- An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2023-36728)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL ODBC Driver.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
References
Plugin Information
Published: 2023/10/13, Modified: 2023/10/16
Plugin Output

tcp/0


Path : C:\Windows\System32\msodbcsql17.dll
Installed version : 17.10.4.1
Fixed version : 17.10.5.1

193161 - Security Updates for Microsoft SQL Server OLE DB Driver (April 2024)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities:

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28906)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28908)

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2024-28909)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
Plugin Information
Published: 2024/04/10, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.5.0
Fixed version : 18.7.2
178852 - Security Updates for Microsoft SQL Server OLE DB Driver (June 2023)
-
Synopsis
The Microsoft SQL Server installation on the remote host is missing a security update.
Description
The Microsoft SQL Server driver installation on the remote host is missing a security update. It is, therefore, affected by remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL Driver.
Risk Factor
Critical
CVSS v3.0 Base Score
8.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
7.4 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-29349
CVE CVE-2023-32028
CVE CVE-2023-38169
XREF IAVA:2023-A-0410-S
Plugin Information
Published: 2023/07/26, Modified: 2023/10/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.5.0
Fixed version : 18.6.6
182968 - Security Updates for Microsoft SQL Server OLE DB Driver (October 2023)
-
Synopsis
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update.
Description
The Microsoft SQL Server OLE DB Driver installed on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities.

- A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands. (CVE-2023-36417)

- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2023-36728) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Microsoft has released security updates for the Microsoft SQL OLE DB Driver.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36417
CVE CVE-2023-36728
XREF IAVA:2023-A-0541-S
Plugin Information
Published: 2023/10/12, Modified: 2024/01/12
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Installed version : 18.6.5.0
Fixed version : 18.6.7
190544 - Security Updates for Microsoft Word Products C2R (February 2024)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word application installed on the remote host is missing a security update. It is, therefore, affected by a remote code execution vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
5.3 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21379
XREF IAVA:2024-A-0097
XREF IAVA:2024-A-0094
Plugin Information
Published: 2024/02/14, Modified: 2024/02/16
Plugin Output

tcp/445/cifs



Product : Word LTSC 2021
- C:\Program Files\Microsoft Office\root\Office16\WinWord.exe has not been patched.
Remote version : 16.0.14332.20529
Fixed version : 16.0.14332.20637
181344 - Security Updates for Microsoft Word Products C2R Multiple Vulnerabilities (September 2023)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word Products are missing a security update. It is, therefore, affected by the following vulnerabilities:

- A remote code execution vulnerability. (CVE-2023-36762)

- An information disclosure vulnerability. (CVE-2023-36761)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
7.3 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L)
CVSS v3.0 Temporal Score
6.8 (CVSS:3.0/E:F/RL:O/RC:C)
CVSS v2.0 Base Score
6.8 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:P)
CVSS v2.0 Temporal Score
5.6 (CVSS2#E:F/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36761
CVE CVE-2023-36762
XREF CISA-KNOWN-EXPLOITED:2023/10/03
XREF IAVA:2023-A-0481-S
Plugin Information
Published: 2023/09/13, Modified: 2024/02/16
Plugin Output

tcp/445/cifs



Product : Word LTSC 2021
- C:\Program Files\Microsoft Office\root\Office16\WinWord.exe has not been patched.
Remote version : 16.0.14332.20529
Fixed version : 16.0.14332.20565
166555 - WinVerifyTrust Signature Validation CVE-2013-3900 Mitigation (EnableCertPaddingCheck)
-
Synopsis
The remote Windows host is potentially missing a mitigation for a remote code execution vulnerability.
Description
The remote system may be in a vulnerable state to CVE-2013-3900 due to a missing or misconfigured registry keys:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck An unauthenticated, remote attacker could exploit this, by sending specially crafted requests, to execute arbitrary code on an affected host.
See Also
Solution
Add and enable registry value EnableCertPaddingCheck:
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck

Additionally, on 64 Bit OS systems, Add and enable registry value EnableCertPaddingCheck:

- HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck
Risk Factor
High
CVSS v3.0 Base Score
7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
CVSS v3.0 Temporal Score
7.5 (CVSS:3.0/E:H/RL:O/RC:C)
CVSS v2.0 Base Score
7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS v2.0 Temporal Score
6.6 (CVSS2#E:H/RL:OF/RC:C)
STIG Severity
II
References
CVE CVE-2013-3900
XREF CISA-KNOWN-EXPLOITED:2022/07/10
XREF IAVA:2013-A-0227
Plugin Information
Published: 2022/10/26, Modified: 2023/12/26
Plugin Output

tcp/445/cifs



Nessus detected the following potentially insecure registry key configuration:
- Software\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
- Software\Wow6432Node\Microsoft\Cryptography\Wintrust\Config\EnableCertPaddingCheck is not present in the registry.
189188 - Microsoft Edge (Chromium) < 120.0.2210.133 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.133. It is, therefore, affected by multiple vulnerabilities as referenced in the January 11, 2024 advisory.

- Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) (CVE-2024-0333)

- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-20675)

- Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. (CVE-2024-20709, CVE-2024-20721)

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21337)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.133 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
5.5 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
5.5 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-0333
CVE CVE-2024-20675
CVE CVE-2024-20709
CVE CVE-2024-20721
CVE CVE-2024-21337
XREF IAVA:2024-A-0040-S
Plugin Information
Published: 2024/01/18, Modified: 2024/02/02
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 120.0.2210.133
189605 - Microsoft Edge (Chromium) < 120.0.2210.160 / 121.0.2277.83 (CVE-2024-21388)
-
Synopsis
The remote host has an web browser installed that is affected by a vulnerability.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 120.0.2210.160 / 121.0.2277.83. It is, therefore, affected by a vulnerability as referenced in the January 30, 2024 advisory.

- Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability (CVE-2024-21388)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 120.0.2210.160 / 121.0.2277.83 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L)
CVSS v3.0 Temporal Score
5.9 (CVSS:3.0/E:P/RL:O/RC:C)
CVSS v2.0 Base Score
5.1 (CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)
CVSS v2.0 Temporal Score
4.0 (CVSS2#E:POC/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-21388
XREF IAVA:2024-A-0060-S
Plugin Information
Published: 2024/01/25, Modified: 2024/03/28
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 121.0.2277.83
192932 - Microsoft Edge (Chromium) < 122.0.2365.120 / 123.0.2420.81 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.120 / 123.0.2420.81. It is, therefore, affected by multiple vulnerabilities as referenced in the April 4, 2024 advisory.

- Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability (CVE-2024-29049)

- Microsoft Edge (Chromium-based) Spoofing Vulnerability (CVE-2024-29981)

- Inappropriate implementation in V8. (CVE-2024-3156)

- Use after free in Bookmarks. (CVE-2024-3158)

- Out of bounds memory access in V8. (CVE-2024-3159)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 122.0.2365.120 / 123.0.2420.81 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
3.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-3156
CVE CVE-2024-3158
CVE CVE-2024-3159
CVE CVE-2024-29049
CVE CVE-2024-29981
XREF IAVA:2024-A-0204
Plugin Information
Published: 2024/04/04, Modified: 2024/04/12
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 123.0.2420.81
192123 - Microsoft Edge (Chromium) < 122.0.2365.92 Multiple Vulnerabilities
-
Synopsis
The remote host has an web browser installed that is affected by multiple vulnerabilities.
Description
The version of Microsoft Edge installed on the remote Windows host is prior to 122.0.2365.92. It is, therefore, affected by multiple vulnerabilities as referenced in the March 14, 2024 advisory.

- Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) (CVE-2024-2400)

- Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability (CVE-2024-26163, CVE-2024-26246)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Edge version 122.0.2365.92 or later.
Risk Factor
Medium
CVSS v3.0 Base Score
4.7 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.1 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2024-2400
CVE CVE-2024-26163
CVE CVE-2024-26246
XREF IAVA:2024-A-0173-S
Plugin Information
Published: 2024/03/14, Modified: 2024/03/29
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Installed version : 115.0.1901.183
Fixed version : 122.0.2365.92
175408 - Microsoft Teams < 1.6.0.11166 Information Disclosure
-
Synopsis
The version of Microsoft Teams installed on the remote Windows host is affected by an information disclosure vulnerability.
Description
The version of Microsoft Teams installed on the remote Windows host is version prior to 1.6.0.11166. It is, therefore, affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this to disclose potentially sensitive information.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
See Also
Solution
Upgrade to Microsoft Teams 1.6.0.11166 or later.
Risk Factor
High
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
5.7 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
7.8 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
5.8 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-24881
XREF IAVA:2023-A-0247-S
Plugin Information
Published: 2023/05/12, Modified: 2023/08/11
Plugin Output

tcp/445/cifs


Path : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166

tcp/445/cifs


Path : C:\Users\Administrator\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166

tcp/445/cifs


Path : C:\Users\DBAdmin\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166

tcp/445/cifs


Path : C:\Users\EVEMAAdmin\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166

tcp/445/cifs


Path : C:\Users\ikeda\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166

tcp/445/cifs


Path : C:\Users\testuser1\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166

tcp/445/cifs


Path : C:\Users\testuser2\AppData\Local\Microsoft\Teams\current\
Installed version : 1.4.0.19572
Fixed version : 1.6.0.11166
57608 - SMB Signing not required
-
Synopsis
Signing is not required on the remote SMB server.
Description
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
See Also
Solution
Enforce message signing in the host's configuration. On Windows, this is found in the policy setting 'Microsoft network server: Digitally sign communications (always)'. On Samba, the setting is called 'server signing'. See the 'see also' links for further details.
Risk Factor
Medium
CVSS v3.0 Base Score
5.3 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
CVSS v3.0 Temporal Score
4.6 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
5.0 (CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)
CVSS v2.0 Temporal Score
3.7 (CVSS2#E:U/RL:OF/RC:C)
Plugin Information
Published: 2012/01/19, Modified: 2022/10/05
Plugin Output

tcp/445/cifs

51192 - SSL Certificate Cannot Be Trusted
-
Synopsis
The SSL certificate for this service cannot be trusted.
Description
The server's X.509 certificate cannot be trusted. This situation can occur in three different ways, in which the chain of trust can be broken, as stated below :

- First, the top of the certificate chain sent by the server might not be descended from a known public certificate authority. This can occur either when the top of the chain is an unrecognized, self-signed certificate, or when intermediate certificates are missing that would connect the top of the certificate chain to a known public certificate authority.

- Second, the certificate chain may contain a certificate that is not valid at the time of the scan. This can occur either when the scan occurs before one of the certificate's 'notBefore' dates, or after one of the certificate's 'notAfter' dates.

- Third, the certificate chain may contain a signature that either didn't match the certificate's information or could not be verified. Bad signatures can be fixed by getting the certificate with the bad signature to be re-signed by its issuer. Signatures that could not be verified are the result of the certificate's issuer using a signing algorithm that Nessus either does not support or does not recognize.

If the remote host is a public host in production, any break in the chain makes it more difficult for users to verify the authenticity and identity of the web server. This could make it easier to carry out man-in-the-middle attacks against the remote host.
See Also
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2010/12/15, Modified: 2020/04/27
Plugin Output

tcp/3389/msrdp


The following certificate was at the top of the certificate
chain sent by the remote host, but it is signed by an unknown
certificate authority :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
|-Issuer : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
57582 - SSL Self-Signed Certificate
-
Synopsis
The SSL certificate chain for this service ends in an unrecognized self-signed certificate.
Description
The X.509 certificate chain for this service is not signed by a recognized certificate authority. If the remote host is a public host in production, this nullifies the use of SSL as anyone could establish a man-in-the-middle attack against the remote host.

Note that this plugin does not check for certificate chains that end in a certificate that is not self-signed, but is signed by an unrecognized certificate authority.
Solution
Purchase or generate a proper SSL certificate for this service.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
CVSS v2.0 Base Score
6.4 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
Plugin Information
Published: 2012/01/17, Modified: 2022/06/14
Plugin Output

tcp/3389/msrdp


The following certificate was found at the top of the certificate
chain sent by the remote host, but is self-signed and was not
found in the list of known certificate authorities :

|-Subject : CN=masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

181343 - Security Updates for Microsoft Excel Products C2R Information Disclosure (September 2023)
-
Synopsis
The Microsoft Excel Products are missing a security update.
Description
The Microsoft Excel Products are missing a security update. It is, therefore, affected by an information disclosure vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36766
XREF IAVA:2023-A-0478-S
Plugin Information
Published: 2023/09/13, Modified: 2023/11/16
Plugin Output

tcp/445/cifs



Product : Excel LTSC 2021
- C:\Program Files\Microsoft Office\root\Office16\Excel.exe has not been patched.
Remote version : 16.0.14332.20529
Fixed version : 16.0.14332.20565
186906 - Security Updates for Microsoft Word Products C2R (December 2023)
-
Synopsis
The Microsoft Word Products are missing a security update.
Description
The Microsoft Word application installed on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
See Also
Solution
For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.
Risk Factor
Medium
CVSS v3.0 Base Score
5.5 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N)
CVSS v3.0 Temporal Score
4.8 (CVSS:3.0/E:U/RL:O/RC:C)
CVSS v2.0 Base Score
4.9 (CVSS2#AV:L/AC:L/Au:N/C:C/I:N/A:N)
CVSS v2.0 Temporal Score
3.6 (CVSS2#E:U/RL:OF/RC:C)
STIG Severity
I
References
CVE CVE-2023-36009
XREF IAVA:2023-A-0686-S
Plugin Information
Published: 2023/12/14, Modified: 2024/04/08
Plugin Output

tcp/445/cifs



Product : Word LTSC 2021
- C:\Program Files\Microsoft Office\root\Office16\WinWord.exe has not been patched.
Remote version : 16.0.14332.20529
Fixed version : 16.0.14332.20615

104743 - TLS Version 1.0 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.0. TLS 1.0 has a number of cryptographic design flaws. Modern implementations of TLS 1.0 mitigate these problems, but newer versions of TLS like 1.2 and 1.3 are designed against these flaws and should be used whenever possible.

As of March 31, 2020, Endpoints that aren’t enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.

PCI DSS v3.2 requires that TLS 1.0 be disabled entirely by June 30, 2018, except for POS POI terminals (and the SSL/TLS termination points to which they connect) that can be verified as not being susceptible to any known exploits.
See Also
Solution
Enable support for TLS 1.2 and 1.3, and disable support for TLS 1.0.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2017/11/22, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1 is enabled and the server supports at least one cipher.
157288 - TLS Version 1.1 Protocol Deprecated
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1. TLS 1.1 lacks support for current and recommended cipher suites. Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
Medium
CVSS v3.0 Base Score
6.5 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N)
CVSS v2.0 Base Score
6.1 (CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:N)
References
XREF CWE:327
Plugin Information
Published: 2022/04/04, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1.1 is enabled and the server supports at least one cipher.

40797 - Adobe Acrobat Detection
-
Synopsis
Adobe Acrobat is installed on the remote Windows host.
Description
Adobe Acrobat, a PDF file creation and editing tool, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0512
Plugin Information
Published: 2009/08/28, Modified: 2024/03/05
Plugin Output

tcp/445/cifs


Path : C:\Program Files\Adobe\Acrobat DC
Version : 23.3.20244
Track : DC

92415 - Application Compatibility Cache
-
Synopsis
Nessus was able to gather application compatibility settings on the remote host.
Description
Nessus was able to generate a report on the application compatibility cache on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Application compatibility cache report attached.
34096 - BIOS Info (WMI)
-
Synopsis
The BIOS info could be read.
Description
It is possible to get information about the BIOS via the host's WMI interface.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/05, Modified: 2024/03/26
Plugin Output

tcp/0


Vendor : HP
Version : U01 Ver. 02.10.05
Release date : 20230410000000.000000+000
UUID : BA32D30E-9124-4368-9CAF-8FE0D123FE92
Secure boot : enabled
92416 - BagMRU Folder History
-
Synopsis
Nessus was able to enumerate folders that were opened in Windows Explorer.
Description
Nessus was able to enumerate folders that were opened in Windows Explorer. Microsoft Windows maintains folder settings using a registry key known as shellbags or BagMRU. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

BagMRU report attached.
45590 - Common Platform Enumeration (CPE)
-
Synopsis
It was possible to enumerate CPE names that matched on the remote system.
Description
By using information obtained from a Nessus scan, this plugin reports CPE (Common Platform Enumeration) matches for various hardware and software products found on a host.

Note that if an official CPE is not available for the product, this plugin computes the best possible CPE based on the information available from the scan.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/04/21, Modified: 2024/04/03
Plugin Output

tcp/0


The remote operating system matched the following CPE :

cpe:/o:microsoft:windows_11 -> Microsoft Windows 11 on Arm64

Following application CPE's matched on the remote system :

cpe:/a:adobe:acrobat:23.3.20244 -> Adobe Acrobat
cpe:/a:haxx:curl:8.0.1.0 -> Haxx Curl
cpe:/a:hp:support_assistant:9.27.63.0 -> HP Support Assistant
cpe:/a:mcafee:epolicy_orchestrator_agent:5.8.0.161 -> McAfee ePolicy Orchestrator Agent
cpe:/a:microsoft:.net_framework:4.8.1 -> Microsoft .NET Framework
cpe:/a:microsoft:.net_framework:4.8.9166.0 -> Microsoft .NET Framework
cpe:/a:microsoft:edge:115.0.1901.183 -> Microsoft Edge
cpe:/a:microsoft:excel:16.0.14332.20529:0 -> マイクロソフト エクセル
cpe:/a:microsoft:excelcnv:16.0.14332.20529:0
cpe:/a:microsoft:ie:11.1.22621.0 -> Microsoft Internet Explorer
cpe:/a:microsoft:internet_explorer:11.0.22621.1928 -> Microsoft Internet Explorer
cpe:/a:microsoft:office:2021:0 -> Microsoft Office
cpe:/a:microsoft:office_compatibility_pack -> Microsoft Office Compatibility Pack Service Pack 2
cpe:/a:microsoft:office_compatibility_pack:16.0.14332.20529 -> Microsoft Office Compatibility Pack Service Pack 2
cpe:/a:microsoft:onenote:16.0.14332.20529 -> Microsoft OneNote
cpe:/a:microsoft:onenote:16.0.14332.20529:0 -> Microsoft OneNote
cpe:/a:microsoft:powerpoint:16.0.14332.20529:0 -> Microsoft PowerPoint
cpe:/a:microsoft:publisher:16.0.14332.20529:0 -> Microsoft Publisher
cpe:/a:microsoft:remote_desktop_connection:10.0.22621.1778 -> Microsoft Remote Desktop Connection
cpe:/a:microsoft:teams:1.4.0.19572 -> Microsoft Teams
cpe:/a:microsoft:windows_app_store:0.1.28.0
cpe:/a:microsoft:windows_app_store:1.0.1.0
cpe:/a:microsoft:windows_app_store:1.0.36.0
cpe:/a:microsoft:windows_app_store:1.0.50901.0
cpe:/a:microsoft:windows_app_store:1.0.52351.0
cpe:/a:microsoft:windows_app_store:1.0.61171.0
cpe:/a:microsoft:windows_app_store:1.0.61591.0
cpe:/a:microsoft:windows_app_store:1.0.67.0
cpe:/a:microsoft:windows_app_store:1.100.5131.0
cpe:/a:microsoft:windows_app_store:1.17.11461.0
cpe:/a:microsoft:windows_app_store:1.2.74.0
cpe:/a:microsoft:windows_app_store:1.20.1881.0
cpe:/a:microsoft:windows_app_store:1.21.13002.0
cpe:/a:microsoft:windows_app_store:1.2304.1243.0
cpe:/a:microsoft:windows_app_store:1.23052.123.0
cpe:/a:microsoft:windows_app_store:1.24.10001.0
cpe:/a:microsoft:windows_app_store:1.3.24211.0
cpe:/a:microsoft:windows_app_store:1.4.24201.0
cpe:/a:microsoft:windows_app_store:1.54.4001.0
cpe:/a:microsoft:windows_app_store:10.0.19580.1000
cpe:/a:microsoft:windows_app_store:10.0.19587.1000
cpe:/a:microsoft:windows_app_store:10.0.19595.1001
cpe:/a:microsoft:windows_app_store:10.0.19640.1000
cpe:/a:microsoft:windows_app_store:10.0.21302.1000
cpe:/a:microsoft:windows_app_store:10.0.22621.1
cpe:/a:microsoft:windows_app_store:10.0.22621.1778
cpe:/a:microsoft:windows_app_store:10.0.22621.1928
cpe:/a:microsoft:windows_app_store:10.0.22621.900
cpe:/a:microsoft:windows_app_store:10.0.23012.0
cpe:/a:microsoft:windows_app_store:10.0.6.1000
cpe:/a:microsoft:windows_app_store:10.0.7204.0
cpe:/a:microsoft:windows_app_store:10.2202.31.0
cpe:/a:microsoft:windows_app_store:10.22091.10041.0
cpe:/a:microsoft:windows_app_store:10.2303.10961.0
cpe:/a:microsoft:windows_app_store:10.2306.0.0
cpe:/a:microsoft:windows_app_store:1000.19580.1000.0
cpe:/a:microsoft:windows_app_store:1000.22621.1.0
cpe:/a:microsoft:windows_app_store:1000.22635.1000.0
cpe:/a:microsoft:windows_app_store:1000.22644.1000.0
cpe:/a:microsoft:windows_app_store:1000.25873.9001.0
cpe:/a:microsoft:windows_app_store:11.2202.24.0
cpe:/a:microsoft:windows_app_store:11.2210.0.0
cpe:/a:microsoft:windows_app_store:11.2302.19.0
cpe:/a:microsoft:windows_app_store:11.2303.17.0
cpe:/a:microsoft:windows_app_store:11.2303.5.0
cpe:/a:microsoft:windows_app_store:11.2304.25.0
cpe:/a:microsoft:windows_app_store:11.2305.18.0
cpe:/a:microsoft:windows_app_store:11.2305.4.0
cpe:/a:microsoft:windows_app_store:115.0.1901.183
cpe:/a:microsoft:windows_app_store:12.95.3001.0
cpe:/a:microsoft:windows_app_store:14.0.30704.0
cpe:/a:microsoft:windows_app_store:14.0.32530.0
cpe:/a:microsoft:windows_app_store:16005.14326.21508.0
cpe:/a:microsoft:windows_app_store:18.2305.1222.0
cpe:/a:microsoft:windows_app_store:2.0.21.0
cpe:/a:microsoft:windows_app_store:2.0.61591.0
cpe:/a:microsoft:windows_app_store:2.1.26424.0
cpe:/a:microsoft:windows_app_store:2.1.27427.0
cpe:/a:microsoft:windows_app_store:2.1.61661.0
cpe:/a:microsoft:windows_app_store:2.100.61791.0
cpe:/a:microsoft:windows_app_store:2.2.28604.0
cpe:/a:microsoft:windows_app_store:2.2.29512.0
cpe:/a:microsoft:windows_app_store:2.2.5.0
cpe:/a:microsoft:windows_app_store:2.3.0.0
cpe:/a:microsoft:windows_app_store:2.32002.13001.0
cpe:/a:microsoft:windows_app_store:2.41.289.0
cpe:/a:microsoft:windows_app_store:2.42007.9001.0
cpe:/a:microsoft:windows_app_store:2.5.10921.0
cpe:/a:microsoft:windows_app_store:2.6.2.0
cpe:/a:microsoft:windows_app_store:2000.802.31.0
cpe:/a:microsoft:windows_app_store:2023.2305.4.0
cpe:/a:microsoft:windows_app_store:21.21030.25003.0
cpe:/a:microsoft:windows_app_store:22305.1401.5.0
cpe:/a:microsoft:windows_app_store:22306.1401.1.0
cpe:/a:microsoft:windows_app_store:2253.4.4.0
cpe:/a:microsoft:windows_app_store:22621.26.135.0
cpe:/a:microsoft:windows_app_store:2307.1001.5.0
cpe:/a:microsoft:windows_app_store:23142.709.1.0
cpe:/a:microsoft:windows_app_store:23306.3309.2530.1346
cpe:/a:microsoft:windows_app_store:25.52328.396.0
cpe:/a:microsoft:windows_app_store:3000.882.2207.0
cpe:/a:microsoft:windows_app_store:4.16.3140.0
cpe:/a:microsoft:windows_app_store:4.2204.13303.0
cpe:/a:microsoft:windows_app_store:4.53.51922.0
cpe:/a:microsoft:windows_app_store:4.55.51901.0
cpe:/a:microsoft:windows_app_store:4.6.0.0
cpe:/a:microsoft:windows_app_store:423.13900.0.0
cpe:/a:microsoft:windows_app_store:44.22621.1992.0
cpe:/a:microsoft:windows_app_store:5.823.3261.0
cpe:/a:microsoft:windows_app_store:53.10510.531.0
cpe:/a:microsoft:windows_app_store:6.2.2.0
cpe:/a:microsoft:windows_app_store:7.0.7.0
cpe:/a:microsoft:windows_app_store:7.2208.15002.0
cpe:/a:microsoft:windows_app_store:8.1.964.0
cpe:/a:microsoft:windows_app_store:8.2206.15001.0
cpe:/a:microsoft:windows_app_store:8.2306.22001.0
cpe:/a:microsoft:windows_app_store:9.27.63.0
cpe:/a:microsoft:word:16.0.14332.20529:0 -> Microsoft Word
cpe:/a:microsoft:wordcnv:16.0.14332.20529:0
cpe:/a:python:python:3.11.4150.1013 -> Python
x-cpe:/a:microsoft:azure_data_studio:1.44.0.0
x-cpe:/a:microsoft:odbc_driver_for_sql_server:17.10.4.1
x-cpe:/a:microsoft:ole_db_driver_for_sql_server:18.6.5.0
24270 - Computer Manufacturer Information (WMI)
-
Synopsis
It is possible to obtain the name of the remote computer manufacturer.
Description
By making certain WMI queries, it is possible to obtain the model of the remote computer as well as the name of its manufacturer and its serial number.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/02, Modified: 2024/03/26
Plugin Output

tcp/0


Computer Manufacturer : HP
Computer Model : HP Elite SFF 800 G9 Desktop PC
Computer SerialNumber : JPH325TZ10
Computer Type : Desktop

Computer Physical CPU's : 1
Computer Logical CPU's : 24
CPU0
Architecture : x64
Physical Cores: 16
Logical Cores : 24

Computer Memory : 65205 MB
Controller1ChannelBDimm1
Form Factor: DIMM
Type : Unknown
Capacity : 16384 MB
Controller1ChannelBDimm0
Form Factor: DIMM
Type : Unknown
Capacity : 16384 MB
Controller0ChannelADimm1
Form Factor: DIMM
Type : Unknown
Capacity : 16384 MB
Controller0ChannelADimm0
Form Factor: DIMM
Type : Unknown
Capacity : 16384 MB
171860 - Curl Installed (Windows)
-
Synopsis
Curl is installed on the remote Windows host.
Description
Curl, a command line tool for transferring data with URLs, was detected on the remote Windows host.

Please note, if the installation is located in either the Windows\System32 or Windows\SysWOW64 directory, it will be considered as managed by the OS. In this case, paranoid scanning is require to trigger downstream vulnerabilty checks. Paranoid scanning has no affect on this plugin itself.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/23, Modified: 2024/03/26
Plugin Output

tcp/0


Nessus detected 2 installs of Curl:

Path : C:\Windows\SysWOW64\curl.exe
Version : 8.0.1.0
Managed by OS : True

Path : C:\Windows\System32\curl.exe
Version : 8.0.1.0
Managed by OS : True

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/135/epmap


The following DCERPC services are available locally :

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : NETLOGON_LRPC

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 6c637067-6569-746e-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-09122d4985455d3981

Object UUID : 24d1f7c7-76af-4f28-9ccd-7f6cb6468601
UUID : 2eb08e3e-639f-4fba-97b1-14f878961076, version 1.0
Description : Unknown RPC service
Annotation : Group Policy RPC Interface
Type : Local RPC service
Named pipe : LRPC-3d16e715360d270a95

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE475430D22F1C2BDE2D472AB3E145

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bf4dc912-e52f-4904-8ebe-9317c1bdd497, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-8ccafc18fb2f3fc61e

Object UUID : bae10e73-0002-0000-9dab-7d0f635c171a
UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE33B7708117CD3D33FCE75FFCBBC7

Object UUID : bae10e73-0002-0000-9dab-7d0f635c171a
UUID : 509bc7ae-77be-4ee8-b07c-0d096bb44345, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ac44b524e5ecc87a71

Object UUID : 3bdb59a0-d736-4d44-9074-c1ee00000002
UUID : f3f09ffd-fbcf-4291-944d-70ad6e0e73bb, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-44763f00403d7aebc6

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000002
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc05044DA2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a4b8d482-80ce-40d6-934d-b22a01a44fe7, version 1.0
Description : Unknown RPC service
Annotation : LicenseManager
Type : Local RPC service
Named pipe : LicenseServiceEndpoint

Object UUID : ccb8aa07-7225-4ea0-8501-4b3c1b1acd43
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE24F67F4FF0EDFFC180FD6C0775C2

Object UUID : ccb8aa07-7225-4ea0-8501-4b3c1b1acd43
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-775535c92d62f4d172

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE24F67F4FF0EDFFC180FD6C0775C2

Object UUID : 582a47b2-bcd8-4d3c-8acb-fe09d5bd6eec
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-775535c92d62f4d172

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0497b57d-2e66-424f-a0c6-157cd5d41700, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-e06213a96728e33811

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 201ef99a-7fa0-444c-9399-19ba84f12a1a, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-e06213a96728e33811

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5f54ce7d-5b79-4175-8584-cb65313a0e98, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-e06213a96728e33811

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd7a0523-dc70-43dd-9b2e-9c5ed48225b1, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-e06213a96728e33811

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 58e604e8-9adb-4d2e-a464-3b0683fb1480, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-e06213a96728e33811

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0f738e20-73c0-4ca8-aa6a-8dfef545fea8, version 1.0
Description : Unknown RPC service
Annotation : AppInfo
Type : Local RPC service
Named pipe : LRPC-e06213a96728e33811

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : OLEB1A78E574F76CF76E8BD64AC0D8F

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 06bba54a-be05-49f9-b0a0-30f790261023, version 1.0
Description : Unknown RPC service
Annotation : Security Center
Type : Local RPC service
Named pipe : LRPC-2292b94ec7bbeaf36a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7a20fcec-dec4-4c59-be57-212e8f65d3de, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-11fe62ab8cac238793

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0767a036-0d22-48aa-ba69-b619480f38cb, version 1.0
Description : Unknown RPC service
Annotation : PcaSvc
Type : Local RPC service
Named pipe : LRPC-950c4a98ce81047ac6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4b112204-0e19-11d3-b42b-0000f81feb9f, version 1.0
Description : SSDP service
Windows process : unknow
Type : Local RPC service
Named pipe : LRPC-4a391907461b0bf4e7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 44d1520b-6133-41f0-8a66-d37305ecc357, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b1186b2c74e8ab29aa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f5663d1c-7cd6-4109-9d01-2c187b75c38f, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-b1186b2c74e8ab29aa

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c27f3c08-92ba-478c-b446-b419c4cef0e2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-62c4014523d95d9c7f

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7df1ceae-de4e-4e6f-ab14-49636e7c2052, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7b891f260288bb549b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d4051bde-9cdd-4910-b393-4aa85ec3c482, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c9dbf19-d39e-4bb9-90ee-8f7179b20283, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fd8be72b-a9cd-4b2c-a9ca-4ded242fbe4d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95095ec8-32ea-4eb0-a3e2-041f97b36168, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e38f5360-8572-473e-b696-1b46873beeab, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : d22895ef-aff4-42c5-a5b2-b14466d34ab4, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98cd761e-e77d-41c8-a3c0-0fb756d90ec2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEB6E19D46E92F81384ED2F5443293

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1d45e083-478f-437c-9618-3594ced8c235, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-eb2d04c90a9c83c079

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a00e7603-27b5-4a1a-8452-d001f41188a9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SECOMNRpcEndpoint.{2F0652D5-A8C1-4125-9DE2-115DFCD3504B}

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 714dc5c4-c5f6-466a-b037-a573c958031e, version 1.0
Description : Unknown RPC service
Annotation : ProcessTag Server Endpoint
Type : Local RPC service
Named pipe : OLE84F04C4D63A0D3EA21464E227310

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 714dc5c4-c5f6-466a-b037-a573c958031e, version 1.0
Description : Unknown RPC service
Annotation : ProcessTag Server Endpoint
Type : Local RPC service
Named pipe : LRPC-e99c23c5929bbc6a83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b4cb7611-ad0b-4c2d-b35f-ffe45785c709, version 1.0
Description : Unknown RPC service
Annotation : Wwan Service
Type : Local RPC service
Named pipe : LRPC-a213d398fd38ba84d9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9c56d792-0591-4431-8d1f-681bfd80e4c0, version 1.0
Description : Unknown RPC service
Annotation : Wwan Service Second
Type : Local RPC service
Named pipe : LRPC-a213d398fd38ba84d9

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LRPC-3822ac7df6d9bbbec6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3822ac7df6d9bbbec6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3822ac7df6d9bbbec6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3822ac7df6d9bbbec6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-3822ac7df6d9bbbec6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 25952c5d-7976-4aa1-a3cb-c35f7ae79d1b, version 1.0
Description : Unknown RPC service
Annotation : Wireless Diagnostics
Type : Local RPC service
Named pipe : LRPC-6dbef3d66f17aea23e

Object UUID : 6e616c77-7673-0063-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-6dbef3d66f17aea23e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service
Type : Local RPC service
Named pipe : LRPC-6dbef3d66f17aea23e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214ea9, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service
Type : Local RPC service
Named pipe : LRPC-32c61b4a1f64fa51dd

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214eb0, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service LowPriv
Type : Local RPC service
Named pipe : LRPC-6dbef3d66f17aea23e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 266f33b4-c7c1-4bd1-8f52-ddb8f2214eb0, version 1.0
Description : Unknown RPC service
Annotation : Wlan Service LowPriv
Type : Local RPC service
Named pipe : LRPC-32c61b4a1f64fa51dd

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : af7fead8-c34a-461f-8894-6d6f0e5eddcd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-6dbef3d66f17aea23e

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : af7fead8-c34a-461f-8894-6d6f0e5eddcd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-32c61b4a1f64fa51dd

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : af7fead8-c34a-461f-8894-6d6f0e5eddcd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEA6B54A6EB06D5C935C02E49CA95F

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : af7fead8-c34a-461f-8894-6d6f0e5eddcd, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-57102280dd11f442d3

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE30A69444CAF49B7850AC9A203D83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : abfb6ca3-0c5e-4734-9285-0aee72fe8d1c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fdfe5b53a6c1b3ce76

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE30A69444CAF49B7850AC9A203D83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b37f900a-eae4-4304-a2ab-12bb668c0188, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fdfe5b53a6c1b3ce76

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE30A69444CAF49B7850AC9A203D83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f44e62af-dab1-44c2-8013-049a9de417d6, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fdfe5b53a6c1b3ce76

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE30A69444CAF49B7850AC9A203D83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c2d1b5dd-fa81-4460-9dd6-e7658b85454b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fdfe5b53a6c1b3ce76

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE30A69444CAF49B7850AC9A203D83

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 13560fa9-8c09-4b56-a1fd-04d083b9b2a1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-fdfe5b53a6c1b3ce76

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b58aa02e-2884-4e97-8176-4ee06d794184, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a87e38f8a29784fbbd

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Windows Event Log
Type : Local RPC service
Named pipe : eventlog

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : senssvc

Object UUID : 736e6573-0000-0000-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-aaa795b950a3c29128

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 98716d03-89ac-44c7-bb8c-285824e51c4a, version 1.0
Description : Unknown RPC service
Annotation : XactSrv service
Type : Local RPC service
Named pipe : LRPC-27366ecd9a7178ed5a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1a0d010f-1c33-432c-b0f5-8cf4e8053099, version 1.0
Description : Unknown RPC service
Annotation : IdSegSrv service
Type : Local RPC service
Named pipe : LRPC-27366ecd9a7178ed5a

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e7a216af-1ec1-447f-8d3f-a87278db564d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-edf78abf18c713d413

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 26268c86-e770-433e-86ef-5f3ba6731fba, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE98CF87CE1F75040C2D73AA64B666

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 26268c86-e770-433e-86ef-5f3ba6731fba, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-25d41bc7ab7d75e145

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 78dcce84-7f13-4139-b8cd-ef222aa0408b, version 1.0
Description : Unknown RPC service
Annotation : StateRepository
Type : Local RPC service
Named pipe : OLE57CD18CCEA0FB9F43B236D520ACC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 78dcce84-7f13-4139-b8cd-ef222aa0408b, version 1.0
Description : Unknown RPC service
Annotation : StateRepository
Type : Local RPC service
Named pipe : LRPC-37e564d4de8b91698f

Object UUID : 73736573-6f69-656e-6e76-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-542e372aa28d0c654b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-542e372aa28d0c654b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : SessEnvPrivateRpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f2c9b409-c1c9-4100-8639-d8ab1486694a, version 1.0
Description : Unknown RPC service
Annotation : Witness Client Upcall Server
Type : Local RPC service
Named pipe : LRPC-6006e23d442148d1c6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : eb081a0d-10ee-478a-a1dd-50995283e7a8, version 3.0
Description : Unknown RPC service
Annotation : Witness Client Test Interface
Type : Local RPC service
Named pipe : LRPC-6006e23d442148d1c6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Local RPC service
Named pipe : LRPC-6006e23d442148d1c6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e64b9aee-f372-4312-9a14-8f1502b5c8e3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-ea9f16bcb5f4b6ebdf

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a398e520-d59a-4bdd-aa7a-3c1e0303a511, version 1.0
Description : Unknown RPC service
Annotation : IKE/Authip API
Type : Local RPC service
Named pipe : LRPC-7450d1ba5f2d491b92

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 552d076a-cb29-4e44-8b6a-d15e59e2c0af, version 1.0
Description : Unknown RPC service
Annotation : IP Transition Configuration endpoint
Type : Local RPC service
Named pipe : LRPC-b1d7c77d9c1deddebc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : LRPC-b1d7c77d9c1deddebc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2e6035b2-e8f1-41a7-a044-656b439c4c34, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager provider server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : LRPC-b1d7c77d9c1deddebc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c36be077-e14b-4fe9-8abc-e856ef4f048b, version 1.0
Description : Unknown RPC service
Annotation : Proxy Manager client server endpoint
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : LRPC-b1d7c77d9c1deddebc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoDiagnostics

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : TeredoControl

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c49a5a70-8a7f-4e70-ba16-1e8f1f193ef1, version 1.0
Description : Unknown RPC service
Annotation : Adh APIs
Type : Local RPC service
Named pipe : OLED47747DD176879BD23584828A7A0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLE5726DABB4061879299865C749826

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b18fbab6-56f8-4702-84e0-41053293a869, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-460bbc5256946162e0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : OLE5726DABB4061879299865C749826

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3c7f20-1c8d-4654-a1b3-51563b298bda, version 1.0
Description : Unknown RPC service
Annotation : UserMgrCli
Type : Local RPC service
Named pipe : LRPC-460bbc5256946162e0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : LRPC-a15be9986194049b51

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3473dd4d-2e88-4006-9cba-22570909dd10, version 5.0
Description : Unknown RPC service
Annotation : WinHttp Auto-Proxy Service
Type : Local RPC service
Named pipe : 28fbbb57-97a7-4690-a6c3-eb97e568587f

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd490425-5325-4565-b774-7e27d6c09c24, version 1.0
Description : Unknown RPC service
Annotation : Base Firewall Engine API
Type : Local RPC service
Named pipe : LRPC-81c4b6cb56b15812ec

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-81c4b6cb56b15812ec

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f9d11bf-7fb9-436b-a812-b2d50c5d4c03, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-7d83edeeafc35622d7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-81c4b6cb56b15812ec

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-7d83edeeafc35622d7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f47433c3-3e9d-4157-aad4-83aa1f5c2d4c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-e2c91a12fded020577

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-81c4b6cb56b15812ec

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-7d83edeeafc35622d7

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-e2c91a12fded020577

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2fb92682-6599-42dc-ae13-bd2ca89bd11c, version 1.0
Description : Unknown RPC service
Annotation : Fw APIs
Type : Local RPC service
Named pipe : LRPC-8dcbd4937bd98f76a5

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30b044a5-a225-43f0-b3a4-e060df91f9c1, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-85e2ff934e663b3878

Object UUID : 666f7270-6c69-7365-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : IUserProfile2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0
Description : Unknown RPC service
Annotation : NSP Rpc Interface
Type : Local RPC service
Named pipe : OLEA525D2992F87105987E5CF5C4AEC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0
Description : Unknown RPC service
Annotation : NSP Rpc Interface
Type : Local RPC service
Named pipe : LRPC-a14a9c459a39bd44de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3f787932-3452-4363-8651-6ea97bb373bb, version 1.0
Description : Unknown RPC service
Annotation : NSP Rpc Interface
Type : Local RPC service
Named pipe : INlmDiagnosticsApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bd6ca954-842e-468f-8b07-89cbfa9522dc, version 1.0
Description : Unknown RPC service
Annotation : NetworkProfiles Telemetry RPC Interface
Type : Local RPC service
Named pipe : OLEA525D2992F87105987E5CF5C4AEC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bd6ca954-842e-468f-8b07-89cbfa9522dc, version 1.0
Description : Unknown RPC service
Annotation : NetworkProfiles Telemetry RPC Interface
Type : Local RPC service
Named pipe : LRPC-a14a9c459a39bd44de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bd6ca954-842e-468f-8b07-89cbfa9522dc, version 1.0
Description : Unknown RPC service
Annotation : NetworkProfiles Telemetry RPC Interface
Type : Local RPC service
Named pipe : INlmDiagnosticsApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bd6ca954-842e-468f-8b07-89cbfa9522dc, version 1.0
Description : Unknown RPC service
Annotation : NetworkProfiles Telemetry RPC Interface
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLEA525D2992F87105987E5CF5C4AEC

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-a14a9c459a39bd44de

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : INlmDiagnosticsApi

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4c8d0bef-d7f1-49f0-9102-caa05f58d114, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : nlaplg

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : DNSResolver

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 30adc50c-5cbc-46ce-9a0e-91914789e23c, version 1.0
Description : Unknown RPC service
Annotation : NRP server endpoint
Type : Local RPC service
Named pipe : LRPC-c8624c4a6b47c99752

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d6, version 1.0
Description : Unknown RPC service
Annotation : DHCPv6 Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc6

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3c4728c5-f0ab-448b-bda1-6ce01eb0a6d5, version 1.0
Description : DHCP Client Service
Windows process : svchost.exe
Annotation : DHCP Client LRPC Endpoint
Type : Local RPC service
Named pipe : dhcpcsvc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0a74ef1c-41a4-4e06-83ae-dc74fb1cdd53, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-7e9ee2f6e980f182ca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-7e9ee2f6e980f182ca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Local RPC service
Named pipe : LRPC-7e9ee2f6e980f182ca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e9ee2f6e980f182ca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-59ba2ba2388aac237c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e9ee2f6e980f182ca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-59ba2ba2388aac237c

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-7e9ee2f6e980f182ca

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : ubpmtaskhostchannel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-59ba2ba2388aac237c

Object UUID : b5ccd5ef-4238-440b-bba0-999f828f1cfe
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d3d2f0315c727b18c1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-d3d2f0315c727b18c1

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : a500d4c6-0dd1-4543-bc0c-d5f93486eaf8, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-4856a871a068449e45

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7ea70bcf-48af-4f6a-8968-6a440754d5fa, version 1.0
Description : Unknown RPC service
Annotation : NSI server endpoint
Type : Local RPC service
Named pipe : LRPC-5afa8087ae258aabdb

Object UUID : fdd099c6-df06-4904-83b4-a87a27903c70
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-c9527edaf83c70fe71

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5222821f-d5e2-4885-84f1-5f6185a0ec41, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-792517f1c445ed8550

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-c9527edaf83c70fe71

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : OLEF9F928F0A6912F26D965DA066A90

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 880fd55e-43b9-11e0-b1a8-cf4edfd72085, version 1.0
Description : Unknown RPC service
Annotation : KAPI Service endpoint
Type : Local RPC service
Named pipe : LRPC-98db34e18415858982

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e40f7b57-7a25-4cd3-a135-7f7d3df9d16b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-4b8331d70642a603bd

Object UUID : 6d726574-7273-0076-0000-000000000000
UUID : c9ac6db5-82b7-4e55-ae8a-e464ed7b4277, version 1.0
Description : Unknown RPC service
Annotation : Impl friendly name
Type : Local RPC service
Named pipe : LRPC-4d7228c675b4a6aa28

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4bec6bb8-b5c2-4b6f-b2c1-5da5cf92d0d9, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 085b0334-e454-4d91-9b8c-4134f9e793f3, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8782d3b9-ebbd-4644-a3d8-e8725381919b, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3b338d89-6cfa-44b8-847e-531531bc9992, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : bdaa0970-413b-4a3e-9e5d-f6dc9d7e0760, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 5824833b-3c1a-4ad2-bdfd-c31d19e23ed2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0361ae94-0316-4c6c-8ad8-c594375800e2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : dd59071b-3215-4c59-8481-972edadc0f6a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2d98a740-581d-41b9-aa0d-a88b9d5ce938, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8bfc3be1-6def-4e2d-af74-7c47cd0ade4a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1b37ca91-76b1-4f5e-a3c7-2abfc61f2bb0, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : c605f9fb-f0a3-4e2a-a073-73560f8d9e3e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d3e2735-cea0-4ecc-a9e2-41a2d81aed4e, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2513bcbe-6cd4-4348-855e-7efb3c336dd3, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 20c40295-8dba-48e6-aebf-3e78ef3bb144, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 857fb1be-084f-4fb5-b59c-4b2c4be5f0cf, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 55e6b932-1979-45d6-90c5-7f6270724112, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76c217bc-c8b4-4201-a745-373ad9032b1a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 88abcbc3-34ea-76ae-8215-767520655a23, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 2c7fd9ce-e706-4b40-b412-953107ef9bb0, version 0.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4dace966-a243-4450-ae3f-9b7bcb5315b8, version 2.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 178d84be-9291-4994-82c6-3f909aca5a03, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : e53d94ca-7464-4839-b044-09a2fb8b3ae5, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fae436b0-b864-4a87-9eda-298547cd82f2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 082a3471-31b6-422a-b931-a54401960c62, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 6982a06e-5fe2-46b1-b39c-a2c545bfa069, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0ff1f646-13bb-400a-ab50-9a78f2b7a85a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4ed8abcc-f1e2-438b-981f-bb0e8abc010c, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 95406f0b-b239-4318-91bb-cea3a46ff0dc, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0d47017b-b33b-46ad-9e18-fe96456c5078, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 7cd4a68a-505e-456b-b11e-ca76a5dd491c
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64d08098c0218682c2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64d08098c0218682c2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 9b008953-f195-4bf9-bde0-4471971e58ed, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9b674f7047e720019

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64d08098c0218682c2

Object UUID : db57eb61-1aa2-4906-9396-23e8b8024c32
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9b674f7047e720019

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64d08098c0218682c2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9b674f7047e720019

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 697dcda9-3ba9-4eb2-9247-e11f1901b0d2, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-cf328fbec0d7793504

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64d08098c0218682c2

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9b674f7047e720019

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-cf328fbec0d7793504

Object UUID : 9e56cbc5-e634-4267-818e-ffa7dce1fa86
UUID : d09bdeb5-6171-4a34-bfe2-06fa82652568, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : umpo

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : actkernel

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-9b343d01f00f183435

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : OLE7295EAEC343432159D908009EECB

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-2f5479464208011eba

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-64d08098c0218682c2

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-f9b674f7047e720019

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : LRPC-cf328fbec0d7793504

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : csebpub

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : fc48cd89-98d6-4628-9839-86f7a3e4161a, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : dabrpc

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0125480

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WMsgKRpc0125480

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Local RPC service
Named pipe : WindowsShutdown

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : imsfk

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Local RPC service
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : imsfk

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Local RPC service
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : imsfk

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : imsfk

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : audit

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : securityevent

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsacap

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Local RPC service
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : imsfk

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : audit

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : securityevent

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsacap

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSA_EAS_ENDPOINT

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsapolicylookup

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsasspirpc

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : protected_storage

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : SidKey Local End Point

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : samss lpc

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : MicrosoftLaps_LRPC_0fb2f016-fe45-4a08-a7f9-a467f5e5fa0b

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : NETLOGON_LRPC

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : imsfk

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : audit

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : securityevent

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSARPC_ENDPOINT

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : lsacap

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Local RPC service
Named pipe : LSA_IDPEXT_ENDPOINT

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following DCERPC services are available remotely :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Windows Event Log
Type : Remote RPC service
Named pipe : \pipe\eventlog
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \pipe\SessEnvPublicRpc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 7f1343fe-50a9-4927-a778-0c5859517bac, version 1.0
Description : Unknown RPC service
Annotation : DfsDs service
Type : Remote RPC service
Named pipe : \PIPE\wkssvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 1ff70682-0a51-30e8-076d-740be8cee98b, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 378e52b0-c0a9-11cf-822d-00aa0051e40f, version 1.0
Description : Scheduler Service
Windows process : svchost.exe
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 33d84484-3626-47ee-8c6f-e7e98b113be1, version 2.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\atsvc
Netbios name : \\masked_hostname

Object UUID : b08669ee-8cb5-43a5-a017-84fe00000000
UUID : 76f226c3-ec14-4325-8a99-6a46348418af, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\masked_hostname

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
Named pipe : \PIPE\InitShutdown
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
Named pipe : \pipe\lsass
Netbios name : \\masked_hostname

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49664/dce-rpc


The following DCERPC services are available on TCP port 49664 :

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49664
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345778-1234-abcd-ef00-0123456789ac, version 1.0
Description : Security Account Manager
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 49664
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : b25a52bf-e5dd-4f4a-aea6-8ca7272a0e86, version 2.0
Description : Unknown RPC service
Annotation : KeyIso
Type : Remote RPC service
TCP Port : 49664
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 8fb74744-b2ff-4c00-be0d-9ef9a191fe1b, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49664
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 51a227ae-825b-41f2-b4a9-1ac9557a1018, version 1.0
Description : Unknown RPC service
Annotation : Ngc Pop Key Service
Type : Remote RPC service
TCP Port : 49664
IP : 0.0.0.0

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 49664
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49665/dce-rpc


The following DCERPC services are available on TCP port 49665 :

Object UUID : 765294ba-60bc-48b8-92e9-89fd77769d91
UUID : d95afe70-a6d5-4259-822e-2c84da1ddb0d, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49665
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49666/dce-rpc


The following DCERPC services are available on TCP port 49666 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 86d35949-83c9-4044-b424-db363231fd0c, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 3a9ef155-691d-4449-8d05-09ad57031823, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49666
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/49667/dce-rpc


The following DCERPC services are available on TCP port 49667 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 29770a8f-829b-4158-90a2-78cd488501f7, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 49667
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/50160/dce-rpc


The following DCERPC services are available on TCP port 50160 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : f6beaff7-1e19-4fbb-9f8f-b89e2018337c, version 1.0
Description : Unknown RPC service
Annotation : Windows Event Log
Type : Remote RPC service
TCP Port : 50160
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/50161/dce-rpc


The following DCERPC services are available on TCP port 50161 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 12345678-1234-abcd-ef00-0123456789ab, version 1.0
Description : IPsec Services (Windows XP & 2003)
Windows process : lsass.exe
Type : Remote RPC service
TCP Port : 50161
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 0b6edbfa-4a24-4fc6-8a23-942b1eca65d1, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 50161
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : ae33069b-a2a8-46ee-a235-ddfd339be281, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 50161
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 4a452661-8290-4b36-8fbe-7f4093a94978, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 50161
IP : 0.0.0.0

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 76f03f96-cdfd-44fc-a22c-64950a001209, version 1.0
Description : Unknown RPC service
Type : Remote RPC service
TCP Port : 50161
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/50162/dce-rpc


The following DCERPC services are available on TCP port 50162 :

Object UUID : 9a81c2bd-a525-471d-a4ed-49907c0b23da
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 50162
IP : 0.0.0.0

Object UUID : 5fc860e0-6f6e-4fc2-83cd-46324f25e90b
UUID : 0b1c2170-5732-4e0e-8cd3-d9b16f3b84d7, version 0.0
Description : Unknown RPC service
Annotation : RemoteAccessCheck
Type : Remote RPC service
TCP Port : 50162
IP : 0.0.0.0

10736 - DCE Services Enumeration
-
Synopsis
A DCE/RPC service is running on the remote host.
Description
By sending a Lookup request to the portmapper (TCP 135 or epmapper PIPE) it was possible to enumerate the Distributed Computing Environment (DCE) services running on the remote port. Using this information it is possible to connect and bind to each service by sending an RPC request to the remote port/pipe.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/08/26, Modified: 2021/10/04
Plugin Output

tcp/50176/dce-rpc


The following DCERPC services are available on TCP port 50176 :

Object UUID : 00000000-0000-0000-0000-000000000000
UUID : 367abb81-9844-35f1-ad32-98f038001003, version 2.0
Description : Service Control Manager
Windows process : svchost.exe
Type : Remote RPC service
TCP Port : 50176
IP : 0.0.0.0

55472 - Device Hostname
-
Synopsis
It was possible to determine the remote system hostname.
Description
This plugin reports a device's hostname collected via SSH or WMI.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/06/30, Modified: 2024/03/27
Plugin Output

tcp/0


Hostname : masked_hostname
masked_hostname (WMI)
54615 - Device Type
-
Synopsis
It is possible to guess the remote device type.
Description
Based on the remote operating system, it is possible to determine what the remote system type is (eg: a printer, router, general-purpose computer, etc).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/05/23, Modified: 2022/09/09
Plugin Output

tcp/0

Remote device type : general-purpose
Confidence level : 101
71246 - Enumerate Local Group Memberships
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Description
Nessus was able to connect to a host via SMB to retrieve a list of local Groups and their Members.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/12/06, Modified: 2024/03/26
Plugin Output

tcp/0

Group Name : Access Control Assistance Operators
Host Name : masked_hostname
Group SID : S-1-5-32-579
Members :

Group Name : Administrators
Host Name : masked_hostname
Group SID : S-1-5-32-544
Members :
Name : Administrator
Domain : masked_hostname
Class : Win32_UserAccount
SID : S-1-5-21-1942055394-3177162208-3032883132-500
Name : Domain Admins
Domain : EMSOCCS1
Class : Win32_Group
SID :

Group Name : Backup Operators
Host Name : masked_hostname
Group SID : S-1-5-32-551
Members :

Group Name : Cryptographic Operators
Host Name : masked_hostname
Group SID : S-1-5-32-569
Members :

Group Name : Device Owners
Host Name : masked_hostname
Group SID : S-1-5-32-583
Members :

Group Name : Distributed COM Users
Host Name : masked_hostname
Group SID : S-1-5-32-562
Members :

Group Name : Event Log Readers
Host Name : masked_hostname
Group SID : S-1-5-32-573
Members :

Group Name : Guests
Host Name : masked_hostname
Group SID : S-1-5-32-546
Members :
Name : Guest
Domain : masked_hostname
Class : Win32_UserAccount
SID : S-1-5-21-1942055394-3177162208-3032883132-501

Group Name : Hyper-V Administrators
Host Name : masked_hostname
Group SID : S-1-5-32-578
Members :

Group Name : IIS_IUSRS
Host Name : masked_hostname
Group SID : S-1-5-32-568
Members :
Name : IUSR
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-17

Group Name : Network Configuration Operators
Host Name : masked_hostname
Group SID : S-1-5-32-556
Members :

Group Name : Performance Log Users
Host Name : masked_hostname
Group SID : S-1-5-32-559
Members :

Group Name : Performance Monitor Users
Host Name : masked_hostname
Group SID : S-1-5-32-558
Members :

Group Name : Power Users
Host Name : masked_hostname
Group SID : S-1-5-32-547
Members :

Group Name : Remote Desktop Users
Host Name : masked_hostname
Group SID : S-1-5-32-555
Members :

Group Name : Remote Management Users
Host Name : masked_hostname
Group SID : S-1-5-32-580
Members :

Group Name : Replicator
Host Name : masked_hostname
Group SID : S-1-5-32-552
Members :

Group Name : System Managed Accounts Group
Host Name : masked_hostname
Group SID : S-1-5-32-581
Members :
Name : DefaultAccount
Domain : masked_hostname
Class : Win32_UserAccount
SID : S-1-5-21-1942055394-3177162208-3032883132-503

Group Name : Users
Host Name : masked_hostname
Group SID : S-1-5-32-545
Members :
Name : INTERACTIVE
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-4
Name : Authenticated Users
Domain : masked_hostname
Class : Win32_SystemAccount
SID : S-1-5-11
Name : Domain Users
Domain : EMSOCCS1
Class : Win32_Group
SID :
72684 - Enumerate Users via WMI
-
Synopsis
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI.
Description
Nessus was able to connect to a host via SMB to retrieve a list of users using WMI. Only identities that the authenticated SMB user has permissions to view will be retrieved by this plugin.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/02/25, Modified: 2024/03/26
Plugin Output

tcp/0


Name : Administrator
SID : S-1-5-21-1942055394-3177162208-3032883132-500
Disabled : False
Lockout : False
Change password : True
Source : Local

Name : DefaultAccount
SID : S-1-5-21-1942055394-3177162208-3032883132-503
Disabled : True
Lockout : False
Change password : True
Source : Local

Name : Guest
SID : S-1-5-21-1942055394-3177162208-3032883132-501
Disabled : True
Lockout : False
Change password : False
Source : Local

Name : WDAGUtilityAccount
SID : S-1-5-21-1942055394-3177162208-3032883132-504
Disabled : True
Lockout : False
Change password : True
Source : Local

No. Of Users : 4
168980 - Enumerate the PATH Variables
-
Synopsis
Enumerates the PATH variable of the current scan user.
Description
Enumerates the PATH variables of the current scan user.
Solution
Ensure that directories listed here are in line with corporate policy.
Risk Factor
None
Plugin Information
Published: 2022/12/21, Modified: 2024/04/02
Plugin Output

tcp/0

Nessus has enumerated the path of the current scan user :

C:\newscp\mac\McnMon\bin
C:\newscp\mac\AppCommon\bin
C:\windows\system32
C:\windows
C:\windows\System32\Wbem
C:\windows\System32\WindowsPowerShell\v1.0\
C:\windows\System32\OpenSSH\
C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\
C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\
C:\Program Files\Azure Data Studio\bin
C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\WindowsApps
C:\Program Files\DDS\EVEMA\Client

35716 - Ethernet Card Manufacturer Detection
-
Synopsis
The manufacturer can be identified from the Ethernet OUI.
Description
Each ethernet MAC address starts with a 24-bit Organizationally Unique Identifier (OUI). These OUIs are registered by IEEE.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/02/19, Modified: 2020/05/13
Plugin Output

tcp/0


The following card manufacturers were identified :

E0:73:E7:11:35:2F : HP Inc.
86420 - Ethernet MAC Addresses
-
Synopsis
This plugin gathers MAC addresses from various sources and consolidates them into a list.
Description
This plugin gathers MAC addresses discovered from both remote probing of the host (e.g. SNMP and Netbios) and from running local checks (e.g. ifconfig). It then consolidates the MAC addresses into a single, unique, and uniform list.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/10/16, Modified: 2020/05/13
Plugin Output

tcp/0

The following is a consolidated list of detected MAC addresses:
- E0:73:E7:11:35:2F
92439 - Explorer Search History
-
Synopsis
Nessus was able to gather a list of items searched for in the Windows UI.
Description
Nessus was able to gather evidence of cached search results from Windows Explorer searches.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0


Explorer search history report attached.

90546 - HP Support Assistant Installed
-
Synopsis
A support assistance application is installed on the remote Windows host.
Description
HP Support Assistant, a technical support assistance application, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0619
Plugin Information
Published: 2016/04/15, Modified: 2024/04/04
Plugin Output

tcp/445/cifs


Path : C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.27.63.0_x64__v10z8vjag6ke6
Version : 9.27.63.0

170631 - Host Active Directory Configuration (Windows)
-
Synopsis
The Windows host is joined to an Active Directory domain.
Description
The Windows host is joined to an Active Directory domain and it was possible to retrieve certain Active Directory configuration attributes, including:

Computer information in AD:
- Common Name
- DNS Name
- Distinguished Name
- Domain Role
- Object SID
- SamAccountName

AD domain and forest information:
- Domain FQDN
- Domain GUID
- Domain NetBIOS Name
- Domain SID
- Forest FQDN
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/01/25, Modified: 2024/03/27
Plugin Output

tcp/0


Computer information in AD:
Common Name : CN=masked_hostname
DNS Name : masked_hostname
Distinguished Name : CN=masked_hostname,CN=Computers,DC=gcc,DC=EMSOCCS,DC=gsdf,DC=mods,DC=go,DC=jp
Domain Role : MemberWorkstation
Object SID : S-1-5-21-3388008032-3793481426-1508724218-1299
SamAccountName : masked_hostname$

AD domain and forest information:
Domain FQDN : gcc.EMSOCCS.gsdf.mods.go.jp
Domain GUID : 029f9307-7bb9-460b-9070-e7c4affaa256
Domain NetBIOS Name : EMSOCCS1
Domain SID : S-1-5-21-3388008032-3793481426-1508724218
Forest FQDN : gcc.EMSOCCS.gsdf.mods.go.jp
12053 - Host Fully Qualified Domain Name (FQDN) Resolution
-
Synopsis
It was possible to resolve the name of the remote host.
Description
Nessus was able to resolve the fully qualified domain name (FQDN) of the remote host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2004/02/11, Modified: 2017/04/14
Plugin Output

tcp/0


ipaddr resolves as masked_hostname.
88145 - Host Unique Identifiers
-
Synopsis
The remote host has one or more unique identifiers used by various endpoint management systems.
Description
Nessus has discovered one or more unique identifiers used to tag or track the remote system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/01/25, Modified: 2016/01/27
Plugin Output

tcp/0

The following Identifiers were discovered :

Product : McAfee ePO
Identity : {3b4e0dbf-8c40-4e83-a3ba-0d1f16838eb6}
171410 - IP Assignment Method Detection
-
Synopsis
Enumerates the IP address assignment method(static/dynamic).
Description
Enumerates the IP address assignment method(static/dynamic).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/14, Modified: 2024/03/26
Plugin Output

tcp/0

+ Loopback Pseudo-Interface 1
+ IPv4
- Address : 127.0.0.1
Assign Method : static
+ IPv6
- Address : ::1
Assign Method : static
+ vEthernet (Default Switch)
+ IPv4
- Address : 172.27.32.1
Assign Method : static
+ IPv6
- Address : fe80::99b9:1986:7038:c6da%22
Assign Method : dynamic
+ v

102992 - Intel Active Management Technology (AMT) detection
-
Synopsis
A firmware based remote management tool is present and it is potentially enabled on the remote Windows host.
Description
The Intel Management Engine on the remote host has Active Management Technology (AMT).
Intel AMT can enable or disable remote discovery and management of Intel based assets, even when the host operating system is inactive.

If the asset is using a vulnerable version, check the driver version of Intel Management Engine Interface, in the asset's Device Manager.

For further remediation steps, contact the asset vendor.

Note that due to the low-level implementation of Intel ME, Nessus may not be able to identify its version on the remote host at this time.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0637
Plugin Information
Published: 2017/09/07, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Firmware Version : 16.1.25.2124

179947 - Intel CPUID detection
-
Synopsis
The processor CPUID was detected on the remote host.
Description
The CPUID of the Intel processor was detected on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/08/18, Modified: 2024/03/26
Plugin Output

tcp/135/epmap

Nessus was able to extract the following cpuid: 90672

92421 - Internet Explorer Typed URLs
-
Synopsis
Nessus was able to enumerate URLs that were manually typed into the Internet Explorer address bar.
Description
Nessus was able to generate a list URLs that were manually typed into the Internet Explorer address bar.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

http://go.microsoft.com/fwlink/p/?LinkId=255141

Internet Explorer typed URL report attached.

160301 - Link-Local Multicast Name Resolution (LLMNR) Service Detection
-
Synopsis
Verify status of the LLMNR service on the remote host.
Description
The Link-Local Multicast Name Resolution (LLMNR) service allows both IPv4 and IPv6 hosts to perform name resolution for hosts on the same local link
See Also
Solution
Make sure that use of this software conforms to your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2022/04/28, Modified: 2022/12/29
Plugin Output

tcp/445/cifs


LLMNR Key SOFTWARE\Policies\Microsoft\Windows NT\DNSClient\EnableMulticast not found.

92424 - MUICache Program Execution History
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to query the MUIcache registry key to find evidence of program execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

c:\windows\system32\credentialuibroker.exe.friendlyappname : Credential Manager UI Host
c:\program files\microsoft office\root\office16\excel.exe.applicationcompany : Microsoft Corporation
c:\windows\temp\{3ff16e8b-0d65-4eaf-ac0f-64f9d774422a}\.cr\vc_redist.x64.exe.applicationcompany : Microsoft Corporation
c:\program files\windows photo viewer\photoviewer.dll.friendlyappname : Windows Õ©È Óåü¢ü
c:\program files (x86)\buffalo\clientmgrv\bin\cmvmain.exe.applicationcompany : Buffalo Inc.
c:\windows\system32\msiexec.exe.applicationcompany : Microsoft Corporation
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe.applicationcompany : Adobe Systems Incorporated
c:\program files (x86)\buffalo\airset2\airset2.exe.friendlyappname : BUFFALO AirStation Configuration Tool
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\msoxmled.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\desktop\a5m2_2.18.4_x64\a5m2.exe.friendlyappname : A5:SQL Mk-2 (SQL Client/ER Diagram tool)
c:\windows\system32\shell32.dll.applicationcompany : Microsoft Corporation
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\r1515\sakura\sakura.exe.applicationcompany : Project: Sakura-Editor
c:\windows\system32\control.exe.friendlyappname : Windows Control Panel
c:\windows\system32\vmconnect.exe.friendlyappname : Virtual Machine Connection
c:\windows\system32\explorerframe.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\cmd.exe.friendlyappname : Windows ³ÞóÉ ×í»Ãµ
c:\windows\system32\appresolver.dll.applicationcompany : Microsoft Corporation
c:\windows\system32\mmc.exe.friendlyappname : Microsoft ¡.³ó½üë
c:\newscp\term\bin_20231024\opc.exe.friendlyappname : OPC
c:\program files\microsoft office\root\office16\excel.exe.friendlyappname : Excel
c:\windows\system32\openwith.exe.applicationcompany : Microsoft Corporation
c:\newscp\term\bin_1108\opc.exe.friendlyappname : OPC
c:\program files (x86)\microsoft sql server management studio 19\common7\ide\ssms.exe.applicationcompany : Microsoft Corporation
c:\newscp\term\release\opc.exe.friendlyappname : OPC
c:\users\administrator.emsoccs1\appdata\local\microsoft\teams\update.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\vmconnect.exe.applicationcompany : Microsoft Corporation
c:\program files\microsoft office\root\office16\winword.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\wscript.exe.friendlyappname : Microsoft ® Windows Based Script Host
c:\windows\system32\openwith.exe.friendlyappname : ¢×ênxž
c:\program files (x86)\windows media player\wmplayer.exe.friendlyappname : Windows áÇ£¢ ×ìüäü“eH
c:\windows\system32\windowspowershell\v1.0\powershell.exe.friendlyappname : Windows PowerShell
c:\program files\microsoft office\root\office16\powerpnt.exe.applicationcompany : Microsoft Corporation
c:\program files\microsoft office\root\office16\powerpnt.exe.friendlyappname : PowerPoint
f:\windows\ironkey.exe.friendlyappname : IronKey Unlocker
c:\newscp\term\bin_1110\opc.exe.friendlyappname : OPC
c:\program files (x86)\microsoft sql server management studio 19\common7\ide\commonextensions\microsoft\ssis\160\binn\dtswizard.exe.applicationcompany : Microsoft Corporation
f:\tableversion\mastertableversionview.exe.friendlyappname : MasterTableVersionVIew
c:\program files (x86)\microsoft\edge\application\msedge.exe.friendlyappname : Microsoft Edge
c:\users\administrator.emsoccs1\appdata\local\temp\open_hs.exe.applicationcompany : Buffalo Inc.
c:\program files\microsoft office\root\office16\winword.exe.friendlyappname : Word
c:\program files (x86)\microsoft sql server management studio 19\common7\ide\commonextensions\microsoft\ssis\160\binn\dtswizard.exe.friendlyappname : SQL Server Import and Export Wizard
c:\windows\temp\{b42fda32-ed75-4f4a-b9cc-065a99962793}\.cr\vc_redist.x64.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\systempropertiescomputername.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\downloads\trellixsmartinstall.exe.applicationcompany : Musarubra US LLC.
c:\windows\explorer.exe.friendlyappname : ¨¯¹×íüéü
c:\windows\system32\notepad.exe.friendlyappname : áâ3
c:\program files (x86)\hp\hp support framework\resources\bingpopup\bingpopup.exe.friendlyappname : BingPopup
c:\users\administrator.emsoccs1\desktop\versetnewscp.cmd.friendlyappname : VerSetnewscp.cmd
c:\program files\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\msoxmled.exe.friendlyappname : Office XML Handler
c:\windows\system32\msiexec.exe.friendlyappname : Windows® ¤ó¹Èüéü
c:\logcontroller\logcontroller.exe.friendlyappname : TODO: <Õ¡¤ën¬.>
c:\newscp\term\bin\opc.exe.friendlyappname : OPC
c:\windows\system32\wscript.exe.applicationcompany : Microsoft Corporation
c:\windows\temp\{3ff16e8b-0d65-4eaf-ac0f-64f9d774422a}\.cr\vc_redist.x64.exe.friendlyappname : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
c:\newscp\term\bin_1115\opc.exe.friendlyappname : OPC
c:\newscp\term\bin_1107\opc.exe.friendlyappname : OPC
c:\program files (x86)\windows media player\wmplayer.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\credentialuibroker.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\desktop\installnewscp.cmd.friendlyappname : Installnewscp.cmd
c:\windows\system32\control.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\desktop\wiresharkportable64\app\wireshark\wireshark.exe.friendlyappname : Wireshark
c:\users\administrator.emsoccs1\desktop\wiresharkportable64\wiresharkportable64.exe.friendlyappname : Wireshark Portable (64-bit) (PortableApps.com Launcher)
c:\windows\temp\{ce07b367-6ef3-4bb4-a5cd-70691a1cb097}\.cr\python-3.11.4-amd64.exe.friendlyappname : Python 3.11.4 (64-bit)
c:\program files (x86)\buffalo\clientmgrv\bin\cmvmain.exe.friendlyappname : Client Manager V
c:\program files (x86)\hp\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe.friendlyappname : HPWarrantyChecker.exe
c:\windows\temp\{b42fda32-ed75-4f4a-b9cc-065a99962793}\.cr\vc_redist.x64.exe.friendlyappname : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
c:\program files\mcafee\agent\x86\updaterui.exe.friendlyappname : Common User Interface
c:\program files (x86)\hp\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe.applicationcompany : HP Inc.
c:\program files (x86)\microsoft sql server management studio 19\common7\ide\ssms.exe.friendlyappname : SSMS 19
c:\windows\system32\mmc.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\fsquirt.exe.friendlyappname : fsquirt
c:\windows\system32\msdt.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\appdata\local\microsoft\teams\update.exe.friendlyappname : Microsoft Teams
c:\users\administrator.emsoccs1\appdata\local\temp\g\tmdmon.exe.applicationcompany : Trend Micro Inc.
c:\windows\system32\shell32.dll.friendlyappname : Windows ·§ëq. DLL
c:\newscp\term\bin\dc.exe.friendlyappname : DC
c:\users\administrator.emsoccs1\appdata\local\temp\g\tmdmon.exe.friendlyappname : tmdmon
c:\windows\system32\notepad.exe.applicationcompany : Microsoft Corporation
c:\newscp\term\bin_20231102b\opc.exe.friendlyappname : OPC
c:\program files (x86)\microsoft\edge\application\msedge.exe.applicationcompany : Microsoft Corporation
c:\program files (x86)\hp\hp support framework\resources\bingpopup\bingpopup.exe.applicationcompany : HP Inc.
c:\newscp\term\bin_1116test\opc.exe.friendlyappname : OPC
c:\windows\system32\windowspowershell\v1.0\powershell.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\desktop\wiresharkportable64\wiresharkportable64.exe.applicationcompany : PortableApps.com
f:\windows\ironkey.exe.applicationcompany : Kingston
c:\windows\system32\systempropertiesadvanced.exe.applicationcompany : Microsoft Corporation
d:\1515\02_db\a5m2_2.18.2_x64\a5m2.exe.friendlyappname : A5:SQL Mk-2 (SQL Client/ER Diagram tool)
c:\windows\system32\systempropertiesadvanced.exe.friendlyappname : ·¹Æàns0-š
c:\windows\system32\cmd.exe.applicationcompany : Microsoft Corporation
c:\logcontroller\logcontroller.exe.applicationcompany : TODO: <.>\r>
c:\windows\system32\systempropertiescomputername.exe.friendlyappname : ³óÔåü¿ü-šnô
c:\users\administrator.emsoccs1\desktop\wiresharkportable64\app\wireshark\wireshark.exe.applicationcompany : The Wireshark developer community, https://www.wireshark.org/
c:\windows\system32\explorerframe.dll.friendlyappname : ExplorerFrame
c:\users\administrator.emsoccs1\downloads\trellixsmartinstall.exe.friendlyappname : Trellix Smart Installer
c:\newscp\term\bin_20231003\opc.exe.friendlyappname : OPC
c:\program files\windows photo viewer\photoviewer.dll.applicationcompany : Microsoft Corporation
f:\tableversion\mastertableversionview.exe.applicationcompany : HP Inc.
langid : ..
c:\program files\mcafee\agent\x86\updaterui.exe.applicationcompany : Musarubra US LLC.
c:\newscp\term\bin_20231026\opc.exe.friendlyappname : OPC
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\r1515\sakura\sakura.exe.friendlyappname : µ¯é¨Ç£¿
c:\windows\temp\{010e7c4f-e374-4861-a807-df1c7e65c9c6}\.cr\ssms-setup-jpn.exe.friendlyappname : Microsoft SQL Server Management Studio - 19.1
c:\windows\system32\fsquirt.exe.applicationcompany : Microsoft Corporation
c:\windows\system32\appresolver.dll.friendlyappname : ¢×ê ê¾ëÐü
c:\windows\temp\{010e7c4f-e374-4861-a807-df1c7e65c9c6}\.cr\ssms-setup-jpn.exe.applicationcompany : Microsoft Corporation
c:\users\administrator.emsoccs1\appdata\local\temp\open_hs.exe.friendlyappname : OPEN_HS.exe
c:\program files\adobe\acrobat dc\acrobat\acrobat.exe.friendlyappname : Adobe Acrobat
c:\windows\temp\{ce07b367-6ef3-4bb4-a5cd-70691a1cb097}\.cr\python-3.11.4-amd64.exe.applicationcompany : Python Software Foundation
c:\windows\system32\msdt.exe.friendlyappname : :­ÈéÖë·åüÆ£ó° ¦£¶üÉ
c:\windows\explorer.exe.applicationcompany : Microsoft Corporation
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Þ©­ü—÷.
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : É­åáóÈn—÷.
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\firewallcontrolpanel.dll,-12122 : Windows Defender Õ¡¤¢¦©üë
@%systemroot%\system32\dnsapi.dll,-103 : Éá¤ó Íüà ·¹Æà (DNS) µüÐüá<
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@%systemroot%\system32\fveui.dll,-844 : BitLocker Çü¿Þ©¨ü¸§óÈ
@%systemroot%\system32\fveui.dll,-843 : BitLocker Éé¤Ö—÷.
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\fveui.dll,-843 : BitLocker Éé¤Ö—÷.
@%systemroot%\system32\fveui.dll,-844 : BitLocker Çü¿Þ©¨ü¸§óÈ
@%systemroot%\system32\ci.dll,-100 : Isolated User Mode (IUM)
@\windows\system32\dusmsvc.dll,-301 : âФë ÛÃȹÝÃÈ
@%systemroot%\system32\ngcrecovery.dll,-100 : Windows Hello Þ©­ü—÷.
@\windows\system32\dusmsvc.dll,-302 : žønô°
@%systemroot%\system32\dnsapi.dll,-103 : Éá¤ó Íüà ·¹Æà (DNS) µüÐüá<
@%systemroot%\system32\ci.dll,-101 : Enclave
@%systemroot%\system32\wuaueng.dll,-400 : Windows Update
@%systemroot%\system32\windowspowershell\v1.0\powershell.exe,-124 : É­åáóÈn—÷.
@%systemroot%\system32\srvsvc.dll,-100 : Server
@%systemroot%\system32\drivers\wpdupfltr.sys,-100 : WPD Upper Class Filter Driver
@combase.dll,-5013 : DCOMLAUNCH ????????o.???????????? ??????????.Bk??TWf.COM J??s DCOM ???????????w??W~Y.Sn????????L\bWfD???K!??kjcfD???4..COM ~_o DCOM ???(Y?????????????oc8k_??W~[???.DCOMLAUNCH ?????????????LWfJOSh?????hW~Y.
@%systemroot%\system32\axinstsv.dll,-103 : ActiveX Installer (AxInstSV)
@%systemroot%\system32\appxdeploymentserver.dll,-1 : AppX Deployment Service (AppXSVC)
@%systemroot%\system32\smphost.dll,-101 : Microsoft .¶ß¡.×íФÀünÛ¹È µüÓ¹gY.SnµüÓ¹L\bY‹K.!¹kj‹h..¶ß’¡.gMjOjŠ~Y.
@c:\windows\system32\zipfldr.dll,-10226 : [.‹]’['. (zip b.) Õ©ëÀü] g\.UŒ‹Õ¡¤ë
@%systemroot%\system32\wlidsvc.dll,-100 : Microsoft Account Sign-in Assistant
@%systemroot%\system32\wcncsvc.dll,-3 : Windows Connect Now - Config Registrar
@%systemroot%\system32\efssvc.dll,-100 : Encrypting File System (EFS)
@%windir%\system32\drivers\pacer.sys,-101 : QoS ѱÃÈ ¹±¸åüé
@%systemroot%\system32\svrmgrnc.dll,-102 : SnµüÐün¶Kn‚nÖ—.

104856 - Malicious Process Detection: Authenticode Not Signed
-
Synopsis
Nessus found processes running on the host that are unsigned.
Description
Running processes that are unsigned.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2017/11/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

File Path : c:\newscp\mac\appcommon\bin\datcnvapi.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\datcnvctl.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\fwcommonlib.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\fworderdblib.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\fworderlib.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libappcommon.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libcommunication.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libdatetime.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libdll.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libfile.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libinifile.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\liblog.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libprocesscommunication.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libsignal.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libstring.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libsystem.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\libthread.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\mcnmon.exe
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rcond.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rcsv.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\renv.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\revtworker.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rexception.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rfile.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rfileexception.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rlibloader.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rlog.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rlogcheckoutput.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rlogcmndataformat.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rlogoutput.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rlogsetting.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rmsgqueue.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rpath.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rprivatelog.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rprocrwlock.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rringbuffer.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rsaddrinfo.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rseccom.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rshmem.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rsplitstring.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rstring.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rthdlock.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rthread.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\rtim.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomdatalog.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsockcmn.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsockroot.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsocktcp.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsocktcpsrv.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsocktimctl.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsocktrifmngroot.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\scomsocktrifroot.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdccdatelement.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdccdattype.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdccomdata.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdatacs.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdatcnv.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdatfactory.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdatobj.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdatpath.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdattype.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdattypecnv.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdatvalidresults.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcdef.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcinit.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdctimerec.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcutil.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\appcommon\bin\sdcverinfo.dll
PID(s) during check : 8204

File Path : c:\newscp\mac\mcnmon\bin\libmcnmon.dll
PID(s) during check : 8204

File Path : c:\program files\dds\evema\arbiter\legacy.dll
PID(s) during check : 7624

File Path : c:\program files\dds\evema\arbiter\maarbiter.exe
PID(s) during check : 7624

File Path : c:\program files\dds\evema\arbiter\plugins\23_mofiria_arb.dll
PID(s) during check : 7624

File Path : c:\program files\dds\evema\client\legacy.dll
PID(s) during check : 7608,16688

File Path : c:\program files\dds\evema\client\libcrypto-3-x64.dll
PID(s) during check : 7608,7624,7724,16688

File Path : c:\program files\dds\evema\client\libssl-3-x64.dll
PID(s) during check : 7608,7624,7724,16688

File Path : c:\program files\dds\evema\client\macredentialprovider.dll
PID(s) during check : 16688

File Path : c:\program files\dds\evema\client\malogtransfer.exe
PID(s) during check : 7724

File Path : c:\program files\dds\evema\client\maremotegateway.exe
PID(s) during check : 7608

File Path : c:\program files\dds\evema\client\resources\1041\macredentialprovider_1041.dll
PID(s) during check : 16688

File Path : c:\program files\dds\evema\server\hbfaceprosdk.dll
PID(s) during check : 8284

File Path : c:\program files\dds\evema\server\idfaceserver.dll
PID(s) during check : 8284

File Path : c:\program files\dds\evema\server\legacy.dll
PID(s) during check : 8284

File Path : c:\program files\dds\evema\server\libcrypto-3-x64.dll
PID(s) during check : 8284

File Path : c:\program files\dds\evema\server\libssl-3-x64.dll
PID(s) during check : 8284

File Path : c:\program files\dds\evema\server\matinyserver.exe
PID(s) during check : 8284

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\presentatio5ae0f00f#\72dce05115f9f38f19f13123bf2c39a4\presentationframework.ni.dll
PID(s) during check : 4008

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\presentationcore\e25fa8222e90d37f95aea401852175ab\presentationcore.ni.dll
PID(s) during check : 4008

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.confe64a9051#\035d407c43f9100897f6f87842147f50\system.configuration.install.ni.dll
PID(s) during check : 8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.configuration\8be4a40c448c1229cb89e2bc462f66c3\system.configuration.ni.dll
PID(s) during check : 4000,4008,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.core\d9c82d2ec391b401f9add916e18e0d2f\system.core.ni.dll
PID(s) during check : 4000,4008,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.data\5c82803151d86dbb07fc595a49bb7d06\system.data.ni.dll
PID(s) during check : 4000,4008,8076

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.drawing\88a64e691fa29ea371db402b74d397aa\system.drawing.ni.dll
PID(s) during check : 4000,4008

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.management\11ae746fd085f1924abb72be9a9cd84e\system.management.ni.dll
PID(s) during check : 4000,4008,8068,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.net.http\307b7501a84e84bb1431ac33d0d08851\system.net.http.ni.dll
PID(s) during check : 4008

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.runteb92aa12#\f3875976f7fa14aa3a3624e9b5dcef80\system.runtime.serialization.ni.dll
PID(s) during check : 4000,4008,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.serv759bfb78#\d0f98249e2875a3ff79cbb8fbb4a4938\system.serviceprocess.ni.dll
PID(s) during check : 4000,4008,8068,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.servicemodel\75d3bf3a19b764dcedf675a3fa16ff27\system.servicemodel.ni.dll
PID(s) during check : 8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.windows.forms\99316e15df6b3284f283659159dd7f1d\system.windows.forms.ni.dll
PID(s) during check : 4000,4008

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.xaml\8e8585ca97f5f4a61535fd19b2878b09\system.xaml.ni.dll
PID(s) during check : 4008

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system.xml\8ee0bce643ba02e764d595d29815e896\system.xml.ni.dll
PID(s) during check : 4000,4008,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\system\0751833b579bedcf8845d702af7c33fd\system.ni.dll
PID(s) during check : 4000,4008,8068,8076,8636

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\windows.foundation\32c90be33b16cc3beb2b979361831388\windows.foundation.ni.dll
PID(s) during check : 8076

File Path : c:\windows\assembly\nativeimages_v4.0.30319_64\windowsbase\3d8a01b7e70454be290351b82eea638e\windowsbase.ni.dll
PID(s) during check : 4008

File Path : c:\windows\system32\cximagecrtu.dll
PID(s) during check : 7624

File Path : c:\windows\tenable_mw_scan_142a90001fb65e0beb1751cc8c63edd0.exe
PID(s) during check : 18044
104857 - Malicious Process Detection: Authenticode Signed
-
Synopsis
Nessus found trusted signed processes on the remote host.
Description
Running processes that are signed and trusted and today's date falls in the Not Before and Not After range on the certificate.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2017/11/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

report output too big - ending list here

104854 - Malicious Process Detection: Authenticode Signed Bad Date
-
Synopsis
Nessus found trusted signed processes for which today's date falls outside of the Not Before and Not After certificate dates on the remote host.
Description
Running processes that are signed and trusted but today's date falls outside of the Not Before and Not After certificate dates. These processes still validate as trusted.
See Also
Solution
Obtain an updated version from the vendor that has been signed with a newer certificate.
Risk Factor
None
Plugin Information
Published: 2017/11/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

report output too big - ending list here

87955 - McAfee Agent Detection
-
Synopsis
A security management agent is installed on the remote host.
Description
The McAfee Agent, formerly McAfee ePolicy Orchestrator (ePO) Agent, is installed on the remote host. This agent facilitates remote security management of the host via McAfee ePO.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-873
Plugin Information
Published: 2016/01/15, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\Program Files\McAfee\Agent\x86
Version : 5.8.0.161
Agent GUID : {3b4e0dbf-8c40-4e83-a3ba-0d1f16838eb6}
Server list : AD-SERVER-1.gcc.EMSOCCS.gsdf.mods.go.jp|192.168.100.1|443;

51351 - Microsoft .NET Framework Detection
-
Synopsis
A software framework is installed on the remote host.
Description
Microsoft .NET Framework, a software framework for Microsoft Windows operating systems, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0655
Plugin Information
Published: 2010/12/20, Modified: 2022/10/18
Plugin Output

tcp/445/cifs


Nessus detected 2 installs of Microsoft .NET Framework:

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8.1
Full Version : 4.8.09032
Install Type : Full
Release : 533320

Path : C:\Windows\Microsoft.NET\Framework64\v4.0.30319\
Version : 4.8.1
Full Version : 4.8.09032
Install Type : Client
Release : 533320
99364 - Microsoft .NET Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft .NET security rollups.
Description
Nessus was able to enumerate the Microsoft .NET security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/04/14, Modified: 2024/04/11
Plugin Output

tcp/445/cifs


Path : C:\windows\Microsoft.NET\Framework\v4.0.30319\system.core.dll
Version : 4.8.9166.0
.NET Version : 4.8.1
Associated KB : 5027119
Latest effective update level : 06_2023

192148 - Microsoft Azure Data Studio Installed (Windows)
-
Synopsis
Microsoft Azure Data Studio is installed on the remote Windows host.
Description
Microsoft Azure Data Studio is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2024/03/15, Modified: 2024/03/27
Plugin Output

tcp/0


Path : C:\Program Files\Azure Data Studio\
Version : 1.44.0.0

176212 - Microsoft Edge Add-on Enumeration (Windows)
-
Synopsis
One or more Microsoft Egde browser extensions are installed on the remote host.
Description
Nessus was able to enumerate Microsoft Edge browser extensions installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/05/22, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


User : Administrator
|- Browser : Microsoft Edge
|- Add-on information :

Name : unknown
Version : 7.3.7.16
Path : C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\aoganjpeihhkhippgnniaclfocnihgln\7.3.7.16_0

Name : unknown
Version : 10.7.0.5775
Path : C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jjkchpdmjjdmalgembblgafllbpcjlei\10.7.0.5775_0

Name : Edge relevant text changes
Description : Edge relevant text changes on select websites to improve user experience and precisely surfaces the action they want to take.
Version : 1.2.0
Path : C:\Users\Administrator\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha\1.2.0_0
136969 - Microsoft Edge Chromium Installed
-
Synopsis
Microsoft Edge (Chromium-based) is installed on the remote host.
Description
Microsoft Edge (Chromium-based), a Chromium-based web browser, is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/05/29, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Path : C:\Program Files (x86)\Microsoft\Edge\Application
Version : 115.0.1901.183

162560 - Microsoft Internet Explorer Installed
-
Synopsis
A web browser is installed on the remote Windows host.
Description
Microsoft Internet Explorer, a web browser bundled with Microsoft Windows, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/06/28, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\windows\system32\mshtml.dll
Version : 11.0.22621.1928

72367 - Microsoft Internet Explorer Version Detection
-
Synopsis
Internet Explorer is installed on the remote host.
Description
The remote Windows host contains Internet Explorer, a web browser created by Microsoft.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0509
Plugin Information
Published: 2014/02/06, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Version : 11.1.22621.0
66424 - Microsoft Malicious Software Removal Tool Installed
-
Synopsis
An antimalware application is installed on the remote Windows host.
Description
The Microsoft Malicious Software Removal Tool is installed on the remote host. This tool is an application that attempts to detect and remove known malware from Windows systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/05/15, Modified: 2023/01/10
Plugin Output

tcp/445/cifs


File : C:\windows\system32\MRT.exe
Version : 5.115.23070.1
Release at last run : unknown
Report infection information to Microsoft : Yes
174413 - Microsoft ODBC Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft ODBC Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msodbcsql17.dll
Version : 17.10.4.1
174405 - Microsoft OLE DB Driver for SQL Server Installed (Windows)
-
Synopsis
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
Description
Microsoft OLE DB Driver for SQL Server is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/04/17, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


Path : C:\Windows\System32\msoledbsql.dll
Version : 18.6.5.0
93232 - Microsoft Office Compatibility Pack Installed (credentialed check)
-
Synopsis
A compatibility application is installed on the remote host.
Description
Microsoft Office Compatibility Pack, used to enable older versions of Microsoft Office applications to view and edit files created with newer versions of Microsoft Office applications, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0663
Plugin Information
Published: 2016/08/30, Modified: 2024/03/19
Plugin Output

tcp/445/cifs


Office Compatibility Pack is installed with the following components:

Component : Excel Converter
Version : 16.0.14332.20529
Path : C:\Program Files\Microsoft Office\root\Office16\Excelcnv.exe

Component : Word Converter
Version : 16.0.14332.20529
Path : C:\Program Files\Microsoft Office\root\Office16\Wordconv.exe
27524 - Microsoft Office Detection
-
Synopsis
The remote Windows host contains an office suite.
Description
Microsoft Office is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0505
Plugin Information
Published: 2007/10/23, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


The remote host has the following Microsoft Office 2021 components installed :

- Publisher : 16.0.14332.20529
- ExcelCnv : 16.0.14332.20529
- Word : 16.0.14332.20529
- Excel : 16.0.14332.20529
- WordCnv : 16.0.14332.20529
- PowerPoint : 16.0.14332.20529
- OneNote : 16.0.14332.20529

Nessus used the remote host's "productreleaseids" registry key to determine the update channel :

Office Click-to-Run update url : N/A
Office Click-to-Run update channel : LTSC 2021 (Volume Licensed)
Office Click-to-Run version : 2108
Office Click-to-Run build : 14332.20529

Nessus last observed a Microsoft Office update on April 9, 2024.

92425 - Microsoft Office File History
-
Synopsis
Nessus was able to enumerate files opened in Microsoft Office on the remote host.
Description
Nessus was able to gather evidence of files that were opened using any Microsoft Office application. The report was extracted from Office MRU (Most Recently Used) registry keys.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
folderid_desktop
folderid_documents
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\20231213...rtf.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\test.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\test1.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\test2.LNK
C:\\Users\Administrator\AppData\Roaming\Microsoft\Office\Recent\枪米.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\20231024_-..<w.蕇9劮.xlsx.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\20231024_-..<w.蕇9劮_.xlsx.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\index.dat
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\Templates.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\tool.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\t_azln_s_rdr_identification_table_idno.csv.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\森遽笕.rtf.LNK
C:\\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Office\Recent\戆.86.pptx.LNK

User AppData recent used file report attached
Office MRU registry report attached.
77605 - Microsoft OneNote Detection
-
Synopsis
The remote Windows host contains Microsoft OneNote.
Description
Microsoft OneNote is installed on the remote host.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0664
Plugin Information
Published: 2014/09/10, Modified: 2024/03/19
Plugin Output

tcp/0


Path : C:\Program Files\Microsoft Office\root\Office16\OneNote.exe
Version : 16.0.14332.20529
124120 - Microsoft Outlook Attachment Previewing Enabled
-
Synopsis
Microsoft Outlook application that is installed on the remote host has attachment previewing enabled.
Description
Microsoft Outlook application that is installed on the remote host has attachment previewing enabled.
Solution
Disable attachment previewing settings.
Risk Factor
None
Plugin Information
Published: 2019/04/17, Modified: 2019/04/17
Plugin Output

tcp/0

Outlook application in Microsoft Office 2016 has attachment previewing enabled.

57033 - Microsoft Patch Bulletin Feasibility Check
-
Synopsis
Nessus is able to check for Microsoft patch bulletins.
Description
Using credentials supplied in the scan policy, Nessus is able to collect information about the software and patches installed on the remote Windows host and will use that information to check for missing Microsoft security updates.

Note that this plugin is purely informational.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/06, Modified: 2021/07/12
Plugin Output

tcp/445/cifs



Nessus is able to test for missing patches using :
Nessus

125835 - Microsoft Remote Desktop Connection Installed
-
Synopsis
A graphical interface connection utility is installed on the remote Windows host
Description
Microsoft Remote Desktop Connection (also known as Remote Desktop Protocol or Terminal Services Client) is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/06/12, Modified: 2022/10/10
Plugin Output

tcp/0


Path : C:\windows\\System32\\mstsc.exe
Version : 10.0.22621.1778

93962 - Microsoft Security Rollup Enumeration
-
Synopsis
This plugin enumerates installed Microsoft security rollups.
Description
Nessus was able to enumerate the Microsoft security rollups installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/10/11, Modified: 2023/06/26
Plugin Output

tcp/445/cifs


Cumulative Rollup : 07_2023 [KB5028185]
Cumulative Rollup : 06_2023
Cumulative Rollup : 05_2023
Cumulative Rollup : 04_2023
Cumulative Rollup : 03_2023
Cumulative Rollup : 02_2023
Cumulative Rollup : 01_2023
Cumulative Rollup : 12_2022
Cumulative Rollup : 11_2022

Latest effective update level : 07_2023
File checked : C:\windows\system32\ntoskrnl.exe
File version : 10.0.22621.1992
Associated KB : 5028185

144792 - Microsoft Teams Installed (Windows)
-
Synopsis
Microsoft Teams is installed on the remote Windows host.
Description
Microsoft Teams, a communication and collaboration tool, is installed on the remote Windows host.

Note that if the 'Show potential false alarms' setting is enabled, this plugin will attempt to detect the deployment file.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/01/07, Modified: 2024/03/26
Plugin Output

tcp/0


Nessus detected 7 installs of Microsoft Teams:

Path : C:\Users\Administrator\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

Path : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

Path : C:\Users\DBAdmin\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

Path : C:\Users\testuser1\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

Path : C:\Users\testuser2\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

Path : C:\Users\ikeda\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

Path : C:\Users\EVEMAAdmin\AppData\Local\Microsoft\Teams\current\
Version : 1.4.0.19572

10902 - Microsoft Windows 'Administrators' Group User List
-
Synopsis
There is at least one user in the 'Administrators' group.
Description
Using the supplied credentials, it is possible to extract the member list of the 'Administrators' group. Members of this group have complete access to the remote system.
Solution
Verify that each member of the group should have this type of access.
Risk Factor
None
Plugin Information
Published: 2002/03/15, Modified: 2018/05/16
Plugin Output

tcp/445/cifs


The following users are members of the 'Administrators' group :

- masked_hostname\Administrator (User)
- EMSOCCS1\Domain Admins (Group)
48763 - Microsoft Windows 'CWDIllegalInDllSearch' Registry Setting
-
Synopsis
CWDIllegalInDllSearch Settings: Improper settings could allow code execution attacks.
Description
Windows Hosts can be hardened against DLL hijacking attacks by setting the The 'CWDIllegalInDllSearch' registry entry in to one of the following settings:

- 0xFFFFFFFF (Removes the current working directory from the default DLL search order)

- 1 (Blocks a DLL Load from the current working directory if the current working directory is set to a WebDAV folder)

- 2 (Blocks a DLL Load from the current working directory if the current working directory is set to a remote folder)
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/26, Modified: 2019/12/20
Plugin Output

tcp/445/cifs


Name : SYSTEM\CurrentControlSet\Control\Session Manager\CWDIllegalInDllSearch
Value : Registry Key Empty or Missing

70615 - Microsoft Windows AutoRuns Boot Execute
-
Synopsis
Report programs that startup associates with session manager subsystem.
Description
Report registry startup locations associated with the session manager subsystem during boot time.

These registry keys start-up with the smss.exe service during boot time and perform system tasks that cannot be performed while Windows is running.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

+ HKLM\System\CurrentControlSet\Control\Session Manager\bootexecute
- autocheck autochk *

70616 - Microsoft Windows AutoRuns Codecs
-
Synopsis
Report programs set to normally start with multimedia.
Description
Codecs are encoders and decoders for digital data streams commonly associated with video and audio playback.

The following keys are codecs that are set to start automatically to control different types of digital media encoding and decoding.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
- mixer1 : wdmaud.drv
- wave : wdmaud.drv
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wave2 : wdmaud.drv
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- mixer : wdmaud.drv
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\System32\l3codeca.acm
- midi : wdmaud.drv
- midi2 : wdmaud.drv
- mixer2 : wdmaud.drv
- aux : wdmaud.drv
- aux1 : wdmaud.drv
- vidc.yvyu : msyuv.dll
- midi1 : wdmaud.drv
- midimapper : midimap.dll
- wave1 : wdmaud.drv
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
- mixer1 : wdmaud.drv
- wave : wdmaud.drv
- vidc.yvu9 : tsbyuv.dll
- vidc.mrle : msrle32.dll
- vidc.iyuv : iyuv_32.dll
- wave2 : wdmaud.drv
- wavemapper : msacm32.drv
- msacm.msadpcm : msadp32.acm
- mixer : wdmaud.drv
- vidc.yuy2 : msyuv.dll
- vidc.uyvy : msyuv.dll
- vidc.msvc : msvidc32.dll
- msacm.imaadpcm : imaadp32.acm
- msacm.msg711 : msg711.acm
- msacm.msgsm610 : msgsm32.acm
- msacm.l3acm : C:\Windows\SysWOW64\l3codeca.acm
- midi : wdmaud.drv
- midi2 : wdmaud.drv
- vidc.cvid : iccvid.dll
- mixer2 : wdmaud.drv
- aux : wdmaud.drv
- aux1 : wdmaud.drv
- vidc.yvyu : msyuv.dll
- midi1 : wdmaud.drv
- midimapper : midimap.dll
- wave1 : wdmaud.drv
- vidc.i420 : iyuv_32.dll


+ HKLM\Software\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : C:\Windows\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C6B400E2-20A7-4E58-A2FE-24619682CE6C}
- Name : Microsoft AC3 Encoder
- Value : C:\Windows\System32\msac3enc.dll

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}
- Name : Microsoft DTV-DVD Audio Decoder
- Value : C:\Windows\System32\msmpeg2adec.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
+ CLSID : {129D7E40-C10D-11D0-AFB9-00AA00B67A42}
- Name : DV Muxer
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {1643E180-90F5-11CE-97D5-00AA0055595A}
- Name : Color Space Converter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {187463A0-5BB7-11D3-ACBE-0080C75E246E}
- Name : WM ASF Reader
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {1B544C20-FD0B-11CE-8C63-00AA0044B51E}
- Name : AVI Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1DA08500-9EDC-11CF-BC10-00AA00AC74F6}
- Name : VGA 16 Color Ditherer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {1f26a602-2b5c-4b63-b8e8-9ea5c1a7dc2e}
- Name : SBE2MediaTypeProfile
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {212690FB-83E5-4526-8FD7-74478B7939CD}
- Name : Microsoft DTV-DVD Video Decoder
- Value : C:\Windows\System32\msmpeg2vdec.dll

+ CLSID : {280A3020-86CF-11D1-ABE6-00A0C905F375}
- Name : AC3 Parser Filter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {2DB47AE5-CF39-43C2-B4D6-0CD8D90946F4}
- Name : StreamBufferSink
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {301056D0-6DFF-11D2-9EEB-006008039E37}
- Name : MJPEG Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {336475D0-942A-11CE-A870-00AA002FEAB5}
- Name : MPEG-I Stream Splitter
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {33FACFE0-A9BE-11D0-A520-00A0D10129C0}
- Name : SAMI (CC) Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {370A1D5D-DDEB-418C-81CD-189E0D4FA443}
- Name : VBI Codec
- Value : C:\Windows\System32\VBICodec.ax

+ CLSID : {3AE86B20-7BE8-11D1-ABE6-00A0C905F375}
- Name : MPEG-2 Splitter
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {3D07A539-35CA-447C-9B05-8D85CE924F9E}
- Name : Closed Captions Analysis Filter
- Value : C:\Windows\System32\cca.dll

+ CLSID : {3E458037-0CA6-41aa-A594-2AA6C02D709B}
- Name : SBE2FileScan
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {42150CD9-CA9A-4EA5-9939-30EE037F6E74}
- Name : Microsoft MPEG-2 Video Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {48025243-2D39-11CE-875D-00608CB78066}
- Name : Internal Script Command Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4A2286E0-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Audio Decoder
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {4EB31670-9FC6-11CF-AF6E-00AA00B67A42}
- Name : DV Splitter
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {51B4ABF3-748F-4E3B-A276-C828330E926A}
- Name : Video Mixing Renderer 9
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {5F5AFF4A-2F7F-4279-88C2-CD88EB39D144}
- Name : Microsoft MPEG-2 Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {6A08CF80-0E18-11CF-A24D-0020AFD79767}
- Name : ACM Wrapper
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6BC1CFFA-8FC1-4261-AC22-CFB4CC38DB50}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {6CFAD761-735D-4AA5-8AFC-AF91A7D61EBA}
- Name : MPEG-2 Video Stream Analyzer
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {6E8D4A20-310C-11D0-B79A-00AA003767A7}
- Name : Line 21 Decoder
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {6F26A6CD-967B-47FD-874A-7AED2C9D25A2}
- Name : Video Port Manager
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {70E102B0-5556-11CE-97C0-00AA0055595A}
- Name : Video Renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {7B3BC2A0-AA50-4ae7-BD44-B03649EC87C2}
- Name : VPS Decoder
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {7C23220E-55BB-11D3-8B16-00C04FB6BD3D}
- Name : WM ASF Writer
- Value : C:\Windows\System32\qasf.dll

+ CLSID : {814B9800-1C88-11D1-BAD9-00609744111A}
- Name : VBI Surface Allocator
- Value : C:\Windows\System32\vbisurf.ax

+ CLSID : {8596E5F0-0DA5-11D0-BD21-00A0C911CE86}
- Name : File writer
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {9B8C4620-2C1A-11D0-8493-00A02438AD48}
- Name : DVD Navigator
- Value : C:\Windows\System32\qdvd.dll

+ CLSID : {A0025E90-E45B-11D1-ABE9-00A0C905F375}
- Name : Overlay Mixer2
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {A888DF60-1E90-11CF-AC98-00AA004C0FA9}
- Name : AVI Draw
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {ACD453BC-C58A-44D1-BBF5-BFB325BE2D78}
- Name : Microsoft MPEG-2 Audio Encoder
- Value : C:\Windows\System32\msmpeg2enc.dll

+ CLSID : {AD6C8934-F31B-4F43-B5E4-0541C1452F6F}
- Name : WST Pager
- Value : C:\Windows\System32\WSTPager.ax

+ CLSID : {AFB6C280-2C41-11D3-8A60-0000F81E0E4A}
- Name : MPEG-2 Demultiplexer
- Value : C:\Windows\System32\mpg2splt.ax

+ CLSID : {B1B77C00-C3E4-11CF-AF79-00AA00B67A42}
- Name : DV Video Decoder
- Value : C:\Windows\System32\qdv.dll

+ CLSID : {C1F400A0-3F08-11D3-9F0B-006008039E37}
- Name : SampleGrabber
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C1F400A4-3F08-11D3-9F0B-006008039E37}
- Name : Null Renderer
- Value : C:\Windows\System32\qedit.dll

+ CLSID : {C666E115-BB62-4027-A113-82D643FE2D99}
- Name : MPEG-2 Sections and Tables
- Value : C:\Windows\System32\Mpeg2Data.ax

+ CLSID : {C6B400E2-20A7-4E58-A2FE-24619682CE6C}
- Name : Microsoft AC3 Encoder
- Value : C:\Windows\System32\msac3enc.dll

+ CLSID : {C9F5FE02-F851-4EB5-99EE-AD602AF1E619}
- Name : StreamBufferSource
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {CC58E280-8AA1-11D1-B3F1-00AA003761C5}
- Name : Smart Tee
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {CD8743A1-3736-11D0-9E69-00C04FD7C15B}
- Name : Overlay Mixer
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {CF49D4E0-1115-11CE-B03A-0020AF0BA770}
- Name : AVI Decompressor
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D3588AB0-0781-11CE-B03A-0020AF0BA770}
- Name : AVI/WAV File Source
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A1-7548-11CF-A520-0080C77EF58A}
- Name : Wave Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A2-7548-11CF-A520-0080C77EF58A}
- Name : MIDI Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A3-7548-11CF-A520-0080C77EF58A}
- Name : Multi-file Parser
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {D51BD5A5-7548-11CF-A520-0080C77EF58A}
- Name : File stream renderer
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E1F1A0B8-BEEE-490D-BA7C-066C40B5E2B9}
- Name : Microsoft DTV-DVD Audio Decoder
- Value : C:\Windows\System32\msmpeg2adec.dll

+ CLSID : {E2448508-95DA-4205-9A27-7EC81E723B1A}
- Name : StreamBufferSink2
- Value : C:\Windows\System32\sbe.dll

+ CLSID : {E2510970-F137-11CE-8B67-00AA00A3F1A6}
- Name : AVI Mux
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {E4206432-01A1-4BEE-B3E1-3702C8EDC574}
- Name : Line 21 Decoder 2
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB5-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (Async.)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {E436EBB6-524F-11CE-9F53-0020AF0BA770}
- Name : File Source (URL)
- Value : C:\Windows\System32\quartz.dll

+ CLSID : {F8388A40-D5BB-11D0-BE5A-0080C706568E}
- Name : Infinite Pin Tee Filter
- Value : C:\Windows\System32\qcap.dll

+ CLSID : {FA10746C-9B63-4B6C-BC49-FC300EA5F256}
- Name : Enhanced Video Renderer
- Value : C:\Windows\System32\evr.dll

+ CLSID : {FC772AB0-0C7F-11D3-8FF2-00A0C9224CF4}
- Name : BDA MPEG2 Transport Information Filter
- Value : C:\Windows\System32\psisrndr.ax

+ CLSID : {FEB50740-7BEF-11CE-9BD9-0000E202599C}
- Name : MPEG Video Decoder
- Value : C:\Windows\System32\quartz.dll


+ HKLM\Software\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance
+ CLSID : {0e4ecd3b-1ba6-4636-8198-56c73040964a}
- Name : Microsoft JPEG-XL Encoder
- Value : %SystemRoot%\system32\MSRAWImage.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{AC757296-3522-4E11-9862-C17BE5A1767E}\Instance
+ CLSID : {0e4ecd3b-1ba6-4636-8198-56c73040964a}
- Name : Microsoft JPEG-XL Encoder
- Value : %SystemRoot%\system32\MSRAWImage.dll


+ HKLM\Software\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {41945702-8302-44A6-9445-AC98E8AFA086}
- Name : Microsoft Raw Image Decoder
- Value : %SystemRoot%\system32\MSRAWImage.dll

+ CLSID : {fc6ceece-aef5-4a23-96ec-5984ffb486d9}
- Name : Microsoft JPEG-XL Decoder
- Value : %SystemRoot%\system32\MSRAWImage.dll


+ HKLM\Software\Wow6432Node\Classes\CLSID\{7ED96837-96F0-4812-B211-F13C24117ED3}\Instance
+ CLSID : {41945702-8302-44A6-9445-AC98E8AFA086}
- Name : Microsoft Raw Image Decoder
- Value : %SystemRoot%\system32\MSRAWImage.dll

+ CLSID : {fc6ceece-aef5-4a23-96ec-5984ffb486d9}
- Name : Microsoft JPEG-XL Decoder
- Value : %SystemRoot%\system32\MSRAWImage.dll


70617 - Microsoft Windows AutoRuns Explorer
-
Synopsis
Reports programs that startup associates with the explorer process.
Description
Report the startup locations associated with the explorer.exe process.

These items could add controls to menus, add extensions for common protocols such as HTTP or FTP, or set control user activity with the desktop and control panels.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Protocols\Filter
+ CLSID : {807583E5-5146-11D5-A672-00B0D022E945}
- Name : text/xml
- Value : C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLMF.DLL


+ HKLM\SOFTWARE\Classes\Protocols\Handler
+ CLSID : {3050F406-98B5-11CF-BB82-00AA00BDCE0B}
- Name : about
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {EFF88B17-05AA-4736-BBCA-6A03400B39CA}
- Name : bromium
- Value :

+ CLSID : {3dd53d40-7b8b-11D0-b013-00aa0059ce02}
- Name : cdl
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {5513F07E-936B-4E52-9B00-067394E91CC5}
- Name : dssrequest
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

+ CLSID : {12D51199-0DB5-46FE-A120-47A3D7D937CC}
- Name : dvd
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : file
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e3-baf9-11ce-8c82-00aa004ba90b}
- Name : ftp
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e2-baf9-11ce-8c82-00aa004ba90b}
- Name : http
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {79eac9e5-baf9-11ce-8c82-00aa004ba90b}
- Name : https
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : javascript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {79eac9e7-baf9-11ce-8c82-00aa004ba90b}
- Name : local
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}
- Name : mailto
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {05300401-BCBC-11d0-85E3-00C04FD85AB4}
- Name : mhtml
- Value : C:\Windows\System32\inetcomm.dll

+ CLSID : {79eac9e6-baf9-11ce-8c82-00aa004ba90b}
- Name : mk
- Value : C:\Windows\System32\urlmon.dll

+ CLSID : {9D148291-B9C8-11D0-A4CC-0000F80149F6}
- Name : ms-its
- Value : C:\Windows\System32\itss.dll

+ CLSID : {83C25742-A9F7-49FB-9138-434302C88D07}
- Name : mso-minsb-roaming.16
- Value : C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL

+ CLSID : {42089D2D-912D-4018-9087-2B87803E93FB}
- Name : mso-minsb.16
- Value : C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL

+ CLSID : {42089D2D-912D-4018-9087-2B87803E93FB}
- Name : osf-roaming.16
- Value : C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL

+ CLSID : {5504BE45-A83B-4808-900A-3A5C36E7F77A}
- Name : osf.16
- Value : C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL

+ CLSID : {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
- Name : res
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {5513F07E-936B-4E52-9B00-067394E91CC5}
- Name : sacore
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : tbauth
- Value : C:\Windows\System32\tbauth.dll

+ CLSID : {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
- Name : tv
- Value : C:\Windows\System32\msvidctl.dll

+ CLSID : {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
- Name : vbscript
- Value : C:\Windows\System32\mshtml.dll

+ CLSID : {14654CA6-5711-491D-B89A-58E571679951}
- Name : windows.tbauth
- Value : C:\Windows\System32\tbauth.dll


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
+ CLSID : {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
- Name : webcheck
- Value :


+ HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
+ CLSID : {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
- Name : FileSyncEx
- Value : C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll

+ CLSID : {09799AFB-AD67-11d1-ABCD-00C04FC30936}
- Name : Open With
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : Open With EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
- Name : WorkFolders
- Value : C:\Windows\System32\WorkfoldersShell.dll

+ CLSID : {90AA3A4E-1CBA-4233-B8BB-535773D48449}
- Name : Taskband Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\*\ShellEx\PropertySheetHandlers
+ CLSID : {7444C719-39BF-11D1-8CD9-00C04FC29D45}
- Name : CryptoSignMenu
- Value : %SystemRoot%\system32\cryptext.dll

+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {3EA48300-8CF6-101B-84FB-666CCB9BCD32}
- Name : OLE DocFile Property Page
- Value : %SystemRoot%\system32\docprop.dll

+ CLSID : {883373C3-BF89-11D1-BE35-080036B11A03}
- Name : Summary Properties Page
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
+ CLSID : {f3d06e7c-1e45-4a26-847e-f9fcdee59be0}
- Name : CopyAsPathMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {e2bf9676-5f8f-435c-97eb-11607a5bedf7}
- Name : ModernSharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {7BA4C740-9E81-11CF-99D3-00AA004AE837}
- Name : SendTo
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {1003406D-B16C-4A93-B2F0-13CCAACF54E0}
- Name : SureSense_ScanFile_4_4_7_365
- Value : C:\Program Files\HP\Sure Click\ApplicationSupport\sure_sense\4.4.7.365\SureSenseShellExt.dll

+ CLSID : {833378FE-1986-46BA-9B4E-F8F1D9AC98C5}
- Name : vSentry_TrustFile_4_4_4_170
- Value : C:\Program Files\HP\Sure Click\4.4.4.170\servers\HostShellExtension.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name :
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\AllFileSystemObjects\ShellEx\PropertySheetHandlers
+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name :
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers
+ CLSID : {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
- Name : FileSyncEx
- Value : C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll

+ CLSID : {A470F8CF-A1E8-4f65-8335-227475AA5C46}
- Name : EncryptionMenu
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
- Name : WorkFolders
- Value : C:\Windows\System32\WorkfoldersShell.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\Directory\Shellex\PropertySheetHandlers
+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {1f2e5c40-9550-11ce-99d2-00aa006e086c}
- Name :
- Value : %SystemRoot%\system32\rshx32.dll

+ CLSID : {4a7ded0a-ad25-11d0-98a8-0800361b1103}
- Name :
- Value : %SystemRoot%\system32\mydocs.dll

+ CLSID : {596AB062-B4D2-4215-9F74-E9109B0A8153}
- Name :
- Value : %SystemRoot%\system32\twext.dll

+ CLSID : {ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}
- Name :
- Value : C:\Windows\System32\DfsShlEx.dll

+ CLSID : {ef43ecfe-2ab9-4632-bf21-58909dd177f0}
- Name :
- Value : %SystemRoot%\system32\shell32.dll


+ HKLM\Software\Classes\Directory\Shellex\CopyHookHandlers
+ CLSID : {217FC9C0-3AEA-1069-A2DB-08002B30309D}
- Name : FileSystem
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {40dd6e20-7c17-11ce-a804-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll


+ HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
+ CLSID : {CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}
- Name : FileSyncEx
- Value : C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncShell64.dll

+ CLSID : {D969A300-E7FF-11d0-A93B-00A0C90F2719}
- Name : New
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9}
- Name : NvCplDesktopContext
- Value : C:\windows\System32\DriverStore\FileRepository\nvwu.inf_amd64_7928011f35860ca3\nvshext.dll

+ CLSID : {1E9B04FB-F9E5-4718-997B-B8DA88302A48}
- Name : NvQuadroView
- Value : C:\Program Files\NVIDIA Corporation\nview\nvshell.dll

+ CLSID : {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
- Name : Sharing
- Value : %SystemRoot%\system32\ntshrui.dll

+ CLSID : {E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
- Name : WorkFolders
- Value : C:\Windows\System32\WorkfoldersShell.dll


+ HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
+ CLSID : {3dad6c5d-2167-4cae-9914-f99e41c12cfa}
- Name : Library Location
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {474C98EE-CF3D-41f5-80E3-4AAB0AB04301}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll

+ CLSID : {470C0EBD-5D73-4d58-9CED-E91E22E23282}
- Name : PintoStartScreen
- Value : C:\Windows\System32\appresolver.dll

+ CLSID : {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
- Name : Start Menu Pin
- Value : %SystemRoot%\system32\shell32.dll

+ CLSID : {EA485C0C-93BB-48C3-AE57-6399F85F0F7E}
- Name : rcScanMenuHandler.RCContextMenuExt
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\rcScanMenuHandler.dll


+ HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers
+ CLSID : {BD472F60-27FA-11cf-B8B4-444553540000}
- Name :
- Value : %SystemRoot%\system32\zipfldr.dll


+ HKLM\Software\Classes\Folder\ShellEx\PropertySheetHandlers
+ CLSID : {748F920F-FB24-4D09-B360-BAF6F199AD6D}
- Name : FCI Properties
- Value : C:\Windows\System32\srmshell.dll

+ CLSID : {7EFA68C6-086B-43e1-A2D2-55A113531240}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ CLSID : {6CDCC3E8-D8FF-46EF-B8BE-63A059227B8B}
- Name : BromiumOverlay_4_4_4_170
- Value : C:\Program Files\HP\Sure Click\4.4.4.170\servers\HostShellExtension.dll

+ CLSID : {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}
- Name : EnhancedStorageShell
- Value : C:\Windows\System32\EhStorShell.dll

+ CLSID : {4E77131D-3629-431c-9818-C5679DC83E81}
- Name : Offline Files
- Value : %SystemRoot%\System32\cscui.dll


+ HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers
+ CLSID : {6CDCC3E8-D8FF-46EF-B8BE-63A059227B8B}
- Name : BromiumOverlay_4_4_4_170
- Value : C:\Program Files\HP\Sure Click\4.4.4.170\servers\HostShellExtension.dll


70619 - Microsoft Windows AutoRuns Internet Explorer
-
Synopsis
Report programs that startup associates with Internet Explorer.
Description
Report registry startup locations associated with the Internet Explorer (IE) application.

The startup values include Internet Explorer plugins to extend the functionality of IE, browser toolbars, hooks into browser controls, and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CLSID : {1FD49718-1D00-4B19-AF5F-070AF6D5D54C}
- Name : IEToEdge BHO
- Value : C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\BHO\ie_to_edge_bho_64.dll

+ CLSID : {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
- Name : Trellix Endpoint Security ScriptScan
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeEpSS.Dll

+ CLSID : {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll


HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
+ CLSID : {1FD49718-1D00-4B19-AF5F-070AF6D5D54C}
- Name : IEToEdge BHO
- Value : C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\BHO\ie_to_edge_bho_64.dll

+ CLSID : {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
- Name : Lync Click to Call BHO
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {7DB2D5A0-7241-4E79-B68D-6309F01C5231}
- Name : Trellix Endpoint Security ScriptScan
- Value : C:\Program Files\McAfee\Endpoint Security\Threat Prevention\mfeEpSS.Dll

+ CLSID : {B164E929-A1B6-4A06-B104-2CD0E90A88FF}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll


+ HKLM\Software\Microsoft\Internet Explorer\Toolbar
+ CLSID : {0ebbbe48-bad4-4b4c-8e5a-516abecae064}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

+ HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
+ CLSID : {0ebbbe48-bad4-4b4c-8e5a-516abecae064}
- Value : C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\x64\McIEPlugin.dll

HKLM\Software\Microsoft\Internet Explorer\Extensions
+ CLSID : {2670000A-7350-4f3c-8081-5663EE0C6C49}
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
- Value : CLSID is not set in HKCR\CLSID\


HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
+ CLSID : {2670000A-7350-4f3c-8081-5663EE0C6C49}
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
- Name : Lync Click to Call
- Value : CLSID is not set in HKCR\CLSID\

+ CLSID : {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}
- Value : CLSID is not set in HKCR\CLSID\


70620 - Microsoft Windows AutoRuns Known DLLs
-
Synopsis
DLLs listed to be shared by processes.
Description
The known DLLs registry setting is used to define DLLs that are shared between processes without a process having to search for the DLL location.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
- ole32 : ole32.dll
- rpcrt4 : rpcrt4.dll
- _xtajit : xtajit.dll
- clbcatq : clbcatq.dll
- shell32 : SHELL32.dll
- wow64 : wow64.dll
- msctf : MSCTF.dll
- wow64base : wow64base.dll
- *kernel32 : kernel32.dll
- gdi32 : gdi32.dll
- msvcrt : MSVCRT.dll
- difxapi : difxapi.dll
- coml2 : coml2.dll
- shlwapi : SHLWAPI.dll
- normaliz : NORMALIZ.dll
- oleaut32 : OLEAUT32.dll
- _wow64cpu : wow64cpu.dll
- comdlg32 : COMDLG32.dll
- imm32 : IMM32.dll
- psapi : PSAPI.DLL
- ws2_32 : WS2_32.dll
- advapi32 : advapi32.dll
- shcore : SHCORE.dll
- xtajit64 : xtajit64.dll
- sechost : sechost.dll
- wow64win : wow64win.dll
- gdiplus : gdiplus.dll
- wldap32 : WLDAP32.dll
- nsi : NSI.dll
- user32 : user32.dll
- _wowarmhw : wowarmhw.dll
- setupapi : Setupapi.dll
- combase : combase.dll
- wow64con : wow64con.dll
- imagehlp : IMAGEHLP.dll
70613 - Microsoft Windows AutoRuns LSA Providers
-
Synopsis
Programs set to start as Local Security Authority.
Description
An LSA (Local Security Authority) is an application that can be used to authorize users to their systems. The reported autoruns are available to provide this service or features to this service.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0



+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\authentication packages
- msv1_0


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\notification packages
- scecli


+ HKLM\SYSTEM\CurrentControlSet\Control\Lsa\security packages
- ""
70621 - Microsoft Windows AutoRuns Logon
-
Synopsis
Report programs that start-up from the most common registry locations.
Description
Report the most common startup locations used by programs. These are commonly associated with programs that start automatically when the computer is turned on, users log in, users log off, or remote sessions are started.

Such keys can be set from a program install, GPO, or through a malicious process to maintain persistence.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd
- rdpclip


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\userinit
- C:\windows\system32\userinit.exe


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\vmapplet
- SystemPropertiesPerformance.exe /pagefile


+ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell
- explorer.exe


+ HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot
- AlternateShell : cmd.exe


+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- Name : mardpreg
- Value : "C:\Program Files\DDS\EVEMA\Client\MARdpReg.exe" "C:\Program Files\DDS\EVEMA\Client\MARdp.dll"

- Name : securityhealth
- Value : %windir%\system32\SecurityHealthSystray.exe

- Name : rtkauduservice
- Value : "C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_dd4cb97d217df0bc\RtkAudUService64.exe" -background

- Name : maagent
- Value : "C:\Program Files\DDS\EVEMA\Client\MAAgent.exe"


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
- Name : mcafeeupdaterui
- Value : "C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe" /StartedFromRunKey

- Name : teamsmachineinstaller
- Value : %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS

- Name : hpnotifications
- Value : C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe


+ HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
- Name : Themes Setup
- Value : /UserInstall

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4340}
- Name : Windows Desktop Update
- Value : U

+ CLSID : {89820200-ECBD-11cf-8B85-00AA005B4383}
- Name : Web Platform Customizations
- Value : C:\Windows\System32\ie4uinit.exe -UserConfig

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install

+ CLSID : {9459C573-B17A-45AE-9F64-1857B5D58CEE}
- Name : Microsoft Edge
- Value : "C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --channel=stable


+ HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
+ CLSID : >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /ShowWMP

+ CLSID : {6BF52A52-394A-11d3-B153-00C04F79FAA6}
- Name : Microsoft Windows Media Player
- Value : %SystemRoot%\system32\unregmp2.exe /FirstLogon

+ CLSID : {89B4C1CD-B018-4511-B0A1-5476DBF70820}
- Name :
- Value : C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install


+ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows
- iconservicelib : IconCodecService.dll
- Load :


70622 - Microsoft Windows AutoRuns Network Providers
-
Synopsis
Report programs set to automatically start-up as a Network Provider.
Description
The DLLs listed under the registry key are used to provide network services for new protocols.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- P9NP : %SystemRoot%\System32\p9np.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
- webclient : %SystemRoot%\System32\davclnt.dll

+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\HwOrder\ProviderOrder
- RDPNP : %SystemRoot%\System32\drprov.dll
- P9NP : %SystemRoot%\System32\p9np.dll
- LanmanWorkstation : %SystemRoot%\System32\ntlanman.dll
- webclient : %SystemRoot%\System32\davclnt.dll
70623 - Microsoft Windows AutoRuns Print Monitor
-
Synopsis
Report programs set to start automatically as a print monitor.
Description
Report the DLLs that control print monitor functions for multiple programs and systems.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
- Appmon : AppMon.dll
- Local Port : localspl.dll
- Standard TCP/IP Port : tcpmon.dll
- USB Monitor : usbmon.dll
- WSD Port : APMon.dll
70618 - Microsoft Windows AutoRuns Registry Hijack Possible Locations
-
Synopsis
Report common registry keys used to hijack execution.
Description
Report common registry keys that can be used to hijack system process execution.

These registry keys can be used to either replace execution or shim a process in the middle of execution to hijack control. Confirm that everything listed here is set to the appropriate settings and that it doesn't look like another process is taking control of the process's execution.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\SOFTWARE\Classes\Exefile\Shell\Open\Command
- Command : "%1" %*


+ HKLM\Software\Classes\.exe : exefile
- open : "%1" %*
- runas : "%1" %*
- runasuser :


+ HKLM\Software\Classes\.cmd : cmdfile
- edit : %SystemRoot%\System32\NOTEPAD.EXE %1
- open : "%1" %*
- print : %SystemRoot%\System32\NOTEPAD.EXE /p %1
- runas : %SystemRoot%\System32\cmd.exe /C "%1" %*
- runasuser :


+ HKLM\Software\Classes\.htm : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.html : htmlfile
- open : "C:\Program Files\Internet Explorer\iexplore.exe" %1
- print : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
- printto : "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.doc : Word.Document.8
- Edit : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1"
- New : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1"
- OnenotePrintto : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2"
- Open : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u"
- OpenAsReadOnly : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1"
- Print : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1"
- Printto : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2"
- ViewProtected : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1"


+ HKLM\Software\Classes\.docx : Word.Document.12
- Edit : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vu "%1"
- New : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n /f "%1"
- OnenotePrintto : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2"
- Open : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "%1" /o "%u"
- OpenAsReadOnly : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /h /n "%1"
- Print : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /i "%1"
- Printto : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /j "%1" "%2"
- ViewProtected : "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /vp "%1"


+ HKLM\Software\Classes\.vbs : VBSFile
- Edit : "%SystemRoot%\System32\Notepad.exe" %1
- Open : "%SystemRoot%\System32\WScript.exe" "%1" %*
- Open2 : "%SystemRoot%\System32\CScript.exe" "%1" %*
- Print : "%SystemRoot%\System32\Notepad.exe" /p %1


+ HKLM\Software\Classes\.txt : txtfilelegacy
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"


+ HKLM\Software\Classes\.xls : Excel.Sheet.8
- Edit : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vu "%1"
- New : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /n "%1"
- Open : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "%1"
- OpenAsReadOnly : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /h "%1"
- Print : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%1"
- Printto : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /q "%1" /j "%2"
- ViewProtected : "C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /vp "%1"


+ HKLM\Software\Classes\.xml : xmlfile
- edit : "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb edit "%1"
- open : "C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\MSOXMLED.EXE" /verb open "%1"


+ HKLM\Software\Classes\.pif : piffile
- open : "%1" %*


+ HKLM\Software\Classes\.txt : txtfilelegacy
- printto : %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4"


70624 - Microsoft Windows AutoRuns Report
-
Synopsis
Generate a CSV report of all autoruns.
Description
Collect all autoruns listed in the Windows autoruns plugins and report the primary content in a CSV report.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+Enabled Autoruns Detection Types
- Boot Execute
- LSA Provider
- Known DLLs
- WinLogon
- Winsock Provider
- Service
- Explorer
- Logon
- Codecs
- Driver
- Image Hijack
- Network Provider
- Scheduled Tasks
- Print Monitor
- Internet Explorer


The attached CSV contains information about Windows autoruns.
70625 - Microsoft Windows AutoRuns Scheduled Tasks
-
Synopsis
Report processes that start-up via the scheduled task manager.
Description
This plugin lists the scheduled tasks for the system. The scheduled tasks are often used to update software, for systems administrators to run processes, and can be used by malware to spread on systems.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0

report output too big - ending list here

70626 - Microsoft Windows AutoRuns Services and Drivers
-
Synopsis
Report programs that are set to start automatically on boot as a service or driver.
Description
Report the registry keys that track programs that are set to start on boot as a service.

These programs can start as a system wide service or be loaded as a driver.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services
Drivers :
+ Adobe Acrobat Update Service
- "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
- Auto Load
- Adobe Acrobat Updater keeps your Adobe software up to date.

+ @%SystemRoot%\system32\AJRouter.dll,-2
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%SystemRoot%\system32\AJRouter.dll,-1

+ @%SystemRoot%\system32\Alg.exe,-112
- %SystemRoot%\System32\alg.exe
- Load on Demand
- @%SystemRoot%\system32\Alg.exe,-113

+ @%systemroot%\system32\appidsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted -p
- Load on Demand
- @%systemroot%\system32\appidsvc.dll,-101

+ @%systemroot%\system32\appinfo.dll,-100
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @%systemroot%\system32\appinfo.dll,-101

+ @appmgmts.dll,-3250
- %SystemRoot%\system32\svchost.exe -k netsvcs -p
- Load on Demand
- @appmgmts.dll,-3251

+ @%SystemRoot%\System32\AppReadiness.dll,-1000
- %SystemRoot%\System32\svchost.exe -k AppReadiness -p
- Load on Demand
- @%SystemRoot%\System32\AppReadiness.dll,-1001

+ @%systemroot%\system32\AppVClient.exe,-102
- %systemroot%\system32\AppVClient.exe
- disabled
- @%systemroot%\system32\AppVClient.exe,-101

+ @%SystemRoot%\system32\appxdeploymentserver.dll,-1
- %systemroot%\system32\svchost.exe -k wsappx -p
- Load on Demand
- @%SystemRoot%\system32\appxdeploymentserver.dll,-2

+ @%SystemRoot%\system32\assignedaccessmanagersvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k AssignedAccessManagerSvc
- Load on Demand
- @%SystemRoot%\system32\assignedaccessmanagersvc.dll,-101

+ @%SystemRoot%\system32\AudioEndpointBuilder.dll,-204
- %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted -p
- Auto Load
- @%SystemRoot%\System32\AudioEndpointBuilder.dll,-205

+ @%SystemRoot%\system32\audiosrv.dll,-200
- %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p
- Auto Load
- @%SystemRoot%\System32\audiosrv.dll,-201

+ @%SystemRoot%\System32\autotimesvc.dll,-6
- %SystemRoot%\system32\svchost.exe -k autoTimeSvc
- Load on Demand
- @%SystemRoot%\System32\autotimesvc.dll,-7

+ @%SystemRoot%\system32\AxInstSV.dll,-103
- %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
- Load on Demand
- @%SystemRoot%\system32\AxInstSV.dll,-104

+ @%SystemRoot%\system32\bdesvc.dll,-100
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Load on Demand
- @%SystemRoot%\system32\bdesvc.dll,-101

+ @%SystemRoot%\system32\bfe.dll,-1001
- %systemroot%\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
- Auto Load
- @%SystemRoot%\system32\bfe.dll,-1002

+ @%SystemRoot%\system32\qmgr.dll,-1000
- %SystemRoot%\System32\svchost.exe -k netsvcs -p
- Auto Load
- @%SystemRoot%\system32\qmgr.dll,-1001

+ HP Sure Sense Antimalware Service
- "C:\Program Files\HP\Sure Click\servers\BrAmSvc.exe"
- disabled
-

+ HP Sure Click Endpoint Service
- "c:\Program Files\HP\Sure Click\servers\BemSvc.exe"
- Auto Load
- HP Sure Click Endpoint Service

+ @%windir%\system32\bisrv.dll,-100
- %SystemRoot%\system32\svchost.exe -k DcomLaunch -p
- Auto Load
- @%windir%\system32\bisrv.dll,-101

+ HP Sure Click Host Management Service
- "c:\Program Files\HP\Sure Click\servers\BrService.exe"
- Auto Load
- This service manages HP Sure Click on the machine.

+ @%SystemRoot%\system32\BTAGService.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
- Load on Demand
- @%SystemRoot%\system32\BTAGService.dll,-102

+ @%SystemRoot%\system32\BthAvctpSvc.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\system32\BthAvctpSvc.dll,-102

+ @%SystemRoot%\System32\bthserv.dll,-101
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Load on Demand
- @%SystemRoot%\System32\bthserv.dll,-102

+ BWH32S
- "C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe"
- Auto Load
- Sn????????o??????????????????????Vn?????????????????Lc_??.????????????n??????q.??????n??????????M??????????W~Y.

+ @%SystemRoot%\system32\CapabilityAccessManager.dll,-1
- %SystemRoot%\system32\svchost.exe -k osprivacy -p
- Load on Demand
- @%SystemRoot%\system32\CapabilityAccessManager.dll,-2

+ @%SystemRoot%\system32\cdpsvc.dll,-100
- %SystemRoot%\system32\svchost.exe -k LocalService -p
- Auto Load
- @%SystemRoot%\system32\cdpsvc.dll,-101

+ @%SystemRoot%\System32\certprop.dll,-11
- %SystemRoot%\system32\svchost.exe -k netsvcs
- Load on Demand
- @%SystemRoot%\System32\certprop.dll,-12

+ Microsoft Office Click-to-Run Service
- "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
- Auto Load
- *Microsoft Office ????n????????n??t.???????????????? ????????????.????????q..??#Y??????????????????????.W~Y.Sn????????o.Microsoft Office ??????????n(-.
70629 - Microsoft Windows AutoRuns Winlogon
-
Synopsis
Report programs that startup associates with the winlogon process.
Description
Report the startup locations associated with the winlogon process.

These values could add features to the logon process, assist in authentication, or set screen savers.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
+ CLSID : {01A30791-40AE-4653-AB2E-FD210019AE88}
- Name : Automatic Redeployment Credential Provider
- Value : %systemroot%\system32\mgmtrefreshcredprov.dll

+ CLSID : {1b283861-754f-4022-ad47-a5eaaa618894}
- Name : Smartcard Reader Selection Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {1ee7337f-85ac-45e2-a23c-37c753209769}
- Name : Smartcard WinRT Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {2135f72a-90b5-4ed3-a7f1-8bb705ac276a}
- Name : PicturePasswordLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {25CBB996-92ED-457e-B28C-4774084BD562}
- Name : GenericProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {27FBDB57-B613-4AF2-9D7E-4FA7A66C21AD}
- Name : TrustedSignal Credential Provider
- Value : %systemroot%\system32\TrustedSignalCredProv.dll

+ CLSID : {3dd6bec0-8193-4ffe-ae25-e08e39ea4063}
- Name : NPProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {48B4E58D-2791-456C-9091-D524C6C706F2}
- Name : Secondary Authentication Factor Credential Provider
- Value : C:\Windows\System32\devicengccredprov.dll

+ CLSID : {600e7adb-da3e-41a4-9225-3c0399e88c0c}
- Name : CngCredUICredentialProvider
- Value : %systemroot%\system32\cngcredui.dll

+ CLSID : {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}
- Name : PasswordProvider
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {7D7E735B-B3EC-471c-8847-CFEA39BD12FF}
- Name : MACredentialProvider
- Value : C:\Program Files\DDS\EVEMA\Client\MACredentialProvider.dll

+ CLSID : {842A6B90-A9FE-412a-BA70-CFD797EA34A8}
- Name : MAPinProvider
- Value : C:\Program Files\DDS\EVEMA\Client\MACredentialProvider.dll

+ CLSID : {8AF662BF-65A0-4D0A-A540-A338A999D36F}
- Name : FaceCredentialProvider
- Value : C:\Windows\System32\FaceCredentialProvider.dll

+ CLSID : {8FD7E19C-3BF7-489B-A72C-846AB3678C96}
- Name : Smartcard Credential Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {94596c7e-3744-41ce-893e-bbf09122f76a}
- Name : Smartcard Pin Provider
- Value : %SystemRoot%\system32\SmartcardCredentialProvider.dll

+ CLSID : {BEC09223-B018-416D-A0AC-523971B639F5}
- Name : WinBio Credential Provider
- Value : %SystemRoot%\System32\BioCredProv.dll

+ CLSID : {C5D7540A-CD51-453B-B22B-05305BA03F07}
- Name : Cloud Experience Credential Provider
- Value : C:\Windows\System32\cxcredprov.dll

+ CLSID : {cb82ea12-9f71-446d-89e1-8d0924e1256e}
- Name : PINLogonProvider
- Value : %SystemRoot%\system32\credprovslegacy.dll

+ CLSID : {D6886603-9D2F-4EB2-B667-1971041FA96B}
- Name : NGC Credential Provider
- Value : C:\Windows\System32\ngccredprov.dll

+ CLSID : {E17CC571-5ABB-4ba5-8B95-9603CCBB5C4F}
- Name : WindowsLogonLite
- Value : C:\Program Files\DDS\EVEMA\Client\MACredentialProvider.dll

+ CLSID : {e74e57b0-6c6d-44d5-9cda-fb2df5ed7435}
- Name : CertCredProvider
- Value : %systemroot%\system32\certCredProvider.dll

+ CLSID : {f64945df-4fa9-4068-a2fb-61af319edd33}
- Name : RdpCredentialProvider
- Value : %windir%\system32\rdpcredentialprovider.dll

+ CLSID : {F8A0B131-5F68-486c-8040-7E8FC3C85BB6}
- Name : WLIDCredentialProvider
- Value : %SystemRoot%\system32\wlidcredprov.dll

+ CLSID : {F8A1793B-7873-4046-B2A7-1F318747F427}
- Name : FIDO Credential Provider
- Value : %systemroot%\system32\fidocredprov.dll

+ CLSID : {F8C2B3B3-13BA-4535-A0FB-B31419A941BA}
- Name : MAPasswordCredentialProvider
- Value : C:\Program Files\DDS\EVEMA\Client\MACredentialProvider.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Provider Filters
+ CLSID : {DDC0EED2-ADBE-40b6-A217-EDE16A79A0DE}
- Name : GenericFilter
- Value : %SystemRoot%\system32\credprovs.dll

+ CLSID : {FBBE8B7E-99FE-46dd-98FC-113D86417C3D}
- Name : MACredentialFilter
- Value : C:\Program Files\DDS\EVEMA\Client\MACredentialProvider.dll


HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\PLAP Providers
+ CLSID : {5537E283-B1E7-4EF8-9C6E-7AB0AFE5056D}
- Name : RasProvider
- Value : %SystemRoot%\system32\rasplap.dll




70630 - Microsoft Windows AutoRuns Winsock Provider
-
Synopsis
Report Winsock providers extensions.
Description
A Winsock provider is a type of Layered Service Provider (LSP) that can be used to control protocols by inserting itself into the TCP/IP stack. This can commonly be used to help filter web traffic, enable QoS type services, or anything to hook network traffic controls.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/25, Modified: 2024/03/26
Plugin Output

tcp/0


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries
- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\system32\pnrpnsp.dll
- LibararyPath : %SystemRoot%\system32\pnrpnsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll
- LibararyPath : %SystemRoot%\system32\nlansp_c.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64
- Name : Hyper-V RAW
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60200
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60201
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60202
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\mswsock.dll,-60102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-100
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-101
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-102
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : @%SystemRoot%\System32\wshqos.dll,-103
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : AF_UNIX
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD L2CAP [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll

- Name : MSAFD RfComm [Bluetooth]
- PackedCatalogItem : %SystemRoot%\system32\mswsock.dll


+ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
- LibararyPath : %SystemRoot%\system32\napinsp.dll
- LibararyPath : %SystemRoot%\system32\pnrpnsp.dll
- LibararyPath : %SystemRoot%\system32\pnrpnsp.dll
- LibararyPath : %SystemRoot%\System32\mswsock.dll
- LibararyPath : %SystemRoot%\System32\winrnr.dll
- LibararyPath : %SystemRoot%\system32\wshbth.dll
- LibararyPath : %SystemRoot%\system32\nlansp_c.dll

92371 - Microsoft Windows DNS Cache
-
Synopsis
Nessus was able to collect and report DNS cache information from the remote host.
Description
Nessus was able to collect details of the DNS cache from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/03/26
Plugin Output

tcp/0

1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
1.144.18.172.in-addr.arpa
1.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
1.240.30.172.in-addr.arpa
1.32.27.172.in-addr.arpa
1.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
1.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.0.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
2.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
3.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.2.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.2.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
4.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
5.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
5.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
6.4.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
6.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
6.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
7.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
8.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
9.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
a.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
ad-server-1
ad-server-1
ad-server-1.gcc.emsoccs.gsdf.mods.go.jp
ad-server-1.gcc.emsoccs.gsdf.mods.go.jp
ad-server-2
ad-server-2
ad-server-2.gcc.emsoccs.gsdf.mods.go.jp
ad-server-2.gcc.emsoccs.gsdf.mods.go.jp
ana-server-1
ana-server-1
ana-server-2
ana-server-2
ana-server-app
ana-server-app
b.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
c.8.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.c.0.e.0.0.0.0.2.e.2.e.1.0.d.f.ip6.arpa
c2-server-1
c2-server-1
c2-server-2
c2-server-2
c2-server-app
c2-server-app
cld-conn-1
cld-conn-1
cld-conn-2
cld-conn-2
cld-conn-app
cld-conn-app
masked_hostname
masked_hostname
masked_hostname.mshome.net
masked_hostname.mshome.net
masked_hostname0
masked_hostname0
masked_hostname1
masked_hostname1
masked_hostname2
masked_hostname2
console-2
console-2
console-3
console-3
console-4
console-4
console-5
console-5
console-6
console-6
console-7
console-7
console-8
console-8
console-9
console-9
db-server-1
db-server-1
db-server-2
db-server-2
db-server-app
db-server-app
desktop-7kp9cbv.mshome.net
desktop-7kp9cbv.mshome.net
ewcp-conn-1
ewcp-conn-1
ewcp-conn-2
ewcp-conn-2
ewcp-conn-app
ewcp-conn-app
host5.mshome.net
host5.mshome.net
inf-server-1
inf-server-1
inf-server-2
inf-server-2
inf-server-app
inf-server-app

DNS cache information attached.
92363 - Microsoft Windows Device Logs
-
Synopsis
Nessus was able to collect available device logs from the remote host.
Description
Nessus was able to collect available device logs from the remote Windows host and add them as attachments.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Device logs attached.
92364 - Microsoft Windows Environment Variables
-
Synopsis
Nessus was able to collect and report environment variables from the remote host.
Description
Nessus was able to collect system and active account environment variables on the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0757
Plugin Information
Published: 2016/07/19, Modified: 2022/06/24
Plugin Output

tcp/0

Global Environment Variables :
processor_level : 6
comspec : %SystemRoot%\system32\cmd.exe
username : SYSTEM
brs : C:\Program Files\HP\Sure Click\servers
os : Windows_NT
number_of_processors : 24
temp : %SystemRoot%\TEMP
processor_revision : 9702
path : C:\newscp\mac\McnMon\bin;C:\newscp\mac\AppCommon\bin;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files\Microsoft SQL Server\Client SDK\ODBC\170\Tools\Binn\;C:\Program Files (x86)\Microsoft SQL Server\160\DTS\Binn\;C:\Program Files\Azure Data Studio\bin;C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\WindowsApps;C:\Program Files\DDS\EVEMA\Client;
onlineservices : Online Services
tmp : %SystemRoot%\TEMP
brb : C:\Program Files\HP\Sure Click\bin
zes_enable_sysman : 1
regioncode : APJ
processor_identifier : Intel64 Family 6 Model 151 Stepping 2, GenuineIntel
processor_architecture : AMD64
pathext : .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
driverdata : C:\Windows\System32\Drivers\DriverData
deflogdir : C:\ProgramData\McAfee\Endpoint Security\Logs
platformcode : 7F
psmodulepath : %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules
windir : %SystemRoot%

Active User Environment Variables
- S-1-5-21-3388008032-3793481426-1508724218-500
temp : %USERPROFILE%\AppData\Local\Temp
path : %USERPROFILE%\AppData\Local\Microsoft\WindowsApps;;C:\Program Files\Azure Data Studio\bin
onedrive : %UserProfile%\OneDrive
tmp : %USERPROFILE%\AppData\Local\Temp
92365 - Microsoft Windows Hosts File
-
Synopsis
Nessus was able to collect the hosts file from the remote host.
Description
Nessus was able to collect the hosts file from the remote Windows host and report it as attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/01/27
Plugin Output

tcp/0

Windows hosts file attached.

MD5: 8881cd59103c7591f6d3c5fbfbbff71e
SHA-1: bd7c97c036193f1ab7fb88f3c95784a7060766e1
SHA-256: f3441f307220c132584a7cb098c2c32e344f26e1a8ae8e3a4e779fe434b4dc61
187318 - Microsoft Windows Installed
-
Synopsis
The remote host is running Microsoft Windows.
Description
The remote host is running Microsoft Windows.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/12/27, Modified: 2024/04/02
Plugin Output

tcp/0


OS Name : Microsoft Windows 11 22H2
Vendor : Microsoft
Product : Windows
Release : 11 22H2
Edition : Pro
Version : 10.0.22621.1992
Role : client
Kernel : Windows NT 10.0
Architecture : x64
CPE v2.2 : cpe:/o:microsoft:windows_11_22h2:10.0.22621.1992:-
CPE v2.3 : cpe:2.3:o:microsoft:windows_11_22h2:10.0.22621.1992:-:any:*:pro:*:x64:*
Type : local
Method : SMB
Confidence : 100

20811 - Microsoft Windows Installed Software Enumeration (credentialed check)
-
Synopsis
It is possible to enumerate installed software.
Description
This plugin lists software potentially installed on the remote host by crawling the registry entries in :

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall HKLM\SOFTWARE\Microsoft\Updates

Note that these entries do not necessarily mean the applications are actually installed on the remote host - they may have been left behind by uninstallers, or the associated files may have been manually removed.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0501
Plugin Information
Published: 2006/01/26, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following software are installed on the remote host :

Windows Driver Package - HP Inc. BrCow_4_4_4_170 ActivityMonitor (06/01/2023 4.4.4.170) [version 06/01/2023 4.4.4.170]
Windows Driver Package - HP Inc. sselam_4_4_2_453 AntiVirus (11/01/2022 4.4.2.453) [version 11/01/2022 4.4.2.453]
BUFFALO ¨¢¹Æü·çó-šÄüë [version 2.0.15] [installed on 2023/12/13]
BUFFALO ѽ³ó°ƒh:Äüë [version 1.2.1] [installed on 2023/12/13]
Windows Driver Package - HP Inc. BrFilter_4_4_4_170 ActivityMonitor (06/01/2023 4.4.4.170) [version 06/01/2023 4.4.4.170]
HP Documentation [version 1.0.0.1]
Trellix Agent [version 5.8.0.161]
Microsoft Edge [version 115.0.1901.183] [installed on 2023/07/24]
Microsoft Edge Update [version 1.3.177.11]
Microsoft Edge WebView2 Runtime [version 115.0.1901.183] [installed on 2023/07/24]
Microsoft Help Viewer 2.3 [version 2.3.28307]
Microsoft OneDrive [version 23.142.0709.0001]
Microsoft Office LTSC Standard 2021 - ja-jp [version 16.0.14332.20529]
BUFFALO ¯é¤¢óÈÞÍü¸ã6
BUFFALO ¯é¤¢óÈÞÍü¸ã6 ’¢ó¤ó¹Èüë [version 1.5.4] [installed on 2023/12/13]
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/09/11]
Visual Studio 2017 Isolated Shell for SSMS [version 15.0.28308.421] [installed on 2023/09/13]
Microsoft Analysis Services OLE DB ×íФÀü [version 16.0.5143.0] [installed on 2023/09/13]
Python 3.11.4 Development Libraries (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821 [version 14.22.27821] [installed on 2023/06/20]
Python Launcher [version 3.11.4150.0] [installed on 2023/09/14]
HP Sure Run Module [version 5.0.5.59] [installed on 2023/12/13]
Synaptics FP Sensors DDK [version 4.5.342.0] [installed on 2023/12/13]
SQL Server Management Studio [version 19.1.56.0] [installed on 2023/09/13]
Trellix Endpoint Security iÜ‹..þV [version 10.7.0] [installed on 2023/12/11]
Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821 [version 14.22.27821] [installed on 2023/06/20]
Microsoft Update Health Tools [version 5.70.0.0] [installed on 2023/07/24]
Trellix Data Exchange Layer for TA [version 6.0.30995.0] [installed on 2023/12/08]
EVEMA Client (x64) 3.33.0.47573 [version 3.33.0.47573] [installed on 2023/12/13]
Python 3.11.4 Test Suite (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Trellix Endpoint Security Web ¡. [version 10.7.0] [installed on 2023/12/11]
HP Wolf Security [version 4.4.4.170] [installed on 2023/07/28]
Microsoft OLE DB Driver for SQL Server [version 18.6.5.0] [installed on 2023/09/13]
Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821 [version 14.22.27821.0]
HP Wolf Security - Console [version 11.1.2.639] [installed on 2023/12/13]
HP Connection Optimizer [version 2.0.19.0] [installed on 2023/06/20]
Azure Data Studio [version 1.44.0] [installed on 2023/09/13]
Microsoft Command Line Utilities 15 for SQL Server [version 15.0.4298.1] [installed on 2023/09/11]
Trellix Endpoint Security Õ¡¤¢¦©üë [version 10.7.0] [installed on 2023/12/11]
Teams Machine-Wide Installer [version 1.4.0.19572] [installed on 2023/07/28]
Python 3.11.4 Standard Library (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664 [version 12.0.40664] [installed on 2023/09/13]
Trellix Endpoint Security ..þV [version 10.7.0] [installed on 2023/12/11]
HP Notifications [version 1.1.28.1] [installed on 2023/06/20]
Microsoft Øë× Óåü¢ü 2.3 Language Pack - å,ž [version 2.3.28107] [installed on 2023/09/13]
Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support [version 16.0.31110] [installed on 2023/09/13]
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532 [version 14.36.32532.0]
Office 16 Click-to-Run Licensing Component [version 16.0.14332.20529] [installed on 2023/07/28]
Office 16 Click-to-Run Extensibility Component [version 16.0.14332.20529] [installed on 2023/07/28]
Office 16 Click-to-Run Localization Component [version 16.0.14332.20529] [installed on 2023/07/28]
Python 3.11.4 Utility Scripts (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
SSMS Post Install Tasks [version 19.1.56.0] [installed on 2023/09/13]
HP Security Update Service [version 4.4.7.365] [installed on 2023/12/13]
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664 [version 12.0.40664.0]
Python 3.11.4 Tcl/Tk Support (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
HP Wolf Security Application Support for Windows [version 4.4.7.581] [installed on 2023/12/13]
Adobe Refresh Manager [version 1.8.0] [installed on 2023/12/13]
Adobe Acrobat (64-bit) [version 23.003.20244] [installed on 2023/07/24]
Trellix Endpoint Security ×éÃÈÕ©üà [version 10.7.0] [installed on 2023/12/11]
NVIDIA °éգï¹ Éé¤Ðü 511.65 [version 511.65] [installed on 2023/06/20]
NVIDIA RTX Desktop Manager 202.44 [version 202.44] [installed on 2023/06/20]
NVIDIA HD ªüÇ£ª Éé¤Ðü 1.3.39.3 [version 1.3.39.3] [installed on 2023/06/20]
NVIDIA Install Application [version 2.1002.363.0] [installed on 2023/06/20]
SQL Server Management Studio [version 19.1.56.0] [installed on 2023/09/13]
HP Wolf Security Application Support for Sure Sense [version 4.4.7.365] [installed on 2023/12/13]
Microsoft ODBC Driver 17 for SQL Server [version 17.10.4.1] [installed on 2023/09/11]
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664 [version 12.0.40664] [installed on 2023/09/13]
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532 [version 14.36.32532] [installed on 2023/09/11]
Python 3.11.4 pip Bootstrap (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Python 3.11.4 Executables (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Integration Services [version 16.0.5107.6] [installed on 2023/09/13]
HP Sure Recover [version 10.1.15.90] [installed on 2023/07/28]
{E5FB98E0-0784-44F0-8CEC-95CD4690C43F} [version 255.255.65535.0]
Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support [version 16.0.31110] [installed on 2023/09/13]
HP System Default Settings [version 1.4.16.6] [installed on 2023/06/20]
Python 3.11.4 Documentation (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Visual Studio 2017 Isolated Shell for SSMS LangPack - å,ž [version 15.0.28307.421] [installed on 2023/09/13]
HP Wolf Security Application Support for Chrome 112.0.5615.206 [version 4.4.1.623] [installed on 2023/07/28]
Python 3.11.4 Core Interpreter (64-bit) [version 3.11.4150.0] [installed on 2023/09/14]
Microsoft SQL Server Management Studio - 19.1 [version 19.1.56.0]
Trellix Data Exchange Layer for TA [version 6.0.3.995]
Microsoft Visual Studio Tools for Applications 2019 [version 16.0.31110]
178102 - Microsoft Windows Installed Software Version Enumeration
-
Synopsis
Enumerates installed software versions.
Description
This plugin enumerates the installed software version by interrogating information obtained from various registry entries and files on disk. This plugin provides a best guess at the software version and a confidence level for that version.

Note that the versions detected here do not necessarily indicate the actual installed version nor do they necessarily mean that the application is actually installed on the remote host. In some cases there may be artifacts left behind by uninstallers on the system.
Solution
Remove any applications that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2023/07/10, Modified: 2023/07/18
Plugin Output

tcp/445/cifs


The following software information is available on the remote host :

- Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821
Best Confidence Version : 14.22.27821
Version Confidence Level : 2
All Possible Versions : 14.22.27821
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 236350637
[DisplayName] :
Raw Value : Microsoft Visual C++ 2019 X86 Additional Runtime - 14.22.27821
[UninstallString] :
Raw Value : MsiExec.exe /I{3BDE80F7-7EC9-448E-8160-4ADA0CDA8879}
[InstallDate] :
Raw Value : 2023/06/20
[DisplayVersion] :
Raw Value : 14.22.27821
[VersionMinor] :
Raw Value : 22

- BUFFALO ŊéĪĒóČÞÍüļã6
Best Confidence Version :
Version Confidence Level :
All Possible Versions :
Other Version Data
[Version] :
Raw Value : 66820
[DisplayName] :
Raw Value : BUFFALO ŊéĪĒóČÞÍüļã6

- Windows Driver Package - HP Inc. BrFilter_4_4_4_170 ActivityMonitor (06/01/2023 4.4.4.170)
Best Confidence Version : 2.1.0.0
Version Confidence Level : 3
All Possible Versions : 2.1.0.0, 06/01/2023 4.4.4.170
Other Version Data
[DisplayName] :
Raw Value : Windows Driver Package - HP Inc. BrFilter_4_4_4_170 ActivityMonitor (06/01/2023 4.4.4.170)
[UninstallString] :
Raw Value : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe /u C:\windows\system32\DRVSTORE\brfilter_4_F0AD069EAB413CB9FCEE456549DD3AD4B4AF1775\brfilter_4_4_4_170.inf
Parsed File Path : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe
Parsed File Version : 2.1.0.0
[DisplayVersion] :
Raw Value : 06/01/2023 4.4.4.170
[DisplayIcon] :
Raw Value : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe,0
Parsed File Path : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe
Parsed File Version : 2.1.0.0

- Windows Driver Package - HP Inc. BrCow_4_4_4_170 ActivityMonitor (06/01/2023 4.4.4.170)
Best Confidence Version : 2.1.0.0
Version Confidence Level : 3
All Possible Versions : 2.1.0.0, 06/01/2023 4.4.4.170
Other Version Data
[DisplayName] :
Raw Value : Windows Driver Package - HP Inc. BrCow_4_4_4_170 ActivityMonitor (06/01/2023 4.4.4.170)
[UninstallString] :
Raw Value : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe /u C:\windows\system32\DRVSTORE\brcow_4_4__1D6FF7674EBD1C91F40A912524F8346BFC646A97\brcow_4_4_4_170.inf
Parsed File Path : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe
Parsed File Version : 2.1.0.0
[DisplayVersion] :
Raw Value : 06/01/2023 4.4.4.170
[DisplayIcon] :
Raw Value : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe,0
Parsed File Path : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe
Parsed File Version : 2.1.0.0

- NVIDIA HD ŠüĮĢŠ ÉéĪÐü 1.3.39.3
Best Confidence Version : 1.3.39.3
Version Confidence Level : 2
All Possible Versions : 1.3.39.3
Other Version Data
[InstallDate] :
Raw Value : 2023/06/20
[DisplayIcon] :
Raw Value : C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.dll,0
Parsed File Path : C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.dll
[InstallLocation] :
Raw Value : C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{A31BF401-8F41-4B57-8897-0B9D00B9152E}
[UninstallString] :
Raw Value : "C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage HDAudio.Driver
[VersionMinor] :
Raw Value : 3
[Version] :
Raw Value : 0
[VersionMajor] :
Raw Value : 1
[DisplayVersion] :
Raw Value : 1.3.39.3
[DisplayName] :
Raw Value : NVIDIA HD ŠüĮĢŠ ÉéĪÐü 1.3.39.3

- NVIDIA RTX Desktop Manager 202.44
Best Confidence Version : 6.14.10.20244
Version Confidence Level : 3
All Possible Versions : 6.14.10.20244, 202.44
Other Version Data
[InstallDate] :
Raw Value : 2023/06/20
[DisplayIcon] :
Raw Value : "C:\Program Files\NVIDIA Corporation\nview\nwiz.exe"
Parsed File Path : C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
Parsed File Version : 6.14.10.20244
[InstallLocation] :
Raw Value : C:\Program Files\NVIDIA Corporation\nview
[UninstallString] :
Raw Value : "C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.NView
[VersionMinor] :
Raw Value : 44
[Version] :
Raw Value : 0
[VersionMajor] :
Raw Value : 202
[DisplayVersion] :
Raw Value : 202.44
[DisplayName] :
Raw Value : NVIDIA RTX Desktop Manager 202.44

- Microsoft Help Viewer 2.3
Best Confidence Version : 2.3.28307
Version Confidence Level : 2
All Possible Versions : 51.119.37703, 2.3.28307
Other Version Data
[InstallDate] :
Raw Value : 2023/09/13
[DisplayIcon] :
Raw Value : msiexec.exe
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Microsoft Help Viewer\v2.3\
[UninstallString] :
Raw Value : MsiExec.exe /X{99DC6816-30B2-32EB-9E12-AF8944C4FA4E}
[VersionMinor] :
Raw Value : 3
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 33779347
Parsed Version : 51.119.37703
[DisplayVersion] :
Raw Value : 2.3.28307
[DisplayName] :
Raw Value : Microsoft Help Viewer 2.3

- Microsoft Office LTSC Standard 2021 - ja-jp
Best Confidence Version : 16.0.14332.20529
Version Confidence Level : 3
All Possible Versions : 16.0.14332.20529
Other Version Data
[InstallLocation] :
Raw Value : C:\Program Files\Microsoft Office
[DisplayName] :
Raw Value : Microsoft Office LTSC Standard 2021 - ja-jp
[UninstallString] :
Raw Value : "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" scenario=install scenariosubtype=ARP sourcetype=None productstoremove=Standard2021Volume.16_ja-jp_x-none culture=ja-jp version.16=16.0
Parsed File Path : C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Parsed File Version : 16.0.14332.20529
[DisplayVersion] :
Raw Value : 16.0.14332.20529
[DisplayIcon] :
Raw Value : C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Parsed File Path : C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
Parsed File Version : 16.0.14332.20529

- Trellix Endpoint Security Web Ą.
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files (x86)\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security Web Ą.
[UninstallString] :
Raw Value : MsiExec.exe /X{5974413A-8D95-4D64-B9EE-40DF28186445}
[InstallDate] :
Raw Value : 2023/12/11
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- HP Connection Optimizer
Best Confidence Version : 2.0.19.0
Version Confidence Level : 3
All Possible Versions : 2.0.19.0, 51.85.17489
Other Version Data
[InstallDate] :
Raw Value : 2023/06/20
[DisplayIcon] :
Raw Value : C:\Program Files\HPCommRecovery\HPCommRecovery.exe,0
Parsed File Path : C:\Program Files\HPCommRecovery\HPCommRecovery.exe
Parsed File Version : 2.0.19.0
[InstallLocation] :
Raw Value : C:\Program Files (x86)\HP\HP Connection Optimizer
[UninstallString] :
Raw Value : "C:\Program Files (x86)\InstallShield Installation Information\{6468C4A5-E47E-405F-B675-A70A70983EA6}\setup.exe" -runfromtemp -l0x0411 -removeonly
Parsed File Path : C:\Program Files (x86)\InstallShield Installation Information\{6468C4A5-E47E-405F-B675-A70A70983EA6}\setup.exe
Parsed File Version : 2.0.19.0
[VersionMinor] :
Raw Value : 0
[Version] :
Raw Value : 33554451
Parsed Version : 51.85.17489
[VersionMajor] :
Raw Value : 2
[DisplayVersion] :
Raw Value : 2.0.19.0
[DisplayName] :
Raw Value : HP Connection Optimizer

- HP Wolf Security - Console
Best Confidence Version : 11.1.2.639
Version Confidence Level : 2
All Possible Versions : 11.1.2.639
Other Version Data
[VersionMajor] :
Raw Value : 11
[Version] :
Raw Value : 184614914
[DisplayName] :
Raw Value : HP Wolf Security - Console
[UninstallString] :
Raw Value : MsiExec.exe /X{62C3172F-5F00-4B9D-A6C3-A1F722A3DD1A}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 11.1.2.639
[VersionMinor] :
Raw Value : 1

- Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268466566
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019 x64 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{8E7A3713-551D-333A-9271-10EF4D77A80F}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 16.0.31110
[VersionMinor] :
Raw Value : 0

- Office 16 Click-to-Run Extensibility Component
Best Confidence Version : 16.0.14332.20529
Version Confidence Level : 2
All Possible Versions : 16.0.14332.20529
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268449788
[DisplayName] :
Raw Value : Office 16 Click-to-Run Extensibility Component
[UninstallString] :
Raw Value : MsiExec.exe /X{90160000-008C-0000-1000-0000000FF1CE}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 16.0.14332.20529
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Utility Scripts (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Utility Scripts (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{90A235DF-4CF1-415D-AD85-6AC578B5DFB4}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Office 16 Click-to-Run Licensing Component
Best Confidence Version : 16.0.14332.20529
Version Confidence Level : 2
All Possible Versions : 16.0.14332.20529
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268449788
[DisplayName] :
Raw Value : Office 16 Click-to-Run Licensing Component
[UninstallString] :
Raw Value : MsiExec.exe /I{90160000-007E-0000-1000-0000000FF1CE}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 16.0.14332.20529
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Standard Library (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Standard Library (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{7EB8F17E-4AA7-4F9E-B908-42A28799523A}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft ODBC Driver 17 for SQL Server
Best Confidence Version : 17.10.4.1
Version Confidence Level : 2
All Possible Versions : 17.10.4.1
Other Version Data
[VersionMajor] :
Raw Value : 17
[Version] :
Raw Value : 285868036
[DisplayName] :
Raw Value : Microsoft ODBC Driver 17 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{CD5FACA5-C1F2-429C-BB7D-7CDB1C5FE769}
[InstallDate] :
Raw Value : 2023/09/11
[DisplayVersion] :
Raw Value : 17.10.4.1
[VersionMinor] :
Raw Value : 10

- SQL Server Management Studio
Best Confidence Version : 19.1.56.0
Version Confidence Level : 2
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318832696
[DisplayName] :
Raw Value : SQL Server Management Studio
[UninstallString] :
Raw Value : MsiExec.exe /I{33F6AA45-05AE-4040-A83A-6B27778CA3A4}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1

- HP Wolf Security
Best Confidence Version : 4.4.4.170
Version Confidence Level : 2
All Possible Versions : 103.55.4114, 4.4.4.170
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67371012
Parsed Version : 103.55.4114
[DisplayName] :
Raw Value : HP Wolf Security
[UninstallString] :
Raw Value : MsiExec.exe /X{5A0FD8F0-0091-11EE-8EF1-3863BB3CB5A8}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 4.4.4.170
[VersionMinor] :
Raw Value : 4

- Trellix Agent
Best Confidence Version : 5.8.0.161
Version Confidence Level : 2
All Possible Versions : 132.65.872, 5.8.0.161
Other Version Data
[InstallDate] :
Raw Value : 2023/12/08
[DisplayIcon] :
Raw Value : C:\windows\Installer\{E484E5FD-6136-4271-A864-802606D05183}\ARPPRODUCTICON.exe
Parsed File Path : C:\windows\Installer\{E484E5FD-6136-4271-A864-802606D05183}\ARPPRODUCTICON.exe
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Agent\
[UninstallString] :
Raw Value : MsiExec.exe /X{E484E5FD-6136-4271-A864-802606D05183}
[VersionMinor] :
Raw Value : 8
[Version] :
Raw Value : 84410368
Parsed Version : 132.65.872
[VersionMajor] :
Raw Value : 5
[DisplayVersion] :
Raw Value : 5.8.0.161
[DisplayName] :
Raw Value : Trellix Agent

- Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
Best Confidence Version : 12.0.40664
Version Confidence Level : 2
All Possible Versions : 12.0.40664
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201367256
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.40664
[UninstallString] :
Raw Value : MsiExec.exe /X{D401961D-3A20-3AC7-943B-6139D5BD490A}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 12.0.40664
[VersionMinor] :
Raw Value : 0

- Microsoft SQL Server Management Studio - 19.1
Best Confidence Version : 19.1.56.0
Version Confidence Level : 3
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[DisplayName] :
Raw Value : Microsoft SQL Server Management Studio - 19.1
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{ec823edd-a860-4b1e-a42e-c288ebdc4913}\SSMS-Setup-JPN.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{ec823edd-a860-4b1e-a42e-c288ebdc4913}\SSMS-Setup-JPN.exe
Parsed File Version : 19.1.56.0
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{ec823edd-a860-4b1e-a42e-c288ebdc4913}\SSMS-Setup-JPN.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{ec823edd-a860-4b1e-a42e-c288ebdc4913}\SSMS-Setup-JPN.exe
Parsed File Version : 19.1.56.0

- Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
Best Confidence Version : 12.0.40664.0
Version Confidence Level : 3
All Possible Versions : 12.0.40664.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40664
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe
Parsed File Version : 12.0.40664.0
[DisplayVersion] :
Raw Value : 12.0.40664.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{9dff3540-fc85-4ed5-ac84-9e3c7fd8bece}\vcredist_x86.exe
Parsed File Version : 12.0.40664.0

- Trellix Endpoint Security ŨéÃČÕĐüā
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security ŨéÃČÕĐüā
[UninstallString] :
Raw Value : MsiExec.exe /X{B16DE18D-4D5D-45F8-92BD-8DC17225AFD8}
[InstallDate] :
Raw Value : 2023/12/11
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Microsoft Command Line Utilities 15 for SQL Server
Best Confidence Version : 15.0.4298.1
Version Confidence Level : 2
All Possible Versions : 15.0.4298.1
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251662538
[DisplayName] :
Raw Value : Microsoft Command Line Utilities 15 for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{6F11B2D6-193B-4216-A8E6-D7092834F8FB}
[InstallDate] :
Raw Value : 2023/09/11
[DisplayVersion] :
Raw Value : 15.0.4298.1
[VersionMinor] :
Raw Value : 0

- Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X64 Additional Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{0025DD72-A959-45B5-A0A3-7EFEB15A8050}
[InstallDate] :
Raw Value : 2023/09/11
[DisplayVersion] :
Raw Value : 14.36.32532
[VersionMinor] :
Raw Value : 36

- Microsoft Edge
Best Confidence Version : 115.0.1901.183
Version Confidence Level : 3
All Possible Versions : 115.0.1901.183
Other Version Data
[InstallDate] :
Raw Value : 2023/07/24
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe,0
Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
Parsed File Version : 115.0.1901.183
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Microsoft\Edge\Application
[UninstallString] :
Raw Value : "C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\Installer\setup.exe" --uninstall --msedge --channel=stable --system-level --verbose-logging
Parsed File Path : C:\Program Files (x86)\Microsoft\Edge\Application\115.0.1901.183\Installer\setup.exe
Parsed File Version : 115.0.1901.183
[VersionMinor] :
Raw Value : 183
[Version] :
Raw Value : 115.0.1901.183
[VersionMajor] :
Raw Value : 1901
[DisplayVersion] :
Raw Value : 115.0.1901.183
[DisplayName] :
Raw Value : Microsoft Edge

- Python 3.11.4 pip Bootstrap (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 pip Bootstrap (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{D86BDA9F-D389-445E-B3E6-C35EF9FD41C7}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Integration Services
Best Confidence Version : 16.0.5107.6
Version Confidence Level : 2
All Possible Versions : 16.0.5107.6
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268440563
[DisplayName] :
Raw Value : Integration Services
[UninstallString] :
Raw Value : MsiExec.exe /I{DC84E4C0-6E51-440A-B946-8734A7C43A95}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 16.0.5107.6
[VersionMinor] :
Raw Value : 0

- BUFFALO ĻĒđÆü·įó-šÄüë
Best Confidence Version : 2.0.15.1
Version Confidence Level : 3
All Possible Versions : 51.85.38929, 2.0.15, 2.0.15.1
Other Version Data
[Version] :
Raw Value : 33559811
Parsed Version : 51.85.38929
[InstallLocation] :
Raw Value : C:\Program Files (x86)\BUFFALO\AirSet2\
[DisplayName] :
Raw Value : BUFFALO ĻĒđÆü·įó-šÄüë
[UninstallString] :
Raw Value : "C:\Program Files (x86)\BUFFALO\AirSet2\unins000.exe"
Parsed File Path : C:\Program Files (x86)\BUFFALO\AirSet2\unins000.exe
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 2.0.15
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\BUFFALO\AirSet2\AirSet2.exe
Parsed File Path : C:\Program Files (x86)\BUFFALO\AirSet2\AirSet2.exe
Parsed File Version : 2.0.15.1

- Trellix Endpoint Security ÕĄĪĒĶĐüë
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security ÕĄĪĒĶĐüë
[UninstallString] :
Raw Value : MsiExec.exe /X{6F88C6E9-CAD0-4D03-99E1-161383F9AD6F}
[InstallDate] :
Raw Value : 2023/12/11
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Python 3.11.4 Development Libraries (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Development Libraries (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{1C6E1CE6-CA4E-4B38-BAFF-32BD94DBFFEF}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- NVIDIA °éÕĢÃŊđ ÉéĪÐü 511.65
Best Confidence Version : 2.1002.363.0
Version Confidence Level : 3
All Possible Versions : 2.1002.363.0, 511.65
Other Version Data
[InstallDate] :
Raw Value : 2023/06/20
[DisplayIcon] :
Raw Value : C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.dll,0
Parsed File Path : C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.dll
Parsed File Version : 2.1002.363.0
[InstallLocation] :
Raw Value : C:\Program Files\NVIDIA Corporation\Installer2\Display.Driver.{9D1B1BD0-5C99-4B7E-B8FE-669B08402A69}
[UninstallString] :
Raw Value : "C:\windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore\NVI2.DLL",UninstallPackage Display.Driver
[VersionMinor] :
Raw Value : 65
[Version] :
Raw Value : -16777216
[VersionMajor] :
Raw Value : 511
[DisplayVersion] :
Raw Value : 511.65
[DisplayName] :
Raw Value : NVIDIA °éÕĢÃŊđ ÉéĪÐü 511.65

- HP Documentation
Best Confidence Version : 1.0.0.1
Version Confidence Level : 2
All Possible Versions : 1.0.0.1
Other Version Data
[DisplayName] :
Raw Value : HP Documentation
[UninstallString] :
Raw Value : CMD /C "C:\Program Files\HP\Documentation\Doc_Uninstall.cmd"
[DisplayVersion] :
Raw Value : 1.0.0.1
[DisplayIcon] :
Raw Value : C:\Program Files\HP\Documentation\elements\hp.ico

- HP Security Update Service
Best Confidence Version : 4.4.7.365
Version Confidence Level : 2
All Possible Versions : 103.55.4117, 4.4.7.365
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67371015
Parsed Version : 103.55.4117
[DisplayName] :
Raw Value : HP Security Update Service
[UninstallString] :
Raw Value : MsiExec.exe /X{9A048711-9AAF-44FF-BA69-58835A75B01C}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 4.4.7.365
[VersionMinor] :
Raw Value : 4

- Visual Studio 2017 Isolated Shell for SSMS
Best Confidence Version : 15.0.28308.421
Version Confidence Level : 2
All Possible Versions : 15.0.28308.421
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251686548
[DisplayName] :
Raw Value : Visual Studio 2017 Isolated Shell for SSMS
[UninstallString] :
Raw Value : MsiExec.exe /I{0C69A55F-BC72-4AFB-BAEF-C5DEF9C32B9A}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 15.0.28308.421
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Test Suite (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Test Suite (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{52DE4CC1-22CF-498B-B50F-E66877E4850B}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821

Version Confidence Level : 3
All Possible Versions : , 14.22.27821.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2015-2019 Redistributable (x86) - 14.22.27821
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{5bfc1380-fd35-4b85-9715-7351535d077e}\VC_redist.x86.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{5bfc1380-fd35-4b85-9715-7351535d077e}\VC_redist.x86.exe

[DisplayVersion] :
Raw Value : 14.22.27821.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{5bfc1380-fd35-4b85-9715-7351535d077e}\VC_redist.x86.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{5bfc1380-fd35-4b85-9715-7351535d077e}\VC_redist.x86.exe

- Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
Best Confidence Version : 14.36.32532.0
Version Confidence Level : 2
All Possible Versions : 14.36.32532.0
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.36.32532
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe
[DisplayVersion] :
Raw Value : 14.36.32532.0
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{8bdfe669-9705-4184-9368-db9ce581e0e7}\VC_redist.x64.exe

- HP Sure Run Module
Best Confidence Version : 5.0.5.59
Version Confidence Level : 2
All Possible Versions : 131.136.24709, 5.0.5.59
Other Version Data
[VersionMajor] :
Raw Value : 5
[Version] :
Raw Value : 83886085
Parsed Version : 131.136.24709
[DisplayName] :
Raw Value : HP Sure Run Module
[UninstallString] :
Raw Value : MsiExec.exe /X{2439AE5C-1F6E-4AD4-A403-D1BD8C6945B4}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 5.0.5.59
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Documentation (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Documentation (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{FABA3DAC-829C-4C83-BC27-F3AFFD27B465}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Adobe Acrobat (64-bit)
Best Confidence Version : 23.003.20244
Version Confidence Level : 2
All Possible Versions : 23.003.20244
Other Version Data
[VersionMajor] :
Raw Value : 23
[Version] :
Raw Value : 386092820
[InstallLocation] :
Raw Value : C:\Program Files\Adobe\Acrobat DC\
[DisplayName] :
Raw Value : Adobe Acrobat (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{AC76BA86-1041-1033-7760-BC15014EA700}
[InstallDate] :
Raw Value : 2023/07/24
[DisplayVersion] :
Raw Value : 23.003.20244
[VersionMinor] :
Raw Value : 3

- Microsoft Update Health Tools
Best Confidence Version : 5.70.0.0
Version Confidence Level : 2
All Possible Versions : 136.71.13824, 5.70.0.0
Other Version Data
[VersionMajor] :
Raw Value : 5
[Version] :
Raw Value : 88473600
Parsed Version : 136.71.13824
[DisplayName] :
Raw Value : Microsoft Update Health Tools
[UninstallString] :
Raw Value : MsiExec.exe /X{43D501A5-E5E3-46EC-8F33-9E15D2A2CBD5}
[InstallDate] :
Raw Value : 2023/07/24
[DisplayVersion] :
Raw Value : 5.70.0.0
[VersionMinor] :
Raw Value : 70

- SQL Server Management Studio
Best Confidence Version : 19.1.56.0
Version Confidence Level : 2
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318832696
[DisplayName] :
Raw Value : SQL Server Management Studio
[UninstallString] :
Raw Value : MsiExec.exe /I{B8134150-0564-4E3E-A3F8-F813B854AB89}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1

- Trellix Data Exchange Layer for TA
Best Confidence Version : 6.0.3.995
Version Confidence Level : 2
All Possible Versions : 6.0.3.995
Other Version Data
[VersionMajor] :
Raw Value : 6
[Version] :
Raw Value : 100694291
[DisplayName] :
Raw Value : Trellix Data Exchange Layer for TA
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe
[InstallDate] :
Raw Value : 2023/12/08
[DisplayVersion] :
Raw Value : 6.0.3.995
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{ecc07038-25db-4898-b728-32c5c895152a}\dxlsetup-ma.exe
[VersionMinor] :
Raw Value : 0

- Trellix Endpoint Security i܋..þV
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security i܋..þV
[UninstallString] :
Raw Value : MsiExec.exe /X{377DA1C7-79DE-4102-8DB7-5C2296A3E960}
[InstallDate] :
Raw Value : 2023/12/11
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- Office 16 Click-to-Run Localization Component
Best Confidence Version : 16.0.14332.20529
Version Confidence Level : 2
All Possible Versions : 16.0.14332.20529
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268449788
[DisplayName] :
Raw Value : Office 16 Click-to-Run Localization Component
[UninstallString] :
Raw Value : MsiExec.exe /X{90160000-008C-0411-1000-0000000FF1CE}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 16.0.14332.20529
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Tcl/Tk Support (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Tcl/Tk Support (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{A32FE961-D579-4E46-B3D6-0B777F8F51E8}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft Edge Update
Best Confidence Version : 1.3.177.11
Version Confidence Level : 2
All Possible Versions : 1.3.177.11
Other Version Data
[Version] :
Raw Value : 1.3.177.11
[DisplayName] :
Raw Value : Microsoft Edge Update
[DisplayVersion] :
Raw Value : 1.3.177.11

- HP Wolf Security Application Support for Windows
Best Confidence Version : 4.4.7.581
Version Confidence Level : 2
All Possible Versions : 103.55.4117, 4.4.7.581
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67371015
Parsed Version : 103.55.4117
[DisplayName] :
Raw Value : HP Wolf Security Application Support for Windows
[UninstallString] :
Raw Value : MsiExec.exe /I{A34EDE79-0A76-409F-B258-FF5D1CAE6B8F}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 4.4.7.581
[VersionMinor] :
Raw Value : 4

- Microsoft Analysis Services OLE DB ŨíÐĪĀü
Best Confidence Version : 16.0.5143.0
Version Confidence Level : 2
All Possible Versions : 16.0.5143.0
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268440599
[DisplayName] :
Raw Value : Microsoft Analysis Services OLE DB ŨíÐĪĀü
[UninstallString] :
Raw Value : MsiExec.exe /I{160C316B-31D2-4983-B377-A5E58078C133}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 16.0.5143.0
[VersionMinor] :
Raw Value : 0

- EVEMA Client (x64) 3.33.0.47573
Best Confidence Version : 3.33.0.47573
Version Confidence Level : 2
All Possible Versions : 82.73.17206, 3.33.0.47573
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 52494336
Parsed Version : 82.73.17206
[InstallLocation] :
Raw Value : C:\Program Files\DDS\EVEMA\
[DisplayName] :
Raw Value : EVEMA Client (x64) 3.33.0.47573
[UninstallString] :
Raw Value : MsiExec.exe /X{47CEA196-9721-4025-9014-8055F1FA704D}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 3.33.0.47573
[VersionMinor] :
Raw Value : 33

- Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532
Best Confidence Version : 14.36.32532
Version Confidence Level : 2
All Possible Versions : 14.36.32532
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 237272852
[DisplayName] :
Raw Value : Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.36.32532
[UninstallString] :
Raw Value : MsiExec.exe /I{D5D19E2F-7189-42FE-8103-92CD1FA457C2}
[InstallDate] :
Raw Value : 2023/09/11
[DisplayVersion] :
Raw Value : 14.36.32532
[VersionMinor] :
Raw Value : 36

- Trellix Endpoint Security ..þV
Best Confidence Version : 10.7.0
Version Confidence Level : 2
All Possible Versions : 10.7.0
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 168230912
[InstallLocation] :
Raw Value : C:\Program Files\McAfee\Endpoint Security\
[DisplayName] :
Raw Value : Trellix Endpoint Security ..þV
[UninstallString] :
Raw Value : MsiExec.exe /X{820D7600-089E-486B-860F-279B8119A893}
[InstallDate] :
Raw Value : 2023/12/11
[DisplayVersion] :
Raw Value : 10.7.0
[VersionMinor] :
Raw Value : 7

- BUFFALO ŊéĪĒóČÞÍüļã6 ’ĒóĪóđČüë
Best Confidence Version : 1.5.4
Version Confidence Level : 2
All Possible Versions : 1.5.4
Other Version Data
[Version] :
Raw Value : 66820
[InstallLocation] :
Raw Value : C:\Program Files (x86)\BUFFALO\clientmgrv\
[DisplayName] :
Raw Value : BUFFALO ŊéĪĒóČÞÍüļã6 ’ĒóĪóđČüë
[UninstallString] :
Raw Value : "C:\Program Files (x86)\BUFFALO\clientmgrv\unins000.exe"
Parsed File Path : C:\Program Files (x86)\BUFFALO\clientmgrv\unins000.exe
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 1.5.4
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe
Parsed File Path : C:\Program Files (x86)\BUFFALO\clientmgrv\bin\cmvMain.exe

- Python Launcher
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python Launcher
[UninstallString] :
Raw Value : MsiExec.exe /X{23514291-DEF3-42FD-A67C-A96E35C92F24}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft OneDrive
Best Confidence Version : 23.142.0709.0001
Version Confidence Level : 2
All Possible Versions : 23.142.0709.0001
Other Version Data
[DisplayName] :
Raw Value : Microsoft OneDrive
[UninstallString] :
Raw Value : "C:\Program Files\Microsoft OneDrive\23.142.0709.0001\OneDriveSetup.exe" /uninstall /allusers
Parsed File Path : C:\Program Files\Microsoft OneDrive\23.142.0709.0001\OneDriveSetup.exe
[DisplayVersion] :
Raw Value : 23.142.0709.0001
[DisplayIcon] :
Raw Value : C:\Program Files\Microsoft OneDrive\23.142.0709.0001\OneDriveSetup.exe,-101
Parsed File Path : C:\Program Files\Microsoft OneDrive\23.142.0709.0001\OneDriveSetup.exe

- HP System Default Settings
Best Confidence Version : 1.4.16.6
Version Confidence Level : 2
All Possible Versions : 23.3.37750, 1.4.16.6
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 17039376
Parsed Version : 23.3.37750
[InstallLocation] :
Raw Value : C:\Program Files (x86)\HP\HP System Default Settings\
[DisplayName] :
Raw Value : HP System Default Settings
[UninstallString] :
Raw Value : MsiExec.exe /X{F74D9DAE-A76A-4BE5-B42E-E6FE0731A9AD}
[InstallDate] :
Raw Value : 2023/06/20
[DisplayVersion] :
Raw Value : 1.4.16.6
[VersionMinor] :
Raw Value : 4

- HP Notifications
Best Confidence Version : 1.1.28.1
Version Confidence Level : 2
All Possible Versions : 22.132.10112, 1.1.28.1
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 16842780
Parsed Version : 22.132.10112
[InstallLocation] :
Raw Value : C:\Program Files (x86)\HP\HP Notifications\
[DisplayName] :
Raw Value : HP Notifications
[UninstallString] :
Raw Value : MsiExec.exe /X{84937F28-9CB4-49E7-A2CF-E32D97E6DAE6}
[InstallDate] :
Raw Value : 2023/06/20
[DisplayVersion] :
Raw Value : 1.1.28.1
[VersionMinor] :
Raw Value : 1

- SSMS Post Install Tasks
Best Confidence Version : 19.1.56.0
Version Confidence Level : 2
All Possible Versions : 19.1.56.0
Other Version Data
[VersionMajor] :
Raw Value : 19
[Version] :
Raw Value : 318832696
[DisplayName] :
Raw Value : SSMS Post Install Tasks
[UninstallString] :
Raw Value : MsiExec.exe /I{93C559A7-55A9-41EA-B0A0-AEB72DB73E92}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 19.1.56.0
[VersionMinor] :
Raw Value : 1

- Windows Driver Package - HP Inc. sselam_4_4_2_453 AntiVirus (11/01/2022 4.4.2.453)
Best Confidence Version : 2.1.0.0
Version Confidence Level : 3
All Possible Versions : 2.1.0.0, 11/01/2022 4.4.2.453
Other Version Data
[DisplayName] :
Raw Value : Windows Driver Package - HP Inc. sselam_4_4_2_453 AntiVirus (11/01/2022 4.4.2.453)
[UninstallString] :
Raw Value : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe /u C:\windows\system32\DRVSTORE\sselam_4_4_85062543527ABCABE8B6AE55162C0BF03EF43848\sselam_4_4_2_453.inf
Parsed File Path : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe
Parsed File Version : 2.1.0.0
[DisplayVersion] :
Raw Value : 11/01/2022 4.4.2.453
[DisplayIcon] :
Raw Value : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe,0
Parsed File Path : C:\PROGRA~1\DIFX\B60D1297D6D5E54C\dpinst.exe
Parsed File Version : 2.1.0.0

- Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821
Best Confidence Version : 14.22.27821
Version Confidence Level : 2
All Possible Versions : 14.22.27821
Other Version Data
[VersionMajor] :
Raw Value : 14
[Version] :
Raw Value : 236350637
[DisplayName] :
Raw Value : Microsoft Visual C++ 2019 X86 Minimum Runtime - 14.22.27821
[UninstallString] :
Raw Value : MsiExec.exe /I{1E6FC929-567E-4D22-9206-C5B83F0A21B9}
[InstallDate] :
Raw Value : 2023/06/20
[DisplayVersion] :
Raw Value : 14.22.27821
[VersionMinor] :
Raw Value : 22

- Visual Studio 2017 Isolated Shell for SSMS LangPack - å,ž
Best Confidence Version : 15.0.28307.421
Version Confidence Level : 2
All Possible Versions : 15.0.28307.421
Other Version Data
[VersionMajor] :
Raw Value : 15
[Version] :
Raw Value : 251686547
[DisplayName] :
Raw Value : Visual Studio 2017 Isolated Shell for SSMS LangPack - å,ž
[UninstallString] :
Raw Value : MsiExec.exe /I{FAEAA2F0-377B-4EFE-A625-209B27C23B7E}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 15.0.28307.421
[VersionMinor] :
Raw Value : 0

- Python 3.11.4 Core Interpreter (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Core Interpreter (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{FEF98C01-0C8A-4A0F-88AE-F164A787286C}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft ØëŨ ÓåüĒü 2.3 Language Pack - å,ž
Best Confidence Version : 2.3.28107
Version Confidence Level : 2
All Possible Versions : 51.119.37191, 2.3.28107
Other Version Data
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 33779147
Parsed Version : 51.119.37191
[DisplayName] :
Raw Value : Microsoft ØëŨ ÓåüĒü 2.3 Language Pack - å,ž
[UninstallString] :
Raw Value : MsiExec.exe /X{857EF73C-C89C-3434-B5BB-6F43801B286A}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 2.3.28107
[VersionMinor] :
Raw Value : 3

- HP Wolf Security Application Support for Chrome 112.0.5615.206
Best Confidence Version : 4.4.1.623
Version Confidence Level : 2
All Possible Versions : 103.55.4105, 4.4.1.623
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67371009
Parsed Version : 103.55.4105
[DisplayName] :
Raw Value : HP Wolf Security Application Support for Chrome 112.0.5615.206
[UninstallString] :
Raw Value : MsiExec.exe /I{FD173350-467F-41BD-B295-DA2B5740B7CE}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 4.4.1.623
[VersionMinor] :
Raw Value : 4

- BUFFALO Ņ―ģó°ƒh:Äüë
Best Confidence Version : 1.2.1
Version Confidence Level : 2
All Possible Versions : 22.144.34116, 1.2.1
Other Version Data
[Version] :
Raw Value : 16908544
Parsed Version : 22.144.34116
[InstallLocation] :
Raw Value : C:\Program Files (x86)\BUFFALO\BPCEnv\
[DisplayName] :
Raw Value : BUFFALO Ņ―ģó°ƒh:Äüë
[UninstallString] :
Raw Value : "C:\Program Files (x86)\BUFFALO\BPCEnv\unins000.exe"
Parsed File Path : C:\Program Files (x86)\BUFFALO\BPCEnv\unins000.exe
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 1.2.1
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\BUFFALO\BPCEnv\BPCEnv.exe
Parsed File Path : C:\Program Files (x86)\BUFFALO\BPCEnv\BPCEnv.exe

- Adobe Refresh Manager
Best Confidence Version : 1.8.0
Version Confidence Level : 2
All Possible Versions : 23.48.5380, 1.8.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 17301504
Parsed Version : 23.48.5380
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\
[DisplayName] :
Raw Value : Adobe Refresh Manager
[UninstallString] :
Raw Value : MsiExec.exe /I{AC76BA86-0804-1033-1959-018244601053}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 1.8.0
[VersionMinor] :
Raw Value : 8

- Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
Best Confidence Version : 12.0.40664
Version Confidence Level : 2
All Possible Versions : 12.0.40664
Other Version Data
[VersionMajor] :
Raw Value : 12
[Version] :
Raw Value : 201367256
[DisplayName] :
Raw Value : Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.40664
[UninstallString] :
Raw Value : MsiExec.exe /X{8122DAB1-ED4D-3676-BB0A-CA368196543E}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 12.0.40664
[VersionMinor] :
Raw Value : 0

- Azure Data Studio
Best Confidence Version : 1.44.0
Version Confidence Level : 2
All Possible Versions : 1.44.0
Other Version Data
[VersionMajor] :
Raw Value : 1
[InstallLocation] :
Raw Value : C:\Program Files\Azure Data Studio\
[DisplayName] :
Raw Value : Azure Data Studio
[UninstallString] :
Raw Value : "C:\Program Files\Azure Data Studio\unins000.exe"
Parsed File Path : C:\Program Files\Azure Data Studio\unins000.exe
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 1.44.0
[VersionMinor] :
Raw Value : 44
[DisplayIcon] :
Raw Value : C:\Program Files\Azure Data Studio\azuredatastudio.exe
Parsed File Path : C:\Program Files\Azure Data Studio\azuredatastudio.exe

- HP Sure Recover
Best Confidence Version : 10.1.15.90
Version Confidence Level : 2
All Possible Versions : 10.1.15.90
Other Version Data
[VersionMajor] :
Raw Value : 10
[Version] :
Raw Value : 167837711
[DisplayName] :
Raw Value : HP Sure Recover
[UninstallString] :
Raw Value : MsiExec.exe /X{DE19530B-11E5-4F64-BAFF-751F9182E593}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 10.1.15.90
[VersionMinor] :
Raw Value : 1

- Microsoft OLE DB Driver for SQL Server
Best Confidence Version : 18.6.5.0
Version Confidence Level : 2
All Possible Versions : 18.6.5.0
Other Version Data
[VersionMajor] :
Raw Value : 18
[Version] :
Raw Value : 302383109
[DisplayName] :
Raw Value : Microsoft OLE DB Driver for SQL Server
[UninstallString] :
Raw Value : MsiExec.exe /I{5FF17A17-0208-4E8F-8B49-5C8F1A79B624}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 18.6.5.0
[VersionMinor] :
Raw Value : 6

- NVIDIA Install Application
Best Confidence Version : 2.1002.363.0
Version Confidence Level : 2
All Possible Versions : 22.113.5760, 2.1002.363.0
Other Version Data
[VersionMajor] :
Raw Value : 2
[Version] :
Raw Value : 16711680
Parsed Version : 22.113.5760
[InstallLocation] :
Raw Value : C:\Program Files\NVIDIA Corporation\Installer2\InstallerCore
[DisplayName] :
Raw Value : NVIDIA Install Application
[InstallDate] :
Raw Value : 2023/06/20
[DisplayVersion] :
Raw Value : 2.1002.363.0
[VersionMinor] :
Raw Value : 1002

- Teams Machine-Wide Installer
Best Confidence Version : 1.4.0.19572
Version Confidence Level : 2
All Possible Versions : 23.3.37728, 1.4.0.19572
Other Version Data
[VersionMajor] :
Raw Value : 1
[Version] :
Raw Value : 17039360
Parsed Version : 23.3.37728
[DisplayName] :
Raw Value : Teams Machine-Wide Installer
[UninstallString] :
Raw Value : MsiExec.exe /I{731F6BAA-A986-45A4-8936-7C3AAAAA760B}
[InstallDate] :
Raw Value : 2023/07/28
[DisplayVersion] :
Raw Value : 1.4.0.19572
[VersionMinor] :
Raw Value : 4

- Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[VersionMajor] :
Raw Value : 16
[Version] :
Raw Value : 268466566
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019 x86 Hosting Support
[UninstallString] :
Raw Value : MsiExec.exe /X{E7A0CD34-1F9B-3496-ADB3-2F180D302F6A}
[InstallDate] :
Raw Value : 2023/09/13
[DisplayVersion] :
Raw Value : 16.0.31110
[VersionMinor] :
Raw Value : 0

- Synaptics FP Sensors DDK
Best Confidence Version : 4.5.342.0
Version Confidence Level : 2
All Possible Versions : 103.67.26758, 4.5.342.0
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67436886
Parsed Version : 103.67.26758
[InstallLocation] :
Raw Value : C:\Program Files\Synaptics
[DisplayName] :
Raw Value : Synaptics FP Sensors DDK
[UninstallString] :
Raw Value : MsiExec.exe /X{2CD843DD-5684-4334-8151-AD1ECEBE0B9D}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 4.5.342.0
[VersionMinor] :
Raw Value : 5

- Python 3.11.4 Executables (64-bit)
Best Confidence Version : 3.11.4150.0
Version Confidence Level : 2
All Possible Versions : 81.5.26260, 3.11.4150.0
Other Version Data
[VersionMajor] :
Raw Value : 3
[Version] :
Raw Value : 51056694
Parsed Version : 81.5.26260
[DisplayName] :
Raw Value : Python 3.11.4 Executables (64-bit)
[UninstallString] :
Raw Value : MsiExec.exe /I{DA4B94FB-D8BB-4DB9-85A7-FA5067A5CEDF}
[InstallDate] :
Raw Value : 2023/09/14
[DisplayVersion] :
Raw Value : 3.11.4150.0
[VersionMinor] :
Raw Value : 11

- Microsoft Visual Studio Tools for Applications 2019
Best Confidence Version : 16.0.31110
Version Confidence Level : 2
All Possible Versions : 16.0.31110
Other Version Data
[DisplayName] :
Raw Value : Microsoft Visual Studio Tools for Applications 2019
[UninstallString] :
Raw Value : "C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe" /uninstall
Parsed File Path : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe
[DisplayVersion] :
Raw Value : 16.0.31110
[DisplayIcon] :
Raw Value : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe,0
Parsed File Path : C:\ProgramData\Package Cache\{f3fbabb4-bcfb-45eb-8fff-9b784fd68c38}\vsta_setup.exe

- HP Wolf Security Application Support for Sure Sense
Best Confidence Version : 4.4.7.365
Version Confidence Level : 2
All Possible Versions : 103.55.4117, 4.4.7.365
Other Version Data
[VersionMajor] :
Raw Value : 4
[Version] :
Raw Value : 67371015
Parsed Version : 103.55.4117
[DisplayName] :
Raw Value : HP Wolf Security Application Support for Sure Sense
[UninstallString] :
Raw Value : MsiExec.exe /I{C1D1E0B3-1E4F-4EBD-977A-0598133037A1}
[InstallDate] :
Raw Value : 2023/12/13
[DisplayVersion] :
Raw Value : 4.4.7.365
[VersionMinor] :
Raw Value : 4

- Microsoft Edge WebView2 Runtime
Best Confidence Version : 115.0.1901.183
Version Confidence Level : 2
All Possible Versions : 115.0.1901.183
Other Version Data
[InstallDate] :
Raw Value : 2023/07/24
[DisplayIcon] :
Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe,0
Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\msedgewebview2.exe
[InstallLocation] :
Raw Value : C:\Program Files (x86)\Microsoft\EdgeWebView\Application
[UninstallString] :
Raw Value : "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\Installer\setup.exe" --uninstall --msedgewebview --system-level --verbose-logging
Parsed File Path : C:\Program Files (x86)\Microsoft\EdgeWebView\Application\115.0.1901.183\Installer\setup.exe
[VersionMinor] :
Raw Value : 183
[Version] :
Raw Value : 115.0.1901.183
[VersionMajor] :
Raw Value : 1901
[DisplayVersion] :
Raw Value : 115.0.1901.183
[DisplayName] :
Raw Value : Microsoft Edge WebView2 Runtime

92366 - Microsoft Windows Last Boot Time
-
Synopsis
Nessus was able to collect the remote host's last boot time in a human readable format.
Description
Nessus was able to collect and report the remote host's last boot time as an ISO 8601 timestamp.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/07/09
Plugin Output

tcp/0

Last reboot : 2024-04-22T10:13:58+09:00 (20240422101358.500000+540)

161502 - Microsoft Windows Logged On Users
-
Synopsis
Nessus was able to determine the logged on users from the registry
Description
Using the HKU registry, Nessus was able to enuemrate the SIDs of logged on users
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/05/25, Modified: 2022/05/25
Plugin Output

tcp/445/cifs

Logged on users :
- S-1-5-21-3388008032-3793481426-1508724218-500
Domain :
Username :
63080 - Microsoft Windows Mounted Devices
-
Synopsis
It is possible to get a list of mounted devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates mounted devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that the mounted drives agree with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/11/28, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Name : \??\volume{b408b65d-6289-11ee-b90e-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#70009C5407088A1B30560851&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390043003500340030003700300038003800410031004200330030003500360030003800350031002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{357b1c22-674d-11ee-b90f-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_Kingston&Prod_IronKey_Secure&Rev_0305#02481822&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f004b0069006e006700730074006f006e002600500072006f0064005f00490072006f006e004b00650079005f0053006500630075007200650026005200650076005f0030003300300035002300300032003400380031003800320032002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{bd6ac707-5e54-11ee-b90e-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985F070889CA2F907009&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500460030003700300038003800390043004100320046003900300037003000300039002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b8252ddb-27bd-11ee-b8ee-806e6f6e6963}
Data : \??\SCSI#CdRom&Ven_hp_HLDS&Prod_DVDROM_DUD1N#4&5e38dc5&0&050000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f00680070005f0048004c00440053002600500072006f0064005f0044005600440052004f004d005f0044005500440031004e00230034002600350065003300380064006300350026003000260030003500300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b408b65c-6289-11ee-b90e-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#70009C5407088A1B30560851&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390043003500340030003700300038003800410031004200330030003500360030003800350031002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{7898f745-6deb-11ee-b90f-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#07083459A2A08C00&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035003900410032004100300038004300300030002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{b24d1e98-6357-11ee-b90e-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#0708345995A25789&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035003900390035004100320035003700380039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\g:
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985F070889CA2F907009&1#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500460030003700300038003800390043004100320046003900300037003000300039002600310023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \??\volume{bd6ac706-5e54-11ee-b90e-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_BUFFALO&Prod_RUF3-HSTV5&Rev_3.10#7000985F070889CA2F907009&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f00420055004600460041004c004f002600500072006f0064005f0052005500460033002d004800530054005600350026005200650076005f0033002e003100300023003700300030003000390038003500460030003700300038003800390043004100320046003900300037003000300039002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\e:
Data : \??\SCSI#CdRom&Ven_hp_HLDS&Prod_DVDROM_DUD1N#4&5e38dc5&0&050000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5c003f003f005c00530043005300490023004300640052006f006d002600560065006e005f00680070005f0048004c00440053002600500072006f0064005f0044005600440052004f004d005f0044005500440031004e00230034002600350065003300380064006300350026003000260030003500300030003000300023007b00350033006600350036003300300064002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\f:
Data : DMIO:ID:4\IjG
Raw data : 444d494f3a49443aa893345cede3ac49856ab247d99a8882

Name : \??\volume{cd6242dd-5082-11ee-b906-e073e711352f}
Data : _??_USBSTOR#Disk&Ven_ELECOM&Prod_MF-PKU3&Rev_PMAP#0708345A93A08C76&0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Raw data : 5f003f003f005f00550053004200530054004f00520023004400690073006b002600560065006e005f0045004c00450043004f004d002600500072006f0064005f004d0046002d0050004b005500330026005200650076005f0050004d0041005000230030003700300038003300340035004100390033004100300038004300370036002600300023007b00350033006600350036003300300037002d0062003600620066002d0031003100640030002d0039003400660032002d003000300061003000630039003100650066006200380062007d00

Name : \dosdevices\c:
Data : DMIO:ID:Yfk`HWq
Raw data : 444d494f3a49443a599366f2826b6048a0a35771e0b792f7

Name : \dosdevices\d:
Data : DMIO:ID:s9`D=[
Raw data : 444d494f3a49443a73d239d7a860de4493013d1bfbddb35b
42410 - Microsoft Windows NTLMSSP Authentication Request Remote Network Name Disclosure
-
Synopsis
It is possible to obtain the network name of the remote host.
Description
The remote host listens on tcp port 445 and replies to SMB requests.

By sending an NTLMSSP authentication request it is possible to obtain the name of the remote system and the name of its domain.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/06, Modified: 2019/11/22
Plugin Output

tcp/445/cifs

The following 2 NetBIOS names have been gathered :

masked_hostname = Computer name
EMSOCCS1 = Workgroup / Domain name

92372 - Microsoft Windows NetBIOS over TCP/IP Info
-
Synopsis
Nessus was able to collect and report NBT information from the remote host.
Description
Nessus was able to collect details for NetBIOS over TCP/IP from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2024/03/26
Plugin Output

tcp/0

NBT information attached.
First 10 lines of all CSVs:
nbtstat_local.csv:
Interface,Name,Suffix,Type,Status,MAC
,masked_hostname,<20>,一意,登録済,
,masked_hostname,<00>,一意,登録済,
,EMSOCCS1,<00>,グループ,登録済,
,masked_hostname,<20>,一意,登録済,
,masked_hostname,<00>,一意,登録済,
,EMSOCCS1,<00>,グループ,登録済,
,masked_hostname,<20>,一意,登録済,
,masked_hostname,<00>,一意,登録済,
,EMSOCCS1,<00>,グループ,登録済,

103871 - Microsoft Windows Network Adapters
-
Synopsis
Identifies the network adapters installed on the remote host.
Description
Using the supplied credentials, this plugin enumerates and reports the installed network adapters on the remote Windows host.
Solution
Make sure that all of the installed network adapters agrees with your organization's acceptable use and security policies.
Risk Factor
None
References
XREF IAVT:0001-T-0758
Plugin Information
Published: 2017/10/17, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Network Adapter Driver Description : Intel(R) Ethernet Connection (17) I219-LM
Network Adapter Driver Version : 12.19.2.50

Network Adapter Driver Description : BUFFALO WI-U3-1200AX2 Wireless LAN Adapter Series
Network Adapter Driver Version : 5001.0.13.105
65791 - Microsoft Windows Portable Devices
-
Synopsis
It is possible to get a list of portable devices that may have been connected to the remote system in the past.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates portable devices that have been connected to the remote host in the past.
See Also
Solution
Make sure that use of the portable devices agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2013/04/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Friendly name : Buffalo_USB
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000985F070889CA2F907009&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Utilities
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#7000985F070889CA2F907009&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : F:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#70009C5407088A1B30560851&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : Utilities
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_BUFFALO&PROD_RUF3-HSTV5&REV_3.10#70009C5407088A1B30560851&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : F:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#0708345995A25789&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : F:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#07083459A2A08C00&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : F:\
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_ELECOM&PROD_MF-PKU3&REV_PMAP#0708345A93A08C76&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : KINGSTON
Device : SWD#WPDBUSENUM#_??_USBSTOR#DISK&VEN_KINGSTON&PROD_IRONKEY_SECURE&REV_0305#02481822&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}

Friendly name : ACRONIS_MED
Device : SWD#WPDBUSENUM#{25D2587C-27C0-11EE-B8F0-010101010000}#0000000000100000

Friendly name : IRONKEY
Device : SWD#WPDBUSENUM#{357B1C1D-674D-11EE-B90F-E073E711352F}#0000000000010000

92367 - Microsoft Windows PowerShell Execution Policy
-
Synopsis
Nessus was able to collect and report the PowerShell execution policy for the remote host.
Description
Nessus was able to collect and report the PowerShell execution policy for the remote Windows host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2020/06/12
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : Restricted
HKLM\SOFTWARE\Wow6432Node\Microsoft\PowerShell\1\ShellIds\Microsoft.PowerShell\ExecutionPolicy : Restricted

151440 - Microsoft Windows Print Spooler Service Enabled
-
Synopsis
The Microsoft Windows Print Spooler service on the remote host is enabled.
Description
The Microsoft Windows Print Spooler service (spoolsv.exe) on the remote host is enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/07, Modified: 2021/07/07
Plugin Output

tcp/445/cifs

The Microsoft Windows Print Spooler service on the remote host is enabled.

70329 - Microsoft Windows Process Information
-
Synopsis
Use WMI to obtain running process information.
Description
Report details on the running processes on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to confirm that your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2024/03/26
Plugin Output

tcp/0

Process Overview :
SID: Process (PID)
0 : System Idle Process (0)
0 : |- System (4)
0 : |- Memory Compression (6244)
0 : |- smss.exe (860)
0 : csrss.exe (1284)
2 : csrss.exe (13308)
0 : wininit.exe (1404)
0 : |- services.exe (1476)
0 : |- svchost.exe (1008)
0 : |- svchost.exe (10480)
0 : |- macompatsvc.exe (10760)
0 : |- svchost.exe (11700)
0 : |- svchost.exe (1268)
0 : |- svchost.exe (12728)
0 : |- svchost.exe (1352)
0 : |- svchost.exe (1400)
0 : |- svchost.exe (1472)
0 : |- svchost.exe (14788)
0 : |- svchost.exe (15088)
0 : |- SecurityUpdateService.exe (15172)
0 : |- SgrmBroker.exe (15224)
0 : |- svchost.exe (1632)
0 : |- WmiPrvSE.exe (17832)
0 : |- unsecapp.exe (5196)
0 : |- WmiPrvSE.exe (5304)
0 : |- WmiPrvSE.exe (9604)
0 : |- svchost.exe (1740)
0 : |- svchost.exe (17608)
0 : |- svchost.exe (1784)
0 : |- SecurityHealthService.exe (17904)
0 : |- svchost.exe (1888)
0 : |- svchost.exe (2040)
0 : |- svchost.exe (2156)
0 : |- svchost.exe (2164)
0 : |- IntelCpHDCPSvc.exe (2184)
0 : |- svchost.exe (2244)
0 : |- svchost.exe (2292)
0 : |- svchost.exe (2496)
0 : |- svchost.exe (2544)
0 : |- svchost.exe (2772)
0 : |- svchost.exe (2884)
0 : |- svchost.exe (2912)
0 : |- svchost.exe (3024)
0 : |- svchost.exe (3028)
0 : |- svchost.exe (3040)
0 : |- svchost.exe (3048)
0 : |- svchost.exe (3104)
0 : |- svchost.exe (3224)
0 : |- svchost.exe (3260)
0 : |- svchost.exe (3332)
0 : |- svchost.exe (3340)
0 : |- svchost.exe (3380)
0 : |- svchost.exe (3556)
0 : |- svchost.exe (3624)
0 : |- svchost.exe (3700)
0 : |- svchost.exe (3748)
0 : |- svchost.exe (3844)
0 : |- SysInfoCap.exe (3852)
0 : |- NetworkCap.exe (3872)
0 : |- AppHelperCap.exe (3880)
0 : |- svchost.exe (3912)
0 : |- svchost.exe (3936)
0 : |- hpsvcsscan.exe (4000)
0 : |- TouchpointAnalyticsClientService.exe (4008)
0 : |- vmms.exe (4044)
0 : |- SearchIndexer.exe (4072)
0 : |- svchost.exe (4112)
0 : |- svchost.exe (4240)
0 : |- svchost.exe (4628)
0 : |- svchost.exe (4672)
0 : |- svchost.exe (4808)
0 : |- mfemms.exe (4812)
0 : |- mfevtps.exe (4916)
0 : |- mcshield.exe (5460)
0 : |- mfeesp.exe (5504)
0 : |- mfefw.exe (5624)
0 : |- mfehcs.exe (5688)
0 : |- mfeatp.exe (5916)
0 : |- mfeensppl.exe (6000)
0 : |- mfetp.exe (6108)
0 : |- vmcompute.exe (5376)
0 : |- NVDisplay.Container.exe (5852)
2 : |- NVDisplay.Container.exe (10472)
0 : |- svchost.exe (5924)
0 : |- svchost.exe (5976)
0 : |- svchost.exe (6024)
0 : |- svchost.exe (6104)
0 : |- svchost.exe (6116)
0 : |- svchost.exe (6212)
0 : |- svchost.exe (6452)
0 : |- svchost.exe (6528)
0 : |- svchost.exe (6556)
0 : |- vcsFPService.exe (6588)
0 : |- svchost.exe (660)
0 : |- svchost.exe (7024)
0 : |- svchost.exe (7032)
0 : |- svchost.exe (7248)
0 : |- svchost.exe (7304)
0 : |- svchost.exe (7552)
0 : |- MARemoteGateway.exe (7608)
0 : |- LMS.exe (7616)
0 : |- MAArbiter.exe (7624)
0 : |- masvc.exe (7640)
0 : |- mfemactl.exe (12020)
0 : |- macmnsvc.exe (7680)
0 : |- MALogTransfer.exe (7724)
0 : |- WmiApSrv.exe (780)
0 : |- spoolsv.exe (7800)
0 : |- svchost.exe (8044)
0 : |- svchost.exe (8052)
0 : |- AggregatorHost.exe (9980)
0 : |- BWH32S.exe (8060)
0 : |- HPCommRecovery.exe (8068)
0 : |- OneApp.IGCC.WinService.exe (8076)
0 : |- armsvc.exe (8084)
0 : |- HotkeyServiceDSU.exe (8092)
0 : |- BrService.exe (8124)
0 : |- OfficeClickToRun.exe (8136)
0 : |- jhi_service.exe (8188)
0 : |- McnMon.exe (8204)
0 : |- MATinyServer.exe (8284)
0 : |- SECOMN64.exe (8292)
0 : |- nvWmi64.exe (8304)
2 : |- nvWmi64.exe (7780)
0 : |- HpSfuService.exe (8312)
0 : |- RtkAudUService64.exe (8320)
0 : |- mfewc.exe (8328)
0 : |- svchost.exe (8352)
0 : |- LanWlanWwanSwitchingServiceDSU.exe (8408)
0 : |- svchost.exe (8540)
0 : |- WMIRegistrationService.exe (8572)
0 : |- svchost.exe (8604)
0 : |- XtuService.exe (8636)
0 : |- svchost.exe (8688)
0 : |- svchost.exe (8720)
0 : |- svchost.exe (8896)
0 : |- BemSvc.exe (8904)
0 : |- RTUWPSrvcMain.exe (9900)
0 : |- LsaIso.exe (1484)
0 : |- lsass.exe (1512)
0 : |- fontdrvhost.exe (1680)
2 : winlogon.exe (17172)
2 : |- fontdrvhost.exe (14480)
2 : |- LogonUI.exe (16688)
2 : |- dwm.exe (18820)
0 : Secure System (236)
0 : Registry (308)
0 : MicrosoftEdgeUpdate.exe (3268)

Process_Information_ipaddr.csv : information about the running process.
70331 - Microsoft Windows Process Module Information
-
Synopsis
Use WMI to obtain running process module information.
Description
Report details on the running processes modules on the machine.

This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system policies.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/08, Modified: 2024/03/26
Plugin Output

tcp/0

Process_Modules_ipaddr.csv : lists the loaded modules for each process.

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/53


The Win32 process 'svchost.exe' is listening on this port (pid 3556).

This process 'svchost.exe' (pid 3556) is hosting the following Windows services :
SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/68


The Win32 process 'svchost.exe' is listening on this port (pid 2164).

This process 'svchost.exe' (pid 2164) is hosting the following Windows services :
Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/123


The Win32 process 'svchost.exe' is listening on this port (pid 1888).

This process 'svchost.exe' (pid 1888) is hosting the following Windows services :
W32Time (@%SystemRoot%\system32\w32time.dll,-200)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/135/epmap


The Win32 process 'svchost.exe' is listening on this port (pid 1740).

This process 'svchost.exe' (pid 1740) is hosting the following Windows services :
RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001)
RpcSs (@combase.dll,-5010)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


The Win32 process 'System' is listening on this port (pid 4).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/500


The Win32 process 'svchost.exe' is listening on this port (pid 3332).

This process 'svchost.exe' (pid 3332) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/623


The Win32 process 'LMS.exe' is listening on this port (pid 7616).

This process 'LMS.exe' (pid 7616) is hosting the following Windows services :
LMS (Intel(R) Management and Security Application Local Management Service)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/2179


The Win32 process 'vmms.exe' is listening on this port (pid 4044).

This process 'vmms.exe' (pid 4044) is hosting the following Windows services :
vmms (@%systemroot%\system32\vmms.exe,-10)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/3389/msrdp


The Win32 process 'svchost.exe' is listening on this port (pid 660).

This process 'svchost.exe' (pid 660) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/3389


The Win32 process 'svchost.exe' is listening on this port (pid 660).

This process 'svchost.exe' (pid 660) is hosting the following Windows services :
TermService (@%SystemRoot%\System32\termsrv.dll,-268)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/4500


The Win32 process 'svchost.exe' is listening on this port (pid 3332).

This process 'svchost.exe' (pid 3332) is hosting the following Windows services :
IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/5040


The Win32 process 'svchost.exe' is listening on this port (pid 8896).

This process 'svchost.exe' (pid 8896) is hosting the following Windows services :
CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/5050


The Win32 process 'svchost.exe' is listening on this port (pid 8896).

This process 'svchost.exe' (pid 8896) is hosting the following Windows services :
CDPSvc (@%SystemRoot%\system32\cdpsvc.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/5353


The Win32 process 'svchost.exe' is listening on this port (pid 2292).

This process 'svchost.exe' (pid 2292) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/5355


The Win32 process 'svchost.exe' is listening on this port (pid 2292).

This process 'svchost.exe' (pid 2292) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/8081


The Win32 process 'macmnsvc.exe' is listening on this port (pid 7680).

This process 'macmnsvc.exe' (pid 7680) is hosting the following Windows services :
macmnsvc (Trellix Agent Common Services)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/8082


The Win32 process 'macmnsvc.exe' is listening on this port (pid 7680).

This process 'macmnsvc.exe' (pid 7680) is hosting the following Windows services :
macmnsvc (Trellix Agent Common Services)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/10027


The Win32 process 'MATinyServer.exe' is listening on this port (pid 8284).

This process 'MATinyServer.exe' (pid 8284) is hosting the following Windows services :
MATinyServer (EVEMA Tiny Server Service for Offline Caching)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/10028


The Win32 process 'MARemoteGateway.exe' is listening on this port (pid 7608).

This process 'MARemoteGateway.exe' (pid 7608) is hosting the following Windows services :
MARemoteGateway (EVEMA Remote Gateway)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/16992


The Win32 process 'LMS.exe' is listening on this port (pid 7616).

This process 'LMS.exe' (pid 7616) is hosting the following Windows services :
LMS (Intel(R) Management and Security Application Local Management Service)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49664/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 1512).

This process 'lsass.exe' (pid 1512) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49665/dce-rpc


The Win32 process 'wininit.exe' is listening on this port (pid 1404).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49666/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 1352).

This process 'svchost.exe' (pid 1352) is hosting the following Windows services :
Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/49667/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 3936).

This process 'svchost.exe' (pid 3936) is hosting the following Windows services :
SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/50160/dce-rpc


The Win32 process 'svchost.exe' is listening on this port (pid 5924).

This process 'svchost.exe' (pid 5924) is hosting the following Windows services :
EventLog (@%SystemRoot%\system32\wevtsvc.dll,-200)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/50161/dce-rpc


The Win32 process 'spoolsv.exe' is listening on this port (pid 7800).

This process 'spoolsv.exe' (pid 7800) is hosting the following Windows services :
Spooler (@%systemroot%\system32\spoolsv.exe,-1)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/50162/dce-rpc


The Win32 process 'lsass.exe' is listening on this port (pid 1512).

This process 'lsass.exe' (pid 1512) is hosting the following Windows services :
KeyIso (@keyiso.dll,-100)
Netlogon (@%SystemRoot%\System32\netlogon.dll,-102)
SamSs (@%SystemRoot%\system32\samsrv.dll,-1)
VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/50176/dce-rpc


The Win32 process 'services.exe' is listening on this port (pid 1476).

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/53205


The Win32 process 'svchost.exe' is listening on this port (pid 2292).

This process 'svchost.exe' (pid 2292) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/57143


The Win32 process 'svchost.exe' is listening on this port (pid 2292).

This process 'svchost.exe' (pid 2292) is hosting the following Windows services :
Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/57666


The Win32 process 'svchost.exe' is listening on this port (pid 3556).

This process 'svchost.exe' (pid 3556) is hosting the following Windows services :
SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

udp/57667


The Win32 process 'svchost.exe' is listening on this port (pid 3556).

This process 'svchost.exe' (pid 3556) is hosting the following Windows services :
SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106)

34252 - Microsoft Windows Remote Listeners Enumeration (WMI)
-
Synopsis
It is possible to obtain the names of processes listening on the remote UDP and TCP ports.
Description
This script uses WMI to list the processes running on the remote host and listening on TCP / UDP ports.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/23, Modified: 2024/03/26
Plugin Output

tcp/61617


The Win32 process 'svchost.exe' is listening on this port (pid 3844).

This process 'svchost.exe' (pid 3844) is hosting the following Windows services :
Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205)

126527 - Microsoft Windows SAM user enumeration
-
Synopsis
Nessus was able to enumerate domain users from the local SAM.
Description
Using the domain security identifier (SID), Nessus was able to enumerate the domain users on the remote Windows system using the Security Accounts Manager.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2019/07/08, Modified: 2023/01/20
Plugin Output

tcp/0

- Administrator (id S-1-5-21-3388008032-3793481426-500, ³óÔåü¿ü/Éá¤ón¡.( (ÓëÈ¤ó ¢«¦óÈ), Administrator account)
- DefaultAccount (id S-1-5-21-3388008032-3793481426-503, ·¹Æàg¡.UŒ‹æü¶ü ¢«¦óÈgY.)
- Guest (id S-1-5-21-3388008032-3793481426-501, ³óÔåü¿ü/Éá¤óxn²¹È ¢¯»¹( (ÓëÈ¤ó ¢«¦óÈ), Guest account)
- WDAGUtilityAccount (id S-1-5-21-3388008032-3793481426-504, Windows Defender Application Guard ????????g????????k??cf??.J??s(U????????????? ??????????)

17651 - Microsoft Windows SMB : Obtains the Password Policy
-
Synopsis
It is possible to retrieve the remote host's password policy using the supplied credentials.
Description
Using the supplied credentials it was possible to extract the password policy for the remote Windows host. The password policy must conform to the Informational System Policy.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/03/30, Modified: 2015/01/12
Plugin Output

tcp/445/cifs

The following password policy is defined on the remote host:

Minimum password len: 8
Password history len: 24
Maximum password age (d): 30
Password must meet complexity requirements: Enabled
Minimum password age (d): 0
Forced logoff time (s): Not set
Locked account time (s): 900
Time between failed logon (s): 900
Number of invalid logon before locked out (s): 3
38689 - Microsoft Windows SMB Last Logged On User Disclosure
-
Synopsis
Nessus was able to identify the last logged on user on the remote host.
Description
By connecting to the remote host with the supplied credentials, Nessus was able to identify the username associated with the last successful logon.

Microsoft documentation notes that interactive console logons change the DefaultUserName registry entry to be the last logged-on user.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/05/05, Modified: 2019/09/02
Plugin Output

tcp/445/cifs


Last Successful logon : Tanaka@gcc.EMSOCCS.gsdf.mods.go.jp
10394 - Microsoft Windows SMB Log In Possible
-
Synopsis
It was possible to log into the remote host.
Description
The remote host is running a Microsoft Windows operating system or Samba, a CIFS/SMB server for Unix. It was possible to log into it using one of the following accounts :

- Guest account
- Supplied credentials
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2023/07/25
Plugin Output

tcp/445/cifs

- The SMB tests will be done as EMSOCCS1\Administrator/******
10859 - Microsoft Windows SMB LsaQueryInformationPolicy Function SID Enumeration
-
Synopsis
It is possible to obtain the host SID for the remote host.
Description
By emulating the call to LsaQueryInformationPolicy(), it was possible to obtain the host SID (Security Identifier).

The host SID can then be used to get the list of local users.
See Also
Solution
You can prevent anonymous lookups of the host SID by setting the 'RestrictAnonymous' registry setting to an appropriate value.

Refer to the 'See also' section for guidance.
Risk Factor
None
Plugin Information
Published: 2002/02/13, Modified: 2024/01/31
Plugin Output

tcp/445/cifs


The remote host SID value is : S-1-5-21-1942055394-3177162208-3032883132

The value of 'RestrictAnonymous' setting is : 0
10785 - Microsoft Windows SMB NativeLanManager Remote System Information Disclosure
-
Synopsis
It was possible to obtain information about the remote operating system.
Description
Nessus was able to obtain the remote operating system name and version (Windows and/or Samba) by sending an authentication request to port 139 or 445. Note that this plugin requires SMB to be enabled on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2001/10/17, Modified: 2021/09/20
Plugin Output

tcp/445/cifs

Nessus was able to obtain the following information about the host, by
parsing the SMB2 Protocol's NTLM SSP message:

Target Name: EMSOCCS1
NetBIOS Domain Name: EMSOCCS1
NetBIOS Computer Name: masked_hostname
DNS Domain Name: gcc.EMSOCCS.gsdf.mods.go.jp
DNS Computer Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp
DNS Tree Name: gcc.EMSOCCS.gsdf.mods.go.jp
Product Version: 10.0.22621
77477 - Microsoft Windows SMB Registry : McAfee EPO GUID
-
Synopsis
The remote system is managed by McAfee EPO.
Description
By reading the registry key HKLM\\SOFTWARE\\Network Associates\\ePolicy Orchestrator\\Agent, it was possible to determine that the remote Windows system is managed by McAfee EPO.
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0869
Plugin Information
Published: 2014/09/02, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

The remote host is designated by the following McAfee EPO GUID : {3b4e0dbf-8c40-4e83-a3ba-0d1f16838eb6}
48942 - Microsoft Windows SMB Registry : OS Version and Processor Architecture
-
Synopsis
It was possible to determine the processor architecture, build lab strings, and Windows OS version installed on the remote system.
Description
Nessus was able to determine the processor architecture, build lab strings, and the Windows OS version installed on the remote system by connecting to the remote registry with the supplied credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/31, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

Operating system version = 10.22621
Architecture = x64
Build lab extended = 22621.1.amd64fre.ni_release.220506-1250
11457 - Microsoft Windows SMB Registry : Winlogon Cached Password Weakness
-
Synopsis
User credentials are stored in memory.
Description
The registry key 'HKLM\Software\Microsoft\WindowsNT\CurrentVersion\ Winlogon\CachedLogonsCount' is not 0. Using a value greater than 0 for the CachedLogonsCount key indicates that the remote Windows host locally caches the passwords of the users when they login, in order to continue to allow the users to login in the case of the failure of the primary domain controller (PDC).

Cached logon credentials could be accessed by an attacker and subjected to brute force attacks.
See Also
Solution
Consult Microsoft documentation and best practices.
Risk Factor
None
Plugin Information
Published: 2003/03/24, Modified: 2018/06/05
Plugin Output

tcp/445/cifs


Max cached logons : 3
10400 - Microsoft Windows SMB Registry Remotely Accessible
-
Synopsis
Access the remote Windows Registry.
Description
It was possible to access the remote Windows Registry using the login / password combination used for the Windows local checks (SMB tests).
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

44401 - Microsoft Windows SMB Service Config Enumeration
-
Synopsis
It was possible to enumerate configuration parameters of remote services.
Description
Nessus was able to obtain, via the SMB protocol, the launch parameters of each active service on the remote host (executable path, logon type, etc.).
Solution
Ensure that each service is configured properly.
Risk Factor
None
References
XREF IAVT:0001-T-0752
Plugin Information
Published: 2010/02/05, Modified: 2022/05/16
Plugin Output

tcp/445/cifs


The following services are set to start automatically :

AdobeARMservice startup parameters :
Display name : Adobe Acrobat Update Service
Service name : AdobeARMservice
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"

AudioEndpointBuilder startup parameters :
Display name : Windows Audio Endpoint Builder
Service name : AudioEndpointBuilder
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

Audiosrv startup parameters :
Display name : Windows Audio
Service name : Audiosrv
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : AudioEndpointBuilder/RpcSs/

BFE startup parameters :
Display name : Base Filtering Engine
Service name : BFE
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : RpcSs/

BITS startup parameters :
Display name : Background Intelligent Transfer Service
Service name : BITS
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

BWH32S startup parameters :
Display name : BWH32S
Service name : BWH32S
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\BUFFALO\clientmgrv\bin\BWH32S.exe"
Dependencies : Wlansvc/

BrEndpointSvc startup parameters :
Display name : HP Sure Click Endpoint Service
Service name : BrEndpointSvc
Log on as : LocalSystem
Executable path : "c:\Program Files\HP\Sure Click\servers\BemSvc.exe"

BrService startup parameters :
Display name : HP Sure Click Host Management Service
Service name : BrService
Log on as : LocalSystem
Executable path : "c:\Program Files\HP\Sure Click\servers\BrService.exe"
Dependencies : RPCSS/

BrokerInfrastructure startup parameters :
Display name : Background Tasks Infrastructure Service
Service name : BrokerInfrastructure
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

CDPSvc startup parameters :
Display name : Connected Devices Platform Service
Service name : CDPSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalService -p
Dependencies : ncbservice/RpcSS/Tcpip/

ClickToRunSvc startup parameters :
Display name : Microsoft Office Click-to-Run Service
Service name : ClickToRunSvc
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service

CoreMessagingRegistrar startup parameters :
Display name : CoreMessaging
Service name : CoreMessagingRegistrar
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNoNetwork -p
Dependencies : rpcss/

CryptSvc startup parameters :
Display name : Cryptographic Services
Service name : CryptSvc
Log on as : NT Authority\NetworkService
Executable path : C:\windows\system32\svchost.exe -k NetworkService -p
Dependencies : RpcSs/

DPS startup parameters :
Display name : Diagnostic Policy Service
Service name : DPS
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\System32\svchost.exe -k LocalServiceNoNetwork -p

DcomLaunch startup parameters :
Display name : DCOM Server Process Launcher
Service name : DcomLaunch
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k DcomLaunch -p

Dhcp startup parameters :
Display name : DHCP Client
Service name : Dhcp
Log on as : NT Authority\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : NSI/Afd/

DiagTrack startup parameters :
Display name : Connected User Experiences and Telemetry
Service name : DiagTrack
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k utcsvc -p
Dependencies : RpcSs/

DispBrokerDesktopSvc startup parameters :
Display name : Ýę·ü ĩüÓđnh:
Service name : DispBrokerDesktopSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalService -p
Dependencies : RpcSS/

Dnscache startup parameters :
Display name : DNS Client
Service name : Dnscache
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\system32\svchost.exe -k NetworkService -p
Dependencies : nsi/Afd/

DoSvc startup parameters :
Display name : Delivery Optimization
Service name : DoSvc
Log on as : NT Authority\NetworkService
Executable path : C:\windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/

DusmSvc startup parameters :
Display name : ??????(????
Service name : DusmSvc
Log on as : NT Authority\LocalService
Executable path : C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/

EventLog startup parameters :
Display name : Windows Event Log
Service name : EventLog
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p

EventSystem startup parameters :
Display name : COM+ Event System
Service name : EventSystem
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/

FontCache startup parameters :
Display name : Windows Font Cache Service
Service name : FontCache
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalService -p

HP Comm Recover startup parameters :
Display name : HP Comm Recovery
Service name : HP Comm Recover
Log on as : LocalSystem
Executable path : "C:\Program Files\HPCommRecovery\HPCommRecovery.exe"

HPAppHelperCap startup parameters :
Display name : HP App Helper HSA Service
Service name : HPAppHelperCap
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9bcf549ab995f316\x64\AppHelperCap.exe
Dependencies : rpcss/

HPDiagsCap startup parameters :
Display name : HP Diagnostics HSA Service
Service name : HPDiagsCap
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9bcf549ab995f316\x64\DiagsCap.exe
Dependencies : rpcss/

HPNetworkCap startup parameters :
Display name : HP Network HSA Service
Service name : HPNetworkCap
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9bcf549ab995f316\x64\NetworkCap.exe
Dependencies : rpcss/

HPSysInfoCap startup parameters :
Display name : HP System Info HSA Service
Service name : HPSysInfoCap
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_9bcf549ab995f316\x64\SysInfoCap.exe
Dependencies : rpcss/

HotKeyServiceDSU startup parameters :
Display name : HP DSU Service
Service name : HotKeyServiceDSU
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpdsusoftwarecomponent.inf_amd64_542315f1d663a5d8\HotKeyServiceDSU.exe
Dependencies : rpcss/winmgmt/

HpTouchpointAnalyticsService startup parameters :
Display name : HP Analytics service
Service name : HpTouchpointAnalyticsService
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_673d1094db3cacf1\x64\TouchpointAnalyticsClientService.exe
Dependencies : rpcss/winmgmt/

IKEEXT startup parameters :
Display name : IKE and AuthIP IPsec Keying Modules
Service name : IKEEXT
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : BFE/nsi/

Intel(R) Platform License Manager Service startup parameters :
Display name : Intel(R) Platform License Manager Service
Service name : Intel(R) Platform License Manager Service
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_367008a610747d24\lib\PlatformLicenseManagerService.exe

LMS startup parameters :
Display name : Intel(R) Management and Security Application Local Management Service
Service name : LMS
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\lms.inf_amd64_981d034327bfbdcc\LMS.exe

LSM startup parameters :
Display name : Local Session Manager
Service name : LSM
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/DcomLaunch/RpcSs/

LanWlanWwanSwitchingServiceDSU startup parameters :
Display name : HP DSU LAN/WLAN/WWAN Switching Service
Service name : LanWlanWwanSwitchingServiceDSU
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpdsusoftwarecomponent.inf_amd64_542315f1d663a5d8\LanWlanWwanSwitchingServiceDSU.exe
Dependencies : WlanSvc/WwanSvc/

LanmanServer startup parameters :
Display name : Server
Service name : LanmanServer
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : SamSS/Srv2/

LanmanWorkstation startup parameters :
Display name : Workstation
Service name : LanmanWorkstation
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\System32\svchost.exe -k NetworkService -p
Dependencies : Bowser/MRxSmb20/NSI/

MAArbiter startup parameters :
Display name : EVEMA Arbiter Service
Service name : MAArbiter
Log on as : LocalSystem
Executable path : "C:\Program Files\DDS\EVEMA\Arbiter\MAArbiter.exe" -k

MALogTransfer startup parameters :
Display name : EVEMA Log Transfer Service
Service name : MALogTransfer
Log on as : LocalSystem
Executable path : "C:\Program Files\DDS\EVEMA\Client\MALogTransfer.exe" -k

MARemoteGateway startup parameters :
Display name : EVEMA Remote Gateway
Service name : MARemoteGateway
Log on as : LocalSystem
Executable path : "C:\Program Files\DDS\EVEMA\Client\MARemoteGateway.exe" -k

MATinyServer startup parameters :
Display name : EVEMA Tiny Server Service for Offline Caching
Service name : MATinyServer
Log on as : LocalSystem
Executable path : "C:\Program Files\DDS\EVEMA\Server\MATinyServer.exe" -k

MapsBroker startup parameters :
Display name : Downloaded Maps Manager
Service name : MapsBroker
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\System32\svchost.exe -k NetworkService -p
Dependencies : rpcss/

McnMon startup parameters :
Display name : McnMon
Service name : McnMon
Log on as : EMSOCCS1\Administrator
Executable path : C:\newscp\mac\AppCommon\bin\McnMon.exe -envfilepath C:\newscp\mac\McnMon\config\env.ini

NVDisplay.ContainerLocalSystem startup parameters :
Display name : NVIDIA Display Container LS
Service name : NVDisplay.ContainerLocalSystem
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\nvwu.inf_amd64_7928011f35860ca3\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\windows\System32\DriverStore\FileRepository\nvwu.inf_amd64_7928011f35860ca3\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem

NVWMI startup parameters :
Display name : NVWMI
Service name : NVWMI
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\nvwu.inf_amd64_7928011f35860ca3\NVWMI\nvWmi64.exe

Netlogon startup parameters :
Display name : Netlogon
Service name : Netlogon
Log on as : LocalSystem
Executable path : C:\windows\system32\lsass.exe
Dependencies : LanmanWorkstation/

PcaSvc startup parameters :
Display name : Program Compatibility Assistant Service
Service name : PcaSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

Power startup parameters :
Display name : Power
Service name : Power
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k DcomLaunch -p

ProfSvc startup parameters :
Display name : User Profile Service
Service name : ProfSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k UserProfileService -p
Dependencies : RpcSs/

RTUsbSwSrvc startup parameters :
Display name : RTUsbSwSrvc
Service name : RTUsbSwSrvc
Log on as : LocalSystem
Executable path : C:\windows\RTUWPSrvcMain.exe
Dependencies : rtwlanu6/

RpcEptMapper startup parameters :
Display name : RPC Endpoint Mapper
Service name : RpcEptMapper
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\system32\svchost.exe -k RPCSS -p

RpcSs startup parameters :
Display name : Remote Procedure Call (RPC)
Service name : RpcSs
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\system32\svchost.exe -k rpcss -p
Dependencies : RpcEptMapper/DcomLaunch/

RtkAudioUniversalService startup parameters :
Display name : Realtek Audio Universal Service
Service name : RtkAudioUniversalService
Log on as : LocalSystem
Executable path : "C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_dd4cb97d217df0bc\RtkAudUService64.exe"
Dependencies : audiosrv/

SECOMNService startup parameters :
Display name : Sound Research SECOMN Service
Service name : SECOMNService
Log on as : LocalSystem
Executable path : "C:\windows\System32\SECOMN64.exe"

SENS startup parameters :
Display name : System Event Notification Service
Service name : SENS
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : EventSystem/

SFUService startup parameters :
Display name : HP SFU Service
Service name : SFUService
Log on as : LocalSystem
Executable path : C:\windows\Firmware\HpSfuService.exe

SamSs startup parameters :
Display name : Security Accounts Manager
Service name : SamSs
Log on as : LocalSystem
Executable path : C:\windows\system32\lsass.exe
Dependencies : RPCSS/

Schedule startup parameters :
Display name : Task Scheduler
Service name : Schedule
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/SystemEventsBroker/

SecurityUpdateService startup parameters :
Display name : HP Security Update Service
Service name : SecurityUpdateService
Log on as : LocalSystem
Executable path : "C:\Program Files\HP\Security Update Service\4.4.7.365\SecurityUpdateService.exe" service
Dependencies : RPCSS/

SgrmBroker startup parameters :
Display name : System Guard éóŋĪā âËŋü ÖíüŦü
Service name : SgrmBroker
Log on as : LocalSystem
Executable path : C:\windows\system32\Sgrm\SgrmBroker.exe
Dependencies : RpcSs/

ShellHWDetection startup parameters :
Display name : Shell Hardware Detection
Service name : ShellHWDetection
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

Spooler startup parameters :
Display name : Print Spooler
Service name : Spooler
Log on as : LocalSystem
Executable path : C:\windows\System32\spoolsv.exe
Dependencies : RPCSS/http/

StateRepository startup parameters :
Display name : State Repository Service
Service name : StateRepository
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/

StorSvc startup parameters :
Display name : Storage Service
Service name : StorSvc
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

SysMain startup parameters :
Display name : SysMain
Service name : SysMain
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : rpcss/fileinfo/

SystemEventsBroker startup parameters :
Display name : System Events Broker
Service name : SystemEventsBroker
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k DcomLaunch -p
Dependencies : RpcEptMapper/RpcSs/

TextInputManagementService startup parameters :
Display name : Text Input Management Service
Service name : TextInputManagementService
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

Themes startup parameters :
Display name : Themes
Service name : Themes
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p

TrkWks startup parameters :
Display name : Distributed Link Tracking Client
Service name : TrkWks
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

UserManager startup parameters :
Display name : User Manager
Service name : UserManager
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

UsoSvc startup parameters :
Display name : Orchestrator Service nô°
Service name : UsoSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

WMIRegistrationService startup parameters :
Display name : Intel(R) Management Engine WMI Provider Registration
Service name : WMIRegistrationService
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_53ed758d7f7447bb\WMIRegistrationService.exe

WSearch startup parameters :
Display name : Windows Search
Service name : WSearch
Log on as : LocalSystem
Executable path : C:\windows\system32\SearchIndexer.exe /Embedding
Dependencies : RPCSS/BrokerInfrastructure/

Wcmsvc startup parameters :
Display name : Windows Connection Manager
Service name : Wcmsvc
Log on as : NT Authority\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/NSI/

Winmgmt startup parameters :
Display name : Windows Management Instrumentation
Service name : Winmgmt
Log on as : localSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/

WlanSvc startup parameters :
Display name : WLAN AutoConfig
Service name : WlanSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : nativewifip/RpcSs/Ndisuio/wcmsvc/

WpnService startup parameters :
Display name : Windows Ũ÷å.å·đÆā ĩüÓđ
Service name : WpnService
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

XTU3SERVICE startup parameters :
Display name : XTUOCDriverService
Service name : XTU3SERVICE
Log on as : LocalSystem
Executable path : C:\windows\SysWOW64\XtuService.exe

cplspcon startup parameters :
Display name : Intel(R) Content Protection HDCP Service
Service name : cplspcon
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_61cf32efd21ae804\IntelCpHDCPSvc.exe

edgeupdate startup parameters :
Display name : Microsoft Edge Update Service (edgeupdate)
Service name : edgeupdate
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /svc
Dependencies : RPCSS/

gpsvc startup parameters :
Display name : Group Policy Client
Service name : gpsvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/Mup/

hpsvcsscan startup parameters :
Display name : HP Services Scan
Service name : hpsvcsscan
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\hpsvcsscancomp.inf_amd64_5c5f7c2d85b802e0\x64\hpsvcsscan.exe
Dependencies : winmgmt/

igccservice startup parameters :
Display name : Intel(R) Graphics Command Center Service
Service name : igccservice
Log on as : LocalSystem
Executable path : "C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_64b0f9d7dd157b51\OneApp.IGCC.WinService.exe"

iphlpsvc startup parameters :
Display name : IP Helper
Service name : iphlpsvc
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k NetSvcs -p
Dependencies : RpcSS/tcpip/nsi/WinHttpAutoProxySvc/

jhi_service startup parameters :
Display name : Intel(R) Dynamic Application Loader Host Interface Service
Service name : jhi_service
Log on as : LocalSystem
Executable path : C:\windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
Dependencies : TCPIP/iphlpsvc/

macmnsvc startup parameters :
Display name : Trellix Agent Common Services
Service name : macmnsvc
Log on as : NT AUTHORITY\LocalService
Executable path : "C:\Program Files\McAfee\Agent\macmnsvc.exe" /ServiceStart

masvc startup parameters :
Display name : Trellix Agent Service
Service name : masvc
Log on as : LocalSystem
Executable path : "C:\Program Files\McAfee\Agent\masvc.exe" /ServiceStart

mfemms startup parameters :
Display name : Trellix Service Controller
Service name : mfemms
Log on as : LocalSystem
Executable path : "C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe"

mfewc startup parameters :
Display name : Trellix Endpoint Security Web Control Service
Service name : mfewc
Log on as : LocalSystem
Executable path : "C:\Program Files (x86)\McAfee\Endpoint Security\Web Control\mfewc.exe"
Dependencies : mfevtp/

mpssvc startup parameters :
Display name : Windows Defender Firewall
Service name : mpssvc
Log on as : NT Authority\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNoNetworkFirewall -p
Dependencies : mpsdrv/bfe/nsi/

nsi startup parameters :
Display name : Network Store Interface Service
Service name : nsi
Log on as : NT Authority\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/nsiproxy/

sppsvc startup parameters :
Display name : Software Protection
Service name : sppsvc
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\system32\sppsvc.exe
Dependencies : RpcSs/

vcsFPService startup parameters :
Display name : Synaptics VCS Fingerprint Service
Service name : vcsFPService
Log on as : LocalSystem
Executable path : C:\windows\system32\vcsFPService.exe

vmms startup parameters :
Display name : Hyper-V Virtual Machine Management
Service name : vmms
Log on as : LocalSystem
Executable path : C:\windows\system32\vmms.exe
Dependencies : RPCSS/WINMGMT/

wscsvc startup parameters :
Display name : ŧ­åęÆĢ ŧóŋü
Service name : wscsvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/

The following services must be started manually :

AJRouter startup parameters :
Display name : AllJoyn Router Service
Service name : AJRouter
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p

ALG startup parameters :
Display name : Application Layer Gateway Service
Service name : ALG
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\System32\alg.exe

AppIDSvc startup parameters :
Display name : Application Identity
Service name : AppIDSvc
Log on as : NT Authority\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
Dependencies : RpcSs/AppID/CryptSvc/

AppMgmt startup parameters :
Display name : Application Management
Service name : AppMgmt
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p

AppReadiness startup parameters :
Display name : App Readiness
Service name : AppReadiness
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k AppReadiness -p

AppXSvc startup parameters :
Display name : AppX Deployment Service (AppXSVC)
Service name : AppXSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k wsappx -p
Dependencies : rpcss/staterepository/

Appinfo startup parameters :
Display name : Application Information
Service name : Appinfo
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/ProfSvc/

AssignedAccessManagerSvc startup parameters :
Display name : AssignedAccessManager ĩüÓđ
Service name : AssignedAccessManagerSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k AssignedAccessManagerSvc

AxInstSV startup parameters :
Display name : ActiveX Installer (AxInstSV)
Service name : AxInstSV
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k AxInstSVGroup
Dependencies : rpcss/

BDESVC startup parameters :
Display name : BitLocker Drive Encryption Service
Service name : BDESVC
Log on as : localSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p

BTAGService startup parameters :
Display name : Bluetooth ŠüĮĢŠ ēüČͧΠĩüÓđ
Service name : BTAGService
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceNetworkRestricted
Dependencies : rpcss/

BthAvctpSvc startup parameters :
Display name : AVCTP ĩüÓđ
Service name : BthAvctpSvc
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalService -p
Dependencies : rpcss/

COMSysApp startup parameters :
Display name : COM+ System Application
Service name : COMSysApp
Log on as : LocalSystem
Executable path : C:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Dependencies : RpcSs/EventSystem/SENS/

CertPropSvc startup parameters :
Display name : Certificate Propagation
Service name : CertPropSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs
Dependencies : RpcSs/

ClipSVC startup parameters :
Display name : Client License Service (ClipSVC)
Service name : ClipSVC
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k wsappx -p
Dependencies : rpcss/

CscService startup parameters :
Display name : Offline Files
Service name : CscService
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : RpcSs/

DevQueryBroker startup parameters :
Display name : DevQuery Background Discovery Broker
Service name : DevQueryBroker
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DeviceAssociationService startup parameters :
Display name : Device Association Service
Service name : DeviceAssociationService
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DeviceInstall startup parameters :
Display name : Device Install Service
Service name : DeviceInstall
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k DcomLaunch -p

DisplayEnhancementService startup parameters :
Display name : ĮĢđŨėĪá5ĩüÓđ
Service name : DisplayEnhancementService
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p

DmEnrollmentSvc startup parameters :
Display name : ĮÐĪđĄ.{2ĩüÓđ
Service name : DmEnrollmentSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

DsSvc startup parameters :
Display name : Data Sharing Service
Service name : DsSvc
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p

DsmSvc startup parameters :
Display name : Device Setup Manager
Service name : DsmSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k netsvcs -p
Dependencies : RpcSs/

EFS startup parameters :
Display name : Encrypting File System (EFS)
Service name : EFS
Log on as : LocalSystem
Executable path : C:\windows\System32\lsass.exe
Dependencies : RPCSS/

EapHost startup parameters :
Display name : Extensible Authentication Protocol
Service name : EapHost
Log on as : localSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p
Dependencies : RPCSS/KeyIso/

EntAppSvc startup parameters :
Display name : Enterprise App Management Service
Service name : EntAppSvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k appmodel -p
Dependencies : rpcss/

FDResPub startup parameters :
Display name : Function Discovery Resource Publication
Service name : FDResPub
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p
Dependencies : RpcSs/http/fdphost/

FileSyncHelper startup parameters :
Display name : FileSyncHelper
Service name : FileSyncHelper
Log on as : LocalSystem
Executable path : "C:\Program Files\Microsoft OneDrive\23.142.0709.0001\FileSyncHelper.exe"
Dependencies : RpcSs/

FrameServer startup parameters :
Display name : Windows Ŧáé Õėüā ĩüÐü
Service name : FrameServer
Log on as : NT AUTHORITY\LocalService
Executable path : C:\windows\System32\svchost.exe -k Camera
Dependencies : rpcss/

FrameServerMonitor startup parameters :
Display name : Windows Ŧáé Õėüā ĩüÐü âËŋü
Service name : FrameServerMonitor
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k CameraMonitor
Dependencies : rpcss/

GraphicsPerfSvc startup parameters :
Display name : GraphicsPerfSvc
Service name : GraphicsPerfSvc
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k GraphicsPerfSvcGroup

HgClientService startup parameters :
Display name : ÛđČ ŽüĮĢĒó ŊéĪĒóČ ĩüÓđ
Service name : HgClientService
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p
Dependencies : Winmgmt/

HvHost startup parameters :
Display name : HV ÛđČ ĩüÓđ
Service name : HvHost
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : hvservice/

InstallService startup parameters :
Display name : Microsoft Store ĪóđČüë ĩüÓđ
Service name : InstallService
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k netsvcs -p
Dependencies : rpcss/

InventorySvc startup parameters :
Display name : ĪóŲóČęh’Û'nUĄĩüÓđ
Service name : InventorySvc
Log on as : LocalSystem
Executable path : C:\windows\system32\svchost.exe -k InvSvcGroup -p
Dependencies : RpcSs/

IpxlatCfgSvc startup parameters :
Display name : IP ÛË.ĩüÓđ
Service name : IpxlatCfgSvc
Log on as : LocalSystem
Executable path : C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p
Dependencies : nsi/

KeyIso startup parameters :
Display name : CNG Key Isolation
Service name : KeyIso
Log on as : LocalSystem
Executable path : C:\windows\system32\lsass.exe
Dependencies : RpcSs/

KtmRm startup parameters :
Display name : KtmRm for Distributed Transaction Coordinator
Service name : KtmRm
Log on as : NT AUTHORITY\NetworkService
Executable path : C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation -p
Dependencies : RPCSS/SamSS/

LicenseManager startup parameters :
Display name : Windows éĪŧóđ ÞÍüļãü ĩüÓđ
Service name : LicenseManager
Log on as : NT Authority\LocalService
Executable path : C:\windows\System32\svchost.exe -k LocalService -p
Dependencies : rpcss/

LxpSvc startup parameters :
Display name :
11011 - Microsoft Windows SMB Service Detection
-
Synopsis
A file / print sharing service is listening on the remote host.
Description
The remote service understands the CIFS (Common Internet File System) or Server Message Block (SMB) protocol, used to provide shared access to files, printers, etc between nodes on a network.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2002/06/05, Modified: 2021/02/11
Plugin Output

tcp/445/cifs


A CIFS server is running on this port.
10456 - Microsoft Windows SMB Service Enumeration
-
Synopsis
It is possible to enumerate remote services.
Description
This plugin implements the SvcOpenSCManager() and SvcEnumServices() calls to obtain, using the SMB protocol, the list of active and inactive services of the remote host.

An attacker may use this feature to gain better knowledge of the remote host.
Solution
To prevent the listing of the services from being obtained, you should either have tight login restrictions, so that only trusted users can access your host, and/or you should filter incoming traffic to this port.
Risk Factor
None
References
XREF IAVT:0001-T-0751
Plugin Information
Published: 2000/07/03, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Active Services :

Adobe Acrobat Update Service [ AdobeARMservice ]
Application Information [ Appinfo ]
Windows Audio Endpoint Builder [ AudioEndpointBuilder ]
Windows Audio [ Audiosrv ]
Base Filtering Engine [ BFE ]
Background Intelligent Transfer Service [ BITS ]
HP Sure Click Endpoint Service [ BrEndpointSvc ]
Background Tasks Infrastructure Service [ BrokerInfrastructure ]
HP Sure Click Host Management Service [ BrService ]
BWH32S [ BWH32S ]
Connected Devices Platform Service [ CDPSvc ]
Certificate Propagation [ CertPropSvc ]
Microsoft Office Click-to-Run Service [ ClickToRunSvc ]
CoreMessaging [ CoreMessagingRegistrar ]
Intel(R) Content Protection HDCP Service [ cplspcon ]
Cryptographic Services [ CryptSvc ]
DCOM Server Process Launcher [ DcomLaunch ]
DHCP Client [ Dhcp ]
Connected User Experiences and Telemetry [ DiagTrack ]
Ýę·ü ĩüÓđnh: [ DispBrokerDesktopSvc ]
DNS Client [ Dnscache ]
Diagnostic Policy Service [ DPS ]
Device Setup Manager [ DsmSvc ]
Data Sharing Service [ DsSvc ]
??????(???? [ DusmSvc ]
Windows Event Log [ EventLog ]
COM+ Event System [ EventSystem ]
Windows Font Cache Service [ FontCache ]
Group Policy Client [ gpsvc ]
Human Interface Device Service [ hidserv ]
ÛđČ ÍÃČïüŊ ĩüÓđ [ hns ]
HP DSU Service [ HotKeyServiceDSU ]
HP Comm Recovery [ HP Comm Recover ]
HP App Helper HSA Service [ HPAppHelperCap ]
HP Network HSA Service [ HPNetworkCap ]
HP Services Scan [ hpsvcsscan ]
HP System Info HSA Service [ HPSysInfoCap ]
HP Analytics service [ HpTouchpointAnalyticsService ]
HV ÛđČ ĩüÓđ [ HvHost ]
Intel(R) Graphics Command Center Service [ igccservice ]
IKE and AuthIP IPsec Keying Modules [ IKEEXT ]
Microsoft Store ĪóđČüë ĩüÓđ [ InstallService ]
IP Helper [ iphlpsvc ]
Intel(R) Dynamic Application Loader Host Interface Service [ jhi_service ]
CNG Key Isolation [ KeyIso ]
Server [ LanmanServer ]
Workstation [ LanmanWorkstation ]
HP DSU LAN/WLAN/WWAN Switching Service [ LanWlanWwanSwitchingServiceDSU ]
Geolocation Service [ lfsvc ]
Windows éĪŧóđ ÞÍüļãü ĩüÓđ [ LicenseManager ]
TCP/IP NetBIOS Helper [ lmhosts ]
Intel(R) Management and Security Application Local Management Service [ LMS ]
Local Session Manager [ LSM ]
EVEMA Arbiter Service [ MAArbiter ]
Trellix Agent Common Services [ macmnsvc ]
EVEMA Log Transfer Service [ MALogTransfer ]
EVEMA Remote Gateway [ MARemoteGateway ]
Trellix Agent Service [ masvc ]
EVEMA Tiny Server Service for Offline Caching [ MATinyServer ]
Trellix Agent Backwards Compatibility Service [ McAfeeFramework ]
McnMon [ McnMon ]
Trellix Service Controller [ mfemms ]
Trellix Validation Trust Protection Service [ mfevtp ]
Trellix Endpoint Security Web Control Service [ mfewc ]
Windows Defender Firewall [ mpssvc ]
Network Connection Broker [ NcbService ]
Netlogon [ Netlogon ]
Network List Service [ netprofm ]
Network Store Interface Service [ nsi ]
ÍÃČïüŊîó.ĩüÓđ [ nvagent ]
NVIDIA Display Container LS [ NVDisplay.ContainerLocalSystem ]
NVWMI [ NVWMI ]
Program Compatibility Assistant Service [ PcaSvc ]
Plug and Play [ PlugPlay ]
IPsec Policy Agent [ PolicyAgent ]
Power [ Power ]
User Profile Service [ ProfSvc ]
Remote Registry [ RemoteRegistry ]
!ÚĄ.ĩüÓđ [ RmSvc ]
RPC Endpoint Mapper [ RpcEptMapper ]
Remote Procedure Call (RPC) [ RpcSs ]
Realtek Audio Universal Service [ RtkAudioUniversalService ]
RTUsbSwSrvc [ RTUsbSwSrvc ]
Security Accounts Manager [ SamSs ]
Task Scheduler [ Schedule ]
Sound Research SECOMN Service [ SECOMNService ]
Windows ŧ­åęÆĢ ĩüÓđ [ SecurityHealthService ]
HP Security Update Service [ SecurityUpdateService ]
System Event Notification Service [ SENS ]
Remote Desktop Configuration [ SessionEnv ]
HP SFU Service [ SFUService ]
System Guard éóŋĪā âËŋü ÖíüŦü [ SgrmBroker ]
Internet Connection Sharing (ICS) [ SharedAccess ]
Shell Hardware Detection [ ShellHWDetection ]
Print Spooler [ Spooler ]
SSDP Discovery [ SSDPSRV ]
State Repository Service [ StateRepository ]
Storage Service [ StorSvc ]
SysMain [ SysMain ]
System Events Broker [ SystemEventsBroker ]
Remote Desktop Services [ TermService ]
Text Input Management Service [ TextInputManagementService ]
Themes [ Themes ]
Time Broker [ TimeBrokerSvc ]
Web ĒŦĶóČ ÞÍüļãü [ TokenBroker ]
Distributed Link Tracking Client [ TrkWks ]
Remote Desktop Services UserMode Port Redirector [ UmRdpService ]
User Manager [ UserManager ]
Orchestrator Service nô° [ UsoSvc ]
Credential Manager [ VaultSvc ]
Synaptics VCS Fingerprint Service [ vcsFPService ]
Hyper-V ÛđČ ģóÔåüÆĢó° ĩüÓđ [ vmcompute ]
Hyper-V Virtual Machine Management [ vmms ]
Windows Time [ W32Time ]
Windows Connection Manager [ Wcmsvc ]
Web Threat Defense ĩüÓđ [ webthreatdefsvc ]
WinHTTP Web Proxy Auto-Discovery Service [ WinHttpAutoProxySvc ]
Windows Management Instrumentation [ Winmgmt ]
WLAN AutoConfig [ WlanSvc ]
WMI Performance Adapter [ wmiApSrv ]
Intel(R) Management Engine WMI Provider Registration [ WMIRegistrationService ]
Windows Ũ÷å.å·đÆā ĩüÓđ [ WpnService ]
ŧ­åęÆĢ ŧóŋü [ wscsvc ]
Windows Search [ WSearch ]
WWAN AutoConfig [ WwanSvc ]
XTUOCDriverService [ XTU3SERVICE ]

Inactive Services :

AllJoyn Router Service [ AJRouter ]
Application Layer Gateway Service [ ALG ]
Application Identity [ AppIDSvc ]
Application Management [ AppMgmt ]
App Readiness [ AppReadiness ]
Microsoft App-V Client [ AppVClient ]
AppX Deployment Service (AppXSVC) [ AppXSvc ]
AssignedAccessManager ĩüÓđ [ AssignedAccessManagerSvc ]
:/ûqnB“ [ autotimesvc ]
ActiveX Installer (AxInstSV) [ AxInstSV ]
BitLocker Drive Encryption Service [ BDESVC ]
HP Sure Sense Antimalware Service [ BrAmSvc ]
Bluetooth ŠüĮĢŠ ēüČͧΠĩüÓđ [ BTAGService ]
AVCTP ĩüÓđ [ BthAvctpSvc ]
Bluetooth ĩÝüČ ĩüÓđ [ bthserv ]
_ýĒŊŧđ ÞÍüļãü ĩüÓđ [ camsvc ]
Client License Service (ClipSVC) [ ClipSVC ]
Microsoft Cloud ID ĩüÓđ [ cloudidsvc ]
COM+ System Application [ COMSysApp ]
Offline Files [ CscService ]
dcsvc [ dcsvc ]
Optimize drives [ defragsvc ]
Device Association Service [ DeviceAssociationService ]
Device Install Service [ DeviceInstall ]
DevQuery Background Discovery Broker [ DevQueryBroker ]
Microsoft (R) :­ÏÖ.–ģėŊŋü ĩüÓđ [ diagnosticshub.standardcollector.service ]
Diagnostic Execution Service [ diagsvc ]
DialogBlockingService [ DialogBlockingService ]
ĮĢđŨėĪá5ĩüÓđ [ DisplayEnhancementService ]
ĮÐĪđĄ.{2ĩüÓđ [ DmEnrollmentSvc ]
ĮÐĪđĄ.ïĪäėđ ĒŨęąü·įó ŨíČģë (WAP) Ũ÷å áÃŧüļ ëüÆĢó° ĩüÓđ [ dmwappushservice ]
Delivery Optimization [ DoSvc ]
Wired AutoConfig [ dot3svc ]
Extensible Authentication Protocol [ EapHost ]
Microsoft Edge Update Service (edgeupdate) [ edgeupdate ]
Microsoft Edge Update Service (edgeupdatem) [ edgeupdatem ]
Encrypting File System (EFS) [ EFS ]
???????????? [ embeddedmode ]
Enterprise App Management Service [ EntAppSvc ]
Function Discovery Provider Host [ fdPHost ]
Function Discovery Resource Publication [ FDResPub ]
File History Service [ fhsvc ]
FileSyncHelper [ FileSyncHelper ]
Windows Ŧáé Õėüā ĩüÐü [ FrameServer ]
Windows Ŧáé Õėüā ĩüÐü âËŋü [ FrameServerMonitor ]
GraphicsPerfSvc [ GraphicsPerfSvc ]
ÛđČ ŽüĮĢĒó ŊéĪĒóČ ĩüÓđ [ HgClientService ]
HP Diagnostics HSA Service [ HPDiagsCap ]
HP CASL Framework Service [ hpqcaslwmiex ]
Windows âÐĪë ÛÃČđÝÃČ ĩüÓđ [ icssvc ]
Intel(R) Platform License Manager Service [ Intel(R) Platform License Manager Service ]
ĪóŲóČęh’Û'nUĄĩüÓđ [ InventorySvc ]
IP ÛË.ĩüÓđ [ IpxlatCfgSvc ]
KtmRm for Distributed Transaction Coordinator [ KtmRm ]
Link-Layer Topology Discovery Mapper [ lltdsvc ]
23974 - Microsoft Windows SMB Share Hosting Office Files
-
Synopsis
The remote share contains Office-related files.
Description
This plugin connects to the remotely accessible SMB shares and attempts to find office related files (such as .doc, .ppt, .xls, .pdf etc).
Solution
Make sure that the files containing confidential information have proper access controls set on them.
Risk Factor
None
Plugin Information
Published: 2007/01/04, Modified: 2011/03/21
Plugin Output

tcp/445/cifs


Here is a list of office files which have been found on the remote SMB
shares :

+ C$ :

- C:\Program Files\Microsoft Office\root\Office16\1041\PROTTPLN.DOC
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.22621.1_none_79b5a6401d9ba820\MsoIrmProtector.doc
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.22621.1_none_6f60fbede93ae625\MsoIrmProtector.doc
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc
- C:\Windows\System32\MSDRM\MsoIrmProtector.doc
- C:\Program Files\Microsoft Office\root\Office16\1041\PROTTPLV.DOC
- C:\Program Files\Microsoft Office\root\Office16\1041\PROTTPLN.PPT
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.22621.1_none_79b5a6401d9ba820\MsoIrmProtector.ppt
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.22621.1_none_6f60fbede93ae625\MsoIrmProtector.ppt
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.ppt
- C:\Windows\System32\MSDRM\MsoIrmProtector.ppt
- C:\Program Files\Microsoft Office\root\Office16\1041\PROTTPLV.PPT
- C:\Program Files\Microsoft Office\root\Office16\1041\PROTTPLN.XLS
- C:\Program Files\Microsoft Office\root\Office16\1041\PROTTPLV.XLS
- C:\Windows\WinSxS\wow64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.22621.1_none_79b5a6401d9ba820\MsoIrmProtector.xls
- C:\Windows\WinSxS\amd64_microsoft-windows-r..t-office-protectors_31bf3856ad364e35_10.0.22621.1_none_6f60fbede93ae625\MsoIrmProtector.xls
- C:\Windows\SysWOW64\MSDRM\MsoIrmProtector.xls
- C:\Windows\System32\MSDRM\MsoIrmProtector.xls
- C:\Program Files\Microsoft Office\root\Office16\SAMPLES\SOLVSAMP.XLS
- C:\Program Files\HP\Sure Click\4.4.4.170\servers\manifests\windows\vital.xlsx
- C:\Users\Administrator.EMSOCCS1\AppData\Local\Packages\oice_16_974fa576_32c1d314_1d21\AC\Temp\B8E93D4E.xlsx
- C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\EXCEL12.XLSX
- C:\Program Files\Microsoft Office\root\Templates\1041\ADDRESS20.XLSX
- C:\Program Files\HP\Sure Click\servers\manifests\windows\vital.xlsx
- C:\Program Files\HP\Sure Click\ApplicationSupport\windows\4.4.7.581\vital.xlsx
- C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Licenses\1041\SSMS License Terms.docx
- C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\WORD.DOCX
- C:\Program Files\Microsoft Office\root\Templates\1041\ADDRESS20.DOCX
- C:\Program Files\HP\Sure Click\servers\manifests\windows\important.docx
- C:\Program Files\HP\Sure Click\ApplicationSupport\windows\4.4.7.581\important.docx
- C:\Program Files\HP\Sure Click\4.4.4.170\servers\manifests\windows\important.docx
- C:\Program Files\HP\Sure Click\4.4.4.170\servers\manifests\windows\amazing.pptx
- C:\Program Files\HP\Sure Click\ApplicationSupport\windows\4.4.7.581\amazing.pptx
- C:\Program Files\HP\Sure Click\servers\manifests\windows\amazing.pptx
- C:\Program Files\Microsoft Office\root\vfs\Windows\SHELLNEW\POWERPOINT.PPTX

+ D$ :

- D:\1515\02_DB\a5m2_2.18.2_x64\sample\CreateTableDefinition.xls
11777 - Microsoft Windows SMB Share Hosting Possibly Copyrighted Material
-
Synopsis
The remote host may contain material (movies/audio) infringing copyright.
Description
This plugin displays a list of media files (such as .mp3, .ogg, .mpg, .avi) which have been found on the remote SMB shares.

Some of these files may contain copyrighted materials, such as commercial movies or music files, that are being shared without the owner's permission.

If any of these files actually contain copyrighted material, and if they are freely swapped around, your organization might be held liable for copyright infringement by associations such as the RIAA or the MPAA.
Solution
Delete the files infringing copyright.
Risk Factor
None
Plugin Information
Published: 2003/06/26, Modified: 2012/11/29
Plugin Output

tcp/445/cifs


Here is a list of files which have been found on the remote SMB shares.
Some of these files may contain copyrighted materials, such as commercial
movies or music files.

+ C$ :

C:\Program Files (x86)\HP\HP Support Framework\Resources\HPAudioCheck\Resources\media\HPAudioCheck.mp3
C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\Assets\Sounds\Group_Voice_Entry_Others_SetA_v1.mp3
C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\Assets\Sounds\Group_Voice_Exit_Me_SetA_v1.mp3
C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\Assets\Sounds\Group_Voice_Exit_Others_SetA_v1.mp3
C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\Assets\Sounds\Message_Notification_SetA_v14_v2.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\bop.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\flutter.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\highscore.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\meetup_ring.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\nextlevel.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\plink.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\teams_meet_up_reminder.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\teams_notification.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\wishgranted.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\wobble.mp3
C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.41.289.0_x64__dt26b99r8h8gj\SECOMNUWV.Theme\Assets\Audio\happy-town-bonus.mp3
C:\Windows\ImmersiveControlPanel\SystemSettings\Assets\Aria.mp3
C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.1928_none_fa6f016e12c62306\Jenny.mp3
C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.1928_none_fa6f016e12c62306\Guy.mp3
C:\Windows\WinSxS\amd64_microsoft-windows-i..ntrolpanel.appxmain_31bf3856ad364e35_10.0.22621.1928_none_fa6f016e12c62306\Aria.mp3
C:\Windows\ImmersiveControlPanel\SystemSettings\Assets\Jenny.mp3
C:\Windows\ImmersiveControlPanel\SystemSettings\Assets\Guy.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\spacetime.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\screenshare_ring.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\ripple.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\ringring.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\ring.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\remix.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\eureka.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\dripdrop.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\bubblesloud.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\bubbles.mp3
C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe\Audio\bounce.mp3
C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\Assets\Sounds\Group_Voice_Entry_Me_SetA_v1.mp3
C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe\Assets\Sounds\AchievementUnlocked.mp3
C:\Program Files\WindowsApps\Microsoft.Todos_2.100.61791.0_x64__8wekyb3d8bbwe\Assets\Sounds\CompletedSound.mp3
C:\Program Files\WindowsApps\Microsoft.GamingApp_2307.1001.5.0_x64__8wekyb3d8bbwe\Assets\Sounds\Message.mp3
C:\Program Files\WindowsApps\AD2F1837.myHP_25.52328.396.0_x64__v10z8vjag6ke6\HP.Support.Engine\HPSFCopy\Resources\HPAudioCheck\Resources\media\HPAudioCheck.mp3
C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10041.0_x64__8wekyb3d8bbwe\Assets\ImmersiveControl_Slider_Click_Sound.wma

10396 - Microsoft Windows SMB Shares Access
-
Synopsis
It is possible to access a network share.
Description
The remote has one or more Windows shares that can be accessed through the network with the given credentials.

Depending on the share rights, it may allow an attacker to read / write confidential data.
Solution
To restrict access under Windows, open Explorer, do a right click on each share, go to the 'sharing' tab, and click on 'permissions'.
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2021/10/04
Plugin Output

tcp/445/cifs


The following shares can be accessed as Administrator :

- ADMIN$ - (readable,writable)
+ Content of this share :
..
ADFS
appcompat
apppatch
AppReadiness
assembly
bcastdvr
bfsvc.exe
BitLockerDiscoveryVolumeContents
Boot
bootstat.dat
Branding
BrowserCore
CbsTemp
comsetup.log
Containers
Core.xml
CoreSingleLanguage.xml
CSC
csup.txt
Cursors
debug
diagerr.xml
diagnostics
DiagTrack
diagwrn.xml
DigitalLocker
Downloaded Program Files
DPINST.LOG
DtcInstall.log
ELAMBKUP
en-US
explorer.exe
Firmware
Fonts
GameBarPresenceWriter
Globalization
Help
HelpPane.exe
hh.exe
HP
IdentityCRL
IME
ImmersiveControlPanel
InboxApps
INF
InputMethod
insFileSpec
Installer
ja-JP
L2Schemas
LanguageOverlayCache
LiveKernelReports
Logs
lsasetup.log
Media
mib.bin
Microsoft.NET
Migration
ModemLogs
notepad.exe
OCR
ODBC.INI
Offline Web Pages
Panther
Performance
PFRO.log
PLA
PolicyDefinitions
Prefetch
PrintDialog
Professional.xml
Provisioning
py.exe
pyshellext.amd64.dll
pyw.exe
regedit.exe
Registration
RemotePackages
rescache
Resources
RTUWPSrvcLib.dll
RTUWPSrvcMain.exe
RTUWPUsbSwExt.dll
RTUWPWlanExt.dll
SchCache
schemas
security
ServiceProfiles

- C$ - (readable,writable)
+ Content of this share :
$Recycle.Bin
Acronis
Documents and Settings
DumpStack.log.tmp
hiberfil.sys
hp
newscp
OS
pagefile.sys
PerfLogs
Program Files
Program Files (x86)
ProgramData
Quarantine
Recovery
swapfile.sys
SWSetup
System Volume Information
System.Sav
Users
Windows

- D$ - (readable,writable)
+ Content of this share :
$RECYCLE.BIN
1515
EVEMA
Hyper-V
System Volume Information
10395 - Microsoft Windows SMB Shares Enumeration
-
Synopsis
It is possible to enumerate remote network shares.
Description
By connecting to the remote host, Nessus was able to enumerate the network share names.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2000/05/09, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Here are the SMB shares available on the remote host when logged in as Administrator:

- ADMIN$
- C$
- D$
- IPC$
100871 - Microsoft Windows SMB Versions Supported (remote check)
-
Synopsis
It was possible to obtain information about the version of SMB running on the remote host.
Description
Nessus was able to obtain the version of SMB running on the remote host by sending an authentication request to port 139 or 445.

Note that this plugin is a remote check and does not work on agents.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2017/06/19, Modified: 2019/11/22
Plugin Output

tcp/445/cifs


The remote host supports the following versions of SMB :
SMBv2
106716 - Microsoft Windows SMB2 and SMB3 Dialects Supported (remote check)
-
Synopsis
It was possible to obtain information about the dialects of SMB2 and SMB3 available on the remote host.
Description
Nessus was able to obtain the set of SMB2 and SMB3 dialects running on the remote host by sending an authentication request to port 139 or 445.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2018/02/09, Modified: 2020/03/11
Plugin Output

tcp/445/cifs


The remote host supports the following SMB dialects :
_version_ _introduced in windows version_
2.0.2 Windows 2008
2.1 Windows 7
3.0 Windows 8
3.0.2 Windows 8.1
3.1.1 Windows 10

The remote host does NOT support the following SMB dialects :
_version_ _introduced in windows version_
2.2.2 Windows 8 Beta
2.2.4 Windows 8 Beta
3.1 Windows 10

92368 - Microsoft Windows Scripting Host Settings
-
Synopsis
Nessus was able to collect and report the Windows scripting host settings from the remote host.
Description
Nessus was able to collect system and user level Windows scripting host settings from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Microsoft\Windows Script Host\Settings\activedebugging : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\displaylogo : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\usewinsafer : 1
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\silentterminate : 0
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows Script Host\Settings\activedebugging : 1

Windows scripting host configuration attached.

58452 - Microsoft Windows Startup Software Enumeration
-
Synopsis
It is possible to enumerate startup software.
Description
This plugin lists software that is configured to run on system startup by crawling the registry entries in :

- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersi on\Run
Solution
Review the list of applications and remove any that are not compliant with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2012/03/23, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


The following startup item was found :

HPNotifications - C:\Program Files (x86)\HP\HP Notifications\HPNotifications.exe
MAAgent - C:\Program Files\DDS\EVEMA\Client\MAAgent.exe
MARdpReg - C:\Program Files\DDS\EVEMA\Client\MARdpReg.exe
McAfeeUpdaterUI - C:\Program Files\McAfee\Agent\x86\UpdaterUI.exe
RtkAudUService - C:\windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_dd4cb97d217df0bc\RtkAudUService64.exe
SecurityHealth - %windir%\system32\SecurityHealthSystray.exe
TeamsMachineInstaller - %ProgramFiles%\Teams Installer\Teams.exe --checkInstall --source=PROPLUS
38153 - Microsoft Windows Summary of Missing Patches
-
Synopsis
The remote host is missing several Microsoft security patches.
Description
This plugin summarizes updates for Microsoft Security Bulletins or Knowledge Base (KB) security updates that have not been installed on the remote Windows host based on the results of either a credentialed check using the supplied credentials or a check done using a supported third-party patch management tool.

Note the results of missing patches also include superseded patches.

Review the summary and apply any missing updates in order to be up to date.
Solution
Run Windows Update on the remote host or use a patch management solution.
Risk Factor
None
Plugin Information
Published: 2009/04/24, Modified: 2019/06/13
Plugin Output

tcp/445/cifs

The patches for the following bulletins or KBs are missing on the remote host :

- KB5028948 ( https://support.microsoft.com/en-us/help/5028948 )
- KB5029263 ( https://support.microsoft.com/en-us/help/5029263 )
- KB5029921 ( https://support.microsoft.com/en-us/help/5029921 )
- KB5030219 ( https://support.microsoft.com/en-us/help/5030219 )
- KB5031354 ( https://support.microsoft.com/en-us/help/5031354 )
- KB5032007 ( https://support.microsoft.com/en-us/help/5032007 )
- KB5032190 ( https://support.microsoft.com/en-us/help/5032190 )
- KB5033375 ( https://support.microsoft.com/en-us/help/5033375 )
- KB5033920 ( https://support.microsoft.com/en-us/help/5033920 )
- KB5034123 ( https://support.microsoft.com/en-us/help/5034123 )
- KB5034765 ( https://support.microsoft.com/en-us/help/5034765 )
- KB5035853 ( https://support.microsoft.com/en-us/help/5035853 )
- KB5036620 ( https://support.microsoft.com/en-us/help/5036620 )
- KB5036893 ( https://support.microsoft.com/en-us/help/5036893 )

92369 - Microsoft Windows Time Zone Information
-
Synopsis
Nessus was able to collect and report time zone information from the remote host.
Description
Nessus was able to collect time zone information from the remote Windows host and generate a report as a CSV attachment.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2023/06/06
Plugin Output

tcp/0

HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\TimeZoneKeyName : Tokyo Standard Time
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardName : @tzres.dll,-632
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightName : @tzres.dll,-631
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DynamicDaylightTimeDisabled : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardBias : 0x00000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightBias : 0xFFFFFFC4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\Bias : 0xFFFFFDE4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\ActiveTimeBias : 0xFFFFFDE4
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\DaylightStart : 00000000000000000000000000000000
HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation\StandardStart : 00000000000000000000000000000000

35730 - Microsoft Windows USB Device Usage Report
-
Synopsis
It was possible to get a list of USB devices that may have been connected to the remote system in the past.
Description
Using the supplied credentials, this plugin enumerates USB devices that have been connected to the remote Windows host in the past.
See Also
Solution
Make sure that the use of USB drives is in accordance with your organization's security policy.
Risk Factor
None
Plugin Information
Published: 2009/02/24, Modified: 2022/06/01
Plugin Output

tcp/445/cifs


The following is a list of USB devices that have been connected
to remote system at least once in the past :


Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Oct. 13, 2023 at 11:39:28 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Oct. 13, 2023 at 11:39:28 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Oct. 5, 2023 at 07:27:28 GMT

First used : unknown

Device Name : BUFFALO RUF3-HSTV5 USB Device
Last Inserted Time : Oct. 5, 2023 at 07:27:28 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Jan. 30, 2024 at 09:57:17 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Nov. 2, 2023 at 09:29:38 GMT

First used : unknown

Device Name : ELECOM MF-PKU3 USB Device
Last Inserted Time : Jan. 24, 2024 at 08:02:22 GMT

First used : unknown

Device Name : Kingston IronKey Public USB Device
Last Inserted Time : Oct. 11, 2023 at 07:20:21 GMT

First used : unknown

Device Name : Kingston IronKey Secure USB Device
Last Inserted Time : Oct. 11, 2023 at 07:20:21 GMT

First used : unknown

(Note that for a complete listing of 'First used' times you should
run this test with the option 'thorough_tests' enabled.)
66350 - Microsoft Windows Wireless Network History
-
Synopsis
This plugin identifies wireless networks that the computer has connected to.
Description
Using the supplied credentials, this plugin reports wireless networks that this computer has connected to as well as the settings for Windows Vista and later systems.
See Also
Solution
Make sure that use of the reported networks agrees with your organization's acceptable use and security policies.
Risk Factor
None
Plugin Information
Published: 2013/05/08, Modified: 2022/02/01
Plugin Output

tcp/445/cifs

SSID : SH-05La-9F0E88
Managed : FALSE
Description : SH-05La-9F0E88
GUID : {BBFB7903-A4FB-4515-B062-3C7739CAAC5B}
DateCreated : Wednesday, 12/13/2023 04:42:30.962 PM
DateLastConnected : Wednesday, 12/13/2023 04:42:30.965 PM
Description : SH-05La-9F0E88
DefaultGatewayMac : f889d2a00e88
DnsSuffix : <jW>
FirstNetwork : SH-05La-9F0E88
Source : 8
Category : 0
Security Mode : WPA2PSK
Encryption : AES
1x : false
Key Type : passPhrase
Key Protected : true
Key Content : 01000000D08C9DDF0115D1118C7A00C04FC297EB0100000084D617B53EED654CA679592569BC5F17000000000200000000001066000000010000200000009304C4823C13D6260E9AA9C57A5B89A5962068C7D34E0FC4F9C7ABE8BACED722000000000E8000000002000020000000AD0C54273B976A2364198BF476D36072C704F7B8E96D74E54AA4411CAE11789B1000000003A4E7F0DC833404A4C057C3FAEC9BBB400000006E8F1BE2B4BDD910A8BFD6DFCB09263AFE3B46E8C427FB47CDF5E0B9895E397ED494860B50487B483E5143CC28F65BB5B654885C845BF7B78D689AFEBF9F211C
Connection Mode : auto
Connection Type : ESS

19506 - Nessus Scan Information
-
Synopsis
This plugin displays information about the Nessus scan.
Description
This plugin displays, for each tested host, information about the scan itself :

- The version of the plugin set.
- The type of scanner (Nessus or Nessus Home).
- The version of the Nessus Engine.
- The port scanner(s) used.
- The port range scanned.
- The ping round trip time
- Whether credentialed or third-party patch management checks are possible.
- Whether the display of superseded patches is enabled
- The date of the scan.
- The duration of the scan.
- The number of hosts scanned in parallel.
- The number of checks done in parallel.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2005/08/26, Modified: 2024/03/13
Plugin Output

tcp/0

Information about this scan :

Nessus version : 10.4.1
Nessus build : 20091
Plugin feed version : 202404150448
Scanner edition used : Nessus
Scanner OS : WINDOWS
Scanner distribution : win-x86-64
Scan type : Normal
Scan name : masked_systemname Pre V6 masked_hostname
Scan policy used : masked_systemname Pre
Scanner IP : fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5
Port scanner(s) : wmi_netstat
Port range : 1-65535
Ping RTT : Unavailable
Thorough tests : no
Experimental tests : no
Plugin debugging enabled : no
Paranoia level : 1
Report verbosity : 2
Safe checks : yes
Optimize the test : yes
Credentialed checks : yes, as 'EMSOCCS1\Administrator' via SMB
Patch management checks : None
Display superseded patches : yes (supersedence plugin did not launch)
CGI scanning : enabled
Web application tests : disabled
Max hosts : 5
Max checks : 5
Recv timeout : 3
Backports : None
Allow post-scan editing : Yes
Nessus Plugin Signature Checking : Enabled
Audit File Signature Checking : Disabled
Scan Start Date : 2024/4/23 10:11 Tokyo Standard Time
Scan duration : 1746 sec
Scan for malware : yes
58651 - Netstat Active Connections
-
Synopsis
Active connections are enumerated via the 'netstat' command.
Description
This plugin runs 'netstat' on the remote machine to enumerate all active 'ESTABLISHED' or 'LISTENING' tcp/udp connections.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/04/10, Modified: 2021/06/29
Plugin Output

tcp/0


Netstat output :

アクティブな接続

プロトコル ローカル アドレス 外部アドレス 状態 PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1740
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:623 0.0.0.0:0 LISTENING 7616
TCP 0.0.0.0:2179 0.0.0.0:0 LISTENING 4044
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 660
TCP 0.0.0.0:5040 0.0.0.0:0 LISTENING 8896
TCP 0.0.0.0:8081 0.0.0.0:0 LISTENING 7680
TCP 0.0.0.0:10027 0.0.0.0:0 LISTENING 8284
TCP 0.0.0.0:10028 0.0.0.0:0 LISTENING 7608
TCP 0.0.0.0:16992 0.0.0.0:0 LISTENING 7616
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 1512
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1404
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1352
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 3936
TCP 0.0.0.0:50160 0.0.0.0:0 LISTENING 5924
TCP 0.0.0.0:50161 0.0.0.0:0 LISTENING 7800
TCP 0.0.0.0:50162 0.0.0.0:0 LISTENING 1512
TCP 0.0.0.0:50176 0.0.0.0:0 LISTENING 1476
TCP 0.0.0.0:61617 0.0.0.0:0 LISTENING 3844
TCP 127.0.0.1:50164 127.0.0.1:50165 ESTABLISHED 7616
TCP 127.0.0.1:50165 127.0.0.1:50164 ESTABLISHED 7616
TCP 169.254.85.151:139 0.0.0.0:0 LISTENING 4
TCP 172.27.32.1:139 0.0.0.0:0 LISTENING 4
TCP 192.168.100.81:139 0.0.0.0:0 LISTENING 4
TCP 192.168.100.81:61613 192.168.100.2:135 TIME_WAIT 0
TCP 192.168.100.81:61614 192.168.100.2:49671 TIME_WAIT 0
TCP 192.168.100.81:61615 192.168.100.2:135 ESTABLISHED 1512
TCP 192.168.100.81:61616 192.168.100.2:49678 ESTABLISHED 1512
TCP [::]:135 [::]:0 LISTENING 1740
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:623 [::]:0 LISTENING 7616
TCP [::]:2179 [::]:0 LISTENING 4044
TCP [::]:3389 [::]:0 LISTENING 660
TCP [::]:8081 [::]:0 LISTENING 7680
TCP [::]:16992 [::]:0 LISTENING 7616
TCP [::]:49664 [::]:0 LISTENING 1512
TCP [::]:49665 [::]:0 LISTENING 1404
TCP [::]:49666 [::]:0 LISTENING 1352
TCP [::]:49667 [::]:0 LISTENING 3936
TCP [::]:50160 [::]:0 LISTENING 5924
TCP [::]:50161 [::]:0 LISTENING 7800
TCP [::]:50162 [::]:0 LISTENING 1512
TCP [::]:50176 [::]:0 LISTENING 1476
TCP [::]:61617 [::]:0 LISTENING 3844
TCP [::1]:50163 [::]:0 LISTENING 8188
TCP [ipaddr]:135 [fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5]:63971 ESTABLISHED 1740
TCP [ipaddr]:445 [fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5]:63970 ESTABLISHED 4
TCP [ipaddr]:51004 [::]:0 LISTENING 8204
TCP [ipaddr]:57304 [fd01:e2e2:0:e0c0::102]:51005 ESTABLISHED 8204
TCP [ipaddr]:61617 [fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5]:63972 ESTABLISHED 3844
UDP 0.0.0.0:53 *:* 3556
UDP 0.0.0.0:68 *:* 2164
UDP 0.0.0.0:123 *:* 1888
UDP 0.0.0.0:500 *:* 3332
UDP 0.0.0.0:3389 *:* 660
UDP 0.0.0.0:4500 *:* 3332
UDP 0.0.0.0:5050 *:* 8896
UDP 0.0.0.0:5353 *:* 2292
UDP 0.0.0.0:5355 *:* 2292
UDP 0.0.0.0:8082 *:* 7680
UDP 0.0.0.0:53205 *:* 2292
UDP 0.0.0.0:57143 *:* 2292
UDP 0.0.0.0:57666 *:* 3556
UDP 0.0.0.0:57667 *:* 3556
UDP 127.0.0.1:1900 *:* 14788
UDP 127.0.0.1:49664 127.0.0.1:49664 2156
UDP 127.0.0.1:49665 127.0.0.1:49665 3260
UDP 127.0.0.1:64443 127.0.0.1:64443 1512
UDP 127.0.0.1:65091 *:* 14788
UDP 169.254.85.151:137 *:* 4
UDP 169.254.85.151:138 *:* 4
UDP 169.254.85.151:1900 *:* 14788
UDP 169.254.85.151:65090 *:* 14788
UDP 172.27.32.1:67 *:* 3556
UDP 172.27.32.1:68 *:* 3556
UDP 172.27.32.1:137 *:* 4
UDP 172.27.32.1:138 *:* 4
UDP 172.27.32.1:1900 *:* 14788
UDP 172.27.32.1:65088 *:* 14788
UDP 192.168.100.81:137 *:* 4
UDP 192.168.100.81:138 *:* 4
UDP 192.168.100.81:1900 *:* 14788
UDP 192.168.100.81:65089 *:* 14788
UDP [::]:123 *:* 1888
UDP [::]:500 *:* 3332
UDP [::]:3389 *:* 660
UDP [::]:4500 *:* 3332
UDP [::]:5353 *:* 2292
UDP [::]:5355 *:* 2292
UDP [::]:8082 *:* 7680
UDP [::]:53205 *:* 2292
UDP [::]:57143 *:* 2292
UDP [::]:57668 *:* 3556
UDP [::1]:1900 *:* 14788
UDP [::1]:65087 *:* 14788
UDP [fe80::6f02:f390:5d61:c35d%18]:1900 *:* 14788
UDP [fe80::6f02:f390:5d61:c35d%18]:65085 *:* 14788
UDP [fe80::99b9:1986:7038:c6da%22]:1900 *:* 14788
UDP [fe80::99b9:1986:7038:c6da%22]:65084 *:* 14788
UDP [fe80::edbe:12c8:47e8:2285%16]:1900 *:* 14788
UDP [fe80::edbe:12c8:47e8:2285%16]:65086 *:* 14788
64582 - Netstat Connection Information
-
Synopsis
Nessus was able to parse the results of the 'netstat' command on the remote host.
Description
The remote host has listening ports or established connections that Nessus was able to extract from the results of the 'netstat' command.

Note: The output for this plugin can be very long, and is not shown by default. To display it, enable verbose reporting in scan settings.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/13, Modified: 2023/05/23
Plugin Output

tcp/0

tcp4 (listen)
src: [host=0.0.0.0, port=135]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=445]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=623]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=2179]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=5040]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=8081]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=10027]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=10028]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=16992]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49664]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49665]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49666]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=49667]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=50160]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=50161]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=50162]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=50176]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=0.0.0.0, port=61617]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=127.0.0.1, port=50164]
dst: [host=127.0.0.1, port=50165]

tcp4 (established)
src: [host=127.0.0.1, port=50165]
dst: [host=127.0.0.1, port=50164]

tcp4 (listen)
src: [host=169.254.85.151, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=172.27.32.1, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (listen)
src: [host=192.168.100.81, port=139]
dst: [host=0.0.0.0, port=0]

tcp4 (established)
src: [host=192.168.100.81, port=61613]
dst: [host=192.168.100.2, port=135]

tcp4 (established)
src: [host=192.168.100.81, port=61614]
dst: [host=192.168.100.2, port=49671]

tcp4 (established)
src: [host=192.168.100.81, port=61615]
dst: [host=192.168.100.2, port=135]

tcp4 (established)
src: [host=192.168.100.81, port=61616]
dst: [host=192.168.100.2, port=49678]

tcp6 (listen)
src: [host=[::], port=135]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=445]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=623]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=2179]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=3389]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=8081]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=16992]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49664]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49665]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49666]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=49667]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=50160]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=50161]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=50162]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=50176]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::], port=61617]
dst: [host=[::], port=0]

tcp6 (listen)
src: [host=[::1], port=50163]
dst: [host=[::], port=0]

tcp6 (established)
src: [host=[ipaddr], port=135]
dst: [host=[fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5], port=63971]

tcp6 (established)
src: [host=[ipaddr], port=445]
dst: [host=[fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5], port=63970]

tcp6 (listen)
src: [host=[ipaddr], port=51004]
dst: [host=[::], port=0]

tcp6 (established)
src: [host=[ipaddr], port=57304]
dst: [host=[fd01:e2e2:0:e0c0::102], port=51005]

tcp6 (established)
src: [host=[ipaddr], port=61617]
dst: [host=[fd01:e2e2:0:e0c0:c1ff:eb68:fcf4:dad5], port=63972]

udp4 (listen)
src: [host=0.0.0.0, port=53]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=68]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=123]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=3389]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=4500]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5050]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5353]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=5355]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=8082]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=53205]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=57143]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=57666]
dst: [host=*, port=*]

udp4 (listen)
src: [host=0.0.0.0, port=57667]
dst: [host=*, port=*]

udp4 (listen)
src: [host=127.0.0.1, port=1900]
dst: [host=*, port=*]

udp4 (established)
src: [host=127.0.0.1, port=49664]
dst: [host=127.0.0.1, port=49664]

udp4 (established)
src: [host=127.0.0.1, port=49665]
dst: [host=127.0.0.1, port=49665]

udp4 (established)
src: [host=127.0.0.1, port=64443]
dst: [host=127.0.0.1, port=64443]

udp4 (listen)
src: [host=127.0.0.1, port=65091]
dst: [host=*, port=*]

udp4 (listen)
src: [host=169.254.85.151, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=169.254.85.151, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=169.254.85.151, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=169.254.85.151, port=65090]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.27.32.1, port=67]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.27.32.1, port=68]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.27.32.1, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.27.32.1, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.27.32.1, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=172.27.32.1, port=65088]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.100.81, port=137]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.100.81, port=138]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.100.81, port=1900]
dst: [host=*, port=*]

udp4 (listen)
src: [host=192.168.100.81, port=65089]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=123]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=3389]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=4500]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5353]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=5355]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=8082]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=53205]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=57143]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::], port=57668]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[::1], port=65087]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::6f02:f390:5d61:c35d%18], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::6f02:f390:5d61:c35d%18], port=65085]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::99b9:1986:7038:c6da%22], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::99b9:1986:7038:c6da%22], port=65084]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::edbe:12c8:47e8:2285%16], port=1900]
dst: [host=*, port=*]

udp6 (listen)
src: [host=[fe80::edbe:12c8:47e8:2285%16], port=65086]
dst: [host=*, port=*]
34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/0


Nessus was able to find 33 open ports.

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/53

Port 53/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/68

Port 68/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/123

Port 123/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/135/epmap

Port 135/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

Port 445/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/500

Port 500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/623

Port 623/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/2179

Port 2179/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/3389/msrdp

Port 3389/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/3389

Port 3389/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/4500

Port 4500/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/5040

Port 5040/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/5050

Port 5050/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/5353

Port 5353/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/5355

Port 5355/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/8081

Port 8081/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/8082

Port 8082/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/10027

Port 10027/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/10028

Port 10028/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/16992

Port 16992/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49664/dce-rpc

Port 49664/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49665/dce-rpc

Port 49665/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49666/dce-rpc

Port 49666/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/49667/dce-rpc

Port 49667/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/50160/dce-rpc

Port 50160/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/50161/dce-rpc

Port 50161/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/50162/dce-rpc

Port 50162/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/50176/dce-rpc

Port 50176/tcp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/53205

Port 53205/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/57143

Port 57143/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/57666

Port 57666/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

udp/57667

Port 57667/udp was found to be open

34220 - Netstat Portscanner (WMI)
-
Synopsis
Remote open ports can be enumerated via WMI.
Description
Using the WMI interface, Nessus was able to run 'netstat' on the remote host to enumerate the open ports.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/09/16, Modified: 2024/03/26
Plugin Output

tcp/61617

Port 61617/tcp was found to be open

24272 - Network Interfaces Enumeration (WMI)
-
Synopsis
Nessus was able to obtain the list of network interfaces on the remote host.
Description
Nessus was able, via WMI queries, to extract a list of network interfaces on the remote host and the IP addresses attached to them.
Note that this plugin only enumerates IPv6 addresses for systems running Windows Vista or later.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2024/03/26
Plugin Output

tcp/0

+ Network Interface Information :

- Network Interface = [00000001] Intel(R) Ethernet Connection (17) I219-LM
- MAC Address = E0:73:E7:11:35:2F
- IPAddress/IPSubnet = 192.168.100.81/255.255.255.0
- IPAddress/IPSubnet = fe80::6f02:f390:5d61:c35d/64
- IPAddress/IPSubnet = fd01:e2e2:0:e0c0:3c7c:3af1:ab9:eb40/128
- IPAddress/IPSubnet = fd01:e2e2:0:e0c0:2c24:8440:4101:9a0d/64
- IPAddress/IPSubnet = ipaddr/64

+ Network Interface Information :

- Network Interface = [00000012] Hyper-V Virtual Ethernet Adapter
- MAC Address = E0:73:E7:11:35:2F
- IPAddress/IPSubnet = 169.254.85.151/255.255.0.0
- IPAddress/IPSubnet = fe80::edbe:12c8:47e8:2285/64
- IPAddress/IPSubnet = fd01:e2e2:0:e0c0:34fe:4bcd:6a11:5170/128
- IPAddress/IPSubnet = fd01:e2e2:0:e0c0:f844:365a:782d:2da5/64


+ Routing Information :

Destination Netmask Gateway
----------- ------- -------
0.0.0.0 0.0.0.0 192.168.100.254
127.0.0.0 255.0.0.0 0.0.0.0
127.0.0.1 255.255.255.255 0.0.0.0
127.255.255.255 255.255.255.255 0.0.0.0
169.254.0.0 255.255.0.0 0.0.0.0
169.254.85.151 255.255.255.255 0.0.0.0
169.254.255.255 255.255.255.255 0.0.0.0
172.27.32.0 255.255.240.0 0.0.0.0
172.27.32.1 255.255.255.255 0.0.0.0
172.27.47.255 255.255.255.255 0.0.0.0
192.168.100.0 255.255.255.0 0.0.0.0
192.168.100.81 255.255.255.255 0.0.0.0
192.168.100.255 255.255.255.255 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
224.0.0.0 240.0.0.0 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
255.255.255.255 255.255.255.255 0.0.0.0
11936 - OS Identification
-
Synopsis
It is possible to guess the remote operating system.
Description
Using a combination of remote probes (e.g., TCP/IP, SMB, HTTP, NTP, SNMP, etc.), it is possible to guess the name of the remote operating system in use. It is also possible sometimes to guess the version of the operating system.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2003/12/09, Modified: 2023/11/08
Plugin Output

tcp/0


Remote operating system : Microsoft Windows 11 Pro Build 22621
Confidence level : 101
Method : Misc


The remote host is running Microsoft Windows 11 Pro Build 22621

117887 - OS Security Patch Assessment Available
-
Synopsis
Nessus was able to log in to the remote host using the provided credentials and enumerate OS security patch levels.
Description
Nessus was able to determine OS security patch levels by logging into the remote host and running commands to determine the version of the operating system and its components. The remote host was identified as an operating system or device that Nessus supports for patch and update assessment. The necessary information was obtained to perform these checks.
Solution
n/a
Risk Factor
None
References
XREF IAVB:0001-B-0516
Plugin Information
Published: 2018/10/02, Modified: 2021/07/12
Plugin Output

tcp/445/cifs

OS Security Patch Assessment is available.

Account : EMSOCCS1\Administrator
Protocol : SMB

10919 - Open Port Re-check
-
Synopsis
Previously open ports are now closed.
Description
One of several ports that were previously open are now closed or unresponsive.

There are several possible reasons for this :

- The scan may have caused a service to freeze or stop running.

- An administrator may have stopped a particular service during the scanning process.

This might be an availability problem related to the following :

- A network outage has been experienced during the scan, and the remote network cannot be reached anymore by the scanner.

- This scanner may has been blacklisted by the system administrator or by an automatic intrusion detection / prevention system that detected the scan.

- The remote host is now down, either because a user turned it off during the scan or because a select denial of service was effective.

In any case, the audit of the remote host might be incomplete and may need to be done again.
Solution
Steps to resolve this issue include :

- Increase checks_read_timeout and/or reduce max_checks.

- Disable any IPS during the Nessus scan
Risk Factor
None
References
XREF IAVB:0001-B-0509
Plugin Information
Published: 2002/03/19, Modified: 2023/06/20
Plugin Output

tcp/0

Port 10028 was detected as being open but is now closed
Port 10027 was detected as being open but is now closed
Port 5040 was detected as being open but is now closed
Port 16992 was detected as being open but is now closed
Port 623 was detected as being open but is now closed
92426 - OpenSaveMRU History
-
Synopsis
Nessus was able to enumerate opened and saved files on the remote host.
Description
Nessus was able to generate a report on files that were opened using the shell dialog box or saved using the shell dialog box. This is the box that appears when you attempt to save a document or open a document in Windows Explorer.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

Open / Save report attached.
66334 - Patch Report
-
Synopsis
The remote host is missing several patches.
Description
The remote host is missing one or more security patches. This plugin lists the newest version of each patch to install to make sure the remote host is up-to-date.

Note: Because the 'Show missing patches that have been superseded' setting in your scan policy depends on this plugin, it will always run and cannot be disabled.
Solution
Install the patches listed below.
Risk Factor
None
Plugin Information
Published: 2013/07/08, Modified: 2024/04/09
Plugin Output

tcp/0



. You need to take the following 16 actions :

+ Install the following Microsoft patches :
- KB5036893 (9 vulnerabilities)The following KBs would be covered:
KB5034765, KB5034123, KB5033375, KB5035853, KB5029263,
KB5030219, KB5031354, KB5032190, KB5028185
- KB5036620
- KB5033920
- KB5032007
- KB5029921 (1 vulnerabilities)The following KBs would be covered:
KB5028948

[ Adobe Acrobat < 20.005.30574 / 23.008.20533 Multiple Vulnerabilities (APSB24-07) (190457) ]

+ Action to take : Upgrade to Adobe Acrobat version 20.005.30574 / 23.008.20533 or later.

+ Impact : Taking this action will resolve the following 62 different vulnerabilities :
CVE-2024-20765, CVE-2024-20749, CVE-2024-20748, CVE-2024-20747, CVE-2024-20736
CVE-2024-20735, CVE-2024-20734, CVE-2024-20733, CVE-2024-20731, CVE-2024-20730
CVE-2024-20729, CVE-2024-20728, CVE-2024-20727, CVE-2024-20726, CVE-2023-44372
CVE-2023-44371, CVE-2023-44367, CVE-2023-44366, CVE-2023-44365, CVE-2023-44361
CVE-2023-44360, CVE-2023-44359, CVE-2023-44358, CVE-2023-44357, CVE-2023-44356
CVE-2023-44348, CVE-2023-44340, CVE-2023-44339, CVE-2023-44338, CVE-2023-44337
CVE-2023-44336, CVE-2023-38248, CVE-2023-38247, CVE-2023-38246, CVE-2023-38245
CVE-2023-38244, CVE-2023-38243, CVE-2023-38242, CVE-2023-38241, CVE-2023-38240
CVE-2023-38239, CVE-2023-38238, CVE-2023-38237, CVE-2023-38236, CVE-2023-38235
CVE-2023-38234, CVE-2023-38233, CVE-2023-38232, CVE-2023-38231, CVE-2023-38230
CVE-2023-38229, CVE-2023-38228, CVE-2023-38227, CVE-2023-38226, CVE-2023-38225
CVE-2023-38224, CVE-2023-38223, CVE-2023-38222, CVE-2023-29320, CVE-2023-29303
CVE-2023-29299, CVE-2023-26369


[ Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) (181409) ]

+ Action to take : Upgrade Curl to version 8.3.0 or later


[ Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203) (192147) ]

+ Action to take : Upgrade to Microsoft Azure Data Studio version 1.48.0 or later.


[ Microsoft Edge (Chromium) < 123.0.2420.97 Multiple Vulnerabilities (193282) ]

+ Action to take : Upgrade to Microsoft Edge version 123.0.2420.97 or later.

+ Impact : Taking this action will resolve the following 181 different vulnerabilities :
CVE-2024-3516, CVE-2024-3515, CVE-2024-3159, CVE-2024-3158, CVE-2024-3157
CVE-2024-3156, CVE-2024-29981, CVE-2024-29057, CVE-2024-29049, CVE-2024-2887
CVE-2024-2886, CVE-2024-2885, CVE-2024-2883, CVE-2024-2631, CVE-2024-2630
CVE-2024-2629, CVE-2024-2628, CVE-2024-2627, CVE-2024-2626, CVE-2024-2625
CVE-2024-26247, CVE-2024-26246, CVE-2024-26192, CVE-2024-26188, CVE-2024-26163
CVE-2024-2400, CVE-2024-2176, CVE-2024-2174, CVE-2024-2173, CVE-2024-21423
CVE-2024-21388, CVE-2024-21337, CVE-2024-20721, CVE-2024-20709, CVE-2024-20675
CVE-2024-1939, CVE-2024-1938, CVE-2024-1676, CVE-2024-1675, CVE-2024-1674
CVE-2024-1673, CVE-2024-1672, CVE-2024-1671, CVE-2024-1670, CVE-2024-1669
CVE-2024-0519, CVE-2024-0518, CVE-2024-0517, CVE-2024-0333, CVE-2024-0225
CVE-2024-0224, CVE-2024-0223, CVE-2024-0222, CVE-2023-7024, CVE-2023-6707
CVE-2023-6706, CVE-2023-6705, CVE-2023-6704, CVE-2023-6703, CVE-2023-6702
CVE-2023-6512, CVE-2023-6511, CVE-2023-6510, CVE-2023-6509, CVE-2023-6508
CVE-2023-6351, CVE-2023-6350, CVE-2023-6348, CVE-2023-6347, CVE-2023-6346
CVE-2023-6345, CVE-2023-6112, CVE-2023-5997, CVE-2023-5996, CVE-2023-5859
CVE-2023-5858, CVE-2023-5857, CVE-2023-5856, CVE-2023-5855, CVE-2023-5854
CVE-2023-5853, CVE-2023-5852, CVE-2023-5851, CVE-2023-5850, CVE-2023-5849
CVE-2023-5487, CVE-2023-5486, CVE-2023-5485, CVE-2023-5484, CVE-2023-5483
CVE-2023-5482, CVE-2023-5481, CVE-2023-5480, CVE-2023-5479, CVE-2023-5478
CVE-2023-5477, CVE-2023-5476, CVE-2023-5475, CVE-2023-5474, CVE-2023-5473
CVE-2023-5472, CVE-2023-5346, CVE-2023-5218, CVE-2023-5217, CVE-2023-5187
CVE-2023-5186, CVE-2023-4909, CVE-2023-4908, CVE-2023-4907, CVE-2023-4906
CVE-2023-4905, CVE-2023-4904, CVE-2023-4903, CVE-2023-4902, CVE-2023-4901
CVE-2023-4900, CVE-2023-4863, CVE-2023-4764, CVE-2023-4763, CVE-2023-4762
CVE-2023-4761, CVE-2023-4572, CVE-2023-44323, CVE-2023-4431, CVE-2023-4430
CVE-2023-4429, CVE-2023-4428, CVE-2023-4427, CVE-2023-4368, CVE-2023-4367
CVE-2023-4366, CVE-2023-4365, CVE-2023-4364, CVE-2023-4363, CVE-2023-4362
CVE-2023-4361, CVE-2023-4360, CVE-2023-4359, CVE-2023-4358, CVE-2023-4357
CVE-2023-4356, CVE-2023-4355, CVE-2023-4354, CVE-2023-4353, CVE-2023-4352
CVE-2023-4351, CVE-2023-4350, CVE-2023-4349, CVE-2023-4078, CVE-2023-4077
CVE-2023-4076, CVE-2023-4075, CVE-2023-4074, CVE-2023-4073, CVE-2023-4072
CVE-2023-4071, CVE-2023-4070, CVE-2023-4069, CVE-2023-4068, CVE-2023-38174
CVE-2023-38158, CVE-2023-38157, CVE-2023-36880, CVE-2023-36878, CVE-2023-36787
CVE-2023-36741, CVE-2023-36735, CVE-2023-36727, CVE-2023-36562, CVE-2023-36559
CVE-2023-36409, CVE-2023-36034, CVE-2023-36029, CVE-2023-36026, CVE-2023-36024
CVE-2023-36022, CVE-2023-36014, CVE-2023-36008, CVE-2023-35618, CVE-2023-2312
CVE-2023-1999


[ Microsoft Teams < 1.6.0.18681 RCE (179635) ]

+ Action to take : Upgrade to Microsoft Teams 1.6.0.18681 or later.

+ Impact : Taking this action will resolve the following 16 different vulnerabilities :
CVE-2024-29043, CVE-2024-28943, CVE-2024-28941, CVE-2024-28938, CVE-2024-28937
CVE-2024-28936, CVE-2024-28935, CVE-2024-28934, CVE-2024-28933, CVE-2024-28932
CVE-2024-28931, CVE-2024-28930, CVE-2024-28929, CVE-2023-29330, CVE-2023-29328
CVE-2023-24881


[ Security Updates for Microsoft .NET Framework (April 2024) (193217) ]

+ Action to take : Microsoft has released security updates for Microsoft .NET Framework.

+ Impact : Taking this action will resolve the following 15 different vulnerabilities :
CVE-2024-29059, CVE-2024-21409, CVE-2024-21312, CVE-2024-0057, CVE-2024-0056
CVE-2023-36899, CVE-2023-36873, CVE-2023-36796, CVE-2023-36794, CVE-2023-36793
CVE-2023-36792, CVE-2023-36788, CVE-2023-36560, CVE-2023-36049, CVE-2023-36042



[ Security Updates for Microsoft Excel Products C2R Information Disclosure (November 2023) (185742) ]

+ Action to take : For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

+ Impact : Taking this action will resolve the following 5 different vulnerabilities :
CVE-2023-36896, CVE-2023-36766, CVE-2023-36041, CVE-2023-36037, CVE-2023-35371



[ Security Updates for Microsoft Office Products C2R (February 2024) (190541) ]

+ Action to take : For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

+ Impact : Taking this action will resolve the following 13 different vulnerabilities :
CVE-2024-21413, CVE-2024-20677, CVE-2024-20673, CVE-2023-41764, CVE-2023-36897
CVE-2023-36895, CVE-2023-36767, CVE-2023-36765, CVE-2023-36569, CVE-2023-36568
CVE-2023-36413, CVE-2023-36045, CVE-2023-27911


[ Security Updates for Microsoft SQL Server ODBC Driver (April 2024) (193160) ]

+ Action to take : Microsoft has released security updates for the Microsoft SQL Driver.

+ Impact : Taking this action will resolve the following 21 different vulnerabilities :
CVE-2024-29043, CVE-2024-28943, CVE-2024-28941, CVE-2024-28938, CVE-2024-28937
CVE-2024-28936, CVE-2024-28935, CVE-2024-28934, CVE-2024-28933, CVE-2024-28932
CVE-2024-28931, CVE-2024-28930, CVE-2024-28929, CVE-2023-38169, CVE-2023-36785
CVE-2023-36730, CVE-2023-36728, CVE-2023-36420, CVE-2023-36417, CVE-2023-32028
CVE-2023-29349


[ Security Updates for Microsoft SQL Server OLE DB Driver (April 2024) (193161) ]

+ Action to take : Microsoft has released security updates for the Microsoft SQL OLE DB Driver.

+ Impact : Taking this action will resolve the following 33 different vulnerabilities :
CVE-2024-29985, CVE-2024-29984, CVE-2024-29983, CVE-2024-29982, CVE-2024-29048
CVE-2024-29047, CVE-2024-29046, CVE-2024-29045, CVE-2024-29044, CVE-2024-28945
CVE-2024-28944, CVE-2024-28942, CVE-2024-28940, CVE-2024-28939, CVE-2024-28927
CVE-2024-28926, CVE-2024-28915, CVE-2024-28914, CVE-2024-28913, CVE-2024-28912
CVE-2024-28911, CVE-2024-28910, CVE-2024-28909, CVE-2024-28908, CVE-2024-28906
CVE-2023-38169, CVE-2023-36785, CVE-2023-36730, CVE-2023-36728, CVE-2023-36420
CVE-2023-36417, CVE-2023-32028, CVE-2023-29349


[ Security Updates for Microsoft Word Products C2R (February 2024) (190544) ]

+ Action to take : For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update.

+ Impact : Taking this action will resolve the following 4 different vulnerabilities :
CVE-2024-21379, CVE-2023-36762, CVE-2023-36761, CVE-2023-36009

139241 - Python Software Foundation Python Installed (Windows)
-
Synopsis
A programming language application is installed on the remote Windows host.
Description
Python, a tool to locally create and run application in the python programming language, is installed on the remote Windows host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/07/31, Modified: 2024/03/26
Plugin Output

tcp/0


Path : C:\Users\Administrator.EMSOCCS1\AppData\Local\Programs\Python\Python311\
Version : 3.11.4
92428 - Recent File History
-
Synopsis
Nessus was able to enumerate recently opened files on the remote host.
Description
Nessus was able to gather evidence of files opened by file type from the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\Users\Webuser\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini

Recent files found in registry and appdata attached.
92429 - Recycle Bin Files
-
Synopsis
Nessus was able to enumerate files in the recycle bin on the remote host.
Description
Nessus was able to generate a list of all files found in $Recycle.Bin subdirectories.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

C:\\$Recycle.Bin\\.
C:\\$Recycle.Bin\\..
C:\\$Recycle.Bin\\S-1-5-18
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-1001
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-500
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1103
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1107
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1313
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1315
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1340
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1344
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500
C:\\$Recycle.Bin\\S-1-5-18\.
C:\\$Recycle.Bin\\S-1-5-18\..
C:\\$Recycle.Bin\\S-1-5-18\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-1001\.
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-1001\..
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-1001\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-500\.
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-500\..
C:\\$Recycle.Bin\\S-1-5-21-1942055394-3177162208-3032883132-500\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1103\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1103\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1103\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1107\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1107\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1107\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1313\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1313\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1313\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1315\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1315\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1315\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$I6EG8U8
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$I7OVVMS
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$I95DNVH.txt
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$ICLGSSQ
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$IK2BHJL
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$IKV8KT5
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$IOEFUUK
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$IPY0Q2Y
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$R6EG8U8
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$R7OVVMS
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$R95DNVH.txt
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RCLGSSQ
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RK2BHJL
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RKV8KT5
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$ROEFUUK
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RPY0Q2Y
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$R7OVVMS\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$R7OVVMS\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RCLGSSQ\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RCLGSSQ\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RK2BHJL\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RK2BHJL\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RKV8KT5\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RKV8KT5\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$ROEFUUK\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$ROEFUUK\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RPY0Q2Y\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1322\$RPY0Q2Y\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$IFCES4D
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$IHNRKQU
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$RFCES4D
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$RHNRKQU
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$RFCES4D\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$RFCES4D\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$RHNRKQU\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1325\$RHNRKQU\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1340\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1340\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1340\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1344\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1344\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-1344\desktop.ini
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\.
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\..
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$IIS6HZP.lnk
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$INTA1Q4.lnk
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$RIS6HZP.lnk
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\$RNTA1Q4.lnk
C:\\$Recycle.Bin\\S-1-5-21-3388008032-3793481426-1508724218-500\desktop.ini

10940 - Remote Desktop Protocol Service Detection
-
Synopsis
The remote host has an remote desktop protocol service enabled.
Description
The Remote Desktop Protocol allows a user to remotely obtain a graphical login (and therefore act as a local user on the remote host).

If an attacker gains a valid login and password, this service could be used to gain further access on the remote host. An attacker may also use this service to mount a dictionary attack against the remote host to try to log in remotely.

Note that RDP (the Remote Desktop Protocol) is vulnerable to Man-in-the-middle attacks, making it easy for attackers to steal the credentials of legitimate users by impersonating the Windows server.
Solution
Disable the service if you do not use it, and do not allow this service to run across the Internet.
Risk Factor
None
Plugin Information
Published: 2002/04/20, Modified: 2023/08/21
Plugin Output

tcp/3389/msrdp

62042 - SMB QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote host has quick-fix engineering updates installed.
Description
By connecting to the host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/09/11, Modified: 2022/02/01
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

KB5012170, Installed on: 2023/07/24
KB5028851, Installed on: 2023/07/24
42897 - SMB Registry : Start the Registry Service during the scan (WMI)
-
Synopsis
The registry service was enabled for the duration of the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down, this plugin will attempt to start for the duration of the scan.

For this plugin to work, you need to select the option 'Start the Remote Registry service during the scan' on the credentials page when you add your Windows credentials.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2024/03/26
Plugin Output

tcp/0


The registry service was successfully started for the duration of the scan.
42898 - SMB Registry : Stop the Registry Service after the scan (WMI)
-
Synopsis
The registry service was stopped after the scan.
Description
To perform a full credentialed scan, Nessus needs the ability to connect to the remote registry service (RemoteRegistry). If the service is down and if Nessus automatically enabled the registry for the duration of the scan, this plugins will stop it afterwards.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2009/11/25, Modified: 2024/03/26
Plugin Output

tcp/0


The registry service was successfully stopped after the scan.

56984 - SSL / TLS Versions Supported
-
Synopsis
The remote service encrypts communications.
Description
This plugin detects which SSL and TLS versions are supported by the remote service for encrypting communications.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/01, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp


This port supports TLSv1.3/TLSv1.0/TLSv1.1/TLSv1.2.
10863 - SSL Certificate Information
-
Synopsis
This plugin displays the SSL certificate.
Description
This plugin connects to every SSL-related port and attempts to extract and dump the X.509 certificate.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2008/05/19, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Issuer Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Serial Number: 44 75 1F DA B9 2D 3A 81 4B BE CF FB 02 08 1B 8B

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Feb 27 02:08:30 2024 GMT
Not Valid After: Aug 28 02:08:30 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 95 D1 15 56 5D FA 17 73 0B ED D3 B8 39 34 6A 0B 82 5A 89
99 00 DD 7B 0C 8E 1F E5 ED 16 C5 99 84 7A 17 7F 34 42 B7 AB
F8 39 4C 55 3C 0A 7A 1C 15 89 5A F5 F4 7B 81 B1 41 83 D5 00
27 25 03 AE 48 72 C1 82 5C F1 17 C4 6C CF FB 44 43 02 DC 2B
C6 A9 52 16 F9 22 7D BE 24 A7 38 7D 45 00 C5 2B 91 31 5C 53
93 3B 54 BA 14 36 96 7D 35 D7 39 D1 5C B5 00 E7 D5 EB FA A4
F9 44 AD 14 42 B2 43 51 7A EF 78 0E B5 9F F7 24 6B F2 4A 85
51 D7 A9 58 6C 85 6B 03 67 B9 2E E8 A7 6C A5 EC A7 4E 12 C3
98 2E 47 C9 46 BE 67 91 85 DE 95 75 38 07 85 48 B8 6B 51 5C
92 74 97 12 96 5E B9 FD 19 CD E5 E0 EE 22 D9 1B 1F 48 67 37
15 C6 03 5C 3A 5A 95 DD 49 B2 AC B9 19 8B F6 CC 8B 88 03 73
41 05 AD 0F 6E 95 29 6D 86 86 5E E8 CA 0D 48 5E F4 2A 67 CE
27 1E 45 C9 3F 31 40 F8 31 0C 4E 62 8D C2 E9 F5 B5
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D 7E B0 F2 CD D4 A4 AB EC E4 B0 FE 09 22 8E 63 A4 7B F4
FA 73 98 A4 DA 9C EE E6 96 A7 EF 41 79 26 ED FB D8 17 03 BB
26 51 52 E4 06 1C E9 A2 FA 68 A9 6C 99 D9 1F 7A 9B 8C 9E CF
15 E6 E9 59 D0 A6 76 62 49 DB 5C 1D 12 59 42 F2 77 5D 29 26
01 1C B2 D9 70 59 27 5D 3B BD 30 76 39 4B 6D 0F 68 3A 4A D7
7B 49 BD E4 8B EB A6 38 D9 64 20 C1 C4 46 B0 B4 7C 90 84 09
1F 33 0D 27 D3 FF B3 67 59 A8 BB E7 5D 59 A4 02 89 3A 35 EF
4B 27 CC B6 B5 84 3D CC C8 F9 48 85 62 24 0B 43 D4 E2 24 14
BD 49 2E 43 F2 6D 7D 2C EC C2 F0 AB F3 EF 30 8A 79 80 66 06
E0 18 57 8F 11 A6 05 6B 35 6A 47 BB EE 82 69 76 A1 AB 42 0E
7D D6 9A FF 71 85 EC 31 72 CE 86 E9 F0 02 15 CD 60 C7 4C C9
79 2B 98 70 9F F1 15 6B A6 27 43 81 3C 75 31 0C 68 02 BE 51
E4 1F EB 8D B8 6C 00 75 76 29 A8 6D 31 D2 3C 20 BE

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment


Fingerprints :

SHA-256 Fingerprint: 77 84 F2 F6 0C BB E8 EF B2 E1 2D 44 37 24 30 E8 7C 8F 62 AD
F7 D8 28 5F DD 9E B1 00 7E 8D 93 7B
SHA-1 Fingerprint: 4B A4 19 A3 78 BA F7 CC 43 3D A4 D9 61 76 C8 BA D6 B9 65 13
MD5 Fingerprint: 31 5B 1B CF 79 83 2B 45 90 C8 73 CF 70 04 FA 1D


PEM certificate :

-----BEGIN CERTIFICATE-----
MIIDDjCCAfagAwIBAgIQRHUf2rktOoFLvs/7AggbizANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVDT05TT0xFLTEuZ2NjLkVNU09DQ1MuZ3NkZi5tb2RzLmdvLmpwMB4XDTI0MDIyNzAyMDgzMFoXDTI0MDgyODAyMDgzMFowMDEuMCwGA1UEAxMlQ09OU09MRS0xLmdjYy5FTVNPQ0NTLmdzZGYubW9kcy5nby5qcDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJXRFVZd+hdzC+3TuDk0aguCWomZAN17DI4f5e0WxZmEehd/NEK3q/g5TFU8CnocFYla9fR7gbFBg9UAJyUDrkhywYJc8RfEbM/7REMC3CvGqVIW+SJ9viSnOH1FAMUrkTFcU5M7VLoUNpZ9Ndc50Vy1AOfV6/qk+UStFEKyQ1F673gOtZ/3JGvySoVR16lYbIVrA2e5LuinbKXsp04Sw5guR8lGvmeRhd6VdTgHhUi4a1FcknSXEpZeuf0ZzeXg7iLZGx9IZzcVxgNcOlqV3UmyrLkZi/bMi4gDc0EFrQ9ulSlthoZe6MoNSF70KmfOJx5FyT8xQPgxDE5ijcLp9bUCAwEAAaMkMCIwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYDVR0PBAQDAgQwMA0GCSqGSIb3DQEBCwUAA4IBAQAtfrDyzdSkq+zksP4JIo5jpHv0+nOYpNqc7uaWp+9BeSbt+9gXA7smUVLkBhzpovpoqWyZ2R96m4yezxXm6VnQpnZiSdtcHRJZQvJ3XSkmARyy2XBZJ107vTB2OUttD2g6Std7Sb3ki+umONlkIMHERrC0fJCECR8zDSfT/7NnWai7511ZpAKJOjXvSyfMtrWEPczI+UiFYiQLQ9TiJBS9SS5D8m19LOzC8Kvz7zCKeYBmBuAYV48RpgVrNWpHu+6CaXahq0IOfdaa/3GF7DFyzobp8AIVzWDHTMl5K5hwn/EVa6YnQ4E8dTEMaAK+UeQf6424bAB1dimobTHSPCC+
-----END CERTIFICATE-----
70544 - SSL Cipher Block Chaining Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Cipher Block Chaining ciphers, which combine previous blocks with subsequent ones.
Description
The remote host supports the use of SSL ciphers that operate in Cipher Block Chaining (CBC) mode. These cipher suites offer additional security over Electronic Codebook (ECB) mode, but have the potential to leak information if used improperly.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/10/22, Modified: 2021/02/03
Plugin Output

tcp/3389/msrdp


Here is the list of SSL CBC ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
21643 - SSL Cipher Suites Supported
-
Synopsis
The remote service encrypts communications using SSL.
Description
This plugin detects which SSL ciphers are supported by the remote service for encrypting communications.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2006/06/05, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp


Here is the list of SSL ciphers supported by the remote server :
Each group is reported per SSL Version.

SSL Version : TLSv13
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
TLS_AES_128_GCM_SHA256 0x13, 0x01 - - AES-GCM(128) AEAD
TLS_AES_256_GCM_SHA384 0x13, 0x02 - - AES-GCM(256) AEAD


SSL Version : TLSv12
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256


SSL Version : TLSv11
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1


SSL Version : TLSv1
High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

Note that this service does not encrypt traffic by default but does
support upgrading to an encrypted connection using STARTTLS.
57041 - SSL Perfect Forward Secrecy Cipher Suites Supported
-
Synopsis
The remote service supports the use of SSL Perfect Forward Secrecy ciphers, which maintain confidentiality even if the key is stolen.
Description
The remote host supports the use of SSL ciphers that offer Perfect Forward Secrecy (PFS) encryption. These cipher suites ensure that recorded SSL traffic cannot be broken at a future date if the server's private key is compromised.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/12/07, Modified: 2021/03/09
Plugin Output

tcp/3389/msrdp


Here is the list of SSL PFS ciphers supported by the remote server :

High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
ECDHE-RSA-AES128-SHA256 0xC0, 0x2F ECDH RSA AES-GCM(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x30 ECDH RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}
156899 - SSL/TLS Recommended Cipher Suites
-
Synopsis
The remote host advertises discouraged SSL/TLS ciphers.
Description
The remote host has open SSL/TLS ports which advertise discouraged cipher suites. It is recommended to only enable support for the following cipher suites:

TLSv1.3:
- 0x13,0x01 TLS13_AES_128_GCM_SHA256
- 0x13,0x02 TLS13_AES_256_GCM_SHA384
- 0x13,0x03 TLS13_CHACHA20_POLY1305_SHA256

TLSv1.2:
- 0xC0,0x2B ECDHE-ECDSA-AES128-GCM-SHA256
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0xC0,0x2C ECDHE-ECDSA-AES256-GCM-SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xCC,0xA9 ECDHE-ECDSA-CHACHA20-POLY1305
- 0xCC,0xA8 ECDHE-RSA-CHACHA20-POLY1305

This is the recommended configuration for the vast majority of services, as it is highly secure and compatible with nearly every client released in the last five (or more) years.
See Also
Solution
Only enable support for recommened cipher suites.
Risk Factor
None
Plugin Information
Published: 2022/01/20, Modified: 2024/02/12
Plugin Output

tcp/3389/msrdp

The remote host has listening SSL/TLS ports which advertise the discouraged cipher suites outlined below:


High Strength Ciphers (>= 112-bit key)

Name Code KEX Auth Encryption MAC
---------------------- ---------- --- ---- --------------------- ---
RSA-AES128-SHA256 0x00, 0x9C RSA RSA AES-GCM(128) SHA256
RSA-AES256-SHA384 0x00, 0x9D RSA RSA AES-GCM(256) SHA384
ECDHE-RSA-AES128-SHA 0xC0, 0x13 ECDH RSA AES-CBC(128) SHA1
ECDHE-RSA-AES256-SHA 0xC0, 0x14 ECDH RSA AES-CBC(256) SHA1
AES128-SHA 0x00, 0x2F RSA RSA AES-CBC(128) SHA1
AES256-SHA 0x00, 0x35 RSA RSA AES-CBC(256) SHA1
ECDHE-RSA-AES128-SHA256 0xC0, 0x27 ECDH RSA AES-CBC(128) SHA256
ECDHE-RSA-AES256-SHA384 0xC0, 0x28 ECDH RSA AES-CBC(256) SHA384
RSA-AES128-SHA256 0x00, 0x3C RSA RSA AES-CBC(128) SHA256
RSA-AES256-SHA256 0x00, 0x3D RSA RSA AES-CBC(256) SHA256

The fields above are :

{Tenable ciphername}
{Cipher ID code}
Kex={key exchange}
Auth={authentication}
Encrypt={symmetric encryption method}
MAC={message authentication code}
{export flag}

160486 - Server Message Block (SMB) Protocol Version Detection
-
Synopsis
Verify the version of SMB on the remote host.
Description
The Server Message Block (SMB) Protocol provides shared access to files and printers across nodes on a network.
See Also
Solution
Disable SMB version 1 and block all versions of SMB at the network boundary by blocking TCP port 445 with related protocols on UDP ports 137-138 and TCP port 139, for all boundary devices.
Risk Factor
None
Plugin Information
Published: 2022/05/04, Modified: 2022/05/04
Plugin Output

tcp/445/cifs

- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB2 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB3 : Key not found.
- SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters\SMB1 : Key not found.

121010 - TLS Version 1.1 Protocol Detection
-
Synopsis
The remote service encrypts traffic using an older version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.1.
TLS 1.1 lacks support for current and recommended cipher suites.
Ciphers that support encryption before MAC computation, and authenticated encryption modes such as GCM cannot be used with TLS 1.1

As of March 31, 2020, Endpoints that are not enabled for TLS 1.2 and higher will no longer function properly with major web browsers and major vendors.
See Also
Solution
Enable support for TLS 1.2 and/or 1.3, and disable support for TLS 1.1.
Risk Factor
None
References
XREF CWE:327
Plugin Information
Published: 2019/01/08, Modified: 2023/04/19
Plugin Output

tcp/3389/msrdp

TLSv1.1 is enabled and the server supports at least one cipher.
136318 - TLS Version 1.2 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.2.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/05/04, Modified: 2020/05/04
Plugin Output

tcp/3389/msrdp

TLSv1.2 is enabled and the server supports at least one cipher.
138330 - TLS Version 1.3 Protocol Detection
-
Synopsis
The remote service encrypts traffic using a version of TLS.
Description
The remote service accepts connections encrypted using TLS 1.3.
See Also
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2020/07/09, Modified: 2023/12/13
Plugin Output

tcp/3389/msrdp

TLSv1.3 is enabled and the server supports at least one cipher.

150799 - Target Access Problems by Authentication Protocol - Maximum Privilege Account Used in Scan
-
Synopsis
Nessus scanned the target host with the highest available privilege level. Yet Nessus encountered permissions issues while accessing one or more items during the scan.
Description
Nessus was able to log in to the remote host using the provided credentials. The provided credentials have the highest privilege possible on the remote host. Yet Nessus encountered permissions issues while accessing items during the scan.

It is likely that this condition is caused by one or more of the following:

1) A plugin tried to access a resource that requires a special privilege level such as NT_AUTHORITY on Windows. The resource may have had its permissions altered since the plugin was written.
2) Environmental issues may have caused an intermittent failure in authentication that caused Nessus to stop attempting privilege escalation.
3) A resource on the host that Nessus attempts to access multiple times may be configured with access limits. Related lockouts may look like permissions failures.
4) Nessus may have tried to access a resource that does not exist on a target that fails to properly report permissions issues.
For instance, on some legacy unix systems such as AIX or HP-UX there is no way to distinguish a missing resource from a permissions error.

If you believe that the plugin indicated attempted to access the wrong resource or a resource that has recently received special OS protection, please contact Tenable Support.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/07/06, Modified: 2021/07/06
Plugin Output

tcp/445/cifs


Nessus was able to log in to the remote host via the following
protocol as Administrator. This credential has the highest
privilege level possible for this host. Yet Nessus encountered
the following permissions issues while performing the planned checks:

Protocol : SMB
Port : 445

Problems:
Plugin 171956: Permission was denied while opening 'windows\System32\Tasks\Microsoft\Windows\GroupPolicy\{3E0A038B-D834-4930-9981-E89C9BFF83AA}'.
141118 - Target Credential Status by Authentication Protocol - Valid Credentials Provided
-
Synopsis
Valid credentials were provided for an available authentication protocol.
Description
Nessus was able to determine that valid credentials were provided for an authentication protocol available on the remote target because it was able to successfully authenticate directly to the remote target using that authentication protocol at least once. Authentication was successful because the authentication protocol service was available remotely, the service was able to be identified, the authentication protocol was able to be negotiated successfully, and a set of credentials provided in the scan policy for that authentication protocol was accepted by the remote service. See plugin output for details, including protocol, port, and account.

Please note the following :

- This plugin reports per protocol, so it is possible for valid credentials to be provided for one protocol and not another. For example, authentication may succeed via SSH but fail via SMB, while no credentials were provided for an available SNMP service.

- Providing valid credentials for all available authentication protocols may improve scan coverage, but the value of successful authentication for a given protocol may vary from target to target depending upon what data (if any) is gathered from the target via that protocol. For example, successful authentication via SSH is more valuable for Linux targets than for Windows targets, and likewise successful authentication via SMB is more valuable for Windows targets than for Linux targets.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2020/10/15, Modified: 2024/03/25
Plugin Output

tcp/445/cifs


Nessus was able to log in to the remote host via the following :

User: 'EMSOCCS1\Administrator'
Port: 445
Proto: SMB
Method: password

92433 - Terminal Services History
-
Synopsis
Nessus was able to gather terminal service connection information.
Description
Nessus was able to generate a report on terminal service connections on the target system.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

Terminal Services Client
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500


Terminal Services Server
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-21-3388008032-3793481426-1508724218-500_Classes
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18
- S-1-5-18


Extended Terminal Services report attached.

64814 - Terminal Services Use SSL/TLS
-
Synopsis
The remote Terminal Services use SSL/TLS.
Description
The remote Terminal Services is configured to use SSL/TLS.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/02/22, Modified: 2023/07/10
Plugin Output

tcp/3389/msrdp

Subject Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Issuer Name:

Common Name: masked_hostname.gcc.EMSOCCS.gsdf.mods.go.jp

Serial Number: 44 75 1F DA B9 2D 3A 81 4B BE CF FB 02 08 1B 8B

Version: 3

Signature Algorithm: SHA-256 With RSA Encryption

Not Valid Before: Feb 27 02:08:30 2024 GMT
Not Valid After: Aug 28 02:08:30 2024 GMT

Public Key Info:

Algorithm: RSA Encryption
Key Length: 2048 bits
Public Key: 00 95 D1 15 56 5D FA 17 73 0B ED D3 B8 39 34 6A 0B 82 5A 89
99 00 DD 7B 0C 8E 1F E5 ED 16 C5 99 84 7A 17 7F 34 42 B7 AB
F8 39 4C 55 3C 0A 7A 1C 15 89 5A F5 F4 7B 81 B1 41 83 D5 00
27 25 03 AE 48 72 C1 82 5C F1 17 C4 6C CF FB 44 43 02 DC 2B
C6 A9 52 16 F9 22 7D BE 24 A7 38 7D 45 00 C5 2B 91 31 5C 53
93 3B 54 BA 14 36 96 7D 35 D7 39 D1 5C B5 00 E7 D5 EB FA A4
F9 44 AD 14 42 B2 43 51 7A EF 78 0E B5 9F F7 24 6B F2 4A 85
51 D7 A9 58 6C 85 6B 03 67 B9 2E E8 A7 6C A5 EC A7 4E 12 C3
98 2E 47 C9 46 BE 67 91 85 DE 95 75 38 07 85 48 B8 6B 51 5C
92 74 97 12 96 5E B9 FD 19 CD E5 E0 EE 22 D9 1B 1F 48 67 37
15 C6 03 5C 3A 5A 95 DD 49 B2 AC B9 19 8B F6 CC 8B 88 03 73
41 05 AD 0F 6E 95 29 6D 86 86 5E E8 CA 0D 48 5E F4 2A 67 CE
27 1E 45 C9 3F 31 40 F8 31 0C 4E 62 8D C2 E9 F5 B5
Exponent: 01 00 01

Signature Length: 256 bytes / 2048 bits
Signature: 00 2D 7E B0 F2 CD D4 A4 AB EC E4 B0 FE 09 22 8E 63 A4 7B F4
FA 73 98 A4 DA 9C EE E6 96 A7 EF 41 79 26 ED FB D8 17 03 BB
26 51 52 E4 06 1C E9 A2 FA 68 A9 6C 99 D9 1F 7A 9B 8C 9E CF
15 E6 E9 59 D0 A6 76 62 49 DB 5C 1D 12 59 42 F2 77 5D 29 26
01 1C B2 D9 70 59 27 5D 3B BD 30 76 39 4B 6D 0F 68 3A 4A D7
7B 49 BD E4 8B EB A6 38 D9 64 20 C1 C4 46 B0 B4 7C 90 84 09
1F 33 0D 27 D3 FF B3 67 59 A8 BB E7 5D 59 A4 02 89 3A 35 EF
4B 27 CC B6 B5 84 3D CC C8 F9 48 85 62 24 0B 43 D4 E2 24 14
BD 49 2E 43 F2 6D 7D 2C EC C2 F0 AB F3 EF 30 8A 79 80 66 06
E0 18 57 8F 11 A6 05 6B 35 6A 47 BB EE 82 69 76 A1 AB 42 0E
7D D6 9A FF 71 85 EC 31 72 CE 86 E9 F0 02 15 CD 60 C7 4C C9
79 2B 98 70 9F F1 15 6B A6 27 43 81 3C 75 31 0C 68 02 BE 51
E4 1F EB 8D B8 6C 00 75 76 29 A8 6D 31 D2 3C 20 BE

Extension: Extended Key Usage (2.5.29.37)
Critical: 0
Purpose#1: Web Server Authentication (1.3.6.1.5.5.7.3.1)


Extension: Key Usage (2.5.29.15)
Critical: 0
Key Usage: Key Encipherment, Data Encipherment

161691 - The Microsoft Windows Support Diagnostic Tool (MSDT) RCE Workaround Detection (CVE-2022-30190)
-
Synopsis
Checks for the HKEY_CLASSES_ROOT\ms-msdt registry key.
Description
The remote host has the HKEY_CLASSES_ROOT\ms-msdt registry key. This is a known exposure for CVE-2022-30190.

Note that Nessus has not tested for CVE-2022-30190. It is only checking if the registry key exists. The recommendation is to apply the latest patch.
See Also
Solution
Apply the latest Cumulative Update.
Risk Factor
None
Plugin Information
Published: 2022/05/31, Modified: 2022/07/28
Plugin Output

tcp/445/cifs

The HKEY_CLASSES_ROOT\ms-msdt registry key exists on the target. This may indicate that the target is vulnerable to CVE-2022-30190, if the vendor patch is not applied.

56468 - Time of Last System Startup
-
Synopsis
The system has been started.
Description
Using the supplied credentials, Nessus was able to determine when the host was last started.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/10/12, Modified: 2018/06/19
Plugin Output

tcp/0


20240422101358.500000+540
92434 - User Download Folder Files
-
Synopsis
Nessus was able to enumerate downloaded files on the remote host.
Description
Nessus was able to generate a report of all files listed in the default user download folder.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

C:\\Users\Administrator\Downloads\desktop.ini
C:\\Users\Administrator\Downloads\sp135986.exe
C:\\Users\Administrator\Downloads\sp140894.exe
C:\\Users\Administrator\Downloads\sp142246.exe
C:\\Users\Administrator\Downloads\sp142596.exe
C:\\Users\Administrator\Downloads\sp143435.exe
C:\\Users\Administrator\Downloads\sp143863.exe
C:\\Users\Administrator\Downloads\sp144077.exe
C:\\Users\Administrator\Downloads\sp144854.exe
C:\\Users\Administrator\Downloads\sp144855.exe
C:\\Users\Administrator\Downloads\sp144858.exe
C:\\Users\Administrator\Downloads\sp144871.exe
C:\\Users\Administrator\Downloads\sp144878.exe
C:\\Users\Administrator\Downloads\sp145033.exe
C:\\Users\Administrator\Downloads\sp145113.exe
C:\\Users\Administrator\Downloads\sp145181.exe
C:\\Users\Administrator\Downloads\sp145190.exe
C:\\Users\Administrator\Downloads\sp145229.exe
C:\\Users\Administrator\Downloads\sp145244.exe
C:\\Users\Administrator\Downloads\sp145247.exe
C:\\Users\Administrator\Downloads\sp145258.exe
C:\\Users\Administrator\Downloads\sp145265.exe
C:\\Users\Administrator\Downloads\sp145593.exe
C:\\Users\Administrator\Downloads\sp146068 (1).exe
C:\\Users\Administrator\Downloads\sp146068.exe
C:\\Users\Administrator.EMSOCCS1\Downloads\desktop.ini
C:\\Users\Administrator.EMSOCCS1\Downloads\TrellixSmartInstall.exe
C:\\Users\DBAdmin\Downloads\desktop.ini
C:\\Users\EVEMAAdmin\Downloads\desktop.ini
C:\\Users\ikeda\Downloads\desktop.ini
C:\\Users\Public\Downloads\desktop.ini
C:\\Users\tachibana\Downloads\desktop.ini
C:\\Users\Tanaka\Downloads\desktop.ini
C:\\Users\testuser1\Downloads\desktop.ini
C:\\Users\testuser2\Downloads\desktop.ini
C:\\Users\Webuser\Downloads\desktop.ini

Download folder content report attached.
92431 - User Shell Folders Settings
-
Synopsis
Nessus was able to find the folder paths for user folders on the remote host.
Description
Nessus was able to gather a list of settings from the target system that store common user folder locations. A few of the more common locations are listed below :

- Administrative Tools
- AppData
- Cache
- CD Burning
- Cookies
- Desktop
- Favorites
- Fonts
- History
- Local AppData
- My Music
- My Pictures
- My Video
- NetHood
- Personal
- PrintHood
- Programs
- Recent
- SendTo
- Start Menu
- Startup
- Templates
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/16
Plugin Output

tcp/0

S-1-5-21-3388008032-3793481426-1508724218-500
- {7d1d3a04-debb-4115-95cf-2f29da2920da} : C:\Users\Administrator.EMSOCCS1\Searches
- {1b3ea5dc-b587-4786-b4ef-bd1dc332aeae} : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Libraries
- {374de290-123f-4565-9164-39c4925e467b} : C:\Users\Administrator.EMSOCCS1\Downloads
- recent : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Recent
- my video : C:\Users\Administrator.EMSOCCS1\Videos
- my music : C:\Users\Administrator.EMSOCCS1\Music
- {56784854-c6cb-462b-8169-88e350acb882} : C:\Users\Administrator.EMSOCCS1\Contacts
- {bfb9d5e0-c6a9-404c-b2b2-ae6db6af4968} : C:\Users\Administrator.EMSOCCS1\Links
- {a520a1a4-1780-4ff6-bd18-167343c5af16} : C:\Users\Administrator.EMSOCCS1\AppData\LocalLow
- sendto : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\SendTo
- start menu : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Start Menu
- cookies : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Windows\INetCookies
- personal : C:\Users\Administrator.EMSOCCS1\Documents
- administrative tools : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
- startup : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- nethood : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Network Shortcuts
- history : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Windows\History
- {4c5c32ff-bb9d-43b0-b5b4-2d72e54eaaa4} : C:\Users\Administrator.EMSOCCS1\Saved Games
- {00bcfc5a-ed94-4e48-96a1-3f6217f21990} : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Windows\RoamingTiles
- !do not use this registry key : Use the SHGetFolderPath or SHGetKnownFolderPath function instead
- local appdata : C:\Users\Administrator.EMSOCCS1\AppData\Local
- my pictures : C:\Users\Administrator.EMSOCCS1\Pictures
- templates : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Templates
- printhood : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
- cache : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Windows\INetCache
- desktop : C:\Users\Administrator.EMSOCCS1\Desktop
- programs : C:\Users\Administrator.EMSOCCS1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
- fonts : C:\windows\Fonts
- cd burning : C:\Users\Administrator.EMSOCCS1\AppData\Local\Microsoft\Windows\Burn\Burn
- favorites : C:\Users\Administrator.EMSOCCS1\Favorites
- appdata : C:\Users\Administrator.EMSOCCS1\AppData\Roaming
92435 - UserAssist Execution History
-
Synopsis
Nessus was able to enumerate program execution history on the remote host.
Description
Nessus was able to gather evidence from the UserAssist registry key that has a list of programs that have been executed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/11/12
Plugin Output

tcp/0

{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{010e7c4f-e374-4861-a807-df1c7e65c9c6}\.cr\ssms-setup-jpn.exe
c:\users\administrator.emsoccs1\appdata\local\microsoft\windowsapps\microsoft.windowsterminal_8wekyb3d8bbwe\wt.exe
ueme_ctlsession
c:\newscp\term\bin_1110\opc.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\microsoft.analysisservices.deployment.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\trellix\trellix endpoint security.lnk
c:\newscp\term\bin_20231003\opc.exe
c:\users\public\desktop\microsoft edge.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\accessories\remote desktop connection.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msdt.exe
microsoft.microsoftstickynotes_8wekyb3d8bbwe!app
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\services.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\hyper-v manager.lnk
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\hp\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
c:\users\administrator.emsoccs1\desktop\installnewscp.cmd
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{b42fda32-ed75-4f4a-b9cc-065a99962793}\.cr\vc_redist.x64.exe
f:\windows\ironkey.exe
c:\users\administrator.emsoccs1\desktop\a5m2_2.18.4_x64\a5m2.exe
c:\users\administrator.emsoccs1\desktop\wiresharkportable64\app\wireshark\wireshark.exe
thingamahoochie.winmerge
{6d809377-6af0-444b-8957-a3773f02200e}\windowsapps\microsoft.windowsnotepad_11.2305.18.0_x64__8wekyb3d8bbwe\notepad\notepad.exe
microsoft.office.excel.exe.15
c:\users\administrator.emsoccs1\appdata\local\temp\g\tmdmon.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\powerpoint.lnk
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\administrative tools.lnk
microsoftteams_8wekyb3d8bbwe!microsoftteams
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\hp\hp support framework\resources\bingpopup\bingpopup.exe
microsoft.windows.photos_8wekyb3d8bbwe!app
c:\newscp\term\bin_1108\opc.exe
microsoft.autogenerated.{97880e4e-9653-3da7-99dc-d2454e1f6f2e}
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\microsoft sql server tools 19\sql server management studio management studio 19.lnk
d:\1515\02_db\a5m2_2.18.2_x64\a5m2.exe
c:\newscp\term\bin_20231024\opc.exe
microsoft.windows.administrativetools
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\system tools\task manager.lnk
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\odbc data sources (64-bit).lnk
com.squirrel.teams.teams
microsoft.office.winword.exe.15
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\notepad.exe
{6d809377-6af0-444b-8957-a3773f02200e}\hp\hp client security manager\hp.clientsecuritymanager.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\hp wolf security .lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiescomputername.exe
c:\logcontroller\logcontroller.exe
{6d809377-6af0-444b-8957-a3773f02200e}\strings\strings64.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{ce07b367-6ef3-4bb4-a5cd-70691a1cb097}\.cr\python-3.11.4-amd64.exe
microsoft.windows.explorer
ueme_ctlcuacount:ctor
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\msiexec.exe
microsoft.windows.photoviewer
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\file explorer.lnk
c:\users\administrator.emsoccs1\downloads\trellixsmartinstall.exe
microsoft.windowsterminal_8wekyb3d8bbwe!app
microsoft.gethelp_8wekyb3d8bbwe!app
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\file explorer.lnk
c:\newscp\termsim_radiowavestat\script\windows\run.bat
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\systempropertiesadvanced.exe
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\excel.lnk
microsoft.getstarted_8wekyb3d8bbwe!app
microsoft.windowsalarms_8wekyb3d8bbwe!app
c:\newscp\term\bin_1115\opc.exe
c:\newscp\term\bin_20231102b\opc.exe
microsoft.windows.controlpanel
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\credentialuibroker.exe
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\control panel.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\wscript.exe
{6d809377-6af0-444b-8957-a3773f02200e}\windowsapps\microsoft.paint_11.2302.19.0_x64__8wekyb3d8bbwe\paintapp\mspaint.exe
mcafee.endpointsecurity.alerttoasts
c:\newscp\term\bin_1116test\opc.exe
microsoft.autogenerated.{8a0187df-d2e0-0dda-863e-9bae2484d8d9}
c:\newscp\term\_old\bin_20231024b\dc.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\windowspowershell\v1.0\powershell.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\ssms.exe
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\profiler.exe
c:\newscp\termsim_emrgproc\script\windows\run_release.bat
microsoft.windows.apprep.chxapp_cw5n1h2txyewy!app
microsoft.windows.windowsinstaller
{0139d44e-6afe-49f2-8690-3dafcae6ffb8}\administrative tools\performance monitor.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\vmconnect.exe
c:\newscp\termsim_radiowavestat\script\windows\run_release.bat
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\system tools\command prompt.lnk
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\odbcad32.exe
c:\newscp\term\bin\opc.exe
{6d809377-6af0-444b-8957-a3773f02200e}\windows nt\accessories\wordpad.exe
{f38bf404-1d43-42f2-9305-67de0b28fc23}\temp\{3ff16e8b-0d65-4eaf-ac0f-64f9d774422a}\.cr\vc_redist.x64.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\calc.exe
c:\newscp\term\release\opc.exe
microsoft.windows.remotedesktop
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\r1515\sakura\sakura.exe
microsoft.windowsmaps_8wekyb3d8bbwe!app
microsoft.windowsfeedbackhub_8wekyb3d8bbwe!app
c:\users\administrator.emsoccs1\desktop\versetnewscp.cmd
ad2f1837.myhp_v10z8vjag6ke6!app
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\microsoft teams.lnk
c:\newscp\term\bin_1107\opc.exe
g:\open_hs.exe
microsoft.autogenerated.{17057676-e6d9-9391-bec1-258039d37d32}
microsoft.windows.startmenuexperiencehost_cw5n1h2txyewy!app
{6d809377-6af0-444b-8957-a3773f02200e}\windowsapps\microsoft.windowsterminal_1.17.11461.0_x64__8wekyb3d8bbwe\windowsterminal.exe
{6d809377-6af0-444b-8957-a3773f02200e}\microsoft office\root\vfs\programfilescommonx64\microsoft shared\office16\msoxmled.exe
microsoft.people_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x
microsoft.windows.shell.rundialog
microsoft.office.powerpnt.exe.15
microsoft.windows.shellexperiencehost_cw5n1h2txyewy!app
f:\ironkey.exe
{6d809377-6af0-444b-8957-a3773f02200e}\mcafee\agent\x86\updaterui.exe
microsoft.windowscalculator_8wekyb3d8bbwe!app
microsoft.autogenerated.{69209710-447e-f110-992c-25ae987b0a17}
microsoft.screensketch_8wekyb3d8bbwe!app
{9e3995ab-1f9c-4f13-b827-48b24b6c7174}\taskbar\microsoft edge.lnk
c:\newscp\term\bin_20231026\opc.exe
windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel
msedge
{7c5a40ef-a0fb-4bfc-874a-c0f2e0b9fa8e}\microsoft sql server management studio 19\common7\ide\commonextensions\microsoft\ssis\160\binn\dtswizard.exe
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\cmd.exe
c:\newscp\term\bin\dc.exe
{6d809377-6af0-444b-8957-a3773f02200e}\windowsapps\microsoft.screensketch_11.2303.17.0_x64__8wekyb3d8bbwe\snippingtool\snippingtool.exe
microsoftwindows.client.cbs_cw5n1h2txyewy!cortanaui
microsoft.skydrive.desktop
microsoft.paint_8wekyb3d8bbwe!app
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\r1515\tool\unicon130[1]\unixtime_converter.exe
microsoft.sechealthui_8wekyb3d8bbwe!sechealthui
{1ac14e77-02e7-4e5d-b744-2eb1ae5198b7}\services.msc
c:\users\administrator.emsoccs1\appdata\local\microsoft\teams\current\teams.exe
c:\users\administrator.emsoccs1\desktop\wiresharkportable64\wiresharkportable64.exe
f:\tableversion\mastertableversionview.exe
microsoft.windowsnotepad_8wekyb3d8bbwe!app
microsoftwindows.client.cbs_cw5n1h2txyewy!screenclipping
{a77f5d77-2e2b-44c3-a6a2-aba601054a51}\windows powershell\windows powershell.lnk
c:\users\administrator.emsoccs1\appdata\local\temp\open_hs.exe

Extended userassist report attached.

24269 - WMI Available
-
Synopsis
WMI queries can be made against the remote host.
Description
The supplied credentials can be used to make WMI (Windows Management Instrumentation) requests against the remote host over DCOM.

These requests can be used to gather information about the remote host, such as its current state, network interface configuration, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2007/02/03, Modified: 2024/03/26
Plugin Output

tcp/445/cifs

The remote host returned the following caption from Win32_OperatingSystem:

Microsoft Windows 11 Pro

51187 - WMI Encryptable Volume Enumeration
-
Synopsis
The remote Windows host has encryptable volumes available.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates encryptable volume information available on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/12/15, Modified: 2024/03/26
Plugin Output

tcp/0


Here is a list of encryptable volumes available on the remote system :

+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter D:

- DeviceID : \\?\Volume{d739d273-60a8-44de-9301-3d1bfbddb35b}\

+ DriveLetter


+ DriveLetter C:

- DeviceID : \\?\Volume{f2669359-6b82-4860-a0a3-5771e0b792f7}\

+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter


+ DriveLetter
52001 - WMI QuickFixEngineering (QFE) Enumeration
-
Synopsis
The remote Windows host has quick-fix engineering updates installed.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates quick-fix engineering updates installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2011/02/16, Modified: 2024/03/26
Plugin Output

tcp/0


Here is a list of quick-fix engineering updates installed on the
remote system :

+ KB5028851
- Description : Update
- InstalledOn : 7/24/2023
- SystemName : masked_hostname
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : http://support.microsoft.com/?kbid=5028851

+ KB5012170
- Description : Security Update
- InstalledOn : 7/24/2023
- SystemName : masked_hostname
- InstalledBy : masked_hostname\Administrator
- Caption : https://support.microsoft.com/help/5012170

+ KB5028185
- Description : Security Update
- InstalledOn : 7/24/2023
- SystemName : masked_hostname
- InstalledBy : NT AUTHORITY\SYSTEM
- Caption : https://support.microsoft.com/help/5028185

+ KB5028320
- Description : Update
- InstalledOn : 7/24/2023
- SystemName : masked_hostname
- InstalledBy : NT AUTHORITY\SYSTEM
51186 - WMI Trusted Platform Module Enumeration
-
Synopsis
The remote Windows host has a Trusted Platform Module available.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates information about the Trusted Platform Module installed on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/12/14, Modified: 2024/03/26
Plugin Output

tcp/0


Here is the info about the Trusted Platform Modules installed on
the remote system :

+ ManufacturerId : NTC/1314145024

- IsActivated_InitialValue : 1
- IsEnabled_InitialValue : 1
- IsOwned_InitialValue : 1
- ManufacturerVersion : 7.2.3.1
- PhysicalPresenceVersionInfo : 1.3
- SpecVersion : 2.0, 0, 1.59
44871 - WMI Windows Feature Enumeration
-
Synopsis
It is possible to enumerate Windows features using WMI.
Description
Nessus was able to enumerate the server features of the remote host by querying the 'Win32_ServerFeature' class of the '\Root\cimv2' WMI namespace for Windows Server versions or the 'Win32_OptionalFeature' class of the '\Root\cimv2' WMI namespace for Windows Desktop versions.

Note that Features can only be enumerated for Windows 7 and later for desktop versions.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0754
Plugin Information
Published: 2010/02/24, Modified: 2024/03/26
Plugin Output

tcp/0


Nessus enumerated the following Windows features :

- MSRDC-Infrastructure
- MediaPlayback
- Microsoft-Hyper-V
- Microsoft-Hyper-V-All
- Microsoft-Hyper-V-Hypervisor
- Microsoft-Hyper-V-Management-Clients
- Microsoft-Hyper-V-Management-PowerShell
- Microsoft-Hyper-V-Services
- Microsoft-Hyper-V-Tools-All
- MicrosoftWindowsPowerShellV2
- MicrosoftWindowsPowerShellV2Root
- NetFx4-AdvSrvs
- Printing-Foundation-Features
- Printing-Foundation-InternetPrinting-Client
- Printing-PrintToPDFServices-Features
- SearchEngine-Client-Package
- SmbDirect
- VirtualMachinePlatform
- WCF-Services45
- WCF-TCP-PortSharing45
- WindowsMediaPlayer
- WorkFolders-Client

162174 - Windows Always Installed Elevated Status
-
Synopsis
Windows AlwaysInstallElevated policy status was found on the remote Windows host
Description
Windows AlwaysInstallElevated policy status was found on the remote Windows host.
You can use the AlwaysInstallElevated policy to install a Windows Installer package with elevated (system) privileges This option is equivalent to granting full administrative rights, which can pose a massive security risk. Microsoft strongly discourages the use of this setting.
Solution
If enabled, disable AlwaysInstallElevated policy per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/06/14, Modified: 2022/06/14
Plugin Output

tcp/445/cifs

AlwaysInstallElevated policy is not enabled under HKEY_LOCAL_MACHINE.
AlwaysInstallElevated policy is not enabled under HKEY_USERS user:S-1-5-21-3388008032-3793481426-1508724218-500

48337 - Windows ComputerSystemProduct Enumeration (WMI)
-
Synopsis
It is possible to obtain product information from the remote host using WMI.
Description
By querying the WMI class 'Win32_ComputerSystemProduct', it is possible to extract product information about the computer system such as UUID, IdentifyingNumber, vendor, etc.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2010/08/16, Modified: 2024/03/26
Plugin Output

tcp/0


+ ³0ó0Ô0å0ü0¿0ü0

159817 - Windows Credential Guard Status
-
Synopsis
Retrieves the status of Windows Credential Guard.
Description
Retrieves the status of Windows Credential Guard.
Credential Guard prevents attacks such as such as Pass-the-Hash or Pass-The-Ticket by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/04/18, Modified: 2023/08/25
Plugin Output

tcp/445/cifs


Windows Credential Guard is not fully enabled.
The following registry keys have not been set :
- System\CurrentControlSet\Control\DeviceGuard\RequirePlatformSecurityFeatures : Key not found.
- System\CurrentControlSet\Control\LSA\LsaCfgFlags : Key not found.
- System\CurrentControlSet\Control\DeviceGuard\EnableVirtualizationBasedSecurity : Key not found.
58181 - Windows DNS Server Enumeration
-
Synopsis
Nessus enumerated the DNS servers being used by the remote Windows host.
Description
Nessus was able to enumerate the DNS servers configured on the remote Windows host by looking in the registry.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2012/03/01, Modified: 2022/02/01
Plugin Output

tcp/445/cifs


Nessus enumerated DNS servers for the following interfaces :

Interface: {d3c19e44-7c5b-4891-badc-3aa42734b42c}
Network Connection : 低萌
NameServer: 192.168.100.1,192.168.100.2

Interface: {9549f53b-363c-4526-aa30-b4ababba6be7}
Network Connection : Wi-Fi
DhcpNameServer: 192.168.128.1
164690 - Windows Disabled Command Prompt Enumeration
-
Synopsis
This plugin determines if the DisableCMD policy is enabled or disabled on the remote host for each local user.
Description
The remote host may employ the DisableCMD policy on a per user basis. Enumerated local users may have the following registry key:
'HKLM\Software\Policies\Microsoft\Windows\System\DisableCMD'

- Unset or 0: The command prompt is enabled normally.
- 1: The command promt is disabled.
- 2: The command prompt is disabled however windows batch processing is allowed.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2022/09/06, Modified: 2022/10/05
Plugin Output

tcp/445/cifs


Username: DefaultAccount
SID: S-1-5-21-1942055394-3177162208-3032883132-503
DisableCMD: Unset

Username: Administrator
SID: S-1-5-21-1942055394-3177162208-3032883132-500
DisableCMD: Unset

Username: WDAGUtilityAccount
SID: S-1-5-21-1942055394-3177162208-3032883132-504
DisableCMD: Unset

Username: Guest
SID: S-1-5-21-1942055394-3177162208-3032883132-501
DisableCMD: Unset

72482 - Windows Display Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the display drivers on the remote host.
Description
Nessus was able to enumerate one or more of the display drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
References
XREF IAVT:0001-T-0756
Plugin Information
Published: 2014/02/06, Modified: 2024/03/26
Plugin Output

tcp/0


Device Name : Intel(R) UHD Graphics 770
Driver File Version : 31.0.101.4146
Driver Date : 02/22/2023
Video Processor : Intel(R) UHD Graphics Family

Device Name : NVIDIA T400 4GB
Driver File Version : 30.0.15.1165
Driver Date : 01/28/2022
Driver Version : 511.65
Video Processor : NVIDIA T400 4GB
171956 - Windows Enumerate Accounts
-
Synopsis
Enumerate Windows accounts.
Description
Enumerate Windows accounts.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2023/02/28, Modified: 2024/04/03
Plugin Output

tcp/0

Windows accounts enumerated. Results output to DB.
User data gathered in scan starting at : 2024/4/23 10:11 Tokyo Standard Time
92423 - Windows Explorer Recently Executed Programs
-
Synopsis
Nessus was able to enumerate recently executed programs on the remote host.
Description
Nessus was able to find evidence of program execution using Windows Explorer registry logs and settings.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2019/08/15
Plugin Output

tcp/0

DTSWizard.exePO :i+00/D:\N1,W11515:,WbW8F.B(1515`1bWBFxx.DB_BKUPFbWBFbWBF.Ccxx.DB_BKUP
Ssms.exeX\r,!PCsg<;-1SPSsC\nCOi3n}1SPS0%G`a\n'fd01-e2e2-0-e0c0--241.ipv6-literal.net-1SPS:7CD)I\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\R1515Microsoft NetworkX5EW000~1>W&EW.AH000000V5FW=0b~1<W1FW=.2uJ0b(uaZ5FW}=_SQLx>FW}=FW}=.\n}_SQLx

{C9F254CD-2C7B-42D9-9722-CE94ADD629A5}PO :i+00/F:\Z5FW7&00~1@FW7]Wx.&00000&d1^WA202310~1L^WA]Wx.d520231030_F-16
{B5E83989-4076-4ED0-A33E-9B8E9870B07F}:H:,LB)A&&Q3ojsj
WinMergeU.exePO :i+00/C:\T1iW2newscp>9WDjW%._q&newscpN1jW%term:9WajW%.+hJtermJ1jW,ini89WjW,.ini
A5M2.exeX\r,!PCsg<;-1SPSsC\nCOi3n}1SPS0%G`a\n'fd01-e2e2-0-e0c0--241.ipv6-literal.net-1SPS:7CD)I\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\R1515Microsoft NetworkX5bW000~1>W&bW.A#000000V50X@<0b~1<W10X@<.20b(uaH13X;DB6EW+3X;.w$DB
explorer.exePO :i+00/C:\T10Xnewscp>9WD0X.0Hnewscp
{30E5A091-D3FA-47CA-AECE-36B87010BE29}PO :i+00/F:\F5iW-7&4iW-7hWx.@&
{1325D457-F6A2-4BA1-B357-6EB5A6930AD0}X\r,!PCsg<;-1SPSsC\nCOi3n}1SPS0%G`a\n'fd01-e2e2-0-e0c0--241.ipv6-literal.net-1SPS:7CD)I\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\R1515Microsoft NetworkN1ZWatool:DWZWa.btool
PickerHost.exePO :i+00/F:\`57X000~1F7X6Xx.f000000g'YwN57X00087X6Xx.000X57X000~2>7X6Xx.00000_
control\1
adecb
mstsc\1
calc\1
wordpad\1
cmd\1
PickerHost.exeXnXXt
DC.exe&
DTSWizard.exer%
\n
{C9F254CD-2C7B-42D9-9722-CE94ADD629A5}
Ssms.exe@
WinMergeU.exe@+G
{B5E83989-4076-4ED0-A33E-9B8E9870B07F}DPA_-
explorer.exe6UNq
{30E5A091-D3FA-47CA-AECE-36B87010BE29}
{1325D457-F6A2-4BA1-B357-6EB5A6930AD0}IQ
OPC.exeG
A5M2.exe@t+
x@_dP/N
X\r,!PCsg<

MRU programs details in attached report.
92418 - Windows Explorer Typed Paths
-
Synopsis
Nessus was able to enumerate the directory paths that users visited by typing the full directory path into Windows Explorer.
Description
Nessus was able to enumerate the directory paths that users visited by manually typing the full directory path into Windows Explorer. The generated folder list report contains folders local to the system, folders from past mounted network drives, and folders from mounted devices.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/11/15
Plugin Output

tcp/0

cmd
\\192.168.100.250\q\1\202402280\1\Tools
C:\newscp\term
F:\20231113_f-5-2-
\\console-3\c$
\\cld-conn-app
\\CLD-CONN-APP\Public
\\CLD-CONN-APP\
\\192.168.100.241

\\console-3\C$\newscp\term
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\R1515\\(\MESW\\20231116_#9
\\masked_hostname4
\\console-2\C$
\\console-2\C$\newscp\term
\\console-4\C$\newscp\term
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\R1515\MOD-2
\\masked_hostname3\c$
F:\20240122_log
C:\newscp\term\data
\\fd01-e2e2-0-e0c0--241.ipv6-literal.net\R1515\
\\CLD-CONN-APP\Public\NewsCon
\\masked_hostname3
\\cld-conn-app\Public\NewsCon
\\CLD-CONN-APP

Extended explorer typed paths report attached.

159929 - Windows LSA Protection Status
-
Synopsis
Windows LSA Protection is disabled on the remote Windows host.
Description
The LSA Protection validates users for local and remote sign-ins and enforces local security policies to prevent reading memory and code injection by non-protected processes. This provides added security for the credentials that the LSA stores and manages. This protects against Pass-the-Hash or Mimikatz-style attacks.
Solution
Enable LSA Protection per your corporate security guidelines.
Risk Factor
None
Plugin Information
Published: 2022/04/20, Modified: 2022/05/25
Plugin Output

tcp/445/cifs


LSA Protection Key \SYSTEM\CurrentControlSet\Control\Lsa\RunAsPPL not found.

148541 - Windows Language Settings Detection
-
Synopsis
This plugin enumerates language files on a windows host.
Description
By connecting to the remote host with the supplied credentials, this plugin enumerates language IDs listed on the host.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/04/14, Modified: 2022/02/01
Plugin Output

tcp/0

Default Install Language Code: 1041

Default Active Language Code: 1041

Other common microsoft Language packs may be scanned as well.

10150 - Windows NetBIOS / SMB Remote Host Information Disclosure
-
Synopsis
It was possible to obtain the network name of the remote host.
Description
The remote host is listening on UDP port 137 or TCP port 445, and replies to NetBIOS nbtscan or SMB requests.

Note that this plugin gathers information to be used in other plugins, but does not itself generate a report.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 1999/10/12, Modified: 2021/02/10
Plugin Output

tcp/445/cifs

The following 2 NetBIOS names have been gathered :

masked_hostname = Computer name
EMSOCCS1 = Workgroup / Domain name

77668 - Windows Prefetch Folder
-
Synopsis
Nessus was able to retrieve the Windows prefetch folder file list.
Description
Nessus was able to retrieve and display the contents of the Windows prefetch folder (%systemroot%\prefetch\*). This information shows programs that have run with the prefetch and superfetch mechanisms enabled.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2014/09/12, Modified: 2018/11/15
Plugin Output

tcp/0

+ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters
rootdirpath :
enableprefetcher : 3

+ Prefetch file list :
- \windows\prefetch\A5M2.EXE-133AD047.pf
- \windows\prefetch\A5M2.EXE-4B5DC8C9.pf
- \windows\prefetch\A5M2.EXE-5A62123D.pf
- \windows\prefetch\A5M2.EXE-BA2BF82A.pf
- \windows\prefetch\ACROBAT.EXE-F94F9B29.pf
- \windows\prefetch\ACROBAT.EXE-F94F9B2A.pf
- \windows\prefetch\ADOBEARM.EXE-F9223367.pf
- \windows\prefetch\AIRNAVI.EXE-6DA1B0E8.pf
- \windows\prefetch\AIRSET2_SETUP.TMP-38AD0F64.pf
- \windows\prefetch\AMCFG.EXE-6AC3AD25.pf
- \windows\prefetch\AMUPDATE.EXE-6E29E2A7.pf
- \windows\prefetch\AOSSWPS.EXE-66A83615.pf
- \windows\prefetch\APPLICATIONFRAMEHOST.EXE-8CE9A1EE.pf
- \windows\prefetch\AX_INSTALLER.EXE-03171FDE.pf
- \windows\prefetch\AZUREDATASTUDIO-WINDOWS-SETUP-F411A1A0.pf
- \windows\prefetch\BACKGROUNDTASKHOST.EXE-6D58042C.pf
- \windows\prefetch\BACKGROUNDTASKHOST.EXE-96BA26A1.pf
- \windows\prefetch\BACKGROUNDTASKHOST.EXE-FDB4277B.pf
- \windows\prefetch\BPCENV_SETUP.TMP-ED97C4AA.pf
- \windows\prefetch\BRHOSTSVR.EXE-DB1739C7.pf
- \windows\prefetch\BRIDGECOMMUNICATION.EXE-677880EA.pf
- \windows\prefetch\BRPRINTHELPER.EXE-AD7E585B.pf
- \windows\prefetch\CALC.EXE-43F37294.pf
- \windows\prefetch\CALCULATORAPP.EXE-BD3622F6.pf
- \windows\prefetch\CHXSMARTSCREEN.EXE-2D9D9C45.pf
- \windows\prefetch\CMD.EXE-0BD30981.pf
- \windows\prefetch\CMVMAIN.EXE-5118A454.pf
- \windows\prefetch\CMV_SETUP.TMP-7190E01B.pf
- \windows\prefetch\COMPATTELRUNNER.EXE-B7A68ECC.pf
- \windows\prefetch\CONHOST.EXE-0C6456FB.pf
- \windows\prefetch\CONSENT.EXE-40419367.pf
- \windows\prefetch\CONTROL.EXE-6EA5489A.pf
- \windows\prefetch\CREDENTIALUIBROKER.EXE-8CEDA3EB.pf
- \windows\prefetch\CSRSS.EXE-F3C368CB.pf
- \windows\prefetch\CTFMON.EXE-795F8130.pf
- \windows\prefetch\DC.EXE-51C68F88.pf
- \windows\prefetch\DC.EXE-B4DED445.pf
- \windows\prefetch\DEFRAG.EXE-3D9E8D72.pf
- \windows\prefetch\DEV_STATUS_VIEWER.EXE-5A293311.pf
- \windows\prefetch\DEV_STATUS_VIEWER.EXE-944523C2.pf
- \windows\prefetch\DEV_STATUS_VIEWER.EXE-A6FA6F3E.pf
- \windows\prefetch\DEV_STATUS_VIEWER.EXE-E9E63F89.pf
- \windows\prefetch\DLLHOST.EXE-0AF12BE0.pf
- \windows\prefetch\DLLHOST.EXE-160EC4A3.pf
- \windows\prefetch\DLLHOST.EXE-3B90068C.pf
- \windows\prefetch\DLLHOST.EXE-555BE465.pf
- \windows\prefetch\DLLHOST.EXE-5C1377F3.pf
- \windows\prefetch\DLLHOST.EXE-7FC5191B.pf
- \windows\prefetch\DLLHOST.EXE-ABD51A3C.pf
- \windows\prefetch\DLLHOST.EXE-B5D7D318.pf
- \windows\prefetch\DLLHOST.EXE-D2559B8C.pf
- \windows\prefetch\DLLHOST.EXE-E173F32A.pf
- \windows\prefetch\DLLHOST.EXE-F2FAC048.pf
- \windows\prefetch\DTSWIZARD.EXE-AADEE80F.pf
- \windows\prefetch\DWM.EXE-314E93C5.pf
- \windows\prefetch\DXLSETUP-MA.EXE-FDAE69D1.pf
- \windows\prefetch\EXCEL.EXE-FE860005.pf
- \windows\prefetch\EXPLORER.EXE-D5E97654.pf
- \windows\prefetch\FIRSTLOGONANIM.EXE-FA0BF656.pf
- \windows\prefetch\FONTDRVHOST.EXE-8152304A.pf
- \windows\prefetch\FSQUIRT.EXE-A8FF1DEB.pf
- \windows\prefetch\FSUTIL.EXE-0B55CC80.pf
- \windows\prefetch\GAMEBAR.EXE-9B37724A.pf
- \windows\prefetch\GETHELP.EXE-1DE0A2CA.pf
- \windows\prefetch\GPUPDATE.EXE-7EBA4B6F.pf
- \windows\prefetch\HELPPANE.EXE-2CB7BD18.pf
- \windows\prefetch\HP.CLIENTSECURITYMANAGER.EXE-3058A461.pf
- \windows\prefetch\HPDCSETUP.EXE-C76862EB.pf
- \windows\prefetch\HXTSR.EXE-E165EAE5.pf
- \windows\prefetch\IMECFMUI.EXE-503ADB72.pf
- \windows\prefetch\INSPECTVHDDIALOG.EXE-E665AF4A.pf
- \windows\prefetch\IPCONFIG.EXE-BFEC2AD0.pf
- \windows\prefetch\IRONKEY.EXE-6ADC40F0.pf
- \windows\prefetch\IRONKEY.EXE-A8F5F037.pf
- \windows\prefetch\IRONKEY.EXE-FA7D99AD.pf
- \windows\prefetch\IRONKEY.EXE-FE4818FA.pf
- \windows\prefetch\LOCKAPP.EXE-3013E0AC.pf
- \windows\prefetch\LODCTR.EXE-57DC4D95.pf
- \windows\prefetch\LOGCONTROLLER.EXE-7DE46394.pf
- \windows\prefetch\LOGCONTROLLER.EXE-E5776694.pf
- \windows\prefetch\LOGONUI.EXE-F639BD7E.pf
- \windows\prefetch\MAAGENT.EXE-B27F30C4.pf
- \windows\prefetch\MACLIENT_X64_3.33.0.47573.EXE-BE137946.pf
- \windows\prefetch\MACOMSERVER.EXE-1E86F88A.pf
- \windows\prefetch\MANAGE-BDE.EXE-5D45B44A.pf
- \windows\prefetch\MARDPREG.EXE-97E62335.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-417E51AA.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-48EC9A04.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-8ED5823A.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-A5F825E9.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-B278E3AD.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-D01AACF4.pf
- \windows\prefetch\MASTERTABLEVERSIONVIEW.EXE-EBE10E1F.pf
- \windows\prefetch\MCSCRIPT_INUSE.EXE-9B844AC9.pf
- \windows\prefetch\MDRIVER.EXE-95B71D3C.pf
- \windows\prefetch\MFECONSOLE.EXE-0B8F459D.pf
- \windows\prefetch\MICROSOFT.ANALYSISSERVICES.DE-099FCB03.pf
- \windows\prefetch\MICROSOFT.PHOTOS.EXE-0C476E36.pf
- \windows\prefetch\MICROSOFTEDGEUPDATE.EXE-7A595326.pf
- \windows\prefetch\MMC.EXE-16363D3B.pf
- \windows\prefetch\MMC.EXE-3459FEC0.pf
- \windows\prefetch\MMC.EXE-56A87BDF.pf
- \windows\prefetch\MMC.EXE-6C0E4E7F.pf
- \windows\prefetch\MMC.EXE-71D2C593.pf
- \windows\prefetch\MMC.EXE-9017DC33.pf
- \windows\prefetch\MMC.EXE-9553A8D1.pf
- \windows\prefetch\MMC.EXE-9D43EF5C.pf
- \windows\prefetch\MMC.EXE-A33E6027.pf
- \windows\prefetch\MMC.EXE-FFC403E6.pf
- \windows\prefetch\MOBSYNC.EXE-B307E1CC.pf
- \windows\prefetch\MONOTIFICATIONUX.EXE-62024999.pf
- \windows\prefetch\MOUSOCOREWORKER.EXE-44A01CE7.pf
- \windows\prefetch\MSCORSVW.EXE-16B291C4.pf
- \windows\prefetch\MSCORSVW.EXE-8CE1A322.pf
- \windows\prefetch\MSDT.EXE-D579957D.pf
- \windows\prefetch\MSEDGE.EXE-37D25F9A.pf
- \windows\prefetch\MSEDGE.EXE-37D25F9B.pf
- \windows\prefetch\MSEDGE.EXE-37D25F9D.pf
- \windows\prefetch\MSEDGE.EXE-37D25F9F.pf
- \windows\prefetch\MSEDGE.EXE-37D25FA1.pf
- \windows\prefetch\MSEDGEWEBVIEW2.EXE-61723CBA.pf
- \windows\prefetch\MSEDGEWEBVIEW2.EXE-EE5DBF1E.pf
- \windows\prefetch\MSEDGEWEBVIEW2.EXE-EE5DBF1F.pf
- \windows\prefetch\MSEDGEWEBVIEW2.EXE-EE5DBF20.pf
- \windows\prefetch\MSEDGEWEBVIEW2.EXE-EE5DBF21.pf
- \windows\prefetch\MSEDGEWEBVIEW2.EXE-EE5DBF25.pf
- \windows\prefetch\MSINFO32.EXE-C3C668DA.pf
- \windows\prefetch\MSOXMLED.EXE-C27770D3.pf
- \windows\prefetch\MSPAINT.EXE-D8E292B6.pf
- \windows\prefetch\MSTEAMS.EXE-4BC6E1E0.pf
- \windows\prefetch\MSTEAMS.EXE-9989EA5E.pf
- \windows\prefetch\MSTSC.EXE-2A83B7D7.pf
- \windows\prefetch\NETSH.EXE-A596235F.pf
- \windows\prefetch\NETSTAT.EXE-47804A0C.pf
- \windows\prefetch\NGEN.EXE-4A8DA13E.pf
- \windows\prefetch\NGEN.EXE-734C6620.pf
- \windows\prefetch\NGENTASK.EXE-0E6CEC17.pf
- \windows\prefetch\NGENTASK.EXE-849BFD75.pf
- \windows\prefetch\NOTEPAD.EXE-4E8C239F.pf
- \windows\prefetch\NSL234B.TMP.EXE-82F282FC.pf
- \windows\prefetch\NSLF887.TMP.EXE-96C7C586.pf
- \windows\prefetch\NVCPLUI.EXE-183B3F22.pf
- \windows\prefetch\NVDISPLAY.CONTAINER.EXE-DD74B784.pf
- \windows\prefetch\NVWMI64.EXE-3B8F79F2.pf
- \windows\prefetch\ODBCAD32.EXE-721CA52F.pf
- \windows\prefetch\OFFICEC2RCLIENT.EXE-6DB2EFE8.pf
- \windows\prefetch\OFFICE_DEPLOYMENT_TOOLS_2021_-E1B18321.pf
- \windows\prefetch\ONEDRIVE.EXE-05361D4F.pf
- \windows\prefetch\ONEDRIVE.EXE-B657FF91.pf
- \windows\prefetch\Op-EXPLORER.EXE-D5E97654-000000F5.pf
- \windows\prefetch\Op-MSEDGE.EXE-37D25F9A-00000001.pf
- \windows\prefetch\Op-MSEDGEWEBVIEW2.EX-C2AEA602-00000001.pf
- \windows\prefetch\OPC.EXE-052A4106.pf
- \windows\prefetch\OPC.EXE-08EE9A02.pf
- \windows\prefetch\OPC.EXE-14991BDC.pf
- \windows\prefetch\OPC.EXE-3A807FB5.pf
- \windows\prefetch\OPC.EXE-442B8A0B.pf
- \windows\prefetch\OPC.EXE-4A4D543F.pf
- \windows\prefetch\OPC.EXE-541EB052.pf
- \windows\prefetch\OPC.EXE-80C13098.pf
- \windows\prefetch\OPC.EXE-9312955F.pf
- \windows\prefetch\OPC.EXE-9D23A414.pf
- \windows\prefetch\OPC.EXE-C1D288E7.pf
- \windows\prefetch\OPC.EXE-C5BA5B2F.pf
- \windows\prefetch\OPC.EXE-CCDC562B.pf
- \windows\prefetch\OPC.EXE-D3E02D89.pf
- \windows\prefetch\OPC.EXE-E96D41F7.pf
- \windows\prefetch\OPC.EXE-E9D53469.pf
- \windows\prefetch\OPC.EXE-FBEB8B0D.pf
- \windows\prefetch\OPENWITH.EXE-8B50D58B.pf
- \windows\prefetch\OPEN_HS.EXE-7A84FD01.pf
- \windows\prefetch\OPEN_HS.EXE-8F78846D.pf
- \windows\prefetch\OPEN_HS.EXE-CE6D48EB.pf
- \windows\prefetch\OPTIONALFEATURES.EXE-F3E13EA6.pf
- \windows\prefetch\PERFMON.EXE-D0751FA8.pf
- \windows\prefetch\PICKERHOST.EXE-DE4B8E61.pf
- \windows\prefetch\POWERPNT.EXE-7A8D1F9B.pf
- \windows\prefetch\POWERSHELL.EXE-CA1AE517.pf
- \windows\prefetch\PRIVACYICONCLIENT.EXE-601B1A76.pf
- \windows\prefetch\PROFILER.EXE-6394A475.pf
- \windows\prefetch\PYTHON-3.11.4-AMD64.EXE-77A5A296.pf
- \windows\prefetch\PYTHON-3.11.4-AMD64.EXE-805EAA75.pf
- \windows\prefetch\PYTHON-3.11.4-AMD64.EXE-BAFD9679.pf
- \windows\prefetch\RAKUPDATE.EXE-C0E34A24.pf
- \windows\prefetch\RAKUPDATEINST.EXE-BCB11E50.pf
- \windows\prefetch\READERDC64_JP_XA_MDR_INSTALL.-32C80D65.pf
- \windows\prefetch\REGEDIT.EXE-DAB4D60B.pf
- \windows\prefetch\RTKAUDUSERVICE64.EXE-BEA33BD1.pf
- \windows\prefetch\RUNDLL32.EXE-11379A76.pf
- \windows\prefetch\RUNDLL32.EXE-29DB891C.pf
- \windows\prefetch\RUNDLL32.EXE-39DFD187.pf
- \windows\prefetch\RUNDLL32.EXE-44D09CF6.pf
- \windows\prefetch\RUNDLL32.EXE-45377345.pf
- \windows\prefetch\RUNDLL32.EXE-4B620BD4.pf
- \windows\prefetch\RUNDLL32.EXE-57F57AEE.pf
- \windows\prefetch\RUNDLL32.EXE-7A316597.pf
- \windows\prefetch\RUNDLL32.EXE-8A32CB20.pf
- \windows\prefetch\RUNDLL32.EXE-AB20518D.pf
- \windows\prefetch\RUNDLL32.EXE-B7F36E75.pf
- \windows\prefetch\RUNDLL32.EXE-CE40F220.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-0E4DCEC0.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-5D744F78.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-5F3C6D71.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-60FEF7D1.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-808C4A71.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-941547B9.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-CB688168.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-CEE04A22.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-ED8FECE8.pf
- \windows\prefetch\RUNTIMEBROKER.EXE-F8426C97.pf
- \windows\prefetch\SAKURA.EXE-54581824.pf
- \windows\prefetch\SAKURA.EXE-D9F8CF46.pf
- \windows\prefetch\SC.EXE-6C4D4413.pf
- \windows\prefetch\SCHTASKS.EXE-8B6144A9.pf
- \windows\prefetch\SCREENCLIPPINGHOST.EXE-B4730BB7.pf
- \windows\prefetch\SCRNSAVE.SCR-7FD4581C.pf
- \windows\prefetch\SDBINST.EXE-49E8B208.pf
- \windows\prefetch\SDCLT.EXE-94EAE077.pf
- \windows\prefetch\SDXHELPER.EXE-832215EB.pf
- \windows\prefetch\SEARCHFILTERHOST.EXE-44162447.pf
- \windows\prefetch\SEARCHHOST.EXE-37F797A7.pf
- \windows\prefetch\SEARCHHOST.EXE-84184E5A.pf
- \windows\prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf
- \windows\prefetch\SECHEALTHUI.EXE-B9177306.pf
- \windows\prefetch\SECOCL64.EXE-A59BCE94.pf
- \windows\prefetch\SECURITYHEALTHHOST.EXE-24B3192D.pf
- \windows\prefetch\SESSIONMSG.EXE-DACE45E4.pf
- \windows\prefetch\SETUP.EXE-01781A4D.pf
- \windows\prefetch\SETUP.EXE-C7B3F182.pf
- \windows\prefetch\SETUP.EXE-C85A2422.pf
- \windows\prefetch\SETUP.EXE-E833F328.pf
- \windows\prefetch\SHELLEXPERIENCEHOST.EXE-C2195C26.pf
- \windows\prefetch\SHELLEXPERIENCEHOST.EXE-DEF0EE03.pf
- \windows\prefetch\SIHCLIENT.EXE-98C47F6C.pf
- \windows\prefetch\SIHOST.EXE-115B507F.pf
- \windows\prefetch\SMARTSCREEN.EXE-EACC1250.pf
- \windows\prefetch\SMSS.EXE-B5B810DB.pf
- \windows\prefetch\SNIPPINGTOOL.EXE-10CE5977.pf
- \windows\prefetch\SP135986.EXE-315310C1.pf
- \windows\prefetch\SP140894.EXE-954BAA83.pf
- \windows\prefetch\SP142246.EXE-680732F8.pf
- \windows\prefetch\SP142596.EXE-E64216C8.pf
- \windows\prefetch\SP143435.EXE-C7E2F80D.pf
- \windows\prefetch\SP143863.EXE-D58D138E.pf
- \windows\prefetch\SP144077.EXE-56FEC7A4.pf
- \windows\prefetch\SP144854.EXE-5A152F43.pf
- \windows\prefetch\SP144855.EXE-6D6AE9C8.pf
- \windows\prefetch\SP144858.EXE-A76C1957.pf
- \windows\prefetch\SP144871.EXE-EAF8E22E.pf
- \windows\prefetch\SP144878.EXE-7250FBD1.pf
- \windows\prefetch\SP145033.EXE-4A82EB09.pf
- \windows\prefetch\SP145113.EXE-009D97C4.pf
- \windows\prefetch\SP145181.EXE-A0133B65.pf
- \windows\prefetch\SP145190.EXE-F22FF21D.pf
- \windows\prefetch\SP145229.EXE-5B11F754.pf
- \windows\prefetch\SP145244.EXE-C54A3535.pf
- \windows\prefetch\SP145247.EXE-FF4B64C4.pf
- \windows\prefetch\SP145258.EXE-78139086.pf
- \windows\prefetch\SP145265.EXE-A384D234.pf
- \windows\prefetch\SP145593.EXE-302F5E80.pf
- \windows\prefetch\SP146068.EXE-EF601443.pf
- \windows\prefetch\SPPSVC.EXE-96070FE0.pf
- \windows\prefetch\SSMS-SETUP-JPN.EXE-18B43877.pf
- \windows\prefetch\SSMS-SETUP-JPN.EXE-5B6D4FAB.pf
- \windows\prefetch\SSMS-SETUP-JPN.EXE-E6624E43.pf
- \windows\prefetch\SSMS.EXE-CA539C62.pf
- \windows\prefetch\STARTMENUEXPERIENCEHOST.EXE-1C8F8566.pf
- \windows\prefetch\STARTMENUEXPERIENCEHOST.EXE-D312A6ED.pf
- \windows\prefetch\STRINGS64.EXE-0F0832E9.pf
- \windows\prefetch\SVCHOST.EXE-01835A6F.pf
- \windows\prefetch\SVCHOST.EXE-04F9721C.pf
- \windows\prefetch\SVCHOST.EXE-08C6BA40.pf
- \windows\prefetch\SVCHOST.EXE-095DAA47.pf
- \windows\prefetch\SVCHOST.EXE-11AB1B09.pf
- \windows\prefetch\SVCHOST.EXE-13F320D8.pf
- \windows\prefetch\SVCHOST.EXE-1720D045.pf
- \windows\prefetch\SVCHOST.EXE-2966B4A5.pf
- \windows\prefetch\SVCHOST.EXE-33688AA3.pf
- \windows\prefetch\SVCHOST.EXE-37EAFCB7.pf
- \windows\prefetch\SVCHOST.EXE-38073981.pf
- \windows\prefetch\SVCHOST.EXE-4F124DD2.pf
- \windows\prefetch\SVCHOST.EXE-50678ECF.pf
- \windows\prefetch\SVCHOST.EXE-55FAA779.pf
- \windows\prefetch\SVCHOST.EXE-62D06512.pf
- \windows\prefetch\SVCHOST.EXE-665D6AC1.pf
- \windows\prefetch\SVCHOST.EXE-6D6FB3A1.pf
- \windows\prefetch\SVCHOST.EXE-742F05E7.pf
- \windows\prefetch\SVCHOST.EXE-7C9048C0.pf
- \windows\prefetch\SVCHOST.EXE-81AAAF11.pf
- \windows\prefetch\SVCHOST.EXE-896DA91F.pf
- \windows\prefetch\SVCHOST.EXE-8DEB759B.pf
- \windows\prefetch\SVCHOST.EXE-A6BEC3E5.pf
- \windows\prefetch\SVCHOST.EXE-A8430D57.pf
- \windows\prefetch\SVCHOST.EXE-B3FAF098.pf
- \windows\prefetch\SVCHOST.EXE-C7EA5441.pf
- \windows\prefetch\SVCHOST.EXE-CF7F3D22.pf
- \windows\prefetch\SVCHOST.EXE-D6B33546.pf
- \windows\prefetch\SVCHOST.EXE-DBEA1684.pf
- \windows\prefetch\SVCHOST.EXE-DF2A1E5C.pf
- \windows\prefetch\SVCHOST.EXE-E52BF17C.pf
- \windows\prefetch\SYNAPTICSFPSENSORSSETUP.EXE-48D21C6E.pf
- \windows\prefetch\SYNAPTICSFPSENSORSSETUP.EXE-EEFE397B.pf
- \windows\prefetch\SYSTEMPROPERTIESADVANCED.EXE-27792BE5.pf
- \windows\prefetch\SYSTEMPROPERTIESCOMPUTERNAME.-449B662F.pf
- \windows\prefetch\SYSTEMSETTINGS.EXE-084BB8F9.pf
- \windows\prefetch\SYSTEMSETTINGSADMINFLOWS.EXE-F74198E7.pf
- \windows\prefetch\TABTIP.EXE-9740CA06.pf
- \windows\prefetch\TASKHOSTW.EXE-2E5D4B75.pf
- \windows\prefetch\TASKLIST.EXE-F58BCF08.pf
- \windows\prefetch\TASKMGR.EXE-4C8500BA.pf
- \windows\prefetch\TEAMS.EXE-89FB6797.pf
- \windows\prefetch\TEAMS.EXE-BC76CFE2.pf
- \windows\prefetch\TEAMS.EXE-BE9D1479.pf
- \windows\prefetch\TEAMS.EXE-C261B59C.pf
- \windows\prefetch\TEAMS.EXE-C51724CE.pf
- \windows\prefetch\TEAMS.EXE-DB8C791E.pf
- \windows\prefetch\TEXTINPUTHOST.EXE-2E734419.pf
- \windows\prefetch\TEXTINPUTHOST.EXE-7A93FACC.pf
- \windows\prefetch\TIME.EXE-816CCA0C.pf
- \windows\prefetch\TIWORKER.EXE-1BA3E640.pf
- \windows\prefetch\TRELLIXSMARTINSTALL.EXE-9F12B644.pf
- \windows\prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf
- \windows\prefetch\UNIXTIME_CONVERTER.EXE-8EC5209F.pf
- \windows\prefetch\UNIXTIME_CONVERTER.EXE-C969AA08.pf
- \windows\prefetch\UPDATE.EXE-24A0AB9C.pf
- \windows\prefetch\UPDATE.EXE-4B7F5BC9.pf
- \windows\prefetch\UPDATERUI.EXE-53635BE0.pf
- \windows\prefetch\UPFC.EXE-89D4FAEB.pf
- \windows\prefetch\USBPROTECT.EXE-C3E0AF99.pf
- \windows\prefetch\VCREDIST_X86.EXE-05D51F56.pf
- \windows\prefetch\VC_REDIST.X64.EXE-45C61766.pf
- \windows\prefetch\VC_REDIST.X64.EXE-6ECDE2CF.pf
- \windows\prefetch\VC_REDIST.X64.EXE-78220BF8.pf
- \windows\prefetch\VC_REDIST.X64.EXE-DE357759.pf
- \windows\prefetch\VC_REDIST.X64.EXE-F8D00647.pf
- \windows\prefetch\VMCONNECT.EXE-F081122E.pf
- \windows\prefetch\VSSVC.EXE-6C8F0C66.pf
- \windows\prefetch\VSTA_SETUP_2019.EXE-8B59E0CF.pf
- \windows\prefetch\WAASMEDICAGENT.EXE-21F161ED.pf
- \windows\prefetch\WINDOWSTERMINAL.EXE-A7D25E24.pf
- \windows\prefetch\WINLOGON.EXE-DEDDC9B6.pf
- \windows\prefetch\WINMERGEU.EXE-47773F4B.pf
- \windows\prefetch\WINSAT.EXE-C345C80B.pf
- \windows\prefetch\WINWORD.EXE-AB6EC2FA.pf
- \windows\prefetch\WIRESHARK.EXE-8B9A9C55.pf
- \windows\prefetch\WIRESHARKPORTABLE64.EXE-0D98F2CF.pf
- \windows\prefetch\WIRESHARKPORTABLE64.EXE-82321314.pf
- \windows\prefetch\WLRMDR.EXE-A7C36FDD.pf
- \windows\prefetch\WMIAPSRV.EXE-FC8436DD.pf
- \windows\prefetch\WMIPRVSE.EXE-39F97B2D.pf
- \windows\prefetch\WMIPRVSE.EXE-E8B8DD29.pf
- \windows\prefetch\WORDPAD.EXE-942EAA71.pf
- \windows\prefetch\WSCRIPT.EXE-3FF4D889.pf
- \windows\prefetch\WT.EXE-3C10ABC0.pf
- \windows\prefetch\WWAHOST.EXE-258E4086.pf
- \windows\prefetch\WWAHOST.EXE-9B4C13C4.pf
- \windows\prefetch\XBOXPCAPP.EXE-A8A2724D.pf

155963 - Windows Printer Driver Enumeration
-
Synopsis
Nessus was able to enumerate one or more of the printer drivers on the remote host.
Description
Nessus was able to enumerate one or more of the printer drivers on the remote host via WMI.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2021/12/09, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


--- Microsoft enhanced Point and Print compatibility driver ---

Nessus detected 2 installs of Microsoft enhanced Point and Print compatibility driver:

Path : C:\windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.22621.1928
Supported Platform : Windows x64

Path : C:\windows\system32\spool\DRIVERS\W32X86\3\mxdwdrv.dll
Version : 10.0.22621.1928
Supported Platform : Windows NT x86

--- Remote Desktop Easy Print ---

Path : C:\windows\system32\spool\DRIVERS\x64\3\mxdwdrv.dll
Version : 10.0.22621.1
Supported Platform : Windows x64

--- Microsoft Print To PDF ---

Path : C:\windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_0234ee61ba44613e\Amd64\mxdwdrv.dll
Version : 10.0.22621.1
Supported Platform : Windows x64

--- Send to Microsoft OneNote 16 Driver ---

Path : C:\windows\System32\DriverStore\FileRepository\ntprint.inf_amd64_0234ee61ba44613e\Amd64\mxdwdrv.dll
Version : 16.0.7629.4000
Supported Platform : Windows x64
63620 - Windows Product Key Retrieval
-
Synopsis
This plugin retrieves the Windows Product key of the remote Windows host.
Description
Using the supplied credentials, Nessus was able to obtain the retrieve the Windows host's partial product key'.
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2013/01/18, Modified: 2013/01/18
Plugin Output

tcp/445/cifs


Product key : XXXXX-XXXXX-XXXXX-XXXXX-JXC2T

Note that all but the final portion of the key has been obfuscated.
160576 - Windows Services Registry ACL
-
Synopsis
Checks Windows Registry for Service ACLs
Description
Checks Windows Registry for Service ACLs.
Solution
N/A
Risk Factor
None
Plugin Information
Published: 2022/05/05, Modified: 2024/01/15
Plugin Output

tcp/445/cifs

report output too big - ending list here

85736 - Windows Store Application Enumeration
-
Synopsis
It is possible to obtain the list of applications installed from the Windows Store.
Description
This plugin connects to the remote Windows host with the supplied credentials and uses WMI and Powershell to enumerate applications installed on the host from the Windows Store.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2015/09/02, Modified: 2024/03/26
Plugin Output

tcp/445/cifs


-1527c705-839a-4832-9118-54d4Bd6a0c89
Version : 10.0.19640.1000
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FilePicker_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-c5e2524a-ea46-4f67-841f-6a9465d9d515
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.FileExplorer_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-E2A4F912-2574-4A75-9BB0-0D023378592B
Version : 10.0.19640.1000
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppResolverUX_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-F46D4000-FD22-4DB4-AC8E-4E1DDDE828FE
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AddSuggestedFoldersToLibraryDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AAD.BrokerPlugin
Version : 1000.19580.1000.0
InstallLocation : C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AccountsControl
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.AsyncTextService
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.AsyncTextService_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.BioEnrollment
Version : 10.0.19587.1000
InstallLocation : C:\Windows\SystemApps\Microsoft.BioEnrollment_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.CredDialogHost
Version : 10.0.19595.1001
InstallLocation : C:\Windows\SystemApps\microsoft.creddialoghost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.ECApp
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.LockApp
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.MicrosoftEdgeDevToolsClient
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdgeDevToolsClient_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.CBS
Version : 8.2206.15001.0
InstallLocation : C:\Windows\SystemApps\Microsoft.UI.Xaml.CBS_8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Win32WebViewHost
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Win32WebViewHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Apprep.ChxApp
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.AssignedAccessLockApp
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.AssignedAccessLockApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CallingShellApp
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CallingShellApp_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CapturePicker
Version : 10.0.19580.1000
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CapturePicker_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.CloudExperienceHost
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.ContentDeliveryManager
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.NarratorQuickStart
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\microsoft.windows.narratorquickstart_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.OOBENetworkCaptivePortal
Version : 10.0.21302.1000
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkCaptivePortal_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.OOBENetworkConnectionFlow
Version : 10.0.21302.1000
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.OOBENetworkConnectionFlow_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.ParentalControls
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\ParentalControls_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PeopleExperienceHost
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PeopleExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PinningConfirmationDialog
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PinningConfirmationDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.PrintQueueActionCenter
Version : 1.0.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.PrintQueueActionCenter_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.XGpuEjectDialog
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.XGpuEjectDialog_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.XboxGameCallableUI
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\Microsoft.XboxGameCallableUI_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-MicrosoftWindows.UndockedDevKit
Version : 10.0.22621.1
InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.UndockedDevKit_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-NcsiUwpApp
Version : 1000.22621.1.0
InstallLocation : C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.CBSPreview
Version : 10.0.19580.1000
InstallLocation : C:\Windows\SystemApps\Windows.CBSPreview_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-windows.immersivecontrolpanel
Version : 10.0.6.1000
InstallLocation : C:\Windows\ImmersiveControlPanel
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Windows.PrintDialog
Version : 6.2.2.0
InstallLocation : C:\Windows\PrintDialog
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.2.4
Version : 2.42007.9001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VCLibs.140.00.UWPDesktop
Version : 14.0.30704.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.30704.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Runtime.2.2
Version : 2.2.28604.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Framework.2.2
Version : 2.2.29512.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.MPEG2VideoExtension
Version : 1.0.50901.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.MPEG2VideoExtension_1.0.50901.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Framework.2.1
Version : 2.1.27427.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.1_2.1.27427.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Framework.2.1
Version : 2.1.27427.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.1_2.1.27427.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Framework.2.2
Version : 2.2.29512.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.2.2_2.2.29512.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Runtime.2.1
Version : 2.1.26424.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.1_2.1.26424.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Runtime.2.1
Version : 2.1.26424.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.1_2.1.26424.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Runtime.2.2
Version : 2.2.28604.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.2.2_2.2.28604.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VCLibs.140.00.UWPDesktop
Version : 14.0.30704.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.30704.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.Photos
Version : 21.21030.25003.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Windows.Photos_21.21030.25003.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsAlarms
Version : 11.2202.24.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_11.2202.24.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-MicrosoftCorporationII.MicrosoftFamily
Version : 0.1.28.0
InstallLocation : C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.1.28.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Runtime.1.4
Version : 1.4.24201.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Framework.1.3
Version : 1.3.24211.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24211.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.HPDesktopSupportUtilities
Version : 7.0.7.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPDesktopSupportUtilities_7.0.7.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.UI.Xaml.2.7
Version : 7.2208.15002.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.2.7
Version : 7.2208.15002.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.7_7.2208.15002.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VCLibs.140.00
Version : 14.0.32530.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VCLibs.140.00
Version : 14.0.32530.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00_14.0.32530.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsAppRuntime.1.2
Version : 2000.802.31.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsStore
Version : 22306.1401.1.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsStore_22306.1401.1.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsAppRuntime.1.2
Version : 2000.802.31.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.2_2000.802.31.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VCLibs.140.00.UWPDesktop
Version : 14.0.32530.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VCLibs.140.00.UWPDesktop
Version : 14.0.32530.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VCLibs.140.00.UWPDesktop_14.0.32530.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-MicrosoftWindows.Client.WebExperience
Version : 423.13900.0.0
InstallLocation : C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy
Architecture : X64
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.ScreenSketch
Version : 11.2303.17.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.ScreenSketch_11.2303.17.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Paint
Version : 11.2302.19.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Paint_11.2302.19.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.2.8
Version : 8.2306.22001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2306.22001.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.2.8
Version : 8.2306.22001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.8_8.2306.22001.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.ZuneMusic
Version : 11.2305.4.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2305.4.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.ZuneVideo
Version : 10.22091.10041.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10041.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AppUp.IntelGraphicsExperience
Version : 1.100.5131.0
InstallLocation : C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5131.0_x64__8j3eq9eme6ctt
Architecture : X64
Publisher : CN=EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3

-NVIDIACorp.NVIDIAControlPanel
Version : 8.1.964.0
InstallLocation : C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.964.0_x64__56jybvy8sckqj
Architecture : X64
Publisher : CN=D6816951-877F-493B-B4EE-41AB9419C326

-Microsoft.UI.Xaml.2.3
Version : 2.32002.13001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.3_2.32002.13001.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Framework.1.3
Version : 1.3.24211.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.3_1.3.24211.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.NET.Native.Runtime.1.4
Version : 1.4.24201.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.4_1.4.24201.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.2.4
Version : 2.42007.9001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.UI.Xaml.2.4_2.42007.9001.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsAppRuntime.1.3
Version : 3000.882.2207.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsAppRuntime.1.3
Version : 3000.882.2207.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsAppRuntime.1.3_3000.882.2207.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Services.Store.Engagement
Version : 10.0.23012.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.23012.0_x86__8wekyb3d8bbwe
Architecture : X86
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Services.Store.Engagement
Version : 10.0.23012.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Services.Store.Engagement_10.0.23012.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.HPPCHardwareDiagnosticsWindows
Version : 2.3.0.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.3.0.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.Getstarted
Version : 10.2306.0.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Getstarted_10.2306.0.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Todos
Version : 2.100.61791.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Todos_2.100.61791.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.myHP
Version : 25.52328.396.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.myHP_25.52328.396.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.DesktopAppInstaller
Version : 1.20.1881.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.20.1881.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.StorePurchaseApp
Version : 22305.1401.5.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22305.1401.5.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsNotepad
Version : 11.2305.18.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2305.18.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-microsoft.windowscommunicationsapps
Version : 16005.14326.21508.0
InstallLocation : C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21508.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.BingNews
Version : 4.55.51901.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingNews_4.55.51901.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.PowerAutomateDesktop
Version : 10.0.7204.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.PowerAutomateDesktop_10.0.7204.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.BingWeather
Version : 4.53.51922.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.BingWeather_4.53.51922.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.YourPhone
Version : 1.23052.123.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23052.123.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.GamingApp
Version : 2307.1001.5.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.GamingApp_2307.1001.5.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AppUp.ThunderboltControlCenter
Version : 1.0.36.0
InstallLocation : C:\Program Files\WindowsApps\AppUp.ThunderboltControlCenter_1.0.36.0_x64__8j3eq9eme6ctt
Architecture : X64
Publisher : CN=EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3

-RealtekSemiconductorCorp.HPAudioControl
Version : 2.41.289.0
InstallLocation : C:\Program Files\WindowsApps\RealtekSemiconductorCorp.HPAudioControl_2.41.289.0_x64__dt26b99r8h8gj
Architecture : X64
Publisher : CN=83564403-0B26-46B8-9D84-040F43691D31

-Microsoft.MicrosoftEdge.Stable
Version : 115.0.1901.183
InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftEdge.Stable_115.0.1901.183_neutral__8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AppUp.IntelManagementandSecurityStatus
Version : 2253.4.4.0
InstallLocation : C:\Program Files\WindowsApps\AppUp.IntelManagementandSecurityStatus_2253.4.4.0_x64__8j3eq9eme6ctt
Architecture : X64
Publisher : CN=EB51A5DA-0E72-4863-82E4-EA21C1F8DFE3

-Microsoft.SecHealthUI
Version : 1000.25873.9001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.SecHealthUI_1000.25873.9001.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.UI.Xaml.CBS
Version : 8.2207.29001.0
InstallLocation : C:\Windows\SystemApps\Microsoft.UI.Xaml.CBS_8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-MicrosoftWindows.Client.Core
Version : 1000.22635.1000.0
InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.Client.Core_cw5n1h2txyewy
Architecture : X64
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.MicrosoftEdge
Version : 44.22621.1992.0
InstallLocation : C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.SecureAssessmentBrowser
Version : 10.0.22621.900
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.ShellExperienceHost
Version : 10.0.22621.1778
InstallLocation : C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Windows.StartMenuExperienceHost
Version : 10.0.22621.1928
InstallLocation : C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy
Architecture : Neutral
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-MicrosoftWindows.Client.CBS
Version : 1000.22644.1000.0
InstallLocation : C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy
Architecture : X64
Publisher : CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.LanguageExperiencePackja-JP
Version : 22621.26.135.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.LanguageExperiencePackja-JP_22621.26.135.0_neutral__8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.HEVCVideoExtension
Version : 2.0.61591.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.HEVCVideoExtension_2.0.61591.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.MicrosoftStickyNotes
Version : 4.6.0.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_4.6.0.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsFeedbackHub
Version : 1.2304.1243.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsFeedbackHub_1.2304.1243.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.VP9VideoExtensions
Version : 1.0.61591.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.61591.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsTerminal
Version : 1.17.11461.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.17.11461.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.549981C3F5F10
Version : 4.2204.13303.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Xbox.TCUI
Version : 1.24.10001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Xbox.TCUI_1.24.10001.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WebMediaExtensions
Version : 1.0.61591.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebMediaExtensions_1.0.61591.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsSoundRecorder
Version : 11.2304.25.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsSoundRecorder_11.2304.25.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.RawImageExtension
Version : 2.1.61661.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.RawImageExtension_2.1.61661.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.MicrosoftOfficeHub
Version : 18.2305.1222.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2305.1222.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.HEIFImageExtension
Version : 1.0.61171.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.HEIFImageExtension_1.0.61171.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.Whiteboard
Version : 53.10510.531.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.Whiteboard_53.10510.531.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Clipchamp.Clipchamp
Version : 2.6.2.0
InstallLocation : C:\Program Files\WindowsApps\Clipchamp.Clipchamp_2.6.2.0_neutral__yxz26nhyzhsrt
Architecture : Neutral
Publisher : CN=33F0F141-36F3-4EC2-A77D-51B53D0BA0E4

-AD2F1837.HPSupportAssistant
Version : 9.27.63.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.27.63.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.XboxIdentityProvider
Version : 12.95.3001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxIdentityProvider_12.95.3001.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WebpImageExtension
Version : 1.0.52351.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WebpImageExtension_1.0.52351.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.HPEasyClean
Version : 2.2.5.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPEasyClean_2.2.5.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.XboxSpeechToTextOverlay
Version : 1.21.13002.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxSpeechToTextOverlay_1.21.13002.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.HPPrivacySettings
Version : 1.2.74.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.2.74.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.XboxGameOverlay
Version : 1.54.4001.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxGameOverlay_1.54.4001.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsCalculator
Version : 11.2210.0.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsMaps
Version : 11.2303.5.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsMaps_11.2303.5.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.People
Version : 10.2202.31.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.People_10.2202.31.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-MicrosoftCorporationII.QuickAssist
Version : 2.0.21.0
InstallLocation : C:\Program Files\WindowsApps\MicrosoftCorporationII.QuickAssist_2.0.21.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.GetHelp
Version : 10.2303.10961.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.GetHelp_10.2303.10961.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.HPQuickDrop
Version : 2.5.10921.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-Microsoft.XboxGamingOverlay
Version : 5.823.3261.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_5.823.3261.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.MicrosoftSolitaireCollection
Version : 4.16.3140.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.16.3140.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.WindowsCamera
Version : 2023.2305.4.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.WindowsCamera_2023.2305.4.0_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-Microsoft.OneDriveSync
Version : 23142.709.1.0
InstallLocation : C:\Program Files\WindowsApps\Microsoft.OneDriveSync_23142.709.1.0_neutral__8wekyb3d8bbwe
Architecture : Neutral
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

-AD2F1837.HPDisplayCenter
Version : 1.0.67.0
InstallLocation : C:\Program Files\WindowsApps\AD2F1837.HPDisplayCenter_1.0.67.0_x64__v10z8vjag6ke6
Architecture : X64
Publisher : CN=ED346674-0FA1-4272-85CE-3187C9C86E26

-MicrosoftTeams
Version : 23306.3309.2530.1346
InstallLocation : C:\Program Files\WindowsApps\MicrosoftTeams_23306.3309.2530.1346_x64__8wekyb3d8bbwe
Architecture : X64
Publisher : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

92438 - WordPad History
-
Synopsis
Nessus was able to gather WordPad opened file history on the remote host.
Description
Nessus was able to generate a report of files opened in WordPad on the remote host.
See Also
Solution
n/a
Risk Factor
None
Plugin Information
Published: 2016/07/19, Modified: 2018/05/23
Plugin Output

tcp/0

C:\Users\Administrator.EMSOCCS1\Desktop\ة­هلَب.rtf

WordPad report attached.
Compliance 'FAILED'
Compliance 'SKIPPED'
Compliance 'PASSED'
Compliance 'INFO', 'WARNING', 'ERROR'
Remediations
Suggested Remediations
Taking the following actions across 1 hosts would resolve 50% of the vulnerabilities on the network.
Action to take Vulns Hosts
Microsoft Edge (Chromium) < 123.0.2420.97 Multiple Vulnerabilities: Upgrade to Microsoft Edge version 123.0.2420.97 or later. 181 1
Adobe Acrobat < 20.005.30574 / 23.008.20533 Multiple Vulnerabilities (APSB24-07): Upgrade to Adobe Acrobat version 20.005.30574 / 23.008.20533 or later. 62 1
Security Updates for Microsoft SQL Server OLE DB Driver (April 2024): Microsoft has released security updates for the Microsoft SQL OLE DB Driver. 33 1
Security Updates for Microsoft SQL Server ODBC Driver (April 2024): Microsoft has released security updates for the Microsoft SQL Driver. 21 1
Microsoft Teams < 1.6.0.18681 RCE: Upgrade to Microsoft Teams 1.6.0.18681 or later. 16 1
Security Updates for Microsoft .NET Framework (April 2024): Microsoft has released security updates for Microsoft .NET Framework. 15 1
Security Updates for Microsoft Office Products C2R (February 2024): For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 13 1
Install KB5036893 9 1
Security Updates for Microsoft Excel Products C2R Information Disclosure (November 2023): For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 5 1
Security Updates for Microsoft Word Products C2R (February 2024): For Office 365, Office 2016 C2R, or Office 2019, ensure automatic updates are enabled or open any office app and manually perform an update. 4 1
Install KB5029921 1 1
Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039): Upgrade Curl to version 8.3.0 or later 1 1
Microsoft Azure Data Studio < 1.48.0 Elevation of Privilege Vulnerability (CVE-2024-26203): Upgrade to Microsoft Azure Data Studio version 1.48.0 or later. 0 1
© 2024 Tenable™, Inc. All rights reserved.